Prepare directory services cache for IPA changes (#13924)

This commit creates a generic directory-service agnostic user
and group cache in perparation for adding IPA directory service
integration. It also includes opportunistic API cleanups by
removing the TDB plugin that was initially written for clustering
support in favor of shifting TDB wrappers into a utils file with
direct CI tests.

src/middlewared/middlewared/etc_files/cron.d/middlewared.mako

@@ -9,7 +9,7 @@
 SHELL=/bin/sh
 PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
 
-30 3 * * * root midclt call dscache.refresh > /dev/null 2>&1
+30 3 * * * root midclt call directoryservices.cache.refresh_impl > /dev/null 2>&1
 45 3 * * * root midclt call config.backup >/dev/null 2>&1
 
 45 3 * * * root midclt call pool.scrub.run ${boot_pool} ${system_advanced['boot_scrub']} > /dev/null 2>&1

src/middlewared/middlewared/plugins/account.py

@@ -292,7 +292,7 @@ async def query(self, filters, options):
         if dssearch:
             ds_state = await self.middleware.call('directoryservices.get_state')
             if ds_state['activedirectory'] == 'HEALTHY' or ds_state['ldap'] == 'HEALTHY':
-                ds_users = await self.middleware.call('directoryservices.cache.query', 'USERS', filters, options.copy())
+                ds_users = await self.middleware.call('directoryservices.cache.query', 'USER', filters, options.copy())
                 # For AD users, we will not have 2FA attribute normalized so let's do that
                 ad_users_2fa_mapping = await self.middleware.call('auth.twofactor.get_ad_users')
                 for index, user in enumerate(filter(
@@ -1741,7 +1741,7 @@ async def query(self, filters, options):
         if dssearch:
             ds_state = await self.middleware.call('directoryservices.get_state')
             if ds_state['activedirectory'] == 'HEALTHY' or ds_state['ldap'] == 'HEALTHY':
-                ds_groups = await self.middleware.call('directoryservices.cache.query', 'GROUPS', filters, options)
+                ds_groups = await self.middleware.call('directoryservices.cache.query', 'GROUP', filters, options)
 
         if 'SMB' in additional_information:
             try:

src/middlewared/middlewared/plugins/activedirectory.py

@@ -849,7 +849,8 @@ async def __start(self, job):
         if ret == neterr.JOINED:
             await self.set_state(DSStatus['HEALTHY'].name)
             job.set_progress(90, 'Restarting dependent services.')
-            await self.middleware.call('service.start', 'dscache')
+            cache_fill = await self.middleware.call('directoryservices.cache.refresh_impl')
+            await cache_fill.wait()
             await self.middleware.call('directoryservices.restart_dependent_services')
             if ad['verbose_logging']:
                 self.logger.debug('Successfully started AD service for [%s].', ad['domainname'])
@@ -890,7 +891,7 @@ async def __stop(self, job, config):
         await self.middleware.call('etc.generate', 'nss')
         await self.set_state(DSStatus['DISABLED'].name)
         job.set_progress(60, 'clearing caches.')
-        await self.middleware.call('service.stop', 'dscache')
+        await self.middleware.call('directoryservices.cache.abort_refresh')
         await self.middleware.call('service.start', 'cifs')
         await self.set_state(DSStatus['DISABLED'].name)
         job.set_progress(100, 'Active Directory stop completed.')

src/middlewared/middlewared/plugins/directoryservices.py

@@ -47,11 +47,11 @@ async def status(self):
         # status more directly and deprecate the `get_state` method.
         state = await self.get_state()
         for ds in DSType:
-            if (status := state.get(ds.value, 'DISABLED')) == DSStatus.DISABLED.name:
+            if (status := state.get(ds.value.lower(), 'DISABLED')) == DSStatus.DISABLED.name:
                 continue
 
             return {
-                'type': ds.value.upper(),
+                'type': ds.value,
                 'status': status
             }
 
@@ -89,8 +89,8 @@ async def get_state(self):
                     # TODO: IPA join not implemented yet
                     continue
                 try:
-                    res = await self.middleware.call(f'{srv.value}.started')
-                    ds_state[srv.value] = DSStatus.HEALTHY.name if res else DSStatus.DISABLED.name
+                    res = await self.middleware.call(f'{srv.value.lower()}.started')
+                    ds_state[srv.value.lower()] = DSStatus.HEALTHY.name if res else DSStatus.DISABLED.name
 
                 except CallError as e:
                     if e.errno == errno.EINVAL:
@@ -124,7 +124,7 @@ async def set_state(self, new):
         return await self.middleware.call('cache.put', 'DS_STATE', ds_state)
 
     @accepts()
-    @job()
+    @job(lock="directoryservices_refresh_cache", lock_queue_size=1)
     async def cache_refresh(self, job):
         """
         This method refreshes the directory services cache for users and groups that is
@@ -139,7 +139,7 @@ async def cache_refresh(self, job):
         permissions and ACL related methods. Likewise, a cache refresh will not resolve issues
         with users being unable to authenticate to shares.
         """
-        return await job.wrap(await self.middleware.call('directoryservices.cache.refresh'))
+        return await job.wrap(await self.middleware.call('directoryservices.cache.refresh_impl'))
 
     @private
     @returns(List(
@@ -176,7 +176,7 @@ async def sasl_wrapping_choices(self, dstype):
         name='nss_info_choices'
     ))
     async def nss_info_choices(self, dstype):
-        ds = DSType(dstype.lower())
+        ds = DSType(dstype)
         ret = []
 
         for x in list(NSS_Info):