Commit a7d2c63a authored by ale's avatar ale

Add --dry-run support to the DNSSEC signer

Fixes issue #1.
parent 9fc7301f
Pipeline #4175 failed with stages
in 4 seconds
...@@ -65,7 +65,7 @@ def main(): ...@@ -65,7 +65,7 @@ def main():
if opts.key_dir and opts.ds_dir and opts.nsec3_salt: if opts.key_dir and opts.ds_dir and opts.nsec3_salt:
# Enable DNSSEC support. # Enable DNSSEC support.
pproc = zone.DNSSECSigner( pproc = zone.DNSSECSigner(
opts.key_dir, opts.ds_dir, opts.nsec3_salt, opts.dnssec_refresh) opts.key_dir, opts.ds_dir, opts.nsec3_salt, opts.dnssec_refresh, opts.dry_run)
# Render the zone data to 'output_dir'. # Render the zone data to 'output_dir'.
zw = zone.ZoneWriter(opts.output_dir, zw = zone.ZoneWriter(opts.output_dir,
......
...@@ -325,11 +325,12 @@ class DNSSECSigner(object): ...@@ -325,11 +325,12 @@ class DNSSECSigner(object):
random_dev = '/dev/urandom' random_dev = '/dev/urandom'
def __init__(self, key_dir, ds_dir, nsec3_salt, refresh): def __init__(self, key_dir, ds_dir, nsec3_salt, refresh, dry_run=False):
self.key_dir = key_dir self.key_dir = key_dir
self.ds_dir = ds_dir self.ds_dir = ds_dir
self.nsec3_salt = nsec3_salt self.nsec3_salt = nsec3_salt
self.refresh = refresh self.refresh = refresh
self.dry_run = dry_run
def has_keys(self, zone_name): def has_keys(self, zone_name):
# One day we'll figure out what the magic numbers are... # One day we'll figure out what the magic numbers are...
...@@ -379,7 +380,7 @@ class DNSSECSigner(object): ...@@ -379,7 +380,7 @@ class DNSSECSigner(object):
if not zone_attrs.get('DNSSEC'): if not zone_attrs.get('DNSSEC'):
return filename return filename
outfile = filename + '.signed' outfile = filename + '.signed'
if zone_changed or self.refresh: if (zone_changed or self.refresh) and not self.dry_run:
if not self.has_keys(zone_name): if not self.has_keys(zone_name):
self.create_keys(zone_name) self.create_keys(zone_name)
self.sign_zone_file(zone_name, self.sign_zone_file(zone_name,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment