Pavel, since we made the change here from a StrEnum to a Str, we need to update the UI patch accordingly.
On Fri, 2016-05-27 at 11:55 -0400, Nathaniel McCallum wrote: > On Fri, 2016-05-27 at 18:35 +0300, Alexander Bokovoy wrote: > > On Fri, 27 May 2016, Nathaniel McCallum wrote: > > > All core functionality for authentication indicators has already > > > been > > > merged. All that is left is the CLI and UI patches. Attached is > > > the > > > CLI > > > patch. > > > > > > One outstanding question that I have is how to future-proof this > > > patch. > > > Right now, we want to only permit two possible values: otp and > > > radius. > > > So we are using an StrEnum. However, in the future (probably > > > after > > > krb5-spake) we may want to have per-token custom indicators. That > > > means > > > that this value will need to become a Str. > > PKINIT has already support for AI, so it would be good to add > > pkinit > > indicator as well. The problem here is that pkinit indicator is not > > fixed and can be defined in the krb5.conf. > > Okay. You've convinced me that we should just make it a string now > and > be done with it since administrators can already set custom AIs. New > patch attached. I think this is ready for merge. > > > > How do I code this so that we can later do a StrEnum => Str > > > transition > > > without breaking API? > > Maybe just go to Str* right now and make a validation function that > > performs the actual check? Once you'd upgrade the validation code > > would > > change but method signature wouldn't. > > Since admins can already set custom AIs, there is no reason for a > validator. Let's just accept everything. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code