On 4.9.2014 13:02, Martin Basti wrote:
On 04/09/14 11:46, Petr Spacek wrote:
On 3.9.2014 16:42, Martin Basti wrote:
On 02/09/14 17:16, Petr Spacek wrote:
On 20.8.2014 19:26, Martin Basti wrote:
Part of DNSSEC
Patches attached.
NACK
# ipa dnsrecord-add ipa.example. ds '--ds-rec=1 2 3 4'
ipa: ERROR: invalid 'dsrecord': DS record requires to coexist with an NS
record (RFC 4529, section 4.6)
RFC number is incorrect. IMHO it should also reference 'RFC 4035 section
2.4'.
Also, there is one hole:
Current code allows you to add DS RR to existing NS and then to remove NS.
Let me know if adding a check to -del is too hard, maybe we can live without
it...
dnsrecord-del validation added
Updated patch attached
Required in ipa 4.1 but this could be pushed to 4.0.x too
It almost works ... almost. I'm not sure if the problem is in your patch or
in existing code:
[root@vm-035 git]# ipa dnsrecord-add ipa.example ds --ds-rec='1 2 3 4'
Record name: ds
DS record: 1 2 3 4
NS record: vm-035.idm.lab.eng.brq.redhat.com.
[root@vm-035 git]# ipa dnsrecord-mod ipa.example ds --ns-rec=
ipa: ERROR: invalid 'dsrecord': DS record requires to coexist with an NS
record (RFC 4592 section 4.6, RFC 4035 section 2.4)
[root@vm-035 git]# ipa dnsrecord-mod ipa.example ds --ds-rec=
Record name: ds
NS record: vm-035.idm.lab.eng.brq.redhat.com.
[root@vm-035 git]# ipa dnsrecord-mod ipa.example ds --ns-rec=
ipa: ERROR: an internal error has occurred
# tail /var/log/httpd/error_log
ipa: ERROR: non-public: TypeError: dnsrecord_mod.validate_output() =>
PrimaryKey.validate():
output['value']: need <class 'ipapython.dnsutil.DNSName'>; got <type
'list'>: [<DNS name ds>]
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 348,
in wsgi_execute
result = self.Command[name](*args, **options)
File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 451, in
__call__
self.validate_output(ret, options['version'])
File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 944, in
validate_output
o.validate(self, value, version)
File "/usr/lib/python2.7/site-packages/ipalib/output.py", line 126, in
validate
types[0], type(value), value))
TypeError: dnsrecord_mod.validate_output() => PrimaryKey.validate():
output['value']: need <class 'ipapython.dnsutil.DNSName'>; got <type
'list'>: [<DNS name ds>]
ipa: INFO: [jsonserver_session] admin@IPA.EXAMPLE: dnsrecord_mod(<DNS name
ipa.example.>, <DNS name ds>, nsrecord=None, rights=False, structured=False,
all=False, raw=False, version=u'2.102'): TypeError
This bug is not related with the patches.
Error is raised when you try to delete the last record in RRset using
dnsrecord-mod --any-rec=""
Okay, functional ACK. Please send a separate patch for this problem or at
least open a ticket and describe what is wrong with it.
It can be pushed if Python gurus are okay with the code.
Thank you!
--
Petr^2 Spacek
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel