[Freeipa-devel] [PATCH 0208] Respect --test option in upgrade plugins
Martin Basti
mbasti at redhat.com
Fri Mar 13 12:28:36 UTC 2015
On 13/03/15 10:18, Martin Kosek wrote:
> On 03/12/2015 05:10 PM, Rob Crittenden wrote:
>> Petr Spacek wrote:
>>> On 12.3.2015 16:23, Rob Crittenden wrote:
>>>> David Kupka wrote:
>>>>> On 03/06/2015 06:00 PM, Martin Basti wrote:
>>>>>> Upgrade plugins which modify LDAP data directly should not be
>>>>>> executed
>>>>>> in --test mode.
>>>>>>
>>>>>> This patch is a workaround, to ensure update with --test option
>>>>>> will not
>>>>>> modify any LDAP data.
>>>>>>
>>>>>> https://fedorahosted.org/freeipa/ticket/3448
>>>>>>
>>>>>> Patch attached.
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> Ideally we want to fix all plugins to dry-run the upgrade not just
>>>>> skip
>>>>> when there is '--test' option but it is a good first step.
>>>>> Works for me, ACK.
>>>>>
>>>>
>>>> I agree that this breaks the spirit of --test and think it should be
>>>> fixed before committing.
>>>
>>> Considering how often is the option is used ... I do not think that
>>> this
>>> requires 'proper' fix now. It was broken for *years* so this patch
>>> is a huge
>>> improvement and IMHO should be commited in current form. We can
>>> re-visit it
>>> later on, open a ticket :-)
>>>
>>
>> No. There is no rush for this, at least not for the promise of a future
>> fix that will never come.
>
> I checked the code and to me, the proper fix looks like instrumenting
> ldap.update_entry calls in upgrade plugins with
>
> if options.test:
> log message
> else
> do the update
>
> right? I see just couple places that would need to be updated:
>
> $ git grep -E "(ldap|conn).update_entry" ipaserver/install/plugins
> ipaserver/install/plugins/dns.py: ldap.update_entry(container_entry)
> ipaserver/install/plugins/fix_replica_agreements.py:
> repl.conn.update_entry(replica)
> ipaserver/install/plugins/fix_replica_agreements.py:
> repl.conn.update_entry(replica)
> ipaserver/install/plugins/update_idranges.py: ldap.update_entry(entry)
> ipaserver/install/plugins/update_idranges.py: ldap.update_entry(entry)
> ipaserver/install/plugins/update_managed_permissions.py:
> ldap.update_entry(base_entry)
> ipaserver/install/plugins/update_managed_permissions.py:
> ldap.update_entry(entry)
> ipaserver/install/plugins/update_pacs.py: ldap.update_entry(entry)
> ipaserver/install/plugins/update_referint.py: ldap.update_entry(entry)
> ipaserver/install/plugins/update_services.py: ldap.update_entry(entry)
> ipaserver/install/plugins/update_uniqueness.py:
> ldap.update_entry(uid_uniqueness_plugin)
>
>
> So from my POV, very quick fix. In that case, I would also prefer a
> fix now than a ticket that would never be done.
>
> Martin
And ldap.add_entry, del_entry, ipa add/mod/del commands
--
Martin Basti
More information about the Freeipa-devel
mailing list