[Freeipa-devel] Data source-agnostic parameters

[Jan Cholasta]

Hi,

while thinking about <https://fedorahosted.org/freeipa/ticket/2933>, I 
had an idea how to make loading data from files available for all 
parameters:

I think we can use URI-like strings in parameter values that the CLI 
would interpret and extract the wanted information from them (similar to 
what openssl does in the -pass command line option, see PASS PHRASE 
ARGUMENTS in openssl(1)).

So, instead of adding a new parameter as a file-accepting alternative to 
any existing parameter (i.e. what is suggested in the ticket), the user 
would be able to specify the file in a URI-like string:

(use new parameter --sshpubkeyfile)
$ ipa user-mod --sshpubkey="ssh-rsa AAAA ..."
$ ipa user-mod --sshpubkeyfile=.ssh/id_rsa.pub

vs.

(use file URI-like string)
$ ipa user-mod --sshpubkey="ssh-rsa AAAA ..."
$ ipa user-mod --sshpubkey=file:.ssh/id_rsa.pub

and the CLI would take care of reading the file and using its contents 
as the parameter value.

This could be extended with additional URI(-like) schemes:

   - data:<data> - use <data> as the value (useful for escaping values 
that look like URIs, but you don't want them to be treated as such)
   - base64:<data> - use the value of base64 decoded <data> (useful for 
--delattr on ugly raw binary values)
   - fd:<num> - read value from file descriptor <num>
   - env:<var> - read value from environment variable <var>
   - ask: - always prompt interactively for the value
   - default: - use default value, never prompt interactively

Thoughts?

Honza

-- 
Jan Cholasta