Discussion:
[Freeipa-devel] [freeipa PR#625][opened] [RFC] remote plugins: add option to force compat plugins
HonzaCholasta
2017-03-20 10:49:17 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/625
Author: HonzaCholasta
Title: #625: [RFC] remote plugins: add option to force compat plugins
Action: opened

PR body:
"""
Add a new `force_client_compat` env flag to force client API not to do any
RPC calls to initialize remote plugins in `.finalize()` and use the newest
compat plugins instead.

Setting the flag serves as a workaround for `api.finalize()` requiring
valid Kerberos credentials.

https://pagure.io/freeipa/issue/6408
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/625/head:pr625
git checkout pr625
HonzaCholasta
2017-03-20 12:32:31 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/625
Title: #625: [RFC] remote plugins: add option to force compat plugins

HonzaCholasta commented:
"""
@tiran, please review this, I'm not sure whether this kind of workaround is good enough or not.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/625#issuecomment-287746048
tiran
2017-03-29 10:36:10 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/625
Title: #625: [RFC] remote plugins: add option to force compat plugins

tiran commented:
"""
I don't understand the implications of this change and the new flag:

* What are the benefits and drawbacks of ```force_client_compat=False```?
* What are the benefits and drawbacks of ```force_client_compat=True```?
* Why does FreeIPA have schema download and compat plugins at all?
* Why is this feature implemented as *either/or* option instead of *optimistic try/fallback*?

New feature is missing unit and integration tests.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/625#issuecomment-290051095
HonzaCholasta
2017-03-29 11:51:02 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/625
Title: #625: [RFC] remote plugins: add option to force compat plugins

HonzaCholasta commented:
"""
* With `force_client_compat=False`, the benefit is the client API matches the remote server API, the drawback is `api.finalize()` does RPC calls and touches schema cache (i.e. the current behavior).
* With `force_client_compat=True`, the benefit is `api.finalize()` does no RPC calls nor does it touch schema cache, the drawback is that the client API is stuck at API version 2.164 (IPA 4.3.3).
* Schema download exists to support newer servers versions without having to update the client. Compat plugins exist to support older server versions which do not have schema support. (See http://www.freeipa.org/page/V4/API_Compatiblity.)
* *Optimistic try/fallback* is the current behavior which requires RPC calls in `api.finalize()` to detect the server's capabilities in order to reconstruct it's API locally. With this PR it's possible to skip this step and fall back to the behavior of IPA 4.3.3.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/625#issuecomment-290066211
Loading...