From 3283ba88cdd7821a430132dec23a788ea4241f76 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Wed, 27 Mar 2019 11:03:00 +0100 Subject: [PATCH] Use api.env.container_masters Replace occurences of ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc') with api.env.container_masters. Signed-off-by: Christian Heimes Reviewed-By: Thomas Woerner --- ipaserver/install/bindinstance.py | 3 +-- ipaserver/install/cainstance.py | 7 +++---- ipaserver/install/dns.py | 4 ++-- ipaserver/install/ipa_backup.py | 3 ++- ipaserver/install/ipa_restore.py | 3 ++- ipaserver/install/krbinstance.py | 6 +----- ipaserver/install/plugins/ca_renewal_master.py | 3 +-- ipaserver/install/replication.py | 3 +-- ipaserver/install/server/upgrade.py | 4 ++-- ipaserver/install/service.py | 11 +++++------ ipaserver/plugins/baseldap.py | 2 +- ipaserver/plugins/domainlevel.py | 13 +++---------- 12 files changed, 24 insertions(+), 38 deletions(-) diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index c175ca4f23b4f4440e1acaac2495276388daf3ae..6156ecdfbd1a62d5b1e0a26db47ef2b9a9448bc1 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -862,8 +862,7 @@ class BindInstance(service.Service): def __add_others(self): entries = api.Backend.ldap2.get_entries( - DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), - self.suffix), + DN(api.env.container_masters, self.suffix), api.Backend.ldap2.SCOPE_ONELEVEL, None, ['dn']) for entry in entries: diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index f424e7cd76d24a5a633a4f4babf3e112537be92c..2946b5cc2b4b8b708a060aa79d1b7ab0e7b4e651 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -1173,8 +1173,8 @@ class CAInstance(DogtagInstance): if fqdn is None: fqdn = api.env.host - dn = DN(('cn', 'CA'), ('cn', fqdn), ('cn', 'masters'), ('cn', 'ipa'), - ('cn', 'etc'), api.env.basedn) + dn = DN(('cn', 'CA'), ('cn', fqdn), api.env.container_masters, + api.env.basedn) renewal_filter = '(ipaConfigString=caRenewalMaster)' try: api.Backend.ldap2.get_entries(base_dn=dn, filter=renewal_filter, @@ -1188,8 +1188,7 @@ class CAInstance(DogtagInstance): if fqdn is None: fqdn = api.env.host - base_dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), - api.env.basedn) + base_dn = DN(api.env.container_masters, api.env.basedn) filter = '(&(cn=CA)(ipaConfigString=caRenewalMaster))' try: entries = api.Backend.ldap2.get_entries( diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py index b17848a80c4300ed74aedc1e29a0dedbee79e6d9..930e038e4d7629563d2cea39fe581987dd0edfef 100644 --- a/ipaserver/install/dns.py +++ b/ipaserver/install/dns.py @@ -98,8 +98,8 @@ def _disable_dnssec(): api.env.basedn) conn = api.Backend.ldap2 - dn = DN(('cn', 'DNSSEC'), ('cn', api.env.host), ('cn', 'masters'), - ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn) + dn = DN(('cn', 'DNSSEC'), ('cn', api.env.host), + api.env.container_masters, api.env.basedn) try: entry = conn.get_entry(dn) except errors.NotFound: diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py index 789955a67dfc255285a2c82d9a8060495c3469e2..cef01d30454ea1adb8bf9c68f428b9555f1b9557 100644 --- a/ipaserver/install/ipa_backup.py +++ b/ipaserver/install/ipa_backup.py @@ -576,7 +576,8 @@ class Backup(admintool.AdminTool): config.set('ipa', 'ipa_version', str(version.VERSION)) config.set('ipa', 'version', '1') - dn = DN(('cn', api.env.host), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn) + dn = DN(('cn', api.env.host), api.env.container_masters, + api.env.basedn) services_cns = [] try: conn = self.get_connection() diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py index 8b2f5bef7c9b1b8e2e2bae4e88850cf18b67b889..bd065a038db4d523048f0566f65458402d801e18 100644 --- a/ipaserver/install/ipa_restore.py +++ b/ipaserver/install/ipa_restore.py @@ -507,7 +507,8 @@ class Restore(admintool.AdminTool): master, e) continue - master_dn = DN(('cn', master), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn) + master_dn = DN(('cn', master), api.env.container_masters, + api.env.basedn) try: services = repl.conn.get_entries(master_dn, repl.conn.SCOPE_ONELEVEL) diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index aa9243dc69674a00f2e1bcdc3e71d44ae8862fbe..319eeb82bcbe61acd70b2943982b6fec6fa33f92 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -470,11 +470,7 @@ class KrbInstance(service.Service): unadvertise enabled PKINIT feature in master's KDC entry in LDAP """ ldap = api.Backend.ldap2 - dn = DN(('cn', 'KDC'), - ('cn', self.fqdn), - ('cn', 'masters'), - ('cn', 'ipa'), - ('cn', 'etc'), + dn = DN(('cn', 'KDC'), ('cn', self.fqdn), api.env.container_masters, self.suffix) entry = ldap.get_entry(dn, ['ipaConfigString']) diff --git a/ipaserver/install/plugins/ca_renewal_master.py b/ipaserver/install/plugins/ca_renewal_master.py index 618f51244019c2a77a9d0a93437f95c037f1a728..259bd5a991d39adb9f30fe5b22e59c7eef09cfc6 100644 --- a/ipaserver/install/plugins/ca_renewal_master.py +++ b/ipaserver/install/plugins/ca_renewal_master.py @@ -46,8 +46,7 @@ class update_ca_renewal_master(Updater): return False, [] ldap = self.api.Backend.ldap2 - base_dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), - self.api.env.basedn) + base_dn = DN(self.api.env.container_masters, self.api.env.basedn) dn = DN(('cn', 'CA'), ('cn', self.api.env.host), base_dn) filter = '(&(cn=CA)(ipaConfigString=caRenewalMaster))' try: diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 70629b4528f033908c584bfaf0793cfa4ce259d4..8644b9ff618d28614a319d6da6a2041fea3c1c1f 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -1419,8 +1419,7 @@ class ReplicationManager(object): # delete master entry with all active services try: - dn = DN(('cn', replica), ('cn', 'masters'), ('cn', 'ipa'), - ('cn', 'etc'), self.suffix) + dn = DN(('cn', replica), api.env.container_masters, self.suffix) entries = self.conn.get_entries(dn, ldap.SCOPE_SUBTREE) if entries: entries.sort(key=lambda x: len(x.dn), reverse=True) diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index 57c70ea9250bf6fcf027665304e02cc6def8e442..f4389d37909fc0b5aed960638de67243906b634d 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -1244,8 +1244,8 @@ def uninstall_dogtag_9(ds, http): logger.debug('Dogtag is version 10 or above') return - dn = DN(('cn', 'CA'), ('cn', api.env.host), ('cn', 'masters'), - ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn) + dn = DN(('cn', 'CA'), ('cn', api.env.host), api.env.container_masters, + api.env.basedn) try: api.Backend.ldap2.delete_entry(dn) except ipalib.errors.PublicError as e: diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index a030801175491f65dc83aa9d42afdb1dfdb65b0f..261eedc85be24478b99e5ae8886aec7bc23a80ed 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -134,8 +134,7 @@ def set_service_entry_config(name, fqdn, config_values, assert isinstance(ldap_suffix, DN) entry_name = DN( - ('cn', name), ('cn', fqdn), ('cn', 'masters'), - ('cn', 'ipa'), ('cn', 'etc'), ldap_suffix) + ('cn', name), ('cn', fqdn), api.env.container_masters, ldap_suffix) # enable disabled service try: @@ -577,8 +576,8 @@ class Service(object): def ldap_disable(self, name, fqdn, ldap_suffix): assert isinstance(ldap_suffix, DN) - entry_dn = DN(('cn', name), ('cn', fqdn), ('cn', 'masters'), - ('cn', 'ipa'), ('cn', 'etc'), ldap_suffix) + entry_dn = DN(('cn', name), ('cn', fqdn), api.env.container_masters, + ldap_suffix) search_kw = {'ipaConfigString': ENABLED_SERVICE} filter = api.Backend.ldap2.make_filter(search_kw) try: @@ -611,8 +610,8 @@ class Service(object): logger.debug("service %s startup entry disabled", name) def ldap_remove_service_container(self, name, fqdn, ldap_suffix): - entry_dn = DN(('cn', name), ('cn', fqdn), ('cn', 'masters'), - ('cn', 'ipa'), ('cn', 'etc'), ldap_suffix) + entry_dn = DN(('cn', name), ('cn', fqdn), + self.api.env.container_masters, ldap_suffix) try: api.Backend.ldap2.delete_entry(entry_dn) except errors.NotFound: diff --git a/ipaserver/plugins/baseldap.py b/ipaserver/plugins/baseldap.py index 08ddc6d10d6431f51296bca9ae28aca8fa8586b2..25449b5aec72cbdbfb57527aa834cc69291398d6 100644 --- a/ipaserver/plugins/baseldap.py +++ b/ipaserver/plugins/baseldap.py @@ -497,7 +497,7 @@ def host_is_master(ldap, fqdn): Raises an exception if a master, otherwise returns nothing. """ - master_dn = DN(('cn', fqdn), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn) + master_dn = DN(('cn', fqdn), api.env.container_masters, api.env.basedn) try: ldap.get_entry(master_dn, ['objectclass']) raise errors.ValidationError(name='hostname', error=_('An IPA master host cannot be deleted or disabled')) diff --git a/ipaserver/plugins/domainlevel.py b/ipaserver/plugins/domainlevel.py index 306ca0a6d147b2c0dc7a91ee1aefc0e7a5c98048..0d36dc08c07612dc565417a66ab9c467eb7f0555 100644 --- a/ipaserver/plugins/domainlevel.py +++ b/ipaserver/plugins/domainlevel.py @@ -72,25 +72,18 @@ def check_conflict_entries(ldap, api, desired_value): except errors.NotFound: pass + def get_master_entries(ldap, api): """ Returns list of LDAPEntries representing IPA masters. """ - - container_masters = DN( - ('cn', 'masters'), - ('cn', 'ipa'), - ('cn', 'etc'), - api.env.basedn - ) - + dn = DN(api.env.container_masters, api.env.basedn) masters, _dummy = ldap.find_entries( filter="(cn=*)", - base_dn=container_masters, + base_dn=dn, scope=ldap.SCOPE_ONELEVEL, paged_search=True, # we need to make sure to get all of them ) - return masters -- 2.20.1