[Freeipa-devel] [RFE] Support for automember rebuild membership

Ana Krivokapic akrivoka at redhat.com
Mon Sep 23 16:27:28 UTC 2013 

On 09/23/2013 09:57 AM, Jan Cholasta wrote:
> On 23.9.2013 09:18, Martin Kosek wrote:
>> On 09/19/2013 03:43 PM, Ana Krivokapic wrote:
>>> On 09/19/2013 03:26 PM, Jan Cholasta wrote:
>>>> Hi,
>>>>
>>>> On 12.9.2013 19:59, Ana Krivokapic wrote:
>>>>> Hello,
>>>>>
>>>>> The design document for $SUBJECT can be found at:
>>>>> http://www.freeipa.org/page/V3/Automember_rebuild_membership
>>>>>
>>>>> Related tickets:
>>>>> https://fedorahosted.org/freeipa/ticket/3752
>>>>> https://fedorahosted.org/freeipa/ticket/3928
>>>>>
>>>>> Thoughts, comments, questions welcome.
>>>>>
>>>>
>>>> I don't think naming the commands user-automember-rebuild and
>>>> host-automember-rebuild commands is correct. The names imply they are methods
>>>> of user/host, but they don't directly do anything to user/host objects. I
>>>> would prefer if they were kept in the automember namespace where they
>>>> logically belong (automember-rebuild-user and automember-rebuild-host
>>>> perhaps?)
>>>>
>>>> Honza
>>>>
>>>
>>> That makes sense... I don't have a strong preference one way or other. So if
>>> other agree with this suggestion, I will change it.
>>
>> I think Honza's comment makes sense. We can merge the functionality to
>> automember-rebuild command:
>>
>> $ ipa automember-rebuild --type=group [ENTRY]
>> $ ipa automember-rebuild --type=hostgroup [ENTRY]
>>
>> If no ENTRY is specified, it would run rebuild for all entries. If ENTRY is
>> specified, it would use it as Primary Key the entry - user uid or group name.
>>
>> This way the API should be consistent with the rest of the automember plugin.
>>
>> Makes sense?
>
> Yes, but I think the "--type=group <username>" part might be confusing. What
> about:
>
> $ ipa automember-rebuild --type=group --users <user1> --users <user2> ...
> $ ipa automember-rebuild --type=hostgroup --hosts <host1> --hosts <host2> ...
>
> ?
>
> The --users and --hosts parameters are inspired by group-add-member and
> hostgroup-add-member. Also, the value of --type can be inferred, so it does
> not have to be explicitly specified:
>
> $ ipa automember-rebuild --users <user1> --users <user2> ...
> $ ipa automember-rebuild --hosts <host1> --hosts <host2> ...
>
>>
>> Martin
>>
>
>

I like this suggestion, I updated the design page accordingly:
http://www.freeipa.org/page/V3/Automember_rebuild_membership#CLI

-- 
Regards,

Ana Krivokapic
Associate Software Engineer
FreeIPA team
Red Hat Inc.

More information about the Freeipa-devel mailing list