From d2b97922401a0a2a10341770a4dd8939ed74b710 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Mart=C3=ADn?= Date: Tue, 4 Mar 2014 15:32:03 +0100 Subject: [PATCH] Bug #2735: Translate zone id in resource providers and acl rules --- src/onedb/import_slave.rb | 88 ++++++++++++++++++++++++++++----------- 1 file changed, 63 insertions(+), 25 deletions(-) diff --git a/src/onedb/import_slave.rb b/src/onedb/import_slave.rb index 1f7d3ab535..ad21d66920 100644 --- a/src/onedb/import_slave.rb +++ b/src/onedb/import_slave.rb @@ -14,8 +14,6 @@ # limitations under the License. # #--------------------------------------------------------------------------- # -ONE_LOCATION = ENV["ONE_LOCATION"] - if !ONE_LOCATION LOG_LOCATION = "/var/log/one" else @@ -401,6 +399,14 @@ EOT # Add slave template attributes to master template master_template << slave_template.children + # Merge resource providers + slave_doc.root.xpath("RESOURCE_PROVIDER").each do |elem| + # Zone ID must be 0, will be changed to the target ID + elem.at_xpath("ZONE_ID").content = zone_id + + master_doc.root << elem + end + @db[:group_pool].where(:oid => new_group[:oid]).update( :body => master_doc.root.to_s) else @@ -419,6 +425,12 @@ EOT slave_doc.root.add_child(new_elem) + # Update resource providers + slave_doc.root.xpath("RESOURCE_PROVIDER").each do |elem| + # Zone ID must be 0, will be changed to the target ID + elem.at_xpath("ZONE_ID").content = zone_id + end + @db[:group_pool].insert( :oid => new_group[:oid], :name => new_group[:name], @@ -516,6 +528,19 @@ EOT ((row[:resource] & 0xFFFFFFFF00000000) | groups[gid][:oid]) end + elsif ( (row[:resource] & Acl::RESOURCES["GROUP"]) == Acl::RESOURCES["GROUP"] && + (row[:resource] & Acl::USERS["UID"]) == Acl::USERS["UID"] ) + + gid = (row[:resource] & 0xFFFFFFFF) + + if (groups[gid].nil?) + insert = false + error_str = "Group ##{gid} does not exist" + else + new_resource = + ((row[:resource] & 0xFFFFFFFF00000000) | groups[gid][:oid]) + end + elsif ( (row[:resource] & Acl::RESOURCES["USER"]) == Acl::RESOURCES["USER"] && (row[:resource] & Acl::USERS["UID"]) == Acl::USERS["UID"] ) @@ -531,6 +556,19 @@ EOT end + if ( (row[:resource] & Acl::RESOURCES["ZONE"]) == Acl::RESOURCES["ZONE"] && + (row[:resource] & Acl::USERS["UID"]) == Acl::USERS["UID"] ) + + zid = (row[:resource] & 0xFFFFFFFF) + + if (zid != 0) + insert = false + error_str = "Zone ##{zid} is unknown for the slave" + else + new_resource = (Acl::USERS["UID"] | zone_id) + end + end + if ( (row[:zone] & Acl::USERS["UID"]) == Acl::USERS["UID"] ) zid = (row[:zone] & 0xFFFFFFFF) @@ -542,31 +580,31 @@ EOT end end - if (!insert) + # Avoid duplicated ACL rules + @db.fetch("SELECT oid FROM acl WHERE "<< + "user = #{new_user} AND resource = #{new_resource} "<< + "AND rights = #{row[:rights]} AND "<< + "zone = #{new_zone}") do |acl_row| + + insert = false + error_str = "the same Rule exists with ID ##{acl_row[:oid]}" + end + + + if (insert) + last_acl_oid += 1 + + log("Slave DB ACL Rule ##{row[:oid]} imported with ID ##{last_acl_oid}") + + @db[:acl].insert( + :oid => last_acl_oid, + :user => new_user, + :resource => new_resource, + :rights => row[:rights], + :zone => new_zone) + else log("Slave DB ACL Rule ##{row[:oid]} will not be "<< "imported to the master DB, " << error_str) - else - # Avoid duplicated ACL rules - @db.fetch("SELECT oid FROM acl WHERE "<< - "user = #{new_user} AND resource = #{new_resource} "<< - "AND rights = #{row[:rights]} AND "<< - "zone = #{row[:zone]}") do |acl_row| - - insert = false - end - - if (insert) - last_acl_oid += 1 - - log("New ACL Rule imported with ID ##{last_acl_oid}") - - @db[:acl].insert( - :oid => last_acl_oid, - :user => new_user, - :resource => new_resource, - :rights => row[:rights], - :zone => new_zone) - end end end end