Add an acl history function to the server backend and the client

documentation and test it.  Update NEWS and TODO for the completion of
the history code.

5 files changed, 39 insertions, 5 deletions

diff --git a/NEWS b/NEWS
index dc4f866..8c212eb 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,8 @@
 
 wallet 0.3 (unreleased)
 
+    Add support for displaying the history of objects and ACLs.
+
     The keytab backend now supports limiting generated keytabs to
     particular enctypes by setting an attribute on the object.
 
diff --git a/TODO b/TODO
index 8cbc6d9..4ed44c3 100644
--- a/TODO
+++ b/TODO
@@ -12,10 +12,6 @@ Minimum required to replace leland_srvtab:
 
 Release 0.3:
 
-* Provide some way of getting at the history tables.  Need to get object
-  and ACL history either by object or for all objects, at least.  Global
-  history should be by timestamp and possibly limit by timestamp.
-
 * Log all server actions to syslog.
 
 * Write the NetDB ACL verifier.
@@ -114,6 +110,8 @@ Future work:
 * Support displaying and possibly specifying dates in some format more
   normal than seconds since epoch.
 
+* Support limiting returned history information by timestamp.
+
 * There is a lot of duplicate code in wallet-backend.  Convert that to
   use some sort of data-driven model with argument count and flags so
   that the method calls can be written only once.
diff --git a/client/wallet.pod b/client/wallet.pod
index 957cd24..779e691 100644
--- a/client/wallet.pod
+++ b/client/wallet.pod
@@ -155,6 +155,14 @@ Destroy the ACL <id>.  This ACL must no longer be referenced by any object
 or the ACL destruction will fail.  The special ACL named C<ADMIN> cannot
 be destroyed.
 
+=item acl history <id>
+
+Display the history of the ACL <id>.  Each change to the ACL (not
+including changes to the name of the ACL) will be represented by two
+lines.  The first line will have a timestamp of the change followed by a
+description of the change, and the second line will give the user who made
+the change and the host from which the change was mde.
+
 =item acl remove <id> <scheme> <identifier>
 
 Remove the entry with <scheme> and <identifier> from the ACL <id>.  <id>
diff --git a/server/wallet-backend b/server/wallet-backend
index 3f84ecd..ceb5b84 100755
--- a/server/wallet-backend
+++ b/server/wallet-backend
@@ -71,6 +71,14 @@ sub command {
         } elsif ($action eq 'destroy') {
             check_args (1, 1, [], @args);
             $server->acl_destroy (@args) or die $server->error;
+        } elsif ($action eq 'history') {
+            check_args (1, 1, [], @args);
+            my $output = $server->acl_history (@args);
+            if (defined $output) {
+                print $output;
+            } else {
+                die $server->error;
+            }
         } elsif ($action eq 'remove') {
             check_args (3, 3, [], @args);
             $server->acl_remove (@args) or die $server->error;
@@ -271,6 +279,14 @@ Destroy the ACL <id>.  This ACL must no longer be referenced by any object
 or the ACL destruction will fail.  The special ACL named C<ADMIN> cannot
 be destroyed.
 
+=item acl history <id>
+
+Display the history of the ACL <id>.  Each change to the ACL (not
+including changes to the name of the ACL) will be represented by two
+lines.  The first line will have a timestamp of the change followed by a
+description of the change, and the second line will give the user who made
+the change and the host from which the change was mde.
+
 =item acl remove <id> <scheme> <identifier>
 
 Remove the entry with <scheme> and <identifier> from the ACL <id>.  <id>
diff --git a/tests/server/backend-t.in b/tests/server/backend-t.in
index 85fb0ce..761b1ef 100644
--- a/tests/server/backend-t.in
+++ b/tests/server/backend-t.in
@@ -9,7 +9,7 @@
 
 use strict;
 use IO::String;
-use Test::More tests => 802;
+use Test::More tests => 812;
 
 # Create a dummy class for Wallet::Server that prints what method was called
 # with its arguments and returns data for testing.
@@ -45,6 +45,13 @@ sub acl_remove
 sub acl_rename
     { shift; print "acl_rename @_\n"; ($_[0] eq 'error') ? undef : 1 }
 
+sub acl_history {
+    shift;
+    print "acl_history @_\n";
+    return if $_[0] eq 'error';
+    return 'acl_history';
+}
+
 sub acl_show {
     shift;
     print "acl_show @_\n";
@@ -190,6 +197,7 @@ my %commands = (create  => [2, 2],
 my %acl_commands = (add     => [3, 3],
                     create  => [1, 1],
                     destroy => [1, 1],
+                    history => [1, 1],
                     remove  => [3, 3],
                     rename  => [2, 2],
                     show    => [1, 1]);
@@ -331,6 +339,8 @@ for my $command (sort keys %acl_commands) {
     my $expected;
     if ($command eq 'show') {
         $expected = "$new\nacl_$command name$extra\nacl_show";
+    } elsif ($command eq 'history') {
+        $expected = "$new\nacl_$command name$extra\nacl_history";
     } else {
         $expected = "$new\nacl_$command name$extra\n";
     }