From c813b8fbd39c700e25f591080a1e2d0d1645a173 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Fri, 4 Oct 2013 13:28:16 +0200
Subject: Do not fail upgrade if the global anonymous read ACI is not found

This helps forward compatibility: the anon ACI is scheduled for removal.

https://fedorahosted.org/freeipa/ticket/3956
---
 ipaserver/install/plugins/update_anonymous_aci.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'ipaserver/install')

diff --git a/ipaserver/install/plugins/update_anonymous_aci.py b/ipaserver/install/plugins/update_anonymous_aci.py
index af4196a6..2e01217f 100644
--- a/ipaserver/install/plugins/update_anonymous_aci.py
+++ b/ipaserver/install/plugins/update_anonymous_aci.py
@@ -20,7 +20,7 @@
 from copy import deepcopy
 from ipaserver.install.plugins import FIRST, LAST
 from ipaserver.install.plugins.baseupdate import PostUpdate
-from ipalib import api
+from ipalib import api, errors
 from ipalib.aci import ACI
 from ipalib.plugins import aci
 from ipapython.ipa_log_manager import *
@@ -42,7 +42,11 @@ class update_anonymous_aci(PostUpdate):
 
         acistrs = entry_attrs.get('aci', [])
         acilist = aci._convert_strings_to_acis(entry_attrs.get('aci', []))
-        rawaci = aci._find_aci_by_name(acilist, aciprefix, aciname)
+        try:
+            rawaci = aci._find_aci_by_name(acilist, aciprefix, aciname)
+        except errors.NotFound:
+            root_logger.error('Anonymous ACI not found, cannot update it')
+            return False, False, []
 
         attrs = rawaci.target['targetattr']['expression']
         rawfilter = rawaci.target.get('targetfilter', None)
-- 
cgit