Re: [Freeipa-devel] [PATCH 0184] Always return absolute idnsname in dnszone commands

Tue, 20 Jan 2015 04:01:52 -0800 

On 15/01/15 16:07, Jan Cholasta wrote:

Dne 15.1.2015 v 15:39 Martin Basti napsal(a):

On 15/01/15 15:07, Jan Cholasta wrote:

Dne 15.1.2015 v 14:58 Martin Basti napsal(a):

On 15/01/15 14:25, Jan Cholasta wrote:

Hi,

Dne 15.1.2015 v 13:27 Martin Basti napsal(a):

On 15/01/15 13:17, Martin Basti wrote:

https://fedorahosted.org/freeipa/ticket/4722

Patch attached.


Fast fix.

Updated patch attached.


1) Forward zone commands are not fixed.

FWzones are new and always normalized to absolute name in ldap


Would you bet your money on that? Better be safe than sorry,
especially when it's just a matter of moving the code around (right?)



2) It seems that the primary key returned by -mod, -del and -show
(.result.value) is made absolute somewhere else in the code. Would it
be possible to do it in one place?

IMO it is not possible.

Value is generated from key, and key is normalized to absolute zone
before calling execute.

LDAPUpdate:
...
         if self.obj.primary_key:
             pkey = keys[-1]
         else:
             pkey = None

         return dict(result=entry_attrs, value=pkey_to_value(pkey,
options))
The idnsname attribute is just taken from LDAP without any normalization 

Right.






3) Attribute values returned from LDAP are never None, so the if
should be "if 'idnsname' in entry_attrs:".

Ok I will revert the change I made.


4) If idnsname always has only single value, use
"entry_attrs.single_value['idnsname'] =
entry_attrs.single_value['idnsname'].make_absolute()"

Thanks


Honza



Updated patch attached.





Updated patch attached.



Thanks.
Is there a reason why you put the _make_zone_absolute calls in dnszone_* and dnsforwardzone_* instead of DNSZoneBase_*? 


I moved callback into Base classes.
Patch attached.

--
Martin Basti


From de0c7ddfaed92ec6bdda56658d8fb80c6dcd10ab Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Thu, 15 Jan 2015 13:13:55 +0100
Subject: [PATCH] Always return absolute idnsname in dnszone commands

Ticket: https://fedorahosted.org/freeipa/ticket/4722
---
 ipalib/plugins/dns.py | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index 7a80036c94432a01ea8781101712ea1135134948..0fdddbbb826b920d90fff0f3fdeec6e991ca1755 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -2081,6 +2081,18 @@ class DNSZoneBase(LDAPObject):
             except errors.NotFound:
                 raise e  # re-raise original exception
 
+    def _make_zonename_absolute(self, entry_attrs, **options):
+        """
+        Zone names can be relative in IPA < 4.0, make sure we always return
+        absolute zone name from ldap
+        """
+        if options.get('raw'):
+            return
+
+        if "idnsname" in entry_attrs:
+            entry_attrs.single_value['idnsname'] = \
+                entry_attrs.single_value['idnsname'].make_absolute()
+
 
 class DNSZoneBase_add(LDAPCreate):
 
@@ -2128,6 +2140,11 @@ class DNSZoneBase_del(LDAPDelete):
 class DNSZoneBase_mod(LDAPUpdate):
     has_output_params = LDAPUpdate.has_output_params + dnszone_output_params
 
+    def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
+        assert isinstance(dn, DN)
+        self.obj._make_zonename_absolute(entry_attrs, **options)
+        return dn
+
 
 class DNSZoneBase_find(LDAPSearch):
     __doc__ = _('Search for DNS zones (SOA records).')
@@ -2162,6 +2179,11 @@ class DNSZoneBase_find(LDAPSearch):
         filter = _create_idn_filter(self, ldap, *args, **options)
         return (filter, base_dn, scope)
 
+    def post_callback(self, ldap, entries, truncated, *args, **options):
+        for entry_attrs in entries:
+            self.obj._make_zonename_absolute(entry_attrs, **options)
+        return truncated
+
 
 class DNSZoneBase_show(LDAPRetrieve):
     has_output_params = LDAPRetrieve.has_output_params + dnszone_output_params
@@ -2172,6 +2194,11 @@ class DNSZoneBase_show(LDAPRetrieve):
             self.obj.handle_not_found(*keys)
         return dn
 
+    def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
+        assert isinstance(dn, DN)
+        self.obj._make_zonename_absolute(entry_attrs, **options)
+        return dn
+
 
 class DNSZoneBase_disable(LDAPQuery):
     has_output = output.standard_value
@@ -2797,6 +2824,8 @@ class dnszone_mod(DNSZoneBase_mod):
 
     def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
         assert isinstance(dn, DN)
+        super(dnszone_mod, self).post_callback(ldap, dn, entry_attrs,
+                                               *keys, **options)
         self.obj._rr_zone_postprocess(entry_attrs, **options)
         return dn
 
@@ -2833,6 +2862,8 @@ class dnszone_find(DNSZoneBase_find):
         return (filter, base_dn, scope)
 
     def post_callback(self, ldap, entries, truncated, *args, **options):
+        super(dnszone_find, self).post_callback(ldap, entries, truncated,
+                                                *args, **options)
         for entry_attrs in entries:
             self.obj._rr_zone_postprocess(entry_attrs, **options)
         return truncated
@@ -2850,6 +2881,8 @@ class dnszone_show(DNSZoneBase_show):
 
     def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
         assert isinstance(dn, DN)
+        super(dnszone_show, self).post_callback(ldap, dn, entry_attrs,
+                                                *keys, **options)
         self.obj._rr_zone_postprocess(entry_attrs, **options)
         return dn
 
-- 
2.1.0


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to