[Freeipa-devel] User life cycle: question regarding the design
Dmitri Pal
dpal at redhat.com
Thu May 29 03:31:42 UTC 2014
On 05/26/2014 01:49 AM, Martin Kosek wrote:
> On 05/23/2014 04:55 PM, Simo Sorce wrote:
>> On Fri, 2014-05-23 at 10:13 -0400, Rob Crittenden wrote:
>>> This, I believe, has already been covered, but I'm concerned with the
>>> (over)use of active/inactive in this discussion.
>>>
>>> I think use of "inactive" and "active" to describe users might be
>>> confusing since there is already an account enable/disable command.
>>> This
>>> on top of unlock, are there now 3 possible boolean states a user can
>>> be
>>> in? locked/unlocked, enabled/disabled, active/inactive, plus
>>> deleted/active and staged/active?
>>>
>> Agree, we should only have "ipa user-unstage <username>" and not call
>> this operations with words like active/inactive.
>>
>> User's in the staging area are not inactive, they are *not* users yet in
>> the first place.
>>
>> Simo.
>>
>
> Ok. Let us consolidate the decisions, I think we are now running in
> circles. Let me start from Petr3's API proposal which was a
> functionally complete proposal and start from there:
>
> On 05/22/2014 10:47 AM, Petr Viktorin wrote:
> > ...
> > My proposal would be that the move commands use the verb for the
> target and an
> > option for the source, and add/mod use an option for the container:
> >
> > 1) adding a new user
> > (to active) ipa user-add tuser ...
> > (to stage) ipa user-add tuser --staged ...
>
> Ok.
>
> > (to deleted) ipa user-add tuser --deleted ... (*)
>
> Not needed.
>
> > 2) moving to main
> > (from stage) ipa user-activate tuser (**)
> > (from del) ipa user-activate tuser --deleted
>
> We need both, alternative is Simo's proposal:
>
> ipa user-unstage
> ipa user-undelete
>
> I personally like unstage and undelete commands, I would go with those.
Sorry for coming late to the party.
I strongly do not like "unstage"
This suggests that the user will be removed from staged but does not
indicate that the full user will be created.
As I suggested elsewhere provision-user or user-provision (or may be
even user-add --from-stage) would be better.
>
>
> > 3) moving to deleted
> > (from active) ipa user-del tuser
>
> Ok.
>
> > (from stage) ipa user-del tuser --staged
>
> IMO staged deleted users should not be moved to deleted container, but
> simply permanently deleted. As Simo noted, staged user are not real
> users, just incomplete users.
>
> > 4) moving to stage
> > (from active) ipa user-stage tuser
This was suggested for completeness.
I think we are cutting corners but I would not insist here.
> > (from del) ipa user-stage tuser --deleted
>
> None of the commands are needed for the basic workflow.
But this is a valid use case. I created a user, deleted it and want to
rebuild it becuase something got corrupted in the original entry. I
agree it is not a primary use case but then we should have a ticket to
track this RFE for future.
>
> > 5) modifying
> > (in active) ipa user-mod tuser ...
>
> Ok.
>
> > (in stage) ipa user-mod tuser --staged ...
>
> Simo did not like this command, I would personally add it. As long as
> we have "ipa user-add --staged", we should also have an option to
> delete and modify user in staged area.
>
> > (in del) ipa user-mod tuser --deleted ...
>
> Not needed.
>
> Is this acceptable for everyone? If yes, the next step would be for
> Thierry to update the design page with new proposals.
>
> Martin
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
More information about the Freeipa-devel
mailing list