ipaserver.plugins.dns.dnszone

class ipaserver.plugins.dns.dnszone(api)[source]

Bases: ipaserver.plugins.dns.DNSZoneBase

DNS Zone, container for resource records.

Public Methods:

Inherited from DNSZoneBase

get_dn(*keys, **options)

Construct an LDAP DN.

permission_name(zone)

get_name_in_zone(zone, hostname)

Get name of a record that is to be added to a new zone.

Inherited from LDAPObject

get_dn(*keys, **options)

Construct an LDAP DN.

get_dn_if_exists(*keys, **kwargs)

get_primary_key_from_dn(dn)

get_ancestor_primary_keys()

has_objectclass(classes, objectclass)

convert_attribute_members(entry_attrs, ...)

get_indirect_members(entry_attrs, attrs_list)

get_memberindirect(group_entry)

Get indirect members

get_memberofindirect(entry)

get_password_attributes(ldap, dn, entry_attrs)

Search on the entry to determine if it has a password or keytab set.

handle_not_found(*keys)

Handle NotFound exception

handle_duplicate_entry(*keys)

__json__()

Inherited from Object

backend

methods

params

primary_key

params_minus_pk

params_minus(*names)

Yield all Param whose name is not in names.

get_dn(*keys, **options)

Construct an LDAP DN.

get_params()

This method gets called by HasParam._create_param_namespace().

__json__()

Inherited from Plugin

__init__(api)

finalize()

Finalize plugin initialization.

ensure_finalized()

Finalize plugin initialization if it has not yet been finalized.

__repr__()

Return 'module_name.class_name()' representation.

Inherited from ReadOnly

__lock__()

Put this instance into a read-only state.

__islocked__()

Return True if instance is locked, otherwise False.

__setattr__(name, value)

If unlocked, set attribute named name to value.

__delattr__(name)

If unlocked, delete attribute named name.

Private Data Attributes:

Inherited from ReadOnly

_ReadOnly__locked

Private Methods:

_rr_zone_postprocess(record, **options)

_warning_forwarding(result, **options)

_warning_name_server_option(result, context, ...)

_warning_fw_zone_is_not_effective(result, ...)

Warning if any operation with zone causes, a child forward zone is not effective

_warning_dnssec_master_is_not_installed(...)

_warning_ttl_changed_reload_needed(result, ...)

Inherited from DNSZoneBase

_remove_permission(zone)

_make_zonename_absolute(entry_attrs, **options)

Zone names can be relative in IPA < 4.0, make sure we always return absolute zone name from ldap

Inherited from Object

_on_finalize()

Do custom finalization.

_Object__get_attrs(name)

Inherited from HasParam

_get_param_iterable(name[, verb])

Return an iterable of params defined by the attribute named name.

_filter_param_by_context(name[, env])

Filter params on attribute named name by environment env.

_create_param_namespace(name[, env])

Inherited from Plugin

_Plugin__name_getter()

_Plugin__full_name_getter()

_Plugin__bases_getter()

_Plugin__doc_getter()

_Plugin__summary_getter()

_on_finalize()

Do custom finalization.


property Backend
property Command
NO_CLI = False
__annotations__ = {}
__delattr__(name)

If unlocked, delete attribute named name.

If this instance is locked, an AttributeError will be raised.

Parameters

name – Name of attribute to delete.

__dict__ = mappingproxy({'__module__': 'ipaserver.plugins.dns', '__doc__': '\n    DNS Zone, container for resource records.\n    ', 'object_name': Gettext('DNS zone', domain='ipa', localedir=None), 'object_name_plural': Gettext('DNS zones', domain='ipa', localedir=None), 'object_class': ['top', 'idnsrecord', 'idnszone'], 'default_attributes': ['idnsname', 'idnszoneactive', 'idnsforwarders', 'idnsforwardpolicy', 'idnssoamname', 'idnssoarname', 'idnssoaserial', 'idnssoarefresh', 'idnssoaretry', 'idnssoaexpire', 'idnssoaminimum', 'idnsallowquery', 'idnsallowtransfer', 'idnssecinlinesigning', 'idnsallowdynupdate', 'idnsupdatepolicy', 'arecord', 'aaaarecord', 'a6record', 'afsdbrecord', 'aplrecord', 'certrecord', 'cnamerecord', 'dhcidrecord', 'dlvrecord', 'dnamerecord', 'dsrecord', 'hiprecord', 'hinforecord', 'ipseckeyrecord', 'keyrecord', 'kxrecord', 'locrecord', 'mdrecord', 'minforecord', 'mxrecord', 'naptrrecord', 'nsrecord', 'nsecrecord', 'nxtrecord', 'ptrrecord', 'rrsigrecord', 'rprecord', 'sigrecord', 'spfrecord', 'srvrecord', 'sshfprecord', 'tlsarecord', 'txtrecord', 'urirecord'], 'label': Gettext('DNS Zones', domain='ipa', localedir=None), 'label_singular': Gettext('DNS Zone', domain='ipa', localedir=None), 'takes_params': (DNSNameParam('idnsname', _no_wildcard_validator, cli_name='name', default_from=DefaultFrom('name_from_ip'), doc=Gettext('Zone name (FQDN)', domain='ipa', localedir=None), label=Gettext('Zone name', domain='ipa', localedir=None), normalizer=_normalize_zone, only_absolute=True, primary_key=True), Str('name_from_ip?', _validate_ipnet, doc=Gettext('IP network to create reverse zone name from', domain='ipa', localedir=None), flags=[u'virtual_attribute'], label=Gettext('Reverse zone IP network', domain='ipa', localedir=None)), Bool('idnszoneactive?', attribute=True, cli_name='zone_active', doc=Gettext('Is zone active?', domain='ipa', localedir=None), flags=[u'no_create', u'no_update'], label=Gettext('Active zone', domain='ipa', localedir=None)), Str('idnsforwarders*', validate_bind_forwarder, cli_name='forwarder', doc=Gettext('Per-zone forwarders. A custom port can be specified for each forwarder using a standard format "IP_ADDRESS port PORT"', domain='ipa', localedir=None), label=Gettext('Zone forwarders', domain='ipa', localedir=None)), StrEnum('idnsforwardpolicy?', cli_metavar=u"['only', 'first', 'none']", cli_name='forward_policy', doc=Gettext('Per-zone conditional forwarding policy. Set to "none" to disable forwarding to global forwarder for this zone. In that case, conditional zone forwarders are disregarded.', domain='ipa', localedir=None), label=Gettext('Forward policy', domain='ipa', localedir=None), values=[u'only', u'first', u'none']), Str('managedby', flags=[u'no_update', u'no_create', u'no_search', u'virtual_attribute'], label=Gettext('Managedby permission', domain='ipa', localedir=None)), DNSNameParam('idnssoamname?', cli_name='name_server', doc=Gettext('Authoritative nameserver domain name', domain='ipa', localedir=None), label=Gettext('Authoritative nameserver', domain='ipa', localedir=None)), DNSNameParam('idnssoarname', _rname_validator, autofill=True, cli_name='admin_email', default=<DNS name hostmaster>, doc=Gettext('Administrator e-mail address', domain='ipa', localedir=None), label=Gettext('Administrator e-mail address', domain='ipa', localedir=None), normalizer=normalize_zonemgr), Int('idnssoaserial', autofill=True, cli_name='serial', default_from=DefaultFrom(), doc=Gettext('SOA record serial number', domain='ipa', localedir=None), flags=[u'no_option'], label=Gettext('SOA serial', domain='ipa', localedir=None), maxvalue=4294967295, minvalue=1), Int('idnssoarefresh', autofill=True, cli_name='refresh', default=3600, doc=Gettext('SOA record refresh time', domain='ipa', localedir=None), label=Gettext('SOA refresh', domain='ipa', localedir=None), maxvalue=2147483647, minvalue=0), Int('idnssoaretry', autofill=True, cli_name='retry', default=900, doc=Gettext('SOA record retry time', domain='ipa', localedir=None), label=Gettext('SOA retry', domain='ipa', localedir=None), maxvalue=2147483647, minvalue=0), Int('idnssoaexpire', autofill=True, cli_name='expire', default=1209600, doc=Gettext('SOA record expire time', domain='ipa', localedir=None), label=Gettext('SOA expire', domain='ipa', localedir=None), maxvalue=2147483647, minvalue=0), Int('idnssoaminimum', autofill=True, cli_name='minimum', default=3600, doc=Gettext('How long should negative responses be cached', domain='ipa', localedir=None), label=Gettext('SOA minimum', domain='ipa', localedir=None), maxvalue=2147483647, minvalue=0), Int('dnsttl?', cli_name='ttl', doc=Gettext('Time to live for records at zone apex', domain='ipa', localedir=None), label=Gettext('Time to live', domain='ipa', localedir=None), maxvalue=2147483647, minvalue=0), Int('dnsdefaultttl?', cli_name='default_ttl', doc=Gettext('Time to live for records without explicit TTL definition', domain='ipa', localedir=None), label=Gettext('Default time to live', domain='ipa', localedir=None), maxvalue=2147483647, minvalue=0), StrEnum('dnsclass?', cli_metavar=u"['IN', 'CS', 'CH', 'HS']", cli_name='class', flags=[u'no_option'], values=[u'IN', u'CS', u'CH', u'HS']), Str('idnsupdatepolicy?', autofill=True, cli_name='update_policy', default_from=DefaultFrom('idnsname'), doc=Gettext('BIND update policy', domain='ipa', localedir=None), label=Gettext('BIND update policy', domain='ipa', localedir=None)), Bool('idnsallowdynupdate?', attribute=True, autofill=True, cli_name='dynamic_update', default=False, doc=Gettext('Allow dynamic updates.', domain='ipa', localedir=None), label=Gettext('Dynamic update', domain='ipa', localedir=None)), Str('idnsallowquery?', _validate_bind_aci, autofill=True, cli_name='allow_query', default=u'any;', doc=Gettext('Semicolon separated list of IP addresses or networks which are allowed to issue queries', domain='ipa', localedir=None), label=Gettext('Allow query', domain='ipa', localedir=None), normalizer=_normalize_bind_aci), Str('idnsallowtransfer?', _validate_bind_aci, autofill=True, cli_name='allow_transfer', default=u'none;', doc=Gettext('Semicolon separated list of IP addresses or networks which are allowed to transfer the zone', domain='ipa', localedir=None), label=Gettext('Allow transfer', domain='ipa', localedir=None), normalizer=_normalize_bind_aci), Bool('idnsallowsyncptr?', cli_name='allow_sync_ptr', doc=Gettext('Allow synchronization of forward (A, AAAA) and reverse (PTR) records in the zone', domain='ipa', localedir=None), label=Gettext('Allow PTR sync', domain='ipa', localedir=None)), Bool('idnssecinlinesigning?', cli_name='dnssec', default=False, doc=Gettext('Allow inline DNSSEC signing of records in the zone', domain='ipa', localedir=None), label=Gettext('Allow in-line DNSSEC signing', domain='ipa', localedir=None)), Str('nsec3paramrecord?', _validate_nsec3param_record, cli_name='nsec3param_rec', doc=Gettext('NSEC3PARAM record for zone in format: hash_algorithm flags iterations salt', domain='ipa', localedir=None), label=Gettext('NSEC3PARAM record', domain='ipa', localedir=None), pattern=u'^\\d+ \\d+ \\d+ (([0-9a-fA-F]{2})+|-)$', pattern_errmsg=u'expected format: <0-255> <0-255> <0-65535> even-length_hexadecimal_digits_or_hyphen')), 'managed_permissions': {'System: Add DNS Entries': {'non_object': True, 'ipapermright': {'add'}, 'ipapermlocation': ipapython.dn.DN('dc=ipa,dc=example'), 'ipapermtarget': ipapython.dn.DN('idnsname=*,cn=dns,dc=ipa,dc=example'), 'replaces': ['(target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "permission:add dns entries";allow (add) groupdn = "ldap:///cn=add dns entries,cn=permissions,cn=pbac,$SUFFIX";)'], 'default_privileges': {'DNS Servers', 'DNS Administrators'}}, 'System: Read DNS Entries': {'non_object': True, 'ipapermright': {'read', 'search', 'compare'}, 'ipapermlocation': ipapython.dn.DN('dc=ipa,dc=example'), 'ipapermtarget': ipapython.dn.DN('idnsname=*,cn=dns,dc=ipa,dc=example'), 'ipapermdefaultattr': {'minforecord', 'dsrecord', 'kxrecord', 'dnsclass', 'dnsttl', 'dlvrecord', 'idnsallowquery', 'afsdbrecord', 'idnssoarefresh', 'dnsdefaultttl', 'idnssoamname', 'idnssecinlinesigning', 'sshfprecord', 'mxrecord', 'idnsTemplateAttribute', 'nsrecord', 'idnssoaretry', 'idnssoaminimum', 'ipseckeyrecord', 'idnsforwarders', 'tlsarecord', 'cnamerecord', 'aplrecord', 'hinforecord', 'sigrecord', 'idnsforwardpolicy', 'cn', 'spfrecord', 'idnssoaserial', 'idnsname', 'idnsallowtransfer', 'nsecrecord', 'ptrrecord', 'objectclass', 'dhcidrecord', 'txtrecord', 'nsec3paramrecord', 'idnsallowsyncptr', 'rrsigrecord', 'keyrecord', 'unknownrecord', 'a6record', 'idnsupdatepolicy', 'idnszoneactive', 'idnssoarname', 'mdrecord', 'aaaarecord', 'hiprecord', 'naptrrecord', 'urirecord', 'idnsallowdynupdate', 'arecord', 'rprecord', 'locrecord', 'managedby', 'certrecord', 'nxtrecord', 'idnssoaexpire', 'srvrecord', 'dnamerecord'}, 'replaces_system': ['Read DNS Entries'], 'default_privileges': {'DNS Servers', 'DNS Administrators'}}, 'System: Remove DNS Entries': {'non_object': True, 'ipapermright': {'delete'}, 'ipapermlocation': ipapython.dn.DN('dc=ipa,dc=example'), 'ipapermtarget': ipapython.dn.DN('idnsname=*,cn=dns,dc=ipa,dc=example'), 'replaces': ['(target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "permission:remove dns entries";allow (delete) groupdn = "ldap:///cn=remove dns entries,cn=permissions,cn=pbac,$SUFFIX";)'], 'default_privileges': {'DNS Servers', 'DNS Administrators'}}, 'System: Update DNS Entries': {'non_object': True, 'ipapermright': {'write'}, 'ipapermlocation': ipapython.dn.DN('dc=ipa,dc=example'), 'ipapermtarget': ipapython.dn.DN('idnsname=*,cn=dns,dc=ipa,dc=example'), 'ipapermdefaultattr': {'minforecord', 'dsrecord', 'kxrecord', 'dnsclass', 'dnsttl', 'dlvrecord', 'idnsallowquery', 'afsdbrecord', 'idnssoarefresh', 'dnsdefaultttl', 'idnssoamname', 'idnssecinlinesigning', 'sshfprecord', 'mxrecord', 'idnsTemplateAttribute', 'nsrecord', 'idnssoaretry', 'idnssoaminimum', 'ipseckeyrecord', 'idnsforwarders', 'tlsarecord', 'cnamerecord', 'aplrecord', 'hinforecord', 'sigrecord', 'idnsforwardpolicy', 'cn', 'spfrecord', 'idnssoaserial', 'idnsname', 'idnsallowtransfer', 'nsecrecord', 'ptrrecord', 'objectclass', 'dhcidrecord', 'txtrecord', 'nsec3paramrecord', 'idnsallowsyncptr', 'rrsigrecord', 'keyrecord', 'unknownrecord', 'a6record', 'idnsupdatepolicy', 'idnszoneactive', 'idnssoarname', 'mdrecord', 'aaaarecord', 'hiprecord', 'naptrrecord', 'urirecord', 'idnsallowdynupdate', 'arecord', 'rprecord', 'locrecord', 'managedby', 'certrecord', 'nxtrecord', 'idnssoaexpire', 'srvrecord', 'dnamerecord'}, 'replaces': ['(targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record || nsrecord || cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord || minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname || idnssoarname || idnssoaserial || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum || idnsupdatepolicy")(target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "permission:update dns entries";allow (write) groupdn = "ldap:///cn=update dns entries,cn=permissions,cn=pbac,$SUFFIX";)', '(targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record || nsrecord || cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord || minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname || idnssoarname || idnssoaserial || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum || idnsupdatepolicy || idnsallowquery || idnsallowtransfer || idnsallowsyncptr || idnsforwardpolicy || idnsforwarders")(target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "permission:update dns entries";allow (write) groupdn = "ldap:///cn=update dns entries,cn=permissions,cn=pbac,$SUFFIX";)', '(targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record || nsrecord || cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord || minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname || idnssoarname || idnssoaserial || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum || idnsupdatepolicy || idnsallowquery || idnsallowtransfer || idnsallowsyncptr || idnsforwardpolicy || idnsforwarders || managedby")(target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "permission:update dns entries";allow (write) groupdn = "ldap:///cn=update dns entries,cn=permissions,cn=pbac,$SUFFIX";)'], 'default_privileges': {'DNS Servers', 'DNS Administrators'}}, 'System: Read DNSSEC metadata': {'non_object': True, 'ipapermright': {'read', 'search', 'compare'}, 'ipapermlocation': ipapython.dn.DN('dc=ipa,dc=example'), 'ipapermtarget': ipapython.dn.DN('cn=dns,dc=ipa,dc=example'), 'ipapermtargetfilter': ['(objectclass=idnsSecKey)'], 'ipapermdefaultattr': {'objectclass', 'idnsSecKeyZone', 'idnsSecKeyRef', 'idnsSecAlgorithm', 'idnsSecKeySep', 'idnsSecKeyActivate', 'cn', 'idnsSecKeyInactive', 'idnsSecKeyRevoke', 'idnsSecKeyCreated', 'idnsSecKeyDelete', 'idnsSecKeyPublish'}, 'default_privileges': {'DNS Administrators'}}, 'System: Manage DNSSEC metadata': {'non_object': True, 'ipapermright': {'all'}, 'ipapermlocation': ipapython.dn.DN('dc=ipa,dc=example'), 'ipapermtarget': ipapython.dn.DN('cn=dns,dc=ipa,dc=example'), 'ipapermtargetfilter': ['(objectclass=idnsSecKey)'], 'ipapermdefaultattr': {'objectclass', 'idnsSecKeyZone', 'idnsSecKeyRef', 'idnsSecAlgorithm', 'idnsSecKeySep', 'idnsSecKeyActivate', 'cn', 'idnsSecKeyInactive', 'idnsSecKeyRevoke', 'idnsSecKeyCreated', 'idnsSecKeyDelete', 'idnsSecKeyPublish'}, 'default_privileges': {'DNS Servers'}}, 'System: Manage DNSSEC keys': {'non_object': True, 'ipapermright': {'all'}, 'ipapermlocation': ipapython.dn.DN('dc=ipa,dc=example'), 'ipapermtarget': ipapython.dn.DN('cn=keys,cn=sec,cn=dns,dc=ipa,dc=example'), 'ipapermdefaultattr': {'ipk11Unwrap', 'ipk11WrapWithTrusted', 'ipk11Sensitive', 'ipk11Modifiable', 'ipk11Private', 'ipk11Destroyable', 'ipk11AlwaysSensitive', 'ipk11Copyable', 'ipaPublicKey', 'ipaPrivateKey', 'ipk11Distrusted', 'ipk11Wrap', 'ipk11NeverExtractable', 'ipk11Local', 'ipaWrappingMech', 'ipk11Trusted', 'ipk11Derive', 'ipk11SignRecover', 'ipk11VerifyRecover', 'ipk11Id', 'ipk11Sign', 'objectclass', 'ipk11Encrypt', 'ipk11CheckValue', 'ipaSecretKeyRef', 'ipk11UniqueId', 'ipk11Extractable', 'ipk11Decrypt', 'ipk11Verify', 'ipk11PublicKeyInfo', 'ipaWrappingKey', 'ipk11AllowedMechanisms', 'ipaSecretKey', 'ipk11EndDate', 'ipk11KeyType', 'ipk11Subject', 'ipk11KeyGenMechanism', 'ipk11AlwaysAuthenticate', 'ipk11Label', 'ipk11WrapTemplate', 'ipk11StartDate', 'ipk11UnwrapTemplate'}, 'default_privileges': {'DNS Servers'}}}, '_rr_zone_postprocess': <function dnszone._rr_zone_postprocess>, '_warning_forwarding': <function dnszone._warning_forwarding>, '_warning_name_server_option': <function dnszone._warning_name_server_option>, '_warning_fw_zone_is_not_effective': <function dnszone._warning_fw_zone_is_not_effective>, '_warning_dnssec_master_is_not_installed': <function dnszone._warning_dnssec_master_is_not_installed>, '_warning_ttl_changed_reload_needed': <function dnszone._warning_ttl_changed_reload_needed>, '__annotations__': {}})
__init__(api)
__islocked__()

Return True if instance is locked, otherwise False.

__json__()
__lock__()

Put this instance into a read-only state.

After the instance has been locked, attempting to set or delete an attribute will raise an AttributeError.

__module__ = 'ipaserver.plugins.dns'
__repr__()

Return ‘module_name.class_name()’ representation.

This representation could be used to instantiate this Plugin instance given the appropriate environment.

__setattr__(name, value)

If unlocked, set attribute named name to value.

If this instance is locked, an AttributeError will be raised.

Parameters
  • name – Name of attribute to set.

  • value – Value to assign to attribute.

__weakref__

list of weak references to the object (if defined)

_create_param_namespace(name, env=None)
_filter_param_by_context(name, env=None)

Filter params on attribute named name by environment env.

For example:

>>> from ipalib.config import Env
>>> class Example(HasParam):
...
...     takes_args = (
...         Str('foo_only', include=['foo']),
...         Str('not_bar', exclude=['bar']),
...         'both',
...     )
...
...     def get_args(self):
...         return self._get_param_iterable('args')
...
...
>>> eg = Example()
>>> foo = Env(context='foo')
>>> bar = Env(context='bar')
>>> another = Env(context='another')
>>> (foo.context, bar.context, another.context)
(u'foo', u'bar', u'another')
>>> list(eg._filter_param_by_context('args', foo))
[Str('foo_only', include=['foo']), Str('not_bar', exclude=['bar']), Str('both')]
>>> list(eg._filter_param_by_context('args', bar))
[Str('both')]
>>> list(eg._filter_param_by_context('args', another))
[Str('not_bar', exclude=['bar']), Str('both')]
_get_param_iterable(name, verb='takes')

Return an iterable of params defined by the attribute named name.

A sequence of params can be defined one of three ways: as a tuple; as a callable that returns an iterable; or as a param spec (a Param or str instance). This method returns a uniform iterable regardless of how the param sequence was defined.

For example, when defined with a tuple:

>>> class ByTuple(HasParam):
...     takes_args = (Param('foo'), Param('bar'))
...
>>> by_tuple = ByTuple()
>>> list(by_tuple._get_param_iterable('args'))
[Param('foo'), Param('bar')]

Or you can define your param sequence with a callable when you need to reference attributes on your plugin instance (for validation rules, etc.). For example:

>>> class ByCallable(HasParam):
...     def takes_args(self):
...         yield Param('foo', self.validate_foo)
...         yield Param('bar', self.validate_bar)
...
...     def validate_foo(self, _, value, **kw):
...         if value != 'Foo':
...             return _("must be 'Foo'")
...
...     def validate_bar(self, _, value, **kw):
...         if value != 'Bar':
...             return _("must be 'Bar'")
...
>>> by_callable = ByCallable()
>>> list(by_callable._get_param_iterable('args'))
[Param('foo', validate_foo), Param('bar', validate_bar)]

Lastly, as a convenience for when a param sequence contains a single param, your defining attribute may a param spec (either a Param or an str instance). For example:

>>> class BySpec(HasParam):
...     takes_args = Param('foo')
...     takes_options = 'bar?'
...
>>> by_spec = BySpec()
>>> list(by_spec._get_param_iterable('args'))
[Param('foo')]
>>> list(by_spec._get_param_iterable('options'))
['bar?']

For information on how an str param spec is interpreted, see the create_param() and parse_param_spec() functions in the ipalib.parameters module.

Also see HasParam._filter_param_by_context().

_make_zonename_absolute(entry_attrs, **options)

Zone names can be relative in IPA < 4.0, make sure we always return absolute zone name from ldap

_on_finalize()

Do custom finalization.

This method is called from finalize(). Subclasses can override this method in order to add custom finalization.

_remove_permission(zone)
_rr_zone_postprocess(record, **options)[source]
_warning_dnssec_master_is_not_installed(result, **options)[source]
_warning_forwarding(result, **options)[source]
_warning_fw_zone_is_not_effective(result, *keys, **options)[source]

Warning if any operation with zone causes, a child forward zone is not effective

_warning_name_server_option(result, context, **options)[source]
_warning_ttl_changed_reload_needed(result, **options)[source]
allow_rename = False
already_exists_msg = Gettext('%(oname)s with name "%(pkey)s" already exists', domain='ipa', localedir=None)
property api

Return API instance passed to __init__().

attribute_members = {}
backend = None
backend_name = 'ldap2'
bases = (<class 'ipaserver.plugins.dns.DNSZoneBase'>,)
bindable = False
container_dn = ipapython.dn.DN('cn=dns')
container_not_found_msg = Gettext('container entry (%(container)s) not found', domain='ipa', localedir=None)
property context
convert_attribute_members(entry_attrs, *keys, **options)
default_attributes = ['idnsname', 'idnszoneactive', 'idnsforwarders', 'idnsforwardpolicy', 'idnssoamname', 'idnssoarname', 'idnssoaserial', 'idnssoarefresh', 'idnssoaretry', 'idnssoaexpire', 'idnssoaminimum', 'idnsallowquery', 'idnsallowtransfer', 'idnssecinlinesigning', 'idnsallowdynupdate', 'idnsupdatepolicy', 'arecord', 'aaaarecord', 'a6record', 'afsdbrecord', 'aplrecord', 'certrecord', 'cnamerecord', 'dhcidrecord', 'dlvrecord', 'dnamerecord', 'dsrecord', 'hiprecord', 'hinforecord', 'ipseckeyrecord', 'keyrecord', 'kxrecord', 'locrecord', 'mdrecord', 'minforecord', 'mxrecord', 'naptrrecord', 'nsrecord', 'nsecrecord', 'nxtrecord', 'ptrrecord', 'rrsigrecord', 'rprecord', 'sigrecord', 'spfrecord', 'srvrecord', 'sshfprecord', 'tlsarecord', 'txtrecord', 'urirecord']
disallow_object_classes = []
doc = '\n    DNS Zone, container for resource records.\n    '
ensure_finalized()

Finalize plugin initialization if it has not yet been finalized.

property env
finalize()

Finalize plugin initialization.

This method calls _on_finalize() and locks the plugin object.

Subclasses should not override this method. Custom finalization is done in _on_finalize().

class finalize_attr(name, value=None)

Bases: object

Create a stub object for plugin attribute that isn’t set until the finalization of the plugin initialization.

When the stub object is accessed, it calls ensure_finalized() to make sure the plugin initialization is finalized. The stub object is expected to be replaced with the actual attribute value during the finalization (preferably in _on_finalize()), otherwise an AttributeError is raised.

This is used to implement on-demand finalization of plugin initialization.

__annotations__ = {}
__get__(obj, cls)
__init__(name, value=None)
__module__ = 'ipalib.plugable'
__slots__ = ('name', 'value')
name
value
full_name = 'dnszone/1'
get_ancestor_primary_keys()
get_dn(*keys, **options)

Construct an LDAP DN.

get_dn_if_exists(*keys, **kwargs)
get_indirect_members(entry_attrs, attrs_list)
get_memberindirect(group_entry)

Get indirect members

get_memberofindirect(entry)
get_name_in_zone(zone, hostname)

Get name of a record that is to be added to a new zone. I.e. when we want to add record “ipa.lab.example.com” in a zone “example.com”, this function should return “ipa.lab”. Returns None when record cannot be added to a zone. Returns ‘@’ when the hostname is the zone record.

get_params()

This method gets called by HasParam._create_param_namespace().

get_password_attributes(ldap, dn, entry_attrs)

Search on the entry to determine if it has a password or keytab set.

A tuple is used to determine which attribute is set in entry_attrs. The value is set to True/False whether a given password type is set.

get_primary_key_from_dn(dn)
handle_duplicate_entry(*keys)
handle_not_found(*keys)

Handle NotFound exception

Must raise errors.NotFound again.

has_objectclass(classes, objectclass)
hidden_attributes = ['objectclass', 'aci']
json_friendly_attributes = ('parent_object', 'container_dn', 'object_name', 'object_name_plural', 'object_class', 'object_class_config', 'default_attributes', 'label', 'label_singular', 'hidden_attributes', 'uuid_attribute', 'attribute_members', 'name', 'takes_params', 'rdn_attribute', 'bindable', 'relationships')
label = Gettext('DNS Zones', domain='ipa', localedir=None)
label_singular = Gettext('DNS Zone', domain='ipa', localedir=None)
limit_object_classes = []
managed_permissions = {'System: Add DNS Entries': {'default_privileges': {'DNS Administrators', 'DNS Servers'}, 'ipapermlocation': ipapython.dn.DN('dc=ipa,dc=example'), 'ipapermright': {'add'}, 'ipapermtarget': ipapython.dn.DN('idnsname=*,cn=dns,dc=ipa,dc=example'), 'non_object': True, 'replaces': ['(target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "permission:add dns entries";allow (add) groupdn = "ldap:///cn=add dns entries,cn=permissions,cn=pbac,$SUFFIX";)']}, 'System: Manage DNSSEC keys': {'default_privileges': {'DNS Servers'}, 'ipapermdefaultattr': {'ipaPrivateKey', 'ipaPublicKey', 'ipaSecretKey', 'ipaSecretKeyRef', 'ipaWrappingKey', 'ipaWrappingMech', 'ipk11AllowedMechanisms', 'ipk11AlwaysAuthenticate', 'ipk11AlwaysSensitive', 'ipk11CheckValue', 'ipk11Copyable', 'ipk11Decrypt', 'ipk11Derive', 'ipk11Destroyable', 'ipk11Distrusted', 'ipk11Encrypt', 'ipk11EndDate', 'ipk11Extractable', 'ipk11Id', 'ipk11KeyGenMechanism', 'ipk11KeyType', 'ipk11Label', 'ipk11Local', 'ipk11Modifiable', 'ipk11NeverExtractable', 'ipk11Private', 'ipk11PublicKeyInfo', 'ipk11Sensitive', 'ipk11Sign', 'ipk11SignRecover', 'ipk11StartDate', 'ipk11Subject', 'ipk11Trusted', 'ipk11UniqueId', 'ipk11Unwrap', 'ipk11UnwrapTemplate', 'ipk11Verify', 'ipk11VerifyRecover', 'ipk11Wrap', 'ipk11WrapTemplate', 'ipk11WrapWithTrusted', 'objectclass'}, 'ipapermlocation': ipapython.dn.DN('dc=ipa,dc=example'), 'ipapermright': {'all'}, 'ipapermtarget': ipapython.dn.DN('cn=keys,cn=sec,cn=dns,dc=ipa,dc=example'), 'non_object': True}, 'System: Manage DNSSEC metadata': {'default_privileges': {'DNS Servers'}, 'ipapermdefaultattr': {'cn', 'idnsSecAlgorithm', 'idnsSecKeyActivate', 'idnsSecKeyCreated', 'idnsSecKeyDelete', 'idnsSecKeyInactive', 'idnsSecKeyPublish', 'idnsSecKeyRef', 'idnsSecKeyRevoke', 'idnsSecKeySep', 'idnsSecKeyZone', 'objectclass'}, 'ipapermlocation': ipapython.dn.DN('dc=ipa,dc=example'), 'ipapermright': {'all'}, 'ipapermtarget': ipapython.dn.DN('cn=dns,dc=ipa,dc=example'), 'ipapermtargetfilter': ['(objectclass=idnsSecKey)'], 'non_object': True}, 'System: Read DNS Entries': {'default_privileges': {'DNS Administrators', 'DNS Servers'}, 'ipapermdefaultattr': {'a6record', 'aaaarecord', 'afsdbrecord', 'aplrecord', 'arecord', 'certrecord', 'cn', 'cnamerecord', 'dhcidrecord', 'dlvrecord', 'dnamerecord', 'dnsclass', 'dnsdefaultttl', 'dnsttl', 'dsrecord', 'hinforecord', 'hiprecord', 'idnsTemplateAttribute', 'idnsallowdynupdate', 'idnsallowquery', 'idnsallowsyncptr', 'idnsallowtransfer', 'idnsforwarders', 'idnsforwardpolicy', 'idnsname', 'idnssecinlinesigning', 'idnssoaexpire', 'idnssoaminimum', 'idnssoamname', 'idnssoarefresh', 'idnssoaretry', 'idnssoarname', 'idnssoaserial', 'idnsupdatepolicy', 'idnszoneactive', 'ipseckeyrecord', 'keyrecord', 'kxrecord', 'locrecord', 'managedby', 'mdrecord', 'minforecord', 'mxrecord', 'naptrrecord', 'nsec3paramrecord', 'nsecrecord', 'nsrecord', 'nxtrecord', 'objectclass', 'ptrrecord', 'rprecord', 'rrsigrecord', 'sigrecord', 'spfrecord', 'srvrecord', 'sshfprecord', 'tlsarecord', 'txtrecord', 'unknownrecord', 'urirecord'}, 'ipapermlocation': ipapython.dn.DN('dc=ipa,dc=example'), 'ipapermright': {'compare', 'read', 'search'}, 'ipapermtarget': ipapython.dn.DN('idnsname=*,cn=dns,dc=ipa,dc=example'), 'non_object': True, 'replaces_system': ['Read DNS Entries']}, 'System: Read DNSSEC metadata': {'default_privileges': {'DNS Administrators'}, 'ipapermdefaultattr': {'cn', 'idnsSecAlgorithm', 'idnsSecKeyActivate', 'idnsSecKeyCreated', 'idnsSecKeyDelete', 'idnsSecKeyInactive', 'idnsSecKeyPublish', 'idnsSecKeyRef', 'idnsSecKeyRevoke', 'idnsSecKeySep', 'idnsSecKeyZone', 'objectclass'}, 'ipapermlocation': ipapython.dn.DN('dc=ipa,dc=example'), 'ipapermright': {'compare', 'read', 'search'}, 'ipapermtarget': ipapython.dn.DN('cn=dns,dc=ipa,dc=example'), 'ipapermtargetfilter': ['(objectclass=idnsSecKey)'], 'non_object': True}, 'System: Remove DNS Entries': {'default_privileges': {'DNS Administrators', 'DNS Servers'}, 'ipapermlocation': ipapython.dn.DN('dc=ipa,dc=example'), 'ipapermright': {'delete'}, 'ipapermtarget': ipapython.dn.DN('idnsname=*,cn=dns,dc=ipa,dc=example'), 'non_object': True, 'replaces': ['(target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "permission:remove dns entries";allow (delete) groupdn = "ldap:///cn=remove dns entries,cn=permissions,cn=pbac,$SUFFIX";)']}, 'System: Update DNS Entries': {'default_privileges': {'DNS Administrators', 'DNS Servers'}, 'ipapermdefaultattr': {'a6record', 'aaaarecord', 'afsdbrecord', 'aplrecord', 'arecord', 'certrecord', 'cn', 'cnamerecord', 'dhcidrecord', 'dlvrecord', 'dnamerecord', 'dnsclass', 'dnsdefaultttl', 'dnsttl', 'dsrecord', 'hinforecord', 'hiprecord', 'idnsTemplateAttribute', 'idnsallowdynupdate', 'idnsallowquery', 'idnsallowsyncptr', 'idnsallowtransfer', 'idnsforwarders', 'idnsforwardpolicy', 'idnsname', 'idnssecinlinesigning', 'idnssoaexpire', 'idnssoaminimum', 'idnssoamname', 'idnssoarefresh', 'idnssoaretry', 'idnssoarname', 'idnssoaserial', 'idnsupdatepolicy', 'idnszoneactive', 'ipseckeyrecord', 'keyrecord', 'kxrecord', 'locrecord', 'managedby', 'mdrecord', 'minforecord', 'mxrecord', 'naptrrecord', 'nsec3paramrecord', 'nsecrecord', 'nsrecord', 'nxtrecord', 'objectclass', 'ptrrecord', 'rprecord', 'rrsigrecord', 'sigrecord', 'spfrecord', 'srvrecord', 'sshfprecord', 'tlsarecord', 'txtrecord', 'unknownrecord', 'urirecord'}, 'ipapermlocation': ipapython.dn.DN('dc=ipa,dc=example'), 'ipapermright': {'write'}, 'ipapermtarget': ipapython.dn.DN('idnsname=*,cn=dns,dc=ipa,dc=example'), 'non_object': True, 'replaces': ['(targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record || nsrecord || cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord || minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname || idnssoarname || idnssoaserial || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum || idnsupdatepolicy")(target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "permission:update dns entries";allow (write) groupdn = "ldap:///cn=update dns entries,cn=permissions,cn=pbac,$SUFFIX";)', '(targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record || nsrecord || cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord || minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname || idnssoarname || idnssoaserial || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum || idnsupdatepolicy || idnsallowquery || idnsallowtransfer || idnsallowsyncptr || idnsforwardpolicy || idnsforwarders")(target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "permission:update dns entries";allow (write) groupdn = "ldap:///cn=update dns entries,cn=permissions,cn=pbac,$SUFFIX";)', '(targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record || nsrecord || cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord || minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname || idnssoarname || idnssoaserial || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum || idnsupdatepolicy || idnsallowquery || idnsallowtransfer || idnsallowsyncptr || idnsforwardpolicy || idnsforwarders || managedby")(target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "permission:update dns entries";allow (write) groupdn = "ldap:///cn=update dns entries,cn=permissions,cn=pbac,$SUFFIX";)']}}
methods = None
name = 'dnszone'
object_class = ['top', 'idnsrecord', 'idnszone']
object_class_config = None
object_name = Gettext('DNS zone', domain='ipa', localedir=None)
object_name_plural = Gettext('DNS zones', domain='ipa', localedir=None)
object_not_found_msg = Gettext('%(pkey)s: %(oname)s not found', domain='ipa', localedir=None)
params = None
params_minus(*names)

Yield all Param whose name is not in names.

params_minus_pk = None
parent_not_found_msg = Gettext('%(parent)s: %(oname)s not found', domain='ipa', localedir=None)
parent_object = ''
password_attributes = []
permission_filter_objectclasses = None
permission_name(zone)
possible_objectclasses = ['ipadnszone']
primary_key = None
rdn_attribute = ''
relationships = {'member': ('Member', '', 'no_'), 'memberindirect': ('Indirect Member', None, 'no_indirect_'), 'membermanager': ('Group membership managed by', 'membermanager_', 'not_membermanager_'), 'memberof': ('Member Of', 'in_', 'not_in_'), 'memberofindirect': ('Indirect Member Of', None, 'not_in_indirect_')}
search_attributes = []
search_attributes_config = None
search_display_attributes = []
summary = 'DNS Zone, container for resource records.'
takes_params = (DNSNameParam('idnsname', _no_wildcard_validator, cli_name='name', default_from=DefaultFrom('name_from_ip'), doc=Gettext('Zone name (FQDN)', domain='ipa', localedir=None), label=Gettext('Zone name', domain='ipa', localedir=None), normalizer=_normalize_zone, only_absolute=True, primary_key=True), Str('name_from_ip?', _validate_ipnet, doc=Gettext('IP network to create reverse zone name from', domain='ipa', localedir=None), flags=[u'virtual_attribute'], label=Gettext('Reverse zone IP network', domain='ipa', localedir=None)), Bool('idnszoneactive?', attribute=True, cli_name='zone_active', doc=Gettext('Is zone active?', domain='ipa', localedir=None), flags=[u'no_create', u'no_update'], label=Gettext('Active zone', domain='ipa', localedir=None)), Str('idnsforwarders*', validate_bind_forwarder, cli_name='forwarder', doc=Gettext('Per-zone forwarders. A custom port can be specified for each forwarder using a standard format "IP_ADDRESS port PORT"', domain='ipa', localedir=None), label=Gettext('Zone forwarders', domain='ipa', localedir=None)), StrEnum('idnsforwardpolicy?', cli_metavar=u"['only', 'first', 'none']", cli_name='forward_policy', doc=Gettext('Per-zone conditional forwarding policy. Set to "none" to disable forwarding to global forwarder for this zone. In that case, conditional zone forwarders are disregarded.', domain='ipa', localedir=None), label=Gettext('Forward policy', domain='ipa', localedir=None), values=[u'only', u'first', u'none']), Str('managedby', flags=[u'no_update', u'no_create', u'no_search', u'virtual_attribute'], label=Gettext('Managedby permission', domain='ipa', localedir=None)), DNSNameParam('idnssoamname?', cli_name='name_server', doc=Gettext('Authoritative nameserver domain name', domain='ipa', localedir=None), label=Gettext('Authoritative nameserver', domain='ipa', localedir=None)), DNSNameParam('idnssoarname', _rname_validator, autofill=True, cli_name='admin_email', default=<DNS name hostmaster>, doc=Gettext('Administrator e-mail address', domain='ipa', localedir=None), label=Gettext('Administrator e-mail address', domain='ipa', localedir=None), normalizer=normalize_zonemgr), Int('idnssoaserial', autofill=True, cli_name='serial', default_from=DefaultFrom(), doc=Gettext('SOA record serial number', domain='ipa', localedir=None), flags=[u'no_option'], label=Gettext('SOA serial', domain='ipa', localedir=None), maxvalue=4294967295, minvalue=1), Int('idnssoarefresh', autofill=True, cli_name='refresh', default=3600, doc=Gettext('SOA record refresh time', domain='ipa', localedir=None), label=Gettext('SOA refresh', domain='ipa', localedir=None), maxvalue=2147483647, minvalue=0), Int('idnssoaretry', autofill=True, cli_name='retry', default=900, doc=Gettext('SOA record retry time', domain='ipa', localedir=None), label=Gettext('SOA retry', domain='ipa', localedir=None), maxvalue=2147483647, minvalue=0), Int('idnssoaexpire', autofill=True, cli_name='expire', default=1209600, doc=Gettext('SOA record expire time', domain='ipa', localedir=None), label=Gettext('SOA expire', domain='ipa', localedir=None), maxvalue=2147483647, minvalue=0), Int('idnssoaminimum', autofill=True, cli_name='minimum', default=3600, doc=Gettext('How long should negative responses be cached', domain='ipa', localedir=None), label=Gettext('SOA minimum', domain='ipa', localedir=None), maxvalue=2147483647, minvalue=0), Int('dnsttl?', cli_name='ttl', doc=Gettext('Time to live for records at zone apex', domain='ipa', localedir=None), label=Gettext('Time to live', domain='ipa', localedir=None), maxvalue=2147483647, minvalue=0), Int('dnsdefaultttl?', cli_name='default_ttl', doc=Gettext('Time to live for records without explicit TTL definition', domain='ipa', localedir=None), label=Gettext('Default time to live', domain='ipa', localedir=None), maxvalue=2147483647, minvalue=0), StrEnum('dnsclass?', cli_metavar=u"['IN', 'CS', 'CH', 'HS']", cli_name='class', flags=[u'no_option'], values=[u'IN', u'CS', u'CH', u'HS']), Str('idnsupdatepolicy?', autofill=True, cli_name='update_policy', default_from=DefaultFrom('idnsname'), doc=Gettext('BIND update policy', domain='ipa', localedir=None), label=Gettext('BIND update policy', domain='ipa', localedir=None)), Bool('idnsallowdynupdate?', attribute=True, autofill=True, cli_name='dynamic_update', default=False, doc=Gettext('Allow dynamic updates.', domain='ipa', localedir=None), label=Gettext('Dynamic update', domain='ipa', localedir=None)), Str('idnsallowquery?', _validate_bind_aci, autofill=True, cli_name='allow_query', default=u'any;', doc=Gettext('Semicolon separated list of IP addresses or networks which are allowed to issue queries', domain='ipa', localedir=None), label=Gettext('Allow query', domain='ipa', localedir=None), normalizer=_normalize_bind_aci), Str('idnsallowtransfer?', _validate_bind_aci, autofill=True, cli_name='allow_transfer', default=u'none;', doc=Gettext('Semicolon separated list of IP addresses or networks which are allowed to transfer the zone', domain='ipa', localedir=None), label=Gettext('Allow transfer', domain='ipa', localedir=None), normalizer=_normalize_bind_aci), Bool('idnsallowsyncptr?', cli_name='allow_sync_ptr', doc=Gettext('Allow synchronization of forward (A, AAAA) and reverse (PTR) records in the zone', domain='ipa', localedir=None), label=Gettext('Allow PTR sync', domain='ipa', localedir=None)), Bool('idnssecinlinesigning?', cli_name='dnssec', default=False, doc=Gettext('Allow inline DNSSEC signing of records in the zone', domain='ipa', localedir=None), label=Gettext('Allow in-line DNSSEC signing', domain='ipa', localedir=None)), Str('nsec3paramrecord?', _validate_nsec3param_record, cli_name='nsec3param_rec', doc=Gettext('NSEC3PARAM record for zone in format: hash_algorithm flags iterations salt', domain='ipa', localedir=None), label=Gettext('NSEC3PARAM record', domain='ipa', localedir=None), pattern=u'^\\d+ \\d+ \\d+ (([0-9a-fA-F]{2})+|-)$', pattern_errmsg=u'expected format: <0-255> <0-255> <0-65535> even-length_hexadecimal_digits_or_hyphen'))
uuid_attribute = ''
version = '1'