On 20.11.2015 14:34, Martin Basti wrote:
https://fedorahosted.org/freeipa/ticket/5472 Patch attached.
I forgot to attached rebased patch for ipa-4-2
From dac7361785c83bfccc9ae757a081a88c13829fe8 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Fri, 20 Nov 2015 11:53:06 +0100 Subject: [PATCH] upgrade: fix migration of old dns forward zones Plugins should call self.api not the global one during upgrade https://fedorahosted.org/freeipa/ticket/5472 --- ipalib/plugins/dns.py | 51 +++++++++++++++++++++++++++------------------------ 1 file changed, 27 insertions(+), 24 deletions(-) diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index 6b6990f93d45a319b613290a3cb00edbb036a089..7f481ced5873305f3605e22e90efacc1c3bccc27 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -1751,7 +1751,7 @@ def _normalize_zone(zone): return zone -def _get_auth_zone_ldap(name): +def _get_auth_zone_ldap(api, name): """ Find authoritative zone in LDAP for name. Only active zones are considered. :param name: @@ -1797,7 +1797,7 @@ def _get_auth_zone_ldap(name): return max(matched_auth_zones, key=len), truncated -def _get_longest_match_ns_delegation_ldap(zone, name): +def _get_longest_match_ns_delegation_ldap(api, zone, name): """ Searches for deepest delegation for name in LDAP zone. @@ -1873,7 +1873,7 @@ def _get_longest_match_ns_delegation_ldap(zone, name): return max(matched_records, key=len), truncated -def _find_subtree_forward_zones_ldap(name, child_zones_only=False): +def _find_subtree_forward_zones_ldap(api, name, child_zones_only=False): """ Search for forwardzone <name> and all child forwardzones Filter: (|(*.<name>.)(<name>.)) @@ -1927,7 +1927,7 @@ def _find_subtree_forward_zones_ldap(name, child_zones_only=False): return result, truncated -def _get_zone_which_makes_fw_zone_ineffective(fwzonename): +def _get_zone_which_makes_fw_zone_ineffective(api, fwzonename): """ Check if forward zone is effective. @@ -1952,12 +1952,12 @@ def _get_zone_which_makes_fw_zone_ineffective(fwzonename): """ assert isinstance(fwzonename, DNSName) - auth_zone, truncated_zone = _get_auth_zone_ldap(fwzonename) + auth_zone, truncated_zone = _get_auth_zone_ldap(api, fwzonename) if not auth_zone: return None, truncated_zone delegation_record_name, truncated_ns =\ - _get_longest_match_ns_delegation_ldap(auth_zone, fwzonename) + _get_longest_match_ns_delegation_ldap(api, auth_zone, fwzonename) truncated = truncated_ns or truncated_zone @@ -1967,12 +1967,12 @@ def _get_zone_which_makes_fw_zone_ineffective(fwzonename): return auth_zone, truncated -def _add_warning_fw_zone_is_not_effective(result, fwzone, version): +def _add_warning_fw_zone_is_not_effective(api, result, fwzone, version): """ Adds warning message to result, if required """ authoritative_zone, truncated = \ - _get_zone_which_makes_fw_zone_ineffective(fwzone) + _get_zone_which_makes_fw_zone_ineffective(api, fwzone) if authoritative_zone: # forward zone is not effective and forwarding will not work messages.add_message( @@ -2088,7 +2088,7 @@ class DNSZoneBase(LDAPObject): def _remove_permission(self, zone): permission_name = self.permission_name(zone) try: - api.Command['permission_del'](permission_name, force=True) + self.api.Command['permission_del'](permission_name, force=True) except errors.NotFound as e: if zone == DNSName.root: # special case root zone raise @@ -2098,7 +2098,8 @@ class DNSZoneBase(LDAPObject): zone.relativize(DNSName.root) ) try: - api.Command['permission_del'](permission_name_rel, force=True) + self.api.Command['permission_del'](permission_name_rel, + force=True) except errors.NotFound: raise e # re-raise original exception @@ -2296,7 +2297,8 @@ class DNSZoneBase_add_permission(LDAPQuery): keys[-1].relativize(DNSName.root) ) try: - api.Object['permission'].get_dn_if_exists(permission_name_rel) + self.api.Object['permission'].get_dn_if_exists( + permission_name_rel) except errors.NotFound: pass else: @@ -2307,7 +2309,7 @@ class DNSZoneBase_add_permission(LDAPQuery): } ) - permission = api.Command['permission_add_noaci'](permission_name, + permission = self.api.Command['permission_add_noaci'](permission_name, ipapermissiontype=u'SYSTEM' )['result'] @@ -2667,12 +2669,12 @@ class dnszone(DNSZoneBase): """ zone = keys[-1] affected_fw_zones, truncated = _find_subtree_forward_zones_ldap( - zone, child_zones_only=True) + self.api, zone, child_zones_only=True) if not affected_fw_zones: return for fwzone in affected_fw_zones: - _add_warning_fw_zone_is_not_effective(result, fwzone, + _add_warning_fw_zone_is_not_effective(self.api, result, fwzone, options['version']) def _warning_dnssec_master_is_not_installed(self, result, **options): @@ -2719,7 +2721,8 @@ class dnszone_add(DNSZoneBase_add): dn = super(dnszone_add, self).pre_callback( ldap, dn, entry_attrs, attrs_list, *keys, **options) - nameservers = [normalize_zone(x) for x in api.Object.dnsrecord.get_dns_masters()] + nameservers = [normalize_zone(x) for x in + self.api.Object.dnsrecord.get_dns_masters()] server = normalize_zone(api.env.host) zone = keys[-1] @@ -2769,7 +2772,7 @@ class dnszone_add(DNSZoneBase_add): not zone.is_reverse() and zone != DNSName.root): try: - api.Command['realmdomains_mod'](add_domain=unicode(zone), + self.api.Command['realmdomains_mod'](add_domain=unicode(zone), force=True) except (errors.EmptyModlist, errors.ValidationError): pass @@ -2803,8 +2806,8 @@ class dnszone_del(DNSZoneBase_del): not zone.is_reverse() and zone != DNSName.root ): try: - api.Command['realmdomains_mod'](del_domain=unicode(zone), - force=True) + self.api.Command['realmdomains_mod']( + del_domain=unicode(zone), force=True) except (errors.AttrValueNotFound, errors.ValidationError): pass @@ -3512,12 +3515,12 @@ class dnsrecord(LDAPObject): record_name_absolute = record_name_absolute.derelativize(zone) affected_fw_zones, truncated = _find_subtree_forward_zones_ldap( - record_name_absolute) + self.api, record_name_absolute) if not affected_fw_zones: return for fwzone in affected_fw_zones: - _add_warning_fw_zone_is_not_effective(result, fwzone, + _add_warning_fw_zone_is_not_effective(self.api, result, fwzone, options['version']) def warning_suspicious_relative_name(self, result, *keys, **options): @@ -3890,7 +3893,7 @@ class dnsrecord_mod(LDAPUpdate): # get DNS record first so that the NotFound exception is raised # before the helper would start - dns_record = api.Command['dnsrecord_show'](kw['dnszoneidnsname'], kw['idnsname'])['result'] + dns_record = self.api.Command['dnsrecord_show'](kw['dnszoneidnsname'], kw['idnsname'])['result'] rec_types = [rec_type for rec_type in dns_record if rec_type in _record_attributes] self.Backend.textui.print_plain(_("No option to modify specific record provided.")) @@ -4078,7 +4081,7 @@ class dnsrecord_del(LDAPUpdate): # get DNS record first so that the NotFound exception is raised # before the helper would start - dns_record = api.Command['dnsrecord_show'](kw['dnszoneidnsname'], kw['idnsname'])['result'] + dns_record = self.api.Command['dnsrecord_show'](kw['dnszoneidnsname'], kw['idnsname'])['result'] rec_types = [rec_type for rec_type in dns_record if rec_type in _record_attributes] self.Backend.textui.print_plain(_("No option to delete specific record provided.")) @@ -4398,7 +4401,7 @@ class dnsforwardzone(DNSZoneBase): def _warning_fw_zone_is_not_effective(self, result, *keys, **options): fwzone = keys[-1] - _add_warning_fw_zone_is_not_effective(result, fwzone, + _add_warning_fw_zone_is_not_effective(self.api, result, fwzone, options['version']) def _warning_if_forwarders_do_not_work(self, result, new_zone, @@ -4438,7 +4441,7 @@ class dnsforwardzone(DNSZoneBase): # validation is configured just in named.conf per replica ipa_dns_masters = [normalize_zone(x) for x in - api.Object.dnsrecord.get_dns_masters()] + self.api.Object.dnsrecord.get_dns_masters()] if not ipa_dns_masters: # something very bad happened, DNS is installed, but no IPA DNS -- 2.5.0
From 1f6bfb109c6f0312890fc73cd3807d60cb895a5a Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Fri, 20 Nov 2015 11:53:06 +0100 Subject: [PATCH] upgrade: fix migration of old dns forward zones Plugins should call self.api not the global one during upgrade https://fedorahosted.org/freeipa/ticket/5472 --- ipalib/plugins/dns.py | 51 +++++++++++++++++++++++++++------------------------ 1 file changed, 27 insertions(+), 24 deletions(-) diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index 78afe6bef15447a26efa58a6d7c1a5c6fd4f4049..e3977ba149d5ae3af0683df069c76f0e086c7087 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -1747,7 +1747,7 @@ def _normalize_zone(zone): return zone -def _get_auth_zone_ldap(name): +def _get_auth_zone_ldap(api, name): """ Find authoritative zone in LDAP for name. Only active zones are considered. :param name: @@ -1793,7 +1793,7 @@ def _get_auth_zone_ldap(name): return max(matched_auth_zones, key=len), truncated -def _get_longest_match_ns_delegation_ldap(zone, name): +def _get_longest_match_ns_delegation_ldap(api, zone, name): """ Searches for deepest delegation for name in LDAP zone. @@ -1869,7 +1869,7 @@ def _get_longest_match_ns_delegation_ldap(zone, name): return max(matched_records, key=len), truncated -def _find_subtree_forward_zones_ldap(name, child_zones_only=False): +def _find_subtree_forward_zones_ldap(api, name, child_zones_only=False): """ Search for forwardzone <name> and all child forwardzones Filter: (|(*.<name>.)(<name>.)) @@ -1923,7 +1923,7 @@ def _find_subtree_forward_zones_ldap(name, child_zones_only=False): return result, truncated -def _get_zone_which_makes_fw_zone_ineffective(fwzonename): +def _get_zone_which_makes_fw_zone_ineffective(api, fwzonename): """ Check if forward zone is effective. @@ -1948,12 +1948,12 @@ def _get_zone_which_makes_fw_zone_ineffective(fwzonename): """ assert isinstance(fwzonename, DNSName) - auth_zone, truncated_zone = _get_auth_zone_ldap(fwzonename) + auth_zone, truncated_zone = _get_auth_zone_ldap(api, fwzonename) if not auth_zone: return None, truncated_zone delegation_record_name, truncated_ns =\ - _get_longest_match_ns_delegation_ldap(auth_zone, fwzonename) + _get_longest_match_ns_delegation_ldap(api, auth_zone, fwzonename) truncated = truncated_ns or truncated_zone @@ -1963,12 +1963,12 @@ def _get_zone_which_makes_fw_zone_ineffective(fwzonename): return auth_zone, truncated -def _add_warning_fw_zone_is_not_effective(result, fwzone, version): +def _add_warning_fw_zone_is_not_effective(api, result, fwzone, version): """ Adds warning message to result, if required """ authoritative_zone, truncated = \ - _get_zone_which_makes_fw_zone_ineffective(fwzone) + _get_zone_which_makes_fw_zone_ineffective(api, fwzone) if authoritative_zone: # forward zone is not effective and forwarding will not work messages.add_message( @@ -2084,7 +2084,7 @@ class DNSZoneBase(LDAPObject): def _remove_permission(self, zone): permission_name = self.permission_name(zone) try: - api.Command['permission_del'](permission_name, force=True) + self.api.Command['permission_del'](permission_name, force=True) except errors.NotFound, e: if zone == DNSName.root: # special case root zone raise @@ -2094,7 +2094,8 @@ class DNSZoneBase(LDAPObject): zone.relativize(DNSName.root) ) try: - api.Command['permission_del'](permission_name_rel, force=True) + self.api.Command['permission_del'](permission_name_rel, + force=True) except errors.NotFound: raise e # re-raise original exception @@ -2284,7 +2285,8 @@ class DNSZoneBase_add_permission(LDAPQuery): keys[-1].relativize(DNSName.root) ) try: - api.Object['permission'].get_dn_if_exists(permission_name_rel) + self.api.Object['permission'].get_dn_if_exists( + permission_name_rel) except errors.NotFound: pass else: @@ -2295,7 +2297,7 @@ class DNSZoneBase_add_permission(LDAPQuery): } ) - permission = api.Command['permission_add_noaci'](permission_name, + permission = self.api.Command['permission_add_noaci'](permission_name, ipapermissiontype=u'SYSTEM' )['result'] @@ -2655,12 +2657,12 @@ class dnszone(DNSZoneBase): """ zone = keys[-1] affected_fw_zones, truncated = _find_subtree_forward_zones_ldap( - zone, child_zones_only=True) + self.api, zone, child_zones_only=True) if not affected_fw_zones: return for fwzone in affected_fw_zones: - _add_warning_fw_zone_is_not_effective(result, fwzone, + _add_warning_fw_zone_is_not_effective(self.api, result, fwzone, options['version']) def _warning_dnssec_master_is_not_installed(self, result, **options): @@ -2707,7 +2709,8 @@ class dnszone_add(DNSZoneBase_add): dn = super(dnszone_add, self).pre_callback( ldap, dn, entry_attrs, attrs_list, *keys, **options) - nameservers = [normalize_zone(x) for x in api.Object.dnsrecord.get_dns_masters()] + nameservers = [normalize_zone(x) for x in + self.api.Object.dnsrecord.get_dns_masters()] server = normalize_zone(api.env.host) zone = keys[-1] @@ -2757,7 +2760,7 @@ class dnszone_add(DNSZoneBase_add): not zone.is_reverse() and zone != DNSName.root): try: - api.Command['realmdomains_mod'](add_domain=unicode(zone), + self.api.Command['realmdomains_mod'](add_domain=unicode(zone), force=True) except (errors.EmptyModlist, errors.ValidationError): pass @@ -2791,8 +2794,8 @@ class dnszone_del(DNSZoneBase_del): not zone.is_reverse() and zone != DNSName.root ): try: - api.Command['realmdomains_mod'](del_domain=unicode(zone), - force=True) + self.api.Command['realmdomains_mod']( + del_domain=unicode(zone), force=True) except (errors.AttrValueNotFound, errors.ValidationError): pass @@ -3500,12 +3503,12 @@ class dnsrecord(LDAPObject): record_name_absolute = record_name_absolute.derelativize(zone) affected_fw_zones, truncated = _find_subtree_forward_zones_ldap( - record_name_absolute) + self.api, record_name_absolute) if not affected_fw_zones: return for fwzone in affected_fw_zones: - _add_warning_fw_zone_is_not_effective(result, fwzone, + _add_warning_fw_zone_is_not_effective(self.api, result, fwzone, options['version']) @@ -3855,7 +3858,7 @@ class dnsrecord_mod(LDAPUpdate): # get DNS record first so that the NotFound exception is raised # before the helper would start - dns_record = api.Command['dnsrecord_show'](kw['dnszoneidnsname'], kw['idnsname'])['result'] + dns_record = self.api.Command['dnsrecord_show'](kw['dnszoneidnsname'], kw['idnsname'])['result'] rec_types = [rec_type for rec_type in dns_record if rec_type in _record_attributes] self.Backend.textui.print_plain(_("No option to modify specific record provided.")) @@ -4043,7 +4046,7 @@ class dnsrecord_del(LDAPUpdate): # get DNS record first so that the NotFound exception is raised # before the helper would start - dns_record = api.Command['dnsrecord_show'](kw['dnszoneidnsname'], kw['idnsname'])['result'] + dns_record = self.api.Command['dnsrecord_show'](kw['dnszoneidnsname'], kw['idnsname'])['result'] rec_types = [rec_type for rec_type in dns_record if rec_type in _record_attributes] self.Backend.textui.print_plain(_("No option to delete specific record provided.")) @@ -4358,7 +4361,7 @@ class dnsforwardzone(DNSZoneBase): def _warning_fw_zone_is_not_effective(self, result, *keys, **options): fwzone = keys[-1] - _add_warning_fw_zone_is_not_effective(result, fwzone, + _add_warning_fw_zone_is_not_effective(self.api, result, fwzone, options['version']) def _warning_if_forwarders_do_not_work(self, result, new_zone, @@ -4398,7 +4401,7 @@ class dnsforwardzone(DNSZoneBase): # validation is configured just in named.conf per replica ipa_dns_masters = [normalize_zone(x) for x in - api.Object.dnsrecord.get_dns_masters()] + self.api.Object.dnsrecord.get_dns_masters()] if not ipa_dns_masters: # something very bad happened, DNS is installed, but no IPA DNS -- 2.5.0
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code