Commit c5d5522f authored by JINMEI Tatuya's avatar JINMEI Tatuya
Browse files

[1165] add configuration items for zone_config. query_acl was renamed to

transfer_acl (for consistency) and is now used as the default transfer ACL.
related tests were added.  also removed DEFAULT_RRCLASS, and retrieved the
default RR class from the spec.
parent 21981838
......@@ -10,6 +10,8 @@ LIBRARY_PATH_PLACEHOLDER += $(ENV_LIBRARY_PATH)=$(abs_top_builddir)/src/lib/cc/.
endif
# test using command-line arguments, so use check-local target instead of TESTS
# We set B10_FROM_BUILD below, so that the test can refer to the in-source
# spec file.
check-local:
if ENABLE_PYTHON_COVERAGE
touch $(abs_top_srcdir)/.coverage
......@@ -19,6 +21,7 @@ endif
for pytest in $(PYTESTS) ; do \
echo Running test: $$pytest ; \
chmod +x $(abs_builddir)/$$pytest ; \
B10_FROM_BUILD=$(abs_top_builddir) \
$(LIBRARY_PATH_PLACEHOLDER) \
PYTHONPATH=$(COMMON_PYTHON_PATH):$(abs_top_builddir)/src/bin/xfrout:$(abs_top_builddir)/src/lib/dns/python/.libs:$(abs_top_builddir)/src/lib/util/io/.libs \
$(PYCOVERAGE_RUN) $(abs_builddir)/$$pytest || exit ; \
......
......@@ -20,6 +20,7 @@ import unittest
import os
from isc.testutils.tsigctx_mock import MockTSIGContext
from isc.cc.session import *
import isc.config
from pydnspp import *
from xfrout import *
import xfrout
......@@ -241,7 +242,7 @@ class TestXfroutSession(unittest.TestCase):
# ACL check with a per zone ACL + default ACL. The per zone ACL
# should match the queryied zone, so it should be used.
def acl_setter(acl):
zone_key = ('example.com.', 'IN')
zone_key = ('IN', 'example.com.')
self.xfrsess._zone_config[zone_key] = {}
self.xfrsess._zone_config[zone_key]['transfer_acl'] = acl
self.xfrsess._acl = isc.acl.dns.REQUEST_LOADER.load([
......@@ -252,7 +253,7 @@ class TestXfroutSession(unittest.TestCase):
# similar to the previous one, but the per zone doesn't match the
# query. The default should be used.
def acl_setter(acl):
zone_key = ('example.org.', 'IN')
zone_key = ('IN', 'example.org.')
self.xfrsess._zone_config[zone_key] = {}
self.xfrsess._zone_config[zone_key]['transfer_acl'] = \
isc.acl.dns.REQUEST_LOADER.load([
......@@ -273,8 +274,8 @@ class TestXfroutSession(unittest.TestCase):
# will still be used.
com_acl = isc.acl.dns.REQUEST_LOADER.load([
{"from": "127.0.0.1", "action": "REJECT"}])
self.xfrsess._zone_config[('example.com.', 'IN')] = {}
self.xfrsess._zone_config[('example.com.', 'IN')]['transfer_acl'] = \
self.xfrsess._zone_config[('IN', 'example.com.')] = {}
self.xfrsess._zone_config[('IN', 'example.com.')]['transfer_acl'] = \
com_acl
self.assertEqual(com_acl,
self.xfrsess._get_transfer_acl(Name('example.com'),
......@@ -639,9 +640,11 @@ class TestXfroutSession(unittest.TestCase):
# and it should not have sent anything else
self.assertEqual(0, len(self.sock.sendqueue))
class MyCCSession():
class MyCCSession(isc.config.ConfigData):
def __init__(self):
pass
module_spec = isc.config.module_spec_from_file(
xfrout.SPECFILE_LOCATION)
ConfigData.__init__(self, module_spec)
def get_remote_config_value(self, module_name, identifier):
if module_name == "Auth" and identifier == "database_file":
......@@ -738,13 +741,13 @@ class TestUnixSockServer(unittest.TestCase):
self.assertEqual(self.unix.tsig_key_ring.size(), 0)
# Load the ACL
self.unix.update_config_data({'query_acl': [{'from': '127.0.0.1',
self.unix.update_config_data({'transfer_acl': [{'from': '127.0.0.1',
'action': 'ACCEPT'}]})
self.check_loaded_ACL(self.unix._acl)
# Pass a wrong data there and check it does not replace the old one
self.assertRaises(isc.acl.acl.LoaderError,
self.unix.update_config_data,
{'query_acl': ['Something bad']})
{'transfer_acl': ['Something bad']})
self.check_loaded_ACL(self.unix._acl)
def test_zone_config_data(self):
......
......@@ -86,10 +86,6 @@ TSIG_SIGN_EVERY_NTH = 96
XFROUT_MAX_MESSAGE_SIZE = 65535
# In practice, RR class is almost always fixed, so if and when we allow
# it to be configured, it's convenient to make it optional.
DEFAULT_RRCLASS = RRClass.IN()
def get_rrset_len(rrset):
"""Returns the wire length of the given RRset"""
bytes = bytearray()
......@@ -182,7 +178,7 @@ class XfroutSession():
# Internally zone names are managed in lower cased label characters,
# so we first need to convert the name.
zone_name_lower = Name(zone_name.to_text(), True)
config_key = (zone_name_lower.to_text(), zone_class.to_text())
config_key = (zone_class.to_text(), zone_name_lower.to_text())
if config_key in self._zone_config and \
'transfer_acl' in self._zone_config[config_key]:
return self._zone_config[config_key]['transfer_acl']
......@@ -417,8 +413,8 @@ class UnixSockServer(socketserver_mixin.NoPollMixIn,
self._shutdown_event = shutdown_event
self._write_sock, self._read_sock = socket.socketpair()
self._common_init()
self.update_config_data(config_data)
self._cc = cc
self.update_config_data(config_data)
def _common_init(self):
self._lock = threading.Lock()
......@@ -586,11 +582,11 @@ class UnixSockServer(socketserver_mixin.NoPollMixIn,
remain. This should be fixed.
'''
logger.info(XFROUT_NEW_CONFIG)
if 'query_acl' in new_config:
self._acl = REQUEST_LOADER.load(new_config['query_acl'])
if 'zone_config' in new_config:
self._zone_config = \
self.__create_zone_config(new_config.get('zone_config'))
if 'transfer_acl' in new_config:
self._acl = REQUEST_LOADER.load(new_config['transfer_acl'])
zone_config = new_config.get('zone_config')
if zone_config is not None:
self._zone_config = self.__create_zone_config(zone_config)
self._lock.acquire()
self._max_transfers_out = new_config.get('transfers_out')
self.set_tsig_key_ring(new_config.get('tsig_key_ring'))
......@@ -602,10 +598,11 @@ class UnixSockServer(socketserver_mixin.NoPollMixIn,
for zconf in zone_config_list:
# convert the class, origin (name) pair. First build pydnspp
# object to reject invalid input.
if 'class' in zconf:
zclass = RRClass(zconf['class'])
else:
zclass = DEFAULT_RRCLASS
zclass_str = zconf.get('class')
if zclass_str is None:
#zclass_str = 'IN' # temporary
zclass_str = self._cc.get_default_value('zone_config/class')
zclass = RRClass(zclass_str)
zorigin = Name(zconf['origin'], True)
config_key = (zclass.to_text(), zorigin.to_text())
......
......@@ -51,7 +51,7 @@
}
},
{
"item_name": "query_acl",
"item_name": "transfer_acl",
"item_type": "list",
"item_optional": false,
"item_default": [{"action": "ACCEPT"}],
......@@ -61,6 +61,45 @@
"item_type": "any",
"item_optional": true
}
},
{
"item_name": "zone_config",
"item_type": "list",
"item_optional": true,
"item_default": [],
"list_item_spec":
{
"item_name": "zone_config_element",
"item_type": "map",
"item_optional": true,
"item_default": { "origin": "" },
"map_item_spec": [
{
"item_name": "origin",
"item_type": "string",
"item_optional": false,
"item_default": ""
},
{
"item_name": "class",
"item_type": "string",
"item_optional": false,
"item_default": "IN"
},
{
"item_name": "transfer_acl",
"item_type": "list",
"item_optional": true,
"item_default": [{"action": "ACCEPT"}],
"list_item_spec":
{
"item_name": "acl_element",
"item_type": "any",
"item_optional": true
}
}
]
}
}
],
"commands": [
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment