From: Aleš <ales.mrazek@nic.cz>
Date: Tue, 8 Feb 2022 15:38:34 +0000 (+0100)
Subject: datamodel: docstrings annotatinons dnssec
X-Git-Tag: v6.0.0a1~44^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fe99166b4427129e5e9f536ec9fd8c0d73d790a2;p=thirdparty%2Fknot-resolver.git

datamodel: docstrings annotatinons dnssec
- related to #706
---

diff --git a/manager/knot_resolver_manager/datamodel/dnssec_schema.py b/manager/knot_resolver_manager/datamodel/dnssec_schema.py
index 8c2f57645..ba1e6d517 100644
--- a/manager/knot_resolver_manager/datamodel/dnssec_schema.py
+++ b/manager/knot_resolver_manager/datamodel/dnssec_schema.py
@@ -5,18 +5,41 @@ from knot_resolver_manager.utils import SchemaNode
 
 
 class TrustAnchorFileSchema(SchemaNode):
+    """
+    Trust-anchor zonefile configuration.
+
+    ---
+    file: Path to the zonefile that stores trust-anchors.
+    read_only: Blocks zonefile updates according to RFC 5011.
+
+    """
+
     file: str
     read_only: bool = False
 
 
 class DnssecSchema(SchemaNode):
+    """
+    DNSSEC configuration.
+
+    ---
+    trust_anchor_sentinel: Allows users of DNSSEC validating resolver to detect which root keys are configured in resolver's chain of trust. (RFC 8509)
+    trust_anchor_signal_query: Signaling Trust Anchor Knowledge in DNSSEC Using Key Tag Query, according to (RFC 8145#section-5).
+    time_skew_detection: Detection of difference between local system time and expiration time bounds in DNSSEC signatures for '. NS' records.
+    keep_removed: How many removed keys should be held in history (and key file) before being purged.
+    refresh_time: Force trust-anchors to be updated every defined time periodically instead of relying on (RFC 5011) logic and TTLs. Intended only for testing purposes.
+    hold_down_time: Modify hold-down timer (RFC 5011). Intended only for testing purposes.
+    trust_anchors: List of trust-anchors in DS/DNSKEY records format.
+    negative_trust_anchors: List of domain names representing negative trust-anchors. (RFC 7646)
+    trust_anchors_files: List of zonefiles where trust-anchors are stored.
+    """
+
     trust_anchor_sentinel: bool = True
     trust_anchor_signal_query: bool = True
     time_skew_detection: bool = True
     keep_removed: int = 0
     refresh_time: Optional[TimeUnit] = None
     hold_down_time: TimeUnit = TimeUnit("30d")
-
     trust_anchors: Optional[List[str]] = None
     negative_trust_anchors: Optional[List[str]] = None
     trust_anchors_files: Optional[List[TrustAnchorFileSchema]] = None