[Pki-devel] [PATCH] 0042 Upgrade: add scriptlet to add profile schema

[Fraser Tweedale]

Attached patch adds upgrade scriptlet to add the certprofile schema.
This must be in the next build.

Side note: future cleanup should probably now remove the profiles
attributeTypes and objectClass from the main schema.ldif, and the
install script updated to import all the various schema files.  This
should make schema updates easier to do, and hard to forget! in the
future.

Thanks,
Fraser
-------------- next part --------------
From 505d5224f1c9828467fec0fbb154bc97e8b63f9f Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal at redhat.com>
Date: Thu, 18 Jun 2015 05:25:05 -0400
Subject: [PATCH] Upgrade: add scriptlet to add profile schema

---
 base/server/share/conf/schema-certProfile.ldif |  9 ++++++
 base/server/upgrade/10.2.5/02-AddProfileSchema | 45 ++++++++++++++++++++++++++
 2 files changed, 54 insertions(+)
 create mode 100644 base/server/share/conf/schema-certProfile.ldif
 create mode 100644 base/server/upgrade/10.2.5/02-AddProfileSchema

diff --git a/base/server/share/conf/schema-certProfile.ldif b/base/server/share/conf/schema-certProfile.ldif
new file mode 100644
index 0000000000000000000000000000000000000000..44c79624abf34dcc41328b65e3cd57adebec5b04
--- /dev/null
+++ b/base/server/share/conf/schema-certProfile.ldif
@@ -0,0 +1,9 @@
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( classId-oid NAME 'classId' DESC 'Certificate profile class ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( certProfileConfig-oid NAME 'certProfileConfig' DESC 'Certificate profile configuration' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'user defined' )
+-
+add: objectClasses
+objectClasses: ( certProfile-oid NAME 'certProfile' DESC 'Certificate profile' SUP top STRUCTURAL MUST cn MAY ( classId $ certProfileConfig ) X-ORIGIN 'user defined' )
+-
diff --git a/base/server/upgrade/10.2.5/02-AddProfileSchema b/base/server/upgrade/10.2.5/02-AddProfileSchema
new file mode 100644
index 0000000000000000000000000000000000000000..9fc8d12482b703d6587cec884b9d574d7d31a7ad
--- /dev/null
+++ b/base/server/upgrade/10.2.5/02-AddProfileSchema
@@ -0,0 +1,45 @@
+#!/usr/bin/python
+# Authors:
+#     Fraser Tweedale <ftweedal at redhat.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2015 Red Hat, Inc.
+# All rights reserved.
+#
+
+import os
+import re
+import subprocess
+
+import pki.server.upgrade
+
+
+class AddProfileSchema(pki.server.upgrade.PKIServerUpgradeScriptlet):
+    def __init__(self):
+        super(AddProfileSchema, self).__init__()
+        self.message = 'Add LDAP schema for certificate profiles'
+
+    def upgrade_instance(self, instance):
+        password_conf = None
+        with open(os.path.join(instance.conf_dir, 'password.conf')) as f:
+            password_conf = f.read()
+        match = re.search(r'^internaldb=(.*)', password_conf, re.MULTILINE)
+        password = match.group(1)
+        subprocess.check_call([
+            'ldapmodify',
+            '-D', 'cn=Directory Manager',
+            '-w', password,
+            '-f', '/usr/share/pki/server/conf/schema-certProfile.ldif'
+        ])
-- 
2.1.0