Commit 82010ed8 authored by Ladislav Lhotka's avatar Ladislav Lhotka

Use an opaque id as the key for "trust-anchor"

parent c0fd92c5
Pipeline #43277 passed with stages
in 51 seconds
......@@ -92,6 +92,7 @@ module cznic-resolver-common {
"Specification of a trust anchor.";
leaf owner {
type inet:domain-name;
default ".";
description
"The domain name to which the trust anchor applies.
......@@ -328,7 +329,7 @@ module cznic-resolver-common {
type fs-path;
description
"Name of the file that is used by the RFC 5011 update
procedure for storing trust anchors are stored.
procedure for storing trust anchors.
Usually there will be a default location, which is
however implementation- and platform-specific.";
......@@ -342,7 +343,7 @@ module cznic-resolver-common {
enabled.";
}
list trust-anchor {
key "owner";
key "id";
description
"List of trust anchors.
......@@ -360,19 +361,15 @@ module cznic-resolver-common {
subsequent changes to this list shall be taken into
account.
In the operation datastore, this list contains trust
In the operational datastore, this list contains trust
anchors that are currently used by the resolver for the
domain.";
uses trust-anchor-spec {
refine "trust-anchor-rdata/dnskey/dnskey/flags" {
must "contains(., 'SEP')" {
error-message
"Trust anchor must be a Key-Signing Key.";
description
"Trust anchor must be a Key-Signing Key.";
}
}
leaf id {
type uint8;
description
"Opaque numeric ID of the trust anchor.";
}
uses trust-anchor-spec;
}
action add-trust-anchor {
description
......
......@@ -117,6 +117,7 @@
anchor applies to the entire domain.</h:p>
</text>
</description>
<default value="."/>
</leaf>
<choice name="trust-anchor-rdata">
<description>
......@@ -404,8 +405,7 @@
<description>
<text>
<h:p>Name of the file that is used by the RFC 5011
update procedure for storing trust anchors are
stored.</h:p>
update procedure for storing trust anchors.</h:p>
<h:p>Usually there will be a default location, which is
however implementation- and platform-specific.</h:p>
</text>
......@@ -421,7 +421,7 @@
</description>
</leaf>
<list name="trust-anchor">
<key value="owner"/>
<key value="id"/>
<description>
<text>
<h:p>List of trust anchors.</h:p>
......@@ -439,27 +439,18 @@
subsequent changes to this list shall be taken into
account.</h:li>
</h:ul>
<h:p>In the operation datastore, this list contains
trust anchors that are currently used by the resolver for
the domain.</h:p>
<h:p>In the operational datastore, this list contains
trust anchors that are currently used by the resolver
for the domain.</h:p>
</text>
</description>
<uses name="trust-anchor-spec">
<refine target-node="trust-anchor-rdata/dnskey/dnskey/flags">
<must condition="contains(., 'SEP')">
<description>
<text>
Trust anchor must be a Key-Signing Key.
</text>
</description>
<error-message>
<value>
Trust anchor must be a Key-Signing Key.
</value>
</error-message>
</must>
</refine>
</uses>
<leaf name="id">
<type name="uint8"/>
<description>
<text>Opaque numeric ID of the trust anchor.</text>
</description>
</leaf>
<uses name="trust-anchor-spec"/>
</list>
</list>
<leaf-list name="negative-trust-anchors">
......
......@@ -36,8 +36,9 @@
| | +--rw auto-update? <boolean>
| | +--rw domain <domain-name(string)>
| | +--rw key-file? <fs-path(string)>
| | +--rw trust-anchor* [owner]
| | +--rw owner <domain-name(string)>
| | +--rw trust-anchor* [id]
| | +--rw id <uint8>
| | +--rw owner? <domain-name(string)>
| | +--rw (trust-anchor-rdata)?
| | +--:(dnskey)
| | | +--rw dnskey
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment