30 files changed, 47 insertions, 49 deletions

diff --git a/daemons/dnssec/ipa-dnskeysync-replica b/daemons/dnssec/ipa-dnskeysync-replica
index fbfee93b8..43670d29c 100755
--- a/daemons/dnssec/ipa-dnskeysync-replica
+++ b/daemons/dnssec/ipa-dnskeysync-replica
@@ -20,10 +20,11 @@ from ipapython.ipa_log_manager import root_logger, standard_logging_setup
 from ipapython import ipaldap
 from ipapython import ipautil
 from ipaplatform.paths import paths
-
-from ipapython.dnssec.abshsm import sync_pkcs11_metadata, ldap2p11helper_api_params, wrappingmech_name2id
-from ipapython.dnssec.ldapkeydb import LdapKeyDB
-from ipapython.dnssec.localhsm import LocalHSM
+from ipaserver.dnssec.abshsm import (sync_pkcs11_metadata,
+                                     ldap2p11helper_api_params,
+                                     wrappingmech_name2id)
+from ipaserver.dnssec.ldapkeydb import LdapKeyDB
+from ipaserver.dnssec.localhsm import LocalHSM
 
 DAEMONNAME = 'ipa-dnskeysyncd'
 PRINCIPAL = None  # not initialized yet
diff --git a/daemons/dnssec/ipa-dnskeysyncd b/daemons/dnssec/ipa-dnskeysyncd
index dfe4cb4be..37c6a02fb 100755
--- a/daemons/dnssec/ipa-dnskeysyncd
+++ b/daemons/dnssec/ipa-dnskeysyncd
@@ -16,8 +16,7 @@ from ipapython.ipa_log_manager import root_logger, standard_logging_setup
 from ipapython import ipaldap
 from ipapython import ipautil
 from ipaplatform.paths import paths
-
-from ipapython.dnssec.keysyncer import KeySyncer
+from ipaserver.dnssec.keysyncer import KeySyncer
 
 # IPA framework initialization
 api.bootstrap(in_server=True, log=None)  # no logging to file
diff --git a/daemons/dnssec/ipa-ods-exporter b/daemons/dnssec/ipa-ods-exporter
index 66332490a..f2fdaa991 100755
--- a/daemons/dnssec/ipa-ods-exporter
+++ b/daemons/dnssec/ipa-ods-exporter
@@ -36,10 +36,9 @@ from ipapython.dn import DN
 from ipapython import ipaldap
 from ipapython import ipautil
 from ipaplatform.paths import paths
-
-from ipapython.dnssec.abshsm import sync_pkcs11_metadata, wrappingmech_name2id
-from ipapython.dnssec.ldapkeydb import LdapKeyDB
-from ipapython.dnssec.localhsm import LocalHSM
+from ipaserver.dnssec.abshsm import sync_pkcs11_metadata, wrappingmech_name2id
+from ipaserver.dnssec.ldapkeydb import LdapKeyDB
+from ipaserver.dnssec.localhsm import LocalHSM
 
 DAEMONNAME = 'ipa-ods-exporter'
 PRINCIPAL = None  # not initialized yet
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 3865ed8c7..d76c1a314 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -1065,12 +1065,14 @@ fi
 %license COPYING
 %{python_sitelib}/ipaserver-*.egg-info
 %dir %{python_sitelib}/ipaserver
+%dir %{python_sitelib}/ipaserver/dnssec
 %dir %{python_sitelib}/ipaserver/install
 %dir %{python_sitelib}/ipaserver/install/plugins
 %dir %{python_sitelib}/ipaserver/install/server
 %dir %{python_sitelib}/ipaserver/advise
 %dir %{python_sitelib}/ipaserver/advise/plugins
 %dir %{python_sitelib}/ipaserver/plugins
+%dir %{python_sitelib}/ipaserver/secrets
 
 
 %files server-common
@@ -1285,12 +1287,8 @@ fi
 %license COPYING
 %dir %{python_sitelib}/ipapython
 %{python_sitelib}/ipapython/*.py*
-%dir %{python_sitelib}/ipapython/dnssec
-%{python_sitelib}/ipapython/dnssec/*.py*
 %dir %{python_sitelib}/ipapython/install
 %{python_sitelib}/ipapython/install/*.py*
-%dir %{python_sitelib}/ipapython/secrets
-%{python_sitelib}/ipapython/secrets/*.py*
 %dir %{python_sitelib}/ipalib
 %{python_sitelib}/ipalib/*.py*
 %dir %{python_sitelib}/ipalib/install
diff --git a/install/share/custodia.conf.template b/install/share/custodia.conf.template
index 94740c00d..855a1b3ba 100644
--- a/install/share/custodia.conf.template
+++ b/install/share/custodia.conf.template
@@ -13,13 +13,13 @@ handler = custodia.httpd.authenticators.SimpleHeaderAuth
 header = GSS_NAME
 
 [authz:kemkeys]
-handler = ipapython.secrets.kem.IPAKEMKeys
+handler = ipaserver.secrets.kem.IPAKEMKeys
 paths = /keys
 store = ipa
 server_keys = $IPA_CUSTODIA_CONF_DIR/server.keys
 
 [store:ipa]
-handler = ipapython.secrets.store.IPASecStore
+handler = ipaserver.secrets.store.IPASecStore
 ldap_uri = $LDAP_URI
 
 [/keys]
diff --git a/install/tools/ipa-pki-retrieve-key b/install/tools/ipa-pki-retrieve-key
index 740e799d2..505ed238e 100755
--- a/install/tools/ipa-pki-retrieve-key
+++ b/install/tools/ipa-pki-retrieve-key
@@ -8,7 +8,7 @@ import sys
 from ipalib import constants
 from ipalib.config import Env
 from ipaplatform.paths import paths
-from ipapython.secrets.client import CustodiaClient
+from ipaserver.secrets.client import CustodiaClient
 
 env = Env()
 env._finalize()
diff --git a/ipapython/setup.py b/ipapython/setup.py
index 087086eee..1abe7b067 100755
--- a/ipapython/setup.py
+++ b/ipapython/setup.py
@@ -34,8 +34,6 @@ if __name__ == '__main__':
         package_dir={'ipapython': ''},
         packages=[
             "ipapython",
-            "ipapython.dnssec",
-            "ipapython.secrets",
             "ipapython.install"
         ],
         install_requires=[
@@ -60,12 +58,4 @@ if __name__ == '__main__':
         extras_require={
             ":python_version<'3'": ["enum34"],
         },
-        entry_points={
-            'custodia.authorizers': [
-                'IPAKEMKeys = ipapython.secrets.kem:IPAKEMKeys',
-            ],
-            'custodia.stores': [
-                'IPASecStore = ipapython.secrets.store:IPASecStore',
-            ],
-        },
     )
diff --git a/ipapython/dnssec/__init__.py b/ipaserver/dnssec/__init__.py
index e69de29bb..e69de29bb 100644
--- a/ipapython/dnssec/__init__.py
+++ b/ipaserver/dnssec/__init__.py
diff --git a/ipapython/dnssec/abshsm.py b/ipaserver/dnssec/abshsm.py
index 1533892f8..eb430b437 100644
--- a/ipapython/dnssec/abshsm.py
+++ b/ipaserver/dnssec/abshsm.py
@@ -2,7 +2,7 @@
 # Copyright (C) 2014  FreeIPA Contributors see COPYING for license
 #
 
-from ipapython import p11helper as _ipap11helper
+from ipaserver import p11helper as _ipap11helper
 
 attrs_id2name = {
     #_ipap11helper.CKA_ALLOWED_MECHANISMS: 'ipk11allowedmechanisms',
diff --git a/ipapython/dnssec/bindmgr.py b/ipaserver/dnssec/bindmgr.py
index 33d071f45..71ad05399 100644
--- a/ipapython/dnssec/bindmgr.py
+++ b/ipaserver/dnssec/bindmgr.py
@@ -14,7 +14,7 @@ from ipapython.dn import DN
 from ipapython import ipa_log_manager, ipautil
 from ipaplatform.paths import paths
 
-from ipapython.dnssec.temp import TemporaryDirectory
+from ipaserver.dnssec.temp import TemporaryDirectory
 
 time_bindfmt = '%Y%m%d%H%M%S'
 
diff --git a/ipapython/dnssec/keysyncer.py b/ipaserver/dnssec/keysyncer.py
index 20039a068..a8dc92354 100644
--- a/ipapython/dnssec/keysyncer.py
+++ b/ipaserver/dnssec/keysyncer.py
@@ -10,9 +10,9 @@ import dns.name
 from ipaplatform.paths import paths
 from ipapython import ipautil
 
-from ipapython.dnssec.syncrepl import SyncReplConsumer
-from ipapython.dnssec.odsmgr import ODSMgr
-from ipapython.dnssec.bindmgr import BINDMgr
+from ipaserver.dnssec.syncrepl import SyncReplConsumer
+from ipaserver.dnssec.odsmgr import ODSMgr
+from ipaserver.dnssec.bindmgr import BINDMgr
 
 SIGNING_ATTR = 'idnsSecInlineSigning'
 OBJCLASS_ATTR = 'objectClass'
diff --git a/ipapython/dnssec/ldapkeydb.py b/ipaserver/dnssec/ldapkeydb.py
index aa0413934..98e150d92 100644
--- a/ipapython/dnssec/ldapkeydb.py
+++ b/ipaserver/dnssec/ldapkeydb.py
@@ -13,12 +13,12 @@ from ipapython.dn import DN
 from ipapython import ipaldap
 from ipapython import ipa_log_manager
 
-from ipapython.dnssec.abshsm import (
+from ipaserver.dnssec.abshsm import (
     attrs_name2id,
     AbstractHSM,
     bool_attr_names,
     populate_pkcs11_metadata)
-from ipapython import p11helper as _ipap11helper
+from ipaserver import p11helper as _ipap11helper
 import uuid
 
 def uri_escape(val):
diff --git a/ipapython/dnssec/localhsm.py b/ipaserver/dnssec/localhsm.py
index befe08aec..c1e4887b5 100755
--- a/ipapython/dnssec/localhsm.py
+++ b/ipaserver/dnssec/localhsm.py
@@ -13,8 +13,8 @@ from pprint import pprint
 
 from ipaplatform.paths import paths
 
-from ipapython import p11helper as _ipap11helper
-from ipapython.dnssec.abshsm import (attrs_name2id, attrs_id2name, AbstractHSM,
+from ipaserver import p11helper as _ipap11helper
+from ipaserver.dnssec.abshsm import (attrs_name2id, attrs_id2name, AbstractHSM,
                                      keytype_id2name, keytype_name2id,
                                      ldap2p11helper_api_params)
 
diff --git a/ipapython/dnssec/odsmgr.py b/ipaserver/dnssec/odsmgr.py
index 0308408e0..0308408e0 100644
--- a/ipapython/dnssec/odsmgr.py
+++ b/ipaserver/dnssec/odsmgr.py
diff --git a/ipapython/dnssec/syncrepl.py b/ipaserver/dnssec/syncrepl.py
index e197670ad..e197670ad 100644
--- a/ipapython/dnssec/syncrepl.py
+++ b/ipaserver/dnssec/syncrepl.py
diff --git a/ipapython/dnssec/temp.py b/ipaserver/dnssec/temp.py
index e97d3a0b8..e97d3a0b8 100644
--- a/ipapython/dnssec/temp.py
+++ b/ipaserver/dnssec/temp.py
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 1aa6b8d4e..20fc2b730 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -57,7 +57,7 @@ from ipapython.certdb import get_ca_nickname
 from ipapython.dn import DN
 from ipapython.ipa_log_manager import log_mgr,\
     standard_logging_setup, root_logger
-from ipapython.secrets.kem import IPAKEMKeys
+from ipaserver.secrets.kem import IPAKEMKeys
 
 from ipaserver.install import certs
 from ipaserver.install import custodiainstance
diff --git a/ipaserver/install/custodiainstance.py b/ipaserver/install/custodiainstance.py
index b0c952d68..604a6da3e 100644
--- a/ipaserver/install/custodiainstance.py
+++ b/ipaserver/install/custodiainstance.py
@@ -1,7 +1,7 @@
 # Copyright (C) 2015 FreeIPa Project Contributors, see 'COPYING' for license.
 
-from ipapython.secrets.kem import IPAKEMKeys
-from ipapython.secrets.client import CustodiaClient
+from ipaserver.secrets.kem import IPAKEMKeys
+from ipaserver.secrets.client import CustodiaClient
 from ipaserver.install.certs import CertDB
 from ipaplatform.paths import paths
 from ipaplatform.constants import constants
diff --git a/ipaserver/install/dnskeysyncinstance.py b/ipaserver/install/dnskeysyncinstance.py
index 28eb3f9d6..76a14f9d9 100644
--- a/ipaserver/install/dnskeysyncinstance.py
+++ b/ipaserver/install/dnskeysyncinstance.py
@@ -13,7 +13,7 @@ import stat
 
 import ldap
 
-from ipapython import p11helper as _ipap11helper
+from ipaserver import p11helper as _ipap11helper
 from ipapython.dnsutil import DNSName
 from ipaserver.install import service
 from ipaserver.install import installutils
diff --git a/ipaserver/install/opendnssecinstance.py b/ipaserver/install/opendnssecinstance.py
index 39b81b6b4..9d0664d99 100644
--- a/ipaserver/install/opendnssecinstance.py
+++ b/ipaserver/install/opendnssecinstance.py
@@ -13,11 +13,12 @@ from ipaserver.install import service
 from ipaserver.install import installutils
 from ipapython.ipa_log_manager import root_logger
 from ipapython.dn import DN
-from ipapython import sysrestore, ipautil, p11helper
+from ipapython import sysrestore, ipautil
 from ipaplatform import services
 from ipaplatform.constants import constants
 from ipaplatform.paths import paths
 from ipalib import errors, api
+from ipaserver import p11helper
 from ipaserver.install import dnskeysyncinstance
 
 KEYMASTER = u'dnssecKeyMaster'
diff --git a/ipapython/p11helper.py b/ipaserver/p11helper.py
index 5963c6d71..5963c6d71 100644
--- a/ipapython/p11helper.py
+++ b/ipaserver/p11helper.py
diff --git a/ipapython/secrets/__init__.py b/ipaserver/secrets/__init__.py
index e69de29bb..e69de29bb 100644
--- a/ipapython/secrets/__init__.py
+++ b/ipaserver/secrets/__init__.py
diff --git a/ipapython/secrets/client.py b/ipaserver/secrets/client.py
index d9cc7d0f5..a04b9a643 100644
--- a/ipapython/secrets/client.py
+++ b/ipaserver/secrets/client.py
@@ -4,8 +4,8 @@ from __future__ import print_function
 from custodia.message.kem import KEMClient, KEY_USAGE_SIG, KEY_USAGE_ENC
 from jwcrypto.common import json_decode
 from jwcrypto.jwk import JWK
-from ipapython.secrets.kem import IPAKEMKeys
-from ipapython.secrets.store import iSecStore
+from ipaserver.secrets.kem import IPAKEMKeys
+from ipaserver.secrets.store import iSecStore
 from ipaplatform.paths import paths
 from base64 import b64encode
 import ldapurl
diff --git a/ipapython/secrets/common.py b/ipaserver/secrets/common.py
index 2b906b649..2b906b649 100644
--- a/ipapython/secrets/common.py
+++ b/ipaserver/secrets/common.py
diff --git a/ipapython/secrets/kem.py b/ipaserver/secrets/kem.py
index 7f92c9f89..143caaf6c 100644
--- a/ipapython/secrets/kem.py
+++ b/ipaserver/secrets/kem.py
@@ -17,7 +17,7 @@ from custodia.message.kem import KEY_USAGE_SIG, KEY_USAGE_ENC, KEY_USAGE_MAP
 from jwcrypto.common import json_decode, json_encode
 from jwcrypto.common import base64url_encode
 from jwcrypto.jwk import JWK
-from ipapython.secrets.common import iSecLdap
+from ipaserver.secrets.common import iSecLdap
 from binascii import unhexlify
 import ldap
 
diff --git a/ipapython/secrets/store.py b/ipaserver/secrets/store.py
index 30a87d4a5..1df7191f9 100644
--- a/ipapython/secrets/store.py
+++ b/ipaserver/secrets/store.py
@@ -6,7 +6,7 @@ from custodia.store.interface import CSStore
 from jwcrypto.common import json_decode, json_encode
 from ipaplatform.paths import paths
 from ipapython import ipautil
-from ipapython.secrets.common import iSecLdap
+from ipaserver.secrets.common import iSecLdap
 import ldap
 import os
 import shutil
diff --git a/ipaserver/setup.py b/ipaserver/setup.py
index 5c38843b4..3635832d4 100755
--- a/ipaserver/setup.py
+++ b/ipaserver/setup.py
@@ -38,7 +38,9 @@ if __name__ == '__main__':
             'ipaserver',
             'ipaserver.advise',
             'ipaserver.advise.plugins',
+            'ipaserver.dnssec',
             'ipaserver.plugins',
+            'ipaserver.secrets',
             'ipaserver.install',
             'ipaserver.install.plugins',
             'ipaserver.install.server',
@@ -69,4 +71,12 @@ if __name__ == '__main__':
         setup_requires=[
             "wheel",
         ],
+        entry_points={
+            'custodia.authorizers': [
+                'IPAKEMKeys = ipaserver.secrets.kem:IPAKEMKeys',
+            ],
+            'custodia.stores': [
+                'IPASecStore = ipaserver.secrets.store:IPASecStore',
+            ],
+        },
     )
diff --git a/ipatests/test_ipapython/test_dnssec.py b/ipatests/test_ipaserver/test_dnssec.py
index c4b830e72..b90f69e13 100644
--- a/ipatests/test_ipapython/test_dnssec.py
+++ b/ipatests/test_ipaserver/test_dnssec.py
@@ -2,11 +2,11 @@
 # Copyright (C) 2016  FreeIPA Contributors see COPYING for license
 #
 """
-Test the `ipapython/dnssec` package.
+Test the `ipaserver/dnssec` package.
 """
 import dns.name
 
-from ipapython.dnssec.odsmgr import ODSZoneListReader
+from ipaserver.dnssec.odsmgr import ODSZoneListReader
 
 
 ZONELIST_XML = """<?xml version="1.0" encoding="UTF-8"?>
diff --git a/ipatests/test_ipapython/test_ipap11helper.py b/ipatests/test_ipaserver/test_ipap11helper.py
index 2c8fd2892..c0c8b24bb 100644
--- a/ipatests/test_ipapython/test_ipap11helper.py
+++ b/ipatests/test_ipaserver/test_ipap11helper.py
@@ -17,7 +17,7 @@ import tempfile
 import pytest
 from ipaplatform.paths import paths
 
-from ipapython import p11helper as _ipap11helper
+from ipaserver import p11helper as _ipap11helper
 
 pytestmark = pytest.mark.tier0
 
diff --git a/ipatests/test_ipapython/test_secrets.py b/ipatests/test_ipaserver/test_secrets.py
index 9fbf825d2..40daed67f 100644
--- a/ipatests/test_ipapython/test_secrets.py
+++ b/ipatests/test_ipaserver/test_secrets.py
@@ -1,7 +1,7 @@
 # Copyright (C) 2015  FreeIPA Project Contributors - see LICENSE file
 
 from __future__ import print_function
-from ipapython.secrets.store import iSecStore, NAME_DB_MAP, NSSCertDB
+from ipaserver.secrets.store import iSecStore, NAME_DB_MAP, NSSCertDB
 import os
 import shutil
 import subprocess