Commit Graph

25 Commits

Author SHA1 Message Date
Martin Babinsky
71f642f751 do not use keys() method when iterating through dictionaries
pylint-1.6.4-1.fc26.noarch reports "C0201(consider-iterating-dictionary)" when
building FreeIPA, we have to fix these errors

https://fedorahosted.org/freeipa/ticket/6391

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-10-12 10:38:52 +02:00
Martin Basti
4628522c53 Pylint: fix the rest of unused local variables
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
2016-10-11 16:50:32 +02:00
Martin Basti
45e3aee352 Pylint: enable check for unused-variables
Unused variables may:
* make code less readable
* create dead code
* potentialy hide issues/errors

Enabled check should prevent to leave unused variable in code

Check is locally disabled for modules that fix is not clear or easy or have too many occurences of
unused variables

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-09-27 13:35:58 +02:00
Yuri Chornoivan
a95e0777ac Fix minor typos
Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-06-20 13:49:32 +02:00
Stanislav Laznicka
9757384c7c Cosmetic changes to the code
Fixes some Coverity issues

ipadiscovery.py:          added assert should universe break
plugins/dns.py:           removed dead code
dnssec/ldapkeydb.py:      attribute assert in the proper object
test_automount_plugin.py: fixed possible close() on None
xmlrpc_test.py:           Coverity does not like accessing None.__class__

https://fedorahosted.org/freeipa/ticket/5661

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-02-24 09:21:30 +01:00
Jan Cholasta
500ee7e2b1 ipapython: port p11helper C code to Python
This replaces the binary _ipap11helper module with cffi-based Python code.

https://fedorahosted.org/freeipa/ticket/5596

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-01-21 10:21:32 +01:00
Petr Viktorin
462f4a5161 Use print_function future definition wherever print() is used
Pylint considers `print` a statement if the __future__ import is
not present, even if it's used like a function with one argument.

Add the __future__ import to files `pylint --py3k` complains about.

https://fedorahosted.org/freeipa/ticket/5623

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-01-20 11:59:21 +01:00
Petr Spacek
fe263f764b DNSSEC: ipa-dnskeysyncd: call ods-signer ldap-cleanup on zone removal
Command "ldap-cleanup <zone name>" is called to remove all key metadata from
LDAP. This command is now called when disabling DNSSEC on a DNS zone. The stale
metadata were causing problems when re-enabling DNSSEC on the same zone.

https://fedorahosted.org/freeipa/ticket/5348

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-01-07 14:13:23 +01:00
Petr Spacek
43acb994f6 DNSSEC: ipa-dnskeysyncd: Skip zones with old DNSSEC metadata in LDAP
This filtering is useful in cases where LDAP contains DNS zones which
have old metadata objects and DNSSEC disabled. Such zones must be
ignored to prevent errors while calling dnssec-keyfromlabel or rndc.

https://fedorahosted.org/freeipa/ticket/5348

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-01-07 14:13:23 +01:00
Petr Spacek
ddf7397a4b DNSSEC: remove keys purged by OpenDNSSEC from master HSM from LDAP
Key purging has to be only only after key metadata purging so
ipa-dnskeysyncd on replices does not fail while dereferencing
non-existing keys.

https://fedorahosted.org/freeipa/ticket/5334

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-01-07 14:13:23 +01:00
Petr Spacek
3c9c37cec1 DNSSEC: add debug mode to ldapkeydb.py
ldapkeydb.py can be executed directly now. In that case it will print
out key metadata as obtained using IPA LDAP API.

Kerberos credential cache has to be filled with principal posessing
appropriate access rights before the script is execured.

https://fedorahosted.org/freeipa/ticket/5348

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-01-07 14:13:23 +01:00
Petr Spacek
e9cdaa1992 DNSSEC: remove obsolete TODO note
https://fedorahosted.org/freeipa/ticket/5348

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-01-07 14:13:23 +01:00
Petr Spacek
21e6cc6863 DNSSEC: Make sure that current key state in LDAP matches key state in BIND
We have to explicitly specify "none" value to prevent dnssec-keyfromlabel
utility from using current time for keys without "publish" and "activate"
timestamps.

Previously this lead to situation where key was in (intermediate) state
"generated" in OpenDNSSEC but BIND started to use this key for signing.

https://fedorahosted.org/freeipa/ticket/5348

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-01-07 14:13:23 +01:00
Martin Basti
e4075b1fe2 Remove unused imports
This patch removes unused imports, alse pylint has been configured to
check unused imports.

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-12-23 07:59:22 +01:00
Petr Viktorin
099cf98307 Refactor ipautil.run
The ipautil.run function now returns an object with returncode and
output are accessible as attributes.

The stdout and stderr of all commands are logged (unless skip_output is given).

The stdout/stderr contents must be explicitly requested with a keyword
argument, otherwise they are None.
This is because in Python 3, the output needs to be decoded, and that can
fail if it's not decodable (human-readable) text.

The raw (bytes) output is always available from the result object,
as is "leniently" decoded output suitable for logging.

All calls are changed to reflect this.

A use of Popen in cainstance is changed to ipautil.run.

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-12-14 10:54:23 +01:00
Petr Spacek
025a9b16c8 DNSSEC: Fix HSM synchronization in ipa-dnskeysyncd when running on DNSSEC key master
https://fedorahosted.org/freeipa/ticket/5273

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Oleg Fayans <ofayans@redhat.com>
2015-09-03 18:20:36 +02:00
Petr Viktorin
8de13bd7dd Use the print function
In Python 3, `print` is no longer a statement. Call it as a function
everywhere, and include the future import to remove the statement
in Python 2 code as well.

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-09-01 11:42:01 +02:00
Petr Viktorin
3bf91eab25 Use Python3-compatible dict method names
Python 2 has keys()/values()/items(), which return lists,
iterkeys()/itervalues()/iteritems(), which return iterators,
and viewkeys()/viewvalues()/viewitems() which return views.

Python 3 has only keys()/values()/items(), which return views.
To get iterators, one can use iter() or a for loop/comprehension;
for lists there's the list() constructor.

When iterating through the entire dict, without modifying the dict,
 the difference between Python 2's items() and iteritems() is
negligible, especially on small dicts (the main overhead is
extra memory, not CPU time). In the interest of simpler code,
this patch changes many instances of iteritems() to items(),
iterkeys() to keys() etc.

In other cases, helpers like six.itervalues are used.

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-09-01 11:42:01 +02:00
Petr Viktorin
5435a8a32a Use absolute imports
In Python 3, implicit relative imports will not be supported.
Use fully-qualified imports everywhere.

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2015-08-12 18:17:23 +02:00
Jan Cholasta
fe2accf776 ipalib: Load ipaserver plugins when api.env.in_server is True
https://fedorahosted.org/freeipa/ticket/3090
https://fedorahosted.org/freeipa/ticket/5073

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-01 13:05:30 +00:00
David Kupka
9b706e74d5 Make lint work on Fedora 22.
pylint added 'confidence' parameter to 'add_message' method of PyLinter.
To be compatible with both, pre- and post- 1.4  IPALinter must accept
the parameter but not pass it over.
Also python3 checker was added and enabled by default. FreeIPA is still
not ready for python3.
Additionally few false-positives was marked.

Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-04-27 11:02:57 +02:00
Tomas Babej
f30865c5f0 ipapython: Fix incorrect python shebangs
Make sure shebangs explicitly reference python2.

Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-01-26 13:03:24 +01:00
Martin Basti
46c12159e6 DNSSEC: fix root zone dns name conversion
Root zone was represented as '@', which was incorrect. ksmutil did not
accept it.
Now root zone is represented as '.'

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-01-23 09:26:55 +00:00
Petr Spacek
ac500003fd Fix zone name to directory name conversion in BINDMgr.
https://fedorahosted.org/freeipa/ticket/4657

Reviewed-By: Martin Basti <mbasti@redhat.com>
2014-10-29 15:02:08 +01:00
Petr Spacek
276e69de87 DNSSEC: add ipa dnssec daemons
Tickets:
https://fedorahosted.org/freeipa/ticket/3801
https://fedorahosted.org/freeipa/ticket/4417

Design:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
2014-10-21 12:23:03 +02:00