From e44130777d6c584911ae2f3219a580e628c2cdec Mon Sep 17 00:00:00 2001
From: Robert Walter <mail@robertwalter.de>
Date: Thu, 4 Apr 2024 13:29:16 +0000
Subject: [PATCH] initial commit

---
 .gitignore       |  1 +
 requirements.txt |  2 ++
 tsig-add.py      | 45 +++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 48 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 requirements.txt
 create mode 100644 tsig-add.py

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..1d17dae
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.venv
diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 0000000..4d99bcc
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1,2 @@
+configparser
+mysql-connector-python
diff --git a/tsig-add.py b/tsig-add.py
new file mode 100644
index 0000000..3d7f0c4
--- /dev/null
+++ b/tsig-add.py
@@ -0,0 +1,45 @@
+import argparse
+import configparser
+import mysql.connector
+import os
+
+parser = argparse.ArgumentParser(
+  prog='tsig-from-catalog for PowerDNS',
+  description='Sets the TSIG Key from catalog zone to the member zones')
+
+parser.add_argument(
+   '--config',
+   dest='config',
+   required=True,
+   help='powerdns config file, that inlcudes mysql login')
+args = parser.parse_args()
+
+
+config = configparser.ConfigParser()
+with open(args.config, 'r') as f:
+    config_string = '[default]\n' + f.read()
+config.read_string(config_string)
+
+mydb = mysql.connector.connect(
+  host=config["default"]["gmysql-host"],
+  user=config["default"]["gmysql-user"],
+  password=config["default"]["gmysql-password"],
+  database=config["default"]["gmysql-dbname"]
+)
+
+mycursor = mydb.cursor(dictionary=True)
+mycursor.execute("DROP VIEW IF EXISTS `domainmetadata_tsig`")
+mycursor.execute("CREATE VIEW domainmetadata_tsig AS SELECT * FROM domainmetadata WHERE `kind`='TSIG-ALLOW-AXFR' OR `kind`='AXFR-MASTER-TSIG';")
+mycursor.execute("SELECT d.`id`,d.`name`,d.`catalog`,(CASE WHEN dm.`kind` != '' THEN dm.`kind` ELSE NULL END) as kind FROM domains AS d LEFT JOIN domainmetadata_tsig AS dm ON d.id = dm.domain_id WHERE d.`type` NOT IN ('PRODUCER','CONSUMER');")
+
+domainlist = mycursor.fetchall()
+
+catalog = mydb.cursor(dictionary=True)
+
+for domain in domainlist:
+  if(domain["kind"] == None and domain["catalog"] != None):
+    catalog.execute("SELECT d.`name`,d.`type`,dm.`content` FROM `domains` AS d RIGHT JOIN domainmetadata AS dm ON d.id=dm.domain_id WHERE (`kind`='TSIG-ALLOW-AXFR' OR `kind`='AXFR-MASTER-TSIG') and name='"+ domain["catalog"]+"';");
+    cout = catalog.fetchone()
+    if(cout["type"] == "PRODUCER"): type = "primary"
+    if(cout["type"] == "CONSUMER"): type = "secondary"
+    os.system("pdnsutil activate-tsig-key "+ domain["name"] + " "+ cout["content"] + " " + type)