netbox-plugin-dns 1.2.6__py3-none-any.whl → 1.2.7b2__py3-none-any.whl

netbox_dns/models/dnssec_policy.py

@@ -0,0 +1,201 @@
+from django.db import models
+from django.urls import reverse
+from django.utils.translation import gettext_lazy as _
+
+from netbox.models import NetBoxModel
+from netbox.search import SearchIndex, register_search
+from netbox.models.features import ContactsMixin
+from netbox.plugins.utils import get_plugin_config
+
+from netbox_dns.choices import DNSSECPolicyDigestChoices, DNSSECPolicyStatusChoices
+from netbox_dns.fields import ChoiceArrayField
+
+
+__all__ = (
+    "DNSSECPolicy",
+    "DNSSECPolicyIndex",
+)
+
+
+class DNSSECPolicy(ContactsMixin, NetBoxModel):
+    name = models.CharField(
+        verbose_name=_("Name"),
+        max_length=255,
+        unique=True,
+    )
+    description = models.CharField(
+        verbose_name=_("Description"),
+        max_length=200,
+        blank=True,
+    )
+    status = models.CharField(
+        verbose_name=_("Status"),
+        choices=DNSSECPolicyStatusChoices,
+        default=DNSSECPolicyStatusChoices.STATUS_ACTIVE,
+        blank=False,
+        null=False,
+    )
+
+    key_templates = models.ManyToManyField(
+        verbose_name=_("Key Templates"),
+        to="DNSSECKeyTemplate",
+        related_name="policies",
+        blank=True,
+    )
+    dnskey_ttl = models.PositiveIntegerField(
+        verbose_name=_("DNSKEY TTL"),
+        blank=True,
+        null=True,
+    )
+    purge_keys = models.PositiveIntegerField(
+        verbose_name=_("Purge Keys"),
+        blank=True,
+        null=True,
+    )
+    publish_safety = models.PositiveIntegerField(
+        verbose_name=_("Publish Safety"),
+        blank=True,
+        null=True,
+    )
+    retire_safety = models.PositiveIntegerField(
+        verbose_name=_("Retire Safety"),
+        blank=True,
+        null=True,
+    )
+    signatures_jitter = models.PositiveIntegerField(
+        verbose_name=_("Signatures Jitter"),
+        blank=True,
+        null=True,
+    )
+    signatures_refresh = models.PositiveIntegerField(
+        verbose_name=_("Signatures Refresh"),
+        blank=True,
+        null=True,
+    )
+    signatures_validity = models.PositiveIntegerField(
+        verbose_name=_("Signatures Validity"),
+        blank=True,
+        null=True,
+    )
+    signatures_validity_dnskey = models.PositiveIntegerField(
+        verbose_name=_("Signatures Validity for DNSKEY"),
+        blank=True,
+        null=True,
+    )
+    max_zone_ttl = models.PositiveIntegerField(
+        verbose_name=_("Max Zone TTL"),
+        blank=True,
+        null=True,
+    )
+    zone_propagation_delay = models.PositiveIntegerField(
+        verbose_name=_("Zone Propagation Delay"),
+        blank=True,
+        null=True,
+    )
+
+    create_cdnskey = models.BooleanField(
+        verbose_name=_("Create CDNSKEY"),
+        null=False,
+        default=True,
+    )
+    cds_digest_types = ChoiceArrayField(
+        base_field=models.CharField(
+            choices=DNSSECPolicyDigestChoices,
+        ),
+        verbose_name=_("CDS Digest Types"),
+        blank=True,
+        null=True,
+        default=list,
+    )
+    parent_ds_ttl = models.PositiveIntegerField(
+        verbose_name=_("Parent DS TTL"),
+        blank=True,
+        null=True,
+    )
+    parent_propagation_delay = models.PositiveIntegerField(
+        verbose_name=_("Parent Propagation Delay"),
+        blank=True,
+        null=True,
+    )
+
+    use_nsec3 = models.BooleanField(
+        verbose_name=_("Use NSEC3"),
+        null=False,
+        default=True,
+    )
+    nsec3_iterations = models.PositiveIntegerField(
+        verbose_name=_("NSEC3 Iterations"),
+        blank=True,
+        null=True,
+    )
+    nsec3_opt_out = models.BooleanField(
+        verbose_name=_("NSEC3 Opt-Out"),
+        blank=False,
+        null=False,
+        default=False,
+    )
+    nsec3_salt_size = models.PositiveIntegerField(
+        verbose_name=_("NSEC3 Salt Size"),
+        blank=True,
+        null=True,
+    )
+
+    tenant = models.ForeignKey(
+        verbose_name=_("Tenant"),
+        to="tenancy.Tenant",
+        on_delete=models.PROTECT,
+        related_name="netbox_dns_dnssec_policy",
+        blank=True,
+        null=True,
+    )
+
+    clone_fields = (
+        "name",
+        "key_templates",
+        "description",
+        "tenant",
+    )
+
+    class Meta:
+        verbose_name = _("DNSSEC Policy")
+        verbose_name_plural = _("DNSSEC Policies")
+
+        ordering = ("name",)
+
+    def __str__(self):
+        return str(self.name)
+
+    def get_status_color(self):
+        return DNSSECPolicyStatusChoices.colors.get(self.status)
+
+    # TODO: Remove in version 1.3.0 (NetBox #18555)
+    def get_absolute_url(self):
+        return reverse("plugins:netbox_dns:dnssecpolicy", kwargs={"pk": self.pk})
+
+    @property
+    def purge_keys_value(self):
+        return self.purge_keys if self.purge_keys is not None else 776000
+
+    @property
+    def publish_safety_value(self):
+        return self.publish_safety if self.publish_safety is not None else 3600
+
+    def get_effective_value(self, attribute):
+        default_value = get_plugin_config("netbox_dns", f"dnssec_{attribute}", None)
+
+        if not hasattr(self, attribute):
+            raise AttributeError(f"DNSSECPolicy does not have attribute {attribute}")
+
+        if (value := getattr(self, attribute)) is None:
+            return default_value
+
+        return value
+
+
+@register_search
+class DNSSECPolicyIndex(SearchIndex):
+    model = DNSSECPolicy
+    fields = (
+        ("name", 100),
+        ("description", 500),
+    )

netbox_dns/models/zone.py

@@ -97,6 +97,11 @@ class Zone(ObjectModificationMixin, ContactsMixin, NetBoxModel):
         max_length=255,
         db_collation="natural_sort",
     )
+    description = models.CharField(
+        verbose_name=_("Description"),
+        max_length=200,
+        blank=True,
+    )
     status = models.CharField(
         verbose_name=_("Status"),
         max_length=50,
@@ -170,25 +175,19 @@ class Zone(ObjectModificationMixin, ContactsMixin, NetBoxModel):
         help_text=_("Automatically generate the SOA serial number"),
         default=True,
     )
-    description = models.CharField(
-        verbose_name=_("Description"),
-        max_length=200,
-        blank=True,
-    )
-    arpa_network = NetworkField(
-        verbose_name=_("ARPA Network"),
-        help_text=_("Network related to a reverse lookup zone (.arpa)"),
-        blank=True,
-        null=True,
-    )
-    tenant = models.ForeignKey(
-        verbose_name=_("Tenant"),
-        to="tenancy.Tenant",
+    dnssec_policy = models.ForeignKey(
+        verbose_name=_("DNSSEC Policy"),
+        to="DNSSECPolicy",
         on_delete=models.PROTECT,
-        related_name="netbox_dns_zones",
+        related_name="zones",
         blank=True,
         null=True,
     )
+    inline_signing = models.BooleanField(
+        verbose_name=_("Inline Signing"),
+        help_text=_("Use inline signing for DNSSEC"),
+        default=True,
+    )
     registrar = models.ForeignKey(
         verbose_name=_("Registrar"),
         to="Registrar",
@@ -255,12 +254,27 @@ class Zone(ObjectModificationMixin, ContactsMixin, NetBoxModel):
         blank=True,
         null=True,
     )
+    arpa_network = NetworkField(
+        verbose_name=_("ARPA Network"),
+        help_text=_("Network related to a reverse lookup zone (.arpa)"),
+        blank=True,
+        null=True,
+    )
+    tenant = models.ForeignKey(
+        verbose_name=_("Tenant"),
+        to="tenancy.Tenant",
+        on_delete=models.PROTECT,
+        related_name="netbox_dns_zones",
+        blank=True,
+        null=True,
+    )
 
     objects = ZoneManager()
 
     clone_fields = (
         "view",
         "name",
+        "description",
         "status",
         "nameservers",
         "default_ttl",
@@ -271,7 +285,6 @@ class Zone(ObjectModificationMixin, ContactsMixin, NetBoxModel):
         "soa_retry",
         "soa_expire",
         "soa_minimum",
-        "description",
         "tenant",
     )
 

netbox_dns/models/zone_template.py

@@ -55,11 +55,11 @@ class ZoneTemplate(NetBoxModel):
         related_name="zone_templates",
         blank=True,
     )
-    tenant = models.ForeignKey(
-        verbose_name=_("Tenant"),
-        to="tenancy.Tenant",
+    dnssec_policy = models.ForeignKey(
+        verbose_name=_("DNSSEC Policy"),
+        to="DNSSECPolicy",
         on_delete=models.SET_NULL,
-        related_name="+",
+        related_name="zone_templates",
         blank=True,
         null=True,
     )
@@ -103,28 +103,38 @@ class ZoneTemplate(NetBoxModel):
         blank=True,
         null=True,
     )
+    tenant = models.ForeignKey(
+        verbose_name=_("Tenant"),
+        to="tenancy.Tenant",
+        on_delete=models.SET_NULL,
+        related_name="+",
+        blank=True,
+        null=True,
+    )
 
     clone_fields = (
         "description",
         "nameservers",
         "record_templates",
-        "tenant",
+        "dnssec_policy",
         "registrar",
         "registrant",
         "admin_c",
         "tech_c",
         "billing_c",
+        "tenant",
     )
 
     template_fields = (
         "soa_mname",
         "soa_rname",
-        "tenant",
+        "dnssec_policy",
         "registrar",
         "registrant",
         "admin_c",
         "tech_c",
         "billing_c",
+        "tenant",
     )
 
     class Meta:

netbox_dns/navigation.py

@@ -92,6 +92,46 @@ managed_record_menu_item = PluginMenuItem(
     permissions=["netbox_dns.view_record"],
 )
 
+dnsseckeytemplate_menu_item = PluginMenuItem(
+    link="plugins:netbox_dns:dnsseckeytemplate_list",
+    link_text=_("DNSSEC Key Templates"),
+    permissions=["netbox_dns.view_dnsseckeytemplate"],
+    buttons=(
+        PluginMenuButton(
+            "plugins:netbox_dns:dnsseckeytemplate_add",
+            _("Add"),
+            "mdi mdi-plus-thick",
+            permissions=["netbox_dns.add_dnsseckeytemplate"],
+        ),
+        PluginMenuButton(
+            "plugins:netbox_dns:dnsseckeytemplate_bulk_import",
+            _("Import"),
+            "mdi mdi-upload",
+            permissions=["netbox_dns.add_dnsseckeytemplate"],
+        ),
+    ),
+)
+
+dnssecpolicy_menu_item = PluginMenuItem(
+    link="plugins:netbox_dns:dnssecpolicy_list",
+    link_text=_("DNSSEC Policies"),
+    permissions=["netbox_dns.view_dnssecpolicy"],
+    buttons=(
+        PluginMenuButton(
+            "plugins:netbox_dns:dnssecpolicy_add",
+            _("Add"),
+            "mdi mdi-plus-thick",
+            permissions=["netbox_dns.add_dnssecpolicy"],
+        ),
+        PluginMenuButton(
+            "plugins:netbox_dns:dnssecpolicy_bulk_import",
+            _("Import"),
+            "mdi mdi-upload",
+            permissions=["netbox_dns.add_dnssecpolicy"],
+        ),
+    ),
+)
+
 zonetemplate_menu_item = PluginMenuItem(
     link="plugins:netbox_dns:zonetemplate_list",
     link_text=_("Zone Templates"),
@@ -187,6 +227,13 @@ if top_level_menu:
                     managed_record_menu_item,
                 ),
             ),
+            (
+                _("DNSSEC"),
+                (
+                    dnsseckeytemplate_menu_item,
+                    dnssecpolicy_menu_item,
+                ),
+            ),
             (
                 _("Templates"),
                 (
@@ -211,6 +258,8 @@ else:
         nameserver_menu_item,
         record_menu_item,
         managed_record_menu_item,
+        dnsseckeytemplate_menu_item,
+        dnssecpolicy_menu_item,
         registrar_menu_item,
         contact_menu_item,
     )

netbox_dns/signals/dnssec.py

@@ -0,0 +1,32 @@
+from django.dispatch import receiver
+from django.db.models.signals import m2m_changed
+from django.core.exceptions import ValidationError
+
+from netbox.context import current_request
+from utilities.exceptions import AbortRequest
+
+from netbox_dns.validators import validate_key_template_assignment
+
+from netbox_dns.models import DNSSECPolicy, DNSSECKeyTemplate
+
+
+@receiver(m2m_changed, sender=DNSSECPolicy.key_templates.through)
+def dnssec_policy_key_templates_changed(action, instance, pk_set, **kwargs):
+    request = current_request.get()
+
+    key_templates = instance.key_templates.all()
+    match action:
+        case "pre_remove":
+            key_templates = key_templates.exclude(pk__in=pk_set)
+        case "pre_add":
+            key_templates |= DNSSECKeyTemplate.objects.filter(pk__in=pk_set)
+        case _:
+            return
+
+    try:
+        validate_key_template_assignment(key_templates)
+    except ValidationError as exc:
+        if request is not None:
+            raise AbortRequest(exc)
+        else:
+            raise exc

netbox_dns/tables/__init__.py

@@ -6,3 +6,5 @@ from .registration_contact import *
 from .registrar import *
 from .zone_template import *
 from .record_template import *
+from .dnssec_key_template import *
+from .dnssec_policy import *

netbox_dns/tables/dnssec_key_template.py

@@ -0,0 +1,48 @@
+import django_tables2 as tables
+from django.utils.translation import gettext_lazy as _
+
+
+from netbox.tables import (
+    NetBoxTable,
+    ChoiceFieldColumn,
+    TagColumn,
+)
+from tenancy.tables import TenancyColumnsMixin
+
+from netbox_dns.models import DNSSECKeyTemplate
+
+
+__all__ = ("DNSSECKeyTemplateTable",)
+
+
+class DNSSECKeyTemplateTable(TenancyColumnsMixin, NetBoxTable):
+    name = tables.Column(
+        verbose_name=_("Name"),
+        linkify=True,
+    )
+    type = ChoiceFieldColumn(
+        verbose_name=_("Key Type"),
+    )
+    lifetime = tables.Column(
+        verbose_name=_("Lifetime"),
+    )
+    algorithm = ChoiceFieldColumn(
+        verbose_name=_("Algorithm"),
+    )
+    key_size = ChoiceFieldColumn(
+        verbose_name=_("Key Size"),
+    )
+    tags = TagColumn(
+        url_name="plugins:netbox_dns:dnsseckeytemplate_list",
+    )
+
+    class Meta(NetBoxTable.Meta):
+        model = DNSSECKeyTemplate
+        fields = ("description",)
+        default_columns = (
+            "name",
+            "type",
+            "algorithm",
+            "key_size",
+            "tags",
+        )

netbox_dns/tables/dnssec_policy.py

@@ -0,0 +1,131 @@
+import django_tables2 as tables
+from django.utils.translation import gettext_lazy as _
+
+
+from netbox.tables import (
+    NetBoxTable,
+    TagColumn,
+    ChoiceFieldColumn,
+    ActionsColumn,
+)
+from tenancy.tables import TenancyColumnsMixin
+
+from netbox_dns.models import DNSSECPolicy
+
+
+__all__ = (
+    "DNSSECPolicyTable",
+    "DNSSECPolicyDisplayTable",
+)
+
+
+class DNSSECPolicyTable(TenancyColumnsMixin, NetBoxTable):
+    name = tables.Column(
+        verbose_name=_("Name"),
+        linkify=True,
+    )
+    status = ChoiceFieldColumn(
+        verbose_name=_("Status"),
+    )
+    dnskey_ttl = tables.Column(
+        verbose_name=_("DNSKEY TTL"),
+    )
+    purge_keys = tables.Column(
+        verbose_name=_("Purge Keys"),
+    )
+    publish_safety = tables.Column(
+        verbose_name=_("Publish Safety"),
+    )
+    retire_safety = tables.Column(
+        verbose_name=_("Retire Safety"),
+    )
+    signatures_jitter = tables.Column(
+        verbose_name=_("Signatures Jitter"),
+    )
+    signatures_refresh = tables.Column(
+        verbose_name=_("Signatures Refresh"),
+    )
+    signatures_validity = tables.Column(
+        verbose_name=_("Signatures Validity"),
+    )
+    signatures_validity_dnskey = tables.Column(
+        verbose_name=_("Signatures Validity (DNSKEY)"),
+    )
+    max_zone_ttl = tables.Column(
+        verbose_name=_("Max Zone TTL"),
+    )
+    dnskey_ttl = tables.Column(
+        verbose_name=_("DNSKEY TTL"),
+    )
+    zone_propagation_delay = tables.Column(
+        verbose_name=_("Zone Propagation Delay"),
+    )
+    create_cdnskey = tables.BooleanColumn(
+        verbose_name=_("Create CDNSKEY"),
+    )
+    cds_digest_types = tables.Column(
+        verbose_name=_("CDS Digest Types"),
+    )
+    parent_ds_ttl = tables.Column(
+        verbose_name=_("Parent DS TTL"),
+    )
+    parent_propagation_delay = tables.Column(
+        verbose_name=_("Parent Propagation Delay"),
+    )
+    use_nsec3 = tables.BooleanColumn(
+        verbose_name=_("Use NSEC3"),
+    )
+    nsec3_iterations = tables.Column(
+        verbose_name=_("NSEC3 Iterations"),
+    )
+    nsec3_opt_out = tables.BooleanColumn(
+        verbose_name=_("NSEC3 Opt Out"),
+    )
+    nsec3_salt_size = tables.Column(
+        verbose_name=_("NSEC3 Salt Size"),
+    )
+    tags = TagColumn(
+        url_name="plugins:netbox_dns:dnssecpolicy_list",
+    )
+
+    class Meta(NetBoxTable.Meta):
+        model = DNSSECPolicy
+        fields = ("description",)
+        default_columns = (
+            "name",
+            "description",
+            "status",
+            "use_nsec3",
+            "tags",
+        )
+
+
+class DNSSECPolicyDisplayTable(TenancyColumnsMixin, NetBoxTable):
+    actions = ActionsColumn(actions="")
+
+    name = tables.Column(
+        verbose_name=_("Name"),
+        linkify=True,
+    )
+    status = ChoiceFieldColumn(
+        verbose_name=_("Status"),
+    )
+    create_cdnskey = tables.BooleanColumn(
+        verbose_name=_("Create CDNSKEY"),
+    )
+    use_nsec3 = tables.BooleanColumn(
+        verbose_name=_("Use NSEC3"),
+    )
+    tags = TagColumn(
+        url_name="plugins:netbox_dns:dnssecpolicy_list",
+    )
+
+    class Meta(NetBoxTable.Meta):
+        model = DNSSECPolicy
+        fields = ("description",)
+        default_columns = (
+            "name",
+            "description",
+            "status",
+            "tags",
+        )

netbox_dns/tables/zone.py

@@ -5,13 +5,17 @@ from netbox.tables import (
     ChoiceFieldColumn,
     NetBoxTable,
     TagColumn,
+    ActionsColumn,
 )
 from tenancy.tables import TenancyColumnsMixin
 
 from netbox_dns.models import Zone
 
 
-__all__ = ("ZoneTable",)
+__all__ = (
+    "ZoneTable",
+    "ZoneDisplayTable",
+)
 
 
 class ZoneTable(TenancyColumnsMixin, NetBoxTable):
@@ -36,6 +40,10 @@ class ZoneTable(TenancyColumnsMixin, NetBoxTable):
     default_ttl = tables.Column(
         verbose_name="Default TTL",
     )
+    dnssec_policy = tables.Column(
+        verbose_name=_("DNSSEC Policy"),
+        linkify=True,
+    )
     rfc2317_prefix = tables.Column(
         verbose_name=_("RFC2317 Prefix"),
     )
@@ -73,6 +81,7 @@ class ZoneTable(TenancyColumnsMixin, NetBoxTable):
             "description",
             "soa_rname",
             "soa_serial",
+            "inline_signing",
             "rfc2317_parent_managed",
             "registry_domain_id",
         )
@@ -82,3 +91,10 @@ class ZoneTable(TenancyColumnsMixin, NetBoxTable):
             "status",
             "tags",
         )
+
+
+class ZoneDisplayTable(ZoneTable):
+    actions = ActionsColumn(actions=("changelog",))
+
+    class Meta(ZoneTable.Meta):
+        pass

netbox_dns/tables/zone_template.py

@@ -25,6 +25,10 @@ class ZoneTemplateTable(TenancyColumnsMixin, NetBoxTable):
     tags = TagColumn(
         url_name="plugins:netbox_dns:zonetemplate_list",
     )
+    dnssec_policy = tables.Column(
+        verbose_name=_("DNSSEC Policy"),
+        linkify=True,
+    )
     registrar = tables.Column(
         verbose_name=_("Registrar"),
         linkify=True,