Avoid profile race conditions by tracking entryUSN

Avoid race conditions in the LDAPProfileSubsystem by tracking the most recently known entryUSN of profiles' LDAP entries. As part of this change, add the commitProfile method to the IProfileSubsystem interface, remove commit behaviour from the enableProfile and disableProfile methods and update ProfileService and ProfileApproveServlet to commit the profile (using the commitProfile method) where needed. Part of: https://fedorahosted.org/pki/ticket/1700
author: Fraser Tweedale <ftweedal@redhat.com> 2015-11-30 14:04:08 +1100
committer: Fraser Tweedale <ftweedal@redhat.com> 2016-01-19 10:48:57 +1100
commit: 81af68d3e3b1a89f799693e7f7ecda59f57abfe4 (patch)
tree: 87b5e8c56e74d77f6403de27e7a431070372254f /base/ca/src
parent: 2bd89f148b4b347fc80285ec521d2af0299da746 (diff)
download: pki-81af68d3e3b1a89f799693e7f7ecda59f57abfe4.tar.gz
pki-81af68d3e3b1a89f799693e7f7ecda59f57abfe4.tar.xz
pki-81af68d3e3b1a89f799693e7f7ecda59f57abfe4.zip
1 files changed, 8 insertions, 4 deletions
diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/ProfileService.java b/base/ca/src/org/dogtagpki/server/ca/rest/ProfileService.java
index 488dd5ab9..807c3f98b 100644
--- a/base/ca/src/org/dogtagpki/server/ca/rest/ProfileService.java
+++ b/base/ca/src/org/dogtagpki/server/ca/rest/ProfileService.java
@@ -419,6 +419,7 @@ public class ProfileService extends PKIService implements ProfileResource {
             }
             try {
                 ps.enableProfile(profileId, principal.getName());
+                ps.commitProfile(profileId);
                 auditProfileChangeState(profileId, "approve", ILogger.SUCCESS);
             } catch (EProfileException e) {
                 CMS.debug("modifyProfileState: error enabling profile. " + e);
@@ -436,6 +437,7 @@ public class ProfileService extends PKIService implements ProfileResource {
                 if (ps.checkOwner()) {
                     if (ps.getProfileEnableBy(profileId).equals(userid)) {
                         ps.disableProfile(profileId);
+                        ps.commitProfile(profileId);
                         auditProfileChangeState(profileId, "disapprove", ILogger.SUCCESS);
                     } else {
                         auditProfileChangeState(profileId, "disapprove", ILogger.FAILURE);
@@ -444,6 +446,7 @@ public class ProfileService extends PKIService implements ProfileResource {
                     }
                 } else {
                     ps.disableProfile(profileId);
+                    ps.commitProfile(profileId);
                     auditProfileChangeState(profileId, "disapprove", ILogger.SUCCESS);
                 }
             } catch (EProfileException e) {
@@ -493,7 +496,7 @@ public class ProfileService extends PKIService implements ProfileResource {
             profile.setName(getLocale(headers), data.getName());
             profile.setDescription(getLocale(headers), data.getDescription());
             profile.setVisible(data.isVisible());
-            profile.getConfigStore().commit(false);
+            ps.commitProfile(profileId);
 
             if (profile instanceof IProfileEx) {
                 // populates profile specific plugins such as
@@ -606,7 +609,8 @@ public class ProfileService extends PKIService implements ProfileResource {
             // no error thrown, proceed with profile creation
             profile = ps.createProfile(profileId, classId, className);
             profile.getConfigStore().load(new ByteArrayInputStream(data));
-            ps.disableProfile(profileId);  // also commits
+            ps.disableProfile(profileId);
+            ps.commitProfile(profileId);
 
             auditProfileChange(
                     ScopeDef.SC_PROFILE_RULES,
@@ -740,7 +744,7 @@ public class ProfileService extends PKIService implements ProfileResource {
             // no error thrown, so commit updated profile config
             profile.getConfigStore().load(new ByteArrayInputStream(data));
             ps.disableProfile(profileId);
-            profile.getConfigStore().commit(false);
+            ps.commitProfile(profileId);
 
             return createOKResponse(data);
         } catch (EBaseException | IOException e) {
@@ -817,7 +821,7 @@ public class ProfileService extends PKIService implements ProfileResource {
             populateProfileInputs(data, profile);
             populateProfileOutputs(data, profile);
             populateProfilePolicies(data, profile);
-            profile.getConfigStore().commit(false);
+            ps.commitProfile(profileId);
         } catch (EBaseException e) {
             CMS.debug("changeProfileData: Error changing profile inputs/outputs/policies: " + e);
             e.printStackTrace();
author	Fraser Tweedale <ftweedal@redhat.com>	2015-11-30 14:04:08 +1100
committer	Fraser Tweedale <ftweedal@redhat.com>	2016-01-19 10:48:57 +1100
commit	81af68d3e3b1a89f799693e7f7ecda59f57abfe4 (patch)
tree	87b5e8c56e74d77f6403de27e7a431070372254f /base/ca/src
parent	2bd89f148b4b347fc80285ec521d2af0299da746 (diff)
download	pki-81af68d3e3b1a89f799693e7f7ecda59f57abfe4.tar.gz pki-81af68d3e3b1a89f799693e7f7ecda59f57abfe4.tar.xz pki-81af68d3e3b1a89f799693e7f7ecda59f57abfe4.zip