From d76dccc0b620c06d2d0ac1ff74b7af8040c89ded Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Wed, 27 Mar 2019 11:03:00 +0100 Subject: [PATCH] Use api.env.container_masters Replace occurences of ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc') with api.env.container_masters. Signed-off-by: Christian Heimes Reviewed-By: Alexander Bokovoy --- ipaserver/install/bindinstance.py | 3 +-- ipaserver/install/cainstance.py | 7 +++---- ipaserver/install/dns.py | 4 ++-- ipaserver/install/ipa_backup.py | 3 ++- ipaserver/install/ipa_restore.py | 3 ++- ipaserver/install/krbinstance.py | 6 +----- ipaserver/install/plugins/ca_renewal_master.py | 3 +-- ipaserver/install/replication.py | 3 +-- ipaserver/install/server/upgrade.py | 4 ++-- ipaserver/install/service.py | 11 +++++------ ipaserver/plugins/baseldap.py | 2 +- ipaserver/plugins/domainlevel.py | 13 +++---------- 12 files changed, 24 insertions(+), 38 deletions(-) diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index 6355889de..f897cd612 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -898,8 +898,7 @@ class BindInstance(service.Service): def __add_others(self): entries = api.Backend.ldap2.get_entries( - DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), - self.suffix), + DN(api.env.container_masters, self.suffix), api.Backend.ldap2.SCOPE_ONELEVEL, None, ['dn']) for entry in entries: diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 6087bf056..b128e44ff 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -1167,8 +1167,8 @@ class CAInstance(DogtagInstance): if fqdn is None: fqdn = api.env.host - dn = DN(('cn', 'CA'), ('cn', fqdn), ('cn', 'masters'), ('cn', 'ipa'), - ('cn', 'etc'), api.env.basedn) + dn = DN(('cn', 'CA'), ('cn', fqdn), api.env.container_masters, + api.env.basedn) renewal_filter = '(ipaConfigString=caRenewalMaster)' try: api.Backend.ldap2.get_entries(base_dn=dn, filter=renewal_filter, @@ -1182,8 +1182,7 @@ class CAInstance(DogtagInstance): if fqdn is None: fqdn = api.env.host - base_dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), - api.env.basedn) + base_dn = DN(api.env.container_masters, api.env.basedn) filter = '(&(cn=CA)(ipaConfigString=caRenewalMaster))' try: entries = api.Backend.ldap2.get_entries( diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py index 70f151454..40688dc27 100644 --- a/ipaserver/install/dns.py +++ b/ipaserver/install/dns.py @@ -98,8 +98,8 @@ def _disable_dnssec(): api.env.basedn) conn = api.Backend.ldap2 - dn = DN(('cn', 'DNSSEC'), ('cn', api.env.host), ('cn', 'masters'), - ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn) + dn = DN(('cn', 'DNSSEC'), ('cn', api.env.host), + api.env.container_masters, api.env.basedn) try: entry = conn.get_entry(dn) except errors.NotFound: diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py index 9d74000eb..392df1cf8 100644 --- a/ipaserver/install/ipa_backup.py +++ b/ipaserver/install/ipa_backup.py @@ -583,7 +583,8 @@ class Backup(admintool.AdminTool): config.set('ipa', 'ipa_version', str(version.VERSION)) config.set('ipa', 'version', '1') - dn = DN(('cn', api.env.host), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn) + dn = DN(('cn', api.env.host), api.env.container_masters, + api.env.basedn) services_cns = [] try: conn = self.get_connection() diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py index 2f73c6daf..92416361b 100644 --- a/ipaserver/install/ipa_restore.py +++ b/ipaserver/install/ipa_restore.py @@ -519,7 +519,8 @@ class Restore(admintool.AdminTool): master, e) continue - master_dn = DN(('cn', master), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn) + master_dn = DN(('cn', master), api.env.container_masters, + api.env.basedn) try: services = repl.conn.get_entries(master_dn, repl.conn.SCOPE_ONELEVEL) diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index 247d1d136..60347053f 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -486,11 +486,7 @@ class KrbInstance(service.Service): unadvertise enabled PKINIT feature in master's KDC entry in LDAP """ ldap = api.Backend.ldap2 - dn = DN(('cn', 'KDC'), - ('cn', self.fqdn), - ('cn', 'masters'), - ('cn', 'ipa'), - ('cn', 'etc'), + dn = DN(('cn', 'KDC'), ('cn', self.fqdn), api.env.container_masters, self.suffix) entry = ldap.get_entry(dn, ['ipaConfigString']) diff --git a/ipaserver/install/plugins/ca_renewal_master.py b/ipaserver/install/plugins/ca_renewal_master.py index 0f3f1ec17..35e003312 100644 --- a/ipaserver/install/plugins/ca_renewal_master.py +++ b/ipaserver/install/plugins/ca_renewal_master.py @@ -47,8 +47,7 @@ class update_ca_renewal_master(Updater): return False, [] ldap = self.api.Backend.ldap2 - base_dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), - self.api.env.basedn) + base_dn = DN(self.api.env.container_masters, self.api.env.basedn) dn = DN(('cn', 'CA'), ('cn', self.api.env.host), base_dn) filter = '(&(cn=CA)(ipaConfigString=caRenewalMaster))' try: diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 14d62ca1d..44592bc89 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -1408,8 +1408,7 @@ class ReplicationManager: # delete master entry with all active services try: - dn = DN(('cn', replica), ('cn', 'masters'), ('cn', 'ipa'), - ('cn', 'etc'), self.suffix) + dn = DN(('cn', replica), api.env.container_masters, self.suffix) entries = self.conn.get_entries(dn, ldap.SCOPE_SUBTREE) if entries: entries.sort(key=lambda x: len(x.dn), reverse=True) diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index 3b98b636e..0ef824644 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -1261,8 +1261,8 @@ def uninstall_dogtag_9(ds, http): logger.debug('Dogtag is version 10 or above') return - dn = DN(('cn', 'CA'), ('cn', api.env.host), ('cn', 'masters'), - ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn) + dn = DN(('cn', 'CA'), ('cn', api.env.host), api.env.container_masters, + api.env.basedn) try: api.Backend.ldap2.delete_entry(dn) except ipalib.errors.PublicError as e: diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index 7e560ee6c..42e62acb0 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -134,8 +134,7 @@ def set_service_entry_config(name, fqdn, config_values, assert isinstance(ldap_suffix, DN) entry_name = DN( - ('cn', name), ('cn', fqdn), ('cn', 'masters'), - ('cn', 'ipa'), ('cn', 'etc'), ldap_suffix) + ('cn', name), ('cn', fqdn), api.env.container_masters, ldap_suffix) # enable disabled service try: @@ -618,8 +617,8 @@ class Service: def ldap_disable(self, name, fqdn, ldap_suffix): assert isinstance(ldap_suffix, DN) - entry_dn = DN(('cn', name), ('cn', fqdn), ('cn', 'masters'), - ('cn', 'ipa'), ('cn', 'etc'), ldap_suffix) + entry_dn = DN(('cn', name), ('cn', fqdn), api.env.container_masters, + ldap_suffix) search_kw = {'ipaConfigString': ENABLED_SERVICE} filter = api.Backend.ldap2.make_filter(search_kw) try: @@ -652,8 +651,8 @@ class Service: logger.debug("service %s startup entry disabled", name) def ldap_remove_service_container(self, name, fqdn, ldap_suffix): - entry_dn = DN(('cn', name), ('cn', fqdn), ('cn', 'masters'), - ('cn', 'ipa'), ('cn', 'etc'), ldap_suffix) + entry_dn = DN(('cn', name), ('cn', fqdn), + self.api.env.container_masters, ldap_suffix) try: api.Backend.ldap2.delete_entry(entry_dn) except errors.NotFound: diff --git a/ipaserver/plugins/baseldap.py b/ipaserver/plugins/baseldap.py index 077b245ef..9b9eaff17 100644 --- a/ipaserver/plugins/baseldap.py +++ b/ipaserver/plugins/baseldap.py @@ -497,7 +497,7 @@ def host_is_master(ldap, fqdn): Raises an exception if a master, otherwise returns nothing. """ - master_dn = DN(('cn', fqdn), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn) + master_dn = DN(('cn', fqdn), api.env.container_masters, api.env.basedn) try: ldap.get_entry(master_dn, ['objectclass']) raise errors.ValidationError(name='hostname', error=_('An IPA master host cannot be deleted or disabled')) diff --git a/ipaserver/plugins/domainlevel.py b/ipaserver/plugins/domainlevel.py index e87e05e46..80a122dbe 100644 --- a/ipaserver/plugins/domainlevel.py +++ b/ipaserver/plugins/domainlevel.py @@ -73,25 +73,18 @@ def check_conflict_entries(ldap, api, desired_value): except errors.NotFound: pass + def get_master_entries(ldap, api): """ Returns list of LDAPEntries representing IPA masters. """ - - container_masters = DN( - ('cn', 'masters'), - ('cn', 'ipa'), - ('cn', 'etc'), - api.env.basedn - ) - + dn = DN(api.env.container_masters, api.env.basedn) masters, _dummy = ldap.find_entries( filter="(cn=*)", - base_dn=container_masters, + base_dn=dn, scope=ldap.SCOPE_ONELEVEL, paged_search=True, # we need to make sure to get all of them ) - return masters