From 7623bc99813156ce11167ae429a756f920258151 Mon Sep 17 00:00:00 2001

From: Martin Basti <mbasti@redhat.com>

Date: Fri, 20 Nov 2015 11:53:06 +0100

Subject: [PATCH] upgrade: fix migration of old dns forward zones

Plugins should call self.api not the global one during upgrade

https://fedorahosted.org/freeipa/ticket/5472

Reviewed-By: Petr Spacek <pspacek@redhat.com>

---

 ipalib/plugins/dns.py | 51 +++++++++++++++++++++++++++------------------------

 1 file changed, 27 insertions(+), 24 deletions(-)

diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py

index a3d562edb186682a872073e6c83a416b6a4cbc09..37a2c64cbacae5cc5626f17fac68848768af3242 100644

--- a/ipalib/plugins/dns.py

+++ b/ipalib/plugins/dns.py

@@ -1735,7 +1735,7 @@ def _normalize_zone(zone):

     return zone

-def _get_auth_zone_ldap(name):

+def _get_auth_zone_ldap(api, name):

     """

     Find authoritative zone in LDAP for name. Only active zones are considered.

     :param name:

@@ -1781,7 +1781,7 @@ def _get_auth_zone_ldap(name):

     return max(matched_auth_zones, key=len), truncated

-def _get_longest_match_ns_delegation_ldap(zone, name):

+def _get_longest_match_ns_delegation_ldap(api, zone, name):

     """

     Searches for deepest delegation for name in LDAP zone.

@@ -1857,7 +1857,7 @@ def _get_longest_match_ns_delegation_ldap(zone, name):

     return max(matched_records, key=len), truncated

-def _find_subtree_forward_zones_ldap(name, child_zones_only=False):

+def _find_subtree_forward_zones_ldap(api, name, child_zones_only=False):

     """

     Search for forwardzone <name> and all child forwardzones

     Filter: (|(*.<name>.)(<name>.))

@@ -1911,7 +1911,7 @@ def _find_subtree_forward_zones_ldap(name, child_zones_only=False):

     return result, truncated

-def _get_zone_which_makes_fw_zone_ineffective(fwzonename):

+def _get_zone_which_makes_fw_zone_ineffective(api, fwzonename):

     """

     Check if forward zone is effective.

@@ -1936,12 +1936,12 @@ def _get_zone_which_makes_fw_zone_ineffective(fwzonename):

     """

     assert isinstance(fwzonename, DNSName)

-    auth_zone, truncated_zone = _get_auth_zone_ldap(fwzonename)

+    auth_zone, truncated_zone = _get_auth_zone_ldap(api, fwzonename)

     if not auth_zone:

         return None, truncated_zone

     delegation_record_name, truncated_ns =\

-        _get_longest_match_ns_delegation_ldap(auth_zone, fwzonename)

+        _get_longest_match_ns_delegation_ldap(api, auth_zone, fwzonename)

     truncated = truncated_ns or truncated_zone

@@ -1951,12 +1951,12 @@ def _get_zone_which_makes_fw_zone_ineffective(fwzonename):

     return auth_zone, truncated

-def _add_warning_fw_zone_is_not_effective(result, fwzone, version):

+def _add_warning_fw_zone_is_not_effective(api, result, fwzone, version):

     """

     Adds warning message to result, if required

     """

     authoritative_zone, truncated = \

-        _get_zone_which_makes_fw_zone_ineffective(fwzone)

+        _get_zone_which_makes_fw_zone_ineffective(api, fwzone)

     if authoritative_zone:

         # forward zone is not effective and forwarding will not work

         messages.add_message(

@@ -2072,7 +2072,7 @@ class DNSZoneBase(LDAPObject):

     def _remove_permission(self, zone):

         permission_name = self.permission_name(zone)

         try:

-            api.Command['permission_del'](permission_name, force=True)

+            self.api.Command['permission_del'](permission_name, force=True)

         except errors.NotFound, e:

             if zone == DNSName.root:  # special case root zone

                 raise

@@ -2082,7 +2082,8 @@ class DNSZoneBase(LDAPObject):

                 zone.relativize(DNSName.root)

             )

             try:

-                api.Command['permission_del'](permission_name_rel, force=True)

+                self.api.Command['permission_del'](permission_name_rel,

+                                                   force=True)

             except errors.NotFound:

                 raise e  # re-raise original exception

@@ -2272,7 +2273,8 @@ class DNSZoneBase_add_permission(LDAPQuery):

                 keys[-1].relativize(DNSName.root)

             )

             try:

-                api.Object['permission'].get_dn_if_exists(permission_name_rel)

+                self.api.Object['permission'].get_dn_if_exists(

+                    permission_name_rel)

             except errors.NotFound:

                 pass

             else:

@@ -2283,7 +2285,7 @@ class DNSZoneBase_add_permission(LDAPQuery):

                     }

                 )

-        permission = api.Command['permission_add_noaci'](permission_name,

+        permission = self.api.Command['permission_add_noaci'](permission_name,

                          ipapermissiontype=u'SYSTEM'

                      )['result']

@@ -2643,12 +2645,12 @@ class dnszone(DNSZoneBase):

         """

         zone = keys[-1]

         affected_fw_zones, truncated = _find_subtree_forward_zones_ldap(

-            zone, child_zones_only=True)

+            self.api, zone, child_zones_only=True)

         if not affected_fw_zones:

             return

         for fwzone in affected_fw_zones:

-            _add_warning_fw_zone_is_not_effective(result, fwzone,

+            _add_warning_fw_zone_is_not_effective(self.api, result, fwzone,

                                                   options['version'])

@@ -2686,7 +2688,8 @@ class dnszone_add(DNSZoneBase_add):

         dn = super(dnszone_add, self).pre_callback(

             ldap, dn, entry_attrs, attrs_list, *keys, **options)

-        nameservers = [normalize_zone(x) for x in api.Object.dnsrecord.get_dns_masters()]

+        nameservers = [normalize_zone(x) for x in

+                       self.api.Object.dnsrecord.get_dns_masters()]

         server = normalize_zone(api.env.host)

         zone = keys[-1]

@@ -2735,7 +2738,7 @@ class dnszone_add(DNSZoneBase_add):

                 not zone.is_reverse() and

                 zone != DNSName.root):

             try:

-                api.Command['realmdomains_mod'](add_domain=unicode(zone),

+                self.api.Command['realmdomains_mod'](add_domain=unicode(zone),

                                                 force=True)

             except (errors.EmptyModlist, errors.ValidationError):

                 pass

@@ -2769,8 +2772,8 @@ class dnszone_del(DNSZoneBase_del):

                 not zone.is_reverse() and zone != DNSName.root

         ):

             try:

-                api.Command['realmdomains_mod'](del_domain=unicode(zone),

-                                                force=True)

+                self.api.Command['realmdomains_mod'](

+                    del_domain=unicode(zone), force=True)

             except (errors.AttrValueNotFound, errors.ValidationError):

                 pass

@@ -3476,12 +3479,12 @@ class dnsrecord(LDAPObject):

             record_name_absolute = record_name_absolute.derelativize(zone)

         affected_fw_zones, truncated = _find_subtree_forward_zones_ldap(

-            record_name_absolute)

+            self.api, record_name_absolute)

         if not affected_fw_zones:

             return

         for fwzone in affected_fw_zones:

-            _add_warning_fw_zone_is_not_effective(result, fwzone,

+            _add_warning_fw_zone_is_not_effective(self.api, result, fwzone,

                                                   options['version'])

@@ -3831,7 +3834,7 @@ class dnsrecord_mod(LDAPUpdate):

         # get DNS record first so that the NotFound exception is raised

         # before the helper would start

-        dns_record = api.Command['dnsrecord_show'](kw['dnszoneidnsname'], kw['idnsname'])['result']

+        dns_record = self.api.Command['dnsrecord_show'](kw['dnszoneidnsname'], kw['idnsname'])['result']

         rec_types = [rec_type for rec_type in dns_record if rec_type in _record_attributes]

         self.Backend.textui.print_plain(_("No option to modify specific record provided."))

@@ -4019,7 +4022,7 @@ class dnsrecord_del(LDAPUpdate):

         # get DNS record first so that the NotFound exception is raised

         # before the helper would start

-        dns_record = api.Command['dnsrecord_show'](kw['dnszoneidnsname'], kw['idnsname'])['result']

+        dns_record = self.api.Command['dnsrecord_show'](kw['dnszoneidnsname'], kw['idnsname'])['result']

         rec_types = [rec_type for rec_type in dns_record if rec_type in _record_attributes]

         self.Backend.textui.print_plain(_("No option to delete specific record provided."))

@@ -4334,7 +4337,7 @@ class dnsforwardzone(DNSZoneBase):

     def _warning_fw_zone_is_not_effective(self, result, *keys, **options):

         fwzone = keys[-1]

-        _add_warning_fw_zone_is_not_effective(result, fwzone,

+        _add_warning_fw_zone_is_not_effective(self.api, result, fwzone,

                                               options['version'])

     def _warning_if_forwarders_do_not_work(self, result, new_zone,

@@ -4374,7 +4377,7 @@ class dnsforwardzone(DNSZoneBase):

         # validation is configured just in named.conf per replica

         ipa_dns_masters = [normalize_zone(x) for x in

-                           api.Object.dnsrecord.get_dns_masters()]

+                           self.api.Object.dnsrecord.get_dns_masters()]

         if not ipa_dns_masters:

             # something very bad happened, DNS is installed, but no IPA DNS

-- 

2.4.3