Enable transactions by default, make password and modrdn TXN-aware

The password and modrdn plugins needed to be made transaction aware
for the pre and post operations.

Remove the reverse member hoop jumping. Just fetch the entry once
and all the memberof data is there (plus objectclass).

Fix some unit tests that are failing because we actually get the data
now due to transactions.

Add small bit of code in user plugin to retrieve the user again
ala wait_for_attr but in the case of transactions we need do it only
once.

Deprecate wait_for_attr code.

Add a memberof fixup task for roles.

https://fedorahosted.org/freeipa/ticket/1263
https://fedorahosted.org/freeipa/ticket/1891
https://fedorahosted.org/freeipa/ticket/2056
https://fedorahosted.org/freeipa/ticket/3043
https://fedorahosted.org/freeipa/ticket/3191
https://fedorahosted.org/freeipa/ticket/3046

3 files changed, 12 insertions, 61 deletions

diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index a55a23244..85e2bec36 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -231,50 +231,6 @@ def entry_from_entry(entry, newentry):
     for e in newentry:
         entry[e] = newentry[e]
 
-def wait_for_memberof(keys, entry_start, completed, show_command, adding=True):
-    """
-    When adding or removing reverse members we are faking an update to
-    object A by updating the member attribute in object B. The memberof
-    plugin makes this work by adding or removing the memberof attribute
-    to/from object A, it just takes a little bit of time.
-
-    This will loop for 6+ seconds, retrieving object A so we can see
-    if all the memberof attributes have been updated.
-    """
-    if completed == 0:
-        # nothing to do
-        return api.Command[show_command](keys[-1])['result']
-
-    if 'memberof' in entry_start:
-        starting_memberof = len(entry_start['memberof'])
-    else:
-        starting_memberof = 0
-
-    # Loop a few times to give the memberof plugin a chance to add the
-    # entries. Don't sleep for more than 6 seconds.
-    memberof = 0
-    x = 0
-    while x < 20:
-        # sleep first because the first search, even on a quiet system,
-        # almost always fails to have memberof set.
-        time.sleep(.3)
-        x = x + 1
-
-        # FIXME: put a try/except around here? I think it is probably better
-        # to just let the exception filter up to the caller.
-        entry_attrs = api.Command[show_command](keys[-1])['result']
-        if 'memberof' in entry_attrs:
-            memberof = len(entry_attrs['memberof'])
-
-        if adding:
-            if starting_memberof + completed >= memberof:
-                break
-        else:
-            if starting_memberof + completed <= memberof:
-                break
-
-    return entry_attrs
-
 def wait_for_value(ldap, dn, attr, value):
     """
     389-ds postoperation plugins are executed after the data has been
@@ -2029,11 +1985,9 @@ class LDAPAddReverseMember(LDAPModReverseMember):
             except errors.PublicError, e:
                 failed['member'][self.reverse_attr].append((attr, unicode(msg)))
 
-        # Wait for the memberof plugin to update the entry
-        try:
-            entry_attrs = wait_for_memberof(keys, entry_start, completed, self.show_command, adding=True)
-        except Exception, e:
-            raise errors.ReverseMemberError(verb=_('added'), exc=str(e))
+        # Update the member data.
+        (dn, entry_attrs) = ldap.get_entry(dn, ['*'])
+        self.obj.convert_attribute_members(entry_attrs, *keys, **options)
 
         for callback in self.get_callbacks('post'):
             (completed, dn) = callback(
@@ -2131,11 +2085,9 @@ class LDAPRemoveReverseMember(LDAPModReverseMember):
             except errors.PublicError, e:
                 failed['member'][self.reverse_attr].append((attr, unicode(msg)))
 
-        # Wait for the memberof plugin to update the entry
-        try:
-            entry_attrs = wait_for_memberof(keys, entry_start, completed, self.show_command, adding=False)
-        except Exception, e:
-            raise errors.ReverseMemberError(verb=_('removed'), exc=str(e))
+        # Update the member data.
+        (dn, entry_attrs) = ldap.get_entry(dn, ['*'])
+        self.obj.convert_attribute_members(entry_attrs, *keys, **options)
 
         for callback in self.get_callbacks('post'):
             (completed, dn) = callback(
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index 80c6bc068..1fbf9e018 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -115,6 +115,7 @@ class permission(LDAPObject):
     ]
     attribute_members = {
         'member': ['privilege'],
+        'memberindirect': ['role'],
     }
     rdn_is_primary_key = True
 
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index 5d667dc94..80bdc39e2 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -547,9 +547,6 @@ class user_add(LDAPCreate):
         except errors.AlreadyGroupMember:
             pass
 
-        if self.api.env.wait_for_attr:
-            newentry = wait_for_value(ldap, dn, 'memberOf', def_primary_group)
-            entry_from_entry(entry_attrs, newentry)
         self.obj._convert_manager(entry_attrs, **options)
         # delete description attribute NO_UPG_MAGIC if present
         if options.get('noprivate', False):
@@ -563,10 +560,11 @@ class user_add(LDAPCreate):
                     self.api.Command['user_mod'](keys[-1], **kw)
                 except (errors.EmptyModlist, errors.NotFound):
                     pass
-        else:
-            if self.api.env.wait_for_attr:
-                newentry = wait_for_value(ldap, dn, 'objectclass', 'mepOriginEntry')
-                entry_from_entry(entry_attrs, newentry)
+
+        # Fetch the entry again to update memberof, mep data, etc updated
+        # at the end of the transaction.
+        (newdn, newentry) = ldap.get_entry(dn, ['*'])
+        entry_attrs.update(newentry)
 
         if options.get('random', False):
             try: