while thinking about <https://fedorahosted.org/freeipa/ticket/2933>, I had an idea how to make loading data from files available for all parameters:

I think we can use URI-like strings in parameter values that the CLI would interpret and extract the wanted information from them (similar to what openssl does in the -pass command line option, see PASS PHRASE ARGUMENTS in openssl(1)).

So, instead of adding a new parameter as a file-accepting alternative to any existing parameter (i.e. what is suggested in the ticket), the user would be able to specify the file in a URI-like string:

(use new parameter --sshpubkeyfile)
$ ipa user-mod --sshpubkey="ssh-rsa AAAA ..."
$ ipa user-mod --sshpubkeyfile=.ssh/id_rsa.pub


(use file URI-like string)
$ ipa user-mod --sshpubkey="ssh-rsa AAAA ..."
$ ipa user-mod --sshpubkey=file:.ssh/id_rsa.pub

and the CLI would take care of reading the file and using its contents as the parameter value.

This could be extended with additional URI(-like) schemes:

- data:<data> - use <data> as the value (useful for escaping values that look like URIs, but you don't want them to be treated as such) - base64:<data> - use the value of base64 decoded <data> (useful for --delattr on ugly raw binary values)
  - fd:<num> - read value from file descriptor <num>
  - env:<var> - read value from environment variable <var>
  - ask: - always prompt interactively for the value
  - default: - use default value, never prompt interactively



Jan Cholasta

Freeipa-devel mailing list

Reply via email to