Fix upgrade referint plugin

Mixing 'Old' and 'New' attr style for referential integrity plugin causes errors. Now old setting are migrated to new style setting before upgrade Ticket: https://fedorahosted.org/freeipa/ticket/4622 Reviewed-By: David Kupka <dkupka@redhat.com>
author: Martin Basti <mbasti@redhat.com> 2014-11-07 13:28:01 +0100
committer: Petr Vobornik <pvoborni@redhat.com> 2014-11-13 13:26:34 +0100
commit: f62c7843ffeda1e841719cb35f9f773f186780a6 (patch)
tree: 583fb9e91821b72ae8032d6cb261e4f11b9943ed /ipaserver
parent: c32ecbff8cfe219499c15afe34e617ec7a9297cf (diff)
download: freeipa-f62c7843ffeda1e841719cb35f9f773f186780a6.tar.gz
freeipa-f62c7843ffeda1e841719cb35f9f773f186780a6.tar.xz
freeipa-f62c7843ffeda1e841719cb35f9f773f186780a6.zip
2 files changed, 91 insertions, 0 deletions
diff --git a/ipaserver/install/plugins/Makefile.am b/ipaserver/install/plugins/Makefile.am
index 635877d8c..d651297ac 100644
--- a/ipaserver/install/plugins/Makefile.am
+++ b/ipaserver/install/plugins/Makefile.am
@@ -11,6 +11,7 @@ app_PYTHON = 			\
 	update_services.py	\
 	update_anonymous_aci.py	\
 	update_pacs.py		\
+	update_referint.py	\
 	ca_renewal_master.py	\
 	update_uniqueness.py	\
 	$(NULL)
diff --git a/ipaserver/install/plugins/update_referint.py b/ipaserver/install/plugins/update_referint.py
new file mode 100644
index 000000000..1b7411035
--- /dev/null
+++ b/ipaserver/install/plugins/update_referint.py
@@ -0,0 +1,90 @@
+#
+# Copyright (C) 2014  FreeIPA Contributors see COPYING for license
+#
+
+from ipaserver.install.plugins import MIDDLE
+from ipaserver.install.plugins.baseupdate import PreUpdate
+from ipalib import api, errors
+from ipapython.dn import DN
+from ipapython.ipa_log_manager import root_logger
+
+class update_referint(PreUpdate):
+    """
+    Update referential integrity configuration to new style
+    http://directory.fedoraproject.org/docs/389ds/design/ri-plugin-configuration.html
+
+    old attr              -> new attr
+    nsslapd-pluginArg0    -> referint-update-delay
+    nsslapd-pluginArg1    -> referint-logfile
+    nsslapd-pluginArg2    -> referint-logchanges
+    nsslapd-pluginArg3..N -> referint-membership-attr [3..N]
+
+    Old and new style cannot be mixed, all nslapd-pluginArg* attrs have to be removed
+    """
+
+    order = MIDDLE
+
+    referint_dn = DN(('cn', 'referential integrity postoperation'),
+                           ('cn', 'plugins'), ('cn', 'config'))
+
+    def execute(self, **options):
+
+        root_logger.debug("Upgrading referential integrity plugin configuration")
+        ldap = self.obj.backend
+        try:
+            entry = ldap.get_entry(self.referint_dn)
+        except errors.NotFound:
+            root_logger.error("Referential integrity configuration not found")
+            return False, False, []
+
+        referint_membership_attrs = []
+
+        root_logger.debug("Initial value: %s", repr(entry))
+
+        # nsslapd-pluginArg0    -> referint-update-delay
+        update_delay = entry.get('nsslapd-pluginArg0')
+        if update_delay:
+            root_logger.debug("add: referint-update-delay: %s", update_delay)
+            entry['referint-update-delay'] = update_delay
+            entry['nsslapd-pluginArg0'] = None
+        else:
+            root_logger.info("Plugin already uses new style, skipping")
+            return False, False, []
+
+        # nsslapd-pluginArg1    -> referint-logfile
+        logfile = entry.get('nsslapd-pluginArg1')
+        if logfile:
+            root_logger.debug("add: referint-logfile: %s", logfile)
+            entry['referint-logfile'] = logfile
+            entry['nsslapd-pluginArg1'] = None
+
+        # nsslapd-pluginArg2    -> referint-logchanges
+        logchanges = entry.get('nsslapd-pluginArg2')
+        if logchanges:
+            root_logger.debug("add: referint-logchanges: %s", logchanges)
+            entry['referint-logchanges'] = logchanges
+            entry['nsslapd-pluginArg2'] = None
+
+        # nsslapd-pluginArg3..N -> referint-membership-attr [3..N]
+        for key in entry.keys():
+            if key.lower().startswith('nsslapd-pluginarg'):
+                arg_val = entry.single_value[key]
+                if arg_val:
+                    referint_membership_attrs.append(arg_val)
+                entry[key] = None
+
+        if referint_membership_attrs:
+            # entry['referint-membership-attr'] is None, plugin doesn't allow
+            # mixing old and new style
+            entry['referint-membership-attr'] = referint_membership_attrs
+
+        root_logger.debug("Final value: %s", repr(entry))
+        try:
+            ldap.update_entry(entry)
+        except errors.EmptyModlist:
+            root_logger.debug("No modifications required")
+            return False, False, []
+
+        return False, True, []
+
+api.register(update_referint)
author	Martin Basti <mbasti@redhat.com>	2014-11-07 13:28:01 +0100
committer	Petr Vobornik <pvoborni@redhat.com>	2014-11-13 13:26:34 +0100
commit	f62c7843ffeda1e841719cb35f9f773f186780a6 (patch)
tree	583fb9e91821b72ae8032d6cb261e4f11b9943ed /ipaserver
parent	c32ecbff8cfe219499c15afe34e617ec7a9297cf (diff)
download	freeipa-f62c7843ffeda1e841719cb35f9f773f186780a6.tar.gz freeipa-f62c7843ffeda1e841719cb35f9f773f186780a6.tar.xz freeipa-f62c7843ffeda1e841719cb35f9f773f186780a6.zip