Server Upgrade: Allow base64 encoded values

This patch allows to use base64 encoded values in update files.

Double colon ('::') must be used as separator between attribute name
and base64 encoded value.

add:attr::<base64-value>
replace:attr::<old-base64-value>::<new-base64-value>

https://fedorahosted.org/freeipa/ticket/4984

Reviewed-By: Jan Cholasta <jcholast@redhat.com>

ipaserver/install/plugins/adtrust.py

@@ -55,14 +55,15 @@ class update_default_range(Updater):
         id_range_name = '%s_id_range' % self.api.env.realm
         id_range_size = DEFAULT_ID_RANGE_SIZE
 
-        range_entry = ['objectclass:top',
-                       'objectclass:ipaIDrange',
-                       'objectclass:ipaDomainIDRange',
-                       'cn:%s' % id_range_name,
-                       'ipabaseid:%s' % id_range_base_id,
-                       'ipaidrangesize:%s' % id_range_size,
-                       'iparangetype:ipa-local',
-                      ]
+        range_entry = [
+            dict(attr='objectclass', value='top'),
+            dict(attr='objectclass', value='ipaIDrange'),
+            dict(attr='objectclass', value='ipaDomainIDRange'),
+            dict(attr='cn', value=id_range_name),
+            dict(attr='ipabaseid', value=id_range_base_id),
+            dict(attr='ipaidrangesize', value=id_range_size),
+            dict(attr='iparangetype', value='ipa-local'),
+        ]
 
         dn = DN(('cn', '%s_id_range' % self.api.env.realm),
                 self.api.env.container_ranges, self.api.env.basedn)
@@ -129,12 +130,12 @@ class update_default_trust_view(Updater):
                                    self.api.env.basedn)
 
         default_trust_view_entry = [
-            'objectclass:top',
-            'objectclass:ipaIDView',
-            'cn:Default Trust View',
-            'description:Default Trust View for AD users. '
-                        'Should not be deleted.',
-            ]
+            dict(attr='objectclass', value='top'),
+            dict(attr='objectclass', value='ipaIDView'),
+            dict(attr='cn', value='Default Trust View'),
+            dict(attr='description', value='Default Trust View for AD users. '
+                 'Should not be deleted.'),
+        ]
 
         # First, see if trusts are enabled on the server
         if not self.api.Command.adtrust_is_enabled()['result']:

ipaserver/install/plugins/ca_renewal_master.py

@@ -99,7 +99,10 @@ class update_ca_renewal_master(Updater):
         dn = DN(('cn', 'CA'), ('cn', self.api.env.host), base_dn)
         update = {
                 'dn': dn,
-                'updates': ['add:ipaConfigString: caRenewalMaster'],
+                'updates': [
+                    dict(action='add', attr='ipaConfigString',
+                         value='caRenewalMaster')
+                ],
         }
 
         return False, [update]

ipaserver/install/plugins/dns.py

@@ -129,7 +129,8 @@ class update_dns_limits(Updater):
         limit_updates = []
 
         for limit in self.limit_attributes:
-            limit_updates.append('only:%s:%s' % (limit, self.limit_value))
+            limit_updates.append(dict(action='only', attr=limit,
+                                      value=self.limit_value))
 
         dnsupdate = {'dn': dns_service_dn, 'updates': limit_updates}
         root_logger.debug("DNS: limits for service %s will be updated" % dns_service_dn)

ipaserver/install/plugins/rename_managed.py

@@ -34,9 +34,9 @@ def entry_to_update(entry):
     for attr in entry.keys():
         if isinstance(entry[attr], list):
             for i in xrange(len(entry[attr])):
-                update.append('%s:%s' % (str(attr), str(entry[attr][i])))
+                update.append(dict(attr=str(attr), value=str(entry[attr][i])))
         else:
-            update.append('%s:%s' % (str(attr), str(entry[attr])))
+            update.append(dict(attr=str(attr), value=str(entry[attr])))
 
     return update
 

ipaserver/install/plugins/update_passsync.py

@@ -65,7 +65,10 @@ class update_passync_privilege_update(Updater):
             root_logger.debug("PassSync user found, do update")
 
         update = {'dn': passsync_privilege_dn,
-                  'updates': ["add:member:'%s'" % passsync_dn]}
+                  'updates': [
+                      dict(action='add', attr='member', value=passsync_dn),
+                  ]
+        }
 
         sysupgrade.set_upgrade_state('winsync', 'passsync_privilege_updated', True)
         return False, [update]

ipaserver/install/plugins/update_uniqueness.py

@@ -54,11 +54,11 @@ class update_uniqueness_plugins_to_new_syntax(Updater):
     plugins_dn = DN(('cn', 'plugins'), ('cn', 'config'))
 
     def __remove_update(self, update, key, value):
-        statement = "remove:%s:%s" % (key, value)
+        statement = dict(action='remove', attr=key, value=value)
         update.setdefault('updates', []).append(statement)
 
     def __add_update(self, update, key, value):
-        statement = "add:%s:%s" % (key, value)
+        statement = dict(action='add', attr=key, value=value)
         update.setdefault('updates', []).append(statement)
 
     def __subtree_style(self, entry):