Hello,
This reduces LDAP searches in permission-find when there are legacy permissions. The root entry (which contains all legacy permission ACIs) is only looked up once.



--
PetrĀ³
From 34528e3fce17db1e4c2a23f091dc9d7fcd93b97f Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pvikt...@redhat.com>
Date: Fri, 28 Feb 2014 13:38:12 +0100
Subject: [PATCH] permission-find: Cache the root entry for legacy permissions

This makes searching faster if there are many legacy permissions present.

The root entry (which contains all legacy permission ACIs) is only
looked up once.
---
 ipalib/plugins/permission.py | 31 +++++++++++++++++++++++--------
 1 file changed, 23 insertions(+), 8 deletions(-)

diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index 670e3f1c65452fef26838558ad115ebc2aeda87a..31266adac0326d008f5c1e3f6a94d696edb0c489 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -518,13 +518,14 @@ def _replace_aci(self, permission_entry, old_name=None, new_acistring=None):
         return acientry, acistring
 
     def _get_aci_entry_and_string(self, permission_entry, name=None,
-                                  notfound_ok=False):
+                                  notfound_ok=False, cached_acientry=None):
         """Get the entry and ACI corresponding to the permission entry
 
         :param name: The name of the permission, or None for the cn
         :param notfound_ok:
             If true, (acientry, None) will be returned on missing ACI, rather
             than raising exception
+        :param cached_acientry: See upgrade_permission()
         """
         ldap = self.api.Backend.ldap2
         if name is None:
@@ -533,10 +534,15 @@ def _get_aci_entry_and_string(self, permission_entry, name=None,
                                                      self.api.env.basedn)
         wanted_aciname = 'permission:%s' % name
 
-        try:
-            acientry = ldap.get_entry(location, ['aci'])
-        except errors.NotFound:
-            acientry = ldap.make_entry(location)
+        if (cached_acientry and
+                cached_acientry.dn == location and
+                'aci' in cached_acientry):
+            acientry = cached_acientry
+        else:
+            try:
+                acientry = ldap.get_entry(location, ['aci'])
+            except errors.NotFound:
+                acientry = ldap.make_entry(location)
         acis = acientry.get('aci', ())
         for acistring in acis:
             aci = ACI(acistring)
@@ -550,7 +556,7 @@ def _get_aci_entry_and_string(self, permission_entry, name=None,
                          'in %(dn)s ') % {'name': name, 'dn': location})
 
     def upgrade_permission(self, entry, target_entry=None,
-                           output_only=False):
+                           output_only=False, cached_acientry=None):
         """Upgrade the given permission entry to V2, in-place
 
         The entry is only upgraded if it is a plain old-style permission,
@@ -563,11 +569,16 @@ def upgrade_permission(self, entry, target_entry=None,
         :param output_only:
             If true, the flags are not updated to V2.
             Used for the -find and -show commands.
+        :param cached_acientry:
+            Optional pre-retreived entry that contains the existing ACI.
+            If it is None or its DN does not match the location DN,
+            cached_acientry is ignored and the entry is retreived from LDAP.
         """
         if entry.get('ipapermissiontype'):
             # Only convert old-style, non-SYSTEM permissions -- i.e. no flags
             return
-        base, acistring = self._get_aci_entry_and_string(entry)
+        base, acistring = self._get_aci_entry_and_string(
+            entry, cached_acientry=cached_acientry)
 
         if not target_entry:
             target_entry = entry
@@ -1071,8 +1082,11 @@ def post_callback(self, ldap, entries, truncated, *args, **options):
                     base_dn=DN(self.obj.container_dn, self.api.env.basedn),
                     filter=ldap.combine_filters(filters, rules=ldap.MATCH_ALL),
                     attrs_list=attrs_list)
+                # Retrieve the root entry (with all legacy ACIs) at once
+                root_entry = ldap.get_entry(DN(api.env.basedn), ['aci'])
             except errors.NotFound:
                 legacy_entries = ()
+                cached_root_entry = None
             self.log.debug('potential legacy entries: %s', len(legacy_entries))
             nonlegacy_names = {e.single_value['cn'] for e in entries}
             for entry in legacy_entries:
@@ -1087,7 +1101,8 @@ def post_callback(self, ldap, entries, truncated, *args, **options):
                     entries.pop()
                     truncated = True
                     break
-                self.obj.upgrade_permission(entry, output_only=True)
+                self.obj.upgrade_permission(entry, output_only=True,
+                                            cached_acientry=root_entry)
                 cn = entry.single_value['cn']
                 if any(a.lower() in cn.lower() for a in args if a):
                     entries.append(entry)
-- 
1.8.5.3

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to