desec-io
diff --git a/‎.github/workflows/test.yml‎
Lines changed: 14 additions & 0 deletions b/‎.github/workflows/test.yml‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎api/api/celery.py‎
Lines changed: 16 additions & 1 deletion b/‎api/api/celery.py‎
Lines changed: 16 additions & 1 deletion
diff --git a/‎api/api/settings.py‎
Lines changed: 23 additions & 0 deletions b/‎api/api/settings.py‎
Lines changed: 23 additions & 0 deletions
diff --git a/‎api/desecapi/exception_handlers.py‎
Lines changed: 2 additions & 1 deletion b/‎api/desecapi/exception_handlers.py‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎api/desecapi/exceptions.py‎
Lines changed: 4 additions & 0 deletions b/‎api/desecapi/exceptions.py‎
Lines changed: 4 additions & 0 deletions
@@ -34,6 +34,7 @@ env:
   DESECSTACK_NSMASTER_ALSO_NOTIFY:
   DESECSTACK_NSMASTER_APIKEY: LLq1orOQuXCINUz4TV
   DESECSTACK_NSMASTER_TSIGKEY: +++undefined/undefined/undefined/undefined/undefined/undefined/undefined/undefined+++A==
+  DESECSTACK_NSLORD_KNOT_UPDATE_KEY_SECRET: insecure
   DESECSTACK_IPV4_REAR_PREFIX16: 172.16
   DESECSTACK_IPV6_SUBNET: bade:affe:dead:beef:b011::/80
   DESECSTACK_IPV6_ADDRESS: bade:affe:dead:beef:b011:0642:ac10:0080
@@ -53,6 +54,19 @@ jobs:
     - name: Test desecapi formatting
       run: ruff format --check api/
 
+  test-watcher:
+    # runs Knot watcher unit tests
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v6
+    - uses: actions/setup-python@v5
+      with:
+        python-version: "3.12"
+    - name: Install pytest
+      run: python3 -m pip install pytest
+    - name: Run watcher tests
+      run: python3 -m pytest nslord_knot/tests/test_zone_watch.py
+
   test-missing-migrations:
     # test if Django migrations are missing
     runs-on: ubuntu-latest
 
@@ -2,6 +2,7 @@
 import pprint
 
 import django.utils.log
+from django.apps import apps as django_apps
 from celery import Celery
 from celery.signals import task_failure
 
@@ -26,8 +27,23 @@ def debug_task(self):
     print("Request: {0!r}".format(self.request))
 
 
+logger = logging.getLogger(__name__)
+
+
+def _configure_logger():
+    if getattr(_configure_logger, "configured", False):
+        return
+    if not django_apps.ready:
+        return
+    handler = django.utils.log.AdminEmailHandler()
+    handler.setFormatter(CeleryFormatter())
+    logger.addHandler(handler)
+    _configure_logger.configured = True
+
+
 @task_failure.connect()
 def task_failure(task_id, exception, args, kwargs, traceback, einfo, **other_kwargs):
+    _configure_logger()
     try:
         sender = other_kwargs.get("sender").name
     except AttributeError:
@@ -49,7 +65,6 @@ def task_failure(task_id, exception, args, kwargs, traceback, einfo, **other_kwa
     )
 
 
-django.setup()
 logger = logging.getLogger(__name__)
 handler = django.utils.log.AdminEmailHandler()
 handler.setFormatter(CeleryFormatter())
 
@@ -175,6 +175,28 @@
 NSLORD_PDNS_API_TOKEN = os.environ["DESECSTACK_NSLORD_APIKEY"]
 NSMASTER_PDNS_API = "http://nsmaster:8081/api/v1/servers/localhost"
 NSMASTER_PDNS_API_TOKEN = os.environ["DESECSTACK_NSMASTER_APIKEY"]
+NSLORD_KNOT_HOST = os.environ.get("DESECSTACK_NSLORD_KNOT_HOST", "nslord_knot")
+NSLORD_KNOT_PORT = int(os.environ.get("DESECSTACK_NSLORD_KNOT_PORT", "53"))
+NSLORD_KNOT_TIMEOUT = float(os.environ.get("DESECSTACK_NSLORD_KNOT_TIMEOUT", "5"))
+NSLORD_KNOT_UPDATE_KEY_NAME = os.environ.get(
+    "DESECSTACK_NSLORD_KNOT_UPDATE_KEY_NAME", "nslord-update"
+)
+NSLORD_KNOT_UPDATE_KEY_SECRET = os.environ.get(
+    "DESECSTACK_NSLORD_KNOT_UPDATE_KEY_SECRET", ""
+)
+NSLORD_KNOT_UPDATE_KEY_ALGORITHM = os.environ.get(
+    "DESECSTACK_NSLORD_KNOT_UPDATE_KEY_ALGORITHM", "hmac-sha256"
+)
+NSLORD_KNOT_TRANSFER_KEY_NAME = os.environ.get(
+    "DESECSTACK_NSLORD_KNOT_TRANSFER_KEY_NAME", "nsmaster-xfr"
+)
+NSLORD_KNOT_TRANSFER_KEY_SECRET = os.environ.get(
+    "DESECSTACK_NSLORD_KNOT_TRANSFER_KEY_SECRET",
+    os.environ.get("DESECSTACK_NSMASTER_TSIGKEY", ""),
+)
+NSLORD_KNOT_TRANSFER_KEY_ALGORITHM = os.environ.get(
+    "DESECSTACK_NSLORD_KNOT_TRANSFER_KEY_ALGORITHM", "hmac-sha256"
+)
 CATALOG_ZONE = "catalog.internal"
 
 # Celery
@@ -193,6 +215,7 @@
 # pdns accepts request payloads of this size.
 # This will hopefully soon be configurable: https://github.com/PowerDNS/pdns/pull/7550
 PDNS_MAX_BODY_SIZE = 16 * 1024 * 1024
+PDNS_API_TIMEOUT = float(os.environ.get("DESECSTACK_PDNS_API_TIMEOUT", "10"))
 
 # SEPA direct debit settings
 SEPA = {
 
@@ -6,7 +6,7 @@
 from rest_framework.views import exception_handler as drf_exception_handler
 
 from desecapi import metrics
-from desecapi.exceptions import PDNSException
+from desecapi.exceptions import KnotException, PDNSException
 
 
 def exception_handler(exc, context):
@@ -39,6 +39,7 @@ def _500():
         IntegrityError: _409,
         OSError: _500,  # OSError happens on system-related errors, like full disk or getaddrinfo() failure.
         PDNSException: _500,  # nslord/nsmaster returned an error
+        KnotException: _500,  # knot returned an error
     }
 
     for exception_class, handler in handlers.items():
 
@@ -34,6 +34,10 @@ class PCHException(ExternalAPIException):
     pass
 
 
+class KnotException(APIException):
+    pass
+
+
 class ConcurrencyException(APIException):
     status_code = status.HTTP_429_TOO_MANY_REQUESTS
     default_detail = "Too many concurrent requests."