Integrate realmdomains with IPA DNS

Add an entry to realmdomains when a DNS zone is added to IPA. Delete the related entry from realmdomains when the DNS zone is deleted from IPA. Add _kerberos TXT record to DNS zone when a new realmdomain is added. Delete _kerberos TXT record from DNS zone when realmdomain is deleted. Add unit tests to cover new functionality. https://fedorahosted.org/freeipa/ticket/3544
author: Ana Krivokapic <akrivoka@redhat.com> 2013-04-12 15:20:07 +0200
committer: Martin Kosek <mkosek@redhat.com> 2013-04-16 15:50:24 +0200
commit: a730b6e7b5e4eca754022fd3e0112ef597888c3b (patch)
tree: 224bb29ab953d696fe7eb8b9ea106d60c47a3a0f /ipalib
parent: e736e75ce9724ae8298a5b69d093313cd6e62b60 (diff)
download: freeipa-a730b6e7b5e4eca754022fd3e0112ef597888c3b.tar.gz
freeipa-a730b6e7b5e4eca754022fd3e0112ef597888c3b.tar.xz
freeipa-a730b6e7b5e4eca754022fd3e0112ef597888c3b.zip
2 files changed, 73 insertions, 0 deletions
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index becec1423..d59df59a2 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -1841,6 +1841,18 @@ class dnszone_add(LDAPCreate):
                                dns_record,
                                nameserver_ip_address)
 
+        # Add entry to realmdomains
+        # except for our own domain, forwarded zones and reverse zones
+        zone = keys[0]
+
+        if (zone != api.env.domain
+            and not options.get('idnsforwarders')
+            and not zone_is_reverse(zone)):
+            try:
+                api.Command['realmdomains_mod'](add_domain=zone, force=True)
+            except errors.EmptyModlist:
+                pass
+
         return dn
 
 api.register(dnszone_add)
@@ -1857,6 +1869,17 @@ class dnszone_del(LDAPDelete):
                     force=True)
         except errors.NotFound:
             pass
+
+        # Delete entry from realmdomains
+        # except for our own domain
+        zone = keys[0]
+
+        if zone != api.env.domain:
+            try:
+                api.Command['realmdomains_mod'](del_domain=zone, force=True)
+            except errors.AttrValueNotFound:
+                pass
+
         return True
 
 api.register(dnszone_del)
diff --git a/ipalib/plugins/realmdomains.py b/ipalib/plugins/realmdomains.py
index f3dbf8dae..cff193f20 100644
--- a/ipalib/plugins/realmdomains.py
+++ b/ipalib/plugins/realmdomains.py
@@ -49,6 +49,10 @@ EXAMPLES:
 """)
 
 
+def _domain_name_normalizer(d):
+    return d.lower().rstrip('.')
+
+
 class realmdomains(LDAPObject):
     """
     List of domains associated with IPA realm.
@@ -64,16 +68,19 @@ class realmdomains(LDAPObject):
     takes_params = (
         Str('associateddomain+',
             _domain_name_validator,
+            normalizer=_domain_name_normalizer,
             cli_name='domain',
             label=_('Domain'),
         ),
         Str('add_domain?',
             _domain_name_validator,
+            normalizer=_domain_name_normalizer,
             cli_name='add_domain',
             label=_('Add domain'),
         ),
         Str('del_domain?',
             _domain_name_validator,
+            normalizer=_domain_name_normalizer,
             cli_name='del_domain',
             label=_('Delete domain'),
         ),
@@ -133,6 +140,49 @@ class realmdomains_mod(LDAPUpdate):
         entry_attrs['associateddomain'] = domains
         return dn
 
+    def execute(self, *keys, **options):
+        dn = self.obj.get_dn(*keys, **options)
+        ldap = self.obj.backend
+
+        domains_old = set(ldap.get_entry(dn)[1]['associateddomain'])
+        result = super(realmdomains_mod, self).execute(*keys, **options)
+        domains_new = set(ldap.get_entry(dn)[1]['associateddomain'])
+
+        domains_added = domains_new - domains_old
+        domains_deleted = domains_old - domains_new
+
+        # Add a _kerberos TXT record for zones that correspond with
+        # domains which were added
+        for d in domains_added:
+            # Skip our own domain
+            if d == api.env.domain:
+                continue
+            try:
+                api.Command['dnsrecord_add'](
+                    unicode(d),
+                    u'_kerberos',
+                    txtrecord=api.env.realm
+                )
+            except (errors.EmptyModlist, errors.NotFound):
+                pass
+
+        # Delete _kerberos TXT record from zones that correspond with
+        # domains which were deleted
+        for d in domains_deleted:
+            # Skip our own domain
+            if d == api.env.domain:
+                continue
+            try:
+                api.Command['dnsrecord_del'](
+                    unicode(d),
+                    u'_kerberos',
+                    txtrecord=api.env.realm
+                )
+            except (errors.AttrValueNotFound, errors.NotFound):
+                pass
+
+        return result
+
 api.register(realmdomains_mod)
author	Ana Krivokapic <akrivoka@redhat.com>	2013-04-12 15:20:07 +0200
committer	Martin Kosek <mkosek@redhat.com>	2013-04-16 15:50:24 +0200
commit	a730b6e7b5e4eca754022fd3e0112ef597888c3b (patch)
tree	224bb29ab953d696fe7eb8b9ea106d60c47a3a0f /ipalib
parent	e736e75ce9724ae8298a5b69d093313cd6e62b60 (diff)
download	freeipa-a730b6e7b5e4eca754022fd3e0112ef597888c3b.tar.gz freeipa-a730b6e7b5e4eca754022fd3e0112ef597888c3b.tar.xz freeipa-a730b6e7b5e4eca754022fd3e0112ef597888c3b.zip