diff --git a/bin/swift-auth-update-reseller-prefixes b/bin/swift-auth-update-reseller-prefixes new file mode 100755 index 0000000000..41a4bf6a76 --- /dev/null +++ b/bin/swift-auth-update-reseller-prefixes @@ -0,0 +1,48 @@ +#!/usr/bin/python +# Copyright (c) 2010 OpenStack, LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from os.path import basename +from sys import argv, exit + +from swift.common.db import get_db_connection + + +if __name__ == '__main__': + app = basename(argv[0]) + if len(argv) != 3: + exit(''' +Syntax : %s +Example: %s /etc/swift/auth.db AUTH'''.strip() % (app, app)) + db = argv[1] + new_prefix = argv[2].rstrip('_') + print 'Updating %s' % db + conn = get_db_connection(db) + rows = conn.execute('SELECT url, cfaccount FROM account').fetchall() + for row in rows: + old_prefix = '' + uuid = row[1] + if '_' in row[1]: + old_prefix, uuid = row[1].split('_', 1) + new_cfaccount = '%s_%s' % (new_prefix, uuid) + new_url = row[0].replace(row[1], new_cfaccount) + print '%s ->\n%s' % (row[0], new_url) + print '%s ->\n%s' % (row[1], new_cfaccount) + print + conn.execute('''UPDATE account SET url = ?, cfaccount = ? + WHERE url = ? AND cfaccount = ?''', + (new_url, new_cfaccount, row[0], row[1])) + conn.commit() + print 'Updated %s rows.' % len(rows) diff --git a/setup.py b/setup.py index ee8b7fed9d..56977c97d2 100644 --- a/setup.py +++ b/setup.py @@ -63,6 +63,7 @@ setup( 'bin/swift-account-replicator', 'bin/swift-account-server', 'bin/swift-auth-add-user', 'bin/swift-auth-recreate-accounts', 'bin/swift-auth-server', + 'bin/swift-auth-update-reseller-prefixes', 'bin/swift-container-auditor', 'bin/swift-container-replicator', 'bin/swift-container-server', 'bin/swift-container-updater', diff --git a/swift/auth/server.py b/swift/auth/server.py index 87decc7116..36b16686e7 100644 --- a/swift/auth/server.py +++ b/swift/auth/server.py @@ -15,6 +15,7 @@ from __future__ import with_statement import os +import sys from contextlib import contextmanager from time import gmtime, strftime, time from urllib import unquote, quote @@ -140,6 +141,36 @@ class AuthController(object): self.conn.execute('''CREATE INDEX IF NOT EXISTS ix_token_account ON token (account)''') self.conn.commit() + for row in self.conn.execute('SELECT cfaccount FROM account'): + if not row[0].startswith(self.reseller_prefix): + previous_prefix = '' + if '_' in row[0]: + previous_prefix = row[0].split('_', 1)[0] + msg = (''' +THERE ARE ACCOUNTS IN YOUR auth.db THAT DO NOT BEGIN WITH YOUR NEW RESELLER +PREFIX OF "%s". +YOU HAVE A FEW OPTIONS: + 1) RUN swift-auth-update-reseller-prefixes AND swift-auth-recreate-accounts + TO CREATE FRESH ACCOUNTS. + OR + 2) REMOVE auth.db, RUN swift-init auth-server restart, AND RUN + swift-auth-add-user TO CREATE BRAND NEW ACCOUNTS THAT WAY. + OR + 3) ADD "reseller_prefix = %s" (WITHOUT THE QUOTES) TO YOUR + proxy-server.conf IN THE [filter:auth] SECTION AND TO YOUR + auth-server.conf IN THE [app:auth-server] SECTION AND RUN + swift-init proxy-server restart AND swift-init auth-server restart TO + REVERT BACK TO YOUR PREVIOUS RESELLER PREFIX. + + %s + ''' % (self.reseller_prefix.rstrip('_'), previous_prefix, + previous_prefix and ' ' or ''' + SINCE YOUR PREVIOUS RESELLER PREFIX WAS AN EMPTY STRING, IT IS NOT + RECOMMENDED TO PERFORM OPTION 3 AS THAT WOULD MAKE SUPPORTING MULTIPLE + RESELLERS MORE DIFFICULT. + '''.strip())).strip() + self.logger.critical('CRITICAL: ' + ' '.join(msg.split())) + raise Exception('\n' + msg) def add_storage_account(self, account_name=''): """ diff --git a/test/unit/auth/test_server.py b/test/unit/auth/test_server.py index 0786dfd309..6ab8b76095 100644 --- a/test/unit/auth/test_server.py +++ b/test/unit/auth/test_server.py @@ -589,7 +589,13 @@ class TestAuthServer(unittest.TestCase): conn.close() # Upgrade to current db conf = {'swift_dir': swift_dir, 'super_admin_key': 'testkey'} - controller = auth_server.AuthController(conf) + exc = None + try: + auth_server.AuthController(conf) + except Exception, err: + exc = err + self.assert_(str(err).strip().startswith('THERE ARE ACCOUNTS IN ' + 'YOUR auth.db THAT DO NOT BEGIN WITH YOUR NEW RESELLER'), err) # Check new items exist and are correct conn = get_db_connection(db_file) row = conn.execute('SELECT admin FROM account').fetchone() @@ -633,7 +639,13 @@ class TestAuthServer(unittest.TestCase): conn.close() # Upgrade to current db conf = {'swift_dir': swift_dir, 'super_admin_key': 'testkey'} - controller = auth_server.AuthController(conf) + exc = None + try: + auth_server.AuthController(conf) + except Exception, err: + exc = err + self.assert_(str(err).strip().startswith('THERE ARE ACCOUNTS IN ' + 'YOUR auth.db THAT DO NOT BEGIN WITH YOUR NEW RESELLER'), err) # Check new items exist and are correct conn = get_db_connection(db_file) row = conn.execute('''SELECT admin, reseller_admin