[Freeipa-devel] User life cycle: question regarding the design
Jan Cholasta
jcholast at redhat.com
Mon May 26 07:33:47 UTC 2014
On 26.5.2014 07:49, Martin Kosek wrote:
> On 05/23/2014 04:55 PM, Simo Sorce wrote:
>> On Fri, 2014-05-23 at 10:13 -0400, Rob Crittenden wrote:
>>> This, I believe, has already been covered, but I'm concerned with the
>>> (over)use of active/inactive in this discussion.
>>>
>>> I think use of "inactive" and "active" to describe users might be
>>> confusing since there is already an account enable/disable command.
>>> This
>>> on top of unlock, are there now 3 possible boolean states a user can
>>> be
>>> in? locked/unlocked, enabled/disabled, active/inactive, plus
>>> deleted/active and staged/active?
>>>
>> Agree, we should only have "ipa user-unstage <username>" and not call
>> this operations with words like active/inactive.
>>
>> User's in the staging area are not inactive, they are *not* users yet in
>> the first place.
>>
>> Simo.
>>
>
> Ok. Let us consolidate the decisions, I think we are now running in
> circles. Let me start from Petr3's API proposal which was a functionally
> complete proposal and start from there:
>
> On 05/22/2014 10:47 AM, Petr Viktorin wrote:
> > ...
> > My proposal would be that the move commands use the verb for the
> target and an
> > option for the source, and add/mod use an option for the container:
> >
> > 1) adding a new user
> > (to active) ipa user-add tuser ...
> > (to stage) ipa user-add tuser --staged ...
>
> Ok.
>
> > (to deleted) ipa user-add tuser --deleted ... (*)
>
> Not needed.
>
> > 2) moving to main
> > (from stage) ipa user-activate tuser (**)
> > (from del) ipa user-activate tuser --deleted
>
> We need both, alternative is Simo's proposal:
>
> ipa user-unstage
> ipa user-undelete
>
> I personally like unstage and undelete commands, I would go with those.
>
>
> > 3) moving to deleted
> > (from active) ipa user-del tuser
>
> Ok.
>
> > (from stage) ipa user-del tuser --staged
>
> IMO staged deleted users should not be moved to deleted container, but
> simply permanently deleted. As Simo noted, staged user are not real
> users, just incomplete users.
>
> > 4) moving to stage
> > (from active) ipa user-stage tuser
> > (from del) ipa user-stage tuser --deleted
>
> None of the commands are needed for the basic workflow.
>
> > 5) modifying
> > (in active) ipa user-mod tuser ...
>
> Ok.
>
> > (in stage) ipa user-mod tuser --staged ...
>
> Simo did not like this command, I would personally add it. As long as we
> have "ipa user-add --staged", we should also have an option to delete
> and modify user in staged area.
+1
>
> > (in del) ipa user-mod tuser --deleted ...
>
> Not needed.
>
> Is this acceptable for everyone? If yes, the next step would be for
> Thierry to update the design page with new proposals.
>
> Martin
Are users in different containers using the same uid allowed?
If not, do we need the --staged/--deleted flags on anything but
user-add/user-find?
--
Jan Cholasta
More information about the Freeipa-devel
mailing list