Open puetz-partec opened 3 months ago
Hum... we build the "set" methods like this because it allows you to prevent someone from simply forgetting to provide a list of principals which I think is very important when it comes to safety/trust in the API.
We could provide a "remove all" action I guess. It's better than setting the members to u_auth
which seems like a security issue.
I'd agree, that a specific "clear" sub-command option would probably be better.
PS: I am not really using u_auth for my workaround, but a pre-generated user, that has no possibility of successfully authenticating. It acts as my flavor of 'u_nobody' (which does not exist).
hey @puetz-partec, thanks for the suggestion-- it's a good one, and I'm glad you've got something in place that works for you now, even if it's not idea. We've got a packed roadmap right now but we will keep this issue open to gauge community support for the idea and will also consider it for future releases where we focus on increasing ease of use.
Is your feature request related to a problem? Please describe. It is currently not easily possible to set the number of members in a group to an empty set since 'group set-member' option requires that at least one -member option is present. However it should be valid that a group is completely empty (at least for transition periods).
Describe the solution you'd like modify the interface of 'groups set-member' to accept that,if no -member option is present and interpret that as an empty member list. Currently the API returns error saying it expects at least a -member count of 1.
Describe alternatives you've considered 1) modify the interface of 'groups set-member' to either accept an -clear flag to indicate that the set of members should be empty. 2) add a 'groups clear' sub-command option to achieve the same
Explain any additional use-cases
Additional context My current workaround is to do this in two steps 1) groups set-members -member u_auth 2) groups remove-members -member u_auth not nice, but it works.