Re: [Freeipa-devel] [PATCHES 0200-0202] DNS fixes related to unsupported records
On 03/06/2015 01:30 PM, Petr Spacek wrote: On 4.3.2015 16:35, Martin Basti wrote: On 04/03/15 16:17, Martin Basti wrote: Ticket: https://fedorahosted.org/freeipa/ticket/4930 0200: 4.1, master Fixes traceback, which was raised if LDAP contained a record that was marked as unsupported. Now unsupported records are shown, if LDAP contains them. 0200: 4.1, master Records marked as unsupported will not show options for editing parts. 0202: only master Removes NSEC3PARAM record from record types. NSEC3PARAM can contain only zone, value is allowed only in idnszone objectclass, so do not confuse users. and patches attached :-) ACK. It works for me and can be pushed to branches 4.1 and master. Patches require a rebase. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCHES 0200-0202] DNS fixes related to unsupported records
On 09/03/15 15:09, Tomas Babej wrote:
On 03/06/2015 01:30 PM, Petr Spacek wrote:
On 4.3.2015 16:35, Martin Basti wrote:
On 04/03/15 16:17, Martin Basti wrote:
Ticket: https://fedorahosted.org/freeipa/ticket/4930
0200: 4.1, master
Fixes traceback, which was raised if LDAP contained a record that
was marked
as unsupported.
Now unsupported records are shown, if LDAP contains them.
0200: 4.1, master
Records marked as unsupported will not show options for editing parts.
0202: only master
Removes NSEC3PARAM record from record types. NSEC3PARAM can contain
only
zone, value is allowed only in idnszone objectclass, so do not
confuse users.
and patches attached :-)
ACK. It works for me and can be pushed to branches 4.1 and master.
Patches require a rebase.
Rebased patch 202 for IPA 4-1 branch
--
Martin Basti
From 65dc9ff7302820e88021d8c4ab34ea7793665256 Mon Sep 17 00:00:00 2001
From: Martin Basti mba...@redhat.com
Date: Wed, 4 Mar 2015 15:13:48 +0100
Subject: [PATCH] DNS: remove NSEC3PARAM from records
NSEC3PARAM is configurable only from zone commands. This patch removes
this record type from DNS records.
Ticket: https://fedorahosted.org/freeipa/ticket/4930
---
API.txt | 12
VERSION | 4 ++--
ipalib/plugins/dns.py | 8 +---
3 files changed, 7 insertions(+), 17 deletions(-)
diff --git a/API.txt b/API.txt
index 10e204564e4e00617cf5e447b481592ed5f6d6d4..d987bc949948a280018f0f20d5af93838ecaeb20 100644
--- a/API.txt
+++ b/API.txt
@@ -805,7 +805,7 @@ output: Entry('result', type 'dict', Gettext('A dictionary representing an LDA
output: Output('summary', (type 'unicode', type 'NoneType'), None)
output: PrimaryKey('value', None, None)
command: dnsrecord_add
-args: 2,101,3
+args: 2,100,3
arg: DNSNameParam('dnszoneidnsname', cli_name='dnszone', multivalue=False, only_absolute=True, primary_key=True, query=True, required=True)
arg: DNSNameParam('idnsname', attribute=True, cli_name='name', multivalue=False, primary_key=True, required=True)
option: Str('a6_part_data', attribute=False, cli_name='a6_data', multivalue=False, option_group=u'A6 Record', required=False)
@@ -876,7 +876,6 @@ option: Str('naptr_part_replacement', attribute=False, cli_name='naptr_replaceme
option: Str('naptr_part_service', attribute=False, cli_name='naptr_service', multivalue=False, option_group=u'NAPTR Record', required=False)
option: NAPTRRecord('naptrrecord', attribute=True, cli_name='naptr_rec', csv=True, multivalue=True, option_group=u'NAPTR Record', required=False)
option: DNSNameParam('ns_part_hostname', attribute=False, cli_name='ns_hostname', multivalue=False, option_group=u'NS Record', required=False)
-option: NSEC3PARAMRecord('nsec3paramrecord', attribute=True, cli_name='nsec3param_rec', csv=True, multivalue=True, option_group=u'NSEC3PARAM Record', required=False)
option: NSEC3Record('nsec3record', attribute=True, cli_name='nsec3_rec', csv=True, multivalue=True, option_group=u'NSEC3 Record', required=False)
option: NSECRecord('nsecrecord', attribute=True, cli_name='nsec_rec', csv=True, multivalue=True, option_group=u'NSEC Record', required=False)
option: NSRecord('nsrecord', attribute=True, cli_name='ns_rec', csv=True, multivalue=True, option_group=u'NS Record', required=False)
@@ -913,7 +912,7 @@ output: Entry('result', type 'dict', Gettext('A dictionary representing an LDA
output: Output('summary', (type 'unicode', type 'NoneType'), None)
output: PrimaryKey('value', None, None)
command: dnsrecord_del
-args: 2,40,3
+args: 2,39,3
arg: DNSNameParam('dnszoneidnsname', cli_name='dnszone', multivalue=False, only_absolute=True, primary_key=True, query=True, required=True)
arg: DNSNameParam('idnsname', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True)
option: A6Record('a6record', attribute=True, autofill=False, cli_name='a6_rec', csv=True, multivalue=True, option_group=None, required=False)
@@ -938,7 +937,6 @@ option: KXRecord('kxrecord', attribute=True, autofill=False, cli_name='kx_rec',
option: LOCRecord('locrecord', attribute=True, autofill=False, cli_name='loc_rec', csv=True, multivalue=True, option_group=None, required=False)
option: MXRecord('mxrecord', attribute=True, autofill=False, cli_name='mx_rec', csv=True, multivalue=True, option_group=None, required=False)
option: NAPTRRecord('naptrrecord', attribute=True, autofill=False, cli_name='naptr_rec', csv=True, multivalue=True, option_group=None, required=False)
-option: NSEC3PARAMRecord('nsec3paramrecord', attribute=True, autofill=False, cli_name='nsec3param_rec', csv=True, multivalue=True, option_group=None, required=False)
option: NSEC3Record('nsec3record', attribute=True, autofill=False, cli_name='nsec3_rec', csv=True, multivalue=True, option_group=None, required=False)
option: NSECRecord('nsecrecord', attribute=True, autofill=False, cli_name='nsec_rec', csv=True, multivalue=True, option_group=None, required=False)
option:
Re: [Freeipa-devel] [PATCHES 0200-0202] DNS fixes related to unsupported records
On 4.3.2015 16:35, Martin Basti wrote: On 04/03/15 16:17, Martin Basti wrote: Ticket: https://fedorahosted.org/freeipa/ticket/4930 0200: 4.1, master Fixes traceback, which was raised if LDAP contained a record that was marked as unsupported. Now unsupported records are shown, if LDAP contains them. 0200: 4.1, master Records marked as unsupported will not show options for editing parts. 0202: only master Removes NSEC3PARAM record from record types. NSEC3PARAM can contain only zone, value is allowed only in idnszone objectclass, so do not confuse users. and patches attached :-) ACK. It works for me and can be pushed to branches 4.1 and master. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCHES 0200-0202] DNS fixes related to unsupported records
On 04/03/15 16:17, Martin Basti wrote:
Ticket: https://fedorahosted.org/freeipa/ticket/4930
0200: 4.1, master
Fixes traceback, which was raised if LDAP contained a record that was
marked as unsupported.
Now unsupported records are shown, if LDAP contains them.
0200: 4.1, master
Records marked as unsupported will not show options for editing parts.
0202: only master
Removes NSEC3PARAM record from record types. NSEC3PARAM can contain
only zone, value is allowed only in idnszone objectclass, so do not
confuse users.
and patches attached :-)
--
Martin Basti
From ec46d1059df2474762fb0434699f92cb645584bf Mon Sep 17 00:00:00 2001
From: Martin Basti mba...@redhat.com
Date: Wed, 4 Mar 2015 12:52:16 +0100
Subject: [PATCH 1/3] DNS fix: do not traceback if unsupported records are in
LDAP
Show records which are unsupported, if they are in LDAP.
Those records are not editable, and web UI doesnt show them.
Fixes traceback caused by --structured option
Ticket: https://fedorahosted.org/freeipa/ticket/4930
---
ipalib/plugins/dns.py | 64 +--
1 file changed, 32 insertions(+), 32 deletions(-)
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index 9dc3ed0b021b7d9bb42053a48690047bd7a244a2..0e04a287e259a1f88ae5c973cf67ce680c61db7d 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -976,6 +976,17 @@ class ForwardRecord(DNSRecord):
reason=_('Cannot create reverse record for %(value)s: %(exc)s') \
% dict(value=record, exc=unicode(e)))
+class UnsupportedDNSRecord(DNSRecord):
+
+Records which are not supported by IPA CLI, but we allow to show them if
+LDAP contains these records.
+
+supported = False
+
+def _get_part_values(self, value):
+return tuple()
+
+
class ARecord(ForwardRecord):
rrtype = 'A'
rfc = 1035
@@ -1023,10 +1034,9 @@ class AFSDBRecord(DNSRecord):
),
)
-class APLRecord(DNSRecord):
+class APLRecord(UnsupportedDNSRecord):
rrtype = 'APL'
rfc = 3123
-supported = False
class CERTRecord(DNSRecord):
rrtype = 'CERT'
@@ -1062,10 +1072,9 @@ class CNAMERecord(DNSRecord):
),
)
-class DHCIDRecord(DNSRecord):
+class DHCIDRecord(UnsupportedDNSRecord):
rrtype = 'DHCID'
rfc = 4701
-supported = False
class DNAMERecord(DNSRecord):
rrtype = 'DNAME'
@@ -1076,10 +1085,9 @@ class DNAMERecord(DNSRecord):
),
)
-class DNSKEYRecord(DNSRecord):
+class DNSKEYRecord(UnsupportedDNSRecord):
rrtype = 'DNSKEY'
rfc = 4034
-supported = False
class DSRecord(DNSRecord):
rrtype = 'DS'
@@ -1114,20 +1122,18 @@ class DLVRecord(DSRecord):
rfc = 4431
-class HIPRecord(DNSRecord):
+class HIPRecord(UnsupportedDNSRecord):
rrtype = 'HIP'
rfc = 5205
-supported = False
-class KEYRecord(DNSRecord):
+class KEYRecord(UnsupportedDNSRecord):
+# managed by BIND itself
rrtype = 'KEY'
rfc = 2535
-supported = False # managed by BIND itself
-class IPSECKEYRecord(DNSRecord):
+class IPSECKEYRecord(UnsupportedDNSRecord):
rrtype = 'IPSECKEY'
rfc = 4025
-supported = False
class KXRecord(DNSRecord):
rrtype = 'KX'
@@ -1300,20 +1306,19 @@ class NSRecord(DNSRecord):
),
)
-class NSECRecord(DNSRecord):
+class NSECRecord(UnsupportedDNSRecord):
+# managed by BIND itself
rrtype = 'NSEC'
rfc = 4034
-supported = False # managed by BIND itself
-class NSEC3Record(DNSRecord):
+class NSEC3Record(UnsupportedDNSRecord):
rrtype = 'NSEC3'
rfc = 5155
-supported = False
-class NSEC3PARAMRecord(DNSRecord):
+class NSEC3PARAMRecord(UnsupportedDNSRecord):
+# this is part of zone in IPA
rrtype = 'NSEC3PARAM'
rfc = 5155
-supported = False # this is part of zone in IPA
def _validate_naptr_flags(ugettext, flags):
allowed_flags = u'SAUP'
@@ -1365,10 +1370,9 @@ class PTRRecord(DNSRecord):
),
)
-class RPRecord(DNSRecord):
+class RPRecord(UnsupportedDNSRecord):
rrtype = 'RP'
rfc = 1183
-supported = False
class SRVRecord(DNSRecord):
rrtype = 'SRV'
@@ -1403,20 +1407,19 @@ def _sig_time_validator(ugettext, value):
return _('the value does not follow MMDDHHMMSS time format')
-class SIGRecord(DNSRecord):
+class SIGRecord(UnsupportedDNSRecord):
+# managed by BIND itself
rrtype = 'SIG'
rfc = 2535
-supported = False # managed by BIND itself
-class SPFRecord(DNSRecord):
+class SPFRecord(UnsupportedDNSRecord):
rrtype = 'SPF'
rfc = 4408
-supported = False
-class RRSIGRecord(SIGRecord):
+class RRSIGRecord(UnsupportedDNSRecord):
+# managed by BIND itself
rrtype = 'RRSIG'
rfc = 4034
-supported = False # managed by BIND itself
class SSHFPRecord(DNSRecord):
rrtype = 'SSHFP'
@@ -1445,9 +1448,8 @@ class SSHFPRecord(DNSRecord):
return tuple(values)
[Freeipa-devel] [PATCHES 0200-0202] DNS fixes related to unsupported records
Ticket: https://fedorahosted.org/freeipa/ticket/4930 0200: 4.1, master Fixes traceback, which was raised if LDAP contained a record that was marked as unsupported. Now unsupported records are shown, if LDAP contains them. 0200: 4.1, master Records marked as unsupported will not show options for editing parts. 0202: only master Removes NSEC3PARAM record from record types. NSEC3PARAM can contain only zone, value is allowed only in idnszone objectclass, so do not confuse users. -- Martin Basti ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
