From: Aleš Mrázek <ales.mrazek@nic.cz>
Date: Fri, 5 May 2023 14:19:46 +0000 (+0200)
Subject: manager: datamodel: local-data/rpz: schema and template
X-Git-Tag: v6.0.1~11^2^2~5
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=f8e5a17acd43145235201245c9a2c16ecac962fb;p=thirdparty%2Fknot-resolver.git

manager: datamodel: local-data/rpz: schema and template
---

diff --git a/manager/etc/knot-resolver/config.policy.dev.yml b/manager/etc/knot-resolver/config.policy.dev.yml
index 8557ad589..bccf8edbb 100644
--- a/manager/etc/knot-resolver/config.policy.dev.yml
+++ b/manager/etc/knot-resolver/config.policy.dev.yml
@@ -37,6 +37,9 @@ local-data:
       roots: [ example1.org ]
     - type: nxdomain
       roots: [ sub4.example.org ]
+  rpz:
+    - file: blocklist.rpz
+      tags: [t01, t02]
 
 #   ttl: 1d
 #   nodata: true
diff --git a/manager/knot_resolver_manager/datamodel/config_schema.py b/manager/knot_resolver_manager/datamodel/config_schema.py
index fafb00c3c..5df263c6b 100644
--- a/manager/knot_resolver_manager/datamodel/config_schema.py
+++ b/manager/knot_resolver_manager/datamodel/config_schema.py
@@ -20,7 +20,6 @@ from knot_resolver_manager.datamodel.monitoring_schema import MonitoringSchema
 from knot_resolver_manager.datamodel.network_schema import NetworkSchema
 from knot_resolver_manager.datamodel.options_schema import OptionsSchema
 from knot_resolver_manager.datamodel.policy_schema import PolicySchema
-from knot_resolver_manager.datamodel.rpz_schema import RPZSchema
 from knot_resolver_manager.datamodel.slice_schema import SliceSchema
 from knot_resolver_manager.datamodel.types import IntPositive
 from knot_resolver_manager.datamodel.types.files import UncheckedPath
@@ -99,7 +98,6 @@ class KresConfig(ConfigSchema):
         local_data: Local data for forward records (A/AAAA) and reverse records (PTR).
         slices: Split the entire DNS namespace into distinct slices.
         policy: List of policy rules and its configuration.
-        rpz: List of Response Policy Zones and its configuration.
         forward: List of Forward Zones and its configuration.
         cache: DNS resolver cache configuration.
         dnssec: Disable DNSSEC, enable with defaults or set new configuration.
@@ -123,7 +121,6 @@ class KresConfig(ConfigSchema):
         local_data: LocalDataSchema = LocalDataSchema()
         slices: Optional[List[SliceSchema]] = None
         policy: Optional[List[PolicySchema]] = None
-        rpz: Optional[List[RPZSchema]] = None
         forward: Optional[List[ForwardSchema]] = None
         cache: CacheSchema = CacheSchema()
         dnssec: Union[bool, DnssecSchema] = True
@@ -147,7 +144,6 @@ class KresConfig(ConfigSchema):
     local_data: LocalDataSchema
     slices: Optional[List[SliceSchema]]
     policy: Optional[List[PolicySchema]]
-    rpz: Optional[List[RPZSchema]]
     forward: Optional[List[ForwardSchema]]
     cache: CacheSchema
     dnssec: Union[Literal[False], DnssecSchema]
diff --git a/manager/knot_resolver_manager/datamodel/local_data_schema.py b/manager/knot_resolver_manager/datamodel/local_data_schema.py
index 18e20007b..c57105572 100644
--- a/manager/knot_resolver_manager/datamodel/local_data_schema.py
+++ b/manager/knot_resolver_manager/datamodel/local_data_schema.py
@@ -3,7 +3,7 @@ from typing import Dict, List, Optional
 from typing_extensions import Literal
 
 from knot_resolver_manager.datamodel.types import DomainName, IDPattern, IPAddress, TimeUnit
-from knot_resolver_manager.datamodel.types.files import UncheckedPath
+from knot_resolver_manager.datamodel.types.files import UncheckedPath, FilePath
 from knot_resolver_manager.utils.modeling import ConfigSchema
 
 
@@ -43,6 +43,19 @@ class SubtreeSchema(ConfigSchema):
             raise ValueError("'refresh' can be only configured with 'roots-file' or 'roots-url'")
 
 
+class RPZSchema(ConfigSchema):
+    """
+    Configuration or Response Policy Zone (RPZ).
+
+    ---
+    file: Path to the RPZ zone file.
+    tags: Tags to link with other policy rules.
+    """
+
+    file: FilePath
+    tags: Optional[List[IDPattern]] = None
+
+
 class LocalDataSchema(ConfigSchema):
     """
     Local data for forward records (A/AAAA) and reverse records (PTR).
@@ -54,6 +67,7 @@ class LocalDataSchema(ConfigSchema):
     addresses_files: Direct addition of hostname and IP addresses pairs from files in '/etc/hosts' like format.
     records: Direct addition of records in DNS zone file format.
     subtrees: Direct addition of subtrees.
+    rpz: List of Response Policy Zones and its configuration.
     """
 
     ttl: Optional[TimeUnit] = None
@@ -62,3 +76,4 @@ class LocalDataSchema(ConfigSchema):
     addresses_files: Optional[List[UncheckedPath]] = None
     records: Optional[str] = None
     subtrees: Optional[List[SubtreeSchema]] = None
+    rpz: Optional[List[RPZSchema]] = None
diff --git a/manager/knot_resolver_manager/datamodel/templates/local_data.lua.j2 b/manager/knot_resolver_manager/datamodel/templates/local_data.lua.j2
index ebd5fd755..d7e2110ff 100644
--- a/manager/knot_resolver_manager/datamodel/templates/local_data.lua.j2
+++ b/manager/knot_resolver_manager/datamodel/templates/local_data.lua.j2
@@ -10,7 +10,6 @@
 {# subtrees #}
 {% if cfg.local_data.subtrees -%}
 {% for subtree in cfg.local_data.subtrees %}
-
 {% if subtree.roots -%}
 {% for root in subtree.roots %}
 {{ local_data_subtree_root(subtree.type, root, subtree.tags) }}
@@ -20,6 +19,12 @@
 {%- elif subtree.roots_url -%}
 {# TODO: not implemented yet #}
 {%- endif %}
+{% endfor %}
+{%- endif %}
 
+{# rpz #}
+{% if cfg.local_data.rpz -%}
+{% for rpz in cfg.local_data.rpz %}
+{{ local_data_records(rpz.file, true, cfg.local_data.ttl, cfg.local_data.nodata, rpz.tags) }}
 {% endfor %}
 {%- endif %}
diff --git a/manager/knot_resolver_manager/datamodel/templates/macros/local_data_macros.lua.j2 b/manager/knot_resolver_manager/datamodel/templates/macros/local_data_macros.lua.j2
index 3d91a7f23..dde204e30 100644
--- a/manager/knot_resolver_manager/datamodel/templates/macros/local_data_macros.lua.j2
+++ b/manager/knot_resolver_manager/datamodel/templates/macros/local_data_macros.lua.j2
@@ -1,21 +1,23 @@
 {% from 'macros/common_macros.lua.j2' import string_table, boolean %}
 {% from 'macros/policy_macros.lua.j2' import policy_get_tagset, policy_todname %}
 
-
-{% macro local_data_records(input_str, is_rpz, ttl, nodata) -%}
-rrs = ffi.new('struct kr_rule_zonefile_config')
+{% macro local_data_records(input_str, is_rpz, ttl, nodata, tags=none, id='rrs') -%}
+{{ id }} = ffi.new('struct kr_rule_zonefile_config')
 {% if ttl %}
-rrs.ttl = {{ ttl.millis() }}
+{{ id }}.ttl = {{ ttl.millis() }}
+{% endif %}
+{% if tags %}
+{{ id }}.tags = {{ policy_get_tagset(tags) }}
 {% endif %}
-rrs.nodata = {{ boolean(nodata) }}
-rrs.is_rpz = {{ boolean(is_rpz) }}
+{{ id }}.nodata = {{ boolean(nodata) }}
+{{ id }}.is_rpz = {{ boolean(is_rpz) }}
 {% if is_rpz -%}
-rrs.filename = '{{ input_str }}'
+{{ id }}.filename = '{{ input_str }}'
 {% else %}
-rrs.input_str = [[
+{{ id }}.input_str = [[
 {{ input_str }}]]
 {% endif %}
-assert(C.kr_rule_zonefile(rrs)==0)
+assert(C.kr_rule_zonefile({{ id }})==0)
 {%- endmacro %}
 
 {% macro local_data_emptyzone(dname, tags) -%}