https://fedorahosted.org/freeipa/ticket/5675

Patches attached.
From b013cce6bdfb7dbe703a4781e0dde407e1153c43 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Wed, 2 Mar 2016 13:44:22 +0100
Subject: [PATCH 1/6] host_del: fix removal of host records

Originally only the first A/AAAA record is removed, and one other record. This commit fixes it
and all records are removed.

https://fedorahosted.org/freeipa/ticket/5675
---
 ipalib/plugins/host.py | 31 ++++++++++---------------------
 1 file changed, 10 insertions(+), 21 deletions(-)

diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py
index 6ff751ca88187bb37ac64ca291234eed56e26e6f..97c9e158851158c1ce96b5e3bc566a1135534942 100644
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -35,7 +35,7 @@ from ipalib.plugins.service import (split_principal, validate_certificate,
     set_certificate_attrs, ticket_flags_params, update_krbticketflags,
     set_kerberos_attrs, rename_ipaallowedtoperform_from_ldap,
     rename_ipaallowedtoperform_to_ldap, revoke_certs)
-from ipalib.plugins.dns import (dns_container_exists, _record_types,
+from ipalib.plugins.dns import (dns_container_exists, _record_attributes,
         add_records_for_host_validation, add_records_for_host,
         get_reverse_zone)
 from ipalib import _, ngettext
@@ -772,26 +772,15 @@ class host_del(LDAPDelete):
             # Get all forward resources for this host
             records = api.Command['dnsrecord_find'](domain, idnsname=parts[0])['result']
             for record in records:
-                if 'arecord' in record:
-                    remove_fwd_ptr(record['arecord'][0], parts[0],
-                                   domain, 'arecord')
-                if 'aaaarecord' in record:
-                    remove_fwd_ptr(record['aaaarecord'][0], parts[0],
-                                   domain, 'aaaarecord')
-                else:
-                    # Try to delete all other record types too
-                    _attribute_types = [str('%srecord' % t.lower())
-                                        for t in _record_types]
-                    for attr in _attribute_types:
-                        if attr not in ['arecord', 'aaaarecord'] and attr in record:
-                            for val in record[attr]:
-                                if (val.endswith(parts[0]) or
-                                        val.endswith(fqdn + '.')):
-                                    delkw = {unicode(attr): val}
-                                    api.Command['dnsrecord_del'](domain,
-                                            record['idnsname'][0],
-                                            **delkw)
-                            break
+                for attr in _record_attributes:
+                    for val in record.get(attr, []):
+                        if attr in ('arecord', 'aaaarecord'):
+                            remove_fwd_ptr(val, parts[0], domain, attr)
+                        elif (val.endswith(parts[0]) or
+                                val.endswith(fqdn + '.')):
+                            delkw = {unicode(attr): val}
+                            api.Command['dnsrecord_del'](
+                                domain, record['idnsname'][0], **delkw)
 
         if self.api.Command.ca_is_enabled()['result']:
             try:
-- 
2.5.5

From 32f35058dc86a1913fb4f515ef90ac0ae25a29fe Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Wed, 2 Mar 2016 15:53:27 +0100
Subject: [PATCH 2/6] host_del: replace dns-record find command with show

Due the configuration of dnsrecord_find, it works as dnsrecord-show,
thus it can be replaced.

https://fedorahosted.org/freeipa/ticket/5675
---
 ipalib/plugins/host.py | 29 +++++++++++++++++------------
 1 file changed, 17 insertions(+), 12 deletions(-)

diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py
index 97c9e158851158c1ce96b5e3bc566a1135534942..ef0738041e4fb72780b67f880028bf857c3f9485 100644
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -769,18 +769,23 @@ class host_del(LDAPDelete):
                 domain = result['idnsname'][0]
             except errors.NotFound:
                 self.obj.handle_not_found(*keys)
-            # Get all forward resources for this host
-            records = api.Command['dnsrecord_find'](domain, idnsname=parts[0])['result']
-            for record in records:
-                for attr in _record_attributes:
-                    for val in record.get(attr, []):
-                        if attr in ('arecord', 'aaaarecord'):
-                            remove_fwd_ptr(val, parts[0], domain, attr)
-                        elif (val.endswith(parts[0]) or
-                                val.endswith(fqdn + '.')):
-                            delkw = {unicode(attr): val}
-                            api.Command['dnsrecord_del'](
-                                domain, record['idnsname'][0], **delkw)
+            else:
+                # Get all forward resources for this host
+                try:
+                    record = api.Command['dnsrecord_show'](
+                        domain, parts[0])['result']
+                except errors.NotFound:
+                    pass
+                else:
+                    for attr in _record_attributes:
+                        for val in record.get(attr, []):
+                            if attr in ('arecord', 'aaaarecord'):
+                                remove_fwd_ptr(val, parts[0], domain, attr)
+                            elif (val.endswith(parts[0]) or
+                                    val.endswith(fqdn + '.')):
+                                delkw = {unicode(attr): val}
+                                api.Command['dnsrecord_del'](
+                                    domain, record['idnsname'][0], **delkw)
 
         if self.api.Command.ca_is_enabled()['result']:
             try:
-- 
2.5.5

From 02d3dd437013dd0b5eded5cdec566f5b04c6fdc5 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Thu, 3 Mar 2016 11:26:15 +0100
Subject: [PATCH 3/6] host_del: remove unneeded dnszone-show command call

This command has no effect in that block of code, dnsrecord_show is
enough for detection if records exists.

https://fedorahosted.org/freeipa/ticket/5675
---
 ipalib/plugins/host.py | 30 ++++++++++++------------------
 1 file changed, 12 insertions(+), 18 deletions(-)

diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py
index ef0738041e4fb72780b67f880028bf857c3f9485..b22768aa05c79628df3505aeb6eaf820f493750f 100644
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -764,28 +764,22 @@ class host_del(LDAPDelete):
             # Remove DNS entries
             parts = fqdn.split('.')
             domain = unicode('.'.join(parts[1:]))
+            # Get all forward resources for this host
             try:
-                result = api.Command['dnszone_show'](domain)['result']
-                domain = result['idnsname'][0]
+                record = api.Command['dnsrecord_show'](
+                    domain, parts[0])['result']
             except errors.NotFound:
                 self.obj.handle_not_found(*keys)
             else:
-                # Get all forward resources for this host
-                try:
-                    record = api.Command['dnsrecord_show'](
-                        domain, parts[0])['result']
-                except errors.NotFound:
-                    pass
-                else:
-                    for attr in _record_attributes:
-                        for val in record.get(attr, []):
-                            if attr in ('arecord', 'aaaarecord'):
-                                remove_fwd_ptr(val, parts[0], domain, attr)
-                            elif (val.endswith(parts[0]) or
-                                    val.endswith(fqdn + '.')):
-                                delkw = {unicode(attr): val}
-                                api.Command['dnsrecord_del'](
-                                    domain, record['idnsname'][0], **delkw)
+                for attr in _record_attributes:
+                    for val in record.get(attr, []):
+                        if attr in ('arecord', 'aaaarecord'):
+                            remove_fwd_ptr(val, parts[0], domain, attr)
+                        elif (val.endswith(parts[0]) or
+                                val.endswith(fqdn + '.')):
+                            delkw = {unicode(attr): val}
+                            api.Command['dnsrecord_del'](
+                                domain, record['idnsname'][0], **delkw)
 
         if self.api.Command.ca_is_enabled()['result']:
             try:
-- 
2.5.5

From 5c497f72339350ce8d367037e0ee9cc09af55084 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Thu, 3 Mar 2016 13:28:19 +0100
Subject: [PATCH 4/6] host_del: split removing A/AAAA and PTR records to
 separate functions

This change is needed because A/AAAA and PTR record will be handled
separately.

https://fedorahosted.org/freeipa/ticket/5675
---
 ipalib/plugins/host.py | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py
index b22768aa05c79628df3505aeb6eaf820f493750f..5a85b95ae7754d20cb40cc2b8ec72114a9efcfd2 100644
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -121,8 +121,17 @@ register = Registry()
 host_pwd_chars = string.digits + string.ascii_letters + '_,.@+-='
 
 
-def remove_fwd_ptr(ipaddr, host, domain, recordtype):
-    api.log.debug('deleting ipaddr %s' % ipaddr)
+def remove_fwd_rec(ipaddr, host, domain, recordtype):
+    api.log.debug('deleting ipaddr %s', ipaddr)
+    try:
+        delkw = {recordtype: ipaddr}
+        api.Command['dnsrecord_del'](domain, host, **delkw)
+    except errors.NotFound:
+        api.log.debug('ipaddr %s not found', ipaddr)
+
+
+def remove_ptr_rec(ipaddr, host, domain):
+    api.log.debug('deleting PTR record of ipaddr %s', ipaddr)
     try:
         revzone, revname = get_reverse_zone(ipaddr)
 
@@ -133,13 +142,7 @@ def remove_fwd_ptr(ipaddr, host, domain, recordtype):
 
         api.Command['dnsrecord_del'](revzone, revname, **delkw)
     except errors.NotFound:
-        pass
-
-    try:
-        delkw = {recordtype: ipaddr}
-        api.Command['dnsrecord_del'](domain, host, **delkw)
-    except errors.NotFound:
-        pass
+        api.log.debug('PTR record of ipaddr %s not found', ipaddr)
 
 
 def update_sshfp_record(zone, record, entry_attrs):
@@ -774,7 +777,8 @@ class host_del(LDAPDelete):
                 for attr in _record_attributes:
                     for val in record.get(attr, []):
                         if attr in ('arecord', 'aaaarecord'):
-                            remove_fwd_ptr(val, parts[0], domain, attr)
+                            remove_fwd_rec(val, parts[0], domain, attr)
+                            remove_ptr_rec(val, parts[0], domain)
                         elif (val.endswith(parts[0]) or
                                 val.endswith(fqdn + '.')):
                             delkw = {unicode(attr): val}
-- 
2.5.5

From 4abb780d872a63fa2d53cda579350b6a95ca6e18 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Fri, 1 Apr 2016 12:45:57 +0200
Subject: [PATCH 5/6] host_del: remove only A, AAAA, SSHFP, PTR records

only A, AAAA, SSHPF and PTR records are managed by IPA. The other
records should be removed by user.

https://fedorahosted.org/freeipa/ticket/5675
---
 ipalib/plugins/host.py | 38 +++++++++++++++++---------------------
 1 file changed, 17 insertions(+), 21 deletions(-)

diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py
index 5a85b95ae7754d20cb40cc2b8ec72114a9efcfd2..ceb5afff26a164c8f42c3a0f969d6e6a5ef8ddd5 100644
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -35,7 +35,7 @@ from ipalib.plugins.service import (split_principal, validate_certificate,
     set_certificate_attrs, ticket_flags_params, update_krbticketflags,
     set_kerberos_attrs, rename_ipaallowedtoperform_from_ldap,
     rename_ipaallowedtoperform_to_ldap, revoke_certs)
-from ipalib.plugins.dns import (dns_container_exists, _record_attributes,
+from ipalib.plugins.dns import (dns_container_exists,
         add_records_for_host_validation, add_records_for_host,
         get_reverse_zone)
 from ipalib import _, ngettext
@@ -121,15 +121,6 @@ register = Registry()
 host_pwd_chars = string.digits + string.ascii_letters + '_,.@+-='
 
 
-def remove_fwd_rec(ipaddr, host, domain, recordtype):
-    api.log.debug('deleting ipaddr %s', ipaddr)
-    try:
-        delkw = {recordtype: ipaddr}
-        api.Command['dnsrecord_del'](domain, host, **delkw)
-    except errors.NotFound:
-        api.log.debug('ipaddr %s not found', ipaddr)
-
-
 def remove_ptr_rec(ipaddr, host, domain):
     api.log.debug('deleting PTR record of ipaddr %s', ipaddr)
     try:
@@ -764,26 +755,31 @@ class host_del(LDAPDelete):
                 updatedns = False
 
         if updatedns:
-            # Remove DNS entries
+            # Remove A, AAAA, SSHFP and PTR records of the host
             parts = fqdn.split('.')
             domain = unicode('.'.join(parts[1:]))
-            # Get all forward resources for this host
+            # Get all resources for this host
             try:
                 record = api.Command['dnsrecord_show'](
                     domain, parts[0])['result']
             except errors.NotFound:
                 self.obj.handle_not_found(*keys)
             else:
-                for attr in _record_attributes:
+                # remove PTR records first
+                for attr in ('arecord', 'aaaarecord'):
                     for val in record.get(attr, []):
-                        if attr in ('arecord', 'aaaarecord'):
-                            remove_fwd_rec(val, parts[0], domain, attr)
-                            remove_ptr_rec(val, parts[0], domain)
-                        elif (val.endswith(parts[0]) or
-                                val.endswith(fqdn + '.')):
-                            delkw = {unicode(attr): val}
-                            api.Command['dnsrecord_del'](
-                                domain, record['idnsname'][0], **delkw)
+                        remove_ptr_rec(val, parts[0], domain)
+                try:
+                    # remove all A, AAAA, SSHFP records of the host
+                    api.Command['dnsrecord_mod'](
+                        domain,
+                        record['idnsname'][0],
+                        arecord=[],
+                        aaaarecord=[],
+                        sshfprecord=[]
+                        )
+                except errors.EmptyModlist:
+                    pass
 
         if self.api.Command.ca_is_enabled()['result']:
             try:
-- 
2.5.5

From 955134d559de51fb6ad973c19c876ea1cbe13743 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Fri, 1 Apr 2016 12:02:11 +0200
Subject: [PATCH 6/6] host_del: update help for --updatedns option

Clarify that dns removes only A, AAAA, PTR, SSHFP records of the host(s) managed by IPA DNS.

https://fedorahosted.org/freeipa/ticket/5675
---
 ipalib/plugins/host.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py
index ceb5afff26a164c8f42c3a0f969d6e6a5ef8ddd5..20b5776dd9b7fba231155237231d9f5f505e1297 100644
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -718,7 +718,8 @@ class host_del(LDAPDelete):
 
     takes_options = LDAPDelete.takes_options + (
         Flag('updatedns?',
-            doc=_('Remove entries from DNS'),
+            doc=_('Remove A, AAAA, SSHFP and PTR records of the host(s) '
+                  'managed by IPA DNS'),
             default=False,
         ),
     )
-- 
2.5.5

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to