diff options
author | Petr Viktorin <pviktori@redhat.com> | 2014-04-29 19:42:41 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-05-28 15:58:24 +0200 |
commit | 8b7daf675e77d7a5e2de6eadb26ca3b682c0d67f (patch) | |
tree | 0b554a27aea567fafe4084f13d510753844b4182 | |
parent | 71c6d2f1eb9610a0e0a994a6cfd78fdf9bb9d1fa (diff) | |
download | freeipa-8b7daf675e77d7a5e2de6eadb26ca3b682c0d67f.tar.gz freeipa-8b7daf675e77d7a5e2de6eadb26ca3b682c0d67f.tar.xz freeipa-8b7daf675e77d7a5e2de6eadb26ca3b682c0d67f.zip |
dns: Add idnsSecInlineSigning attribute, add --dnssec option to zone
Part of the work for: https://fedorahosted.org/freeipa/ticket/3801
Reviewed-By: Martin Kosek <mkosek@redhat.com>
-rw-r--r-- | API.txt | 9 | ||||
-rw-r--r-- | VERSION | 4 | ||||
-rw-r--r-- | install/share/60ipadns.ldif | 3 | ||||
-rw-r--r-- | ipalib/plugins/dns.py | 8 |
4 files changed, 17 insertions, 7 deletions
@@ -1070,7 +1070,7 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: PrimaryKey('value', None, None) command: dnszone_add -args: 1,24,3 +args: 1,25,3 arg: Str('idnsname', attribute=True, cli_name='name', multivalue=False, primary_key=True, required=True) option: Str('addattr*', cli_name='addattr', exclude='webui') option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') @@ -1083,6 +1083,7 @@ option: Bool('idnsallowsyncptr', attribute=True, cli_name='allow_sync_ptr', mult option: Str('idnsallowtransfer', attribute=True, autofill=True, cli_name='allow_transfer', default=u'none;', multivalue=False, required=False) option: Str('idnsforwarders', attribute=True, cli_name='forwarder', csv=True, multivalue=True, required=False) option: StrEnum('idnsforwardpolicy', attribute=True, cli_name='forward_policy', multivalue=False, required=False, values=(u'only', u'first', u'none')) +option: Bool('idnssecinlinesigning', attribute=True, cli_name='dnssec', default=False, multivalue=False, required=False) option: Int('idnssoaexpire', attribute=True, autofill=True, cli_name='expire', default=1209600, maxvalue=2147483647, minvalue=0, multivalue=False, required=True) option: Int('idnssoaminimum', attribute=True, autofill=True, cli_name='minimum', default=3600, maxvalue=2147483647, minvalue=0, multivalue=False, required=True) option: Str('idnssoamname', attribute=True, cli_name='name_server', multivalue=False, required=True) @@ -1129,7 +1130,7 @@ output: Output('result', <type 'bool'>, None) output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: PrimaryKey('value', None, None) command: dnszone_find -args: 1,26,4 +args: 1,27,4 arg: Str('criteria?', noextrawhitespace=False) option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') option: StrEnum('dnsclass', attribute=True, autofill=False, cli_name='class', multivalue=False, query=True, required=False, values=(u'IN', u'CS', u'CH', u'HS')) @@ -1142,6 +1143,7 @@ option: Str('idnsallowtransfer', attribute=True, autofill=False, cli_name='allow option: Str('idnsforwarders', attribute=True, autofill=False, cli_name='forwarder', csv=True, multivalue=True, query=True, required=False) option: StrEnum('idnsforwardpolicy', attribute=True, autofill=False, cli_name='forward_policy', multivalue=False, query=True, required=False, values=(u'only', u'first', u'none')) option: Str('idnsname', attribute=True, autofill=False, cli_name='name', multivalue=False, primary_key=True, query=True, required=False) +option: Bool('idnssecinlinesigning', attribute=True, autofill=False, cli_name='dnssec', default=False, multivalue=False, query=True, required=False) option: Int('idnssoaexpire', attribute=True, autofill=False, cli_name='expire', default=1209600, maxvalue=2147483647, minvalue=0, multivalue=False, query=True, required=False) option: Int('idnssoaminimum', attribute=True, autofill=False, cli_name='minimum', default=3600, maxvalue=2147483647, minvalue=0, multivalue=False, query=True, required=False) option: Str('idnssoamname', attribute=True, autofill=False, cli_name='name_server', multivalue=False, query=True, required=False) @@ -1162,7 +1164,7 @@ output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: Output('truncated', <type 'bool'>, None) command: dnszone_mod -args: 1,25,3 +args: 1,26,3 arg: Str('idnsname', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True) option: Str('addattr*', cli_name='addattr', exclude='webui') option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') @@ -1176,6 +1178,7 @@ option: Bool('idnsallowsyncptr', attribute=True, autofill=False, cli_name='allow option: Str('idnsallowtransfer', attribute=True, autofill=False, cli_name='allow_transfer', default=u'none;', multivalue=False, required=False) option: Str('idnsforwarders', attribute=True, autofill=False, cli_name='forwarder', csv=True, multivalue=True, required=False) option: StrEnum('idnsforwardpolicy', attribute=True, autofill=False, cli_name='forward_policy', multivalue=False, required=False, values=(u'only', u'first', u'none')) +option: Bool('idnssecinlinesigning', attribute=True, autofill=False, cli_name='dnssec', default=False, multivalue=False, required=False) option: Int('idnssoaexpire', attribute=True, autofill=False, cli_name='expire', default=1209600, maxvalue=2147483647, minvalue=0, multivalue=False, required=False) option: Int('idnssoaminimum', attribute=True, autofill=False, cli_name='minimum', default=3600, maxvalue=2147483647, minvalue=0, multivalue=False, required=False) option: Str('idnssoamname', attribute=True, autofill=False, cli_name='name_server', multivalue=False, required=False) @@ -89,5 +89,5 @@ IPA_DATA_VERSION=20100614120000 # # ######################################################## IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=86 -# Last change: npmccallum - Only specify the ipatokenuniqueid default in the add operation +IPA_API_VERSION_MINOR=87 +# Last change: pviktori - --dnssec option for dnszone diff --git a/install/share/60ipadns.ldif b/install/share/60ipadns.ldif index d16ac6165..aaa1b3110 100644 --- a/install/share/60ipadns.ldif +++ b/install/share/60ipadns.ldif @@ -49,7 +49,8 @@ attributeTypes: ( 2.16.840.1.113730.3.8.5.14 NAME 'idnsForwardPolicy' DESC 'forw attributeTypes: ( 2.16.840.1.113730.3.8.5.15 NAME 'idnsForwarders' DESC 'list of forwarders' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.16 NAME 'idnsZoneRefresh' DESC 'zone refresh interval' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'IPA v2' ) attributeTypes: ( 2.16.840.1.113730.3.8.5.17 NAME 'idnsPersistentSearch' DESC 'allow persistent searches' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v2' ) +attributeTypes: ( 2.16.840.1.113730.3.8.5.18 NAME 'idnsSecInlineSigning' DESC 'allow inline DNSSEC signing' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v4' ) objectClasses: ( 2.16.840.1.113730.3.8.6.0 NAME 'idnsRecord' DESC 'dns Record, usually a host' SUP top STRUCTURAL MUST idnsName MAY ( idnsAllowDynUpdate $ dNSTTL $ dNSClass $ aRecord $ aAAARecord $ a6Record $ nSRecord $ cNAMERecord $ pTRRecord $ sRVRecord $ tXTRecord $ mXRecord $ mDRecord $ hInfoRecord $ mInfoRecord $ aFSDBRecord $ SigRecord $ KeyRecord $ LocRecord $ nXTRecord $ nAPTRRecord $ kXRecord $ certRecord $ dNameRecord $ dSRecord $ sSHFPRecord $ rRSIGRecord $ nSECRecord ) ) -objectClasses: ( 2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC 'Zone class' SUP idnsRecord STRUCTURAL MUST ( idnsZoneActive $ idnsSOAmName $ idnsSOArName $ idnsSOAserial $ idnsSOArefresh $ idnsSOAretry $ idnsSOAexpire $ idnsSOAminimum ) MAY ( idnsUpdatePolicy $ idnsAllowQuery $ idnsAllowTransfer $ idnsAllowSyncPTR $ idnsForwardPolicy $ idnsForwarders ) ) +objectClasses: ( 2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC 'Zone class' SUP idnsRecord STRUCTURAL MUST ( idnsZoneActive $ idnsSOAmName $ idnsSOArName $ idnsSOAserial $ idnsSOArefresh $ idnsSOAretry $ idnsSOAexpire $ idnsSOAminimum ) MAY ( idnsUpdatePolicy $ idnsAllowQuery $ idnsAllowTransfer $ idnsAllowSyncPTR $ idnsForwardPolicy $ idnsForwarders $ idnsSecInlineSigning ) ) objectClasses: ( 2.16.840.1.113730.3.8.6.2 NAME 'idnsConfigObject' DESC 'DNS global config options' STRUCTURAL MAY ( idnsForwardPolicy $ idnsForwarders $ idnsAllowSyncPTR $ idnsZoneRefresh $ idnsPersistentSearch ) ) objectClasses: ( 2.16.840.1.113730.3.8.12.18 NAME 'ipaDNSZone' SUP top AUXILIARY MUST idnsName MAY managedBy X-ORIGIN 'IPA v3' ) diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index 23b3ad456..515baeeae 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -1569,7 +1569,7 @@ class dnszone(LDAPObject): 'idnsname', 'idnszoneactive', 'idnssoamname', 'idnssoarname', 'idnssoaserial', 'idnssoarefresh', 'idnssoaretry', 'idnssoaexpire', 'idnssoaminimum', 'idnsallowquery', 'idnsallowtransfer', - 'idnsforwarders', 'idnsforwardpolicy' + 'idnsforwarders', 'idnsforwardpolicy', 'idnssecinlinesigning', ] + _record_attributes label = _('DNS Zones') label_singular = _('DNS Zone') @@ -1722,6 +1722,12 @@ class dnszone(LDAPObject): label=_('Allow PTR sync'), doc=_('Allow synchronization of forward (A, AAAA) and reverse (PTR) records in the zone'), ), + Bool('idnssecinlinesigning?', + cli_name='dnssec', + default=False, + label=_('Allow in-line DNSSEC signing'), + doc=_('Allow inline DNSSEC signing of records in the zone'), + ), ) def get_dn(self, *keys, **options): |