[Freeipa-devel] Structured DNS record API proposal

[Adam Tkac]

On 09/16/2011 02:25 PM, Martin Kosek wrote:
> On Fri, 2011-09-16 at 08:12 -0400, Simo Sorce wrote:
>> Whatever you do do not split this operation into a DEL+ADD, we want an
>> atomic modify operation in any case. as you do not want to have a race
>> where named may query the MX records and find them empty. That'd be much
>> worse than returning one of them outdated.
>>
>> This means whatever the API we need to support a way to add all values
>> at the same time. We can also have the more verbose API to make things
>> more understandable, but we need this "bulk" API for the WebUI IMHO.
> I agree, the change shouldn't be split to del+add. My proposed API:
>
> dnsrecord-mx-mod example.com --dnsrecord="1 mx1.example.com." --preference=0
>
> would do just one write to LDAP. Unfortunately, this is not so pretty
> for CLI, one would have to copy&paste raw DNS value to be able to edit
> its components, but it should be simple for WebUI. Right now, I don't
> see some better way.
>
I thought about this CLI proposal and it is definitely a good start. In
the future we can consider to improve the CLI this way, for example:

$ dnsrecord-mx-mod example.com --preference=0
Which record would you like to change?
[1] 1 mx1.example.com.
[2] 10 mx2.example.com.
$ <select the record>

This way will be more convenient for people which use CLI, especially
when we start to support DNSSEC and resource record types which store
certificates (CERT/SSHFP) get widely used. I doubt that someone likes
copying&pasting SHA* hashes and RSA signatures every time when some
record is modified.

Regards, Adam