[Freeipa-devel] Client-side command in the IPA framework
Petr Spacek
pspacek at redhat.com
Fri Feb 28 14:32:16 UTC 2014
On 28.2.2014 15:25, Nathaniel McCallum wrote:
> On Fri, 2014-02-28 at 10:47 +0100, Petr Vobornik wrote:
>> On 28.2.2014 04:02, Rob Crittenden wrote:
>>> Alexander Bokovoy wrote:
>>>> On Thu, 27 Feb 2014, Nathaniel McCallum wrote:
>>>>> So the recent discussion on importing tokens led me to write a script to
>>>>> parse RFC 6030 xml files into IPA token data. This all works well. But
>>>>> now I need to integrate it into the IPA framework.
>>>>>
>>>>> This command will parse one or more xml files, creating a set of tokens
>>>>> to be added. Given that we already have otptoken-add on the server-side,
>>>>> it seems to me that all work needs to be done on the client-side. How do
>>>>> I create a new client-side command that calls existing server-side API?
>>>> subclass from frontend.Local, override run() or forward() method and
>>>> perform batch
>>>> operation of otptoken_add from there.
>>>>
>>>> See cli.help, for example.
>>>
>>> If you do an override, do forward() for cli-specific work.
>>>
>>> But you should do as little as possible for reasons you already stated:
>>> the UI. Anything you do in forward Petr will need to implement in the UI.
>>>
>>> Unfortunately we don't yet have a nice way to handle files. We have
>>> tickets open at https://fedorahosted.org/freeipa/ticket/1225 and
>>> https://fedorahosted.org/freeipa/ticket/2933
>>>
>>> If this file is something that would be pasted into a big text field
>>> then you can probably handle it in a similarly clumsy way that we do
>>> CSRs in the cert plugin.
>>>
>>> rob
>>
>> +1 for parsing it on server. Otherwise every client, not just CLI or Web
>> UI, would have to reimplement the same logic - having it on server will
>> support better integration with third party products.
>>
>> Parsing on client would be understandable if there was some middle step
>> which would require some action from user, i.e, pick only some tokens to
>> import.
>
> If we parse on the server side, how do we handle the long-running
> operation? Think of the case of importing hundreds or thousands of
> tokens...
My experience is that operation on server side can run for (at least) few
minutes without a problem. I haven't try longer periods but we can check that.
--
Petr^2 Spacek
More information about the Freeipa-devel
mailing list