3 files changed, 65 insertions, 17 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 6cacbacf9..ee5e4506e 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -248,6 +248,7 @@ Requires: %{name}-server-common = %{version}-%{release}
 Requires: %{name}-common = %{version}-%{release}
 Requires: python2-ipaclient = %{version}-%{release}
 Requires: python-ldap >= 2.4.15
+Requires: python-lxml
 Requires: python-gssapi >= 1.1.2
 Requires: python-sssdconfig
 Requires: python-pyasn1
@@ -509,7 +510,6 @@ Requires: keyutils
 Requires: pyOpenSSL
 Requires: python-nss >= 0.16
 Requires: python-cryptography >= 0.9
-Requires: python-lxml
 Requires: python-netaddr
 Requires: python-libipa_hbac
 Requires: python-qrcode-core >= 5.0.0
@@ -559,7 +559,6 @@ Requires: keyutils
 Requires: python3-pyOpenSSL
 Requires: python3-nss >= 0.16
 Requires: python3-cryptography
-Requires: python3-lxml
 Requires: python3-netaddr
 Requires: python3-libipa_hbac
 Requires: python3-qrcode-core >= 5.0.0
diff --git a/ipapython/dnssec/odsmgr.py b/ipapython/dnssec/odsmgr.py
index fb6d696af..0308408e0 100644
--- a/ipapython/dnssec/odsmgr.py
+++ b/ipapython/dnssec/odsmgr.py
@@ -3,8 +3,11 @@
 # Copyright (C) 2014  FreeIPA Contributors see COPYING for license
 #
 
-from lxml import etree
 import dns.name
+try:
+    from xml.etree import cElementTree as etree
+except ImportError:
+    from xml.etree import ElementTree as etree
 
 from ipapython import ipa_log_manager, ipautil
 
@@ -59,13 +62,15 @@ class ODSZoneListReader(ZoneListReader):
     """One-shot parser for ODS zonelist.xml."""
     def __init__(self, zonelist_text):
         super(ODSZoneListReader, self).__init__()
-        xml = etree.fromstring(zonelist_text)
-        self._parse_zonelist(xml)
+        root = etree.fromstring(zonelist_text)
+        self._parse_zonelist(root)
 
-    def _parse_zonelist(self, xml):
+    def _parse_zonelist(self, root):
         """iterate over Zone elements with attribute 'name' and
         add IPA zones to self.zones"""
-        for zone_xml in xml.xpath('/ZoneList/Zone[@name]'):
+        if not root.tag == 'ZoneList':
+            raise ValueError(root.tag)
+        for zone_xml in root.findall('./Zone[@name]'):
             name, zid = self._parse_ipa_zone(zone_xml)
             self._add_zone(name, zid)
 
@@ -79,16 +84,19 @@ class ODSZoneListReader(ZoneListReader):
             tuple (zone name, ID)
         """
         name = zone_xml.get('name')
-        in_adapters = zone_xml.xpath(
-            'Adapters/Input/Adapter[@type="File" '
-            'and starts-with(text(), "%s")]' % ENTRYUUID_PREFIX)
-        assert len(in_adapters) == 1, 'only IPA zones are supported: %s' \
-            % etree.tostring(zone_xml)
-
-        path = in_adapters[0].text
-        # strip prefix from path
-        zid = path[ENTRYUUID_PREFIX_LEN:]
-        return (name, zid)
+        zids = []
+        for in_adapter in zone_xml.findall(
+                './Adapters/Input/Adapter[@type="File"]'):
+            path = in_adapter.text
+            if path.startswith(ENTRYUUID_PREFIX):
+                # strip prefix from path
+                zids.append(path[ENTRYUUID_PREFIX_LEN:])
+
+        if len(zids) != 1:
+            raise ValueError('only IPA zones are supported: {}'.format(
+                etree.tostring(zone_xml)))
+
+        return name, zids[0]
 
 
 class LDAPZoneListReader(ZoneListReader):
diff --git a/ipatests/test_ipapython/test_dnssec.py b/ipatests/test_ipapython/test_dnssec.py
new file mode 100644
index 000000000..c4b830e72
--- /dev/null
+++ b/ipatests/test_ipapython/test_dnssec.py
@@ -0,0 +1,41 @@
+#
+# Copyright (C) 2016  FreeIPA Contributors see COPYING for license
+#
+"""
+Test the `ipapython/dnssec` package.
+"""
+import dns.name
+
+from ipapython.dnssec.odsmgr import ODSZoneListReader
+
+
+ZONELIST_XML = """<?xml version="1.0" encoding="UTF-8"?>
+<ZoneList>
+  <Zone name="ipa.example">
+    <Policy>default</Policy>
+    <Adapters>
+      <Input>
+        <Adapter type="File">/var/lib/ipa/dns/zone/entryUUID/12345</Adapter>
+      </Input>
+      <Output>
+        <Adapter type="File">/var/lib/ipa/dns/zone/entryUUID/12345</Adapter>
+      </Output>
+    </Adapters>
+  </Zone>
+</ZoneList>
+"""
+
+
+def test_ods_zonelist_reader():
+    uuid = '12345'
+    name = dns.name.from_text('ipa.example.')
+
+    reader = ODSZoneListReader("<ZoneList/>")
+    assert reader.mapping == {}
+    assert reader.names == set()
+    assert reader.uuids == set()
+
+    reader = ODSZoneListReader(ZONELIST_XML)
+    assert reader.mapping == {uuid: name}
+    assert reader.names == {name}
+    assert reader.uuids == {uuid}