On 09/04/2014 01:11 PM, Petr Spacek wrote: > On 4.9.2014 13:02, Martin Basti wrote: >> On 04/09/14 11:46, Petr Spacek wrote: >>> On 3.9.2014 16:42, Martin Basti wrote: >>>> On 02/09/14 17:16, Petr Spacek wrote: >>>>> On 20.8.2014 19:26, Martin Basti wrote: >>>>>> Part of DNSSEC >>>>>> Patches attached. >>>>> >>>>> NACK >>>>> >>>>> # ipa dnsrecord-add ipa.example. ds '--ds-rec=1 2 3 4' >>>>> ipa: ERROR: invalid 'dsrecord': DS record requires to coexist with an NS >>>>> record (RFC 4529, section 4.6) >>>>> >>>>> RFC number is incorrect. IMHO it should also reference 'RFC 4035 section >>>>> 2.4'. >>>>> >>>>> Also, there is one hole: >>>>> Current code allows you to add DS RR to existing NS and then to remove NS. >>>>> >>>>> Let me know if adding a check to -del is too hard, maybe we can live >>>>> without >>>>> it... >>>>> >>>> dnsrecord-del validation added >>>> >>>> Updated patch attached >>>> >>>> Required in ipa 4.1 but this could be pushed to 4.0.x too >>> >>> It almost works ... almost. I'm not sure if the problem is in your patch or >>> in existing code: >>> >>> [root@vm-035 git]# ipa dnsrecord-add ipa.example ds --ds-rec='1 2 3 4' >>> Record name: ds >>> DS record: 1 2 3 4 >>> NS record: vm-035.idm.lab.eng.brq.redhat.com. >>> >>> [root@vm-035 git]# ipa dnsrecord-mod ipa.example ds --ns-rec= >>> ipa: ERROR: invalid 'dsrecord': DS record requires to coexist with an NS >>> record (RFC 4592 section 4.6, RFC 4035 section 2.4) >>> >>> [root@vm-035 git]# ipa dnsrecord-mod ipa.example ds --ds-rec= >>> Record name: ds >>> NS record: vm-035.idm.lab.eng.brq.redhat.com. >>> >>> [root@vm-035 git]# ipa dnsrecord-mod ipa.example ds --ns-rec= >>> ipa: ERROR: an internal error has occurred >>> >>> # tail /var/log/httpd/error_log >>> >>> ipa: ERROR: non-public: TypeError: dnsrecord_mod.validate_output() => >>> PrimaryKey.validate(): >>> output['value']: need <class 'ipapython.dnsutil.DNSName'>; got <type >>> 'list'>: [<DNS name ds>] >>> Traceback (most recent call last): >>> File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 348, >>> in wsgi_execute >>> result = self.Command[name](*args, **options) >>> File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 451, in >>> __call__ >>> self.validate_output(ret, options['version']) >>> File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 944, in >>> validate_output >>> o.validate(self, value, version) >>> File "/usr/lib/python2.7/site-packages/ipalib/output.py", line 126, in >>> validate >>> types[0], type(value), value)) >>> TypeError: dnsrecord_mod.validate_output() => PrimaryKey.validate(): >>> output['value']: need <class 'ipapython.dnsutil.DNSName'>; got <type >>> 'list'>: [<DNS name ds>] >>> ipa: INFO: [jsonserver_session] [email protected]: dnsrecord_mod(<DNS name >>> ipa.example.>, <DNS name ds>, nsrecord=None, rights=False, structured=False, >>> all=False, raw=False, version=u'2.102'): TypeError >>> >> This bug is not related with the patches. >> Error is raised when you try to delete the last record in RRset using >> dnsrecord-mod --any-rec="" > > Okay, functional ACK. Please send a separate patch for this problem or at > least > open a ticket and describe what is wrong with it. > > It can be pushed if Python gurus are okay with the code. > > Thank you! >
Ok, LGTM. Pushed to master, ipa-4-1. Martin _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
