Attached in the txt file. If you have any comments or suggestions to this proposal, please let me know.
https://fedorahosted.org/freeipa/ticket/1766
https://fedorahosted.org/freeipa/ticket/1766 This is a proposal for API for per-DNS-type interface in FreeIPA. There are many structured DNS RR types where DNS data is not just an IP address or a domain name, but a (often complex) data structure. Example of adding a structured DNS RR (LOC in this case): ipa dnsrecord-add example.com @ --loc-rec "49 11 42.4 N 16 36 29.6 E 227.64m" It may be difficult to enter such DNS record to FreeIPA without making error (which would lead to invalid zone in this case). For this reason, I have created at least basic validators in my patch 120 (ticket 1106). GOAL: Create API useful for both CLI and WebUI capable of creating these structured DNS types CURRENT API: ipa dnsrecord-add Add new DNS resource record. ipa dnsrecord-del Delete DNS resource record. ipa dnsrecord-find Search for DNS resources. ipa dnsrecord-mod Modify a DNS resource record. ipa dnsrecord-show Display DNS resource. PROPOSED API IMPROVEMENT: Proposed API for all supported structured DNS follows: ipa dnsrecord-afsdb-add --subtype=INT --hostname=STR ipa dnsrecord-cert-add --type=ENUM --tag=INT --algorithm=ENUM --certificate=STR ipa dnsrecord-ds-add --tag=INT --algorithm=ENUM --type=ENUM --digest=STR ipa dnsrecord-key-add --flags=LIST --protocol=INT --algorithm=ENUM --digest=STR ipa dnsrecord-kx-add --preference=INT --exchanger=STR ipa dnsrecord-loc-add --lat-deg=INT --lat-min=INT --lat-sec=FLOAT --lat-dir=ENUM --lon-deg=INT --lon-min=INT --lon-sec=FLOAT --lon-dir=ENUM --alt=FLOAT --h-precision=FLOAT --v-precision=FLOAT ipa dnsrecord-mx-add --priority=INT --mailserver=STR ipa dnsrecord-nsec-add --next=STR --types=LIST ipa dnsrecord-naptr-add --order=INT --preference=INT --flag=ENUM --service=STR --regexp=STR --replacement=STR ipa dnsrecord-sig-add --type=ENUM --algorithm=ENUM --labels=INT --original-ttl=INT --sig-expiration=INT --sig-inception=INT --tag=INT --signer=STR --signature=STR ipa dnsrecord-srv-add --priority=INT --weight=INT --port=INT --target=STR ipa dnsrecord-sshfp-add --algorithm=ENUM --type=ENUM --fingerprint=STR ipa dnsrecord-rrsig-add --type=ENUM --algorithm=ENUM --labels=INT --original-ttl=INT --sig-expiration=INT --sig-inception=INT --tag=INT --signer=STR --signature=STR To support also modification of current records (i.e. replacement) we can add a "mod" equivalent, e.g.: ipa dnsrecord-afsdb-mod --subtype=INT --hostname=STR ipa dnsrecord-cert-mod --type=ENUM --tag=INT --algorithm=ENUM --certificate=STR ... I think this is what WebUI guys will want. EXAMPLE OF OPTIONS: The available options for particular RR types will be based on RFC research I have already done for my patch 120. Lets see how the API will look. 1) LOC record example noted in the begging: ipa dnsrecord-loc-add example.com @ --lat-deg=49 --lat-min=11 --lat-sec=42.4 --lat-dir=N --lon-deg=16 --lon-min=36 --lon-sec=29.6 --lon-dir=E --alt=227.64 Good thing about options is that we can divide then to mandatory and optional and provide defaults. In this case, one can enter imprecise LOC record with: ipa dnsrecord-loc-add example.com @ --lat-deg=49 --lat-dir=N --lon-deg=16 --lon-dir=E 2) Another example with CERT RR type: CURRENT API: ipa dnsrecord-add example.com foo --cert-rec="1 0 5 MIIDfzCCAuigAwIBAgIKcYxqqAAAAAAAFzANBgkqhkiG9w0BAQUFADAVMRMwEQYDVQQDEwpVTS1BTUFMR0ExMB4XDTEwMDYwMTE3NTM1NVoXDTExMDYwMTE4MDM1NVowgY0xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJXQTEQMA4GA1UEBxMHUmVkbW9uZDEMMAoG" NEW API: ipa dnsrecord-cert-add example.com foo --type=PKIX --tag=0 --algorithm=RSASHA1 --certificate=MIIDfzCCAuigAwIBAgIKcYxqqAAAAAAAFzANBgkqhkiG9w0BAQUFADAVMRMwEQYDVQQDEwpVTS1BTUFMR0ExMB4XDTEwMDYwMTE3NTM1NVoXDTExMDYwMTE4MDM1NVowgY0xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJXQTEQMA4GA1UEBxMHUmVkbW9uZDEMMAoG"
_______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
