opendnssec2.1 support: move all ods tasks to specific file

Move all the routines run_ods* from tasks to _ods14 or _ods21 module Related: https://pagure.io/freeipa/issue/8214 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
2025-02-25 18:55:28 -06:00 · 2020-03-12 16:23:03 +01:00
parent b6865831c9
commit 682b59c8e8
6 changed files with 98 additions and 69 deletions
--- a/ipaserver/dnssec/_ods14.py
+++ b/ipaserver/dnssec/_ods14.py
@@ -2,11 +2,15 @@
 # Copyright (C) 2020  FreeIPA Contributors see COPYING for license
 #

+import os
 import socket

+from ipapython import ipautil
 from ipaserver.dnssec._odsbase import AbstractODSDBConnection
 from ipaserver.dnssec._odsbase import AbstractODSSignerConn
 from ipaserver.dnssec._odsbase import ODS_SE_MAXLINE
+from ipaplatform.constants import constants
+from ipaplatform.paths import paths


 class ODSDBConnection(AbstractODSDBConnection):
@@ -43,3 +47,43 @@ class ODSSignerConn(AbstractODSSignerConn):
        self._conn.send(reply + b'\n')
        self._conn.shutdown(socket.SHUT_RDWR)
        self._conn.close()
+
+
+class ODSTask():
+    def run_ods_setup(self):
+        """Initialize a new kasp.db"""
+        cmd = [paths.ODS_KSMUTIL, 'setup']
+        return ipautil.run(cmd, stdin="y", runas=constants.ODS_USER)
+
+    def run_ods_notify(self, **kwargs):
+        """Notify ods-enforcerd to reload its conf."""
+        cmd = [paths.ODS_KSMUTIL, 'notify']
+
+        # run commands as ODS user
+        if os.geteuid() == 0:
+            kwargs['runas'] = constants.ODS_USER
+
+        return ipautil.run(cmd, **kwargs)
+
+    def run_ods_policy_import(self, **kwargs):
+        """Run OpenDNSSEC manager command to import policy."""
+        # This step is needed with OpenDNSSEC 2.1 only
+        return
+
+    def run_ods_manager(self, params, **kwargs):
+        """Run OpenDNSSEC manager command (ksmutil, enforcer)
+
+        :param params: parameter for ODS command
+        :param kwargs: additional arguments for ipautil.run()
+        :return: result from ipautil.run()
+        """
+        assert params[0] != 'setup'
+
+        cmd = [paths.ODS_KSMUTIL]
+        cmd.extend(params)
+
+        # run commands as ODS user
+        if os.geteuid() == 0:
+            kwargs['runas'] = constants.ODS_USER
+
+        return ipautil.run(cmd, **kwargs)
--- a/ipaserver/dnssec/_ods21.py
+++ b/ipaserver/dnssec/_ods21.py
@@ -3,10 +3,14 @@
 #

 from datetime import datetime
+import os

 from ipaserver.dnssec._odsbase import AbstractODSDBConnection
 from ipaserver.dnssec._odsbase import AbstractODSSignerConn
 from ipaserver.dnssec._odsbase import ODS_SE_MAXLINE
+from ipaplatform.constants import constants
+from ipaplatform.paths import paths
+from ipapython import ipautil

 CLIENT_OPC_STDOUT = 0
 CLIENT_OPC_EXIT = 4
@@ -65,3 +69,47 @@ class ODSSignerConn(AbstractODSSignerConn):
        prefix = bytearray([CLIENT_OPC_EXIT, 0, 1, 0])
        self._conn.sendall(prefix)
        self._conn.close()
+
+
+class ODSTask():
+    def run_ods_setup(self):
+        """Initialize a new kasp.db"""
+        cmd = [paths.ODS_ENFORCER_DB_SETUP]
+        return ipautil.run(cmd, stdin="y", runas=constants.ODS_USER)
+
+    def run_ods_notify(self, **kwargs):
+        """Notify ods-enforcerd to reload its conf."""
+        cmd = [paths.ODS_ENFORCER, 'flush']
+
+        # run commands as ODS user
+        if os.geteuid() == 0:
+            kwargs['runas'] = constants.ODS_USER
+
+        return ipautil.run(cmd, **kwargs)
+
+    def run_ods_policy_import(self, **kwargs):
+        """Run OpenDNSSEC manager command to import policy."""
+        cmd = [paths.ODS_ENFORCER, 'policy', 'import']
+
+        # run commands as ODS user
+        if os.geteuid() == 0:
+            kwargs['runas'] = constants.ODS_USER
+        ipautil.run(cmd, **kwargs)
+
+    def run_ods_manager(self, params, **kwargs):
+        """Run OpenDNSSEC manager command (ksmutil, enforcer)
+
+        :param params: parameter for ODS command
+        :param kwargs: additional arguments for ipautil.run()
+        :return: result from ipautil.run()
+        """
+        assert params[0] != 'setup'
+
+        cmd = [paths.ODS_ENFORCER]
+        cmd.extend(params)
+
+        # run commands as ODS user
+        if os.geteuid() == 0:
+            kwargs['runas'] = constants.ODS_USER
+
+        return ipautil.run(cmd, **kwargs)
--- a/ipaserver/dnssec/odsmgr.py
+++ b/ipaserver/dnssec/odsmgr.py
@@ -12,7 +12,7 @@ except ImportError:
    from xml.etree import ElementTree as etree

 from ipapython import ipa_log_manager, ipautil
-from ipaplatform.tasks import tasks
+from ipaserver.dnssec.opendnssec import tasks

 logger = logging.getLogger(__name__)

--- a/ipaserver/dnssec/opendnssec.py
+++ b/ipaserver/dnssec/opendnssec.py
@@ -7,6 +7,8 @@ from ipaplatform.paths import paths

 # pylint: disable=unused-import
 if paths.ODS_KSMUTIL is not None and os.path.exists(paths.ODS_KSMUTIL):
-    from ._ods14 import ODSDBConnection, ODSSignerConn
+    from ._ods14 import ODSDBConnection, ODSSignerConn, ODSTask
 else:
-    from ._ods21 import ODSDBConnection, ODSSignerConn
+    from ._ods21 import ODSDBConnection, ODSSignerConn, ODSTask
+
+tasks = ODSTask()