mirror/oskar456-dzonegit
1
0
Fork 0
mirror of https://github.com/oskar456/dzonegit.git synced 2024-05-11 05:55:41 +00:00
Code Issues Releases Wiki Activity

Allow wildcards in zone blacklists and whitelists

Browse Source
This commit is contained in:
Ondřej Caletka
2018-08-10 12:51:21 +02:00
parent 9a521350d3
commit 1f79f52b1a
3 changed files with 16 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
README.rst
View File

@ -84,12 +84,14 @@ All boolean options default to *False*.
*dzonegit.zoneblacklist* *dzonegit.zoneblacklist*
Path to a text file containing list of zone names without trailing dots, Path to a text file containing list of zone names without trailing dots,
one per line. If zone is found on the blacklist, it is ignored when one per line. If zone is found on the blacklist, it is ignored when
``post-receive`` hook generates configuration. ``post-receive`` hook generates configuration. Wildcards can be used as
well, see `JSON template`_ below.
*dzonegit.zonewhitelist* *dzonegit.zonewhitelist*
Path to a text file containing list of zone names without trailing dots, Path to a text file containing list of zone names without trailing dots,
one per line. If not empty and zone is not found on the whitelist, one per line. If not empty and zone is not found on the whitelist,
it is ignored when ``post-receive`` hook generates configuration. it is ignored when ``post-receive`` hook generates configuration. Wildcards
can be used as well, see `JSON template`_ below.
JSON template JSON template
------------- -------------
@ -98,7 +100,7 @@ The DNS server configuration snippets are generated using a simple JSON-based
template. All keys are optional but please make sure the file is a valid JSON template. All keys are optional but please make sure the file is a valid JSON
file. It is possible to define a zone-specific options, for instance for file. It is possible to define a zone-specific options, for instance for
changing DNSSEC parameters per zone. Those zone-specific options allow usage of changing DNSSEC parameters per zone. Those zone-specific options allow usage of
wildcards; if exact match of zone name is not found, the leftmost label is wildcards; if an exact match of zone name is not found, the leftmost label is
substituted with `*`. If still no match is found, the leftmost label is dropped substituted with `*`. If still no match is found, the leftmost label is dropped
and the second one is again substituted with `*`. In the end, a single `*` is and the second one is again substituted with `*`. In the end, a single `*` is
checked. Only if even this key is not found, the value of *defaultvar* is used checked. Only if even this key is not found, the value of *defaultvar* is used

7
dzonegit.py
View File

@ -320,13 +320,16 @@ def template_config(checkoutpath, template, blacklist=set(), whitelist=set()):
out.append(headertpl.substitute(mapping)) out.append(headertpl.substitute(mapping))
for f in sorted(Path(checkoutpath).glob("**/*.zone")): for f in sorted(Path(checkoutpath).glob("**/*.zone")):
zonename = get_zone_name(f, f.read_bytes()) zonename = get_zone_name(f, f.read_bytes())
if whitelist and zonename not in whitelist: if whitelist and not any(
n in whitelist
for n in get_zone_wildcards(zonename)
):
print( print(
"WARNING: Ignoring zone {} - not whitelisted for " "WARNING: Ignoring zone {} - not whitelisted for "
"this repository.".format(zonename), "this repository.".format(zonename),
) )
continue continue
if zonename in blacklist: if any(n in blacklist for n in get_zone_wildcards(zonename)):
print( print(
"WARNING: Ignoring zone {} - blacklisted for " "WARNING: Ignoring zone {} - blacklisted for "
"this repository.".format(zonename), "this repository.".format(zonename),

6
test_dzonegit.py
View File

@ -313,6 +313,12 @@ def test_template_config(git_dir):
whitelist=set("a"), whitelist=set("a"),
) )
assert " - zone: \"dummy\"\n file: \"" not in output assert " - zone: \"dummy\"\n file: \"" not in output
output = dzonegit.template_config(
str(git_dir),
template,
blacklist=set("*"),
)
assert " - zone: \"dummy\"\n file: \"" not in output
def test_load_set_file(git_dir): def test_load_set_file(git_dir):