From 86e29d6c2a108a16e33af7febc8deca2a32c4bc8 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Ale=C5=A1?= <ales.mrazek@nic.cz>
Date: Thu, 1 Apr 2021 16:25:46 +0200
Subject: [PATCH] config: dns64 section added

---
 manager/config/kres-manager.yaml              |  6 +++++-
 manager/config/kresd-template.j2              | 12 ++++++++---
 manager/containers/debian/Containerfile       |  2 +-
 manager/containers/dev/Containerfile          |  3 +++
 .../tests/basic_startup/payload.json          | 12 +++++++----
 manager/integration/tests/basic_startup/run   |  4 ++++
 .../knot_resolver_manager/configuration.py    | 11 ++++++++--
 manager/knot_resolver_manager/datamodel.py    | 20 ++++++++++++++++---
 .../knot_resolver_manager/datamodel_types.py  |  5 +++++
 9 files changed, 61 insertions(+), 14 deletions(-)
 create mode 100644 manager/knot_resolver_manager/datamodel_types.py

diff --git a/manager/config/kres-manager.yaml b/manager/config/kres-manager.yaml
index 2a7cb2cee..df37edc9a 100644
--- a/manager/config/kres-manager.yaml
+++ b/manager/config/kres-manager.yaml
@@ -1,5 +1,9 @@
 server:
-  instances: 4
+  instances: 1
+
+dns64:
+  prefix: "64:ff9b::/96"
+
 lua:
   script: |
     """
diff --git a/manager/config/kresd-template.j2 b/manager/config/kresd-template.j2
index eba71596f..74241a1d1 100644
--- a/manager/config/kresd-template.j2
+++ b/manager/config/kresd-template.j2
@@ -1,4 +1,10 @@
--- script from 'Lua' configuration section
-{% if cfg.lua.script -%}
+modules = {
+{%- if cfg.dns64 %}
+    dns64 = '{{ cfg.dns64.prefix }}' }   -- dns64
+{%- endif %}
+}
+
+-- lua
+{%- if cfg.lua.script %}
 {{ cfg.lua.script }}
-{% endif -%}
\ No newline at end of file
+{%- endif %}
\ No newline at end of file
diff --git a/manager/containers/debian/Containerfile b/manager/containers/debian/Containerfile
index 57c3fad0f..c8621efb8 100644
--- a/manager/containers/debian/Containerfile
+++ b/manager/containers/debian/Containerfile
@@ -58,7 +58,7 @@ RUN apt-get update \
 COPY ./config/knot-resolver-manager.service /etc/systemd/system
 
 # Copy knot-resolver-manager YAML configuration file
-COPY ./config/kres-manager.yaml /etc/knot-resolver/
+COPY ./config/kres-manager.yaml /etc/knot-resolver
 
 # Copy only requirements, to cache them in docker layer
 # no poetry.lock, because here we have a different python version
diff --git a/manager/containers/dev/Containerfile b/manager/containers/dev/Containerfile
index d18c70762..d29d7e6af 100644
--- a/manager/containers/dev/Containerfile
+++ b/manager/containers/dev/Containerfile
@@ -66,6 +66,9 @@ RUN apt-get update \
 # Create knot-resolver-manager systemd service
 COPY ./config/knot-resolver-manager.service /etc/systemd/system
 
+# Copy knot-resolver-manager YAML configuration file
+COPY ./config/kres-manager.yaml /etc/knot-resolver
+
 # Copy only requirements, to cache them in docker layer
 COPY ./poetry.lock ./pyproject.toml ./yarn.lock ./package.json /code/
 
diff --git a/manager/integration/tests/basic_startup/payload.json b/manager/integration/tests/basic_startup/payload.json
index ecb5d5c85..edc630918 100644
--- a/manager/integration/tests/basic_startup/payload.json
+++ b/manager/integration/tests/basic_startup/payload.json
@@ -2,6 +2,9 @@
   "server": {
     "instances": 1
   },
+  "dns64": {
+    "prefix": "64:ff9b::/96"
+  },
   "lua": {
     "script_list": [
       "-- SPDX-License-Identifier: CC0-1.0",
@@ -13,10 +16,11 @@
       "net.listen('::1', 53, { kind = 'dns', freebind = true })",
       "net.listen('::1', 853, { kind = 'tls', freebind = true })",
       "--net.listen('::1', 443, { kind = 'doh2' })",
-      "-- Load useful modules","modules = {",
-      "'hints > iterate',  -- Load /etc/hosts and allow custom root hints",
-      "'stats',            -- Track internal statistics",
-      "'predict',          -- Prefetch expiring/frequent records",
+      "-- Load useful modules",
+      "modules = {",
+      "    'hints > iterate',  -- Load /etc/hosts and allow custom root hints",
+      "    'stats',            -- Track internal statistics",
+      "    'predict',          -- Prefetch expiring/frequent records",
       "}",
       "-- Cache size",
       "cache.size = 100 * MB"
diff --git a/manager/integration/tests/basic_startup/run b/manager/integration/tests/basic_startup/run
index 126f038ed..93b50d11a 100755
--- a/manager/integration/tests/basic_startup/run
+++ b/manager/integration/tests/basic_startup/run
@@ -14,3 +14,7 @@ python3 send_request.py
 
 # assert that any kresd process is running
 systemctl status | grep kresd
+
+# see the rendered Lua configuration
+echo "Lua config in '/etc/knot-resolver/kresd.conf':"
+cat /etc/knot-resolver/kresd.conf
diff --git a/manager/knot_resolver_manager/configuration.py b/manager/knot_resolver_manager/configuration.py
index 9ec0992d4..4fb4871fd 100644
--- a/manager/knot_resolver_manager/configuration.py
+++ b/manager/knot_resolver_manager/configuration.py
@@ -5,9 +5,16 @@ from jinja2 import Environment, Template
 from .datamodel import KresConfig
 
 _LUA_TEMPLATE_STR = """
-{% if lua_config -%}
+modules = {
+{%- if cfg.dns64 %}
+    dns64 = '{{ cfg.dns64.prefix }}' }   -- dns64
+{%- endif %}
+}
+
+-- lua
+{%- if cfg.lua.script %}
 {{ cfg.lua.script }}
-{% endif -%}
+{%- endif %}
 """
 
 _ENV = Environment(enable_async=True)
diff --git a/manager/knot_resolver_manager/datamodel.py b/manager/knot_resolver_manager/datamodel.py
index bae8dcfc0..f71633fcc 100644
--- a/manager/knot_resolver_manager/datamodel.py
+++ b/manager/knot_resolver_manager/datamodel.py
@@ -3,6 +3,7 @@ from typing import List, Optional
 from knot_resolver_manager.utils.dataclasses_parservalidator import DataclassParserValidatorMixin
 
 from .compat.dataclasses import dataclass
+from .datamodel_types import IPV6_PREFIX_96
 
 
 class DataValidationError(Exception):
@@ -14,8 +15,17 @@ class ServerConfig(DataclassParserValidatorMixin):
     instances: int = 1
 
     def validate(self):
-        if self.instances < 0:
-            raise DataValidationError("Number of workers must be non-negative")
+        if not 0 < self.instances <= 256:
+            raise DataValidationError("number of kresd 'instances' must be in range 1..256")
+
+
+@dataclass
+class Dns64Config(DataclassParserValidatorMixin):
+    prefix: str = "64:ff9b::"
+
+    def validate(self):
+        if not bool(IPV6_PREFIX_96.match(self.prefix)):
+            raise DataValidationError("'dns64.prefix' must be valid IPv6 address and '/96' CIDR")
 
 
 @dataclass
@@ -35,7 +45,11 @@ class LuaConfig(DataclassParserValidatorMixin):
 @dataclass
 class KresConfig(DataclassParserValidatorMixin):
     server: ServerConfig = ServerConfig()
+    dns64: Optional[Dns64Config] = None
     lua: LuaConfig = LuaConfig()
 
     def validate(self):
-        pass
+        self.server.validate()
+        if self.dns64 is not None:
+            self.dns64.validate()
+        self.lua.validate()
diff --git a/manager/knot_resolver_manager/datamodel_types.py b/manager/knot_resolver_manager/datamodel_types.py
new file mode 100644
index 000000000..6db42d738
--- /dev/null
+++ b/manager/knot_resolver_manager/datamodel_types.py
@@ -0,0 +1,5 @@
+import re
+
+IPV4ADDR = re.compile(r"^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$")
+
+IPV6_PREFIX_96 = re.compile(r"^([0-9A-Fa-f]{1,4}:){2}:($|/96)$")
-- 
2.47.3