Re: [Freeipa-devel] [PATCH 0184] Always return absolute idnsname in dnszone commands
Dne 23.1.2015 v 15:51 Martin Basti napsal(a): On 23/01/15 08:22, Jan Cholasta wrote: Dne 20.1.2015 v 12:49 Martin Basti napsal(a): On 15/01/15 16:07, Jan Cholasta wrote: Dne 15.1.2015 v 15:39 Martin Basti napsal(a): On 15/01/15 15:07, Jan Cholasta wrote: Dne 15.1.2015 v 14:58 Martin Basti napsal(a): On 15/01/15 14:25, Jan Cholasta wrote: Hi, Dne 15.1.2015 v 13:27 Martin Basti napsal(a): On 15/01/15 13:17, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4722 Patch attached. Fast fix. Updated patch attached. 1) Forward zone commands are not fixed. FWzones are new and always normalized to absolute name in ldap Would you bet your money on that? Better be safe than sorry, especially when it's just a matter of moving the code around (right?) 2) It seems that the primary key returned by -mod, -del and -show (.result.value) is made absolute somewhere else in the code. Would it be possible to do it in one place? IMO it is not possible. Value is generated from key, and key is normalized to absolute zone before calling execute. LDAPUpdate: ... if self.obj.primary_key: pkey = keys[-1] else: pkey = None return dict(result=entry_attrs, value=pkey_to_value(pkey, options)) The idnsname attribute is just taken from LDAP without any normalization Right. 3) Attribute values returned from LDAP are never None, so the if should be if 'idnsname' in entry_attrs:. Ok I will revert the change I made. 4) If idnsname always has only single value, use entry_attrs.single_value['idnsname'] = entry_attrs.single_value['idnsname'].make_absolute() Thanks Honza Updated patch attached. Updated patch attached. Thanks. Is there a reason why you put the _make_zone_absolute calls in dnszone_* and dnsforwardzone_* instead of DNSZoneBase_*? I moved callback into Base classes. Patch attached. 1) Multi-line statements should generally use parentheses for implicit line continuation rather than backslashes: +entry_attrs.single_value['idnsname'] = ( + entry_attrs.single_value['idnsname'].make_absolute()) 2) You can remove the DN asserts from dnszone_*, they are already asserted in DNSZoneBase_*. 3) Do not just ignore return values of super().post_callback(): def post_callback(self, something, ...): something = super(...).post_callback(something, ...) ... return something Updated patch attached. Thanks, ACK. Pushed to: master: af0a2409f92e2ef8b322628c0d0569f5e0dac902 ipa-4-1: 270253a999d6a59616634b307f9428e89d1fccb9 -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0184] Always return absolute idnsname in dnszone commands
On 23/01/15 08:22, Jan Cholasta wrote:
Dne 20.1.2015 v 12:49 Martin Basti napsal(a):
On 15/01/15 16:07, Jan Cholasta wrote:
Dne 15.1.2015 v 15:39 Martin Basti napsal(a):
On 15/01/15 15:07, Jan Cholasta wrote:
Dne 15.1.2015 v 14:58 Martin Basti napsal(a):
On 15/01/15 14:25, Jan Cholasta wrote:
Hi,
Dne 15.1.2015 v 13:27 Martin Basti napsal(a):
On 15/01/15 13:17, Martin Basti wrote:
https://fedorahosted.org/freeipa/ticket/4722
Patch attached.
Fast fix.
Updated patch attached.
1) Forward zone commands are not fixed.
FWzones are new and always normalized to absolute name in ldap
Would you bet your money on that? Better be safe than sorry,
especially when it's just a matter of moving the code around (right?)
2) It seems that the primary key returned by -mod, -del and -show
(.result.value) is made absolute somewhere else in the code.
Would it
be possible to do it in one place?
IMO it is not possible.
Value is generated from key, and key is normalized to absolute zone
before calling execute.
LDAPUpdate:
...
if self.obj.primary_key:
pkey = keys[-1]
else:
pkey = None
return dict(result=entry_attrs, value=pkey_to_value(pkey,
options))
The idnsname attribute is just taken from LDAP without any
normalization
Right.
3) Attribute values returned from LDAP are never None, so the if
should be if 'idnsname' in entry_attrs:.
Ok I will revert the change I made.
4) If idnsname always has only single value, use
entry_attrs.single_value['idnsname'] =
entry_attrs.single_value['idnsname'].make_absolute()
Thanks
Honza
Updated patch attached.
Updated patch attached.
Thanks.
Is there a reason why you put the _make_zone_absolute calls in
dnszone_* and dnsforwardzone_* instead of DNSZoneBase_*?
I moved callback into Base classes.
Patch attached.
1) Multi-line statements should generally use parentheses for implicit
line continuation rather than backslashes:
+entry_attrs.single_value['idnsname'] = (
+ entry_attrs.single_value['idnsname'].make_absolute())
2) You can remove the DN asserts from dnszone_*, they are already
asserted in DNSZoneBase_*.
3) Do not just ignore return values of super().post_callback():
def post_callback(self, something, ...):
something = super(...).post_callback(something, ...)
...
return something
Updated patch attached.
--
Martin Basti
From 2cfa5856aa5276569856acefb7dd03c1feced04e Mon Sep 17 00:00:00 2001
From: Martin Basti mba...@redhat.com
Date: Thu, 15 Jan 2015 13:13:55 +0100
Subject: [PATCH] Always return absolute idnsname in dnszone commands
Ticket: https://fedorahosted.org/freeipa/ticket/4722
---
ipalib/plugins/dns.py | 36 ++--
1 file changed, 34 insertions(+), 2 deletions(-)
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index 7a80036c94432a01ea8781101712ea1135134948..9dc3ed0b021b7d9bb42053a48690047bd7a244a2 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -2081,6 +2081,18 @@ class DNSZoneBase(LDAPObject):
except errors.NotFound:
raise e # re-raise original exception
+def _make_zonename_absolute(self, entry_attrs, **options):
+
+Zone names can be relative in IPA 4.0, make sure we always return
+absolute zone name from ldap
+
+if options.get('raw'):
+return
+
+if idnsname in entry_attrs:
+entry_attrs.single_value['idnsname'] = (
+entry_attrs.single_value['idnsname'].make_absolute())
+
class DNSZoneBase_add(LDAPCreate):
@@ -2128,6 +2140,11 @@ class DNSZoneBase_del(LDAPDelete):
class DNSZoneBase_mod(LDAPUpdate):
has_output_params = LDAPUpdate.has_output_params + dnszone_output_params
+def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
+assert isinstance(dn, DN)
+self.obj._make_zonename_absolute(entry_attrs, **options)
+return dn
+
class DNSZoneBase_find(LDAPSearch):
__doc__ = _('Search for DNS zones (SOA records).')
@@ -2162,6 +2179,11 @@ class DNSZoneBase_find(LDAPSearch):
filter = _create_idn_filter(self, ldap, *args, **options)
return (filter, base_dn, scope)
+def post_callback(self, ldap, entries, truncated, *args, **options):
+for entry_attrs in entries:
+self.obj._make_zonename_absolute(entry_attrs, **options)
+return truncated
+
class DNSZoneBase_show(LDAPRetrieve):
has_output_params = LDAPRetrieve.has_output_params + dnszone_output_params
@@ -2172,6 +2194,11 @@ class DNSZoneBase_show(LDAPRetrieve):
self.obj.handle_not_found(*keys)
return dn
+def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
+assert isinstance(dn, DN)
+self.obj._make_zonename_absolute(entry_attrs, **options)
+return dn
+
class DNSZoneBase_disable(LDAPQuery):
has_output =
Re: [Freeipa-devel] [PATCH 0184] Always return absolute idnsname in dnszone commands
Dne 20.1.2015 v 12:49 Martin Basti napsal(a): On 15/01/15 16:07, Jan Cholasta wrote: Dne 15.1.2015 v 15:39 Martin Basti napsal(a): On 15/01/15 15:07, Jan Cholasta wrote: Dne 15.1.2015 v 14:58 Martin Basti napsal(a): On 15/01/15 14:25, Jan Cholasta wrote: Hi, Dne 15.1.2015 v 13:27 Martin Basti napsal(a): On 15/01/15 13:17, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4722 Patch attached. Fast fix. Updated patch attached. 1) Forward zone commands are not fixed. FWzones are new and always normalized to absolute name in ldap Would you bet your money on that? Better be safe than sorry, especially when it's just a matter of moving the code around (right?) 2) It seems that the primary key returned by -mod, -del and -show (.result.value) is made absolute somewhere else in the code. Would it be possible to do it in one place? IMO it is not possible. Value is generated from key, and key is normalized to absolute zone before calling execute. LDAPUpdate: ... if self.obj.primary_key: pkey = keys[-1] else: pkey = None return dict(result=entry_attrs, value=pkey_to_value(pkey, options)) The idnsname attribute is just taken from LDAP without any normalization Right. 3) Attribute values returned from LDAP are never None, so the if should be if 'idnsname' in entry_attrs:. Ok I will revert the change I made. 4) If idnsname always has only single value, use entry_attrs.single_value['idnsname'] = entry_attrs.single_value['idnsname'].make_absolute() Thanks Honza Updated patch attached. Updated patch attached. Thanks. Is there a reason why you put the _make_zone_absolute calls in dnszone_* and dnsforwardzone_* instead of DNSZoneBase_*? I moved callback into Base classes. Patch attached. 1) Multi-line statements should generally use parentheses for implicit line continuation rather than backslashes: +entry_attrs.single_value['idnsname'] = ( +entry_attrs.single_value['idnsname'].make_absolute()) 2) You can remove the DN asserts from dnszone_*, they are already asserted in DNSZoneBase_*. 3) Do not just ignore return values of super().post_callback(): def post_callback(self, something, ...): something = super(...).post_callback(something, ...) ... return something -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0184] Always return absolute idnsname in dnszone commands
On 15/01/15 16:07, Jan Cholasta wrote:
Dne 15.1.2015 v 15:39 Martin Basti napsal(a):
On 15/01/15 15:07, Jan Cholasta wrote:
Dne 15.1.2015 v 14:58 Martin Basti napsal(a):
On 15/01/15 14:25, Jan Cholasta wrote:
Hi,
Dne 15.1.2015 v 13:27 Martin Basti napsal(a):
On 15/01/15 13:17, Martin Basti wrote:
https://fedorahosted.org/freeipa/ticket/4722
Patch attached.
Fast fix.
Updated patch attached.
1) Forward zone commands are not fixed.
FWzones are new and always normalized to absolute name in ldap
Would you bet your money on that? Better be safe than sorry,
especially when it's just a matter of moving the code around (right?)
2) It seems that the primary key returned by -mod, -del and -show
(.result.value) is made absolute somewhere else in the code. Would it
be possible to do it in one place?
IMO it is not possible.
Value is generated from key, and key is normalized to absolute zone
before calling execute.
LDAPUpdate:
...
if self.obj.primary_key:
pkey = keys[-1]
else:
pkey = None
return dict(result=entry_attrs, value=pkey_to_value(pkey,
options))
The idnsname attribute is just taken from LDAP without any
normalization
Right.
3) Attribute values returned from LDAP are never None, so the if
should be if 'idnsname' in entry_attrs:.
Ok I will revert the change I made.
4) If idnsname always has only single value, use
entry_attrs.single_value['idnsname'] =
entry_attrs.single_value['idnsname'].make_absolute()
Thanks
Honza
Updated patch attached.
Updated patch attached.
Thanks.
Is there a reason why you put the _make_zone_absolute calls in
dnszone_* and dnsforwardzone_* instead of DNSZoneBase_*?
I moved callback into Base classes.
Patch attached.
--
Martin Basti
From de0c7ddfaed92ec6bdda56658d8fb80c6dcd10ab Mon Sep 17 00:00:00 2001
From: Martin Basti mba...@redhat.com
Date: Thu, 15 Jan 2015 13:13:55 +0100
Subject: [PATCH] Always return absolute idnsname in dnszone commands
Ticket: https://fedorahosted.org/freeipa/ticket/4722
---
ipalib/plugins/dns.py | 33 +
1 file changed, 33 insertions(+)
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index 7a80036c94432a01ea8781101712ea1135134948..0fdddbbb826b920d90fff0f3fdeec6e991ca1755 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -2081,6 +2081,18 @@ class DNSZoneBase(LDAPObject):
except errors.NotFound:
raise e # re-raise original exception
+def _make_zonename_absolute(self, entry_attrs, **options):
+
+Zone names can be relative in IPA 4.0, make sure we always return
+absolute zone name from ldap
+
+if options.get('raw'):
+return
+
+if idnsname in entry_attrs:
+entry_attrs.single_value['idnsname'] = \
+entry_attrs.single_value['idnsname'].make_absolute()
+
class DNSZoneBase_add(LDAPCreate):
@@ -2128,6 +2140,11 @@ class DNSZoneBase_del(LDAPDelete):
class DNSZoneBase_mod(LDAPUpdate):
has_output_params = LDAPUpdate.has_output_params + dnszone_output_params
+def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
+assert isinstance(dn, DN)
+self.obj._make_zonename_absolute(entry_attrs, **options)
+return dn
+
class DNSZoneBase_find(LDAPSearch):
__doc__ = _('Search for DNS zones (SOA records).')
@@ -2162,6 +2179,11 @@ class DNSZoneBase_find(LDAPSearch):
filter = _create_idn_filter(self, ldap, *args, **options)
return (filter, base_dn, scope)
+def post_callback(self, ldap, entries, truncated, *args, **options):
+for entry_attrs in entries:
+self.obj._make_zonename_absolute(entry_attrs, **options)
+return truncated
+
class DNSZoneBase_show(LDAPRetrieve):
has_output_params = LDAPRetrieve.has_output_params + dnszone_output_params
@@ -2172,6 +2194,11 @@ class DNSZoneBase_show(LDAPRetrieve):
self.obj.handle_not_found(*keys)
return dn
+def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
+assert isinstance(dn, DN)
+self.obj._make_zonename_absolute(entry_attrs, **options)
+return dn
+
class DNSZoneBase_disable(LDAPQuery):
has_output = output.standard_value
@@ -2797,6 +2824,8 @@ class dnszone_mod(DNSZoneBase_mod):
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
assert isinstance(dn, DN)
+super(dnszone_mod, self).post_callback(ldap, dn, entry_attrs,
+ *keys, **options)
self.obj._rr_zone_postprocess(entry_attrs, **options)
return dn
@@ -2833,6 +2862,8 @@ class dnszone_find(DNSZoneBase_find):
return (filter, base_dn, scope)
def post_callback(self, ldap, entries, truncated, *args, **options):
+super(dnszone_find, self).post_callback(ldap, entries, truncated,
+
Re: [Freeipa-devel] [PATCH 0184] Always return absolute idnsname in dnszone commands
On 15/01/15 15:07, Jan Cholasta wrote:
Dne 15.1.2015 v 14:58 Martin Basti napsal(a):
On 15/01/15 14:25, Jan Cholasta wrote:
Hi,
Dne 15.1.2015 v 13:27 Martin Basti napsal(a):
On 15/01/15 13:17, Martin Basti wrote:
https://fedorahosted.org/freeipa/ticket/4722
Patch attached.
Fast fix.
Updated patch attached.
1) Forward zone commands are not fixed.
FWzones are new and always normalized to absolute name in ldap
Would you bet your money on that? Better be safe than sorry,
especially when it's just a matter of moving the code around (right?)
2) It seems that the primary key returned by -mod, -del and -show
(.result.value) is made absolute somewhere else in the code. Would it
be possible to do it in one place?
IMO it is not possible.
Value is generated from key, and key is normalized to absolute zone
before calling execute.
LDAPUpdate:
...
if self.obj.primary_key:
pkey = keys[-1]
else:
pkey = None
return dict(result=entry_attrs, value=pkey_to_value(pkey,
options))
The idnsname attribute is just taken from LDAP without any normalization
Right.
3) Attribute values returned from LDAP are never None, so the if
should be if 'idnsname' in entry_attrs:.
Ok I will revert the change I made.
4) If idnsname always has only single value, use
entry_attrs.single_value['idnsname'] =
entry_attrs.single_value['idnsname'].make_absolute()
Thanks
Honza
Updated patch attached.
Updated patch attached.
--
Martin Basti
From 5ea17ecf1b6811df05042beb6a9024cefee415df Mon Sep 17 00:00:00 2001
From: Martin Basti mba...@redhat.com
Date: Thu, 15 Jan 2015 13:13:55 +0100
Subject: [PATCH] Always return absolute idnsname in dnszone commands
Ticket: https://fedorahosted.org/freeipa/ticket/4722
---
ipalib/plugins/dns.py | 27 +++
1 file changed, 27 insertions(+)
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index 7a80036c94432a01ea8781101712ea1135134948..4b95684747ac1d470665016e614b68095bc8690f 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -2081,6 +2081,15 @@ class DNSZoneBase(LDAPObject):
except errors.NotFound:
raise e # re-raise original exception
+def _make_zonename_absolute(self, entry_attrs):
+
+Zone names can be relative in IPA 4.0, make sure we always return
+absolute zone name from ldap
+
+if idnsname in entry_attrs:
+entry_attrs.single_value['idnsname'] = \
+entry_attrs.single_value['idnsname'].make_absolute()
+
class DNSZoneBase_add(LDAPCreate):
@@ -2798,6 +2807,7 @@ class dnszone_mod(DNSZoneBase_mod):
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
assert isinstance(dn, DN)
self.obj._rr_zone_postprocess(entry_attrs, **options)
+self.obj._make_zonename_absolute(entry_attrs)
return dn
@@ -2835,6 +2845,7 @@ class dnszone_find(DNSZoneBase_find):
def post_callback(self, ldap, entries, truncated, *args, **options):
for entry_attrs in entries:
self.obj._rr_zone_postprocess(entry_attrs, **options)
+self.obj._make_zonename_absolute(entry_attrs)
return truncated
@@ -2851,6 +2862,7 @@ class dnszone_show(DNSZoneBase_show):
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
assert isinstance(dn, DN)
self.obj._rr_zone_postprocess(entry_attrs, **options)
+self.obj._make_zonename_absolute(entry_attrs)
return dn
@@ -4370,11 +4382,21 @@ class dnsforwardzone_mod(DNSZoneBase_mod):
return dn
+def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
+assert isinstance(dn, DN)
+self.obj._make_zonename_absolute(entry_attrs)
+return dn
+
@register()
class dnsforwardzone_find(DNSZoneBase_find):
__doc__ = _('Search for DNS forward zones.')
+def post_callback(self, ldap, entries, truncated, *args, **options):
+for entry_attrs in entries:
+self.obj._make_zonename_absolute(entry_attrs)
+return truncated
+
@register()
class dnsforwardzone_show(DNSZoneBase_show):
@@ -4382,6 +4404,11 @@ class dnsforwardzone_show(DNSZoneBase_show):
has_output_params = LDAPRetrieve.has_output_params + dnszone_output_params
+def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
+assert isinstance(dn, DN)
+self.obj._make_zonename_absolute(entry_attrs)
+return dn
+
@register()
class dnsforwardzone_disable(DNSZoneBase_disable):
--
2.1.0
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0184] Always return absolute idnsname in dnszone commands
Dne 15.1.2015 v 15:39 Martin Basti napsal(a): On 15/01/15 15:07, Jan Cholasta wrote: Dne 15.1.2015 v 14:58 Martin Basti napsal(a): On 15/01/15 14:25, Jan Cholasta wrote: Hi, Dne 15.1.2015 v 13:27 Martin Basti napsal(a): On 15/01/15 13:17, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4722 Patch attached. Fast fix. Updated patch attached. 1) Forward zone commands are not fixed. FWzones are new and always normalized to absolute name in ldap Would you bet your money on that? Better be safe than sorry, especially when it's just a matter of moving the code around (right?) 2) It seems that the primary key returned by -mod, -del and -show (.result.value) is made absolute somewhere else in the code. Would it be possible to do it in one place? IMO it is not possible. Value is generated from key, and key is normalized to absolute zone before calling execute. LDAPUpdate: ... if self.obj.primary_key: pkey = keys[-1] else: pkey = None return dict(result=entry_attrs, value=pkey_to_value(pkey, options)) The idnsname attribute is just taken from LDAP without any normalization Right. 3) Attribute values returned from LDAP are never None, so the if should be if 'idnsname' in entry_attrs:. Ok I will revert the change I made. 4) If idnsname always has only single value, use entry_attrs.single_value['idnsname'] = entry_attrs.single_value['idnsname'].make_absolute() Thanks Honza Updated patch attached. Updated patch attached. Thanks. Is there a reason why you put the _make_zone_absolute calls in dnszone_* and dnsforwardzone_* instead of DNSZoneBase_*? -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH 0184] Always return absolute idnsname in dnszone commands
https://fedorahosted.org/freeipa/ticket/4722 Patch attached. -- Martin Basti From 5878f7878e11a51189a131edf6c772934999efb1 Mon Sep 17 00:00:00 2001 From: Martin Basti mba...@redhat.com Date: Thu, 15 Jan 2015 13:13:55 +0100 Subject: [PATCH] Always return absolute idnsname in dnszone commands Ticket: https://fedorahosted.org/freeipa/ticket/4722 --- ipalib/plugins/dns.py | 13 + 1 file changed, 13 insertions(+) diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index 7a80036c94432a01ea8781101712ea1135134948..d08e5f3bc9d8e976404d7eaf357b046a7c40089f 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -2632,6 +2632,16 @@ class dnszone(DNSZoneBase): _add_warning_fw_zone_is_not_effective(result, fwzone, options['version']) +def _make_zone_absolute(self, entry_attrs): + +Zone names can be relative in IPA 4.0, make sure we always return +absolute zone name from ldap +Only old master zones in LDAP area affected. + +if idnsname in entry_attrs: +entry_attrs['idnsname'] = [ +entry_attrs['idnsname'][0].make_absolute()] + @register() class dnszone_add(DNSZoneBase_add): @@ -2798,6 +2808,7 @@ class dnszone_mod(DNSZoneBase_mod): def post_callback(self, ldap, dn, entry_attrs, *keys, **options): assert isinstance(dn, DN) self.obj._rr_zone_postprocess(entry_attrs, **options) +self.obj._make_zone_absolute(entry_attrs) return dn @@ -2835,6 +2846,7 @@ class dnszone_find(DNSZoneBase_find): def post_callback(self, ldap, entries, truncated, *args, **options): for entry_attrs in entries: self.obj._rr_zone_postprocess(entry_attrs, **options) +self.obj._make_zone_absolute(entry_attrs) return truncated @@ -2851,6 +2863,7 @@ class dnszone_show(DNSZoneBase_show): def post_callback(self, ldap, dn, entry_attrs, *keys, **options): assert isinstance(dn, DN) self.obj._rr_zone_postprocess(entry_attrs, **options) +self.obj._make_zone_absolute(entry_attrs) return dn -- 2.1.0 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0184] Always return absolute idnsname in dnszone commands
On 15/01/15 13:17, Martin Basti wrote:
https://fedorahosted.org/freeipa/ticket/4722
Patch attached.
Fast fix.
Updated patch attached.
--
Martin Basti
From cb6a237a2b58d2ec7b5598f13d22231edf563e4b Mon Sep 17 00:00:00 2001
From: Martin Basti mba...@redhat.com
Date: Thu, 15 Jan 2015 13:13:55 +0100
Subject: [PATCH] Always return absolute idnsname in dnszone commands
Ticket: https://fedorahosted.org/freeipa/ticket/4722
---
ipalib/plugins/dns.py | 13 +
1 file changed, 13 insertions(+)
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index 7a80036c94432a01ea8781101712ea1135134948..31244f44638d3ccc828e476b3b2f176194632449 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -2632,6 +2632,16 @@ class dnszone(DNSZoneBase):
_add_warning_fw_zone_is_not_effective(result, fwzone,
options['version'])
+def _make_zone_absolute(self, entry_attrs):
+
+Zone names can be relative in IPA 4.0, make sure we always return
+absolute zone name from ldap
+Only old master zones in LDAP area affected.
+
+if entry_attrs.get('idnsname'):
+entry_attrs['idnsname'] = [
+entry_attrs['idnsname'][0].make_absolute()]
+
@register()
class dnszone_add(DNSZoneBase_add):
@@ -2798,6 +2808,7 @@ class dnszone_mod(DNSZoneBase_mod):
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
assert isinstance(dn, DN)
self.obj._rr_zone_postprocess(entry_attrs, **options)
+self.obj._make_zone_absolute(entry_attrs)
return dn
@@ -2835,6 +2846,7 @@ class dnszone_find(DNSZoneBase_find):
def post_callback(self, ldap, entries, truncated, *args, **options):
for entry_attrs in entries:
self.obj._rr_zone_postprocess(entry_attrs, **options)
+self.obj._make_zone_absolute(entry_attrs)
return truncated
@@ -2851,6 +2863,7 @@ class dnszone_show(DNSZoneBase_show):
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
assert isinstance(dn, DN)
self.obj._rr_zone_postprocess(entry_attrs, **options)
+self.obj._make_zone_absolute(entry_attrs)
return dn
--
2.1.0
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0184] Always return absolute idnsname in dnszone commands
Hi, Dne 15.1.2015 v 13:27 Martin Basti napsal(a): On 15/01/15 13:17, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4722 Patch attached. Fast fix. Updated patch attached. 1) Forward zone commands are not fixed. 2) It seems that the primary key returned by -mod, -del and -show (.result.value) is made absolute somewhere else in the code. Would it be possible to do it in one place? 3) Attribute values returned from LDAP are never None, so the if should be if 'idnsname' in entry_attrs:. 4) If idnsname always has only single value, use entry_attrs.single_value['idnsname'] = entry_attrs.single_value['idnsname'].make_absolute() Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0184] Always return absolute idnsname in dnszone commands
Dne 15.1.2015 v 14:58 Martin Basti napsal(a): On 15/01/15 14:25, Jan Cholasta wrote: Hi, Dne 15.1.2015 v 13:27 Martin Basti napsal(a): On 15/01/15 13:17, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4722 Patch attached. Fast fix. Updated patch attached. 1) Forward zone commands are not fixed. FWzones are new and always normalized to absolute name in ldap Would you bet your money on that? Better be safe than sorry, especially when it's just a matter of moving the code around (right?) 2) It seems that the primary key returned by -mod, -del and -show (.result.value) is made absolute somewhere else in the code. Would it be possible to do it in one place? IMO it is not possible. Value is generated from key, and key is normalized to absolute zone before calling execute. LDAPUpdate: ... if self.obj.primary_key: pkey = keys[-1] else: pkey = None return dict(result=entry_attrs, value=pkey_to_value(pkey, options)) The idnsname attribute is just taken from LDAP without any normalization Right. 3) Attribute values returned from LDAP are never None, so the if should be if 'idnsname' in entry_attrs:. Ok I will revert the change I made. 4) If idnsname always has only single value, use entry_attrs.single_value['idnsname'] = entry_attrs.single_value['idnsname'].make_absolute() Thanks Honza Updated patch attached. -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0184] Always return absolute idnsname in dnszone commands
On 15/01/15 14:25, Jan Cholasta wrote: Hi, Dne 15.1.2015 v 13:27 Martin Basti napsal(a): On 15/01/15 13:17, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4722 Patch attached. Fast fix. Updated patch attached. 1) Forward zone commands are not fixed. FWzones are new and always normalized to absolute name in ldap 2) It seems that the primary key returned by -mod, -del and -show (.result.value) is made absolute somewhere else in the code. Would it be possible to do it in one place? IMO it is not possible. Value is generated from key, and key is normalized to absolute zone before calling execute. LDAPUpdate: ... if self.obj.primary_key: pkey = keys[-1] else: pkey = None return dict(result=entry_attrs, value=pkey_to_value(pkey, options)) The idnsname attribute is just taken from LDAP without any normalization 3) Attribute values returned from LDAP are never None, so the if should be if 'idnsname' in entry_attrs:. Ok I will revert the change I made. 4) If idnsname always has only single value, use entry_attrs.single_value['idnsname'] = entry_attrs.single_value['idnsname'].make_absolute() Thanks Honza Updated patch attached. -- Martin Basti From 7761dc673c24243a2bd030850db56ab404bab890 Mon Sep 17 00:00:00 2001 From: Martin Basti mba...@redhat.com Date: Thu, 15 Jan 2015 13:13:55 +0100 Subject: [PATCH] Always return absolute idnsname in dnszone commands Ticket: https://fedorahosted.org/freeipa/ticket/4722 --- ipalib/plugins/dns.py | 13 + 1 file changed, 13 insertions(+) diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index 7a80036c94432a01ea8781101712ea1135134948..068c9cbd9b158a43947e0c4f1f1343bba99c98bf 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -2632,6 +2632,16 @@ class dnszone(DNSZoneBase): _add_warning_fw_zone_is_not_effective(result, fwzone, options['version']) +def _make_zone_absolute(self, entry_attrs): + +Zone names can be relative in IPA 4.0, make sure we always return +absolute zone name from ldap +Only old master zones in LDAP area affected. + +if idnsname in entry_attrs: +entry_attrs.single_value['idnsname'] = \ +entry_attrs.single_value['idnsname'].make_absolute() + @register() class dnszone_add(DNSZoneBase_add): @@ -2798,6 +2808,7 @@ class dnszone_mod(DNSZoneBase_mod): def post_callback(self, ldap, dn, entry_attrs, *keys, **options): assert isinstance(dn, DN) self.obj._rr_zone_postprocess(entry_attrs, **options) +self.obj._make_zone_absolute(entry_attrs) return dn @@ -2835,6 +2846,7 @@ class dnszone_find(DNSZoneBase_find): def post_callback(self, ldap, entries, truncated, *args, **options): for entry_attrs in entries: self.obj._rr_zone_postprocess(entry_attrs, **options) +self.obj._make_zone_absolute(entry_attrs) return truncated @@ -2851,6 +2863,7 @@ class dnszone_show(DNSZoneBase_show): def post_callback(self, ldap, dn, entry_attrs, *keys, **options): assert isinstance(dn, DN) self.obj._rr_zone_postprocess(entry_attrs, **options) +self.obj._make_zone_absolute(entry_attrs) return dn -- 2.1.0 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
