def _finalize_core(self, **defaults):
"""
Complete initialization of standard IPA environment.
This method will perform the following steps:
1. Call `Env._bootstrap()` if it hasn't already been called.
2. Merge-in variables from the configuration file ``self.conf``
(if it exists) by calling `Env._merge_from_file()`.
3. Merge-in variables from the defaults configuration file
``self.conf_default`` (if it exists) by calling
`Env._merge_from_file()`.
4. Intelligently fill-in the *in_server* , *logdir*, *log*, and
*jsonrpc_uri* variables if they haven't already been set.
5. Merge-in the variables in ``defaults`` by calling `Env._merge()`.
In normal circumstances ``defaults`` will simply be those
specified in `constants.DEFAULT_CONFIG`.
After this method is called, all the environment variables used by all
the built-in plugins will be available. As such, this method should be
called *before* any plugins are loaded.
After this method has finished, the `Env` instance is still writable
so that 3rd-party plugins can set variables they may require as the
plugins are registered.
Also see `Env._finalize()`, the final method in the bootstrap sequence.
:param defaults: Internal defaults for all built-in variables.
"""
self.__doing('_finalize_core')
self.__do_if_not_done('_bootstrap')
# Merge in context config file and then default config file:
if self.__d.get('mode', None) != 'dummy':
self._merge_from_file(self.conf)
self._merge_from_file(self.conf_default)
# Determine if in_server:
if 'in_server' not in self:
self.in_server = (self.context == 'server')
# Set logdir:
if 'logdir' not in self:
if self.in_tree or not self.in_server:
self.logdir = self._join('dot_ipa', 'log')
else:
self.logdir = path.join('/', 'var', 'log', 'ipa')
# Set log file:
if 'log' not in self:
self.log = self._join('logdir', '%s.log' % self.context)
if 'basedn' not in self and 'domain' in self:
self.basedn = DN(*(('dc', dc) for dc in self.domain.split('.')))
# Derive xmlrpc_uri from server
# (Note that this is done before deriving jsonrpc_uri from xmlrpc_uri
# and server from jsonrpc_uri so that when only server or xmlrpc_uri
# is specified, all 3 keys have a value.)
if 'xmlrpc_uri' not in self and 'server' in self:
self.xmlrpc_uri = 'https://{}/ipa/xml'.format(self.server)
# Derive ldap_uri from server
if 'ldap_uri' not in self and 'server' in self:
self.ldap_uri = 'ldap://{}'.format(self.server)
# Derive jsonrpc_uri from xmlrpc_uri
if 'jsonrpc_uri' not in self:
if 'xmlrpc_uri' in self:
xmlrpc_uri = self.xmlrpc_uri
else:
xmlrpc_uri = defaults.get('xmlrpc_uri')
if xmlrpc_uri:
(scheme, netloc, uripath, params, query,
fragment) = urlparse(xmlrpc_uri)
uripath = uripath.replace('/xml', '/json', 1)
self.jsonrpc_uri = urlunparse(
(scheme, netloc, uripath, params, query, fragment))
if 'server' not in self:
if 'jsonrpc_uri' in self:
jsonrpc_uri = self.jsonrpc_uri
else:
jsonrpc_uri = defaults.get('jsonrpc_uri')
if jsonrpc_uri:
parsed = urlparse(jsonrpc_uri)
self.server = parsed.netloc
self._merge(**defaults)
# set the best known TLS version if min/max versions are not set
if 'tls_version_min' not in self:
self.tls_version_min = TLS_VERSIONS[-1]
elif self.tls_version_min not in TLS_VERSIONS:
raise errors.EnvironmentError(
"Unknown TLS version '{ver}' set in tls_version_min.".format(
ver=self.tls_version_min))
if 'tls_version_max' not in self:
self.tls_version_max = TLS_VERSIONS[-1]
elif self.tls_version_max not in TLS_VERSIONS:
raise errors.EnvironmentError(
"Unknown TLS version '{ver}' set in tls_version_max.".format(
ver=self.tls_version_max))
if self.tls_version_max < self.tls_version_min:
raise errors.EnvironmentError(
"tls_version_min is set to a higher TLS version than "
"tls_version_max.")
def _bootstrap(self, **overrides):
"""
Initialize basic environment.
This method will perform the following steps:
1. Initialize certain run-time variables. These run-time variables
are strictly determined by the external environment the process
is running in; they cannot be specified on the command-line nor
in the configuration files.
2. Merge-in the variables in ``overrides`` by calling
`Env._merge()`. The intended use of ``overrides`` is to merge-in
variables specified on the command-line.
3. Intelligently fill-in the *in_tree*, *context*, *conf*, and
*conf_default* variables if they haven't been set already.
Also see `Env._finalize_core()`, the next method in the bootstrap
sequence.
:param overrides: Variables specified via command-line options.
"""
self.__doing('_bootstrap')
# Set run-time variables (cannot be overridden):
self.ipalib = path.dirname(path.abspath(__file__))
self.site_packages = path.dirname(self.ipalib)
self.script = path.abspath(sys.argv[0])
self.bin = path.dirname(self.script)
self.home = os.environ.get('HOME', None)
self.fips_mode = tasks.is_fips_enabled()
# Merge in overrides:
self._merge(**overrides)
# Determine if running in source tree:
if 'in_tree' not in self:
self.in_tree = (self.bin == self.site_packages
and path.isfile(path.join(self.bin, 'setup.py')))
if self.in_tree and 'mode' not in self:
self.mode = 'developer'
# Set dot_ipa:
if 'dot_ipa' not in self:
self.dot_ipa = self._join('home', '.ipa')
# Set context
if 'context' not in self:
self.context = 'default'
# Set confdir:
self.env_confdir = os.environ.get('IPA_CONFDIR')
if 'confdir' in self and self.env_confdir is not None:
raise errors.EnvironmentError(
"IPA_CONFDIR env cannot be set because explicit confdir "
"is used")
if 'confdir' not in self:
if self.env_confdir is not None:
if (not path.isabs(self.env_confdir)
or not path.isdir(self.env_confdir)):
raise errors.EnvironmentError(
"IPA_CONFDIR env var must be an absolute path to an "
"existing directory, got '{}'.".format(
self.env_confdir))
self.confdir = self.env_confdir
elif self.in_tree:
self.confdir = self.dot_ipa
else:
self.confdir = path.join('/', 'etc', 'ipa')
# Set conf (config file for this context):
if 'conf' not in self:
self.conf = self._join('confdir', '%s.conf' % self.context)
# Set conf_default (default base config used in all contexts):
if 'conf_default' not in self:
self.conf_default = self._join('confdir', 'default.conf')
if 'nss_dir' not in self:
self.nss_dir = self._join('confdir', 'nssdb')
if 'tls_ca_cert' not in self:
self.tls_ca_cert = self._join('confdir', 'ca.crt')
# having tls_ca_cert an absolute path could help us extending this
# in the future for different certificate providers simply by adding
# a prefix to the path
if not path.isabs(self.tls_ca_cert):
raise errors.EnvironmentError(
"tls_ca_cert has to be an absolute path to a CA certificate, "
"got '{}'".format(self.tls_ca_cert))
# Set plugins_on_demand:
if 'plugins_on_demand' not in self:
self.plugins_on_demand = (self.context == 'cli')
