Add ldap_update() helper to service class

The new _ldap_update() helper methods makes it easier to apply LDAP update files from a service instance. Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2025-02-25 18:55:28 -06:00 · 2020-09-14 10:23:15 +02:00 · 2020-09-14 10:23:15 +02:00 · 87cf2a3c78
commit 87cf2a3c78
parent 3c86baf0ad
6 changed files with 43 additions and 38 deletions
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@ -59,7 +59,6 @@ from ipaserver.secrets.kem import IPAKEMKeys
 from ipaserver.install import certs
 from ipaserver.install import dsinstance
 from ipaserver.install import installutils
-from ipaserver.install import ldapupdate
 from ipaserver.install import replication
 from ipaserver.install import sysupgrade
 from ipaserver.install.dogtaginstance import DogtagInstance, INTERNAL_TOKEN
@ -671,11 +670,14 @@ class CAInstance(DogtagInstance):
        db.create_passwd_file(passwd)

    def __update_topology(self):
-        ld = ldapupdate.LDAPUpdate(ldapi=True, sub_dict={
-            'SUFFIX': api.env.basedn,
-            'FQDN': self.fqdn,
-        })
-        ld.update([paths.CA_TOPOLOGY_ULDIF])
+        self._ldap_update(
+            [paths.CA_TOPOLOGY_ULDIF],
+            basedir=None,
+            sub_dict={
+                'SUFFIX': api.env.basedn,
+                'FQDN': self.fqdn,
+            }
+        )

    def __disable_nonce(self):
        # Turn off Nonces
@ -1359,13 +1361,13 @@ class CAInstance(DogtagInstance):
                "Did not find any lightweight CAs; nothing to track")

    def __dogtag10_migration(self):
-        ld = ldapupdate.LDAPUpdate(ldapi=True, sub_dict={
-            'SUFFIX': api.env.basedn,
-            'FQDN': self.fqdn,
-        })
-        ld.update([os.path.join(paths.UPDATES_DIR,
-                                '50-dogtag10-migration.update')]
-                  )
+        self._ldap_update(
+            ['50-dogtag10-migration.update'],
+            sub_dict={
+                'SUFFIX': api.env.basedn,
+                'FQDN': self.fqdn,
+            }
+        )

    def is_crlgen_enabled(self):
        """Check if the local CA instance is generating CRL
--- a/ipaserver/install/custodiainstance.py
+++ b/ipaserver/install/custodiainstance.py
@ -14,7 +14,6 @@ from ipaserver.install.service import SimpleServiceInstance
 from ipapython import ipautil
 from ipapython import ipaldap
 from ipapython.certdb import NSSDatabase
-from ipaserver.install import ldapupdate
 from ipaserver.install import sysupgrade
 from base64 import b64decode
 from jwcrypto.common import json_decode
@ -190,13 +189,7 @@ class CustodiaInstance(SimpleServiceInstance):
        """
        Runs the custodia update file to ensure custodia container is present.
        """
-
-        sub_dict = {
-            'SUFFIX': self.suffix,
-        }
-
-        updater = ldapupdate.LDAPUpdate(sub_dict=sub_dict)
-        updater.update([os.path.join(paths.UPDATES_DIR, '73-custodia.update')])
+        self._ldap_update(['73-custodia.update'])

    def import_ra_key(self):
        cli = self._get_custodia_client()
--- a/ipaserver/install/krainstance.py
+++ b/ipaserver/install/krainstance.py
@ -34,7 +34,6 @@ from ipapython import ipautil
 from ipapython.dn import DN
 from ipaserver.install import cainstance
 from ipaserver.install import installutils
-from ipaserver.install import ldapupdate
 from ipaserver.install.dogtaginstance import DogtagInstance
 from ipaserver.plugins import ldap2

@ -274,13 +273,7 @@ class KRAInstance(DogtagInstance):
            'vault.ldif', {'SUFFIX': self.suffix}, raise_on_err=True)

    def __apply_updates(self):
-        sub_dict = {
-            'SUFFIX': self.suffix,
-        }
-
-        ld = ldapupdate.LDAPUpdate(dm_password=self.dm_password,
-                                   sub_dict=sub_dict)
-        ld.update([os.path.join(paths.UPDATES_DIR, '40-vault.update')])
+        self._ldap_update(['40-vault.update'])

    def enable_ephemeral(self):
        """
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@ -42,8 +42,6 @@ from ipapython.dn import DN
 from ipapython.dogtag import KDC_PROFILE

 from ipaserver.install import replication
-from ipaserver.install import ldapupdate
-
 from ipaserver.install import certs
 from ipaserver.masters import find_providing_servers
 from ipaplatform.constants import constants
@ -162,9 +160,7 @@ class KrbInstance(service.Service):
        api.Backend.ldap2.add_entry(host_entry)

        # Add the host to the ipaserver host group
-        ld = ldapupdate.LDAPUpdate(ldapi=True)
-        ld.update([os.path.join(paths.UPDATES_DIR,
-                                '20-ipaservers_hostgroup.update')])
+        self._ldap_update(['20-ipaservers_hostgroup.update'])

    def __common_setup(self, realm_name, host_name, domain_name, admin_password):
        self.fqdn = host_name
--- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py
@ -144,7 +144,7 @@ class LDAPUpdate:
        ('cn', 'plugins'), ('cn', 'config')
    )

-    def __init__(self, dm_password=None, sub_dict={},
+    def __init__(self, dm_password=None, sub_dict=None,
                 online=True, ldapi=False):
        '''
        :parameters:
@ -260,7 +260,7 @@ class LDAPUpdate:
        update format.

        '''
-        self.sub_dict = sub_dict
+        self.sub_dict = sub_dict if sub_dict is not None else {}
        self.dm_password = dm_password
        self.conn = None
        self.modified = False
@ -274,8 +274,8 @@ class LDAPUpdate:
        )
        suffix = None

-        if sub_dict.get("REALM"):
-            self.realm = sub_dict["REALM"]
+        if self.sub_dict.get("REALM"):
+            self.realm = self.sub_dict["REALM"]
        else:
            self.realm = api.env.realm
            suffix = ipautil.realm_to_suffix(self.realm) if self.realm else None
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@ -42,6 +42,7 @@ from ipaserver.masters import (
    CONFIGURED_SERVICE, ENABLED_SERVICE, HIDDEN_SERVICE, SERVICE_LIST
 )
 from ipaserver.servroles import HIDDEN
+from ipaserver.install.ldapupdate import LDAPUpdate

 logger = logging.getLogger(__name__)

@ -312,6 +313,7 @@ class Service:
        self.keytab_user = service_user
        self.dm_password = None  # silence pylint
        self.promote = False
+        self.sub_dict = None

    @property
    def principal(self):
@ -323,6 +325,25 @@ class Service:
            kerberos.Principal(
                (self.service_prefix, self.fqdn), realm=self.realm))

+    def _ldap_update(
+            self, filenames, *, basedir=paths.UPDATES_DIR, sub_dict=None
+    ):
+        """Apply update ldif files
+
+        :param filenames: list of file names
+        :param basedir: base directory for files (default: UPDATES_DIR)
+        :param sub_dict: substitution dict (defaults to self.sub_dict)
+        :return: modified state
+        """
+        assert isinstance(filenames, (list, tuple))
+        if sub_dict is None:
+            sub_dict = self.sub_dict
+        if basedir is not None:
+            filenames = [os.path.join(basedir, fname) for fname in filenames]
+        ld = LDAPUpdate(sub_dict=sub_dict)
+        # assume that caller supplies files in correct order
+        return ld.update(filenames, ordered=False)
+
    def _ldap_mod(self, ldif, sub_dict=None, raise_on_err=True,
                  ldap_uri=None, dm_password=None):
        pw_name = None