diff options
| author | Martin Kosek <mkosek@redhat.com> | 2012-01-06 13:58:01 +0100 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2012-01-13 21:55:32 +0100 |
| commit | fcbff4b102c47d5c8543f031baf96f9f4deb2c4e (patch) | |
| tree | 0ddbe4785f3bf5dca8ae1ea8989e53ee931530dd /ipalib | |
| parent | 415e289d0b38465bdd5d072a9a33a6fa2b649130 (diff) | |
| download | freeipa.git-fcbff4b102c47d5c8543f031baf96f9f4deb2c4e.tar.gz freeipa.git-fcbff4b102c47d5c8543f031baf96f9f4deb2c4e.tar.xz freeipa.git-fcbff4b102c47d5c8543f031baf96f9f4deb2c4e.zip | |
Restore ACI when aci_mod fails
aci_mod command is composed of 2 ACI commands: aci_del which
deletes the old ACI and aci_add which adds the new modified ACI.
However, if aci_add command fails then both new and the old ACI
are lost. Old ACI must be restored in this case.
https://fedorahosted.org/freeipa/ticket/2013
https://fedorahosted.org/freeipa/ticket/2014
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/plugins/aci.py | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/ipalib/plugins/aci.py b/ipalib/plugins/aci.py index 4b85bc93..8a10efcc 100644 --- a/ipalib/plugins/aci.py +++ b/ipalib/plugins/aci.py @@ -117,6 +117,7 @@ must include all existing attributes as well. When doing an aci-mod the targetattr REPLACES the current attributes, it does not add to them. """ +from copy import deepcopy from ipalib import api, crud, errors from ipalib import Object, Command @@ -614,14 +615,18 @@ class aci_mod(crud.Update): # The strategy here is to convert the ACI we're updating back into # a series of keywords. Then we replace any keywords that have been # updated and convert that back into an ACI and write it out. - newkw = _aci_to_kw(ldap, aci) + oldkw = _aci_to_kw(ldap, aci) + newkw = deepcopy(oldkw) if 'selfaci' in newkw and newkw['selfaci'] == True: # selfaci is set in aci_to_kw to True only if the target is self kw['selfaci'] = True for k in kw.keys(): newkw[k] = kw[k] - if 'aciname' in newkw: - del newkw['aciname'] + for acikw in (oldkw, newkw): + try: + del acikw['aciname'] + except KeyError: + pass # _make_aci is what is run in aci_add and validates the input. # Do this before we delete the existing ACI. @@ -631,7 +636,16 @@ class aci_mod(crud.Update): self.api.Command['aci_del'](aciname, **kw) - result = self.api.Command['aci_add'](aciname, **newkw)['result'] + try: + result = self.api.Command['aci_add'](aciname, **newkw)['result'] + except Exception, e: + # ACI could not be added, try to restore the old deleted ACI and + # report the ADD error back to user + try: + self.api.Command['aci_add'](aciname, **oldkw) + except: + pass + raise e if kw.get('raw', False): result = dict(aci=unicode(newaci)) |