ipapython: move dnssec, p11helper and secrets to ipaserver

The dnssec and secrets subpackages and the p11helper module depend on
ipaplatform.

Move them to ipaserver as they are used only on the server.

https://fedorahosted.org/freeipa/ticket/6474

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>

30 files changed, 47 insertions, 49 deletions

diff --git a/daemons/dnssec/ipa-dnskeysync-replica b/daemons/dnssec/ipa-dnskeysync-replica
index fbfee93b8..43670d29c 100755
--- a/daemons/dnssec/ipa-dnskeysync-replica
+++ b/daemons/dnssec/ipa-dnskeysync-replica
@@ -20,10 +20,11 @@ from ipapython.ipa_log_manager import root_logger, standard_logging_setup
 from ipapython import ipaldap
 from ipapython import ipautil
 from ipaplatform.paths import paths
-
-from ipapython.dnssec.abshsm import sync_pkcs11_metadata, ldap2p11helper_api_params, wrappingmech_name2id
-from ipapython.dnssec.ldapkeydb import LdapKeyDB
-from ipapython.dnssec.localhsm import LocalHSM
+from ipaserver.dnssec.abshsm import (sync_pkcs11_metadata,
+                                     ldap2p11helper_api_params,
+                                     wrappingmech_name2id)
+from ipaserver.dnssec.ldapkeydb import LdapKeyDB
+from ipaserver.dnssec.localhsm import LocalHSM
 
 DAEMONNAME = 'ipa-dnskeysyncd'
 PRINCIPAL = None  # not initialized yet
diff --git a/daemons/dnssec/ipa-dnskeysyncd b/daemons/dnssec/ipa-dnskeysyncd
index dfe4cb4be..37c6a02fb 100755
--- a/daemons/dnssec/ipa-dnskeysyncd
+++ b/daemons/dnssec/ipa-dnskeysyncd
@@ -16,8 +16,7 @@ from ipapython.ipa_log_manager import root_logger, standard_logging_setup
 from ipapython import ipaldap
 from ipapython import ipautil
 from ipaplatform.paths import paths
-
-from ipapython.dnssec.keysyncer import KeySyncer
+from ipaserver.dnssec.keysyncer import KeySyncer
 
 # IPA framework initialization
 api.bootstrap(in_server=True, log=None)  # no logging to file
diff --git a/daemons/dnssec/ipa-ods-exporter b/daemons/dnssec/ipa-ods-exporter
index 66332490a..f2fdaa991 100755
--- a/daemons/dnssec/ipa-ods-exporter
+++ b/daemons/dnssec/ipa-ods-exporter
@@ -36,10 +36,9 @@ from ipapython.dn import DN
 from ipapython import ipaldap
 from ipapython import ipautil
 from ipaplatform.paths import paths
-
-from ipapython.dnssec.abshsm import sync_pkcs11_metadata, wrappingmech_name2id
-from ipapython.dnssec.ldapkeydb import LdapKeyDB
-from ipapython.dnssec.localhsm import LocalHSM
+from ipaserver.dnssec.abshsm import sync_pkcs11_metadata, wrappingmech_name2id
+from ipaserver.dnssec.ldapkeydb import LdapKeyDB
+from ipaserver.dnssec.localhsm import LocalHSM
 
 DAEMONNAME = 'ipa-ods-exporter'
 PRINCIPAL = None  # not initialized yet
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 3865ed8c7..d76c1a314 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -1065,12 +1065,14 @@ fi
 %license COPYING
 %{python_sitelib}/ipaserver-*.egg-info
 %dir %{python_sitelib}/ipaserver
+%dir %{python_sitelib}/ipaserver/dnssec
 %dir %{python_sitelib}/ipaserver/install
 %dir %{python_sitelib}/ipaserver/install/plugins
 %dir %{python_sitelib}/ipaserver/install/server
 %dir %{python_sitelib}/ipaserver/advise
 %dir %{python_sitelib}/ipaserver/advise/plugins
 %dir %{python_sitelib}/ipaserver/plugins
+%dir %{python_sitelib}/ipaserver/secrets
 
 
 %files server-common
@@ -1285,12 +1287,8 @@ fi
 %license COPYING
 %dir %{python_sitelib}/ipapython
 %{python_sitelib}/ipapython/*.py*
-%dir %{python_sitelib}/ipapython/dnssec
-%{python_sitelib}/ipapython/dnssec/*.py*
 %dir %{python_sitelib}/ipapython/install
 %{python_sitelib}/ipapython/install/*.py*
-%dir %{python_sitelib}/ipapython/secrets
-%{python_sitelib}/ipapython/secrets/*.py*
 %dir %{python_sitelib}/ipalib
 %{python_sitelib}/ipalib/*.py*
 %dir %{python_sitelib}/ipalib/install
diff --git a/install/share/custodia.conf.template b/install/share/custodia.conf.template
index 94740c00d..855a1b3ba 100644
--- a/install/share/custodia.conf.template
+++ b/install/share/custodia.conf.template
@@ -13,13 +13,13 @@ handler = custodia.httpd.authenticators.SimpleHeaderAuth
 header = GSS_NAME
 
 [authz:kemkeys]
-handler = ipapython.secrets.kem.IPAKEMKeys
+handler = ipaserver.secrets.kem.IPAKEMKeys
 paths = /keys
 store = ipa
 server_keys = $IPA_CUSTODIA_CONF_DIR/server.keys
 
 [store:ipa]
-handler = ipapython.secrets.store.IPASecStore
+handler = ipaserver.secrets.store.IPASecStore
 ldap_uri = $LDAP_URI
 
 [/keys]
diff --git a/install/tools/ipa-pki-retrieve-key b/install/tools/ipa-pki-retrieve-key
index 740e799d2..505ed238e 100755
--- a/install/tools/ipa-pki-retrieve-key
+++ b/install/tools/ipa-pki-retrieve-key
@@ -8,7 +8,7 @@ import sys
 from ipalib import constants
 from ipalib.config import Env
 from ipaplatform.paths import paths
-from ipapython.secrets.client import CustodiaClient
+from ipaserver.secrets.client import CustodiaClient
 
 env = Env()
 env._finalize()
diff --git a/ipapython/setup.py b/ipapython/setup.py
index 087086eee..1abe7b067 100755
--- a/ipapython/setup.py
+++ b/ipapython/setup.py
@@ -34,8 +34,6 @@ if __name__ == '__main__':
         package_dir={'ipapython': ''},
         packages=[
             "ipapython",
-            "ipapython.dnssec",
-            "ipapython.secrets",
             "ipapython.install"
         ],
         install_requires=[
@@ -60,12 +58,4 @@ if __name__ == '__main__':
         extras_require={
             ":python_version<'3'": ["enum34"],
         },
-        entry_points={
-            'custodia.authorizers': [
-                'IPAKEMKeys = ipapython.secrets.kem:IPAKEMKeys',
-            ],
-            'custodia.stores': [
-                'IPASecStore = ipapython.secrets.store:IPASecStore',
-            ],
-        },
     )
diff --git a/ipapython/dnssec/__init__.py b/ipaserver/dnssec/__init__.py
index e69de29bb..e69de29bb 100644
--- a/ipapython/dnssec/__init__.py
+++ b/ipaserver/dnssec/__init__.py
diff --git a/ipapython/dnssec/abshsm.py b/ipaserver/dnssec/abshsm.py
index 1533892f8..eb430b437 100644
--- a/ipapython/dnssec/abshsm.py
+++ b/ipaserver/dnssec/abshsm.py
@@ -2,7 +2,7 @@
 # Copyright (C) 2014  FreeIPA Contributors see COPYING for license
 #
 
-from ipapython import p11helper as _ipap11helper
+from ipaserver import p11helper as _ipap11helper
 
 attrs_id2name = {
     #_ipap11helper.CKA_ALLOWED_MECHANISMS: 'ipk11allowedmechanisms',
diff --git a/ipapython/dnssec/bindmgr.py b/ipaserver/dnssec/bindmgr.py
index 33d071f45..71ad05399 100644
--- a/ipapython/dnssec/bindmgr.py
+++ b/ipaserver/dnssec/bindmgr.py
@@ -14,7 +14,7 @@ from ipapython.dn import DN
 from ipapython import ipa_log_manager, ipautil
 from ipaplatform.paths import paths
 
-from ipapython.dnssec.temp import TemporaryDirectory
+from ipaserver.dnssec.temp import TemporaryDirectory
 
 time_bindfmt = '%Y%m%d%H%M%S'
 
diff --git a/ipapython/dnssec/keysyncer.py b/ipaserver/dnssec/keysyncer.py
index 20039a068..a8dc92354 100644
--- a/ipapython/dnssec/keysyncer.py
+++ b/ipaserver/dnssec/keysyncer.py
@@ -10,9 +10,9 @@ import dns.name
 from ipaplatform.paths import paths
 from ipapython import ipautil
 
-from ipapython.dnssec.syncrepl import SyncReplConsumer
-from ipapython.dnssec.odsmgr import ODSMgr
-from ipapython.dnssec.bindmgr import BINDMgr
+from ipaserver.dnssec.syncrepl import SyncReplConsumer
+from ipaserver.dnssec.odsmgr import ODSMgr
+from ipaserver.dnssec.bindmgr import BINDMgr
 
 SIGNING_ATTR = 'idnsSecInlineSigning'
 OBJCLASS_ATTR = 'objectClass'
diff --git a/ipapython/dnssec/ldapkeydb.py b/ipaserver/dnssec/ldapkeydb.py
index aa0413934..98e150d92 100644
--- a/ipapython/dnssec/ldapkeydb.py
+++ b/ipaserver/dnssec/ldapkeydb.py
@@ -13,12 +13,12 @@ from ipapython.dn import DN
 from ipapython import ipaldap
 from ipapython import ipa_log_manager
 
-from ipapython.dnssec.abshsm import (
+from ipaserver.dnssec.abshsm import (
     attrs_name2id,
     AbstractHSM,
     bool_attr_names,
     populate_pkcs11_metadata)
-from ipapython import p11helper as _ipap11helper
+from ipaserver import p11helper as _ipap11helper
 import uuid
 
 def uri_escape(val):
diff --git a/ipapython/dnssec/localhsm.py b/ipaserver/dnssec/localhsm.py
index befe08aec..c1e4887b5 100755
--- a/ipapython/dnssec/localhsm.py
+++ b/ipaserver/dnssec/localhsm.py
@@ -13,8 +13,8 @@ from pprint import pprint
 
 from ipaplatform.paths import paths
 
-from ipapython import p11helper as _ipap11helper
-from ipapython.dnssec.abshsm import (attrs_name2id, attrs_id2name, AbstractHSM,
+from ipaserver import p11helper as _ipap11helper
+from ipaserver.dnssec.abshsm import (attrs_name2id, attrs_id2name, AbstractHSM,
                                      keytype_id2name, keytype_name2id,
                                      ldap2p11helper_api_params)
 
diff --git a/ipapython/dnssec/odsmgr.py b/ipaserver/dnssec/odsmgr.py
index 0308408e0..0308408e0 100644
--- a/ipapython/dnssec/odsmgr.py
+++ b/ipaserver/dnssec/odsmgr.py
diff --git a/ipapython/dnssec/syncrepl.py b/ipaserver/dnssec/syncrepl.py
index e197670ad..e197670ad 100644
--- a/ipapython/dnssec/syncrepl.py
+++ b/ipaserver/dnssec/syncrepl.py
diff --git a/ipapython/dnssec/temp.py b/ipaserver/dnssec/temp.py
index e97d3a0b8..e97d3a0b8 100644
--- a/ipapython/dnssec/temp.py
+++ b/ipaserver/dnssec/temp.py
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 1aa6b8d4e..20fc2b730 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -57,7 +57,7 @@ from ipapython.certdb import get_ca_nickname
 from ipapython.dn import DN
 from ipapython.ipa_log_manager import log_mgr,\
     standard_logging_setup, root_logger
-from ipapython.secrets.kem import IPAKEMKeys
+from ipaserver.secrets.kem import IPAKEMKeys
 
 from ipaserver.install import certs
 from ipaserver.install import custodiainstance
diff --git a/ipaserver/install/custodiainstance.py b/ipaserver/install/custodiainstance.py
index b0c952d68..604a6da3e 100644
--- a/ipaserver/install/custodiainstance.py
+++ b/ipaserver/install/custodiainstance.py
@@ -1,7 +1,7 @@
 # Copyright (C) 2015 FreeIPa Project Contributors, see 'COPYING' for license.
 
-from ipapython.secrets.kem import IPAKEMKeys
-from ipapython.secrets.client import CustodiaClient
+from ipaserver.secrets.kem import IPAKEMKeys
+from ipaserver.secrets.client import CustodiaClient
 from ipaserver.install.certs import CertDB
 from ipaplatform.paths import paths
 from ipaplatform.constants import constants
diff --git a/ipaserver/install/dnskeysyncinstance.py b/ipaserver/install/dnskeysyncinstance.py
index 28eb3f9d6..76a14f9d9 100644
--- a/ipaserver/install/dnskeysyncinstance.py
+++ b/ipaserver/install/dnskeysyncinstance.py
@@ -13,7 +13,7 @@ import stat
 
 import ldap
 
-from ipapython import p11helper as _ipap11helper
+from ipaserver import p11helper as _ipap11helper
 from ipapython.dnsutil import DNSName
 from ipaserver.install import service
 from ipaserver.install import installutils
diff --git a/ipaserver/install/opendnssecinstance.py b/ipaserver/install/opendnssecinstance.py
index 39b81b6b4..9d0664d99 100644
--- a/ipaserver/install/opendnssecinstance.py
+++ b/ipaserver/install/opendnssecinstance.py
@@ -13,11 +13,12 @@ from ipaserver.install import service
 from ipaserver.install import installutils
 from ipapython.ipa_log_manager import root_logger
 from ipapython.dn import DN
-from ipapython import sysrestore, ipautil, p11helper
+from ipapython import sysrestore, ipautil
 from ipaplatform import services
 from ipaplatform.constants import constants
 from ipaplatform.paths import paths
 from ipalib import errors, api
+from ipaserver import p11helper
 from ipaserver.install import dnskeysyncinstance
 
 KEYMASTER = u'dnssecKeyMaster'
diff --git a/ipapython/p11helper.py b/ipaserver/p11helper.py
index 5963c6d71..5963c6d71 100644
--- a/ipapython/p11helper.py
+++ b/ipaserver/p11helper.py
diff --git a/ipapython/secrets/__init__.py b/ipaserver/secrets/__init__.py
index e69de29bb..e69de29bb 100644
--- a/ipapython/secrets/__init__.py
+++ b/ipaserver/secrets/__init__.py
diff --git a/ipapython/secrets/client.py b/ipaserver/secrets/client.py
index d9cc7d0f5..a04b9a643 100644
--- a/ipapython/secrets/client.py
+++ b/ipaserver/secrets/client.py
@@ -4,8 +4,8 @@ from __future__ import print_function
 from custodia.message.kem import KEMClient, KEY_USAGE_SIG, KEY_USAGE_ENC
 from jwcrypto.common import json_decode
 from jwcrypto.jwk import JWK
-from ipapython.secrets.kem import IPAKEMKeys
-from ipapython.secrets.store import iSecStore
+from ipaserver.secrets.kem import IPAKEMKeys
+from ipaserver.secrets.store import iSecStore
 from ipaplatform.paths import paths
 from base64 import b64encode
 import ldapurl
diff --git a/ipapython/secrets/common.py b/ipaserver/secrets/common.py
index 2b906b649..2b906b649 100644
--- a/ipapython/secrets/common.py
+++ b/ipaserver/secrets/common.py
diff --git a/ipapython/secrets/kem.py b/ipaserver/secrets/kem.py
index 7f92c9f89..143caaf6c 100644
--- a/ipapython/secrets/kem.py
+++ b/ipaserver/secrets/kem.py
@@ -17,7 +17,7 @@ from custodia.message.kem import KEY_USAGE_SIG, KEY_USAGE_ENC, KEY_USAGE_MAP
 from jwcrypto.common import json_decode, json_encode
 from jwcrypto.common import base64url_encode
 from jwcrypto.jwk import JWK
-from ipapython.secrets.common import iSecLdap
+from ipaserver.secrets.common import iSecLdap
 from binascii import unhexlify
 import ldap
 
diff --git a/ipapython/secrets/store.py b/ipaserver/secrets/store.py
index 30a87d4a5..1df7191f9 100644
--- a/ipapython/secrets/store.py
+++ b/ipaserver/secrets/store.py
@@ -6,7 +6,7 @@ from custodia.store.interface import CSStore
 from jwcrypto.common import json_decode, json_encode
 from ipaplatform.paths import paths
 from ipapython import ipautil
-from ipapython.secrets.common import iSecLdap
+from ipaserver.secrets.common import iSecLdap
 import ldap
 import os
 import shutil
diff --git a/ipaserver/setup.py b/ipaserver/setup.py
index 5c38843b4..3635832d4 100755
--- a/ipaserver/setup.py
+++ b/ipaserver/setup.py
@@ -38,7 +38,9 @@ if __name__ == '__main__':
             'ipaserver',
             'ipaserver.advise',
             'ipaserver.advise.plugins',
+            'ipaserver.dnssec',
             'ipaserver.plugins',
+            'ipaserver.secrets',
             'ipaserver.install',
             'ipaserver.install.plugins',
             'ipaserver.install.server',
@@ -69,4 +71,12 @@ if __name__ == '__main__':
         setup_requires=[
             "wheel",
         ],
+        entry_points={
+            'custodia.authorizers': [
+                'IPAKEMKeys = ipaserver.secrets.kem:IPAKEMKeys',
+            ],
+            'custodia.stores': [
+                'IPASecStore = ipaserver.secrets.store:IPASecStore',
+            ],
+        },
     )
diff --git a/ipatests/test_ipapython/test_dnssec.py b/ipatests/test_ipaserver/test_dnssec.py
index c4b830e72..b90f69e13 100644
--- a/ipatests/test_ipapython/test_dnssec.py
+++ b/ipatests/test_ipaserver/test_dnssec.py
@@ -2,11 +2,11 @@
 # Copyright (C) 2016  FreeIPA Contributors see COPYING for license
 #
 """
-Test the `ipapython/dnssec` package.
+Test the `ipaserver/dnssec` package.
 """
 import dns.name
 
-from ipapython.dnssec.odsmgr import ODSZoneListReader
+from ipaserver.dnssec.odsmgr import ODSZoneListReader
 
 
 ZONELIST_XML = """<?xml version="1.0" encoding="UTF-8"?>
diff --git a/ipatests/test_ipapython/test_ipap11helper.py b/ipatests/test_ipaserver/test_ipap11helper.py
index 2c8fd2892..c0c8b24bb 100644
--- a/ipatests/test_ipapython/test_ipap11helper.py
+++ b/ipatests/test_ipaserver/test_ipap11helper.py
@@ -17,7 +17,7 @@ import tempfile
 import pytest
 from ipaplatform.paths import paths
 
-from ipapython import p11helper as _ipap11helper
+from ipaserver import p11helper as _ipap11helper
 
 pytestmark = pytest.mark.tier0
 
diff --git a/ipatests/test_ipapython/test_secrets.py b/ipatests/test_ipaserver/test_secrets.py
index 9fbf825d2..40daed67f 100644
--- a/ipatests/test_ipapython/test_secrets.py
+++ b/ipatests/test_ipaserver/test_secrets.py
@@ -1,7 +1,7 @@
 # Copyright (C) 2015  FreeIPA Project Contributors - see LICENSE file
 
 from __future__ import print_function
-from ipapython.secrets.store import iSecStore, NAME_DB_MAP, NSSCertDB
+from ipaserver.secrets.store import iSecStore, NAME_DB_MAP, NSSCertDB
 import os
 import shutil
 import subprocess