--- pcs-0.9.137/pcs/pcs.py.acl-fix 2014-12-19 16:23:13.264292808 -0600
+++ pcs-0.9.137/pcs/pcs.py 2014-12-19 16:23:57.361816642 -0600
@@ -54,7 +54,7 @@ def main(argv):
pcs_short_options_with_args.append(prev_char)
prev_char = c
- pcs_long_options = ["local","start","all","clone","master","force","corosync_conf=", "defaults","debug","version","help","fullhelp","off","from=","to=", "name=", "wait", "group=","groups","full","enable","node=","nodesc","transport=", "addr0=","addr1=","bcast0=","bcast1=","mcast0=","mcast1=","mcastport0=","mcastport1=","ttl0=","ttl1=","rrpmode=", "broadcast0", "broadcast1","wait_for_all=","auto_tie_breaker=","last_man_standing=", "last_man_standing_window=","no-default-ops","ipv6","token=", "token_coefficient=", "consensus=", "miss_count_const=", "fail_recv_const=","join=", "disabled", "after=", "before=", "autocorrect", "interactive"]
+ pcs_long_options = ["local","start","all","clone","master","force","corosync_conf=", "defaults","debug","version","help","fullhelp","off","from=","to=", "name=", "wait", "group=","groups","full","enable","node=","nodesc","transport=", "addr0=","addr1=","bcast0=","bcast1=","mcast0=","mcast1=","mcastport0=","mcastport1=","ttl0=","ttl1=","rrpmode=", "broadcast0", "broadcast1","wait_for_all=","auto_tie_breaker=","last_man_standing=", "last_man_standing_window=","no-default-ops","ipv6","token=", "token_coefficient=", "consensus=", "miss_count_const=", "fail_recv_const=","join=", "disabled", "after=", "before=", "autocorrect", "interactive", "autodelete"]
# pull out negative number arguments and add them back after getopt
prev_arg = ""
for arg in argv:
--- pcs-0.9.137/pcs/acl.py.acl-fix 2014-10-21 09:28:55.000000000 -0500
+++ pcs-0.9.137/pcs/acl.py 2014-12-19 16:23:13.264292808 -0600
@@ -58,6 +58,8 @@ def acl_role(argv):
id_valid, id_error = utils.validate_xml_id(role_name, 'ACL role')
if not id_valid:
utils.err(id_error)
+ if utils.dom_get_element_with_id(dom, "acl_role", role_name):
+ utils.err("role %s already exists" % role_name)
if utils.does_id_exist(dom,role_name):
utils.err(role_name + " already exists")
@@ -178,8 +180,13 @@ def acl_role(argv):
if not found:
utils.err("cannot find role: %s, assigned to user/group: %s" % (role_id, ug_id))
+
+ if "--autodelete" in utils.pcs_options:
+ if not ug.getElementsByTagName("role"):
+ ug.parentNode.removeChild(ug)
+
utils.replace_cib_configuration(dom)
-
+
else:
utils.err("Unknown pcs acl role command: '" + command + "' (try create or delete)")
@@ -198,8 +205,14 @@ def acl_target(argv,group=False):
command = argv.pop(0)
tug_id = argv.pop(0)
if command == "create":
+ # pcsd parses the error message in order to determine whether the id is
+ # assigned to user/group or some other cib element
+ if group and utils.dom_get_element_with_id(dom, "acl_group", tug_id):
+ utils.err("group %s already exists" % tug_id)
+ if not group and utils.dom_get_element_with_id(dom, "acl_target", tug_id):
+ utils.err("user %s already exists" % tug_id)
if utils.does_id_exist(dom,tug_id):
- utils.err(tug_id + " already exists in cib")
+ utils.err(tug_id + " already exists")
if group:
element = dom.createElement("acl_group")
--- pcs-0.9.137/pcsd/pcs.rb.acl-fix 2014-11-20 02:53:57.000000000 -0600
+++ pcs-0.9.137/pcsd/pcs.rb 2014-12-19 16:23:20.063219392 -0600
@@ -189,8 +189,8 @@ def add_acl_usergroup(acl_role_id, user_
if retval == 0
return ""
end
- if stderr.join("\n").strip.downcase != "error: #{name.to_s.downcase} already exists in cib"
- return stderror.join("\n").strip
+ if not /^error: (user|group) #{name.to_s} already exists$/i.match(stderr.join("\n").strip)
+ return stderr.join("\n").strip
end
end
stdout, stderror, retval = run_cmd(
@@ -211,7 +211,10 @@ def remove_acl_permission(acl_perm_id)
end
def remove_acl_usergroup(role_id, usergroup_id)
- stdout, stderror, retval = run_cmd(PCS, "acl", "role", "unassign", role_id.to_s, usergroup_id.to_s)
+ stdout, stderror, retval = run_cmd(
+ PCS, "acl", "role", "unassign", role_id.to_s, usergroup_id.to_s,
+ "--autodelete"
+ )
if retval != 0
return stderror.join("\n").chomp
end