From dc38d57baaef9c0b322651cee1fd07737c87b5c9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= <josue@tille.ch>
Date: Thu, 2 Apr 2020 14:39:20 +0200
Subject: [PATCH] Make more robust migration

---
 .../0015_extends_permissions_features_1.py    | 57 ++++++++++++++++++-
 1 file changed, 55 insertions(+), 2 deletions(-)

diff --git a/src/yunohost/data_migrations/0015_extends_permissions_features_1.py b/src/yunohost/data_migrations/0015_extends_permissions_features_1.py
index 992006840..433bf94da 100644
--- a/src/yunohost/data_migrations/0015_extends_permissions_features_1.py
+++ b/src/yunohost/data_migrations/0015_extends_permissions_features_1.py
@@ -6,7 +6,7 @@ from yunohost.utils.error import YunohostError
 from moulinette.utils.log import getActionLogger
 
 from yunohost.tools import Migration
-from yunohost.app import app_setting
+from yunohost.app import app_setting, app_ssowatconf
 from yunohost.permission import user_permission_list, SYSTEM_PERMS
 
 logger = getActionLogger('yunohost.migration')
@@ -18,7 +18,7 @@ class MyMigration(Migration):
 
     required = True
 
-    def run(self):
+    def add_new_ldap_attributes(self):
 
         from yunohost.utils.ldap import _get_ldap_interface
         from yunohost.regenconf import regen_conf, BACKUP_CONF_DIR
@@ -61,3 +61,56 @@ class MyMigration(Migration):
                         'isProtected': ["TRUE"]
                     })
                 app_setting(permission.split('.')[0], 'label', delete=True)
+
+    def run(self):
+
+        # FIXME : what do we really want to do here ...
+        # Imho we should just force-regen the conf in all case, and maybe
+        # just display a warning if we detect that the conf was manually modified
+
+        # Check if the migration can be processed
+        ldap_regen_conf_status = regen_conf(names=['slapd'], dry_run=True)
+        # By this we check if the have been customized
+        if ldap_regen_conf_status and ldap_regen_conf_status['slapd']['pending']:
+            logger.warning(m18n.n("migration_0011_slapd_config_will_be_overwritten", conf_backup_folder=BACKUP_CONF_DIR))
+
+        # Backup LDAP and the apps settings before to do the migration
+        logger.info(m18n.n("migration_0011_backup_before_migration"))
+        try:
+            backup_folder = "/home/yunohost.backup/premigration/" + time.strftime('%Y%m%d-%H%M%S', time.gmtime())
+            os.makedirs(backup_folder, 0o750)
+            os.system("systemctl stop slapd")
+            os.system("cp -r --preserve /etc/ldap %s/ldap_config" % backup_folder)
+            os.system("cp -r --preserve /var/lib/ldap %s/ldap_db" % backup_folder)
+            os.system("cp -r --preserve /etc/yunohost/apps %s/apps_settings" % backup_folder)
+        except Exception as e:
+            raise YunohostError("migration_0011_can_not_backup_before_migration", error=e)
+        finally:
+            os.system("systemctl start slapd")
+
+        try:
+            # Update LDAP schema restart slapd
+            logger.info(m18n.n("migration_0011_update_LDAP_schema"))
+            regen_conf(names=['slapd'], force=True)
+
+            # Update LDAP database
+            self.add_new_ldap_attributes()
+
+            app_ssowatconf()
+
+        except Exception as e:
+            logger.warn(m18n.n("migration_0011_migration_failed_trying_to_rollback"))
+            os.system("systemctl stop slapd")
+            os.system("rm -r /etc/ldap/slapd.d")  # To be sure that we don't keep some part of the old config
+            os.system("cp -r --preserve %s/ldap_config/. /etc/ldap/" % backup_folder)
+            os.system("cp -r --preserve %s/ldap_db/. /var/lib/ldap/" % backup_folder)
+            os.system("cp -r --preserve %s/apps_settings/. /etc/yunohost/apps/" % backup_folder)
+            os.system("systemctl start slapd")
+            os.system("rm -r " + backup_folder)
+            logger.info(m18n.n("migration_0011_rollback_success"))
+            raise
+        else:
+            os.system("rm -r " + backup_folder)
+
+            logger.info(m18n.n("migration_0011_done"))
+