Server Upgrade: plugins should use ldapupdater API instance

This is required to have proper LDAP connection in plugins

https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: David Kupka <dkupka@redhat.com>

ipaserver/install/plugins/adtrust.py

@@ -32,7 +32,7 @@ class update_default_range(Updater):
     def execute(self, **options):
         ldap = self.api.Backend.ldap2
 
-        dn = DN(api.env.container_ranges, api.env.basedn)
+        dn = DN(self.api.env.container_ranges, self.api.env.basedn)
         search_filter = "objectclass=ipaDomainIDRange"
         try:
             (entries, truncated) = ldap.find_entries(search_filter, [], dn)
@@ -42,7 +42,8 @@ class update_default_range(Updater):
             root_logger.debug("default_range: ipaDomainIDRange entry found, skip plugin")
             return False, []
 
-        dn = DN(('cn', 'admins'), api.env.container_group, api.env.basedn)
+        dn = DN(('cn', 'admins'), self.api.env.container_group,
+                self.api.env.basedn)
         try:
             admins_entry = ldap.get_entry(dn, ['gidnumber'])
         except errors.NotFound:
@@ -51,7 +52,7 @@ class update_default_range(Updater):
             return False, []
 
         id_range_base_id = admins_entry['gidnumber'][0]
-        id_range_name = '%s_id_range' % api.env.realm
+        id_range_name = '%s_id_range' % self.api.env.realm
         id_range_size = DEFAULT_ID_RANGE_SIZE
 
         range_entry = ['objectclass:top',
@@ -63,8 +64,8 @@ class update_default_range(Updater):
                        'iparangetype:ipa-local',
                       ]
 
-        dn = DN(('cn', '%s_id_range' % api.env.realm),
+        dn = DN(('cn', '%s_id_range' % self.api.env.realm),
-                api.env.container_ranges, api.env.basedn)
+                self.api.env.container_ranges, self.api.env.basedn)
 
         update = {'dn': dn, 'default': range_entry}
 
@@ -74,7 +75,7 @@ class update_default_range(Updater):
         # bigger range (option --idmax).
         # We should make our best to check if this is the case and provide
         # user with an information how to fix it.
-        dn = DN(api.env.container_dna_posix_ids, api.env.basedn)
+        dn = DN(self.api.env.container_dna_posix_ids, self.api.env.basedn)
         search_filter = "objectclass=dnaSharedConfig"
         attrs = ['dnaHostname', 'dnaRemainingValues']
         try:
@@ -124,8 +125,8 @@ class update_default_trust_view(Updater):
         ldap = self.api.Backend.ldap2
 
         default_trust_view_dn = DN(('cn', 'Default Trust View'),
-                                   api.env.container_views,
+                                   self.api.env.container_views,
-                                   api.env.basedn)
+                                   self.api.env.basedn)
 
         default_trust_view_entry = [
             'objectclass:top',

ipaserver/install/plugins/dns.py

@@ -62,7 +62,7 @@ class update_dnszones(Updater):
             return False, []
 
         try:
-            zones = api.Command.dnszone_find(all=True)['result']
+            zones = self.api.Command.dnszone_find(all=True)['result']
         except errors.NotFound:
             self.log.info('No DNS zone to update found')
             return False, []
@@ -77,14 +77,15 @@ class update_dnszones(Updater):
                 # do not open zone transfers by default
                 update['idnsallowtransfer'] = u'none;'
 
-            old_policy = util.get_dns_forward_zone_update_policy(api.env.realm, ('A', 'AAAA'))
+            old_policy = util.get_dns_forward_zone_update_policy(
+                self.api.env.realm, ('A', 'AAAA'))
             if zone.get('idnsupdatepolicy', [''])[0] == old_policy:
                 update['idnsupdatepolicy'] = util.get_dns_forward_zone_update_policy(\
-                        api.env.realm)
+                        self.api.env.realm)
 
             if update:
                 # FIXME: https://fedorahosted.org/freeipa/ticket/4722
-                api.Command.dnszone_mod(zone[u'idnsname'][0].make_absolute(),
+                self.api.Command.dnszone_mod(zone[u'idnsname'][0].make_absolute(),
                                         **update)
 
         return False, []
@@ -156,7 +157,7 @@ class update_master_to_dnsforwardzones(Updater):
     def execute(self, **options):
         ldap = self.api.Backend.ldap2
         # check LDAP if forwardzones already uses new semantics
-        dns_container_dn = DN(api.env.container_dns, api.env.basedn)
+        dns_container_dn = DN(self.api.env.container_dns, self.api.env.basedn)
         try:
             container_entry = ldap.get_entry(dns_container_dn)
         except errors.NotFound:
@@ -181,7 +182,7 @@ class update_master_to_dnsforwardzones(Updater):
         # should detect if update in past has been executed, and set proper
         # DNSVersion into LDAP
         try:
-            fwzones = api.Command.dnsforwardzone_find()['result']
+            fwzones = self.api.Command.dnsforwardzone_find()['result']
         except errors.NotFound:
             # No forwardzones found, update probably has not been executed yet
             pass
@@ -193,7 +194,7 @@ class update_master_to_dnsforwardzones(Updater):
         zones = []
         try:
             # raw values are required to store into ldif
-            zones = api.Command.dnszone_find(all=True,
+            zones = self.api.Command.dnszone_find(all=True,
                                              raw=True,
                                              sizelimit=0)['result']
         except errors.NotFound:
@@ -249,7 +250,7 @@ class update_master_to_dnsforwardzones(Updater):
                                     zone_to_privileges[zone['idnsname'][0]] = entry['member']
 
                             # raw values are required to store into ldif
-                            records = api.Command['dnsrecord_find'](
+                            records = self.api.Command['dnsrecord_find'](
                                         zone['idnsname'][0],
                                         all=True,
                                         raw=True,
@@ -288,7 +289,7 @@ class update_master_to_dnsforwardzones(Updater):
             for zone in zones_to_transform:
                 # delete master zone
                 try:
-                    api.Command['dnszone_del'](zone['idnsname'])
+                    self.api.Command['dnszone_del'](zone['idnsname'])
                 except Exception, e:
                     self.log.error('Transform to forwardzone terminated: '
                                    'removing zone %s failed (%s)' % (
@@ -303,7 +304,7 @@ class update_master_to_dnsforwardzones(Updater):
                         'idnsforwarders': zone.get('idnsforwarders', []),
                         'idnsforwardpolicy': zone.get('idnsforwardpolicy', [u'first'])[0]
                     }
-                    api.Command['dnsforwardzone_add'](zone['idnsname'][0], **kw)
+                    self.api.Command['dnsforwardzone_add'](zone['idnsname'][0], **kw)
                 except Exception, e:
                     self.log.error('Transform to forwardzone terminated: creating '
                                    'forwardzone %s failed' %
@@ -314,7 +315,7 @@ class update_master_to_dnsforwardzones(Updater):
                 # create permission if original zone has one
                 if 'managedBy' in zone:
                     try:
-                        perm_name = api.Command['dnsforwardzone_add_permission'](
+                        perm_name = self.api.Command['dnsforwardzone_add_permission'](
                                         zone['idnsname'][0])['value']
                     except Exception, e:
                         self.log.error('Transform to forwardzone terminated: '
@@ -332,7 +333,7 @@ class update_master_to_dnsforwardzones(Updater):
                                 dn[0].value for dn in zone_to_privileges[zone['idnsname'][0]]
                             ]
                             try:
-                                api.Command['permission_add_member'](perm_name,
+                                self.api.Command['permission_add_member'](perm_name,
                                                     privilege=privileges)
                             except Exception, e:
                                 self.log.error('Unable to restore privileges for '

ipaserver/install/plugins/fix_replica_agreements.py

@@ -37,10 +37,12 @@ class update_replica_attribute_lists(Updater):
     def execute(self, **options):
         # We need an IPAdmin connection to the backend
         self.log.debug("Start replication agreement exclude list update task")
-        conn = ipaldap.IPAdmin(api.env.host, ldapi=True, realm=api.env.realm)
+        conn = ipaldap.IPAdmin(self.api.env.host, ldapi=True,
+                               realm=self.api.env.realm)
         conn.do_external_bind(pwd.getpwuid(os.geteuid()).pw_name)
 
-        repl = replication.ReplicationManager(api.env.realm, api.env.host,
+        repl = replication.ReplicationManager(self.api.env.realm,
+                                              self.api.env.host,
                                               None, conn=conn)
 
         # We need to update only IPA replica agreements, not winsync

ipaserver/install/plugins/rename_managed.py

@@ -48,7 +48,7 @@ class GenerateUpdateMixin(object):
         """
         ldap = self.api.Backend.ldap2
 
-        suffix = ipautil.realm_to_suffix(api.env.realm)
+        suffix = ipautil.realm_to_suffix(self.api.env.realm)
         searchfilter = '(objectclass=*)'
         definitions_managed_entries = []
 

ipaserver/install/plugins/update_idranges.py

@@ -32,7 +32,7 @@ class update_idrange_type(Updater):
     def execute(self, **options):
         ldap = self.api.Backend.ldap2
 
-        base_dn = DN(api.env.container_ranges, api.env.basedn)
+        base_dn = DN(self.api.env.container_ranges, self.api.env.basedn)
         search_filter = ("(&(objectClass=ipaIDrange)(!(ipaRangeType=*)))")
         root_logger.debug("update_idrange_type: search for ID ranges with no "
                           "type set")
@@ -118,7 +118,7 @@ class update_idrange_baserid(Updater):
     def execute(self, **options):
         ldap = self.api.Backend.ldap2
 
-        base_dn = DN(api.env.container_ranges, api.env.basedn)
+        base_dn = DN(self.api.env.container_ranges, self.api.env.basedn)
         search_filter = ("(&(objectClass=ipaTrustedADDomainRange)"
                          "(ipaRangeType=ipa-ad-trust-posix)"
                          "(!(ipaBaseRID=0)))")

ipaserver/install/plugins/update_pacs.py

@@ -31,7 +31,7 @@ class update_pacs(Updater):
         ldap = self.api.Backend.ldap2
 
         try:
-            dn = DN('cn=ipaConfig', 'cn=etc', api.env.basedn)
+            dn = DN('cn=ipaConfig', 'cn=etc', self.api.env.basedn)
             entry = ldap.get_entry(dn, ['ipakrbauthzdata'])
             pacs = entry.get('ipakrbauthzdata', [])
         except errors.NotFound:

ipaserver/install/plugins/update_passsync.py

@@ -50,7 +50,7 @@ class update_passync_privilege_update(Updater):
         root_logger.debug("Add PassSync user as a member of PassSync privilege")
         ldap = self.api.Backend.ldap2
         passsync_dn = DN(('uid','passsync'), ('cn', 'sysaccounts'), ('cn', 'etc'),
-            api.env.basedn)
+            self.api.env.basedn)
         passsync_privilege_dn = DN(('cn','PassSync Service'),
                 self.api.env.container_privilege,
                 self.api.env.basedn)

ipaserver/install/plugins/update_services.py

@@ -33,7 +33,7 @@ class update_service_principalalias(Updater):
     def execute(self, **options):
         ldap = self.api.Backend.ldap2
 
-        base_dn = DN(api.env.container_service, api.env.basedn)
+        base_dn = DN(self.api.env.container_service, self.api.env.basedn)
         search_filter = ("(&(objectclass=krbprincipal)(objectclass=ipaservice)"
                          "(!(objectclass=ipakrbprincipal)))")
         root_logger.debug("update_service_principalalias: search for affected "