[Freeipa-devel] [PATCH] 267 Filter groups by type (normal, posix, external)
Martin Kosek
mkosek at redhat.com
Fri Mar 22 14:03:32 UTC 2013
On 03/21/2013 06:10 PM, Petr Vobornik wrote:
> On 03/21/2013 05:10 PM, Martin Kosek wrote:
>> On 03/16/2013 03:32 AM, Endi Sukma Dewata wrote:
>>> On 3/12/2013 11:28 AM, Petr Vobornik wrote:
>>>> Here's a patch for filtering groups by type.
>>>> Design page: http://www.freeipa.org/page/V3/Filtering_groups_by_type
>>>>
>>>> The interface is:
>>>>> StrEnum('type?',
>>>>> cli_name='type',
>>>>> label=_('Type'),
>>>>> doc=_('Group type'),
>>>>> values=(u'posix', u'normal', u'external'),
>>>>> ),
>>>>
>>>> I have two design questions.
>>>> 1. Is --type the right option name?
>>>
>>> Fine by me, it matches the label and description.
>>>
>>>> 2. Is `normal` the right name for non-posix, non-external group? The
>>>> default group type (when adding group) is posix. Should the name be
>>>> something else: `simple`, `plain`, `ordinary`?
>>>
>>> We also use 'normal' in the group adder dialog, so it's consistent. Other
>>> options are 'basic', 'standard', 'regular'.
>>>
>>>> I didn't want to create an option for each type. IMO it brings more
>>>> complexity.
>>>
>>> Maybe the group-add/mod command should use the same --type option?
>>>
>>>> https://fedorahosted.org/freeipa/ticket/3483
>>>
>>> ACK from me, but maybe others might have some comments.
>>>
>>
>> I am just thinking about if the new API is right. For example, when we add an
>> external group, we use ipa group-add --external. But when we search for
>> external groups, we suddenly use
>> # ipa group-find --type=external
>> and not
>> # ipa group-find --external
>> or
>> # ipa group-find --nonposix
>>
>> Wouldn't that cause confusion? I am looking for same second opinion on this one.
>>
>> I also did not like "normal" group type very much, maybe we should just call it
>> "nonposix"? As that's the option you use when you are creating such group:
>> # ipa group-add --nonposix foo
>>
>> Otherwise, the patch looks good functionally.
>>
>> Martin
>>
>
> I have to note that external group is also non-posix. Following command is valid:
> # ipa group-add foo --desc=a --external --nonposix
>
> By that logic
> # ipa group-find --nonposix
>
> Would also list external groups.
>
> I fine with renaming 'normal' to something better (will also require Web UI
> change), but it is not 'nonposix'.
I think this logic is flawed as well. Then you could say that posix group is
also nonposix, because it contains the same objectclasses as nonpoxis group +
posixGroup objectclass.
"nonposix" is the term we already use (see --nonposix), not something
artificial or new, so I would not be afraid of it.
Martin
More information about the Freeipa-devel
mailing list