|
 |
337c54 |
--- pcs-0.9.137/pcs/pcs.py.acl-fix 2014-12-19 16:23:13.264292808 -0600
|
|
|
337c54 |
+++ pcs-0.9.137/pcs/pcs.py 2014-12-19 16:23:57.361816642 -0600
|
|
|
337c54 |
@@ -54,7 +54,7 @@ def main(argv):
|
|
|
337c54 |
pcs_short_options_with_args.append(prev_char)
|
|
|
337c54 |
prev_char = c
|
|
|
337c54 |
|
|
|
337c54 |
- pcs_long_options = ["local","start","all","clone","master","force","corosync_conf=", "defaults","debug","version","help","fullhelp","off","from=","to=", "name=", "wait", "group=","groups","full","enable","node=","nodesc","transport=", "addr0=","addr1=","bcast0=","bcast1=","mcast0=","mcast1=","mcastport0=","mcastport1=","ttl0=","ttl1=","rrpmode=", "broadcast0", "broadcast1","wait_for_all=","auto_tie_breaker=","last_man_standing=", "last_man_standing_window=","no-default-ops","ipv6","token=", "token_coefficient=", "consensus=", "miss_count_const=", "fail_recv_const=","join=", "disabled", "after=", "before=", "autocorrect", "interactive"]
|
|
|
337c54 |
+ pcs_long_options = ["local","start","all","clone","master","force","corosync_conf=", "defaults","debug","version","help","fullhelp","off","from=","to=", "name=", "wait", "group=","groups","full","enable","node=","nodesc","transport=", "addr0=","addr1=","bcast0=","bcast1=","mcast0=","mcast1=","mcastport0=","mcastport1=","ttl0=","ttl1=","rrpmode=", "broadcast0", "broadcast1","wait_for_all=","auto_tie_breaker=","last_man_standing=", "last_man_standing_window=","no-default-ops","ipv6","token=", "token_coefficient=", "consensus=", "miss_count_const=", "fail_recv_const=","join=", "disabled", "after=", "before=", "autocorrect", "interactive", "autodelete"]
|
|
|
337c54 |
# pull out negative number arguments and add them back after getopt
|
|
|
337c54 |
prev_arg = ""
|
|
|
337c54 |
for arg in argv:
|
|
|
337c54 |
--- pcs-0.9.137/pcs/acl.py.acl-fix 2014-10-21 09:28:55.000000000 -0500
|
|
|
337c54 |
+++ pcs-0.9.137/pcs/acl.py 2014-12-19 16:23:13.264292808 -0600
|
|
|
337c54 |
@@ -58,6 +58,8 @@ def acl_role(argv):
|
|
|
337c54 |
id_valid, id_error = utils.validate_xml_id(role_name, 'ACL role')
|
|
|
337c54 |
if not id_valid:
|
|
|
337c54 |
utils.err(id_error)
|
|
|
337c54 |
+ if utils.dom_get_element_with_id(dom, "acl_role", role_name):
|
|
|
337c54 |
+ utils.err("role %s already exists" % role_name)
|
|
|
337c54 |
if utils.does_id_exist(dom,role_name):
|
|
|
337c54 |
utils.err(role_name + " already exists")
|
|
|
337c54 |
|
|
|
337c54 |
@@ -178,8 +180,13 @@ def acl_role(argv):
|
|
|
337c54 |
|
|
|
337c54 |
if not found:
|
|
|
337c54 |
utils.err("cannot find role: %s, assigned to user/group: %s" % (role_id, ug_id))
|
|
|
337c54 |
+
|
|
|
337c54 |
+ if "--autodelete" in utils.pcs_options:
|
|
|
337c54 |
+ if not ug.getElementsByTagName("role"):
|
|
|
337c54 |
+ ug.parentNode.removeChild(ug)
|
|
|
337c54 |
+
|
|
|
337c54 |
utils.replace_cib_configuration(dom)
|
|
|
337c54 |
-
|
|
|
337c54 |
+
|
|
|
337c54 |
else:
|
|
|
337c54 |
utils.err("Unknown pcs acl role command: '" + command + "' (try create or delete)")
|
|
|
337c54 |
|
|
|
337c54 |
@@ -198,8 +205,14 @@ def acl_target(argv,group=False):
|
|
|
337c54 |
command = argv.pop(0)
|
|
|
337c54 |
tug_id = argv.pop(0)
|
|
|
337c54 |
if command == "create":
|
|
|
337c54 |
+ # pcsd parses the error message in order to determine whether the id is
|
|
|
337c54 |
+ # assigned to user/group or some other cib element
|
|
|
337c54 |
+ if group and utils.dom_get_element_with_id(dom, "acl_group", tug_id):
|
|
|
337c54 |
+ utils.err("group %s already exists" % tug_id)
|
|
|
337c54 |
+ if not group and utils.dom_get_element_with_id(dom, "acl_target", tug_id):
|
|
|
337c54 |
+ utils.err("user %s already exists" % tug_id)
|
|
|
337c54 |
if utils.does_id_exist(dom,tug_id):
|
|
|
337c54 |
- utils.err(tug_id + " already exists in cib")
|
|
|
337c54 |
+ utils.err(tug_id + " already exists")
|
|
|
337c54 |
|
|
|
337c54 |
if group:
|
|
|
337c54 |
element = dom.createElement("acl_group")
|
|
|
337c54 |
--- pcs-0.9.137/pcsd/pcs.rb.acl-fix 2014-11-20 02:53:57.000000000 -0600
|
|
|
337c54 |
+++ pcs-0.9.137/pcsd/pcs.rb 2014-12-19 16:23:20.063219392 -0600
|
|
|
337c54 |
@@ -189,8 +189,8 @@ def add_acl_usergroup(acl_role_id, user_
|
|
|
337c54 |
if retval == 0
|
|
|
337c54 |
return ""
|
|
|
337c54 |
end
|
|
|
337c54 |
- if stderr.join("\n").strip.downcase != "error: #{name.to_s.downcase} already exists in cib"
|
|
|
337c54 |
- return stderror.join("\n").strip
|
|
|
337c54 |
+ if not /^error: (user|group) #{name.to_s} already exists$/i.match(stderr.join("\n").strip)
|
|
|
337c54 |
+ return stderr.join("\n").strip
|
|
|
337c54 |
end
|
|
|
337c54 |
end
|
|
|
337c54 |
stdout, stderror, retval = run_cmd(
|
|
|
337c54 |
@@ -211,7 +211,10 @@ def remove_acl_permission(acl_perm_id)
|
|
|
337c54 |
end
|
|
|
337c54 |
|
|
|
337c54 |
def remove_acl_usergroup(role_id, usergroup_id)
|
|
|
337c54 |
- stdout, stderror, retval = run_cmd(PCS, "acl", "role", "unassign", role_id.to_s, usergroup_id.to_s)
|
|
|
337c54 |
+ stdout, stderror, retval = run_cmd(
|
|
|
337c54 |
+ PCS, "acl", "role", "unassign", role_id.to_s, usergroup_id.to_s,
|
|
|
337c54 |
+ "--autodelete"
|
|
|
337c54 |
+ )
|
|
|
337c54 |
if retval != 0
|
|
|
337c54 |
return stderror.join("\n").chomp
|
|
|
337c54 |
end
|