Fix DNS zone --allow-dynupdate option behavior

--allow-dynupdate was implemented as a Flag parameter type, which
is not convenient for LDAP attributes. When a DNS zone with
permitted dynamic updates was modified and the --allow-dynupdate
flag was not set, dynamic updates were turned off.

This patch changes the option type to Bool parameter type which
behaves according to user expectations when modifying the zone.

https://fedorahosted.org/freeipa/ticket/2039

API.txt

@@ -867,7 +867,7 @@ option: Int('idnssoaminimum', attribute=True, autofill=True, cli_name='minimum',
 option: Int('dnsttl', attribute=True, cli_name='ttl', label=Gettext('SOA time to live', domain='ipa', localedir=None), multivalue=False, required=False)
 option: StrEnum('dnsclass', attribute=True, cli_name='class', label=Gettext('SOA class', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'IN', u'CS', u'CH', u'HS'))
 option: Str('idnsupdatepolicy', attribute=True, cli_name='update_policy', label=Gettext('BIND update policy', domain='ipa', localedir=None), multivalue=False, required=False)
-option: Flag('idnsallowdynupdate', attribute=True, autofill=True, cli_name='allow_dynupdate', default=False, label=Gettext('Dynamic update', domain='ipa', localedir=None), multivalue=False, required=True)
+option: Bool('idnsallowdynupdate', attribute=True, autofill=True, cli_name='dynamic_update', default=False, label=Gettext('Dynamic update', domain='ipa', localedir=None), multivalue=False, required=False)
 option: Str('addattr*', validate_add_attribute, cli_name='addattr', exclude='webui')
 option: Str('setattr*', validate_set_attribute, cli_name='setattr', exclude='webui')
 option: Flag('force', autofill=True, default=False, label=Gettext('Force', domain='ipa', localedir=None))
@@ -912,8 +912,8 @@ option: Int('idnssoaminimum', attribute=True, autofill=False, cli_name='minimum'
 option: Int('dnsttl', attribute=True, autofill=False, cli_name='ttl', label=Gettext('SOA time to live', domain='ipa', localedir=None), multivalue=False, query=True, required=False)
 option: StrEnum('dnsclass', attribute=True, autofill=False, cli_name='class', label=Gettext('SOA class', domain='ipa', localedir=None), multivalue=False, query=True, required=False, values=(u'IN', u'CS', u'CH', u'HS'))
 option: Str('idnsupdatepolicy', attribute=True, autofill=False, cli_name='update_policy', label=Gettext('BIND update policy', domain='ipa', localedir=None), multivalue=False, query=True, required=False)
-option: Bool('idnszoneactive', attribute=True, autofill=False, cli_name='zone_active', default=False, flags=['no_create', 'no_update'], label=Gettext('Active zone', domain='ipa', localedir=None), multivalue=False, query=True, required=False)
-option: Bool('idnsallowdynupdate', attribute=True, autofill=False, cli_name='allow_dynupdate', default=False, label=Gettext('Dynamic update', domain='ipa', localedir=None), multivalue=False, query=True, required=False)
+option: Bool('idnszoneactive', attribute=True, autofill=False, cli_name='zone_active', flags=['no_create', 'no_update'], label=Gettext('Active zone', domain='ipa', localedir=None), multivalue=False, query=True, required=False)
+option: Bool('idnsallowdynupdate', attribute=True, autofill=False, cli_name='dynamic_update', default=False, label=Gettext('Dynamic update', domain='ipa', localedir=None), multivalue=False, query=True, required=False)
 option: Int('timelimit?', autofill=False, flags=['no_display'], label=Gettext('Time Limit', domain='ipa', localedir=None), minvalue=0)
 option: Int('sizelimit?', autofill=False, flags=['no_display'], label=Gettext('Size Limit', domain='ipa', localedir=None), minvalue=0)
 option: Flag('forward_only', autofill=True, cli_name='forward_only', default=False, label=Gettext('Forward zones only', domain='ipa', localedir=None))
@@ -939,7 +939,7 @@ option: Int('idnssoaminimum', attribute=True, autofill=False, cli_name='minimum'
 option: Int('dnsttl', attribute=True, autofill=False, cli_name='ttl', label=Gettext('SOA time to live', domain='ipa', localedir=None), multivalue=False, required=False)
 option: StrEnum('dnsclass', attribute=True, autofill=False, cli_name='class', label=Gettext('SOA class', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'IN', u'CS', u'CH', u'HS'))
 option: Str('idnsupdatepolicy', attribute=True, autofill=False, cli_name='update_policy', label=Gettext('BIND update policy', domain='ipa', localedir=None), multivalue=False, required=False)
-option: Flag('idnsallowdynupdate', attribute=True, autofill=True, cli_name='allow_dynupdate', default=False, label=Gettext('Dynamic update', domain='ipa', localedir=None), multivalue=False, required=False)
+option: Bool('idnsallowdynupdate', attribute=True, autofill=False, cli_name='dynamic_update', default=False, label=Gettext('Dynamic update', domain='ipa', localedir=None), multivalue=False, required=False)
 option: Str('addattr*', validate_add_attribute, cli_name='addattr', exclude='webui')
 option: Str('setattr*', validate_set_attribute, cli_name='setattr', exclude='webui')
 option: Flag('rights', autofill=True, default=False, label=Gettext('Rights', domain='ipa', localedir=None))

VERSION

@@ -79,4 +79,4 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
 ########################################################
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=14
+IPA_API_VERSION_MINOR=15

ipalib/plugins/dns.py

@@ -23,7 +23,7 @@ import time
 
 from ipalib import api, errors, output
 from ipalib import Command
-from ipalib import Flag, Int, List, Str, StrEnum
+from ipalib import Flag, Bool, Int, List, Str, StrEnum
 from ipalib.plugins.baseldap import *
 from ipalib import _, ngettext
 from ipalib.util import validate_zonemgr
@@ -42,6 +42,10 @@ EXAMPLES:
    ipa dnszone-add example.com --name-server nameserver.example.com
                                --admin-email admin@example.com
 
+ Modify the zone to allow dynamic updates for hosts own records in realm EXAMPLE.COM:
+   ipa dnszone-mod example.com --dynamic-update=TRUE \\
+        --update-policy="grant EXAMPLE.COM krb5-self * A; grant EXAMPLE.COM krb5-self * AAAA;"
+
  Add new reverse zone specified by network IP address:
    ipa dnszone-add --name-from-ip 80.142.15.0/24
                    --name-server nameserver.example.com
@@ -395,18 +399,20 @@ class dnszone(LDAPObject):
             label=_('BIND update policy'),
             doc=_('BIND update policy'),
         ),
-        Flag('idnszoneactive?',
+        Bool('idnszoneactive?',
             cli_name='zone_active',
             label=_('Active zone'),
             doc=_('Is zone active?'),
             flags=['no_create', 'no_update'],
             attribute=True,
         ),
-        Flag('idnsallowdynupdate',
-            cli_name='allow_dynupdate',
+        Bool('idnsallowdynupdate?',
+            cli_name='dynamic_update',
             label=_('Dynamic update'),
             doc=_('Allow dynamic updates.'),
             attribute=True,
+            default=False,
+            autofill=True
         ),
     )
 
@@ -441,9 +447,6 @@ class dnszone_add(LDAPCreate):
             del entry_attrs['name_from_ip']
 
         entry_attrs['idnszoneactive'] = 'TRUE'
-        entry_attrs['idnsallowdynupdate'] = str(
-            entry_attrs.get('idnsallowdynupdate', False)
-        ).upper()
 
         # Check nameserver has a forward record
         nameserver = entry_attrs['idnssoamname']
@@ -495,9 +498,6 @@ class dnszone_mod(LDAPUpdate):
     def pre_callback(self, ldap, dn, entry_attrs, *keys, **options):
         if 'name_from_ip' in entry_attrs:
             del entry_attrs['name_from_ip']
-        entry_attrs['idnsallowdynupdate'] = str(
-            entry_attrs.get('idnsallowdynupdate', False)
-        ).upper()
         return dn
 
 api.register(dnszone_mod)

tests/test_xmlrpc/test_dns_plugin.py

@@ -215,7 +215,6 @@ class test_dns(Declarative):
                     'idnssoaretry': [fuzzy_digits],
                     'idnssoaexpire': [fuzzy_digits],
                     'idnssoaminimum': [fuzzy_digits],
-                    'idnsallowdynupdate': [u'FALSE'],
                 },
             },
         ),