DNSSEC: ipa-ods-exporter: move zone synchronization into separate function

https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: Martin Basti <mbasti@redhat.com>
2025-02-25 18:55:28 -06:00 · 2015-06-26 17:53:17 +02:00 · 2015-06-26 17:53:17 +02:00 · fd2340649f
commit fd2340649f
parent 68d0f641ba
1 changed files with 64 additions and 60 deletions
--- a/daemons/dnssec/ipa-ods-exporter
+++ b/daemons/dnssec/ipa-ods-exporter
@ -390,6 +390,69 @@ def cmd2ods_zone_name(cmd):
    return zone_name
 def sync_zone(log, ldap, dns_dn, zone_name):
    ods_keys = get_ods_keys(zone_name)
    ods_keys_id = set(ods_keys.keys())
    ldap_zone = get_ldap_zone(ldap, dns_dn, zone_name)
    zone_dn = ldap_zone.dn
    keys_dn = get_ldap_keys_dn(zone_dn)
    try:
        ldap_keys = get_ldap_keys(ldap, zone_dn)
    except ipalib.errors.NotFound:
        # cn=keys container does not exist, create it
        ldap_keys = []
        ldap_keys_container = ldap.make_entry(keys_dn,
                                              objectClass=['nsContainer'])
        try:
            ldap.add_entry(ldap_keys_container)
        except ipalib.errors.DuplicateEntry:
            # ldap.get_entries() does not distinguish non-existent base DN
            # from empty result set so addition can fail because container
            # itself exists already
            pass
    ldap_keys_dict = {}
    for ldap_key in ldap_keys:
        cn = ldap_key['cn'][0]
        ldap_keys_dict[cn] = ldap_key
    ldap_keys = ldap_keys_dict  # shorthand
    ldap_keys_id = set(ldap_keys.keys())
    new_keys_id = ods_keys_id - ldap_keys_id
    log.info('new keys from ODS: %s', new_keys_id)
    for key_id in new_keys_id:
        cn = "cn=%s" % key_id
        key_dn = DN(cn, keys_dn)
        log.debug('adding key "%s" to LDAP', key_dn)
        ldap_key = ldap.make_entry(key_dn,
                                   objectClass=['idnsSecKey'],
                                   **ods_keys[key_id])
        ldap.add_entry(ldap_key)
    deleted_keys_id = ldap_keys_id - ods_keys_id
    log.info('deleted keys in LDAP: %s', deleted_keys_id)
    for key_id in deleted_keys_id:
        cn = "cn=%s" % key_id
        key_dn = DN(cn, keys_dn)
        log.debug('deleting key "%s" from LDAP', key_dn)
        ldap.delete_entry(key_dn)
    update_keys_id = ldap_keys_id.intersection(ods_keys_id)
    log.info('keys in LDAP & ODS: %s', update_keys_id)
    for key_id in update_keys_id:
        ldap_key = ldap_keys[key_id]
        ods_key = ods_keys[key_id]
        log.debug('updating key "%s" in LDAP', ldap_key.dn)
        ldap_key.update(ods_key)
        try:
            ldap.update_entry(ldap_key)
        except ipalib.errors.EmptyModlist:
            continue
 log = logging.getLogger('root')
 # this service is usually socket-activated
 log.addHandler(systemd.journal.JournalHandler())
@ -464,65 +527,6 @@ if exitcode is not None:
 else:
    log.debug(msg)
-ods_keys = get_ods_keys(zone_name)
+sync_zone(log, ldap, dns_dn, zone_name)
 ods_keys_id = set(ods_keys.keys())
 ldap_zone = get_ldap_zone(ldap, dns_dn, zone_name)
 zone_dn = ldap_zone.dn
 keys_dn = get_ldap_keys_dn(zone_dn)
 try:
    ldap_keys = get_ldap_keys(ldap, zone_dn)
 except ipalib.errors.NotFound:
    # cn=keys container does not exist, create it
    ldap_keys = []
    ldap_keys_container = ldap.make_entry(keys_dn,
                                          objectClass=['nsContainer'])
    try:
        ldap.add_entry(ldap_keys_container)
    except ipalib.errors.DuplicateEntry:
        # ldap.get_entries() does not distinguish non-existent base DN
        # from empty result set so addition can fail because container
        # itself exists already
        pass
 ldap_keys_dict = {}
 for ldap_key in ldap_keys:
    cn = ldap_key['cn'][0]
    ldap_keys_dict[cn] = ldap_key
 ldap_keys = ldap_keys_dict  # shorthand
 ldap_keys_id = set(ldap_keys.keys())
 new_keys_id = ods_keys_id - ldap_keys_id
 log.info('new keys from ODS: %s', new_keys_id)
 for key_id in new_keys_id:
    cn = "cn=%s" % key_id
    key_dn = DN(cn, keys_dn)
    log.debug('adding key "%s" to LDAP', key_dn)
    ldap_key = ldap.make_entry(key_dn,
                               objectClass=['idnsSecKey'],
                               **ods_keys[key_id])
    ldap.add_entry(ldap_key)
 deleted_keys_id = ldap_keys_id - ods_keys_id
 log.info('deleted keys in LDAP: %s', deleted_keys_id)
 for key_id in deleted_keys_id:
    cn = "cn=%s" % key_id
    key_dn = DN(cn, keys_dn)
    log.debug('deleting key "%s" from LDAP', key_dn)
    ldap.delete_entry(key_dn)
 update_keys_id = ldap_keys_id.intersection(ods_keys_id)
 log.info('keys in LDAP & ODS: %s', update_keys_id)
 for key_id in update_keys_id:
    ldap_key = ldap_keys[key_id]
    ods_key = ods_keys[key_id]
    log.debug('updating key "%s" in LDAP', ldap_key.dn)
    ldap_key.update(ods_key)
    try:
        ldap.update_entry(ldap_key)
    except ipalib.errors.EmptyModlist:
        continue
 log.debug('Done')