[Freeipa-devel] [RANT] --setattr validation is a minefield.
Martin Kosek
mkosek at redhat.com
Wed Apr 11 06:22:06 UTC 2012
On Tue, 2012-04-10 at 13:56 -0400, Dmitri Pal wrote:
> On 04/10/2012 01:48 PM, Rob Crittenden wrote:
[snip]
> The use case I would see is the extensibility. Say a customer wants to
> extend a schema and add an attribute X to the user object. He would
> still be able to manage users using CLI without writing a plugin for
> the new attribute. Yes plugin is preferred but not everybody would go
> for it. So in absence of the plugin we can't do validation but we still
> should function and be able to deal with this attribute via CLI (and UI
> if this attribute is enabled for UI via UI configuration).
>
> I am generally against dropping this interface. But expectations IMO
> should be:
> 1) If the attribute is managed by us with setattr and friends it should
> behave in the same way as via the direct add/mod/del command
> 2) If attribute is not managed it should not provide any guarantees and
> act in the same way as via LDAP
>
> Hope this helps.
I agree with your points, that's what I was trying to say in my
previous mail. I think that all the grief is caused by expectation 1)
which is broken with current setattr options. If we fix that (preferably
in 3.0), I would keep this API.
Martin
More information about the Freeipa-devel
mailing list