Class: IControl::GlobalLB::DNSSECKey

Inherits:

Base

Object
Base
IControl::GlobalLB::DNSSECKey

show all

Defined in:

lib/icontrol/global_lb/dnssec_key.rb,
lib/icontrol/global_lb.rb

Overview

The DNSSECKey interface manages the cryptographic keys used for securing DNS information, i.e., DNSSEC. The keys managed by this interface can be used to sign DNS record groups and the keys themselves. Technically, there is not a single key for each key object. This key is re-created on a regular schedule, which can be controlled via this interface. Each re-generated key is considered a new &quot;generation" - a term used more in its genealogical sense than a creation sense. A single key generation can have its lifetime changed. Thus when using this interface, be careful to distinguish the attributes which apply to this whole process vs those that apply to a single key generation. Once a key generation is created, it is fully active for the &quot;rollover period". At the end of that period, the next generation's key is created and both keys are in use. Once the first key reaches the end of its &quot;expiration period", it is no longer handed out, the generation is deleted, and only the second key is in use. This process continues ad infinitum. It is important to note that these keys do not affect the processing by their mere existence. To take effect, they must be assigned to a DNSSEC zone (See the DNSSECZone interface).

Defined Under Namespace

Classes: KeyAlgorithm, KeyAlgorithmSequence, KeyType, KeyTypeSequence

Instance Method Summary (collapse)

- (KeyAlgorithm) algorithm

Gets the algorithms used to digitally sign DNS record groups and key for a set of DNSSEC key.
- (Object) create(opts)

Creates a set of DNSSEC key.
- (Object) delete_all_keys

Deletes all DNSSEC key.
- (Object) delete_key

Deletes a set of DNSSEC key.
- (EnabledState) enabled_state

Gets the enabled state for a set of DNSSEC key.
- (long) expiration_period

Gets the expiration period for a set of DNSSEC key.
- (EnabledState) fips_state

Gets the enabled state for using the FIPS device to store and retrieve key for a set of DNSSEC key.
- (ULong64[]) generation

Gets the existing DNSSEC key generation identifiers for a set of DNSSEC key.
- (TimeStamp[]) generation_expiration_time(opts)

Gets the expiration date and time for a set of DNSSEC key generations.
- (String[]) generation_public_text(opts)

Gets the public text for a set of DNSSEC key generations.
- (TimeStamp[]) generation_rollover_time(opts)

Gets the rollover date and time for a set of DNSSEC key generations.
- (String) list

Gets the names of all DNSSEC key.
- (long) rollover_period

Gets the rollover period for a set of DNSSEC key.
- (Object) set_enabled_state(opts)

Sets the enabled state for a set of DNSSEC key.
- (Object) set_expiration_period(opts)

Sets the expiration period for a set of DNSSEC key.
- (Object) set_generation_expiration_time(opts)

Sets the expiration date and time for a set of DNSSEC key generations.
- (Object) set_generation_rollover_time(opts)

Sets the rollover date and time for a set of DNSSEC key generations.
- (Object) set_rollover_period(opts)

Sets the rollover period for a set of DNSSEC key.
- (Object) set_signature_publication_period(opts)

Sets the RRSIG record signature publication period for a set of DNSSEC key.
- (Object) set_signature_validity_period(opts)

Sets the RRSIG record signature validity period for a set of DNSSEC key.
- (Object) set_time_to_live(opts)

Sets the Time To Live (TTL) for the DNSKEY record types.
- (long) signature_publication_period

Gets the RRSIG record signature publication period for a set of DNSSEC key.
- (long) signature_validity_period

Gets the RRSIG record signature validity period for a set of DNSSEC key.
- (long) size

Gets the digital signature sizes for a set of DNSSEC key.
- (long) time_to_live

Gets the Time To Live (TTL) for the DNSKEY record types.
- (KeyType) type

Gets the types for a set of DNSSEC key.
- (String) version

Get the version information for this interface.

Dynamic Method Handling

This class handles dynamic methods through the method_missing method in the class IControl::Base

Instance Method Details

- (`KeyAlgorithm`) algorithm

Gets the algorithms used to digitally sign DNS record groups and key for a set of DNSSEC key.

Returns:

(KeyAlgorithm)

Raises:

(IControl::IControl::Common::AccessDenied) —

raised if the client credentials are not valid.
(IControl::IControl::Common::InvalidArgument) —

raised if one of the arguments is invalid.
(IControl::IControl::Common::OperationFailed) —

raised if an operation error occurs.



72
73
74

# File 'lib/icontrol/global_lb/dnssec_key.rb', line 72

def algorithm
  super
end

- (`Object`) create(opts)

Creates a set of DNSSEC key. Note that the attributes specified in this method cannot be changed afterwards.

Parameters:

opts (Hash)

Options Hash (opts):

:sizes (long) —

Digital signature sizes (bits) for each specified key
:types (IControl::GlobalLB::DNSSECKey::KeyType) —

DNSSEC key type (See KeyType ) for each specified key
:algorithms (IControl::GlobalLB::DNSSECKey::KeyAlgorithm) —

Digital signature algorithm (See KeyAlgorithm ) for each specified key
:fips (IControl::Common::EnabledState) —

Specifies whether the FIPS device should be used for storing and retrieving the keys

Raises:

(IControl::IControl::Common::AccessDenied) —

raised if the client credentials are not valid.
(IControl::IControl::Common::InvalidArgument) —

raised if one of the arguments is invalid.
(IControl::IControl::Common::OperationFailed) —

raised if an operation error occurs.

# File 'lib/icontrol/global_lb/dnssec_key.rb', line 39

def create(opts)
  check_params(opts,[:sizes,:types,:algorithms,:fips])
  super
end

- (`Object`) delete_all_keys

Deletes all DNSSEC key.

Raises:

(IControl::IControl::Common::AccessDenied) —

raised if the client credentials are not valid.
(IControl::IControl::Common::InvalidArgument) —

raised if one of the arguments is invalid.
(IControl::IControl::Common::OperationFailed) —

raised if an operation error occurs.



50
51
52

# File 'lib/icontrol/global_lb/dnssec_key.rb', line 50

def delete_all_keys
  super
end

- (`Object`) delete_key

Deletes a set of DNSSEC key.

Raises:

(IControl::IControl::Common::AccessDenied) —

raised if the client credentials are not valid.
(IControl::IControl::Common::InvalidArgument) —

raised if one of the arguments is invalid.
(IControl::IControl::Common::OperationFailed) —

raised if an operation error occurs.



60
61
62

# File 'lib/icontrol/global_lb/dnssec_key.rb', line 60

def delete_key
  super
end

- (`EnabledState`) enabled_state

Gets the enabled state for a set of DNSSEC key.

Returns:

(EnabledState)

Raises:

(IControl::IControl::Common::AccessDenied) —

raised if the client credentials are not valid.
(IControl::IControl::Common::InvalidArgument) —

raised if one of the arguments is invalid.
(IControl::IControl::Common::OperationFailed) —

raised if an operation error occurs.



83
84
85

# File 'lib/icontrol/global_lb/dnssec_key.rb', line 83

def enabled_state
  super
end

- (`long`) expiration_period

Gets the expiration period for a set of DNSSEC key.

Returns:

(long)

Raises:

(IControl::IControl::Common::AccessDenied) —

raised if the client credentials are not valid.
(IControl::IControl::Common::InvalidArgument) —

raised if one of the arguments is invalid.
(IControl::IControl::Common::OperationFailed) —

raised if an operation error occurs.



94
95
96

# File 'lib/icontrol/global_lb/dnssec_key.rb', line 94

def expiration_period
  super
end

- (`EnabledState`) fips_state

Gets the enabled state for using the FIPS device to store and retrieve key for a set of DNSSEC key.

Returns:

(EnabledState)

Raises:

(IControl::IControl::Common::AccessDenied) —

raised if the client credentials are not valid.
(IControl::IControl::Common::InvalidArgument) —

raised if one of the arguments is invalid.
(IControl::IControl::Common::OperationFailed) —

raised if an operation error occurs.



106
107
108

# File 'lib/icontrol/global_lb/dnssec_key.rb', line 106

def fips_state
  super
end

- (`ULong64[]`) generation

Gets the existing DNSSEC key generation identifiers for a set of DNSSEC key. The key generation identifier is a simple generation count, unique within a single DNSSEC key.

Returns:

(ULong64[])

Raises:

(IControl::IControl::Common::AccessDenied) —

raised if the client credentials are not valid.
(IControl::IControl::Common::InvalidArgument) —

raised if one of the arguments is invalid.
(IControl::IControl::Common::OperationFailed) —

raised if an operation error occurs.



119
120
121

# File 'lib/icontrol/global_lb/dnssec_key.rb', line 119

def generation
  super
end

- (`TimeStamp[]`) generation_expiration_time(opts)

Gets the expiration date and time for a set of DNSSEC key generations.

Parameters:

opts (Hash)

Options Hash (opts):

:generations (IControl::Common::ULong64[]) —

Identifiers for the key generations to query for each specified DNSSEC key

Returns:

(TimeStamp[])

Raises:

(IControl::IControl::Common::AccessDenied) —

raised if the client credentials are not valid.
(IControl::IControl::Common::InvalidArgument) —

raised if one of the arguments is invalid.
(IControl::IControl::Common::OperationFailed) —

raised if an operation error occurs.

# File 'lib/icontrol/global_lb/dnssec_key.rb', line 132

def generation_expiration_time(opts)
  check_params(opts,[:generations])
  super
end

- (`String[]`) generation_public_text(opts)

Gets the public text for a set of DNSSEC key generations.

Parameters:

opts (Hash)

Options Hash (opts):

:generations (IControl::Common::ULong64[]) —

Identifiers for the key generations to query for each specified DNSSEC key

Returns:

(String[])

Raises:

(IControl::IControl::Common::AccessDenied) —

raised if the client credentials are not valid.
(IControl::IControl::Common::InvalidArgument) —

raised if one of the arguments is invalid.
(IControl::IControl::Common::OperationFailed) —

raised if an operation error occurs.

# File 'lib/icontrol/global_lb/dnssec_key.rb', line 146

def generation_public_text(opts)
  check_params(opts,[:generations])
  super
end

- (`TimeStamp[]`) generation_rollover_time(opts)

Gets the rollover date and time for a set of DNSSEC key generations.

Parameters:

opts (Hash)

Options Hash (opts):

:generations (IControl::Common::ULong64[]) —

Identifiers for the key generations to query for each specified DNSSEC key

Returns:

(TimeStamp[])

Raises:

(IControl::IControl::Common::AccessDenied) —

raised if the client credentials are not valid.
(IControl::IControl::Common::InvalidArgument) —

raised if one of the arguments is invalid.
(IControl::IControl::Common::OperationFailed) —

raised if an operation error occurs.

# File 'lib/icontrol/global_lb/dnssec_key.rb', line 160

def generation_rollover_time(opts)
  check_params(opts,[:generations])
  super
end

- (`String`) list

Gets the names of all DNSSEC key.

Returns:

(String)

Raises:

(IControl::IControl::Common::AccessDenied) —

raised if the client credentials are not valid.
(IControl::IControl::Common::InvalidArgument) —

raised if one of the arguments is invalid.
(IControl::IControl::Common::OperationFailed) —

raised if an operation error occurs.



172
173
174

# File 'lib/icontrol/global_lb/dnssec_key.rb', line 172

def list
  super
end

- (`long`) rollover_period

Gets the rollover period for a set of DNSSEC key.

Returns:

(long)

Raises:

(IControl::IControl::Common::AccessDenied) —

raised if the client credentials are not valid.
(IControl::IControl::Common::InvalidArgument) —

raised if one of the arguments is invalid.
(IControl::IControl::Common::OperationFailed) —

raised if an operation error occurs.



183
184
185

# File 'lib/icontrol/global_lb/dnssec_key.rb', line 183

def rollover_period
  super
end

- (`Object`) set_enabled_state(opts)

Sets the enabled state for a set of DNSSEC key. If a DNSSEC key is disabled, the key is still published, but it is not used to sign DNS record groups or key.

Parameters:

opts (Hash)

Options Hash (opts):

:states (IControl::Common::EnabledState) —

Enabled state for each specified DNSSEC key (default: enabled)

Raises:

(IControl::IControl::Common::AccessDenied) —

raised if the client credentials are not valid.
(IControl::IControl::Common::InvalidArgument) —

raised if one of the arguments is invalid.
(IControl::IControl::Common::OperationFailed) —

raised if an operation error occurs.

# File 'lib/icontrol/global_lb/dnssec_key.rb', line 259

def set_enabled_state(opts)
  check_params(opts,[:states])
  super
end

- (`Object`) set_expiration_period(opts)

Sets the expiration period for a set of DNSSEC key. The expiration period is the time between the activation of a DNSSEC key generation and its expiration. It must be longer than the rollover period.

Parameters:

opts (Hash)

Options Hash (opts):

:times (long) —

Expiration period (seconds) for each specified DNSSEC key (default: zero - never expires)

Raises:

(IControl::IControl::Common::AccessDenied) —

raised if the client credentials are not valid.
(IControl::IControl::Common::InvalidArgument) —

raised if one of the arguments is invalid.
(IControl::IControl::Common::OperationFailed) —

raised if an operation error occurs.

# File 'lib/icontrol/global_lb/dnssec_key.rb', line 274

def set_expiration_period(opts)
  check_params(opts,[:times])
  super
end

- (`Object`) set_generation_expiration_time(opts)

Sets the expiration date and time for a set of DNSSEC key generations. This method can be used for any reason, but most likely used to invalidate a possibly compromised key.

Parameters:

opts (Hash)

Options Hash (opts):

:generations (IControl::Common::ULong64[]) —

Identifiers for the key generations to modify for each specified DNSSEC key
:times (IControl::Common::TimeStamp[]) —

Expiration date and time for each specified DNSSEC key generation (default: as specified in the key)

Raises:

(IControl::IControl::Common::AccessDenied) —

raised if the client credentials are not valid.
(IControl::IControl::Common::InvalidArgument) —

raised if one of the arguments is invalid.
(IControl::IControl::Common::OperationFailed) —

raised if an operation error occurs.

# File 'lib/icontrol/global_lb/dnssec_key.rb', line 290

def set_generation_expiration_time(opts)
  check_params(opts,[:generations,:times])
  super
end

- (`Object`) set_generation_rollover_time(opts)

Sets the rollover date and time for a set of DNSSEC key generations. This method can be used for any reason, but most likely used to invalidate a possibly compromised key by forcing the creation of a new key generation.

Parameters:

opts (Hash)

Options Hash (opts):

:generations (IControl::Common::ULong64[]) —

Identifiers for the key generations to modify for each specified DNSSEC key
:times (IControl::Common::TimeStamp[]) —

Rollover date and time for each specified DNSSEC key generation (default: as specified in the key)

Raises:

(IControl::IControl::Common::AccessDenied) —

raised if the client credentials are not valid.
(IControl::IControl::Common::InvalidArgument) —

raised if one of the arguments is invalid.
(IControl::IControl::Common::OperationFailed) —

raised if an operation error occurs.

# File 'lib/icontrol/global_lb/dnssec_key.rb', line 306

def set_generation_rollover_time(opts)
  check_params(opts,[:generations,:times])
  super
end

- (`Object`) set_rollover_period(opts)

Sets the rollover period for a set of DNSSEC key. The rollover period is the time between the activation of one DNSSEC key generation and the activation of the next DNSSEC key generation.

Parameters:

opts (Hash)

Options Hash (opts):

:times (long) —

Rollover period (seconds) for each specified DNSSEC key (default: zero - one-shot key (never rolls over))

Raises:

(IControl::IControl::Common::AccessDenied) —

raised if the client credentials are not valid.
(IControl::IControl::Common::InvalidArgument) —

raised if one of the arguments is invalid.
(IControl::IControl::Common::OperationFailed) —

raised if an operation error occurs.

# File 'lib/icontrol/global_lb/dnssec_key.rb', line 321

def set_rollover_period(opts)
  check_params(opts,[:times])
  super
end

- (`Object`) set_signature_publication_period(opts)

Sets the RRSIG record signature publication period for a set of DNSSEC key. The signature publication period is the period in which the digital signature is published, is stored in the RRSIG record, and should be significantly shorter than the Time To Live period and must be shorter than the signature validity period.

Parameters:

opts (Hash)

Options Hash (opts):

:times (long) —

Signature publication period (seconds) for each specified DNSSEC key (default: zero - standard BIND value)

Raises:

(IControl::IControl::Common::AccessDenied) —

raised if the client credentials are not valid.
(IControl::IControl::Common::InvalidArgument) —

raised if one of the arguments is invalid.
(IControl::IControl::Common::OperationFailed) —

raised if an operation error occurs.

# File 'lib/icontrol/global_lb/dnssec_key.rb', line 337

def set_signature_publication_period(opts)
  check_params(opts,[:times])
  super
end

- (`Object`) set_signature_validity_period(opts)

Sets the RRSIG record signature validity period for a set of DNSSEC key. This value is the period for which the digital signature is valid and is stored in the RRSIG record and should be significantly smaller than the Time To Live period.

Parameters:

opts (Hash)

Options Hash (opts):

:times (long) —

Signature validity period (seconds) for each specified DNSSEC key (default: zero - standard BIND value)

Raises:

(IControl::IControl::Common::AccessDenied) —

raised if the client credentials are not valid.
(IControl::IControl::Common::InvalidArgument) —

raised if one of the arguments is invalid.
(IControl::IControl::Common::OperationFailed) —

raised if an operation error occurs.

# File 'lib/icontrol/global_lb/dnssec_key.rb', line 352

def set_signature_validity_period(opts)
  check_params(opts,[:times])
  super
end

- (`Object`) set_time_to_live(opts)

Sets the Time To Live (TTL) for the DNSKEY record types.

Parameters:

opts (Hash)

Options Hash (opts):

:times (long) —

DNSKEY record Time To Live (TTL) (seconds) for each specified DNSSEC key (default: 86400 (1 day))

Raises:

(IControl::IControl::Common::AccessDenied) —

raised if the client credentials are not valid.
(IControl::IControl::Common::InvalidArgument) —

raised if one of the arguments is invalid.
(IControl::IControl::Common::OperationFailed) —

raised if an operation error occurs.

# File 'lib/icontrol/global_lb/dnssec_key.rb', line 365

def set_time_to_live(opts)
  check_params(opts,[:times])
  super
end

- (`long`) signature_publication_period

Gets the RRSIG record signature publication period for a set of DNSSEC key.

Returns:

(long)

Raises:

(IControl::IControl::Common::AccessDenied) —

raised if the client credentials are not valid.
(IControl::IControl::Common::InvalidArgument) —

raised if one of the arguments is invalid.
(IControl::IControl::Common::OperationFailed) —

raised if an operation error occurs.



194
195
196

# File 'lib/icontrol/global_lb/dnssec_key.rb', line 194

def signature_publication_period
  super
end

- (`long`) signature_validity_period

Gets the RRSIG record signature validity period for a set of DNSSEC key.

Returns:

(long)

Raises:

(IControl::IControl::Common::AccessDenied) —

raised if the client credentials are not valid.
(IControl::IControl::Common::InvalidArgument) —

raised if one of the arguments is invalid.
(IControl::IControl::Common::OperationFailed) —

raised if an operation error occurs.



205
206
207

# File 'lib/icontrol/global_lb/dnssec_key.rb', line 205

def signature_validity_period
  super
end

- (`long`) size

Gets the digital signature sizes for a set of DNSSEC key.

Returns:

(long)

Raises:

(IControl::IControl::Common::AccessDenied) —

raised if the client credentials are not valid.
(IControl::IControl::Common::InvalidArgument) —

raised if one of the arguments is invalid.
(IControl::IControl::Common::OperationFailed) —

raised if an operation error occurs.



216
217
218

# File 'lib/icontrol/global_lb/dnssec_key.rb', line 216

def size
  super
end

- (`long`) time_to_live

Gets the Time To Live (TTL) for the DNSKEY record types.

Returns:

(long)

Raises:

(IControl::IControl::Common::AccessDenied) —

raised if the client credentials are not valid.
(IControl::IControl::Common::InvalidArgument) —

raised if one of the arguments is invalid.
(IControl::IControl::Common::OperationFailed) —

raised if an operation error occurs.



227
228
229

# File 'lib/icontrol/global_lb/dnssec_key.rb', line 227

def time_to_live
  super
end

- (`KeyType`) type

Gets the types for a set of DNSSEC key.

Returns:

(KeyType)

Raises:

(IControl::IControl::Common::AccessDenied) —

raised if the client credentials are not valid.
(IControl::IControl::Common::InvalidArgument) —

raised if one of the arguments is invalid.
(IControl::IControl::Common::OperationFailed) —

raised if an operation error occurs.



238
239
240

# File 'lib/icontrol/global_lb/dnssec_key.rb', line 238

def type
  super
end

- (`String`) version

Get the version information for this interface.

Returns:

(String)



246
247
248

# File 'lib/icontrol/global_lb/dnssec_key.rb', line 246

def version
  super
end

Class: IControl::GlobalLB::DNSSECKey

Overview

Defined Under Namespace

Instance Method Summary (collapse)

Dynamic Method Handling

Instance Method Details

- (KeyAlgorithm) algorithm

- (Object) create(opts)

- (Object) delete_all_keys

- (Object) delete_key

- (EnabledState) enabled_state

- (long) expiration_period

- (EnabledState) fips_state

- (ULong64[]) generation

- (TimeStamp[]) generation_expiration_time(opts)

- (String[]) generation_public_text(opts)

- (TimeStamp[]) generation_rollover_time(opts)

- (String) list

- (long) rollover_period

- (Object) set_enabled_state(opts)

- (Object) set_expiration_period(opts)

- (Object) set_generation_expiration_time(opts)

- (Object) set_generation_rollover_time(opts)

- (Object) set_rollover_period(opts)

- (Object) set_signature_publication_period(opts)

- (Object) set_signature_validity_period(opts)

- (Object) set_time_to_live(opts)

- (long) signature_publication_period

- (long) signature_validity_period

- (long) size

- (long) time_to_live

- (KeyType) type

- (String) version

- (`KeyAlgorithm`) algorithm

- (`Object`) create(opts)

- (`Object`) delete_all_keys

- (`Object`) delete_key

- (`EnabledState`) enabled_state

- (`long`) expiration_period

- (`EnabledState`) fips_state

- (`ULong64[]`) generation

- (`TimeStamp[]`) generation_expiration_time(opts)

- (`String[]`) generation_public_text(opts)

- (`TimeStamp[]`) generation_rollover_time(opts)

- (`String`) list

- (`long`) rollover_period

- (`Object`) set_enabled_state(opts)

- (`Object`) set_expiration_period(opts)

- (`Object`) set_generation_expiration_time(opts)

- (`Object`) set_generation_rollover_time(opts)

- (`Object`) set_rollover_period(opts)

- (`Object`) set_signature_publication_period(opts)

- (`Object`) set_signature_validity_period(opts)

- (`Object`) set_time_to_live(opts)

- (`long`) signature_publication_period

- (`long`) signature_validity_period

- (`long`) size

- (`long`) time_to_live

- (`KeyType`) type

- (`String`) version