|
 |
e3ffab |
From 822910bb85c4dedff39faff142e645c5f2922984 Mon Sep 17 00:00:00 2001
|
|
|
e3ffab |
From: Martin Basti <mbasti@redhat.com>
|
|
|
e3ffab |
Date: Fri, 7 Nov 2014 13:28:01 +0100
|
|
|
e3ffab |
Subject: [PATCH] Fix upgrade referint plugin
|
|
|
e3ffab |
|
|
|
e3ffab |
Mixing 'Old' and 'New' attr style for referential integrity plugin causes errors.
|
|
|
e3ffab |
Now old setting are migrated to new style setting before upgrade
|
|
|
e3ffab |
|
|
|
e3ffab |
Ticket: https://fedorahosted.org/freeipa/ticket/4622
|
|
|
e3ffab |
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
e3ffab |
---
|
|
|
e3ffab |
install/updates/25-referint.update | 13 +---
|
|
|
e3ffab |
ipaserver/install/plugins/Makefile.am | 1 +
|
|
|
e3ffab |
ipaserver/install/plugins/update_referint.py | 90 ++++++++++++++++++++++++++++
|
|
|
e3ffab |
3 files changed, 92 insertions(+), 12 deletions(-)
|
|
|
e3ffab |
create mode 100644 ipaserver/install/plugins/update_referint.py
|
|
|
e3ffab |
|
|
|
e3ffab |
diff --git a/install/updates/25-referint.update b/install/updates/25-referint.update
|
|
|
e3ffab |
index a43d21ad5152358cb939c3545f0eef9d251e7fe0..609eaba74f0fcde6ce875093587315681fbd4584 100644
|
|
|
e3ffab |
--- a/install/updates/25-referint.update
|
|
|
e3ffab |
+++ b/install/updates/25-referint.update
|
|
|
e3ffab |
@@ -1,19 +1,8 @@
|
|
|
e3ffab |
# Expand attributes checked by Referential Integrity plugin
|
|
|
e3ffab |
# pres and eq indexes defined in 20-indices.update must be set for all these
|
|
|
e3ffab |
# attributes
|
|
|
e3ffab |
+# NOTE: migration to new style is done in update_referint.py
|
|
|
e3ffab |
dn: cn=referential integrity postoperation,cn=plugins,cn=config
|
|
|
e3ffab |
-remove: nsslapd-pluginArg7: manager
|
|
|
e3ffab |
-remove: nsslapd-pluginArg8: secretary
|
|
|
e3ffab |
-remove: nsslapd-pluginArg9: memberuser
|
|
|
e3ffab |
-remove: nsslapd-pluginArg10: memberhost
|
|
|
e3ffab |
-remove: nsslapd-pluginArg11: sourcehost
|
|
|
e3ffab |
-remove: nsslapd-pluginArg12: memberservice
|
|
|
e3ffab |
-remove: nsslapd-pluginArg13: managedby
|
|
|
e3ffab |
-remove: nsslapd-pluginArg14: memberallowcmd
|
|
|
e3ffab |
-remove: nsslapd-pluginArg15: memberdenycmd
|
|
|
e3ffab |
-remove: nsslapd-pluginArg16: ipasudorunas
|
|
|
e3ffab |
-remove: nsslapd-pluginArg17: ipasudorunasgroup
|
|
|
e3ffab |
-remove: nsslapd-pluginArg18: ipatokenradiusconfiglink
|
|
|
e3ffab |
add: referint-membership-attr: manager
|
|
|
e3ffab |
add: referint-membership-attr: secretary
|
|
|
e3ffab |
add: referint-membership-attr: memberuser
|
|
|
e3ffab |
diff --git a/ipaserver/install/plugins/Makefile.am b/ipaserver/install/plugins/Makefile.am
|
|
|
e3ffab |
index 635877d8c2160a91208276498cdb4cd9bc82d56b..d651297ac141b0f05831e7fabbb9b561cdd239c7 100644
|
|
|
e3ffab |
--- a/ipaserver/install/plugins/Makefile.am
|
|
|
e3ffab |
+++ b/ipaserver/install/plugins/Makefile.am
|
|
|
e3ffab |
@@ -11,6 +11,7 @@ app_PYTHON = \
|
|
|
e3ffab |
update_services.py \
|
|
|
e3ffab |
update_anonymous_aci.py \
|
|
|
e3ffab |
update_pacs.py \
|
|
|
e3ffab |
+ update_referint.py \
|
|
|
e3ffab |
ca_renewal_master.py \
|
|
|
e3ffab |
update_uniqueness.py \
|
|
|
e3ffab |
$(NULL)
|
|
|
e3ffab |
diff --git a/ipaserver/install/plugins/update_referint.py b/ipaserver/install/plugins/update_referint.py
|
|
|
e3ffab |
new file mode 100644
|
|
|
e3ffab |
index 0000000000000000000000000000000000000000..1b7411035b27ebba04246a7ee6f220d470b46688
|
|
|
e3ffab |
--- /dev/null
|
|
|
e3ffab |
+++ b/ipaserver/install/plugins/update_referint.py
|
|
|
e3ffab |
@@ -0,0 +1,90 @@
|
|
|
e3ffab |
+#
|
|
|
e3ffab |
+# Copyright (C) 2014 FreeIPA Contributors see COPYING for license
|
|
|
e3ffab |
+#
|
|
|
e3ffab |
+
|
|
|
e3ffab |
+from ipaserver.install.plugins import MIDDLE
|
|
|
e3ffab |
+from ipaserver.install.plugins.baseupdate import PreUpdate
|
|
|
e3ffab |
+from ipalib import api, errors
|
|
|
e3ffab |
+from ipapython.dn import DN
|
|
|
e3ffab |
+from ipapython.ipa_log_manager import root_logger
|
|
|
e3ffab |
+
|
|
|
e3ffab |
+class update_referint(PreUpdate):
|
|
|
e3ffab |
+ """
|
|
|
e3ffab |
+ Update referential integrity configuration to new style
|
|
|
e3ffab |
+ http://directory.fedoraproject.org/docs/389ds/design/ri-plugin-configuration.html
|
|
|
e3ffab |
+
|
|
|
e3ffab |
+ old attr -> new attr
|
|
|
e3ffab |
+ nsslapd-pluginArg0 -> referint-update-delay
|
|
|
e3ffab |
+ nsslapd-pluginArg1 -> referint-logfile
|
|
|
e3ffab |
+ nsslapd-pluginArg2 -> referint-logchanges
|
|
|
e3ffab |
+ nsslapd-pluginArg3..N -> referint-membership-attr [3..N]
|
|
|
e3ffab |
+
|
|
|
e3ffab |
+ Old and new style cannot be mixed, all nslapd-pluginArg* attrs have to be removed
|
|
|
e3ffab |
+ """
|
|
|
e3ffab |
+
|
|
|
e3ffab |
+ order = MIDDLE
|
|
|
e3ffab |
+
|
|
|
e3ffab |
+ referint_dn = DN(('cn', 'referential integrity postoperation'),
|
|
|
e3ffab |
+ ('cn', 'plugins'), ('cn', 'config'))
|
|
|
e3ffab |
+
|
|
|
e3ffab |
+ def execute(self, **options):
|
|
|
e3ffab |
+
|
|
|
e3ffab |
+ root_logger.debug("Upgrading referential integrity plugin configuration")
|
|
|
e3ffab |
+ ldap = self.obj.backend
|
|
|
e3ffab |
+ try:
|
|
|
e3ffab |
+ entry = ldap.get_entry(self.referint_dn)
|
|
|
e3ffab |
+ except errors.NotFound:
|
|
|
e3ffab |
+ root_logger.error("Referential integrity configuration not found")
|
|
|
e3ffab |
+ return False, False, []
|
|
|
e3ffab |
+
|
|
|
e3ffab |
+ referint_membership_attrs = []
|
|
|
e3ffab |
+
|
|
|
e3ffab |
+ root_logger.debug("Initial value: %s", repr(entry))
|
|
|
e3ffab |
+
|
|
|
e3ffab |
+ # nsslapd-pluginArg0 -> referint-update-delay
|
|
|
e3ffab |
+ update_delay = entry.get('nsslapd-pluginArg0')
|
|
|
e3ffab |
+ if update_delay:
|
|
|
e3ffab |
+ root_logger.debug("add: referint-update-delay: %s", update_delay)
|
|
|
e3ffab |
+ entry['referint-update-delay'] = update_delay
|
|
|
e3ffab |
+ entry['nsslapd-pluginArg0'] = None
|
|
|
e3ffab |
+ else:
|
|
|
e3ffab |
+ root_logger.info("Plugin already uses new style, skipping")
|
|
|
e3ffab |
+ return False, False, []
|
|
|
e3ffab |
+
|
|
|
e3ffab |
+ # nsslapd-pluginArg1 -> referint-logfile
|
|
|
e3ffab |
+ logfile = entry.get('nsslapd-pluginArg1')
|
|
|
e3ffab |
+ if logfile:
|
|
|
e3ffab |
+ root_logger.debug("add: referint-logfile: %s", logfile)
|
|
|
e3ffab |
+ entry['referint-logfile'] = logfile
|
|
|
e3ffab |
+ entry['nsslapd-pluginArg1'] = None
|
|
|
e3ffab |
+
|
|
|
e3ffab |
+ # nsslapd-pluginArg2 -> referint-logchanges
|
|
|
e3ffab |
+ logchanges = entry.get('nsslapd-pluginArg2')
|
|
|
e3ffab |
+ if logchanges:
|
|
|
e3ffab |
+ root_logger.debug("add: referint-logchanges: %s", logchanges)
|
|
|
e3ffab |
+ entry['referint-logchanges'] = logchanges
|
|
|
e3ffab |
+ entry['nsslapd-pluginArg2'] = None
|
|
|
e3ffab |
+
|
|
|
e3ffab |
+ # nsslapd-pluginArg3..N -> referint-membership-attr [3..N]
|
|
|
e3ffab |
+ for key in entry.keys():
|
|
|
e3ffab |
+ if key.lower().startswith('nsslapd-pluginarg'):
|
|
|
e3ffab |
+ arg_val = entry.single_value[key]
|
|
|
e3ffab |
+ if arg_val:
|
|
|
e3ffab |
+ referint_membership_attrs.append(arg_val)
|
|
|
e3ffab |
+ entry[key] = None
|
|
|
e3ffab |
+
|
|
|
e3ffab |
+ if referint_membership_attrs:
|
|
|
e3ffab |
+ # entry['referint-membership-attr'] is None, plugin doesn't allow
|
|
|
e3ffab |
+ # mixing old and new style
|
|
|
e3ffab |
+ entry['referint-membership-attr'] = referint_membership_attrs
|
|
|
e3ffab |
+
|
|
|
e3ffab |
+ root_logger.debug("Final value: %s", repr(entry))
|
|
|
e3ffab |
+ try:
|
|
|
e3ffab |
+ ldap.update_entry(entry)
|
|
|
e3ffab |
+ except errors.EmptyModlist:
|
|
|
e3ffab |
+ root_logger.debug("No modifications required")
|
|
|
e3ffab |
+ return False, False, []
|
|
|
e3ffab |
+
|
|
|
e3ffab |
+ return False, True, []
|
|
|
e3ffab |
+
|
|
|
e3ffab |
+api.register(update_referint)
|
|
|
e3ffab |
--
|
|
|
e3ffab |
2.1.0
|
|
|
e3ffab |
|