Rob Crittenden wrote:
Martin Kosek wrote:
On Tue, 2011-07-05 at 13:41 -0400, Rob Crittenden wrote:
Rob Crittenden wrote:
Rob Crittenden wrote:
389-ds postop plugins, such as the managed entry and memberof plugins,
add values after the data has been returned to the client. In the case
of the managed entry plugin this affects the parent entry as well
(adds
an objectclass value).

This wreaks havoc on our tests as the values don't match what we
expect.

The solution is to wait for the postop plugins to finish their work,
then return. I've added this as an option. The downside is it is going
to naturally slow things down, so it is off by default.

It is currently only used in the hostgroup plugin.

The option is wait_for_attr. Add this to ~/.ipa/default.conf and
set it
to True and all the current tests will pass (assuming you apply
patches
814-816 as well).

So now we won't have any excuses for missing test failures in the unit
tests...

rob

Bah, found a small problem. Self-NACK.

rob

Updated patch attached.

Note that I don't think there is a way for us to handle things like
memberof_indirect. We wouldn't know to wait.

rob

Works fine for the hostgroup entry. It's good it can be switched on/off.

But what about other managed entries, like user entry? Would it make
sense to add a wait here too? Or maybe something systematic to baseldap
so that we wouldn't have to implement this wait to every managed entry.

Martin


I can certainly add it to users to check for managed groups. Making it
generic would be difficult because some are conditional (such as users).

rob

Added support for managed users as well.

rob
>From e48613247d0fc2cf4fecc8365ebc1909fa891061 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Fri, 1 Jul 2011 15:32:31 -0400
Subject: [PATCH] Optionally wait for 389-ds postop plugins to complete

Add a new command that lets you wait for an attribute to appear in
a value. Using this you can do things like wait for a managed entry
to be created, adding a new objectclass to the parent entry.

This is controlled by a new booleon option, wait_for_attr, defaulting
to False.

https://fedorahosted.org/freeipa/ticket/1144
---
 ipalib/constants.py                    |    1 +
 ipalib/plugins/baseldap.py             |   32 ++++++++++++++++++++++++++++++++
 ipalib/plugins/hostgroup.py            |    6 ++++++
 ipalib/plugins/user.py                 |    4 ++++
 tests/test_xmlrpc/objectclasses.py     |    4 +++-
 tests/test_xmlrpc/test_group_plugin.py |    2 +-
 tests/test_xmlrpc/test_user_plugin.py  |    2 +-
 7 files changed, 48 insertions(+), 3 deletions(-)

diff --git a/ipalib/constants.py b/ipalib/constants.py
index 23e80257d0a9b513ceb2478411ede8bcf1acdbe9..026e0735441eabf8dbe63fffa85da69aa151c5d7 100644
--- a/ipalib/constants.py
+++ b/ipalib/constants.py
@@ -148,6 +148,7 @@ DEFAULT_CONFIG = (
     # Enable certain optional plugins:
     ('enable_ra', False),
     ('ra_plugin', 'selfsign'),
+    ('wait_for_attr', False),
 
     # Used when verifying that the API hasn't changed. Not for production.
     ('validate_api', False),
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index 8d58422bd630c20dd44e56255a02103c504b292c..8d1002d1fc1da025de9598718fd3e9c007f5b1fd 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -238,6 +238,38 @@ def wait_for_memberof(keys, entry_start, completed, show_command, adding=True):
 
     return entry_attrs
 
+def wait_for_value(ldap, dn, attr, value):
+    """
+    389-ds postoperation plugins are executed after the data has been
+    returned to a client. This means that plugins that add data in a
+    postop are not included in data returned to the user.
+
+    The downside of waiting is that this increases the time of the
+    command.
+    """
+    # Loop a few times to give the postop-plugin a chance to complete
+    # Don't sleep for more than 6 seconds.
+    x = 0
+    while x < 20:
+        # sleep first because the first search, even on a quiet system,
+        # almost always fails.
+        time.sleep(.3)
+        x = x + 1
+
+        # FIXME: put a try/except around here? I think it is probably better
+        # to just let the exception filter up to the caller.
+        (dn, entry_attrs) = ldap.get_entry( dn, ['*'])
+        if attr in entry_attrs:
+            if isinstance(entry_attrs[attr], (list, tuple)):
+                values = map(lambda y:y.lower(), entry_attrs[attr])
+                if value.lower() in values:
+                    break
+            else:
+                if value.lower() == entry_attrs[attr].lower():
+                    break
+
+    return entry_attrs[attr]
+
 class LDAPObject(Object):
     """
     Object representing a LDAP entry.
diff --git a/ipalib/plugins/hostgroup.py b/ipalib/plugins/hostgroup.py
index 11ed66376b343f7698e8e2bf32167b35f15bc0b8..3441a93b7356e14656d7f539a6636ac81d2e2645 100644
--- a/ipalib/plugins/hostgroup.py
+++ b/ipalib/plugins/hostgroup.py
@@ -98,6 +98,12 @@ class hostgroup_add(LDAPCreate):
 
     msg_summary = _('Added hostgroup "%(value)s"')
 
+    def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
+        if self.api.env.wait_for_attr:
+            entry_attrs['objectclass'] = wait_for_value(ldap, dn, 'objectclass', 'mepOriginEntry')
+        return dn
+
+
 api.register(hostgroup_add)
 
 
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index e6060c0f3f77334675fbfc521a95950732856e2b..8ae8b3eaae682477f1d111f3ef1d612468a2b9c2 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -402,6 +402,10 @@ class user_add(LDAPCreate):
                     self.api.Command['user_mod'](keys[-1], **kw)
                 except (errors.EmptyModlist, errors.NotFound):
                     pass
+        else:
+            if self.api.env.wait_for_attr:
+                entry_attrs['objectclass'] = wait_for_value(ldap, dn, 'objectclass', 'mepOriginEntry')
+
         return dn
 
 api.register(user_add)
diff --git a/tests/test_xmlrpc/objectclasses.py b/tests/test_xmlrpc/objectclasses.py
index 41350f0bc5bf4fcb7e331ae2c2104f66b6e8eefd..29cd6af519bf03c0edf64a04d53145e6b8137d03 100644
--- a/tests/test_xmlrpc/objectclasses.py
+++ b/tests/test_xmlrpc/objectclasses.py
@@ -21,7 +21,7 @@
 Defines the expected objectclass for various entries.
 """
 
-user = [
+user_base = [
     u'top',
     u'person',
     u'organizationalperson',
@@ -33,6 +33,8 @@ user = [
     u'ipaobject',
 ]
 
+user = user_base + [u'mepOriginEntry']
+
 group = [
     u'top',
     u'groupofnames',
diff --git a/tests/test_xmlrpc/test_group_plugin.py b/tests/test_xmlrpc/test_group_plugin.py
index 97349e895c64092673d778188b5803e972dc8dd7..0d71ac772957abb033f0ecadde98fdc073a293de 100644
--- a/tests/test_xmlrpc/test_group_plugin.py
+++ b/tests/test_xmlrpc/test_group_plugin.py
@@ -691,7 +691,7 @@ class test_group(Declarative):
                     homedirectory=[u'/home/tuser1'],
                     krbprincipalname=[u'tuser1@' + api.env.realm],
                     loginshell=[u'/bin/sh'],
-                    objectclass=objectclasses.user,
+                    objectclass=objectclasses.user_base,
                     sn=[u'User1'],
                     uid=[user1],
                     uidnumber=[fuzzy_digits],
diff --git a/tests/test_xmlrpc/test_user_plugin.py b/tests/test_xmlrpc/test_user_plugin.py
index 36e19defc7b5e31898ba2ad6a3d98bf14782d089..af0ff2a052639bdefaefc4d768e13ab16d62d67f 100644
--- a/tests/test_xmlrpc/test_user_plugin.py
+++ b/tests/test_xmlrpc/test_user_plugin.py
@@ -153,7 +153,7 @@ class test_user(Declarative):
                         'krbprincipalname': [u'tuser1@' + api.env.realm],
                         'loginshell': [u'/bin/sh'],
                         'memberof_group': [u'ipausers'],
-                        'objectclass': objectclasses.user + [u'mepOriginEntry'],
+                        'objectclass': objectclasses.user,
                         'sn': [u'User1'],
                         'uid': [user1],
                         'uidnumber': [fuzzy_digits],
-- 
1.7.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to