trust_anchors: rename distrust to remove

1f569a24 · Tomas Krizek · Petr Špaček · aaff913c · 1f569a24 · 1f569a24
Verified Commit 1f569a24 authored 6 years ago by Tomas Krizek Committed by Petr Špaček 5 years ago
--- a/daemon/README.rst
+++ b/daemon/README.rst
@@ -425,21 +425,20 @@ policy, or automatically maintained by the resolver itself.

   Alias for `add_file`. Its use is discouraged and will be removed in future versions.

-.. function:: trust_anchors.distrust(zonename)
+.. function:: trust_anchors.remove(zonename)

   Remove specified trust anchor from trusted key set. Removing trust anchor for the root zone effectivelly disables DNSSEC validation (unless you configured another trust anchor).

   .. code-block:: lua

-      > trust_anchors.distrust('.')
+      > trust_anchors.remove('.')
      true

   If you want to disable DNSSEC validation for a particular domain but keep it enabled for the rest of DNS tree, use :func:`trust_anchors.set_insecure`.

 .. envvar:: trust_anchors.keyfile_default = keyfile_default

-   Set by ``keyfile_default`` option during compilation. This can be explicitly
-   set to ``nil`` to disable DNSSEC validation.
+   Set by ``keyfile_default`` option during compilation.

 .. envvar:: trust_anchors.hold_down_time = 30 * day

@@ -470,7 +469,7 @@ policy, or automatically maintained by the resolver itself.

   When you use a domain name as an *negative trust anchor* (NTA), DNSSEC validation will be turned off at/below these names.
   Each function call replaces the previous NTA set. You can find the current active set in ``trust_anchors.insecure`` variable.
-   If you want to disable DNSSEC validation completely use :func:`trust_anchors.distrust` function instead.
+   If you want to disable DNSSEC validation completely use :func:`trust_anchors.remove` function instead.

   Example output:


--- a/daemon/lua/trust_anchors.lua.in
+++ b/daemon/lua/trust_anchors.lua.in
@@ -369,7 +369,7 @@ local function add_file(path, unmanaged)
 	end
 end

-local function distrust(zname)
+local function remove(zname)
 	local owner = kres.str2dname(zname)
 	if not trust_anchors.keysets[owner] then
 		return false
@@ -429,7 +429,7 @@ trust_anchors = {
 	-- If managed and the file doesn't exist, try bootstrapping the root into it.
 	add_file = add_file,
 	config = add_file,
-	distrust = distrust,
+	remove = remove,

 	keyset_publish = keyset_publish,
 	keyset_write = keyset_write,

--- a/daemon/lua/trust_anchors.test/ta.test.lua
+++ b/daemon/lua/trust_anchors.test/ta.test.lua
@@ -22,7 +22,7 @@ local function test_revoked_key()
 	same(root_ta.rrs.count, 1, 'the root TA set contains one RR')
 end

-local function test_distrust()
+local function test_remove()
 	-- uses root key from the previous test
 	assert(trust_anchors.keysets['\0'], 'root key must be there from previous test')
 	local ta_c = kres.context().trust_anchors
@@ -30,7 +30,7 @@ local function test_distrust()
 	assert(root_ta ~= nil, 'we got non-NULL TA RRset')
 	assert(root_ta.rrs.count, 1, 'we have a root TA set to be deleted')

-	trust_anchors.distrust('.')
+	trust_anchors.remove('.')

 	same(trust_anchors.keysets['\0'], nil, 'Lua interface does not have the removed key')
 	local root_ta = ffi.C.kr_ta_get(ta_c, '\0')
@@ -39,6 +39,6 @@ end

 return {
 	test_revoked_key,
-	test_distrust
+	test_remove,
 }

--- a/modules/ta_update/ta_update.lua
+++ b/modules/ta_update/ta_update.lua
@@ -259,7 +259,7 @@ function ta_update.start(zname)
 		panic('[ta_update] TA must be configured first before tracking it')
 	end
 	if not keyset.managed then
-		panic('[ta_update] TA is configured as unmanaged; distrust it and '
+		panic('[ta_update] TA is configured as unmanaged; remove it and '
 			.. 'add it again as managed using trust_anchors.add_file()')
 	end
 	refresh_plan(keyset, 0)

--- a/modules/ta_update/ta_update.test.lua
+++ b/modules/ta_update/ta_update.test.lua
@@ -40,7 +40,7 @@ local function test_ta_update_vs_trust_anchors_dependency()
 	ok(modules.unload('ta_update'), 'module can be unloaded')
 	same(ta_update, nil, 'unloaded module is nil')

-	ok(trust_anchors.distrust('.'), 'managed root TA can be removed')
+	ok(trust_anchors.remove('.'), 'managed root TA can be removed')
 	same(trust_anchors.keysets['\0'], nil, 'TA removal works')
 end

@@ -52,7 +52,7 @@ local function test_unloaded()
 	worker.sleep(0.3)
 	ok(counter == 0, 'TA is actually unmanaged')

-	ok(trust_anchors.distrust('.'), 'unmanaged root TA can be removed')
+	ok(trust_anchors.remove('.'), 'unmanaged root TA can be removed')
 	same(trust_anchors.keysets['\0'], nil, 'TA removal works')

 end