diff --git a/ipalib/messages.py b/ipalib/messages.py index 3087cf7c9..f637e5b17 100644 --- a/ipalib/messages.py +++ b/ipalib/messages.py @@ -147,6 +147,16 @@ class ForwardersWarning(PublicMessage): u"You may want to use forward zones (dnsforwardzone-*) instead.\n" u"For more details read the docs.") + +class DNSSECWarning(PublicMessage): + """ + **13003** Used when user change DNSSEC settings + """ + + errno = 13003 + type = "warning" + format = _("DNSSEC support is experimental.\n%(additional_info)s") + def iter_messages(variables, base): """Return a tuple with all subclasses """ diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index a2f618c7f..d9e4781d6 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -2229,6 +2229,23 @@ class dnszone(DNSZoneBase): messages.add_message(options.get('version', VERSION_WITHOUT_CAPABILITIES), result, messages.ForwardersWarning()) + def _warning_dnssec_experimental(self, result, *keys, **options): + # add warning when user use option --dnssec + if 'idnssecinlinesigning' in options: + if options['idnssecinlinesigning'] is True: + messages.add_message(options['version'], result, + messages.DNSSECWarning( + additional_info=_("Manual configuration needed, please " + "visit 'http://www.freeipa.org/page/Releases/4.0.0#" + "Experimental_DNSSEC_Support'") + )) + else: + messages.add_message(options['version'], result, + messages.DNSSECWarning( + additional_info=_("If you encounter any problems please " + "report them and restart 'named' service on affected IPA " + "server.") + )) @register() @@ -2320,6 +2337,7 @@ class dnszone_add(DNSZoneBase_add): def execute(self, *keys, **options): result = super(dnszone_add, self).execute(*keys, **options) self.obj._warning_forwarding(result, **options) + self.obj._warning_dnssec_experimental(result, *keys, **options) return result def post_callback(self, ldap, dn, entry_attrs, *keys, **options): @@ -2402,6 +2420,7 @@ class dnszone_mod(DNSZoneBase_mod): def execute(self, *keys, **options): result = super(dnszone_mod, self).execute(*keys, **options) self.obj._warning_forwarding(result, **options) + self.obj._warning_dnssec_experimental(result, *keys, **options) return result def post_callback(self, ldap, dn, entry_attrs, *keys, **options):