Make migration more robust to re-runs

locales/en.json

@@ -354,7 +354,6 @@
     "migration_0011_can_not_backup_before_migration": "The backup of the system before the migration failed. Migration failed. Error: {error:s}",
     "migration_0011_create_group": "Creating a group for each user...",
     "migration_0011_done": "Migration successful. You are now able to manage groups of users.",
-    "migration_0011_error_when_removing_sftpuser_group": "Error when trying remove sftpusers group",
     "migration_0011_LDAP_config_dirty": "It look like that you customized your LDAP configuration. For this migration the LDAP configuration need to be updated.\nYou need to save your actual configuration, reintialize the original configuration by the command 'yunohost tools regen-conf -f' and after retry the migration",
     "migration_0011_LDAP_update_failed": "LDAP update failed. Error: {error:s}",
     "migration_0011_migrate_permission": "Migrating permissions from apps settings to LDAP...",
@@ -362,6 +361,7 @@
     "migration_0011_rollback_success": "Rollback succeeded.",
     "migration_0011_update_LDAP_database": "Updating LDAP database...",
     "migration_0011_update_LDAP_schema": "Updating LDAP schema...",
+    "migration_0011_failed_to_remove_stale_object": "Failed to remove stale object {dn}: {error}",
     "migrations_already_ran": "Those migrations have already been ran: {ids}",
     "migrations_cant_reach_migration_file": "Can't access migrations files at path %s",
     "migrations_dependencies_not_satisfied": "Can't run migration {id} because first you need to run these migrations: {dependencies_id}",

src/yunohost/data_migrations/0011_setup_group_permission.py

@@ -28,6 +28,28 @@ class MyMigration(Migration):
 
     required = True
 
+    def remove_if_exists(self, target):
+
+        from yunohost.utils.ldap import _get_ldap_interface
+        ldap = _get_ldap_interface()
+
+        try:
+            objects = ldap.search(target + ",dc=yunohost,dc=org")
+        # ldap search will raise an exception if no corresponding object is found >.> ...
+        except Exception as e:
+            logger.debug("%s does not exist, no need to delete it" % target)
+            return
+
+        objects.reverse()
+        for o in objects:
+            for dn in o["dn"]:
+                dn = dn.replace(",dc=yunohost,dc=org", "")
+                logger.debug("Deleting old object %s ..." % dn)
+                try:
+                    ldap.remove(dn)
+                except Exception as e:
+                    raise YunohostError("migration_0011_failed_to_remove_stale_object", dn=dn, error=e)
+
     def migrate_LDAP_db(self):
 
         logger.info(m18n.n("migration_0011_update_LDAP_database"))
@@ -35,14 +57,13 @@ class MyMigration(Migration):
         from yunohost.utils.ldap import _get_ldap_interface
         ldap = _get_ldap_interface()
 
-        try:
-            ldap.remove('cn=sftpusers,ou=groups')
-        except:
-            logger.warn(m18n.n("migration_0011_error_when_removing_sftpuser_group"))
-
         ldap_map = read_yaml('/usr/share/yunohost/yunohost-config/moulinette/ldap_scheme.yml')
 
         try:
+            self.remove_if_exists("cn=sftpusers,ou=groups")
+            self.remove_if_exists("ou=permission")
+            self.remove_if_exists('cn=all_users,ou=groups')
+
             attr_dict = ldap_map['parents']['ou=permission']
             ldap.add('ou=permission', attr_dict)