[Freeipa-devel] [PATCH] 1085 cert-find command

Petr Vobornik pvoborni at redhat.com
Thu Feb 14 16:42:14 UTC 2013 

On 02/14/2013 05:27 PM, Rob Crittenden wrote:
> Petr Vobornik wrote:
>> On 02/14/2013 03:34 PM, Rob Crittenden wrote:
>>> Petr Vobornik wrote:
>>>> On 02/07/2013 03:08 PM, Rob Crittenden wrote:
>>>>> Petr Vobornik wrote:
>>>>>> On 02/06/2013 12:44 AM, Rob Crittenden wrote:
>>>>>>> This adds a cert-find command for the dogtag backend.
>>>>>>>
>>>>>>> Searches can be done by serial number, by subject, revocation
>>>>>>> reason,
>>>>>>> issue date, notbefore, notafter and revocation dates.
>>>>>>>
>>>>>>> I added some basic tests for this. I made it a separate test file
>>>>>>> because the cert plugin tests do not use the declarative format and
>>>>>>> rely
>>>>>>> on the selfsign backend by default.
>>>>>>>
>>>>>>> rob
>>>>>>>
>>>>>>
>>>>>> Should I create Web UI in scope of this ticket or a new one?
>>>>>>
>>>>>> I was also thinking if it's time to implement #191 'Web UI: specify
>>>>>> fields to search on' [1]. Maybe in Pilsner.
>>>>>>
>>>>>> [1] https://fedorahosted.org/freeipa/ticket/191
>>>>>
>>>>> I'm going to open a UI ticket once the API is finalized. I didn't want
>>>>> to give you a moving target to work against.
>>>>>
>>>>> rob
>>>>>
>>>>
>>>> I see that the search requires to specify options for attributes to
>>>> search on. There is no general CRITERIA positional argument as in other
>>>> find commands or am I mistaken?
>>>>
>>>> Is it possible to add the CRITERIA argument? Is the no 'OR' search an
>>>> obstacle for it?
>>>>
>>>> If so we would really need to push the ticket #191 because UI doesn't
>>>> support search by only specifying specific attributes yet.
>>>
>>> Your analysis is correct.
>>>
>>> It may be considered a hack but what if I treat subject as the CRITERIA
>>> argument?
>>>
>>> rob
>>
>> Better that than nothing.
>>
>> Just a confirmation: when user does not set any option, it will return
>> all certificates? Or it will return nothing?
>>
>> I see Web UI implementation this way:
>>   1) implement simple search with the hack now
>>   2) if there will be time before release (after the refactoring and
>> other tickets) implement #191 (will require UXD input) to implement this
>> the proper way. We can move #191 to triage to decide it.
>
> The thing is we have to live with whatever API choice we decide on.
>
> It is more correct to have no positional args and stick with options, to
> mimik what the remote API provides.

It's not a problem to use the --subject option, so we don't have to 
implement the positional argument when it has the same meaning. What I 
meant by use hack is 'filter by subject or nothing'.

--> This patch is OK from UI perspective (considering the limitations).

>
> If you search on nothing you get everything, up to the default sizelimit.
>
> rob



-- 
Petr Vobornik

More information about the Freeipa-devel mailing list