[Freeipa-devel] [RANT] --setattr validation is a minefield.
Petr Spacek
pspacek at redhat.com
Tue Apr 10 16:43:05 UTC 2012
On 04/10/2012 05:31 PM, Petr Viktorin wrote:
> On 04/10/2012 05:03 PM, Jan Cholasta wrote:
>> On 04/10/2012 05:31 PM, Petr Viktorin wrote:
>>
>> tl;dr: --setattr work on IPA-managed attributes (with validation) is a
>> mistake.
+1
>> It adds no functionality, only complexity. We don't want people
>> to use it. It will cost us a lot of maintenance work to support.
>>
>
> I wholeheartedly agree.
I absolutely agree. Why we should write validation code twice?
But things are worse than only code duplicity:
Small differences between two versions of code lead to problems with
code maintenance and potentially add a lot of bugs.
Petr^2 Spacek
>> To be functionally complete, we should also add validated equivalents of
>> --{add,del}attr to *-mod commands for all multivalue params (think
>> --add-<param> and --del-<param> for each --<param>).
>>
>
> We need something like that anyway. Requiring users to learn raw LDAP
> attribute names and value encodings, which they'd need for --setattr, is
> suboptimal to say the least.
More information about the Freeipa-devel
mailing list