[Freeipa-devel] Client-side command in the IPA framework
Nathaniel McCallum
npmccallum at redhat.com
Fri Feb 28 15:02:25 UTC 2014
On Fri, 2014-02-28 at 16:43 +0200, Alexander Bokovoy wrote:
> On Fri, 28 Feb 2014, Nathaniel McCallum wrote:
> >On Fri, 2014-02-28 at 10:47 +0100, Petr Vobornik wrote:
> >> On 28.2.2014 04:02, Rob Crittenden wrote:
> >> > Alexander Bokovoy wrote:
> >> >> On Thu, 27 Feb 2014, Nathaniel McCallum wrote:
> >> >>> So the recent discussion on importing tokens led me to write a script to
> >> >>> parse RFC 6030 xml files into IPA token data. This all works well. But
> >> >>> now I need to integrate it into the IPA framework.
> >> >>>
> >> >>> This command will parse one or more xml files, creating a set of tokens
> >> >>> to be added. Given that we already have otptoken-add on the server-side,
> >> >>> it seems to me that all work needs to be done on the client-side. How do
> >> >>> I create a new client-side command that calls existing server-side API?
> >> >> subclass from frontend.Local, override run() or forward() method and
> >> >> perform batch
> >> >> operation of otptoken_add from there.
> >> >>
> >> >> See cli.help, for example.
> >> >
> >> > If you do an override, do forward() for cli-specific work.
> >> >
> >> > But you should do as little as possible for reasons you already stated:
> >> > the UI. Anything you do in forward Petr will need to implement in the UI.
> >> >
> >> > Unfortunately we don't yet have a nice way to handle files. We have
> >> > tickets open at https://fedorahosted.org/freeipa/ticket/1225 and
> >> > https://fedorahosted.org/freeipa/ticket/2933
> >> >
> >> > If this file is something that would be pasted into a big text field
> >> > then you can probably handle it in a similarly clumsy way that we do
> >> > CSRs in the cert plugin.
> >> >
> >> > rob
> >>
> >> +1 for parsing it on server. Otherwise every client, not just CLI or Web
> >> UI, would have to reimplement the same logic - having it on server will
> >> support better integration with third party products.
> >>
> >> Parsing on client would be understandable if there was some middle step
> >> which would require some action from user, i.e, pick only some tokens to
> >> import.
> >
> >If we parse on the server side, how do we handle the long-running
> >operation? Think of the case of importing hundreds or thousands of
> >tokens...
> Why then to do it as a IPA CLI command at all?
> This is an administrative task which can be done with a separate
> ipa-otp-import command, designated to run on IPA masters.
Agreed.
1. Is there a framework for this? Or should it just be an independent
script?
2. How can I use the ipalib API? Specifically, I'd like to call
otptoken-add and pass the --key parameter with a value (not possible
from the command line).
Nathaniel
More information about the Freeipa-devel
mailing list