From 799ebc8be681165e622778848a9b2989434a29dd Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <flo@redhat.com>
Date: Mar 13 2020 06:42:51 +0000
Subject: opendnssec2.1 support: move all ods tasks to specific file


Move all the routines run_ods* from tasks to _ods14 or _ods21 module

Related: https://pagure.io/freeipa/issue/8214
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

---

diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py
index 6a4ec71..ad4321f 100644
--- a/ipaplatform/base/tasks.py
+++ b/ipaplatform/base/tasks.py
@@ -24,12 +24,10 @@ This module contains default platform-specific implementations of system tasks.
 
 from __future__ import absolute_import
 
-import os
 import logging
 
 from pkg_resources import parse_version
 
-from ipaplatform.constants import constants
 from ipaplatform.paths import paths
 from ipapython import ipautil
 from ipapython.ipachangeconf import IPAChangeConf
@@ -287,69 +285,6 @@ class BaseTaskNamespace:
         if fstore is not None and fstore.has_file(paths.RESOLV_CONF):
             fstore.restore_file(paths.RESOLV_CONF)
 
-    def run_ods_setup(self):
-        """Initialize a new kasp.db
-        """
-        if paths.ODS_KSMUTIL is not None and os.path.exists(paths.ODS_KSMUTIL):
-            # OpenDNSSEC 1.4
-            cmd = [paths.ODS_KSMUTIL, 'setup']
-        else:
-            # OpenDNSSEC 2.x
-            cmd = [paths.ODS_ENFORCER_DB_SETUP]
-        return ipautil.run(cmd, stdin="y", runas=constants.ODS_USER)
-
-    def run_ods_notify(self, **kwargs):
-        """Notify ods-enforcerd to reload its conf."""
-        if paths.ODS_KSMUTIL is not None and os.path.exists(paths.ODS_KSMUTIL):
-            # OpenDNSSEC 1.4
-            cmd = [paths.ODS_KSMUTIL, 'notify']
-        else:
-            # OpenDNSSEC 2.x
-            cmd = [paths.ODS_ENFORCER, 'flush']
-
-        # run commands as ODS user
-        if os.geteuid() == 0:
-            kwargs['runas'] = constants.ODS_USER
-
-        return ipautil.run(cmd, **kwargs)
-
-    def run_ods_policy_import(self, **kwargs):
-        """Run OpenDNSSEC manager command to import policy."""
-        # This step is needed with OpenDNSSEC 2.1 only
-        if paths.ODS_KSMUTIL is not None and os.path.exists(paths.ODS_KSMUTIL):
-            # OpenDNSSEC 1.4
-            return
-
-        # OpenDNSSEC 2.x
-        cmd = [paths.ODS_ENFORCER, 'policy', 'import']
-
-        # run commands as ODS user
-        if os.geteuid() == 0:
-            kwargs['runas'] = constants.ODS_USER
-        ipautil.run(cmd, **kwargs)
-
-    def run_ods_manager(self, params, **kwargs):
-        """Run OpenDNSSEC manager command (ksmutil, enforcer)
-
-        :param params: parameter for ODS command
-        :param kwargs: additional arguments for ipautil.run()
-        :return: result from ipautil.run()
-        """
-        assert params[0] != 'setup'
-
-        if paths.ODS_KSMUTIL is not None and os.path.exists(paths.ODS_KSMUTIL):
-            # OpenDNSSEC 1.4
-            cmd = [paths.ODS_KSMUTIL]
-        else:
-            # OpenDNSSEC 2.x
-            cmd = [paths.ODS_ENFORCER]
-        cmd.extend(params)
-
-        # run commands as ODS user
-        if os.geteuid() == 0:
-            kwargs['runas'] = constants.ODS_USER
-
-        return ipautil.run(cmd, **kwargs)
 
     def configure_pkcs11_modules(self, fstore):
         """Disable p11-kit modules
diff --git a/ipaserver/dnssec/_ods14.py b/ipaserver/dnssec/_ods14.py
index 4382ad8..778e6ac 100644
--- a/ipaserver/dnssec/_ods14.py
+++ b/ipaserver/dnssec/_ods14.py
@@ -2,11 +2,15 @@
 # Copyright (C) 2020  FreeIPA Contributors see COPYING for license
 #
 
+import os
 import socket
 
+from ipapython import ipautil
 from ipaserver.dnssec._odsbase import AbstractODSDBConnection
 from ipaserver.dnssec._odsbase import AbstractODSSignerConn
 from ipaserver.dnssec._odsbase import ODS_SE_MAXLINE
+from ipaplatform.constants import constants
+from ipaplatform.paths import paths
 
 
 class ODSDBConnection(AbstractODSDBConnection):
@@ -43,3 +47,43 @@ class ODSSignerConn(AbstractODSSignerConn):
         self._conn.send(reply + b'\n')
         self._conn.shutdown(socket.SHUT_RDWR)
         self._conn.close()
+
+
+class ODSTask():
+    def run_ods_setup(self):
+        """Initialize a new kasp.db"""
+        cmd = [paths.ODS_KSMUTIL, 'setup']
+        return ipautil.run(cmd, stdin="y", runas=constants.ODS_USER)
+
+    def run_ods_notify(self, **kwargs):
+        """Notify ods-enforcerd to reload its conf."""
+        cmd = [paths.ODS_KSMUTIL, 'notify']
+
+        # run commands as ODS user
+        if os.geteuid() == 0:
+            kwargs['runas'] = constants.ODS_USER
+
+        return ipautil.run(cmd, **kwargs)
+
+    def run_ods_policy_import(self, **kwargs):
+        """Run OpenDNSSEC manager command to import policy."""
+        # This step is needed with OpenDNSSEC 2.1 only
+        return
+
+    def run_ods_manager(self, params, **kwargs):
+        """Run OpenDNSSEC manager command (ksmutil, enforcer)
+
+        :param params: parameter for ODS command
+        :param kwargs: additional arguments for ipautil.run()
+        :return: result from ipautil.run()
+        """
+        assert params[0] != 'setup'
+
+        cmd = [paths.ODS_KSMUTIL]
+        cmd.extend(params)
+
+        # run commands as ODS user
+        if os.geteuid() == 0:
+            kwargs['runas'] = constants.ODS_USER
+
+        return ipautil.run(cmd, **kwargs)
diff --git a/ipaserver/dnssec/_ods21.py b/ipaserver/dnssec/_ods21.py
index d00f375..79e2b18 100644
--- a/ipaserver/dnssec/_ods21.py
+++ b/ipaserver/dnssec/_ods21.py
@@ -3,10 +3,14 @@
 #
 
 from datetime import datetime
+import os
 
 from ipaserver.dnssec._odsbase import AbstractODSDBConnection
 from ipaserver.dnssec._odsbase import AbstractODSSignerConn
 from ipaserver.dnssec._odsbase import ODS_SE_MAXLINE
+from ipaplatform.constants import constants
+from ipaplatform.paths import paths
+from ipapython import ipautil
 
 CLIENT_OPC_STDOUT = 0
 CLIENT_OPC_EXIT = 4
@@ -65,3 +69,47 @@ class ODSSignerConn(AbstractODSSignerConn):
         prefix = bytearray([CLIENT_OPC_EXIT, 0, 1, 0])
         self._conn.sendall(prefix)
         self._conn.close()
+
+
+class ODSTask():
+    def run_ods_setup(self):
+        """Initialize a new kasp.db"""
+        cmd = [paths.ODS_ENFORCER_DB_SETUP]
+        return ipautil.run(cmd, stdin="y", runas=constants.ODS_USER)
+
+    def run_ods_notify(self, **kwargs):
+        """Notify ods-enforcerd to reload its conf."""
+        cmd = [paths.ODS_ENFORCER, 'flush']
+
+        # run commands as ODS user
+        if os.geteuid() == 0:
+            kwargs['runas'] = constants.ODS_USER
+
+        return ipautil.run(cmd, **kwargs)
+
+    def run_ods_policy_import(self, **kwargs):
+        """Run OpenDNSSEC manager command to import policy."""
+        cmd = [paths.ODS_ENFORCER, 'policy', 'import']
+
+        # run commands as ODS user
+        if os.geteuid() == 0:
+            kwargs['runas'] = constants.ODS_USER
+        ipautil.run(cmd, **kwargs)
+
+    def run_ods_manager(self, params, **kwargs):
+        """Run OpenDNSSEC manager command (ksmutil, enforcer)
+
+        :param params: parameter for ODS command
+        :param kwargs: additional arguments for ipautil.run()
+        :return: result from ipautil.run()
+        """
+        assert params[0] != 'setup'
+
+        cmd = [paths.ODS_ENFORCER]
+        cmd.extend(params)
+
+        # run commands as ODS user
+        if os.geteuid() == 0:
+            kwargs['runas'] = constants.ODS_USER
+
+        return ipautil.run(cmd, **kwargs)
diff --git a/ipaserver/dnssec/odsmgr.py b/ipaserver/dnssec/odsmgr.py
index 506265d..dadde2d 100644
--- a/ipaserver/dnssec/odsmgr.py
+++ b/ipaserver/dnssec/odsmgr.py
@@ -12,7 +12,7 @@ except ImportError:
     from xml.etree import ElementTree as etree
 
 from ipapython import ipa_log_manager, ipautil
-from ipaplatform.tasks import tasks
+from ipaserver.dnssec.opendnssec import tasks
 
 logger = logging.getLogger(__name__)
 
diff --git a/ipaserver/dnssec/opendnssec.py b/ipaserver/dnssec/opendnssec.py
index d0b8061..83db46d 100644
--- a/ipaserver/dnssec/opendnssec.py
+++ b/ipaserver/dnssec/opendnssec.py
@@ -7,6 +7,8 @@ from ipaplatform.paths import paths
 
 # pylint: disable=unused-import
 if paths.ODS_KSMUTIL is not None and os.path.exists(paths.ODS_KSMUTIL):
-    from ._ods14 import ODSDBConnection, ODSSignerConn
+    from ._ods14 import ODSDBConnection, ODSSignerConn, ODSTask
 else:
-    from ._ods21 import ODSDBConnection, ODSSignerConn
+    from ._ods21 import ODSDBConnection, ODSSignerConn, ODSTask
+
+tasks = ODSTask()
diff --git a/ipaserver/install/opendnssecinstance.py b/ipaserver/install/opendnssecinstance.py
index e50d53d..95029fd 100644
--- a/ipaserver/install/opendnssecinstance.py
+++ b/ipaserver/install/opendnssecinstance.py
@@ -13,6 +13,7 @@ import shutil
 from subprocess import CalledProcessError
 
 from ipalib.install import sysrestore
+from ipaserver.dnssec.opendnssec import tasks
 from ipaserver.install import service
 from ipaserver.masters import ENABLED_SERVICE
 from ipapython.dn import DN
@@ -21,7 +22,6 @@ from ipapython import ipautil
 from ipaplatform import services
 from ipaplatform.constants import constants
 from ipaplatform.paths import paths
-from ipaplatform.tasks import tasks
 from ipalib import errors, api
 from ipaserver import p11helper
 from ipalib.constants import SOFTHSM_DNSSEC_TOKEN_LABEL