address: ListOrItem[IPAddressOptionalPort]
transport: Optional[Literal["tls"]] = None
- pin_sha256: Optional[str] = None
+ pin_sha256: Optional[ListOrItem[str]] = None
hostname: Optional[DomainName] = None
ca_file: Optional[FilePath] = None
+ def _validate(self) -> None:
+ if self.pin_sha256 and (self.hostname or self.ca_file):
+ ValueError("'pin-sha256' cannot be configurad together with 'hostname' or 'ca-file'")
+
class ForwardOptionsSchema(ConfigSchema):
"""
-{% from 'macros/common_macros.lua.j2' import boolean %}
+{% from 'macros/common_macros.lua.j2' import boolean, string_table %}
{% macro forward_options(options) -%}
{dnssec={{ boolean(options.dnssec) }},auth={{ boolean(options.authoritative) }}}
{%- if server.hostname -%}
hostname='{{ server.hostname }}',
{%- endif -%}
+{%- if server.pin_sha256 -%}
+pin_sha256={{ string_table(server.pin_sha256) }},
+{%- endif -%}
{%- if server.ca_file -%}
ca_file='{{ server.ca_file }}',
{%- endif -%}
assert tmpl.render(x=[d.address, t[1].address]) == f"{{'{d.address}','{t[1].address}',}}"
assert (
tmpl.render(x=t)
- == f"{{{{'{d.address}',hostname='{d.hostname}',ca_file='{d.ca_file}',}},{{'{t[1].address}',pin_sha256='{t[1].pin_sha256}',}},}}"
+ == f"{{{{'{d.address}',hostname='{d.hostname}',ca_file='{d.ca_file}',}},{{'{t[1].address}',pin_sha256={{'{t[1].pin_sha256}',}}}},}}"
)
projects / thirdparty / knot-resolver.git / commitdiff
