Global DNS options

Implement API for DNS global options supported in bind-dyndb-ldap.
Currently, global DNS option overrides any relevant option in
named.conf. Thus they are not filled by default they are left as
a possibility for a user.

Bool encoding had to be fixed so that Bool LDAP attribute can also
be deleted and not just set to True or False.

https://fedorahosted.org/freeipa/ticket/2216

API.txt

@@ -610,6 +610,28 @@ arg: Str('hostname')
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('result', <type 'bool'>, None)
 output: Output('value', <type 'unicode'>, None)
+command: dnsconfig_mod
+args: 0,8,3
+option: Str('idnsforwarders', attribute=True, autofill=False, cli_name='forwarder', csv=True, multivalue=True, required=False)
+option: Str('setattr*', cli_name='setattr', exclude='webui')
+option: Str('addattr*', cli_name='addattr', exclude='webui')
+option: Str('delattr*', cli_name='delattr', exclude='webui')
+option: Flag('rights', autofill=True, default=False)
+option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
+option: Str('version?', exclude='webui')
+output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
+output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
+output: Output('value', <type 'unicode'>, None)
+command: dnsconfig_show
+args: 0,4,3
+option: Flag('rights', autofill=True, default=False)
+option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
+option: Str('version?', exclude='webui')
+output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
+output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
+output: Output('value', <type 'unicode'>, None)
 command: dnsrecord_add
 args: 2,114,3
 arg: Str('dnszoneidnsname', cli_name='dnszone', query=True, required=True)

install/share/dns.ldif

@@ -1,5 +1,6 @@
 dn: cn=dns,$SUFFIX
 changetype: add
+objectClass: idnsConfigObject
 objectClass: nsContainer
 objectClass: top
 cn: dns

install/updates/40-dns.update

@@ -20,3 +20,6 @@ add: basedn: 'cn=privileges,cn=pbac,$SUFFIX'
 add: filter: (objectclass=*)
 add: ttl: 10
 
+# add idnsConfigObject if it is not there already
+dn: cn=dns, $SUFFIX
+addifexist: objectClass: idnsConfigObject

ipalib/plugins/dns.py

@@ -148,6 +148,12 @@ EXAMPLES:
  if one is not included):
    ipa dns-resolve www.example.com
    ipa dns-resolve www
+
+ Show global DNS configuration:
+   ipa dnsconfig-show
+
+ Modify global DNS configuration and set a list of global forwarders:
+   ipa dnsconfig-mod --forwarder=10.0.0.1
 """)
 
 # supported resource record types
@@ -2100,3 +2106,47 @@ class dns_is_enabled(Command):
         return dict(result=dns_enabled, value=u'')
 
 api.register(dns_is_enabled)
+
+
+class dnsconfig(LDAPObject):
+    """
+    DNS global configuration object
+    """
+    object_name = _('DNS configuration options')
+    default_attributes = [ 'idnsforwarders', ]
+
+    label = _('DNS Global Configuration')
+    label_singular = _('DNS Global Configuration')
+
+    takes_params = (
+        Str('idnsforwarders*',
+            _validate_ipaddr,
+            cli_name='forwarder',
+            label=_('Global forwarders'),
+            doc=_('A list of global forwarders'),
+            csv=True,
+        ),
+    )
+
+    def get_dn(self, *keys, **kwargs):
+        return api.env.container_dns
+
+    def get_dnsconfig(self, ldap):
+        (dn, entry) = ldap.get_entry(self.get_dn(), None,
+                           normalize=self.normalize_dn)
+
+        return entry
+
+api.register(dnsconfig)
+
+
+class dnsconfig_mod(LDAPUpdate):
+    __doc__ = _('Modify global DNS configuration.')
+
+api.register(dnsconfig_mod)
+
+
+class dnsconfig_show(LDAPRetrieve):
+    __doc__ = _('Show the current global DNS configuration.')
+
+api.register(dnsconfig_show)

ipaserver/plugins/ldap2.py

@@ -67,9 +67,10 @@ SASL_AUTH = _ldap_sasl.sasl({}, 'GSSAPI')
 # OID 1.3.6.1.4.1.1466.115.121.1.7 (Boolean) syntax encoding
 def _encode_bool(self, value):
     def encode_bool_value(value):
+        if value is None:
+            return None
         if value:
             return u'TRUE'
-        else:
         return u'FALSE'
 
     if type(value) in (tuple, list):

tests/test_xmlrpc/test_dns_plugin.py

@@ -64,6 +64,7 @@ class test_dns(Declarative):
         ('dnsrecord_del', [dnszone1, dnsres1], {'del_all' : True}),
         ('dnszone_del', [dnszone2], {}),
         ('dnszone_del', [revdnszone1], {}),
+        ('dnsconfig_mod', [], {'idnsforwarders' : None,})
     ]
 
     tests = [
@@ -773,6 +774,19 @@ class test_dns(Declarative):
         ),
 
 
+        dict(
+            desc='Update global DNS settings',
+            command=('dnsconfig_mod', [], {'idnsforwarders' : [u'80.142.15.80'],}),
+            expected={
+                'value': u'',
+                'summary': None,
+                'result': {
+                    'idnsforwarders': [u'80.142.15.80'],
+                },
+            },
+        ),
+
+
         dict(
             desc='Delete zone %r' % dnszone1,
             command=('dnszone_del', [dnszone1], {}),

tests/test_xmlrpc/xmlrpc_test.py

@@ -222,7 +222,7 @@ class Declarative(XMLRPC_test):
             )
         try:
             api.Command[cmd](*args, **options)
-        except errors.NotFound:
+        except (errors.NotFound, errors.EmptyModlist):
             pass
 
     def test_generator(self):