18 files changed, 59 insertions, 29 deletions

diff --git a/ipsilon/helpers/common.py b/ipsilon/helpers/common.py
index d3f7125..bdaa82f 100644
--- a/ipsilon/helpers/common.py
+++ b/ipsilon/helpers/common.py
@@ -12,7 +12,7 @@ class EnvHelpersInstaller(object):
         self.ptype = 'helper'
         self.name = None
 
-    def unconfigure(self, opts):
+    def unconfigure(self, opts, changes):
         return
 
     def install_args(self, group):
@@ -21,7 +21,7 @@ class EnvHelpersInstaller(object):
     def validate_args(self, args):
         return
 
-    def configure_server(self, opts):
+    def configure_server(self, opts, changes):
         raise NotImplementedError
 
 
diff --git a/ipsilon/helpers/ipa.py b/ipsilon/helpers/ipa.py
index a785edb..9c786f9 100644
--- a/ipsilon/helpers/ipa.py
+++ b/ipsilon/helpers/ipa.py
@@ -163,7 +163,7 @@ class Installer(EnvHelpersInstaller):
         pw = pwd.getpwnam(HTTPD_USER)
         os.chown(opts['gssapi_httpd_keytab'], pw.pw_uid, pw.pw_gid)
 
-    def configure_server(self, opts):
+    def configure_server(self, opts, changes):
         if opts['ipa'] != 'yes' and opts['ipa'] != 'auto':
             return
         if opts['ipa'] != 'yes' and opts['gssapi'] == 'no':
diff --git a/ipsilon/info/common.py b/ipsilon/info/common.py
index 06b71aa..4cd6663 100644
--- a/ipsilon/info/common.py
+++ b/ipsilon/info/common.py
@@ -102,10 +102,10 @@ class InfoProviderInstaller(object):
     def validate_args(self, args):
         return
 
-    def unconfigure(self, opts):
+    def unconfigure(self, opts, changes):
         return
 
-    def configure(self, opts):
+    def configure(self, opts, changes):
         raise NotImplementedError
 
 
diff --git a/ipsilon/info/infoldap.py b/ipsilon/info/infoldap.py
index 9494666..66e8d50 100644
--- a/ipsilon/info/infoldap.py
+++ b/ipsilon/info/infoldap.py
@@ -182,7 +182,7 @@ class Installer(InfoProviderInstaller):
         group.add_argument('--info-ldap-base-dn', action='store',
                            help='LDAP Base DN')
 
-    def configure(self, opts):
+    def configure(self, opts, changes):
         if opts['info_ldap'] != 'yes':
             return
 
diff --git a/ipsilon/info/infonss.py b/ipsilon/info/infonss.py
index 1966c27..0cd6fa0 100644
--- a/ipsilon/info/infonss.py
+++ b/ipsilon/info/infonss.py
@@ -79,7 +79,7 @@ class Installer(InfoProviderInstaller):
         group.add_argument('--info-nss', choices=['yes', 'no'], default='no',
                            help='Use passwd data to populate user attrs')
 
-    def configure(self, opts):
+    def configure(self, opts, changes):
         if opts['info_nss'] != 'yes':
             return
 
diff --git a/ipsilon/info/infosssd.py b/ipsilon/info/infosssd.py
index 75fcf24..54d0ba2 100644
--- a/ipsilon/info/infosssd.py
+++ b/ipsilon/info/infosssd.py
@@ -131,7 +131,7 @@ class Installer(InfoProviderInstaller):
                            help='SSSD domain to enable mod_lookup_identity'
                                 ' for')
 
-    def configure(self, opts):
+    def configure(self, opts, changes):
         if opts['info_sssd'] != 'yes':
             return
 
diff --git a/ipsilon/install/ipsilon-server-install b/ipsilon/install/ipsilon-server-install
index 471fe9a..0677f0e 100755
--- a/ipsilon/install/ipsilon-server-install
+++ b/ipsilon/install/ipsilon-server-install
@@ -10,6 +10,7 @@ from ipsilon.tools import files
 import ConfigParser
 import argparse
 import cherrypy
+import json
 import logging
 import os
 import pwd
@@ -154,6 +155,12 @@ def install(plugins, args):
     # components
     cherrypy.config.update(ipsilon_conf)
 
+    # Prepare to allow plugins to save things changed during install
+    changes = {'env_helper': {},
+               'login_manager': {},
+               'info_provider': {},
+               'auth_provider': {}}
+
     # Move pre-existing admin db away
     admin_db = cherrypy.config['admin.config.db']
     if os.path.exists(admin_db):
@@ -169,8 +176,10 @@ def install(plugins, args):
     logger.info('Configuring environment helpers')
     for plugin_name in plugins['Environment Helpers']:
         plugin = plugins['Environment Helpers'][plugin_name]
-        if plugin.configure_server(args) == False:
+        plugin_changes = {}
+        if plugin.configure_server(args, plugin_changes) == False:
             logger.info('Configuration of environment helper %s failed' % plugin_name)
+        changes['env_helper'][plugin_name] = plugin_changes
 
     logger.info('Configuring login managers')
     for plugin_name in args['lm_order']:
@@ -178,20 +187,32 @@ def install(plugins, args):
             plugin = plugins['Login Managers'][plugin_name]
         except KeyError:
             sys.exit('Login provider %s not installed' % plugin_name)
-        if plugin.configure(args) == False:
+        plugin_changes = {}
+        if plugin.configure(args, plugin_changes) == False:
             logger.info('Configuration of login manager %s failed' % plugin_name)
+        changes['login_manager'][plugin_name] = plugin_changes
 
     logger.info('Configuring Info provider')
     for plugin_name in plugins['Info Provider']:
         plugin = plugins['Info Provider'][plugin_name]
-        if plugin.configure(args) == False:
+        plugin_changes = {}
+        if plugin.configure(args, plugin_changes) == False:
             logger.info('Configuration of info provider %s failed' % plugin_name)
+        changes['info_provider'][plugin_name] = plugin_changes
 
     logger.info('Configuring Authentication Providers')
     for plugin_name in plugins['Auth Providers']:
         plugin = plugins['Auth Providers'][plugin_name]
-        if plugin.configure(args) == False:
+        plugin_changes = {}
+        if plugin.configure(args, plugin_changes) == False:
             logger.info('Configuration of auth provider %s failed' % plugin_name)
+        changes['auth_provider'][plugin_name] = plugin_changes
+
+    # Save any changes that were made
+    install_changes = os.path.join(instance_conf, 'install_changes')
+    changes = json.dumps(changes)
+    with open(install_changes, 'w+') as f:
+        f.write(changes)
 
     # Fixup permissions so only the ipsilon user can read these files
     files.fix_user_dirs(instance_conf, opts['system_user'])
@@ -223,28 +244,37 @@ def uninstall(plugins, args):
         if sure != 'yes':
             raise Exception('Aborting')
 
+    # Get the details of what we changed during installation
+    install_changes = os.path.join(instance_conf, 'install_changes')
+    with open(install_changes, 'r') as f:
+        changes = json.loads(f.read())
+
     logger.info('Removing environment helpers')
     for plugin_name in plugins['Environment Helpers']:
         plugin = plugins['Environment Helpers'][plugin_name]
-        if plugin.unconfigure(args) == False:
+        plugin_changes = changes['env_helper'][plugin_name]
+        if plugin.unconfigure(args, plugin_changes) == False:
             logger.info('Removal of environment helper %s failed' % plugin_name)
 
     logger.info('Removing login managers')
     for plugin_name in plugins['Login Managers']:
         plugin = plugins['Login Managers'][plugin_name]
-        if plugin.unconfigure(args) == False:
+        plugin_changes = changes['login_manager'][plugin_name]
+        if plugin.unconfigure(args, plugin_changes) == False:
             logger.info('Removal of login manager %s failed' % plugin_name)
 
     logger.info('Removing Info providers')
     for plugin_name in plugins['Info Provider']:
         plugin = plugins['Info Provider'][plugin_name]
-        if plugin.unconfigure(args) == False:
+        plugin_changes = changes['info_provider'][plugin_name]
+        if plugin.unconfigure(args, plugin_changes) == False:
             logger.info('Removal of info provider %s failed' % plugin_name)
 
     logger.info('Removing Authentication Providers')
     for plugin_name in plugins['Auth Providers']:
         plugin = plugins['Auth Providers'][plugin_name]
-        if plugin.unconfigure(args) == False:
+        plugin_changes = changes['auth_provider'][plugin_name]
+        if plugin.unconfigure(args, plugin_changes) == False:
             logger.info('Removal of auth provider %s failed' % plugin_name)
 
     logger.info('Removing httpd configuration')
diff --git a/ipsilon/login/authfas.py b/ipsilon/login/authfas.py
index 8af7f28..d0b834a 100644
--- a/ipsilon/login/authfas.py
+++ b/ipsilon/login/authfas.py
@@ -185,7 +185,7 @@ class Installer(LoginManagerInstaller):
         group.add_argument('--fas', choices=['yes', 'no'], default='no',
                            help='Configure FAS authentication')
 
-    def configure(self, opts):
+    def configure(self, opts, changes):
         if opts['fas'] != 'yes':
             return
 
diff --git a/ipsilon/login/authform.py b/ipsilon/login/authform.py
index c6b958f..eed35fc 100644
--- a/ipsilon/login/authform.py
+++ b/ipsilon/login/authform.py
@@ -99,7 +99,7 @@ class Installer(LoginManagerInstaller):
         group.add_argument('--form-service', action='store', default='remote',
                            help='PAM service name to use for authentication')
 
-    def configure(self, opts):
+    def configure(self, opts, changes):
         if opts['form'] != 'yes':
             return
 
diff --git a/ipsilon/login/authgssapi.py b/ipsilon/login/authgssapi.py
index ce8213d..a05644d 100644
--- a/ipsilon/login/authgssapi.py
+++ b/ipsilon/login/authgssapi.py
@@ -114,7 +114,7 @@ class Installer(LoginManagerInstaller):
                            default='/etc/httpd/conf/http.keytab',
                            help='Kerberos keytab location for HTTPD')
 
-    def configure(self, opts):
+    def configure(self, opts, changes):
         if opts['gssapi'] != 'yes':
             return
 
diff --git a/ipsilon/login/authldap.py b/ipsilon/login/authldap.py
index 161ef75..ce096f4 100644
--- a/ipsilon/login/authldap.py
+++ b/ipsilon/login/authldap.py
@@ -194,7 +194,7 @@ class Installer(LoginManagerInstaller):
         group.add_argument('--ldap-base-dn', action='store',
                            help='LDAP Base DN')
 
-    def configure(self, opts):
+    def configure(self, opts, changes):
         if opts['ldap'] != 'yes':
             return
 
diff --git a/ipsilon/login/authpam.py b/ipsilon/login/authpam.py
index c2a6afb..1a34f8f 100644
--- a/ipsilon/login/authpam.py
+++ b/ipsilon/login/authpam.py
@@ -114,7 +114,7 @@ class Installer(LoginManagerInstaller):
         group.add_argument('--pam-service', action='store', default='remote',
                            help='PAM service name to use for authentication')
 
-    def configure(self, opts):
+    def configure(self, opts, changes):
         if opts['pam'] != 'yes':
             return
 
diff --git a/ipsilon/login/authtest.py b/ipsilon/login/authtest.py
index 0b05e0a..aa2a73a 100644
--- a/ipsilon/login/authtest.py
+++ b/ipsilon/login/authtest.py
@@ -101,7 +101,7 @@ class Installer(LoginManagerInstaller):
         group.add_argument('--testauth', choices=['yes', 'no'], default='no',
                            help='Configure PAM authentication')
 
-    def configure(self, opts):
+    def configure(self, opts, changes):
         if opts['testauth'] != 'yes':
             return
 
diff --git a/ipsilon/login/common.py b/ipsilon/login/common.py
index 7cf0c2a..db71fb0 100644
--- a/ipsilon/login/common.py
+++ b/ipsilon/login/common.py
@@ -322,7 +322,7 @@ class LoginManagerInstaller(object):
         self.ptype = 'login'
         self.name = None
 
-    def unconfigure(self, opts):
+    def unconfigure(self, opts, changes):
         return
 
     def install_args(self, group):
@@ -331,7 +331,7 @@ class LoginManagerInstaller(object):
     def validate_args(self, args):
         return
 
-    def configure(self, opts):
+    def configure(self, opts, changes):
         raise NotImplementedError
 
 
diff --git a/ipsilon/providers/common.py b/ipsilon/providers/common.py
index b842b39..c4d6658 100644
--- a/ipsilon/providers/common.py
+++ b/ipsilon/providers/common.py
@@ -105,7 +105,7 @@ class ProviderInstaller(object):
         self.ptype = 'provider'
         self.name = None
 
-    def unconfigure(self, opts):
+    def unconfigure(self, opts, changes):
         return
 
     def install_args(self, group):
@@ -114,7 +114,7 @@ class ProviderInstaller(object):
     def validate_args(self, args):
         return
 
-    def configure(self, opts):
+    def configure(self, opts, changes):
         raise NotImplementedError
 
 
diff --git a/ipsilon/providers/openidp.py b/ipsilon/providers/openidp.py
index 052ab43..8f74578 100644
--- a/ipsilon/providers/openidp.py
+++ b/ipsilon/providers/openidp.py
@@ -146,7 +146,7 @@ class Installer(ProviderInstaller):
         group.add_argument('--openid-extensions', default='',
                            help='List of OpenID Extensions to enable')
 
-    def configure(self, opts):
+    def configure(self, opts, changes):
         if opts['openid'] != 'yes':
             return
 
diff --git a/ipsilon/providers/personaidp.py b/ipsilon/providers/personaidp.py
index d2794e0..f0146db 100644
--- a/ipsilon/providers/personaidp.py
+++ b/ipsilon/providers/personaidp.py
@@ -85,7 +85,7 @@ class Installer(ProviderInstaller):
         group.add_argument('--persona', choices=['yes', 'no'], default='yes',
                            help='Configure Persona Provider')
 
-    def configure(self, opts):
+    def configure(self, opts, changes):
         if opts['persona'] != 'yes':
             return
 
diff --git a/ipsilon/providers/saml2idp.py b/ipsilon/providers/saml2idp.py
index 6dfb03a..11ba832 100644
--- a/ipsilon/providers/saml2idp.py
+++ b/ipsilon/providers/saml2idp.py
@@ -452,7 +452,7 @@ class Installer(ProviderInstaller):
                                  '(default - %d)' %
                                  METADATA_DEFAULT_VALIDITY_PERIOD))
 
-    def configure(self, opts):
+    def configure(self, opts, changes):
         if opts['saml2'] != 'yes':
             return