Notify if reseller_prefix does not match what is in auth.db

bin/swift-auth-update-reseller-prefixes

@@ -0,0 +1,48 @@
+#!/usr/bin/python
+# Copyright (c) 2010 OpenStack, LLC.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from os.path import basename
+from sys import argv, exit
+
+from swift.common.db import get_db_connection
+
+
+if __name__ == '__main__':
+    app = basename(argv[0])
+    if len(argv) != 3:
+        exit('''
+Syntax : %s <auth.db> <new_prefix>
+Example: %s /etc/swift/auth.db AUTH'''.strip() % (app, app))
+    db = argv[1]
+    new_prefix = argv[2].rstrip('_')
+    print 'Updating %s' % db
+    conn = get_db_connection(db)
+    rows = conn.execute('SELECT url, cfaccount FROM account').fetchall()
+    for row in rows:
+        old_prefix = ''
+        uuid = row[1]
+        if '_' in row[1]:
+            old_prefix, uuid = row[1].split('_', 1)
+        new_cfaccount = '%s_%s' % (new_prefix, uuid)
+        new_url = row[0].replace(row[1], new_cfaccount)
+        print '%s ->\n%s' % (row[0], new_url)
+        print '%s ->\n%s' % (row[1], new_cfaccount)
+        print
+        conn.execute('''UPDATE account SET url = ?, cfaccount = ?
+                        WHERE url = ? AND cfaccount = ?''',
+                     (new_url, new_cfaccount, row[0], row[1]))
+    conn.commit()
+    print 'Updated %s rows.' % len(rows)

setup.py

@@ -63,6 +63,7 @@ setup(
         'bin/swift-account-replicator', 'bin/swift-account-server',
         'bin/swift-auth-add-user',
         'bin/swift-auth-recreate-accounts', 'bin/swift-auth-server',
+        'bin/swift-auth-update-reseller-prefixes',
         'bin/swift-container-auditor',
         'bin/swift-container-replicator',
         'bin/swift-container-server', 'bin/swift-container-updater',

swift/auth/server.py

@@ -15,6 +15,7 @@
 
 from __future__ import with_statement
 import os
+import sys
 from contextlib import contextmanager
 from time import gmtime, strftime, time
 from urllib import unquote, quote
@@ -140,6 +141,36 @@ class AuthController(object):
         self.conn.execute('''CREATE INDEX IF NOT EXISTS ix_token_account
                              ON token (account)''')
         self.conn.commit()
+        for row in self.conn.execute('SELECT cfaccount FROM account'):
+            if not row[0].startswith(self.reseller_prefix):
+                previous_prefix = ''
+                if '_' in row[0]:
+                    previous_prefix = row[0].split('_', 1)[0]
+                msg = ('''
+THERE ARE ACCOUNTS IN YOUR auth.db THAT DO NOT BEGIN WITH YOUR NEW RESELLER
+PREFIX OF "%s".
+YOU HAVE A FEW OPTIONS:
+    1) RUN swift-auth-update-reseller-prefixes AND swift-auth-recreate-accounts
+       TO CREATE FRESH ACCOUNTS.
+    OR
+    2) REMOVE auth.db, RUN swift-init auth-server restart, AND RUN
+       swift-auth-add-user TO CREATE BRAND NEW ACCOUNTS THAT WAY.
+    OR
+    3) ADD "reseller_prefix = %s" (WITHOUT THE QUOTES) TO YOUR
+       proxy-server.conf IN THE [filter:auth] SECTION AND TO YOUR
+       auth-server.conf IN THE [app:auth-server] SECTION AND RUN
+       swift-init proxy-server restart AND swift-init auth-server restart TO
+       REVERT BACK TO YOUR PREVIOUS RESELLER PREFIX.
+
+    %s
+                    ''' % (self.reseller_prefix.rstrip('_'), previous_prefix,
+                           previous_prefix and ' ' or '''
+    SINCE YOUR PREVIOUS RESELLER PREFIX WAS AN EMPTY STRING, IT IS NOT
+    RECOMMENDED TO PERFORM OPTION 3 AS THAT WOULD MAKE SUPPORTING MULTIPLE
+    RESELLERS MORE DIFFICULT.
+                    '''.strip())).strip()
+                self.logger.critical('CRITICAL: ' + ' '.join(msg.split()))
+                raise Exception('\n' + msg)
 
     def add_storage_account(self, account_name=''):
         """

test/unit/auth/test_server.py

@@ -589,7 +589,13 @@ class TestAuthServer(unittest.TestCase):
             conn.close()
             # Upgrade to current db
             conf = {'swift_dir': swift_dir, 'super_admin_key': 'testkey'}
-            controller = auth_server.AuthController(conf)
+            exc = None
+            try:
+                auth_server.AuthController(conf)
+            except Exception, err:
+                exc = err
+            self.assert_(str(err).strip().startswith('THERE ARE ACCOUNTS IN '
+                'YOUR auth.db THAT DO NOT BEGIN WITH YOUR NEW RESELLER'), err)
             # Check new items exist and are correct
             conn = get_db_connection(db_file)
             row = conn.execute('SELECT admin FROM account').fetchone()
@@ -633,7 +639,13 @@ class TestAuthServer(unittest.TestCase):
             conn.close()
             # Upgrade to current db
             conf = {'swift_dir': swift_dir, 'super_admin_key': 'testkey'}
-            controller = auth_server.AuthController(conf)
+            exc = None
+            try:
+                auth_server.AuthController(conf)
+            except Exception, err:
+                exc = err
+            self.assert_(str(err).strip().startswith('THERE ARE ACCOUNTS IN '
+                'YOUR auth.db THAT DO NOT BEGIN WITH YOUR NEW RESELLER'), err)
             # Check new items exist and are correct
             conn = get_db_connection(db_file)
             row = conn.execute('''SELECT admin, reseller_admin