dbus: signal when external validation is requested

diff --git a/doc/reference.rst b/doc/reference.rst
index 3162d54917eb69d6fad2b2da329359011733793e..2efbcf25acdce53fde917cabf40e984324f8193d 100644 (file)
--- a/doc/reference.rst
+++ b/doc/reference.rst
@@ -215,7 +215,7 @@ General options related to the server.
      answer-rotation: BOOL
      automatic-acl: BOOL
      proxy-allowlist: ADDR[/INT] | ADDR-ADDR ...
-     dbus-event: none | running | zone-updated | ksk-submission | dnssec-invalid ...
+     dbus-event: none | running | zone-updated | external-verify | ksk-submission | dnssec-invalid ...
      dbus-init-delay: TIME
      listen: ADDR[@INT] | STR ...
      listen-quic: ADDR[@INT] ...
@@ -659,6 +659,8 @@ Possible values:
   - ``stopped`` when the server shutdown sequence is initiated.
 - ``zone-updated`` – The signal ``zone_updated`` is emitted when a zone has been updated;
   the signal parameters are `zone name` and `zone SOA serial`.
+- ``external-verify`` - The signal ``external_verify`` is emitted when a zone is awaiting
+  external validation before applying the changes; the signal parameter is `zone name`.
 - ``keys-updated`` - The signal ``keys_updated`` is emitted when a DNSSEC key set
   is updated; the signal parameter is `zone name`.
 - ``ksk-submission`` – The signal ``zone_ksk_submission`` is emitted if there is
@@ -3095,6 +3097,10 @@ In the referenced ``external`` section, it is possible to define paths to
 files where the new zone contents and/or differences are written
 (in the zone file format) just before every validation.
 
+.. TIP::
+   If :ref:`server_dbus-event` is set to ``external-verify``, a corresponding
+   signal is emitted when the server is awaiting external validation.
+
 *Default:* none
 
 .. _zone_dnssec-signing:

diff --git a/samples/dbus_client.pl b/samples/dbus_client.pl
index 805dbc3957deff322e87d3a26ae890059c11582c..f6bf00be087283e2fc8c63ce615779f089b028c6 100755 (executable)
--- a/samples/dbus_client.pl
+++ b/samples/dbus_client.pl
@@ -42,6 +42,12 @@ $knotd_interface->connect_to_signal('zone_updated', sub
     print "Updated zone=$zone to serial=$serial\n";
 });
 
+$knotd_interface->connect_to_signal('external_verify', sub
+{
+    my ($zone) = @_;
+    print "Awaiting external validation for zone=$zone\n";
+});
+
 $knotd_interface->connect_to_signal('keys_updated', sub
 {
     my ($zone) = @_;

diff --git a/samples/dbus_client.py b/samples/dbus_client.py
index 7bee40c8bbd1358544069cf58ff3b03e674abaaf..8e9dd23087a5e85cb7d9b21b8a1cfee5fa8e21b2 100755 (executable)
--- a/samples/dbus_client.py
+++ b/samples/dbus_client.py
@@ -23,6 +23,10 @@ def sig_updated(sender, path, interface, signal, args):
     (zone, serial) = args
     print("Updated zone=%s to serial=%d" % (zone, serial))
 
+def sig_external(sender, path, interface, signal, args):
+    (zone) = args
+    print("Awaiting external validation for zone=%s" % (zone))
+
 def sig_keys_upd(sender, path, interface, signal, args):
     (zone) = args
     print("Keys updated for zone=%s" % (zone))
@@ -85,6 +89,7 @@ if __name__ == '__main__':
     connect_to_signal("started", sig_started)
     connect_to_signal("stopped", sig_stopped)
     connect_to_signal("zone_updated", sig_updated)
+    connect_to_signal("external_verify", sig_external)
     connect_to_signal("keys_updated", sig_keys_upd)
     connect_to_signal("zone_ksk_submission", sig_submission)
     connect_to_signal("zone_dnssec_invalid", sig_invalid)

diff --git a/samples/dbus_client.sh b/samples/dbus_client.sh
index 98353fc035cc5f4cbfeecda8810543e1e53c3f32..8b8c037df8909a222a84a1dc031871b57233837b 100755 (executable)
--- a/samples/dbus_client.sh
+++ b/samples/dbus_client.sh
@@ -16,6 +16,9 @@ cb() {
        zone_updated)
                echo "Updated zone=${2} to serial=${3}"
                ;;
+       external_verify)
+               echo "Awaiting external validation for zone=${2}"
+               ;;
        zone_dnssec_invalid)
                echo "Invalid DNSSEC for zone=${2} remaining=${3} seconds"
                ;;

diff --git a/src/knot/common/dbus.c b/src/knot/common/dbus.c
index 3f95b55d02f0f9a75de436f615f622a5fce7f0d6..13623a154687940641ffad1e67bf501677792a68 100644 (file)
--- a/src/knot/common/dbus.c
+++ b/src/knot/common/dbus.c
@@ -192,6 +192,18 @@ void dbus_emit_zone_updated(const knot_dname_t *zone_name, uint32_t serial)
 #endif // ENABLE_DBUS
 }
 
+void dbus_emit_external_verify(const knot_dname_t *zone_name)
+{
+#if ENABLE_DBUS
+       knot_dname_txt_storage_t buff;
+       char *zone_str = knot_dname_to_str(buff, zone_name, sizeof(buff));
+       if (zone_str != NULL) {
+               emit_event(KNOT_BUS_EVENT_EXTERNAL, "s",
+                          VALUE_OF(zone_str));
+       }
+#endif // ENABLE_DBUS
+}
+
 void dbus_emit_keys_updated(const knot_dname_t *zone_name)
 {
 #if ENABLE_DBUS

diff --git a/src/knot/common/dbus.h b/src/knot/common/dbus.h
index 42b62575f3e46133b4b4c68fb76f094fcdbd5491..1033d4656123a61ec0c86f43a1df01ed580ceb93 100644 (file)
--- a/src/knot/common/dbus.h
+++ b/src/knot/common/dbus.h
@@ -17,6 +17,7 @@
 #define KNOT_BUS_EVENT_STARTED       "started"
 #define KNOT_BUS_EVENT_STOPPED       "stopped"
 #define KNOT_BUS_EVENT_ZONE_UPD      "zone_updated"
+#define KNOT_BUS_EVENT_EXTERNAL      "external_verify"
 #define KNOT_BUS_EVENT_ZONE_KEYS_UPD "keys_updated"
 #define KNOT_BUS_EVENT_ZONE_KSK_SUBM "zone_ksk_submission"
 #define KNOT_BUS_EVENT_ZONE_INVALID  "zone_dnssec_invalid"
@@ -49,6 +50,13 @@ void dbus_emit_running(bool up);
  */
 void dbus_emit_zone_updated(const knot_dname_t *zone_name, uint32_t serial);
 
+/*!
+ * \brief Emit event signal that external verify shall take place.
+ *
+ * \param zone_name   Zone name.
+ */
+void dbus_emit_external_verify(const knot_dname_t *zone_name);
+
 /*!
  * \brief Emit event signal for updated DNSSEC key set.
  *

diff --git a/src/knot/conf/schema.c b/src/knot/conf/schema.c
index 91ad934a30d2cf4055190afe4531a115fd4e076e..222ae11f50c1bcf3c097de6e440d02cd935721ec 100644 (file)
--- a/src/knot/conf/schema.c
+++ b/src/knot/conf/schema.c
@@ -188,6 +188,7 @@ static const knot_lookup_t dbus_events[] = {
        { DBUS_EVENT_NONE,            "none" },
        { DBUS_EVENT_RUNNING,         "running" },
        { DBUS_EVENT_ZONE_UPDATED,    "zone-updated" },
+       { DBUS_EVENT_EXTERNAL,        "external-verify" },
        { DBUS_EVENT_KEYS_UPDATED,    "keys-updated" },
        { DBUS_EVENT_ZONE_SUBMISSION, "ksk-submission" },
        { DBUS_EVENT_ZONE_INVALID,    "dnssec-invalid" },

diff --git a/src/knot/conf/schema.h b/src/knot/conf/schema.h
index 80a6864e0145472987966b18be63cb4f58c61dd7..3de02cfe6e37a96a27385c6ec9b2f8a58884bdff 100644 (file)
--- a/src/knot/conf/schema.h
+++ b/src/knot/conf/schema.h
@@ -270,9 +270,10 @@ enum {
        DBUS_EVENT_NONE            = 0,
        DBUS_EVENT_RUNNING         = (1 << 0),
        DBUS_EVENT_ZONE_UPDATED    = (1 << 1),
-       DBUS_EVENT_ZONE_SUBMISSION = (1 << 2),
-       DBUS_EVENT_ZONE_INVALID    = (1 << 3),
-       DBUS_EVENT_KEYS_UPDATED    = (1 << 4),
+       DBUS_EVENT_EXTERNAL        = (1 << 2),
+       DBUS_EVENT_ZONE_SUBMISSION = (1 << 3),
+       DBUS_EVENT_ZONE_INVALID    = (1 << 4),
+       DBUS_EVENT_KEYS_UPDATED    = (1 << 5),
 };
 
 extern const knot_lookup_t acl_actions[];

diff --git a/src/knot/updates/zone-update.c b/src/knot/updates/zone-update.c
index 01ae5eceaa65474c4a41b6c209d3b97b812ab21d..1f30babd29332b83a4566418d597d531fcc44b31 100644 (file)
--- a/src/knot/updates/zone-update.c
+++ b/src/knot/updates/zone-update.c
@@ -1001,6 +1001,10 @@ int zone_update_external(conf_t *conf, zone_update_t *update, conf_val_t *ev_id)
 
        log_zone_notice(update->zone->name, "waiting for external validation");
 
+       if (conf->cache.srv_dbus_event & DBUS_EVENT_EXTERNAL) {
+               dbus_emit_external_verify(update->zone->name);
+       }
+
        knot_sem_wait(&update->external);
 
        pthread_mutex_lock(&update->zone->cu_lock);