ipaserver/plugins/dnsserver.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190

#
# Copyright (C) 2016  FreeIPA Contributors see COPYING for license
#

from __future__ import absolute_import

from ipalib import (
    _,
    ngettext,
    api,
    DNSNameParam,
    Str,
    StrEnum,
    errors,
)
from ipalib.frontend import Local
from ipalib.plugable import Registry
from ipalib.util import (
    normalize_hostname,
    hostname_validator,
    validate_bind_forwarder,
)
from ipaserver.plugins.baseldap import (
    LDAPObject,
    LDAPRetrieve,
    LDAPUpdate,
    LDAPSearch,
    LDAPCreate,
    LDAPDelete,
)
from .dns import dns_container_exists


__doc__ = _("""
DNS server configuration
""") + _("""
Manipulate DNS server configuration
""") + _("""
EXAMPLES:
""") + _("""
  Show configuration of a specific DNS server:
    ipa dnsserver-show
""") + _("""
  Update configuration of a specific DNS server:
    ipa dnsserver-mod
""")


register = Registry()

dnsserver_object_class = ['top', 'idnsServerConfigObject']

@register()
class dnsserver(LDAPObject):
    """
    DNS Servers
    """
    container_dn = api.env.container_dnsservers
    object_name = _('DNS server')
    object_name_plural = _('DNS servers')
    object_class = dnsserver_object_class
    default_attributes = [
        'idnsServerId',
        'idnsSOAmName',
        'idnsForwarders',
        'idnsForwardPolicy',
    ]
    label = _('DNS Servers')
    label_singular = _('DNS Server')

    permission_filter_objectclasses = ['idnsServerConfigObject']

    managed_permissions = {
        'System: Read DNS Servers Configuration': {
            'ipapermright': {'read', 'search', 'compare'},
            'ipapermdefaultattr': {
                'objectclass',
                'idnsServerId',
                'idnsSOAmName',
                'idnsForwarders',
                'idnsForwardPolicy',
                'idnsSubstitutionVariable',
            },
            'ipapermlocation': api.env.basedn,
            'default_privileges': {
                'DNS Servers',
                'DNS Administrators'
            },
        },
        'System: Modify DNS Servers Configuration': {
            'ipapermright': {'write'},
            'ipapermdefaultattr': {
                'idnsSOAmName',
                'idnsForwarders',
                'idnsForwardPolicy',
                'idnsSubstitutionVariable',
            },
            'ipapermlocation': api.env.basedn,
            'default_privileges': {'DNS Administrators'},
        },
    }

    takes_params = (
        Str(
            'idnsserverid',
            hostname_validator,
            cli_name='hostname',
            primary_key=True,
            label=_('Server name'),
            doc=_('DNS Server name'),
            normalizer=normalize_hostname,
        ),
        DNSNameParam(
            'idnssoamname?',
            cli_name='soa_mname_override',
            label=_('SOA mname override'),
            doc=_('SOA mname (authoritative server) override'),
        ),
        Str(
            'idnsforwarders*',
            validate_bind_forwarder,
            cli_name='forwarder',
            label=_('Forwarders'),
            doc=_(
                'Per-server forwarders. A custom port can be specified '
                'for each forwarder using a standard format '
                '"IP_ADDRESS port PORT"'
            ),
        ),
        StrEnum(
            'idnsforwardpolicy?',
            cli_name='forward_policy',
            label=_('Forward policy'),
            doc=_(
                'Per-server conditional forwarding policy. Set to "none" to '
                'disable forwarding to global forwarder for this zone. In '
                'that case, conditional zone forwarders are disregarded.'
            ),
            values=(u'only', u'first', u'none'),
        ),
    )

    def get_dn(self, *keys, **options):
        if not dns_container_exists(self.api.Backend.ldap2):
            raise errors.NotFound(reason=_('DNS is not configured'))
        return super(dnsserver, self).get_dn(*keys, **options)


@register()
class dnsserver_mod(LDAPUpdate):
    __doc__ = _('Modify DNS server configuration')

    msg_summary = _('Modified DNS server "%(value)s"')


@register()
class dnsserver_find(LDAPSearch):
    __doc__ = _('Search for DNS servers.')

    msg_summary = ngettext(
        '%(count)d DNS server matched',
        '%(count)d DNS servers matched', 0
    )


@register()
class dnsserver_show(LDAPRetrieve):
    __doc__=_('Display configuration of a DNS server.')


@register()
class dnsserver_add(LDAPCreate, Local):
    """
    Only for internal use, this is not part of public API on purpose.
    Be careful in future this will be transformed to public API call
    """
    __doc__ = _('Add a new DNS server.')

    msg_summary = _('Added new DNS server "%(value)s"')


@register()
class dnsserver_del(LDAPDelete, Local):
    """
    Only for internal use, this is not part of public API on purpose.
    Be careful in future this will be transformed to public API call
    """
    __doc__ = _('Delete a DNS server')

    msg_summary = _('Deleted DNS server "%(value)s"')