Hello community, here is the log from the commit of package hawk for openSUSE:Factory checked in at 2014-09-03 18:22:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/hawk (Old) and /work/SRC/openSUSE:Factory/.hawk.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "hawk" Changes: -------- --- /work/SRC/openSUSE:Factory/hawk/hawk.changes 2014-07-31 07:42:01.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.hawk.new/hawk.changes 2014-09-03 19:57:50.000000000 +0200 @@ -1,0 +2,7 @@ +Fri Aug 29 09:46:38 UTC 2014 - kgronlund@suse.com + +- ACLs: Implement support for Pacemaker ACL schema 2.0 (bnc#894012) +- GUI: Detect and disable ACLs if CIB schema version is < 2.0 +- Upstream version cs:2af06a0 + +------------------------------------------------------------------- Old: ---- hawk-0.7.0+git.1406639309.f13164c.tar.bz2 New: ---- hawk-0.7.0+git.1409304763.2af06a0.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ hawk.spec ++++++ --- /var/tmp/diff_new_pack.YcO9Jr/_old 2014-09-03 19:57:51.000000000 +0200 +++ /var/tmp/diff_new_pack.YcO9Jr/_new 2014-09-03 19:57:51.000000000 +0200 @@ -39,7 +39,7 @@ Summary: HA Web Konsole License: GPL-2.0 Group: %{pkg_group} -Version: 0.7.0+git.1406639309.f13164c +Version: 0.7.0+git.1409304763.2af06a0 Release: 0 Url: http://www.clusterlabs.org/wiki/Hawk Source: %{name}-%{version}.tar.bz2 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.YcO9Jr/_old 2014-09-03 19:57:51.000000000 +0200 +++ /var/tmp/diff_new_pack.YcO9Jr/_new 2014-09-03 19:57:51.000000000 +0200 @@ -4,7 +4,7 @@ <param name="scm">git</param> <param name="exclude">.git</param> <param name="versionformat">0.7.0+git.%ct.%h</param> - <param name="revision">f13164c</param> + <param name="revision">2af06a0</param> </service> <service name="recompress" mode="disabled"> ++++++ hawk-0.7.0+git.1406639309.f13164c.tar.bz2 -> hawk-0.7.0+git.1409304763.2af06a0.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-0.7.0+git.1406639309.f13164c/hawk/app/controllers/acls_controller.rb new/hawk-0.7.0+git.1409304763.2af06a0/hawk/app/controllers/acls_controller.rb --- old/hawk-0.7.0+git.1406639309.f13164c/hawk/app/controllers/acls_controller.rb 2014-07-30 12:12:07.000000000 +0200 +++ new/hawk-0.7.0+git.1409304763.2af06a0/hawk/app/controllers/acls_controller.rb 2014-08-29 11:45:45.000000000 +0200 @@ -79,5 +79,11 @@ # So that's at least three cibadmin calls for each pageload here... @enable_acl = !Util.safe_x('/usr/sbin/cibadmin', '-Ql', '--xpath', "//configuration//crm_config//nvpair[@name='enable-acl' and @value='true']").chomp.empty? + cib = Util.safe_x('/usr/sbin/cibadmin', '-Ql', '--xpath', "/cib[@validate-with]").lines.first + if m = cib.match(/validate-with=\"pacemaker-([0-9.]+)\"/) + @supported_schema = m.captures[0].to_f >= 2.0 + else + @supported_schema = false + end end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-0.7.0+git.1406639309.f13164c/hawk/app/models/cib_object.rb new/hawk-0.7.0+git.1409304763.2af06a0/hawk/app/models/cib_object.rb --- old/hawk-0.7.0+git.1406639309.f13164c/hawk/app/models/cib_object.rb 2014-07-30 12:12:07.000000000 +0200 +++ new/hawk-0.7.0+git.1409304763.2af06a0/hawk/app/models/cib_object.rb 2014-08-29 11:45:45.000000000 +0200 @@ -91,7 +91,7 @@ def find(id, attr='id') begin xml = REXML::Document.new(Invoker.instance.cibadmin('-Ql', '--xpath', - "//configuration//*[self::node or self::primitive or self::template or self::clone or self::group or self::master or self::rsc_order or self::rsc_colocation or self::rsc_location or self::rsc_ticket or self::acl_role or self::acl_user][@#{attr}='#{id}']")) + "//configuration//*[self::node or self::primitive or self::template or self::clone or self::group or self::master or self::rsc_order or self::rsc_colocation or self::rsc_location or self::rsc_ticket or self::acl_role or self::acl_target][@#{attr}='#{id}']")) raise CibObject::CibObjectError, _('Unable to parse cibadmin output') unless xml.root elem = xml.elements[1] obj = class_from_element_name(elem.name).instantiate(elem) @@ -158,7 +158,7 @@ 'rsc_location' => Location, 'rsc_ticket' => Ticket, 'acl_role' => Role, - 'acl_user' => User + 'acl_target' => User } @@map[name] end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-0.7.0+git.1406639309.f13164c/hawk/app/models/role.rb new/hawk-0.7.0+git.1409304763.2af06a0/hawk/app/models/role.rb --- old/hawk-0.7.0+git.1406639309.f13164c/hawk/app/models/role.rb 2014-07-30 12:12:07.000000000 +0200 +++ new/hawk-0.7.0+git.1409304763.2af06a0/hawk/app/models/role.rb 2014-08-29 11:45:45.000000000 +0200 @@ -39,7 +39,6 @@ end def validate - error _('Role must have rules') if @rules.empty? # TODO(must): get rid of embedded space, non valid chars etc. @rules.each do |r| r[:tag].strip! @@ -88,9 +87,9 @@ rules = [] xml.elements.each do |elem| rules << { - :right => elem.name, - :tag => elem.attributes['tag'] || nil, - :ref => elem.attributes['ref'] || nil, + :right => elem.attributes['kind'], + :tag => elem.attributes['object-type'] || nil, + :ref => elem.attributes['reference'] || nil, :xpath => elem.attributes['xpath'] || nil, :attribute => elem.attributes['attribute'] || nil } @@ -113,7 +112,7 @@ cmd += " tag:#{rule[:tag]}" if rule[:tag] && !rule[:tag].empty? cmd += " ref:#{rule[:ref]}" if rule[:ref] && !rule[:ref].empty? cmd += " xpath:#{rule[:xpath]}" if rule[:xpath] && !rule[:xpath].empty? - cmd += " attribute:#{rule[:tag]}" if rule[:attribute] && !rule[:attribute].empty? + cmd += " attribute:#{rule[:attribute]}" if rule[:attribute] && !rule[:attribute].empty? end Rails.logger.debug(cmd) cmd diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-0.7.0+git.1406639309.f13164c/hawk/app/models/user.rb new/hawk-0.7.0+git.1409304763.2af06a0/hawk/app/models/user.rb --- old/hawk-0.7.0+git.1406639309.f13164c/hawk/app/models/user.rb 2014-07-30 12:12:07.000000000 +0200 +++ new/hawk-0.7.0+git.1409304763.2af06a0/hawk/app/models/user.rb 2014-08-29 11:45:45.000000000 +0200 @@ -34,24 +34,13 @@ attr_accessor *@attributes def initialize(attributes = nil) - @rules = [] @roles = [] super end def validate @roles = @roles.delete_if{|r| r.empty?} - @rules = @rules.delete_if{|r| r[:right].empty? && r[:xpath].empty? && r[:tag].empty? && r[:ref].empty? && r[:attribute].empty?} # TODO(must): get rid of embedded space, non valid chars etc. - @rules.each do |r| - r[:tag].strip! - r[:ref].strip! - r[:xpath].strip! - r[:attribute].strip! - end - # TODO(must): get rid of completely empty rules! - error _('User must have either rules or roles') if @rules.empty? && @roles.empty? - error _("User can't have both rules and roles") if !@rules.empty? && !@roles.empty? end def create @@ -69,7 +58,7 @@ end def update - unless CibObject.exists?(id, 'acl_user') + unless CibObject.exists?(id, 'acl_target') error _('User ID "%{id}" does not exist') % { :id => @id } return false end @@ -91,44 +80,27 @@ def instantiate(xml) acl = allocate # Just to be confusing... ;) - rules = [] roles = [] xml.elements.each do |elem| - if elem.name == 'role_ref' + if elem.name == 'role' roles << elem.attributes['id'] - else - rules << { - :right => elem.name, - :tag => elem.attributes['tag'] || nil, - :ref => elem.attributes['ref'] || nil, - :xpath => elem.attributes['xpath'] || nil, - :attribute => elem.attributes['attribute'] || nil - } end end - acl.instance_variable_set(:@rules, rules); acl.instance_variable_set(:@roles, roles); acl end def all - super "acl_user" + super "acl_target" end end private def shell_syntax - cmd = "user #{@id}" + cmd = "acl_target #{@id}" @roles.each do |role| - cmd += " role:#{role}" - end - @rules.each do |rule| - cmd += " #{rule[:right]} " - cmd += " tag:#{rule[:tag]}" if rule[:tag] && !rule[:tag].empty? - cmd += " ref:#{rule[:ref]}" if rule[:ref] && !rule[:ref].empty? - cmd += " xpath:#{rule[:xpath]}" if rule[:xpath] && !rule[:xpath].empty? - cmd += " attribute:#{rule[:tag]}" if rule[:attribute] && !rule[:attribute].empty? + cmd += " #{role}" end cmd end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-0.7.0+git.1406639309.f13164c/hawk/app/views/acls/index.html.erb new/hawk-0.7.0+git.1409304763.2af06a0/hawk/app/views/acls/index.html.erb --- old/hawk-0.7.0+git.1406639309.f13164c/hawk/app/views/acls/index.html.erb 2014-07-30 12:12:07.000000000 +0200 +++ new/hawk-0.7.0+git.1409304763.2af06a0/hawk/app/views/acls/index.html.erb 2014-08-29 11:45:45.000000000 +0200 @@ -129,6 +129,8 @@ _("To enable ACLs, set 'enable-acl' in the CRM Configuration"), cib_crm_config_path(:cib_id => (params[:cib_id] || "live"), :id => 'cib-bootstrap-options')) %></div> <% end %> +<% if @supported_schema %> + <div id="roles"> <table cellspacing="0" cellpadding="2">