Open
Conversation
- New `cascade tsig add` client command to request that the daemon add a TSIG key to the Cascade TSIG store. - New cascaded POST /tsig/ API to add a TSIG key to the Cascade TSIG store. - Extension of the `cascade zone add` command `--source` argument with an optional `!<TSIG key name>` syntax to define the TSIG key that Cascade should use when sending an XFR request to the upstream. - Pass the key defined by the source to the zone loader instead of None (the zone loader is already capable of using the key, it just wasn't being told which key to use)
As Base64 is typically how tooling present/accept TSIG key secret data to/from users.
Begin with a test that should fail: fetching a zone without using the required TSIG key.
…ed (#580) Co-authored-by: Ximon Eighteen <3304436+ximon18@users.noreply.github.com>
…into tsig-upstream-support
…d to include the new TSIG related set subcommands.
14 tasks
bal-e
reviewed
Apr 21, 2026
Contributor
bal-e
left a comment
bal-e
left a comment
There was a problem hiding this comment.
We can merge if necessary, but I'd like to have my comments addressed first.
Comment on lines
+511
to
+513
| let key_name = KeyName::from_str(&tsig_key.to_string()).map_err(|_| { | ||
| ZoneLoadSourceSpecParseError::InvalidTsigKeyName(tsig_key.clone()) | ||
| })?; |
Contributor
There was a problem hiding this comment.
This error is not possible. KeyName is just Name<Array<255>>, i.e. an arbitrary domain name. I would suggest using tsig_key.flatten_into().expect("'KeyName' can hold any domain name") and removing the InvalidTsigKeyName error.
Contributor
There was a problem hiding this comment.
Note: I also ended up making similar changes to this file in #589, so we will have merge conflicts to deal with.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
On startup ensure that the TSIG key field on the server source of a zone is set to
Some(key)rather thanNone. This required changing the sequence in which state is loaded bymain()because TSIG keys must be loaded before zones are reconstituted from their state files so that the loaded key can be placed in theSome(key)field of the zone server source.If you are changing Rust code or integration tests (
Cargo.*,crates/,etc/,integration-tests/,src/):actthrough theact-wrapper(as described inTESTING.md)?If you are adding/deleting man pages:
man_pagesconfig indoc/manual/source/conf.py?Cargo.toml?If you are modifying man pages: