[Freeipa-devel] [PATCH] 369 Added CLI param and ACL for vault service operations.
Endi Sukma Dewata
edewata at redhat.com
Tue Aug 4 15:32:18 UTC 2015
On 8/4/2015 8:51 AM, Martin Kosek wrote:
>>>> Please also note that my next patch that adds the ability to change vault type,
>>>> password, and keys will also require a client upgrade because the functionality
>>>> is mainly implemented on the client side. In this case API URL versioning will
>>>> be necessary.
>>>
>>> Adding new commands and/or attributes is a common thing in FreeIPA. We just do
>>> the work, bump the minor API version and that's it. We planned having better
>>> version support in FreeIPA 4.4, we will see how it goes.
>>
>> Martin, I do not think going on with business as usual is the right
>> thing to do here. We know this is going to bite.
>> I suggest Endy adds a *new* API if making it backwards compatible is not
>> possible. The era of bumping whole API version must stop, the sooner the
>> better.
>
> My point is that we do not know yet how to do this kind of changes long term.
> So what I did not want to end up are 2 copy&pasted Vault plugins maintained
> forever, differing in just that.
>
> If you know how to do this without copypasting, I will be fine with that.
We probably can do it like this:
* the old plugin continues to provide Vault 1.0 functionality
* the new plugin will be a proxy to the old plugin except for the parts
that have changed in Vault 1.1.
Or the other way around:
* the new plugin will provide Vault 1.1 functionality
* the old plugin will be a proxy to the new plugin except for the parts
that needs to be maintained for Vault 1.0.
The first option is probably safer.
In any case, IPA 4.2.1 will only provide a single client for Vault 1.1,
but two services for Vault 1.0 and 1.1.
--
Endi S. Dewata
More information about the Freeipa-devel
mailing list