feat(api): enable APL record type

api/desecapi/models.py

@@ -464,7 +464,6 @@ class Donation(ExportModelOperationsMixin('Donation'), models.Model):
 # known, but unsupported types
 RR_SET_TYPES_UNSUPPORTED = {
     'ALIAS',  # Requires signing at the frontend, hence unsupported in desec-stack
-    'APL',  # TODO enable
     'DNAME',  # "do not combine with DNSSEC", https://doc.powerdns.com/authoritative/settings.html#dname-processing
     'HTTPS',  # TODO enable
     'IPSECKEY',  # broken in pdns, https://github.com/PowerDNS/pdns/issues/9055 TODO enable with pdns auth 4.5.0

api/desecapi/tests/base.py

@@ -633,8 +633,8 @@ class DesecTestCase(MockPDNSTestCase):
     AUTO_DELEGATION_DOMAINS = settings.LOCAL_PUBLIC_SUFFIXES
     PUBLIC_SUFFIXES = {'de', 'com', 'io', 'gov.cd', 'edu.ec', 'xxx', 'pinb.gov.pl', 'valer.ostfold.no',
                        'kota.aichi.jp', 's3.amazonaws.com', 'wildcard.ck'}
-    SUPPORTED_RR_SET_TYPES = {'A', 'AAAA', 'AFSDB', 'CAA', 'CERT', 'CNAME', 'DHCID', 'DLV', 'DS', 'EUI48', 'EUI64',
-                              'HINFO', 'KX', 'LOC', 'MX', 'NAPTR', 'NS', 'OPENPGPKEY', 'PTR', 'RP',
+    SUPPORTED_RR_SET_TYPES = {'A', 'AAAA', 'AFSDB', 'APL', 'CAA', 'CERT', 'CNAME', 'DHCID', 'DLV', 'DS', 'EUI48',
+                              'EUI64', 'HINFO', 'KX', 'LOC', 'MX', 'NAPTR', 'NS', 'OPENPGPKEY', 'PTR', 'RP',
                               'SMIMEA', 'SPF', 'SRV', 'SSHFP', 'TLSA', 'TXT', 'URI'}
 
     admin = None

api/desecapi/tests/test_rrsets.py

@@ -346,6 +346,7 @@ class AuthenticatedRRSetTestCase(AuthenticatedRRSetBaseTestCase):
             ('A', ('127.0.0.1', '127.0.0.1')),
             ('AAAA', ('0000::0000:0001', '::1')),
             ('AFSDB', ('02 turquoise.FEMTO.edu.', '2 turquoise.femto.edu.')),
+            ('APL', ('2:FF00:0:0:0:0::/8  !1:192.168.38.0/28', '2:ff00::/8 !1:192.168.38.0/28')),
             ('CAA', ('0128 "issue" "letsencrypt.org"', '128 issue "letsencrypt.org"')),
             ('CERT', ('06 00 00 sadfdd==', '6 0 0 sadfdQ==')),
             ('CNAME', ('EXAMPLE.COM.', 'example.com.')),
@@ -417,6 +418,16 @@ class AuthenticatedRRSetTestCase(AuthenticatedRRSetBaseTestCase):
             'A': ['127.0.0.1', '127.0.0.2'],
             'AAAA': ['::1', '::2'],
             'AFSDB': ['2 turquoise.femto.edu.'],
+            'APL': [
+                # from RFC 3123 Sec. 4
+                '1:192.168.32.0/21 !1:192.168.38.0/28',
+                '1:192.168.42.0/26 1:192.168.42.64/26 1:192.168.42.128/25',
+                '1:127.0.0.1/32 1:172.16.64.0/22',
+                '1:224.0.0.0/4  2:FF00:0:0:0:0:0:0:0/8',
+                # made-up (not from RFC)
+                '1:1.2.3.4/32 2:::/128',
+                '2:FF00::/8 !1:192.168.38.0/28',
+            ],
             'CAA': ['128 issue "letsencrypt.org"', '128 iodef "mailto:desec@example.com"', '1 issue "letsencrypt.org"'],
             'CERT': ['6 0 0 sadfdd=='],
             'CNAME': ['example.com.'],
@@ -474,6 +485,15 @@ class AuthenticatedRRSetTestCase(AuthenticatedRRSetBaseTestCase):
             'A': ['127.0.0.999', '127.000.0.01', '127.0.0.256', '::1', 'foobar', '10.0.1', '10!'],
             'AAAA': ['::g', '1:1:1:1:1:1:1:1:', '1:1:1:1:1:1:1:1:1'],
             'AFSDB': ['example.com.', '1 1', '1 de'],
+            'APL': [
+                '0:192.168.32.0/21 !1:192.168.38.0/28',
+                '1:192.168.32.0/21 !!1:192.168.38.0/28',
+                '1:192.168.32.0/33',
+                '18:12345/2',
+                '1:127.0.0.1',
+                '2:FF00:0:0:0:0:0:0:0:0/8'
+                '2:::/129',
+            ],
             'CAA': ['43235 issue "letsencrypt.org"'],
             'CERT': ['6 0 sadfdd=='],
             'CNAME': ['example.com', '10 example.com.'],

test/e2e2/spec/test_api_rr_validation.py

@@ -17,6 +17,13 @@ VALID_RECORDS_CANONICAL = {
     'A': ['127.0.0.1', '127.0.0.2'],
     'AAAA': ['::1', '::2'],
     'AFSDB': ['2 turquoise.femto.edu.'],
+    'APL': [
+        # from RFC 3123 Sec. 4
+        '1:192.168.32.0/21 !1:192.168.38.0/28',
+        '1:192.168.42.0/26 1:192.168.42.64/26 1:192.168.42.128/25',
+        '1:127.0.0.1/32 1:172.16.64.0/22',
+        '1:224.0.0.0/4 2:ff00::/8',
+    ],
     'CAA': [
         '128 issue "letsencrypt.org"', '128 iodef "mailto:desec@example.com"',
         '1 issue "letsencrypt.org"'
@@ -124,6 +131,7 @@ VALID_RECORDS_NON_CANONICAL = {
     'A': ['127.0.0.3'],
     'AAAA': ['0000::0000:0003'],
     'AFSDB': ['03 turquoise.FEMTO.edu.'],
+    'APL': ['2:FF00:0:0:0:0::/8 !1:192.168.38.0/28'],
     'CAA': ['0128 "issue" "letsencrypt.org"'],
     'CERT': ['06 00 00 sadfee=='],
     'CNAME': ['EXAMPLE.TEST.'],
@@ -223,6 +231,14 @@ INVALID_RECORDS = {
     'A': ['127.0.0.999', '127.000.0.01', '127.0.0.256', '::1', 'foobar', '10.0.1', '10!'],
     'AAAA': ['::g', '1:1:1:1:1:1:1:1:', '1:1:1:1:1:1:1:1:1'],
     'AFSDB': ['example.com.', '1 1', '1 de'],
+    'APL': [
+        '0:192.168.32.0/21 !1:192.168.38.0/28',
+        '1:192.168.32.0/21 !!1:192.168.38.0/28',
+        '1:192.168.32.0/33',
+        '18:12345/2',
+        '1:127.0.0.1',
+        '2:::/129',
+    ],
     'CAA': ['43235 issue "letsencrypt.org"'],
     'CERT': ['6 0 sadfdd=='],
     'CNAME': ['example.com', '10 example.com.'],