From: Frank Brehm Date: Tue, 7 Dec 2021 16:08:48 +0000 (+0100) Subject: Modifying slave zone configuration because of TSIG keys. X-Git-Tag: 0.4.1~5^2~4 X-Git-Url: https://git.uhu-banane.org/?a=commitdiff_plain;h=e29a503dd70d0a9402d09969ac7468ac22180391;p=pixelpark%2Fpp-admin-tools.git Modifying slave zone configuration because of TSIG keys. --- diff --git a/lib/pp_admintools/deploy_zones_from_pdns.py b/lib/pp_admintools/deploy_zones_from_pdns.py index e6f5470..c1e0afa 100644 --- a/lib/pp_admintools/deploy_zones_from_pdns.py +++ b/lib/pp_admintools/deploy_zones_from_pdns.py @@ -39,7 +39,7 @@ from .pidfile import PidFileError, PidFile from .xlate import XLATOR -__version__ = '0.7.2' +__version__ = '0.7.3' LOG = logging.getLogger(__name__) _ = XLATOR.gettext @@ -87,6 +87,9 @@ class PpDeployZonesApp(PpPDNSApplication): re_split_addresses = re.compile(r'[,;\s]+') re_integer = re.compile(r'^\s*(\d+)\s*$') + re_rev = re.compile(r'^rev\.', re.IGNORECASE) + re_trail_dot = re.compile(r'\.+$') + open_args = {} if six.PY3: open_args = { @@ -524,8 +527,6 @@ class PpDeployZonesApp(PpPDNSApplication): LOG.info(_("Generating {} ...").format(self.default_named_zones_cfg_file)) cur_date = datetime.datetime.now().isoformat(' ') - re_rev = re.compile(r'^rev\.', re.IGNORECASE) - re_trail_dot = re.compile(r'\.+$') lines = [] lines.append('###############################################################') @@ -542,44 +543,9 @@ class PpDeployZonesApp(PpPDNSApplication): for zone_name in self.zones.keys(): - zone = self.zones[zone_name] - canonical_name = zone.name_unicode - match = self.re_ipv4_zone.search(zone.name) - if match: - prefix = self._get_ipv4_prefix(match.group(1)) - if prefix: - if prefix == '127.0.0': - LOG.debug(_("Pure local zone {!r} will not be considered.").format(prefix)) - continue - canonical_name = 'rev.' + prefix - else: - match = self.re_ipv6_zone.search(zone.name) - if match: - prefix = self._get_ipv6_prefix(match.group(1)) - if prefix: - canonical_name = 'rev.' + prefix - - show_name = canonical_name - show_name = re_rev.sub('Reverse ', show_name) - show_name = re_trail_dot.sub('', show_name) - zname = re_trail_dot.sub('', zone.name) - - zfile = os.path.join( - self.named_slavedir_rel, re_trail_dot.sub('', canonical_name) + '.zone') - - lines = [] - lines.append('') - lines.append('// {}'.format(show_name)) - lines.append('zone "{}" in {{'.format(zname)) - lines.append('\tmasters {') - for master in self.zone_masters: - lines.append('\t\t{};'.format(master)) - lines.append('\t};') - lines.append('\ttype slave;') - lines.append('\tfile "{}";'.format(zfile)) - lines.append('};') - - content += '\n'.join(lines) + '\n' + zone_config = self.generate_zone_config(zone_name) + if zone_config: + content += '\n' + zone_config content += '\n// vim: ts=8 filetype=named noet noai\n' @@ -591,6 +557,66 @@ class PpDeployZonesApp(PpPDNSApplication): _("Generated file {!r}:").format( self.temp_zones_cfg_file) + '\n' + content.strip()) + # ------------------------------------------------------------------------- + def generate_zone_config(self, zone_name): + + zone = self.zones[zone_name] + zone.update() + + canonical_name = zone.name_unicode + match = self.re_ipv4_zone.search(zone.name) + + if match: + prefix = self._get_ipv4_prefix(match.group(1)) + if prefix: + if prefix == '127.0.0': + LOG.debug(_("Pure local zone {!r} will not be considered.").format(prefix)) + return '' + canonical_name = 'rev.' + prefix + else: + match = self.re_ipv6_zone.search(zone.name) + if match: + prefix = self._get_ipv6_prefix(match.group(1)) + if prefix: + canonical_name = 'rev.' + prefix + + show_name = canonical_name + show_name = self.re_rev.sub('Reverse ', show_name) + show_name = self.re_trail_dot.sub('', show_name) + zname = self.re_trail_dot.sub('', zone.name) + + zfile = os.path.join( + self.named_slavedir_rel, self.re_trail_dot.sub('', canonical_name) + '.zone') + + lines = [] + lines.append('') + lines.append('// {}'.format(show_name)) + lines.append('zone "{}" in {{'.format(zname)) + lines.append('\tmasters {') + for master in self.zone_masters: + lines.append('\t\t{};'.format(master)) + lines.append('\t};') + lines.append('\ttype slave;') + lines.append('\tfile "{}";'.format(zfile)) + + if zone.master_tsig_key_ids: + + for key_id in zone.master_tsig_key_ids: + if key_id not in self.named_keys: + msg = _("Key {k!r} for zone {z!r} not found in named configuration.").format( + k=key_id, z=show_name) + raise PpDeployZonesError(msg) + + allow_line = '\tallow-transfer {' + for key_id in zone.master_tsig_key_ids: + allow_line += 'key "{}";'.format(key_id) + allow_line += ' };' + lines.append(allow_line) + + lines.append('};') + + return '\n'.join(lines) + '\n' + # ------------------------------------------------------------------------- def _get_ipv4_prefix(self, match):