fixup! datamodel: network: tls: added 'files-watchdog' option

python/knot_resolver/datamodel/network_schema.py

@@ -1,4 +1,4 @@
-from typing import List, Literal, Optional, Union
+from typing import Any, List, Literal, Optional, Union
 
 from knot_resolver.constants import WATCHDOG_LIB
 from knot_resolver.datamodel.types import (
@@ -49,27 +49,43 @@ class AddressRenumberingSchema(ConfigSchema):
 
 
 class TLSSchema(ConfigSchema):
-    """
-    TLS configuration, also affects DNS over TLS and DNS over HTTPS.
+    class Raw(ConfigSchema):
+        """
+        TLS configuration, also affects DNS over TLS and DNS over HTTPS.
 
-    ---
-    files_watchdog: Enables files watchdog for TLS certificate files. Requires the optional 'watchdog' dependency.
-    cert_file: Path to certificate file.
-    key_file: Path to certificate key file.
-    sticket_secret: Secret for TLS session resumption via tickets. (RFC 5077).
-    sticket_secret_file: Path to file with secret for TLS session resumption via tickets. (RFC 5077).
-    auto_discovery: Experimental automatic discovery of authoritative servers supporting DNS-over-TLS.
-    padding: EDNS(0) padding of queries and answers sent over an encrypted channel.
-    """
+        ---
+        files_watchdog: Enables files watchdog for TLS certificate files. Requires the optional 'watchdog' dependency.
+        cert_file: Path to certificate file.
+        key_file: Path to certificate key file.
+        sticket_secret: Secret for TLS session resumption via tickets. (RFC 5077).
+        sticket_secret_file: Path to file with secret for TLS session resumption via tickets. (RFC 5077).
+        auto_discovery: Experimental automatic discovery of authoritative servers supporting DNS-over-TLS.
+        padding: EDNS(0) padding of queries and answers sent over an encrypted channel.
+        """
+
+        files_watchdog: Union[Literal["auto"], bool] = "auto"
+        cert_file: Optional[ReadableFile] = None
+        key_file: Optional[ReadableFile] = None
+        sticket_secret: Optional[EscapedStr32B] = None
+        sticket_secret_file: Optional[ReadableFile] = None
+        auto_discovery: bool = False
+        padding: Union[bool, Int0_512] = True
 
-    files_watchdog: bool = False
+    _LAYER = Raw
+
+    files_watchdog: bool
     cert_file: Optional[ReadableFile] = None
     key_file: Optional[ReadableFile] = None
     sticket_secret: Optional[EscapedStr32B] = None
     sticket_secret_file: Optional[ReadableFile] = None
     auto_discovery: bool = False
     padding: Union[bool, Int0_512] = True
 
+    def _files_watchdog(self, obj: Raw) -> Any:
+        if obj.files_watchdog == "auto":
+            return WATCHDOG_LIB
+        return obj.files_watchdog
+
     def _validate(self):
         if self.sticket_secret and self.sticket_secret_file:
             raise ValueError("'sticket_secret' and 'sticket_secret_file' are both defined, only one can be used")

tests/manager/datamodel/test_network_schema.py

@@ -3,7 +3,8 @@
 import pytest
 from pytest import raises
 
-from knot_resolver.datamodel.network_schema import ListenSchema, NetworkSchema
+from knot_resolver.constants import WATCHDOG_LIB
+from knot_resolver.datamodel.network_schema import ListenSchema, NetworkSchema, TLSSchema
 from knot_resolver.datamodel.types import InterfaceOptionalPort, PortNumber
 from knot_resolver.utils.modeling.exceptions import DataValidationError
 
@@ -77,3 +78,16 @@ def test_listen_valid(listen: Dict[str, Any]):
 def test_listen_invalid(listen: Dict[str, Any]):
     with raises(DataValidationError):
         ListenSchema(listen)
+
+
+@pytest.mark.parametrize(
+    "tls",
+    [
+        {"files-watchdog": "auto"},
+        {"files-watchdog": True},
+        {"files-watchdog": False},
+    ],
+)
+def test_tls_files_watchdog(tls: Dict[str, Any]):
+    expected: bool = WATCHDOG_LIB if tls["files-watchdog"] == "auto" else tls["files-watchdog"]
+    assert TLSSchema(tls).files_watchdog == expected