[Freeipa-devel] [PATCH] 045 Add DNS record modification command
Simo Sorce
ssorce at redhat.com
Mon Apr 4 13:38:23 UTC 2011
On Fri, 01 Apr 2011 13:20:11 +0200
Jakub Hrozek <jhrozek at redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 03/31/2011 11:27 AM, Martin Kosek wrote:
> > On Wed, 2011-03-30 at 16:52 -0400, Adam Young wrote:
> >> On 03/30/2011 11:13 AM, Martin Kosek wrote:
> >>> Since this is a new-feature type patch it should be pushed only
> >>> to master. -------
> >>> The DNS record plugin does not support modification of a record.
> >>> One can only add A type addresses to a DNS record or remove the
> >>> current ones. To actually change a DNS record value it has to be
> >>> removed and then added with a desired value.
> >>>
> >>> This patch adds a new DNS plugin command "dnsrecord-mod" which
> >>> enables user to:
> >>> - modify a DNS record value (note than DNS record can hold
> >>> multiple values and those will be overwritten)
> >>> - remove a DNS record when an empty value is passed
> >>>
> >>> New tests for this new command have been added to the CLI test
> >>> suite.
> >>>
> >>> https://fedorahosted.org/freeipa/ticket/1137
> >>>
> >>>
> >>> _______________________________________________
> >>> Freeipa-devel mailing list
> >>> Freeipa-devel at redhat.com
> >>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> >>
> >>
> >>
> >> NACK,
> >>
> >> The problem is that if there are 10 A records, and I only want to
> >> modify one, I have no way to specify which one.
> >>
> >> The API should be something like:
> >>
> >> ipa dnsrecord-mod ayoung.boston.devel.redhat.com testa 10.10.2.3
> >> --a-rec=,10.11.12.13
> >>
> >>
> >> Alternatively, we can decide that we are not going to do mod, and
> >> have the WebUI do a delete and an add:
> >
> > Hm, that may be a valid use-case. We should discuss how we want the
> > DNS record modification to behave.
> >
> > The proposed API is not what we want, since we can modify multiple
> > attributes at once, e.g.:
> >
> > ipa dnsrecord-mod DNSZONE DNSRECORD --a-rec=10.0.0.1 --aaaa-rec=::1
> >
> > I can introduce new option --old-<DNS_TYPE>-rec for each DNS record
> > type available, e.g. --old-a-rec, --old-aaaa-rec, --old-srv-rec
> > etc. You would be able to do:
> >
> > ipa dnsrecord-mod DNSZONE DNSRECORD --old-a-rec=10.10.2.3
> > --a-rec=10.11.12.13
> >
> > This would of course increase the size of this patch. I tried to
> > find how we treat other multi-value LDAP attributes. In most cases
> > the behavior is the same like in my first patch (user mail,
> > mobile...) or the modification is not supported at all (list of
> > privilege permissions).
> >
>
> I think that this is kinda hard to do in CLI..in GUI the user can
> easily pick a record to mod, but for CLI case I would actually lean
> towards the approach Martin took in his original patch..that is, a
> -mod replaces the entries altogether.
Why is it hard ?
You just need to provide means to delete and add records in the same
command.
ipa dnsrecord-mod DNSZONE DNSRECORD --del-a-rec=1.2.3.4 \
--add-a-rec=4.3.2.1
to replace all:
ipa dnsrecord-mod DNSZONE DNSRECORD --del-all --add-a-rec=4.3.2.1
> For GUI I guess we can provide an internal XML-RPC only command that
> allows replacing a record.
better not to do special things valid only in one or the other, that's
not how we want to do it.
> The --old-<DNS_TYPE> approach doesn't sound quite right to me, to be
> honest, I think that would make the whole -mod command difficult to
> use..
> If the user wants to replace one of the records, he can run -del
> followed by -add.
Indeed it is just as easy to -del and then -add, perhaps instead of a
mod command we need to speed up the creation of batch commands for the
CLI so that admins can call -del/-add in a single batch command.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list