[Freeipa-devel] [PATCH] ipa trust-add command should be interactive

Martin Kosek mkosek at redhat.com
Thu Jul 31 09:11:31 UTC 2014 

On 07/31/2014 10:47 AM, Jan Cholasta wrote:
> Dne 24.7.2014 v 00:15 Gabe Alford napsal(a):
>> Nope. Somehow in my head it felt cleaner. Updated patched attached.
>>
>>
>> On Wed, Jul 23, 2014 at 1:18 AM, Jan Cholasta <jcholast at redhat.com
>> <mailto:jcholast at redhat.com>> wrote:
>>
>>     On 23.7.2014 01:01, Gabe Alford wrote:
>>
>>         Forgot about --trust-secret. Here is an updated patch.
>>
>>
>>         On Mon, Jul 21, 2014 at 2:31 AM, Jan Cholasta
>>         <jcholast at redhat.com <mailto:jcholast at redhat.com>
>>         <mailto:jcholast at redhat.com <mailto:jcholast at redhat.com>>> wrote:
>>
>>              On 21.7.2014 10:28, Martin Kosek wrote:
>>
>>                  On 07/21/2014 09:56 AM, Jan Cholasta wrote:
>>
>>                      Hi,
>>
>>                      On 16.7.2014 05:48, Gabe Alford wrote:
>>
>>                          Hello,
>>
>>                          Adds AD admin and password to interactive commands.
>>         https://fedorahosted.org/____freeipa/ticket/3034
>>         <https://fedorahosted.org/__freeipa/ticket/3034>
>>
>>                          <https://fedorahosted.org/__freeipa/ticket/3034
>>         <https://fedorahosted.org/freeipa/ticket/3034>>
>>
>>                          Thanks,
>>
>>                          Gabe
>>
>>
>>                      I think that instead of making the parameters
>>         mandatory, you
>>                      should instead set
>>                      alwaysask=True on them.
>>
>>                      Honza
>>
>>
>>                  Trust can be established either with user+password
>>         options OR with
>>                  --trust-secret option - i.e. you cannot use mandatory
>>         options
>>                  nor alwaysask.
>>
>>
>>              Ah, right.
>>
>>
>>
>>                  This would rather lead to interactive_prompt_callback
>>         checking
>>                  if any of
>>                  authentication method is passed and asking for them if
>>         they aren't.
>>
>>
>>              +1
>>
>>
>>                  Martin
>>
>>
>>
>>              --
>>              Jan Cholasta
>>
>>
>>
>>     I don't think using an extra function to update a value in a
>>     dictionary is very beneficial, is there a reason not to use "kw[X] =
>>     self.prompt_param(self.params[__X])" directly?
>>
>>     --
>>     Jan Cholasta
>>
>>
> 
> Thanks, ACK.

Sorry for going late in the game, just a quick question - why do we want to add
this part:

+        if trust_type is None:
+            kw['trust_type'] = self.prompt_param(self.params['trust_type'])

? I do not see a reason for adding a special interactive prompt callback for
that - trust_type has a default value "ad". CCing Alexander to double check.

Thanks,
Martin

More information about the Freeipa-devel mailing list