[Freeipa-devel] [PATCH] 045 Add DNS record modification command
Jakub Hrozek
jhrozek at redhat.com
Fri Apr 1 11:20:11 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/31/2011 11:27 AM, Martin Kosek wrote:
> On Wed, 2011-03-30 at 16:52 -0400, Adam Young wrote:
>> On 03/30/2011 11:13 AM, Martin Kosek wrote:
>>> Since this is a new-feature type patch it should be pushed only to master.
>>> -------
>>> The DNS record plugin does not support modification of a record. One
>>> can only add A type addresses to a DNS record or remove the current
>>> ones. To actually change a DNS record value it has to be removed and
>>> then added with a desired value.
>>>
>>> This patch adds a new DNS plugin command "dnsrecord-mod" which enables
>>> user to:
>>> - modify a DNS record value (note than DNS record can hold multiple values
>>> and those will be overwritten)
>>> - remove a DNS record when an empty value is passed
>>>
>>> New tests for this new command have been added to the CLI test suite.
>>>
>>> https://fedorahosted.org/freeipa/ticket/1137
>>>
>>>
>>> _______________________________________________
>>> Freeipa-devel mailing list
>>> Freeipa-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>
>>
>>
>> NACK,
>>
>> The problem is that if there are 10 A records, and I only want to
>> modify one, I have no way to specify which one.
>>
>> The API should be something like:
>>
>> ipa dnsrecord-mod ayoung.boston.devel.redhat.com testa 10.10.2.3
>> --a-rec=,10.11.12.13
>>
>>
>> Alternatively, we can decide that we are not going to do mod, and have
>> the WebUI do a delete and an add:
>
> Hm, that may be a valid use-case. We should discuss how we want the DNS
> record modification to behave.
>
> The proposed API is not what we want, since we can modify multiple
> attributes at once, e.g.:
>
> ipa dnsrecord-mod DNSZONE DNSRECORD --a-rec=10.0.0.1 --aaaa-rec=::1
>
> I can introduce new option --old-<DNS_TYPE>-rec for each DNS record type
> available, e.g. --old-a-rec, --old-aaaa-rec, --old-srv-rec etc. You
> would be able to do:
>
> ipa dnsrecord-mod DNSZONE DNSRECORD --old-a-rec=10.10.2.3
> --a-rec=10.11.12.13
>
> This would of course increase the size of this patch. I tried to find
> how we treat other multi-value LDAP attributes. In most cases the
> behavior is the same like in my first patch (user mail, mobile...) or
> the modification is not supported at all (list of privilege
> permissions).
>
I think that this is kinda hard to do in CLI..in GUI the user can easily
pick a record to mod, but for CLI case I would actually lean towards the
approach Martin took in his original patch..that is, a -mod replaces the
entries altogether.
For GUI I guess we can provide an internal XML-RPC only command that
allows replacing a record.
The --old-<DNS_TYPE> approach doesn't sound quite right to me, to be
honest, I think that would make the whole -mod command difficult to use..
If the user wants to replace one of the records, he can run -del
followed by -add.
Jakub
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk2VtOsACgkQHsardTLnvCVZ7wCgmwE18qZOTDj4ZOOATv6cVkcs
+A4An0FLlik0ykW4v+BaKsEo1uVbYSTe
=P0Am
-----END PGP SIGNATURE-----
More information about the Freeipa-devel
mailing list