blob: b71363974a14dc649c7ef1b905b215d959f72b3e (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
Use RequestContext (helper function for render_to_response) and a default
list of context processors for the generic functions
Teach cert_delete about children, conf*, parent* to say what the ramifications
of deleting a cert are.
Teach cert form about file upload
Redirect /accounts/profile/ to /dashboard/
Teach dashboard view about looking up resources from parent.
There are 3 types of resources:
- Ones we've accepted and match
- Ones we've accepted but don't match
- two subtypes:
* the parent is now giving us a superset of what they used to.
This is relatively easily handled by keeping the subdivisions
we've made and just making the superset resource the new parent
of the existing resource (e.g., we had accepted 18.5.0.0/16 and
they're now giving us 18.0.0.0/8)
* the parent is now giving us a subset (including none) of what they
used to. Two sub-cases:
- The part that they took away is neither delegated nor roa'd.
- The part that they took away is either delegated or roa'd or both.
- Ones we haven't accepted yet
The roa needs to learn to handle its prefix children. It may need to
create the covering set of prefixes for an address range.
Un<something>'d resources are:
what we've gotten from our parent:
models.AddressRange.objects.filter(from_parent=myconf.pk)
minus what we've given to our children or issued roas for
models.AddressRange.objects.filter(child__conf=myconf.pk)
models.AddressRange.objects.filter(roa__conf=myconf.pk)
or
>>> from django.db.models import Q
>>> models.AddressRange.objects.filter( Q(child__conf=myconf.pk) |
Q(roa__conf=myconf.pk) )
and of course the ASN one is easier:
models.Asn.objects.filter(from_parent=myconf.pk)
minus what we've given to our children
models.Asn.objects.filter(child__conf=myconf.pk)
look in
rpki/resource_set.py
Adding a handle / resource-holding entity / "conf":
- upload the <identity> that we've generated and are sending to the parent
Adding a parent:
- upload the <parent> that he sent me
(keep things open to the parent uploading this directly to the web interface)
Adding a child:
- upload the <identity> that he sent me
|
