I still need a review on this. On Wed, 2014-05-07 at 10:06 -0400, Nathaniel McCallum wrote: > On Wed, 2014-05-07 at 15:54 +0200, Petr Vobornik wrote: > > On 6.5.2014 17:07, Nathaniel McCallum wrote: > > > On Tue, 2014-05-06 at 16:11 +0200, Jan Cholasta wrote: > > >> On 6.5.2014 15:16, Nathaniel McCallum wrote: > > >>> On Tue, 2014-05-06 at 13:46 +0200, Jan Cholasta wrote: > > >>>> Hi, > > >>>> > > >>>> On 5.5.2014 18:40, Nathaniel McCallum wrote: > > >>>>> Creating tokens for yourself is the most common operation. Making this > > >>>>> the default optimizes for the common case. > > >>>> > > >>>> The user-find call should be inside the if statement. > > >>> > > >>> This is actually for a reason. See my patch 0049 for further context. > > >> > > >> IMO something like this would be better: > > >> > > >> if 'ipatokenowner' not in entry_attrs or 'ipatokenprotected' not in > > >> entry_attrs: > > >> result = self.api.Command.user_find(whoami=True)['result'] > > >> if result: > > >> cur_uid = result[0]['uid'][0] > > >> prev_uid = entry_attrs.setdefault('ipatokenowner', cur_uid) > > >> if cur_uid != prev_uid: > > >> entry_attrs.setdefault('ipatokenprotected', True) > > > > > > Fixed (see also my new revision of patch 0049). > > > > > > Nathaniel > > > > > > > I assume that this won't allow to create a token without an owner. Do we > > want to have this restriction? > > > > Usecase: import a batch of hw tokens > > This case is currently very much on my radar (I'm finishing the import > script now). To set no owner, just use --owner="". We are testing for > key presence here, not the value of the key. So if the key is present > with an empty value, no owner will be set. > > FYI, the import format (RFC 6030) also permits a mechanism for declaring > ownership in DN format. > > Nathaniel > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel