Re: [Freeipa-devel] [PATCHES 0200-0202] DNS fixes related to unsupported records
On 03/06/2015 01:30 PM, Petr Spacek wrote: On 4.3.2015 16:35, Martin Basti wrote: On 04/03/15 16:17, Martin Basti wrote: Ticket: https://fedorahosted.org/freeipa/ticket/4930 0200: 4.1, master Fixes traceback, which was raised if LDAP contained a record that was marked as unsupported. Now unsupported records are shown, if LDAP contains them. 0200: 4.1, master Records marked as unsupported will not show options for editing parts. 0202: only master Removes NSEC3PARAM record from record types. NSEC3PARAM can contain only zone, value is allowed only in idnszone objectclass, so do not confuse users. and patches attached :-) ACK. It works for me and can be pushed to branches 4.1 and master. Patches require a rebase. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCHES 0200-0202] DNS fixes related to unsupported records
On 09/03/15 15:09, Tomas Babej wrote: On 03/06/2015 01:30 PM, Petr Spacek wrote: On 4.3.2015 16:35, Martin Basti wrote: On 04/03/15 16:17, Martin Basti wrote: Ticket: https://fedorahosted.org/freeipa/ticket/4930 0200: 4.1, master Fixes traceback, which was raised if LDAP contained a record that was marked as unsupported. Now unsupported records are shown, if LDAP contains them. 0200: 4.1, master Records marked as unsupported will not show options for editing parts. 0202: only master Removes NSEC3PARAM record from record types. NSEC3PARAM can contain only zone, value is allowed only in idnszone objectclass, so do not confuse users. and patches attached :-) ACK. It works for me and can be pushed to branches 4.1 and master. Patches require a rebase. Rebased patch 202 for IPA 4-1 branch -- Martin Basti From 65dc9ff7302820e88021d8c4ab34ea7793665256 Mon Sep 17 00:00:00 2001 From: Martin Basti mba...@redhat.com Date: Wed, 4 Mar 2015 15:13:48 +0100 Subject: [PATCH] DNS: remove NSEC3PARAM from records NSEC3PARAM is configurable only from zone commands. This patch removes this record type from DNS records. Ticket: https://fedorahosted.org/freeipa/ticket/4930 --- API.txt | 12 VERSION | 4 ++-- ipalib/plugins/dns.py | 8 +--- 3 files changed, 7 insertions(+), 17 deletions(-) diff --git a/API.txt b/API.txt index 10e204564e4e00617cf5e447b481592ed5f6d6d4..d987bc949948a280018f0f20d5af93838ecaeb20 100644 --- a/API.txt +++ b/API.txt @@ -805,7 +805,7 @@ output: Entry('result', type 'dict', Gettext('A dictionary representing an LDA output: Output('summary', (type 'unicode', type 'NoneType'), None) output: PrimaryKey('value', None, None) command: dnsrecord_add -args: 2,101,3 +args: 2,100,3 arg: DNSNameParam('dnszoneidnsname', cli_name='dnszone', multivalue=False, only_absolute=True, primary_key=True, query=True, required=True) arg: DNSNameParam('idnsname', attribute=True, cli_name='name', multivalue=False, primary_key=True, required=True) option: Str('a6_part_data', attribute=False, cli_name='a6_data', multivalue=False, option_group=u'A6 Record', required=False) @@ -876,7 +876,6 @@ option: Str('naptr_part_replacement', attribute=False, cli_name='naptr_replaceme option: Str('naptr_part_service', attribute=False, cli_name='naptr_service', multivalue=False, option_group=u'NAPTR Record', required=False) option: NAPTRRecord('naptrrecord', attribute=True, cli_name='naptr_rec', csv=True, multivalue=True, option_group=u'NAPTR Record', required=False) option: DNSNameParam('ns_part_hostname', attribute=False, cli_name='ns_hostname', multivalue=False, option_group=u'NS Record', required=False) -option: NSEC3PARAMRecord('nsec3paramrecord', attribute=True, cli_name='nsec3param_rec', csv=True, multivalue=True, option_group=u'NSEC3PARAM Record', required=False) option: NSEC3Record('nsec3record', attribute=True, cli_name='nsec3_rec', csv=True, multivalue=True, option_group=u'NSEC3 Record', required=False) option: NSECRecord('nsecrecord', attribute=True, cli_name='nsec_rec', csv=True, multivalue=True, option_group=u'NSEC Record', required=False) option: NSRecord('nsrecord', attribute=True, cli_name='ns_rec', csv=True, multivalue=True, option_group=u'NS Record', required=False) @@ -913,7 +912,7 @@ output: Entry('result', type 'dict', Gettext('A dictionary representing an LDA output: Output('summary', (type 'unicode', type 'NoneType'), None) output: PrimaryKey('value', None, None) command: dnsrecord_del -args: 2,40,3 +args: 2,39,3 arg: DNSNameParam('dnszoneidnsname', cli_name='dnszone', multivalue=False, only_absolute=True, primary_key=True, query=True, required=True) arg: DNSNameParam('idnsname', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True) option: A6Record('a6record', attribute=True, autofill=False, cli_name='a6_rec', csv=True, multivalue=True, option_group=None, required=False) @@ -938,7 +937,6 @@ option: KXRecord('kxrecord', attribute=True, autofill=False, cli_name='kx_rec', option: LOCRecord('locrecord', attribute=True, autofill=False, cli_name='loc_rec', csv=True, multivalue=True, option_group=None, required=False) option: MXRecord('mxrecord', attribute=True, autofill=False, cli_name='mx_rec', csv=True, multivalue=True, option_group=None, required=False) option: NAPTRRecord('naptrrecord', attribute=True, autofill=False, cli_name='naptr_rec', csv=True, multivalue=True, option_group=None, required=False) -option: NSEC3PARAMRecord('nsec3paramrecord', attribute=True, autofill=False, cli_name='nsec3param_rec', csv=True, multivalue=True, option_group=None, required=False) option: NSEC3Record('nsec3record', attribute=True, autofill=False, cli_name='nsec3_rec', csv=True, multivalue=True, option_group=None, required=False) option: NSECRecord('nsecrecord', attribute=True, autofill=False, cli_name='nsec_rec', csv=True, multivalue=True, option_group=None, required=False) option:
Re: [Freeipa-devel] [PATCHES 0200-0202] DNS fixes related to unsupported records
On 4.3.2015 16:35, Martin Basti wrote: On 04/03/15 16:17, Martin Basti wrote: Ticket: https://fedorahosted.org/freeipa/ticket/4930 0200: 4.1, master Fixes traceback, which was raised if LDAP contained a record that was marked as unsupported. Now unsupported records are shown, if LDAP contains them. 0200: 4.1, master Records marked as unsupported will not show options for editing parts. 0202: only master Removes NSEC3PARAM record from record types. NSEC3PARAM can contain only zone, value is allowed only in idnszone objectclass, so do not confuse users. and patches attached :-) ACK. It works for me and can be pushed to branches 4.1 and master. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCHES 0200-0202] DNS fixes related to unsupported records
On 04/03/15 16:17, Martin Basti wrote: Ticket: https://fedorahosted.org/freeipa/ticket/4930 0200: 4.1, master Fixes traceback, which was raised if LDAP contained a record that was marked as unsupported. Now unsupported records are shown, if LDAP contains them. 0200: 4.1, master Records marked as unsupported will not show options for editing parts. 0202: only master Removes NSEC3PARAM record from record types. NSEC3PARAM can contain only zone, value is allowed only in idnszone objectclass, so do not confuse users. and patches attached :-) -- Martin Basti From ec46d1059df2474762fb0434699f92cb645584bf Mon Sep 17 00:00:00 2001 From: Martin Basti mba...@redhat.com Date: Wed, 4 Mar 2015 12:52:16 +0100 Subject: [PATCH 1/3] DNS fix: do not traceback if unsupported records are in LDAP Show records which are unsupported, if they are in LDAP. Those records are not editable, and web UI doesnt show them. Fixes traceback caused by --structured option Ticket: https://fedorahosted.org/freeipa/ticket/4930 --- ipalib/plugins/dns.py | 64 +-- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index 9dc3ed0b021b7d9bb42053a48690047bd7a244a2..0e04a287e259a1f88ae5c973cf67ce680c61db7d 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -976,6 +976,17 @@ class ForwardRecord(DNSRecord): reason=_('Cannot create reverse record for %(value)s: %(exc)s') \ % dict(value=record, exc=unicode(e))) +class UnsupportedDNSRecord(DNSRecord): + +Records which are not supported by IPA CLI, but we allow to show them if +LDAP contains these records. + +supported = False + +def _get_part_values(self, value): +return tuple() + + class ARecord(ForwardRecord): rrtype = 'A' rfc = 1035 @@ -1023,10 +1034,9 @@ class AFSDBRecord(DNSRecord): ), ) -class APLRecord(DNSRecord): +class APLRecord(UnsupportedDNSRecord): rrtype = 'APL' rfc = 3123 -supported = False class CERTRecord(DNSRecord): rrtype = 'CERT' @@ -1062,10 +1072,9 @@ class CNAMERecord(DNSRecord): ), ) -class DHCIDRecord(DNSRecord): +class DHCIDRecord(UnsupportedDNSRecord): rrtype = 'DHCID' rfc = 4701 -supported = False class DNAMERecord(DNSRecord): rrtype = 'DNAME' @@ -1076,10 +1085,9 @@ class DNAMERecord(DNSRecord): ), ) -class DNSKEYRecord(DNSRecord): +class DNSKEYRecord(UnsupportedDNSRecord): rrtype = 'DNSKEY' rfc = 4034 -supported = False class DSRecord(DNSRecord): rrtype = 'DS' @@ -1114,20 +1122,18 @@ class DLVRecord(DSRecord): rfc = 4431 -class HIPRecord(DNSRecord): +class HIPRecord(UnsupportedDNSRecord): rrtype = 'HIP' rfc = 5205 -supported = False -class KEYRecord(DNSRecord): +class KEYRecord(UnsupportedDNSRecord): +# managed by BIND itself rrtype = 'KEY' rfc = 2535 -supported = False # managed by BIND itself -class IPSECKEYRecord(DNSRecord): +class IPSECKEYRecord(UnsupportedDNSRecord): rrtype = 'IPSECKEY' rfc = 4025 -supported = False class KXRecord(DNSRecord): rrtype = 'KX' @@ -1300,20 +1306,19 @@ class NSRecord(DNSRecord): ), ) -class NSECRecord(DNSRecord): +class NSECRecord(UnsupportedDNSRecord): +# managed by BIND itself rrtype = 'NSEC' rfc = 4034 -supported = False # managed by BIND itself -class NSEC3Record(DNSRecord): +class NSEC3Record(UnsupportedDNSRecord): rrtype = 'NSEC3' rfc = 5155 -supported = False -class NSEC3PARAMRecord(DNSRecord): +class NSEC3PARAMRecord(UnsupportedDNSRecord): +# this is part of zone in IPA rrtype = 'NSEC3PARAM' rfc = 5155 -supported = False # this is part of zone in IPA def _validate_naptr_flags(ugettext, flags): allowed_flags = u'SAUP' @@ -1365,10 +1370,9 @@ class PTRRecord(DNSRecord): ), ) -class RPRecord(DNSRecord): +class RPRecord(UnsupportedDNSRecord): rrtype = 'RP' rfc = 1183 -supported = False class SRVRecord(DNSRecord): rrtype = 'SRV' @@ -1403,20 +1407,19 @@ def _sig_time_validator(ugettext, value): return _('the value does not follow MMDDHHMMSS time format') -class SIGRecord(DNSRecord): +class SIGRecord(UnsupportedDNSRecord): +# managed by BIND itself rrtype = 'SIG' rfc = 2535 -supported = False # managed by BIND itself -class SPFRecord(DNSRecord): +class SPFRecord(UnsupportedDNSRecord): rrtype = 'SPF' rfc = 4408 -supported = False -class RRSIGRecord(SIGRecord): +class RRSIGRecord(UnsupportedDNSRecord): +# managed by BIND itself rrtype = 'RRSIG' rfc = 4034 -supported = False # managed by BIND itself class SSHFPRecord(DNSRecord): rrtype = 'SSHFP' @@ -1445,9 +1448,8 @@ class SSHFPRecord(DNSRecord): return tuple(values)
[Freeipa-devel] [PATCHES 0200-0202] DNS fixes related to unsupported records
Ticket: https://fedorahosted.org/freeipa/ticket/4930 0200: 4.1, master Fixes traceback, which was raised if LDAP contained a record that was marked as unsupported. Now unsupported records are shown, if LDAP contains them. 0200: 4.1, master Records marked as unsupported will not show options for editing parts. 0202: only master Removes NSEC3PARAM record from record types. NSEC3PARAM can contain only zone, value is allowed only in idnszone objectclass, so do not confuse users. -- Martin Basti ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel