mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
Fix upgrade when named.conf does not exist
Commit aee0d2180c
adds an upgrade step
that adds system crypto policy include to named.conf. This step
omitted the named.conf existence check; upgrade fails when it does
not exist. Add the existence check.
Also update the test to add the IPA-related part of the named.conf
config, because the "existence check" actually does more than just
check that the file exists - it also check that it contains the IPA
bind-dyndb-ldap configuration section.
Part of: https://pagure.io/freeipa/issue/4853
Reviewed-By: Christian Heimes <cheimes@redhat.com>
This commit is contained in:
parent
b0d8c6c211
commit
421fc376cc
@ -93,6 +93,10 @@ def create_reverse():
|
||||
|
||||
|
||||
def named_conf_exists():
|
||||
"""
|
||||
Checks that named.conf exists AND that it contains IPA-related config.
|
||||
|
||||
"""
|
||||
try:
|
||||
with open(paths.NAMED_CONF, 'r') as named_fd:
|
||||
lines = named_fd.readlines()
|
||||
|
@ -905,6 +905,10 @@ def named_add_server_id():
|
||||
def named_add_crypto_policy():
|
||||
"""Add crypto policy include
|
||||
"""
|
||||
if not bindinstance.named_conf_exists():
|
||||
logger.info('DNS is not configured')
|
||||
return False
|
||||
|
||||
if sysupgrade.get_upgrade_state('named.conf', 'add_crypto_policy'):
|
||||
# upgrade was done already
|
||||
return False
|
||||
|
@ -24,7 +24,6 @@ options {
|
||||
include "random/file";
|
||||
"""
|
||||
|
||||
|
||||
EXPECTED_CONFIG = """
|
||||
options {
|
||||
\tdnssec-enable yes;
|
||||
@ -35,6 +34,12 @@ options {
|
||||
include "random/file";
|
||||
"""
|
||||
|
||||
# bindinstance.named_conf_exists() looks for a section like this
|
||||
IPA_DYNDB_CONFIG = """
|
||||
dyndb "ipa" "/usr/lib/bind/ldap.so" {
|
||||
};
|
||||
"""
|
||||
|
||||
POLICY_FILE = "/etc/crypto-policies/back-ends/bind.config"
|
||||
|
||||
|
||||
@ -53,14 +58,16 @@ def test_add_crypto_policy(m_set, m_get, namedconf):
|
||||
m_get.return_value = False
|
||||
with open(namedconf, 'w') as f:
|
||||
f.write(TEST_CONFIG)
|
||||
f.write(IPA_DYNDB_CONFIG)
|
||||
|
||||
named_add_crypto_policy()
|
||||
result = named_add_crypto_policy()
|
||||
assert result
|
||||
m_get.assert_called_with('named.conf', 'add_crypto_policy')
|
||||
m_set.assert_called_with('named.conf', 'add_crypto_policy', True)
|
||||
|
||||
with open(namedconf) as f:
|
||||
content = f.read()
|
||||
assert content == EXPECTED_CONFIG
|
||||
assert content == ''.join([EXPECTED_CONFIG, IPA_DYNDB_CONFIG])
|
||||
|
||||
m_get.reset_mock()
|
||||
m_set.reset_mock()
|
||||
@ -69,3 +76,19 @@ def test_add_crypto_policy(m_set, m_get, namedconf):
|
||||
named_add_crypto_policy()
|
||||
m_get.assert_called_with('named.conf', 'add_crypto_policy')
|
||||
m_set.assert_not_called()
|
||||
|
||||
|
||||
@patch('ipaserver.install.sysupgrade.get_upgrade_state')
|
||||
@patch('ipaserver.install.sysupgrade.set_upgrade_state')
|
||||
def test_add_crypto_policy_no_ipa(m_set, m_get, namedconf):
|
||||
# Test if the update step is skipped when named.conf doesn't contain
|
||||
# IPA related settings.
|
||||
m_get.return_value = False
|
||||
with open(namedconf, 'w') as f:
|
||||
f.write(TEST_CONFIG)
|
||||
|
||||
result = named_add_crypto_policy()
|
||||
assert not result
|
||||
|
||||
m_get.assert_not_called()
|
||||
m_set.assert_not_called()
|
||||
|
Loading…
Reference in New Issue
Block a user