ipaplatform: Move remaining user/group constants to ipaplatform.constants.

Use ipaplatform.constants in every corner instead of importing other bits or calling
some platform specific things, and remove most of the remaining hardcoded uid's.

https://fedorahosted.org/freeipa/ticket/5343

Reviewed-By: David Kupka <dkupka@redhat.com>

install/oddjob/com.redhat.idm.trust-fetch-domains

@@ -8,6 +8,7 @@ from ipapython.dn import DN
 from ipalib.config import Env
 from ipalib.constants import DEFAULT_CONFIG
 from ipapython.ipautil import kinit_keytab
+from ipaplatform.constants import constants
 import sys
 import os
 import pwd
@@ -31,7 +32,7 @@ def retrieve_keytab(api, ccache_name, oneway_keytab_name, oneway_principal):
                 raiseonerr=False)
     # Make sure SSSD is able to read the keytab
     try:
-        sssd = pwd.getpwnam('sssd')
+        sssd = pwd.getpwnam(constants.SSSD_USER)
         os.chown(oneway_keytab_name, sssd[2], sssd[3])
     except KeyError as e:
         # If user 'sssd' does not exist, we don't need to chown from root to sssd

ipaplatform/base/constants.py

@@ -12,12 +12,17 @@ class BaseConstantsNamespace(object):
     DS_GROUP = 'dirsrv'
     HTTPD_USER = "apache"
     IPA_DNS_PACKAGE_NAME = "freeipa-server-dns"
+    KDCPROXY_USER = "kdcproxy"
     NAMED_USER = "named"
+    NAMED_GROUP = "named"
     PKI_USER = 'pkiuser'
     PKI_GROUP = 'pkiuser'
     # ntpd init variable used for daemon options
     NTPD_OPTS_VAR = "OPTIONS"
     # quote used for daemon options
     NTPD_OPTS_QUOTE = "\""
+    ODS_USER = "ods"
+    ODS_GROUP = "ods"
     # nfsd init variable used to enable kerberized NFS
     SECURE_NFS_VAR = "SECURE_NFS"
+    SSSD_USER = "sssd"

ipaplatform/base/services.py

@@ -181,18 +181,6 @@ class PlatformService(object):
     def get_config_dir(self, instance_name=""):
         return
 
-    def get_user_name(self, instance_name=""):
-        return
-
-    def get_group_name(self, instance_name=""):
-        return
-
-    def get_binary_path(self):
-        return
-
-    def get_package_name(self):
-        return
-
 
 class SystemdService(PlatformService):
     SYSTEMD_SRV_TARGET = "%s.target.wants"

ipaplatform/redhat/services.py

@@ -223,28 +223,6 @@ class RedHatCAService(RedHatService):
             self.wait_until_running()
 
 
-class RedHatNamedService(RedHatService):
-    def get_user_name(self):
-        return u'named'
-
-    def get_group_name(self):
-        return u'named'
-
-    def get_binary_path(self):
-        return paths.NAMED_PKCS11
-
-    def get_package_name(self):
-        return u"bind-pkcs11"
-
-
-class RedHatODSEnforcerdService(RedHatService):
-    def get_user_name(self):
-        return u'ods'
-
-    def get_group_name(self):
-        return u'ods'
-
-
 # Function that constructs proper Red Hat OS family-specific server classes for
 # services of specified name
 
@@ -257,10 +235,6 @@ def redhat_service_class_factory(name):
         return RedHatSSHService(name)
     if name in ('pki-tomcatd', 'pki_tomcatd'):
         return RedHatCAService(name)
-    if name == 'named':
-        return RedHatNamedService(name)
-    if name in ('ods-enforcerd', 'ods_enforcerd'):
-        return RedHatODSEnforcerdService(name)
     return RedHatService(name)
 
 

ipaserver/install/bindinstance.py

@@ -1260,4 +1260,4 @@ class BindInstance(service.Service):
             self.named_regular.start()
 
         installutils.remove_keytab(paths.NAMED_KEYTAB)
-        installutils.remove_ccache(run_as='named')
+        installutils.remove_ccache(run_as=constants.NAMED_USER)

ipaserver/install/dns.py

@@ -231,8 +231,8 @@ def install_check(standalone, api, replica, options, hostname):
             dnskeysyncd.stop()
             try:
                 ipautil.run(cmd, env=environment,
-                            runas=ods_enforcerd.get_user_name(),
+                            runas=constants.ODS_USER,
-                            suplementary_groups=[named.get_group_name()])
+                            suplementary_groups=[constants.NAMED_GROUP])
             except CalledProcessError as e:
                 root_logger.debug("%s", e)
                 raise RuntimeError("This IPA server cannot be promoted to "

ipaserver/install/dnskeysyncinstance.py

@@ -22,6 +22,7 @@ from ipapython.dn import DN
 from ipapython import ipaldap
 from ipapython import sysrestore, ipautil
 from ipaplatform import services
+from ipaplatform.constants import constants
 from ipaplatform.paths import paths
 from ipalib import errors, api
 from ipalib.constants import CACERT
@@ -142,14 +143,14 @@ class DNSKeySyncInstance(service.Service):
     def __get_named_uid(self):
         named = services.knownservices.named
         try:
-            return pwd.getpwnam(named.get_user_name()).pw_uid
+            return pwd.getpwnam(constants.NAMED_USER).pw_uid
         except KeyError:
             raise RuntimeError("Named UID not found")
 
     def __get_named_gid(self):
         named = services.knownservices.named
         try:
-            return grp.getgrnam(named.get_group_name()).gr_gid
+            return grp.getgrnam(constants.NAMED_GROUP).gr_gid
         except KeyError:
             raise RuntimeError("Named GID not found")
 
@@ -160,12 +161,12 @@ class DNSKeySyncInstance(service.Service):
         self.named_gid = self.__get_named_gid()
 
         try:
-            self.ods_uid = pwd.getpwnam(ods_enforcerd.get_user_name()).pw_uid
+            self.ods_uid = pwd.getpwnam(constants.ODS_USER).pw_uid
         except KeyError:
             raise RuntimeError("OpenDNSSEC UID not found")
 
         try:
-            self.ods_gid = grp.getgrnam(ods_enforcerd.get_group_name()).gr_gid
+            self.ods_gid = grp.getgrnam(constants.ODS_GROUP).gr_gid
         except KeyError:
             raise RuntimeError("OpenDNSSEC GID not found")
 

ipaserver/install/dogtaginstance.py

@@ -45,7 +45,6 @@ from ipaserver.install import replication
 from ipaserver.install.installutils import stopped_service
 from ipapython.ipa_log_manager import log_mgr
 
-PKI_USER = constants.PKI_USER
 HTTPD_USER = constants.HTTPD_USER
 
 

ipaserver/install/httpinstance.py

@@ -54,8 +54,8 @@ SELINUX_BOOLEAN_SETTINGS = dict(
     httpd_run_ipa='on',
 )
 
-KDCPROXY_USER = 'kdcproxy'
 HTTPD_USER = constants.HTTPD_USER
+KDCPROXY_USER = constants.KDCPROXY_USER
 
 # See contrib/nsscipersuite/nssciphersuite.py
 NSS_CIPHER_SUITE = [

ipaserver/install/odsexporterinstance.py

@@ -13,6 +13,7 @@ from ipaserver.install import installutils
 from ipapython.ipa_log_manager import root_logger
 from ipapython.dn import DN
 from ipapython import sysrestore, ipautil, ipaldap
+from ipaplatform.constants import constants
 from ipaplatform.paths import paths
 from ipaplatform import services
 from ipalib import errors, api
@@ -68,12 +69,12 @@ class ODSExporterInstance(service.Service):
         ods_enforcerd = services.knownservices.ods_enforcerd
 
         try:
-            self.ods_uid = pwd.getpwnam(ods_enforcerd.get_user_name()).pw_uid
+            self.ods_uid = pwd.getpwnam(constants.ODS_USER).pw_uid
         except KeyError:
             raise RuntimeError("OpenDNSSEC UID not found")
 
         try:
-            self.ods_gid = grp.getgrnam(ods_enforcerd.get_group_name()).gr_gid
+            self.ods_gid = grp.getgrnam(constants.ODS_GROUP).gr_gid
         except KeyError:
             raise RuntimeError("OpenDNSSEC GID not found")
 

ipaserver/install/opendnssecinstance.py

@@ -15,6 +15,7 @@ from ipapython.ipa_log_manager import root_logger
 from ipapython.dn import DN
 from ipapython import sysrestore, ipautil, ipaldap, p11helper
 from ipaplatform import services
+from ipaplatform.constants import constants
 from ipaplatform.paths import paths
 from ipalib import errors, api
 from ipaserver.install import dnskeysyncinstance
@@ -125,22 +126,22 @@ class OpenDNSSECInstance(service.Service):
         ods_enforcerd = services.knownservices.ods_enforcerd
 
         try:
-            self.named_uid = pwd.getpwnam(named.get_user_name()).pw_uid
+            self.named_uid = pwd.getpwnam(constants.NAMED_USER).pw_uid
         except KeyError:
             raise RuntimeError("Named UID not found")
 
         try:
-            self.named_gid = grp.getgrnam(named.get_group_name()).gr_gid
+            self.named_gid = grp.getgrnam(constants.NAMED_GROUP).gr_gid
         except KeyError:
             raise RuntimeError("Named GID not found")
 
         try:
-            self.ods_uid = pwd.getpwnam(ods_enforcerd.get_user_name()).pw_uid
+            self.ods_uid = pwd.getpwnam(constants.ODS_USER).pw_uid
         except KeyError:
             raise RuntimeError("OpenDNSSEC UID not found")
 
         try:
-            self.ods_gid = grp.getgrnam(ods_enforcerd.get_group_name()).gr_gid
+            self.ods_gid = grp.getgrnam(constants.ODS_GROUP).gr_gid
         except KeyError:
             raise RuntimeError("OpenDNSSEC GID not found")
 
@@ -287,7 +288,7 @@ class OpenDNSSECInstance(service.Service):
             ods_enforcerd = services.knownservices.ods_enforcerd
             cmd = [paths.ODS_KSMUTIL, 'zonelist', 'export']
             result = ipautil.run(cmd,
-                                 runas=ods_enforcerd.get_user_name(),
+                                 runas=constants.ODS_USER,
                                  capture_output=True)
             with open(paths.OPENDNSSEC_ZONELIST_FILE, 'w') as zonelistf:
                 zonelistf.write(result.output)
@@ -303,7 +304,7 @@ class OpenDNSSECInstance(service.Service):
             ]
 
             ods_enforcerd = services.knownservices.ods_enforcerd
-            ipautil.run(command, stdin="y", runas=ods_enforcerd.get_user_name())
+            ipautil.run(command, stdin="y", runas=constants.ODS_USER)
 
     def __setup_dnskeysyncd(self):
         # set up dnskeysyncd this is DNSSEC master
@@ -352,7 +353,7 @@ class OpenDNSSECInstance(service.Service):
             cmd = [paths.IPA_ODS_EXPORTER, 'ipa-full-update']
             try:
                 self.print_msg("Exporting DNSSEC data before uninstallation")
-                ipautil.run(cmd, runas=ods_enforcerd.get_user_name())
+                ipautil.run(cmd, runas=constants.ODS_USER)
             except CalledProcessError:
                 root_logger.error("DNSSEC data export failed")