Fix NSEC record conversion

NSEC record needs special treatment as it is not composed from
a fixed set of DNS parts divided by space, but it contains
a multivalued DNS part "types" containing a list of RR types
it covers.

There was already a special method for parsing raw NSEC record
to DNS parts, but the other direction was missing. This patch
adds special NSEC convertor to fix this issue.

https://fedorahosted.org/freeipa/ticket/2307

3 files changed, 41 insertions, 9 deletions

diff --git a/API.txt b/API.txt
index d87dfc3b..8faf7607 100644
--- a/API.txt
+++ b/API.txt
@@ -678,7 +678,7 @@ option: NSRecord('nsrecord', attribute=True, cli_name='ns_rec', csv=True, multiv
 option: Str('ns_part_hostname', attribute=False, cli_name='ns_hostname', multivalue=False, option_group=u'NS Record', required=False)
 option: NSECRecord('nsecrecord', attribute=True, cli_name='nsec_rec', csv=True, multivalue=True, option_group=u'NSEC Record', required=False)
 option: Str('nsec_part_next', attribute=False, cli_name='nsec_next', multivalue=False, option_group=u'NSEC Record', required=False)
-option: StrEnum('nsec_part_types', attribute=False, cli_name='nsec_types', multivalue=True, option_group=u'NSEC Record', required=False, values=(u'SOA', u'A', u'AAAA', u'A6', u'AFSDB', u'APL', u'CERT', u'CNAME', u'DHCID', u'DLV', u'DNAME', u'DNSKEY', u'DS', u'HIP', u'IPSECKEY', u'KEY', u'KX', u'LOC', u'MX', u'NAPTR', u'NS', u'NSEC', u'NSEC3', u'NSEC3PARAM', u'PTR', u'RRSIG', u'RP', u'SIG', u'SPF', u'SRV', u'SSHFP', u'TA', u'TKEY', u'TSIG', u'TXT'))
+option: StrEnum('nsec_part_types', attribute=False, cli_name='nsec_types', csv=True, multivalue=True, option_group=u'NSEC Record', required=False, values=(u'SOA', u'A', u'AAAA', u'A6', u'AFSDB', u'APL', u'CERT', u'CNAME', u'DHCID', u'DLV', u'DNAME', u'DNSKEY', u'DS', u'HIP', u'IPSECKEY', u'KEY', u'KX', u'LOC', u'MX', u'NAPTR', u'NS', u'NSEC', u'NSEC3', u'NSEC3PARAM', u'PTR', u'RRSIG', u'RP', u'SIG', u'SPF', u'SRV', u'SSHFP', u'TA', u'TKEY', u'TSIG', u'TXT'))
 option: NSEC3Record('nsec3record', attribute=True, cli_name='nsec3_rec', csv=True, multivalue=True, option_group=u'NSEC3 Record', required=False)
 option: NSEC3PARAMRecord('nsec3paramrecord', attribute=True, cli_name='nsec3param_rec', csv=True, multivalue=True, option_group=u'NSEC3PARAM Record', required=False)
 option: PTRRecord('ptrrecord', attribute=True, cli_name='ptr_rec', csv=True, multivalue=True, option_group=u'PTR Record', required=False)
@@ -855,7 +855,7 @@ option: NSRecord('nsrecord', attribute=True, autofill=False, cli_name='ns_rec',
 option: Str('ns_part_hostname', attribute=False, autofill=False, cli_name='ns_hostname', multivalue=False, option_group=u'NS Record', query=True, required=False)
 option: NSECRecord('nsecrecord', attribute=True, autofill=False, cli_name='nsec_rec', csv=True, multivalue=True, option_group=u'NSEC Record', query=True, required=False)
 option: Str('nsec_part_next', attribute=False, autofill=False, cli_name='nsec_next', multivalue=False, option_group=u'NSEC Record', query=True, required=False)
-option: StrEnum('nsec_part_types', attribute=False, autofill=False, cli_name='nsec_types', multivalue=True, option_group=u'NSEC Record', query=True, required=False, values=(u'SOA', u'A', u'AAAA', u'A6', u'AFSDB', u'APL', u'CERT', u'CNAME', u'DHCID', u'DLV', u'DNAME', u'DNSKEY', u'DS', u'HIP', u'IPSECKEY', u'KEY', u'KX', u'LOC', u'MX', u'NAPTR', u'NS', u'NSEC', u'NSEC3', u'NSEC3PARAM', u'PTR', u'RRSIG', u'RP', u'SIG', u'SPF', u'SRV', u'SSHFP', u'TA', u'TKEY', u'TSIG', u'TXT'))
+option: StrEnum('nsec_part_types', attribute=False, autofill=False, cli_name='nsec_types', csv=True, multivalue=True, option_group=u'NSEC Record', query=True, required=False, values=(u'SOA', u'A', u'AAAA', u'A6', u'AFSDB', u'APL', u'CERT', u'CNAME', u'DHCID', u'DLV', u'DNAME', u'DNSKEY', u'DS', u'HIP', u'IPSECKEY', u'KEY', u'KX', u'LOC', u'MX', u'NAPTR', u'NS', u'NSEC', u'NSEC3', u'NSEC3PARAM', u'PTR', u'RRSIG', u'RP', u'SIG', u'SPF', u'SRV', u'SSHFP', u'TA', u'TKEY', u'TSIG', u'TXT'))
 option: NSEC3Record('nsec3record', attribute=True, autofill=False, cli_name='nsec3_rec', csv=True, multivalue=True, option_group=u'NSEC3 Record', query=True, required=False)
 option: NSEC3PARAMRecord('nsec3paramrecord', attribute=True, autofill=False, cli_name='nsec3param_rec', csv=True, multivalue=True, option_group=u'NSEC3PARAM Record', query=True, required=False)
 option: PTRRecord('ptrrecord', attribute=True, autofill=False, cli_name='ptr_rec', csv=True, multivalue=True, option_group=u'PTR Record', query=True, required=False)
@@ -976,7 +976,7 @@ option: NSRecord('nsrecord', attribute=True, autofill=False, cli_name='ns_rec',
 option: Str('ns_part_hostname', attribute=False, autofill=False, cli_name='ns_hostname', multivalue=False, option_group=u'NS Record', required=False)
 option: NSECRecord('nsecrecord', attribute=True, autofill=False, cli_name='nsec_rec', csv=True, multivalue=True, option_group=u'NSEC Record', required=False)
 option: Str('nsec_part_next', attribute=False, autofill=False, cli_name='nsec_next', multivalue=False, option_group=u'NSEC Record', required=False)
-option: StrEnum('nsec_part_types', attribute=False, autofill=False, cli_name='nsec_types', multivalue=True, option_group=u'NSEC Record', required=False, values=(u'SOA', u'A', u'AAAA', u'A6', u'AFSDB', u'APL', u'CERT', u'CNAME', u'DHCID', u'DLV', u'DNAME', u'DNSKEY', u'DS', u'HIP', u'IPSECKEY', u'KEY', u'KX', u'LOC', u'MX', u'NAPTR', u'NS', u'NSEC', u'NSEC3', u'NSEC3PARAM', u'PTR', u'RRSIG', u'RP', u'SIG', u'SPF', u'SRV', u'SSHFP', u'TA', u'TKEY', u'TSIG', u'TXT'))
+option: StrEnum('nsec_part_types', attribute=False, autofill=False, cli_name='nsec_types', csv=True, multivalue=True, option_group=u'NSEC Record', required=False, values=(u'SOA', u'A', u'AAAA', u'A6', u'AFSDB', u'APL', u'CERT', u'CNAME', u'DHCID', u'DLV', u'DNAME', u'DNSKEY', u'DS', u'HIP', u'IPSECKEY', u'KEY', u'KX', u'LOC', u'MX', u'NAPTR', u'NS', u'NSEC', u'NSEC3', u'NSEC3PARAM', u'PTR', u'RRSIG', u'RP', u'SIG', u'SPF', u'SRV', u'SSHFP', u'TA', u'TKEY', u'TSIG', u'TXT'))
 option: NSEC3Record('nsec3record', attribute=True, autofill=False, cli_name='nsec3_rec', csv=True, multivalue=True, option_group=u'NSEC3 Record', required=False)
 option: NSEC3PARAMRecord('nsec3paramrecord', attribute=True, autofill=False, cli_name='nsec3param_rec', csv=True, multivalue=True, option_group=u'NSEC3PARAM Record', required=False)
 option: PTRRecord('ptrrecord', attribute=True, autofill=False, cli_name='ptr_rec', csv=True, multivalue=True, option_group=u'PTR Record', required=False)
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index d51c2c30..d296f66d 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -292,6 +292,11 @@ class DNSRecord(Str):
             return None
         return tuple(values)
 
+    def _part_values_to_string(self, values, index):
+        self._validate_parts(values)
+        return u" ".join(super(DNSRecord, self)._convert_scalar(v, index) \
+                             for v in values if v is not None)
+
     def get_parts_from_kw(self, kw, raise_on_none=True):
         part_names = tuple(self.part_name_format % (self.rrtype.lower(), part.name) \
                                for part in self.parts)
@@ -316,10 +321,7 @@ class DNSRecord(Str):
 
     def _convert_scalar(self, value, index=None):
         if isinstance(value, (tuple, list)):
-            # convert parsed values to the string
-            self._validate_parts(value)
-            return u" ".join(super(DNSRecord, self)._convert_scalar(v, index) \
-                             for v in value if v is not None)
+            return self._part_values_to_string(value, index)
         return super(DNSRecord, self)._convert_scalar(value, index)
 
     def normalize(self, value):
@@ -795,10 +797,10 @@ class NSECRecord(DNSRecord):
             _domain_name_validator,
             label=_('Next Domain Name'),
         ),
-        StrEnum('types',
+        StrEnum('types+',
             label=_('Type Map'),
-            multivalue=True,
             values=_allowed_types,
+            csv=True,
         ),
     )
 
@@ -810,6 +812,16 @@ class NSECRecord(DNSRecord):
 
         return (values[0], tuple(values[1:]))
 
+    def _part_values_to_string(self, values, index):
+        self._validate_parts(values)
+        values_flat = [values[0],]  # add "next" part
+        types = values[1]
+        if not isinstance(types, (list, tuple)):
+            types = [types,]
+        values_flat.extend(types)
+        return u" ".join(Str._convert_scalar(self, v, index) \
+                             for v in values_flat if v is not None)
+
 class NSEC3Record(DNSRecord):
     rrtype = 'NSEC3'
     rfc = 5155
diff --git a/tests/test_xmlrpc/test_dns_plugin.py b/tests/test_xmlrpc/test_dns_plugin.py
index f65fe563..b177b9d0 100644
--- a/tests/test_xmlrpc/test_dns_plugin.py
+++ b/tests/test_xmlrpc/test_dns_plugin.py
@@ -667,6 +667,26 @@ class test_dns(Declarative):
         ),
 
         dict(
+            desc='Add NSEC record to %r using dnsrecord_add' % (dnsres1),
+            command=('dnsrecord_add', [dnszone1, dnsres1], {'nsec_part_next': dnszone1,
+                                                            'nsec_part_types' : ['TXT', 'A']}),
+            expected={
+                'value': dnsres1,
+                'summary': None,
+                'result': {
+                    'objectclass': [u'top', u'idnsrecord'],
+                    'dn': unicode(dnsres1_dn),
+                    'idnsname': [dnsres1],
+                    'arecord': [u'10.10.0.1'],
+                    'cnamerecord': [u'foo-1.example.com.'],
+                    'kxrecord': [u'1 foo-1'],
+                    'txtrecord': [u'foo bar'],
+                    'nsecrecord': [dnszone1 + u' TXT A'],
+                },
+            },
+        ),
+
+        dict(
             desc='Delete record %r in zone %r' % (dnsres1, dnszone1),
             command=('dnsrecord_del', [dnszone1, dnsres1], {'del_all': True }),
             expected={