rpms/pacemaker
7
0
Fork 0
Code Issues Pull Requests Releases Activity
87bc6c8acd
pacemaker/001-acl-group-schema.patch
Ken Gaillot 84f732910e Rebase on upstream 2.1.2 
... with selected backports from upstream master branch

- Resolves: rhbz2011974
2021-11-30 10:23:45 -06:00

231 lines
11 KiB
Diff
Raw Blame History

From f5ffbaf1f537d3d5b00e594211cd322f97df51ac Mon Sep 17 00:00:00 2001
From: Grace Chin <gchin@redhat.com>
Date: Fri, 5 Nov 2021 11:39:39 -0400
Subject: [PATCH 1/3] Low: xml: clone acls schema in preparation for changes
---
xml/acls-3.8.rng | 80 ++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 80 insertions(+)
create mode 100644 xml/acls-3.8.rng
diff --git a/xml/acls-3.8.rng b/xml/acls-3.8.rng
new file mode 100644
index 000000000..0fe6eed96
--- /dev/null
+++ b/xml/acls-3.8.rng
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<grammar xmlns="http://relaxng.org/ns/structure/1.0"
+ datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
+ <start>
+ <optional>
+ <ref name="element-acls"/>
+ </optional>
+ </start>
+
+ <define name="element-acls">
+ <element name="acls">
+ <zeroOrMore>
+ <choice>
+ <element name="acl_target">
+ <attribute name="id"><text/></attribute>
+ <zeroOrMore>
+ <element name="role">
+ <attribute name="id"><data type="IDREF"/></attribute>
+ </element>
+ </zeroOrMore>
+ </element>
+ <element name="acl_group">
+ <!-- Here 'id' is the name of a unix group -->
+ <attribute name="id"><data type="ID"/></attribute>
+ <zeroOrMore>
+ <element name="role">
+ <attribute name="id"><data type="IDREF"/></attribute>
+ </element>
+ </zeroOrMore>
+ </element>
+ <element name="acl_role">
+ <attribute name="id"><data type="ID"/></attribute>
+ <optional>
+ <attribute name="description"><text/></attribute>
+ </optional>
+ <zeroOrMore>
+ <ref name="element-permission"/>
+ </zeroOrMore>
+ </element>
+ </choice>
+ </zeroOrMore>
+ </element>
+ </define>
+
+ <define name="element-permission">
+ <element name="acl_permission">
+ <attribute name="id"><data type="ID"/></attribute>
+
+ <attribute name="kind">
+ <choice>
+ <value>read</value>
+ <value>write</value>
+ <value>deny</value>
+ </choice>
+ </attribute>
+
+ <choice>
+ <attribute name="xpath"><text/></attribute>
+ <!-- reference is already sufficiently specific without 'object-type' -->
+ <attribute name="reference"><data type="IDREF"/></attribute>
+ <group>
+ <!-- Use 'object-type' to avoid conflicting with the 'tag' configuration concept -->
+ <attribute name="object-type"><text/></attribute>
+ <optional>
+ <!--
+ does not make sense with anything other than object-type
+ xpath and reference are already sufficiently specific
+ -->
+ <attribute name="attribute"><text/></attribute>
+ </optional>
+ </group>
+ </choice>
+
+ <optional>
+ <attribute name="description"><text/></attribute>
+ </optional>
+ </element>
+ </define>
+
+</grammar>
--
2.27.0
From 7838213fc639236bdedf5f15320152d973f1bdad Mon Sep 17 00:00:00 2001
From: Grace Chin <gchin@redhat.com>
Date: Fri, 5 Nov 2021 11:40:48 -0400
Subject: [PATCH 2/3] Add a 'name' attribute to acl_target and acl_group
elements
---
xml/acls-3.8.rng | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/xml/acls-3.8.rng b/xml/acls-3.8.rng
index 0fe6eed96..48bcdffe3 100644
--- a/xml/acls-3.8.rng
+++ b/xml/acls-3.8.rng
@@ -13,6 +13,9 @@
<choice>
<element name="acl_target">
<attribute name="id"><text/></attribute>
+ <optional>
+ <attribute name="name"><text/></attribute>
+ </optional>
<zeroOrMore>
<element name="role">
<attribute name="id"><data type="IDREF"/></attribute>
@@ -22,6 +25,9 @@
<element name="acl_group">
<!-- Here 'id' is the name of a unix group -->
<attribute name="id"><data type="ID"/></attribute>
+ <optional>
+ <attribute name="name"><text/></attribute>
+ </optional>
<zeroOrMore>
<element name="role">
<attribute name="id"><data type="IDREF"/></attribute>
--
2.27.0
From c3c498f4636f57e29670f8e385b625024ed222d7 Mon Sep 17 00:00:00 2001
From: Grace Chin <gchin@redhat.com>
Date: Fri, 5 Nov 2021 11:42:48 -0400
Subject: [PATCH 3/3] Changes made by run of 'cts/cts-cli -s'
---
cts/cli/regression.upgrade.exp | 7 +++++--
cts/cli/regression.validity.exp | 22 ++++++++++++++++++----
2 files changed, 23 insertions(+), 6 deletions(-)
diff --git a/cts/cli/regression.upgrade.exp b/cts/cli/regression.upgrade.exp
index e38adebdd..7ce7ec13b 100644
--- a/cts/cli/regression.upgrade.exp
+++ b/cts/cli/regression.upgrade.exp
@@ -91,8 +91,11 @@ update_validation debug: Configuration valid for schema: pacemaker-3.6
update_validation debug: pacemaker-3.6-style configuration is also valid for pacemaker-3.7
update_validation debug: Testing 'pacemaker-3.7' validation (21 of X)
update_validation debug: Configuration valid for schema: pacemaker-3.7
-update_validation trace: Stopping at pacemaker-3.7
-update_validation info: Transformed the configuration from pacemaker-2.10 to pacemaker-3.7
+update_validation debug: pacemaker-3.7-style configuration is also valid for pacemaker-3.8
+update_validation debug: Testing 'pacemaker-3.8' validation (22 of X)
+update_validation debug: Configuration valid for schema: pacemaker-3.8
+update_validation trace: Stopping at pacemaker-3.8
+update_validation info: Transformed the configuration from pacemaker-2.10 to pacemaker-3.8
=#=#=#= Current cib after: Upgrade to latest CIB schema (trigger 2.10.xsl + the wrapping) =#=#=#=
<cib epoch="2" num_updates="0" admin_epoch="1">
<configuration>
diff --git a/cts/cli/regression.validity.exp b/cts/cli/regression.validity.exp
index 5ace430e7..125035a47 100644
--- a/cts/cli/regression.validity.exp
+++ b/cts/cli/regression.validity.exp
@@ -121,7 +121,11 @@ update_validation debug: Testing 'pacemaker-3.7' validation (21 of X)
element rsc_order: Relax-NG validity error : Invalid attribute first-action for element rsc_order
element rsc_order: Relax-NG validity error : Element constraints has extra content: rsc_order
update_validation trace: pacemaker-3.7 validation failed
-Cannot upgrade configuration (claiming schema pacemaker-1.2) to at least pacemaker-3.0 because it does not validate with any schema from pacemaker-1.2 to pacemaker-3.7
+update_validation debug: Testing 'pacemaker-3.8' validation (22 of X)
+element rsc_order: Relax-NG validity error : Invalid attribute first-action for element rsc_order
+element rsc_order: Relax-NG validity error : Element constraints has extra content: rsc_order
+update_validation trace: pacemaker-3.8 validation failed
+Cannot upgrade configuration (claiming schema pacemaker-1.2) to at least pacemaker-3.0 because it does not validate with any schema from pacemaker-1.2 to pacemaker-3.8
=#=#=#= End test: Run crm_simulate with invalid CIB (enum violation) - Invalid configuration (78) =#=#=#=
* Passed: crm_simulate - Run crm_simulate with invalid CIB (enum violation)
=#=#=#= Begin test: Try to make resulting CIB invalid (unrecognized validate-with) =#=#=#=
@@ -226,7 +230,10 @@ update_validation trace: pacemaker-3.6 validation failed
update_validation debug: Testing 'pacemaker-3.7' validation (21 of X)
element cib: Relax-NG validity error : Invalid attribute validate-with for element cib
update_validation trace: pacemaker-3.7 validation failed
-Cannot upgrade configuration (claiming schema pacemaker-9999.0) to at least pacemaker-3.0 because it does not validate with any schema from unknown to pacemaker-3.7
+update_validation debug: Testing 'pacemaker-3.8' validation (22 of X)
+element cib: Relax-NG validity error : Invalid attribute validate-with for element cib
+update_validation trace: pacemaker-3.8 validation failed
+Cannot upgrade configuration (claiming schema pacemaker-9999.0) to at least pacemaker-3.0 because it does not validate with any schema from unknown to pacemaker-3.8
=#=#=#= End test: Run crm_simulate with invalid CIB (unrecognized validate-with) - Invalid configuration (78) =#=#=#=
* Passed: crm_simulate - Run crm_simulate with invalid CIB (unrecognized validate-with)
=#=#=#= Begin test: Try to make resulting CIB invalid, but possibly recoverable (valid with X.Y+1) =#=#=#=
@@ -326,8 +333,11 @@ update_validation debug: Configuration valid for schema: pacemaker-3.6
update_validation debug: pacemaker-3.6-style configuration is also valid for pacemaker-3.7
update_validation debug: Testing 'pacemaker-3.7' validation (21 of X)
update_validation debug: Configuration valid for schema: pacemaker-3.7
-update_validation trace: Stopping at pacemaker-3.7
-update_validation info: Transformed the configuration from pacemaker-1.2 to pacemaker-3.7
+update_validation debug: pacemaker-3.7-style configuration is also valid for pacemaker-3.8
+update_validation debug: Testing 'pacemaker-3.8' validation (22 of X)
+update_validation debug: Configuration valid for schema: pacemaker-3.8
+update_validation trace: Stopping at pacemaker-3.8
+update_validation info: Transformed the configuration from pacemaker-1.2 to pacemaker-3.8
unpack_resources error: Resource start-up disabled since no STONITH resources have been defined
unpack_resources error: Either configure some or disable STONITH with the stonith-enabled option
unpack_resources error: NOTE: Clusters with shared data need STONITH to ensure data integrity
@@ -437,6 +447,8 @@ element rsc_order: Relax-NG validity error : Invalid attribute first-action for
element rsc_order: Relax-NG validity error : Element constraints has extra content: rsc_order
element rsc_order: Relax-NG validity error : Invalid attribute first-action for element rsc_order
element rsc_order: Relax-NG validity error : Element constraints has extra content: rsc_order
+element rsc_order: Relax-NG validity error : Invalid attribute first-action for element rsc_order
+element rsc_order: Relax-NG validity error : Element constraints has extra content: rsc_order
=#=#=#= Current cib after: Make resulting CIB invalid, and without validate-with attribute =#=#=#=
<cib epoch="41" num_updates="0" admin_epoch="0" validate-with="none">
<configuration>
@@ -502,6 +514,8 @@ validity.bad.xml:10: element rsc_order: Relax-NG validity error : Invalid attrib
validity.bad.xml:10: element rsc_order: Relax-NG validity error : Element constraints has extra content: rsc_order
validity.bad.xml:10: element rsc_order: Relax-NG validity error : Invalid attribute first-action for element rsc_order
validity.bad.xml:10: element rsc_order: Relax-NG validity error : Element constraints has extra content: rsc_order
+validity.bad.xml:10: element rsc_order: Relax-NG validity error : Invalid attribute first-action for element rsc_order
+validity.bad.xml:10: element rsc_order: Relax-NG validity error : Element constraints has extra content: rsc_order
unpack_resources error: Resource start-up disabled since no STONITH resources have been defined
unpack_resources error: Either configure some or disable STONITH with the stonith-enabled option
unpack_resources error: NOTE: Clusters with shared data need STONITH to ensure data integrity
--
2.27.0
Reference in New Issue View Git Blame Copy Permalink