[Freeipa-devel] [RFE] Remove source hosts from HBAC
Petr Vobornik
pvoborni at redhat.com
Mon Apr 8 07:49:49 UTC 2013
On 04/05/2013 07:59 PM, Ana Krivokapic wrote:
> Hello list,
>
> I have been thinking about the possible implementation for a solution of
> ticket https://fedorahosted.org/freeipa/ticket/3528. There are several
> options:
>
> 1. Completely remove the commands and command options related to source
> hosts in HBAC. This might not be a good idea as it could cause problems
> for older clients.
>
> 2. Hide these commands/options from the web UI, but leave them in CLI.
> This would keep the API intact, but I don't like the idea of introducing
> inconsistencies between CLI and web UI.
>
> 3. Do not remove anything, but issue deprecation warnings. The user will
> see a warning when using these commands/options, but everything will
> still work.
>
> 4. Do not remove anything, but raise exceptions. This would effectively
> prevent the user from using these commands/options, as the exception
> will break the execution of a command.
>
> In any case, any reference to source hosts should be removed from help
> and documentation.
>
> I am leaning towards options 3 or 4.
>
> Thoughts, comments and ideas are welcome.
>
IMHO the main question is whether we want to deprecate it or remove it.
SSSD is deprecating it so I would go that way too.
#1 and #4 are basically a removal, #4 a bad one.
#2 is removal from Web UI perspective.
I would do #3 with some changes. In both Web UI and CLI there should be
clear label that the section/options are deprecated. We may introduce a
deprecated flag. With this change we don't have to show the warning. But
in CLI we might because user didn't had to read help beforehand.
--
Petr Vobornik
More information about the Freeipa-devel
mailing list