From 0e752aab297ad0a2c43d6c8755db175f45de028e Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Thu, 19 Mar 2015 15:32:21 +0100 Subject: Server Upgrade: plugins should use ldapupdater API instance This is required to have proper LDAP connection in plugins https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka --- ipaserver/install/plugins/adtrust.py | 17 ++++++++------- ipaserver/install/plugins/dns.py | 25 +++++++++++----------- .../install/plugins/fix_replica_agreements.py | 6 ++++-- ipaserver/install/plugins/rename_managed.py | 2 +- ipaserver/install/plugins/update_idranges.py | 4 ++-- ipaserver/install/plugins/update_pacs.py | 2 +- ipaserver/install/plugins/update_passsync.py | 2 +- ipaserver/install/plugins/update_services.py | 2 +- 8 files changed, 32 insertions(+), 28 deletions(-) (limited to 'ipaserver/install/plugins') diff --git a/ipaserver/install/plugins/adtrust.py b/ipaserver/install/plugins/adtrust.py index 7a4f543f5..287595d96 100644 --- a/ipaserver/install/plugins/adtrust.py +++ b/ipaserver/install/plugins/adtrust.py @@ -32,7 +32,7 @@ class update_default_range(Updater): def execute(self, **options): ldap = self.api.Backend.ldap2 - dn = DN(api.env.container_ranges, api.env.basedn) + dn = DN(self.api.env.container_ranges, self.api.env.basedn) search_filter = "objectclass=ipaDomainIDRange" try: (entries, truncated) = ldap.find_entries(search_filter, [], dn) @@ -42,7 +42,8 @@ class update_default_range(Updater): root_logger.debug("default_range: ipaDomainIDRange entry found, skip plugin") return False, [] - dn = DN(('cn', 'admins'), api.env.container_group, api.env.basedn) + dn = DN(('cn', 'admins'), self.api.env.container_group, + self.api.env.basedn) try: admins_entry = ldap.get_entry(dn, ['gidnumber']) except errors.NotFound: @@ -51,7 +52,7 @@ class update_default_range(Updater): return False, [] id_range_base_id = admins_entry['gidnumber'][0] - id_range_name = '%s_id_range' % api.env.realm + id_range_name = '%s_id_range' % self.api.env.realm id_range_size = DEFAULT_ID_RANGE_SIZE range_entry = ['objectclass:top', @@ -63,8 +64,8 @@ class update_default_range(Updater): 'iparangetype:ipa-local', ] - dn = DN(('cn', '%s_id_range' % api.env.realm), - api.env.container_ranges, api.env.basedn) + dn = DN(('cn', '%s_id_range' % self.api.env.realm), + self.api.env.container_ranges, self.api.env.basedn) update = {'dn': dn, 'default': range_entry} @@ -74,7 +75,7 @@ class update_default_range(Updater): # bigger range (option --idmax). # We should make our best to check if this is the case and provide # user with an information how to fix it. - dn = DN(api.env.container_dna_posix_ids, api.env.basedn) + dn = DN(self.api.env.container_dna_posix_ids, self.api.env.basedn) search_filter = "objectclass=dnaSharedConfig" attrs = ['dnaHostname', 'dnaRemainingValues'] try: @@ -124,8 +125,8 @@ class update_default_trust_view(Updater): ldap = self.api.Backend.ldap2 default_trust_view_dn = DN(('cn', 'Default Trust View'), - api.env.container_views, - api.env.basedn) + self.api.env.container_views, + self.api.env.basedn) default_trust_view_entry = [ 'objectclass:top', diff --git a/ipaserver/install/plugins/dns.py b/ipaserver/install/plugins/dns.py index 67c08ccb4..95c004d21 100644 --- a/ipaserver/install/plugins/dns.py +++ b/ipaserver/install/plugins/dns.py @@ -62,7 +62,7 @@ class update_dnszones(Updater): return False, [] try: - zones = api.Command.dnszone_find(all=True)['result'] + zones = self.api.Command.dnszone_find(all=True)['result'] except errors.NotFound: self.log.info('No DNS zone to update found') return False, [] @@ -77,14 +77,15 @@ class update_dnszones(Updater): # do not open zone transfers by default update['idnsallowtransfer'] = u'none;' - old_policy = util.get_dns_forward_zone_update_policy(api.env.realm, ('A', 'AAAA')) + old_policy = util.get_dns_forward_zone_update_policy( + self.api.env.realm, ('A', 'AAAA')) if zone.get('idnsupdatepolicy', [''])[0] == old_policy: update['idnsupdatepolicy'] = util.get_dns_forward_zone_update_policy(\ - api.env.realm) + self.api.env.realm) if update: # FIXME: https://fedorahosted.org/freeipa/ticket/4722 - api.Command.dnszone_mod(zone[u'idnsname'][0].make_absolute(), + self.api.Command.dnszone_mod(zone[u'idnsname'][0].make_absolute(), **update) return False, [] @@ -156,7 +157,7 @@ class update_master_to_dnsforwardzones(Updater): def execute(self, **options): ldap = self.api.Backend.ldap2 # check LDAP if forwardzones already uses new semantics - dns_container_dn = DN(api.env.container_dns, api.env.basedn) + dns_container_dn = DN(self.api.env.container_dns, self.api.env.basedn) try: container_entry = ldap.get_entry(dns_container_dn) except errors.NotFound: @@ -181,7 +182,7 @@ class update_master_to_dnsforwardzones(Updater): # should detect if update in past has been executed, and set proper # DNSVersion into LDAP try: - fwzones = api.Command.dnsforwardzone_find()['result'] + fwzones = self.api.Command.dnsforwardzone_find()['result'] except errors.NotFound: # No forwardzones found, update probably has not been executed yet pass @@ -193,7 +194,7 @@ class update_master_to_dnsforwardzones(Updater): zones = [] try: # raw values are required to store into ldif - zones = api.Command.dnszone_find(all=True, + zones = self.api.Command.dnszone_find(all=True, raw=True, sizelimit=0)['result'] except errors.NotFound: @@ -249,7 +250,7 @@ class update_master_to_dnsforwardzones(Updater): zone_to_privileges[zone['idnsname'][0]] = entry['member'] # raw values are required to store into ldif - records = api.Command['dnsrecord_find']( + records = self.api.Command['dnsrecord_find']( zone['idnsname'][0], all=True, raw=True, @@ -288,7 +289,7 @@ class update_master_to_dnsforwardzones(Updater): for zone in zones_to_transform: # delete master zone try: - api.Command['dnszone_del'](zone['idnsname']) + self.api.Command['dnszone_del'](zone['idnsname']) except Exception, e: self.log.error('Transform to forwardzone terminated: ' 'removing zone %s failed (%s)' % ( @@ -303,7 +304,7 @@ class update_master_to_dnsforwardzones(Updater): 'idnsforwarders': zone.get('idnsforwarders', []), 'idnsforwardpolicy': zone.get('idnsforwardpolicy', [u'first'])[0] } - api.Command['dnsforwardzone_add'](zone['idnsname'][0], **kw) + self.api.Command['dnsforwardzone_add'](zone['idnsname'][0], **kw) except Exception, e: self.log.error('Transform to forwardzone terminated: creating ' 'forwardzone %s failed' % @@ -314,7 +315,7 @@ class update_master_to_dnsforwardzones(Updater): # create permission if original zone has one if 'managedBy' in zone: try: - perm_name = api.Command['dnsforwardzone_add_permission']( + perm_name = self.api.Command['dnsforwardzone_add_permission']( zone['idnsname'][0])['value'] except Exception, e: self.log.error('Transform to forwardzone terminated: ' @@ -332,7 +333,7 @@ class update_master_to_dnsforwardzones(Updater): dn[0].value for dn in zone_to_privileges[zone['idnsname'][0]] ] try: - api.Command['permission_add_member'](perm_name, + self.api.Command['permission_add_member'](perm_name, privilege=privileges) except Exception, e: self.log.error('Unable to restore privileges for ' diff --git a/ipaserver/install/plugins/fix_replica_agreements.py b/ipaserver/install/plugins/fix_replica_agreements.py index 0b1db1c60..413bf877d 100644 --- a/ipaserver/install/plugins/fix_replica_agreements.py +++ b/ipaserver/install/plugins/fix_replica_agreements.py @@ -37,10 +37,12 @@ class update_replica_attribute_lists(Updater): def execute(self, **options): # We need an IPAdmin connection to the backend self.log.debug("Start replication agreement exclude list update task") - conn = ipaldap.IPAdmin(api.env.host, ldapi=True, realm=api.env.realm) + conn = ipaldap.IPAdmin(self.api.env.host, ldapi=True, + realm=self.api.env.realm) conn.do_external_bind(pwd.getpwuid(os.geteuid()).pw_name) - repl = replication.ReplicationManager(api.env.realm, api.env.host, + repl = replication.ReplicationManager(self.api.env.realm, + self.api.env.host, None, conn=conn) # We need to update only IPA replica agreements, not winsync diff --git a/ipaserver/install/plugins/rename_managed.py b/ipaserver/install/plugins/rename_managed.py index 1c031543c..02f91e73b 100644 --- a/ipaserver/install/plugins/rename_managed.py +++ b/ipaserver/install/plugins/rename_managed.py @@ -48,7 +48,7 @@ class GenerateUpdateMixin(object): """ ldap = self.api.Backend.ldap2 - suffix = ipautil.realm_to_suffix(api.env.realm) + suffix = ipautil.realm_to_suffix(self.api.env.realm) searchfilter = '(objectclass=*)' definitions_managed_entries = [] diff --git a/ipaserver/install/plugins/update_idranges.py b/ipaserver/install/plugins/update_idranges.py index a6f2527cc..3181e9ec5 100644 --- a/ipaserver/install/plugins/update_idranges.py +++ b/ipaserver/install/plugins/update_idranges.py @@ -32,7 +32,7 @@ class update_idrange_type(Updater): def execute(self, **options): ldap = self.api.Backend.ldap2 - base_dn = DN(api.env.container_ranges, api.env.basedn) + base_dn = DN(self.api.env.container_ranges, self.api.env.basedn) search_filter = ("(&(objectClass=ipaIDrange)(!(ipaRangeType=*)))") root_logger.debug("update_idrange_type: search for ID ranges with no " "type set") @@ -118,7 +118,7 @@ class update_idrange_baserid(Updater): def execute(self, **options): ldap = self.api.Backend.ldap2 - base_dn = DN(api.env.container_ranges, api.env.basedn) + base_dn = DN(self.api.env.container_ranges, self.api.env.basedn) search_filter = ("(&(objectClass=ipaTrustedADDomainRange)" "(ipaRangeType=ipa-ad-trust-posix)" "(!(ipaBaseRID=0)))") diff --git a/ipaserver/install/plugins/update_pacs.py b/ipaserver/install/plugins/update_pacs.py index 5f8eec2c8..e361844e5 100644 --- a/ipaserver/install/plugins/update_pacs.py +++ b/ipaserver/install/plugins/update_pacs.py @@ -31,7 +31,7 @@ class update_pacs(Updater): ldap = self.api.Backend.ldap2 try: - dn = DN('cn=ipaConfig', 'cn=etc', api.env.basedn) + dn = DN('cn=ipaConfig', 'cn=etc', self.api.env.basedn) entry = ldap.get_entry(dn, ['ipakrbauthzdata']) pacs = entry.get('ipakrbauthzdata', []) except errors.NotFound: diff --git a/ipaserver/install/plugins/update_passsync.py b/ipaserver/install/plugins/update_passsync.py index 1bda790fc..a35f64ef4 100644 --- a/ipaserver/install/plugins/update_passsync.py +++ b/ipaserver/install/plugins/update_passsync.py @@ -50,7 +50,7 @@ class update_passync_privilege_update(Updater): root_logger.debug("Add PassSync user as a member of PassSync privilege") ldap = self.api.Backend.ldap2 passsync_dn = DN(('uid','passsync'), ('cn', 'sysaccounts'), ('cn', 'etc'), - api.env.basedn) + self.api.env.basedn) passsync_privilege_dn = DN(('cn','PassSync Service'), self.api.env.container_privilege, self.api.env.basedn) diff --git a/ipaserver/install/plugins/update_services.py b/ipaserver/install/plugins/update_services.py index 490d0748b..975480d7b 100644 --- a/ipaserver/install/plugins/update_services.py +++ b/ipaserver/install/plugins/update_services.py @@ -33,7 +33,7 @@ class update_service_principalalias(Updater): def execute(self, **options): ldap = self.api.Backend.ldap2 - base_dn = DN(api.env.container_service, api.env.basedn) + base_dn = DN(self.api.env.container_service, self.api.env.basedn) search_filter = ("(&(objectclass=krbprincipal)(objectclass=ipaservice)" "(!(objectclass=ipakrbprincipal)))") root_logger.debug("update_service_principalalias: search for affected " -- cgit