38e6500838
- Resolves: Issue 5120 - Fix compilation error - Resolves: Issue 6782 - Improve paged result locking - Resolves: Issue 6929 - Compilation failure with rust-1.89 on Fedora ELN - Resolves: Issue 6822 - Backend creation cleanup and Database UI tab error handling (#6823) - Resolves: Issue 6753 - Add 'add_exclude_subtree' and 'remove_exclude_subtree' methods to Attribute uniqueness plugin - Resolves: Issue 6857 - uiduniq: allow specifying match rules in the filter - Resolves: Issue 6756 - CLI, UI - Properly handle disabled NDN cache (#6757) - Resolves: Issue 6854 - Refactor for improved data management (#6855) - Resolves: Issue 6850 - AddressSanitizer: memory leak in mdb_init - Resolves: Issue 6848 - AddressSanitizer: leak in do_search - Resolves: Issue 6865 - AddressSanitizer: leak in agmt_update_init_status - Resolves: Issue 6868 - UI - schema attribute table expansion break after moving to a new page - Resolves: Issue 6859 - str2filter is not fully applying matching rules - Resolves: Issue 6872 - compressed log rotation creates files with world readable permission - Resolves: Issue 6888 - Missing access JSON logging for TLS/Client auth - Resolves: Issue 6772 - dsconf - Replicas with the "consumer" role allow for viewing and modification of their changelog. (#6773) - Resolves: Issue 6893 - Log user that is updated during password modify extended operation - Resolves: Issue 6901 - Update changelog trimming logging - Resolves: Issue 6430 - implement read-only bdb (#6431) - Resolves: Issue 6663 - Fix NULL subsystem crash in JSON error logging (#6883) - Resolves: Issue 6895 - Crash if repl keep alive entry can not be created - Resolves: Issue 6884 - Mask password hashes in audit logs (#6885) - Resolves: Issue 6778 - Memory leak in roles_cache_create_object_from_entry part 2 - Resolves: Issue 6901 - Update changelog trimming logging - fix tests - Resolves: Issue 6181 - RFE - Allow system to manage uid/gid at startup - Resolves: Issue 6468 - CLI - Fix default error log level - Resolves: Issue 6768 - ns-slapd crashes when a referral is added (#6780) - Resolves: Issue 6430 - Fix build with bundled libdb
67 lines
2.6 KiB
Diff
67 lines
2.6 KiB
Diff
From c44c45797a0e92fcdb6f0cc08f56816c7d77ffac Mon Sep 17 00:00:00 2001
|
|
From: Anuar Beisembayev <111912342+abeisemb@users.noreply.github.com>
|
|
Date: Wed, 23 Jul 2025 23:48:11 -0400
|
|
Subject: [PATCH] Issue 6772 - dsconf - Replicas with the "consumer" role allow
|
|
for viewing and modification of their changelog. (#6773)
|
|
|
|
dsconf currently allows users to set and retrieve changelogs in consumer replicas, which do not have officially supported changelogs. This can lead to undefined behavior and confusion.
|
|
This commit prints a warning message if the user tries to interact with a changelog on a consumer replica.
|
|
|
|
Resolves: https://github.com/389ds/389-ds-base/issues/6772
|
|
|
|
Reviewed by: @droideck
|
|
---
|
|
src/lib389/lib389/cli_conf/replication.py | 23 +++++++++++++++++++++++
|
|
1 file changed, 23 insertions(+)
|
|
|
|
diff --git a/src/lib389/lib389/cli_conf/replication.py b/src/lib389/lib389/cli_conf/replication.py
|
|
index 6f77f34ca..a18bf83ca 100644
|
|
--- a/src/lib389/lib389/cli_conf/replication.py
|
|
+++ b/src/lib389/lib389/cli_conf/replication.py
|
|
@@ -686,6 +686,9 @@ def set_per_backend_cl(inst, basedn, log, args):
|
|
replace_list = []
|
|
did_something = False
|
|
|
|
+ if (is_replica_role_consumer(inst, suffix)):
|
|
+ log.info("Warning: Changelogs are not supported for consumer replicas. You may run into undefined behavior.")
|
|
+
|
|
if args.encrypt:
|
|
cl.replace('nsslapd-encryptionalgorithm', 'AES')
|
|
del args.encrypt
|
|
@@ -715,6 +718,10 @@ def set_per_backend_cl(inst, basedn, log, args):
|
|
# that means there is a changelog config entry per backend (aka suffix)
|
|
def get_per_backend_cl(inst, basedn, log, args):
|
|
suffix = args.suffix
|
|
+
|
|
+ if (is_replica_role_consumer(inst, suffix)):
|
|
+ log.info("Warning: Changelogs are not supported for consumer replicas. You may run into undefined behavior.")
|
|
+
|
|
cl = Changelog(inst, suffix)
|
|
if args and args.json:
|
|
log.info(cl.get_all_attrs_json())
|
|
@@ -822,6 +829,22 @@ def del_repl_manager(inst, basedn, log, args):
|
|
|
|
log.info("Successfully deleted replication manager: " + manager_dn)
|
|
|
|
+def is_replica_role_consumer(inst, suffix):
|
|
+ """Helper function for get_per_backend_cl and set_per_backend_cl.
|
|
+ Makes sure the instance in question is not a consumer, which is a role that
|
|
+ does not support changelogs.
|
|
+ """
|
|
+ replicas = Replicas(inst)
|
|
+ try:
|
|
+ replica = replicas.get(suffix)
|
|
+ role = replica.get_role()
|
|
+ except ldap.NO_SUCH_OBJECT:
|
|
+ raise ValueError(f"Backend \"{suffix}\" is not enabled for replication")
|
|
+
|
|
+ if role == ReplicaRole.CONSUMER:
|
|
+ return True
|
|
+ else:
|
|
+ return False
|
|
|
|
#
|
|
# Agreements
|
|
--
|
|
2.49.0
|
|
|