freeipa/ipaserver/install/plugins/update_pacs.py

# Authors:
#   Tomas Babej <tbabej@redhat.com>
#
# Copyright (C) 2013  Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import logging

from ipalib import Registry, errors
from ipalib import Updater
from ipapython.dn import DN

logger = logging.getLogger(__name__)

register = Registry()


@register()
class update_pacs(Updater):
    """
    Includes default nfs:None only if no nfs: PAC present in ipakrbauthzdata.
    """

    def execute(self, **options):
        ldap = self.api.Backend.ldap2

        try:
            dn = DN('cn=ipaConfig', 'cn=etc', self.api.env.basedn)
            entry = ldap.get_entry(dn, ['ipakrbauthzdata'])
            pacs = entry.get('ipakrbauthzdata', [])
        except errors.NotFound:
            logger.warning('Error retrieving: %s', str(dn))
            return False, []

        nfs_pac_set = any(pac.startswith('nfs:') for pac in pacs)

        if not nfs_pac_set:
            logger.debug('Adding nfs:NONE to default PAC types')

            updated_pacs = pacs + [u'nfs:NONE']
            entry['ipakrbauthzdata'] = updated_pacs
            ldap.update_entry(entry)
        else:
            logger.debug('PAC for nfs is already set, not adding nfs:NONE.')

        return False, []
Add nfs:NONE to default PAC types only when needed We need to add nfs:NONE as a default PAC type only if there's no other default PAC type for nfs. Adds a update plugin which determines whether default PAC type for nfs is set and adds nfs:NONE PAC type accordingly. https://fedorahosted.org/freeipa/ticket/3555 2013-04-11 09:59:41 -05:00			`# Authors:`
			`# Tomas Babej <tbabej@redhat.com>`
			`#`
			`# Copyright (C) 2013 Red Hat`
			`# see file 'COPYING' for use and warranty information`
			`#`
			`# This program is free software; you can redistribute it and/or modify`
			`# it under the terms of the GNU General Public License as published by`
			`# the Free Software Foundation, either version 3 of the License, or`
			`# (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program. If not, see <http://www.gnu.org/licenses/>.`

logging: remove object-specific loggers Remove all object-specific loggers, with the exception of `Plugin.log`, which is now deprecated. Replace affected logger calls with module-level logger calls. Deprecate object-specific loggers in `ipa_log_manager.get_logger`. Reviewed-By: Martin Basti <mbasti@redhat.com> 2017-05-23 11:35:57 -05:00			`import logging`

ipalib, ipaserver: migrate all plugins to Registry-based registration Do not use the deprecated API.register method. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com> 2016-03-03 08:12:19 -06:00			`from ipalib import Registry, errors`
Server Upgrade: specify order of plugins in update files * add 'plugin' directive * specify plugins order in update files * remove 'run plugins' options * use ldapupdater API instance in plugins * add update files representing former PreUpdate and PostUpdate order of plugins https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com> 2015-03-18 09:46:00 -05:00			`from ipalib import Updater`
Add nfs:NONE to default PAC types only when needed We need to add nfs:NONE as a default PAC type only if there's no other default PAC type for nfs. Adds a update plugin which determines whether default PAC type for nfs is set and adds nfs:NONE PAC type accordingly. https://fedorahosted.org/freeipa/ticket/3555 2013-04-11 09:59:41 -05:00			`from ipapython.dn import DN`

logging: remove object-specific loggers Remove all object-specific loggers, with the exception of `Plugin.log`, which is now deprecated. Replace affected logger calls with module-level logger calls. Deprecate object-specific loggers in `ipa_log_manager.get_logger`. Reviewed-By: Martin Basti <mbasti@redhat.com> 2017-05-23 11:35:57 -05:00			`logger = logging.getLogger(__name__)`

ipalib, ipaserver: migrate all plugins to Registry-based registration Do not use the deprecated API.register method. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com> 2016-03-03 08:12:19 -06:00			`register = Registry()`
Add nfs:NONE to default PAC types only when needed We need to add nfs:NONE as a default PAC type only if there's no other default PAC type for nfs. Adds a update plugin which determines whether default PAC type for nfs is set and adds nfs:NONE PAC type accordingly. https://fedorahosted.org/freeipa/ticket/3555 2013-04-11 09:59:41 -05:00
ipalib, ipaserver: migrate all plugins to Registry-based registration Do not use the deprecated API.register method. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com> 2016-03-03 08:12:19 -06:00
			`@register()`
Server Upgrade: specify order of plugins in update files * add 'plugin' directive * specify plugins order in update files * remove 'run plugins' options * use ldapupdater API instance in plugins * add update files representing former PreUpdate and PostUpdate order of plugins https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com> 2015-03-18 09:46:00 -05:00			`class update_pacs(Updater):`
Add nfs:NONE to default PAC types only when needed We need to add nfs:NONE as a default PAC type only if there's no other default PAC type for nfs. Adds a update plugin which determines whether default PAC type for nfs is set and adds nfs:NONE PAC type accordingly. https://fedorahosted.org/freeipa/ticket/3555 2013-04-11 09:59:41 -05:00			`"""`
			`Includes default nfs:None only if no nfs: PAC present in ipakrbauthzdata.`
			`"""`

			`def execute(self, **options):`
Server Upgrade: specify order of plugins in update files * add 'plugin' directive * specify plugins order in update files * remove 'run plugins' options * use ldapupdater API instance in plugins * add update files representing former PreUpdate and PostUpdate order of plugins https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com> 2015-03-18 09:46:00 -05:00			`ldap = self.api.Backend.ldap2`
Add nfs:NONE to default PAC types only when needed We need to add nfs:NONE as a default PAC type only if there's no other default PAC type for nfs. Adds a update plugin which determines whether default PAC type for nfs is set and adds nfs:NONE PAC type accordingly. https://fedorahosted.org/freeipa/ticket/3555 2013-04-11 09:59:41 -05:00
			`try:`
Server Upgrade: plugins should use ldapupdater API instance This is required to have proper LDAP connection in plugins https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com> 2015-03-19 09:32:21 -05:00			`dn = DN('cn=ipaConfig', 'cn=etc', self.api.env.basedn)`
Add nfs:NONE to default PAC types only when needed We need to add nfs:NONE as a default PAC type only if there's no other default PAC type for nfs. Adds a update plugin which determines whether default PAC type for nfs is set and adds nfs:NONE PAC type accordingly. https://fedorahosted.org/freeipa/ticket/3555 2013-04-11 09:59:41 -05:00			`entry = ldap.get_entry(dn, ['ipakrbauthzdata'])`
			`pacs = entry.get('ipakrbauthzdata', [])`
			`except errors.NotFound:`
logging: remove object-specific loggers Remove all object-specific loggers, with the exception of `Plugin.log`, which is now deprecated. Replace affected logger calls with module-level logger calls. Deprecate object-specific loggers in `ipa_log_manager.get_logger`. Reviewed-By: Martin Basti <mbasti@redhat.com> 2017-05-23 11:35:57 -05:00			`logger.warning('Error retrieving: %s', str(dn))`
Server Upgrade: Apply plugin updates immediately Preparation to moving plugins executin into update files. * remove apply_now flag * plugins will return only (restart, modifications) https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com> 2015-03-17 11:56:34 -05:00			`return False, []`
Add nfs:NONE to default PAC types only when needed We need to add nfs:NONE as a default PAC type only if there's no other default PAC type for nfs. Adds a update plugin which determines whether default PAC type for nfs is set and adds nfs:NONE PAC type accordingly. https://fedorahosted.org/freeipa/ticket/3555 2013-04-11 09:59:41 -05:00
			`nfs_pac_set = any(pac.startswith('nfs:') for pac in pacs)`

			`if not nfs_pac_set:`
logging: remove object-specific loggers Remove all object-specific loggers, with the exception of `Plugin.log`, which is now deprecated. Replace affected logger calls with module-level logger calls. Deprecate object-specific loggers in `ipa_log_manager.get_logger`. Reviewed-By: Martin Basti <mbasti@redhat.com> 2017-05-23 11:35:57 -05:00			`logger.debug('Adding nfs:NONE to default PAC types')`
Add nfs:NONE to default PAC types only when needed We need to add nfs:NONE as a default PAC type only if there's no other default PAC type for nfs. Adds a update plugin which determines whether default PAC type for nfs is set and adds nfs:NONE PAC type accordingly. https://fedorahosted.org/freeipa/ticket/3555 2013-04-11 09:59:41 -05:00
			`updated_pacs = pacs + [u'nfs:NONE']`
			`entry['ipakrbauthzdata'] = updated_pacs`
			`ldap.update_entry(entry)`
			`else:`
logging: remove object-specific loggers Remove all object-specific loggers, with the exception of `Plugin.log`, which is now deprecated. Replace affected logger calls with module-level logger calls. Deprecate object-specific loggers in `ipa_log_manager.get_logger`. Reviewed-By: Martin Basti <mbasti@redhat.com> 2017-05-23 11:35:57 -05:00			`logger.debug('PAC for nfs is already set, not adding nfs:NONE.')`
Add nfs:NONE to default PAC types only when needed We need to add nfs:NONE as a default PAC type only if there's no other default PAC type for nfs. Adds a update plugin which determines whether default PAC type for nfs is set and adds nfs:NONE PAC type accordingly. https://fedorahosted.org/freeipa/ticket/3555 2013-04-11 09:59:41 -05:00
Server Upgrade: Apply plugin updates immediately Preparation to moving plugins executin into update files. * remove apply_now flag * plugins will return only (restart, modifications) https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com> 2015-03-17 11:56:34 -05:00			`return False, []`