CAA record support and documentation

Additionally:
* Exponential backoff and retry logic for `blocked` tasks
* Automatic retry after 5 seconds for throttled jobs

Author: rnorthover

docs/tm/records/records.rst

@@ -18,6 +18,12 @@ ALIASRecord
     :members:
     :undoc-members:    
 
+CAARecord
+==========
+.. autoclass:: dyn.tm.records.CAARecord
+    :members:
+    :undoc-members:
+
 CERTRecord
 ==========
 .. autoclass:: dyn.tm.records.CERTRecord

dyn/core.py

@@ -6,10 +6,11 @@
 """
 import base64
 import copy
-import time
 import locale
 import logging
+import re
 import threading
+import time
 from datetime import datetime
 
 from . import __version__
@@ -114,6 +115,7 @@ def __init__(self, host=None, port=443, ssl=True, history=False,
         self._encoding = locale.getdefaultlocale()[-1] or 'UTF-8'
         self._token = self._conn = self._last_response = None
         self._permissions = None
+        self._tasks = {}
 
     @classmethod
     def new_session(cls, *args, **kwargs):
@@ -243,6 +245,40 @@ def _handle_error(self, uri, method, raw_args):
         """
         return None
 
+    def _retry(self, msgs, final=False):
+        """Retry logic around throttled or blocked tasks"""
+
+        throttle_err = 'RATE_LIMIT_EXCEEDED'
+        throttled = any(throttle_err == err['ERR_CD'] for err in msgs)
+
+        if throttled:
+            # We're rate limited, so wait 5 seconds and try again
+            return dict(retry=True, wait=5, final=final)
+
+        blocked_err = 'Operation blocked by current task'
+        blocked = any(blocked_err in err['INFO'] for err in msgs)
+
+        pat = re.compile(r'^task_id:\s+(\d+)$')
+        if blocked:
+            try:
+                # Get the task id
+                task = next(pat.match(i['INFO']).group(1) for i in msgs
+                            if pat.match(i.get('INFO', '')))
+            except:
+                # Task id could not be recovered
+                wait = 1
+            else:
+                # Exponential backoff for individual blocked tasks
+                wait = self._tasks.get(task, 1)
+                self._tasks[task] = wait * 2 + 1
+
+            # Give up if final or wait > 30 seconds
+            return dict(retry=True, wait=wait, final=wait > 30 or final)
+
+        # Neither blocked nor throttled?
+        return dict(retry=False, wait=0, final=True)
+
+
     def _handle_response(self, response, uri, method, raw_args, final):
         """Handle the processing of the API's response"""
         body = response.read()
@@ -258,12 +294,15 @@ def _handle_response(self, response, uri, method, raw_args, final):
                                       ret_val['status']))
 
         self._meta_update(uri, method, ret_val)
-        # Handle retrying if ZoneProp is blocking the current task
-        error_msg = 'Operation blocked by current task'
-        if ret_val['status'] == 'failure' and error_msg in \
-                ret_val['msgs'][0]['INFO'] and not final:
-            time.sleep(8)
-            return self.execute(uri, method, raw_args, final=True)
+
+        retry = {}
+        # Try to retry?
+        if ret_val['status'] == 'failure' and not final:
+            retry = self._retry(ret_val['msgs'], final)
+
+        if retry.get('retry', False):
+            time.sleep(retry['wait'])
+            return self.execute(uri, method, raw_args, final=retry['final'])
         else:
             return self._process_response(ret_val, method)
 

dyn/tm/records.py

@@ -1240,7 +1240,16 @@ def __repr__(self):
         return self.__str__()
 
 class CAARecord(DNSRecord):
-    """
+    """Certification Authority Authorization (CAA) Resource Record
+
+	This record allows a DNS domain name holder to specify one or more
+	Certification Authorities (CAs) authorized to issue certificates for that
+	domain.  CAA Resource Records allow a public Certification Authority to
+	implement additional controls to reduce the risk of unintended certificate
+	mis-issue.  This document defines the syntax of the CAA record and rules for
+	processing CAA records by certificate issuers.
+
+    see: https://tools.ietf.org/html/rfc6844
     """
 
     def __init__(self, zone, fqdn, *args, **kwargs):
@@ -1306,7 +1315,7 @@ def rdata(self):
 
     @property
     def flags(self):
-        self.pull()
+        self._pull()
         return self._flags
 
     @flags.setter
@@ -1318,7 +1327,7 @@ def flags(self, value):
 
     @property
     def tag(self):
-        self.pull()
+        self._pull()
         return self._tag
 
     @tag.setter
@@ -1330,7 +1339,7 @@ def tag(self, value):
 
     @property
     def value(self):
-        self.pull()
+        self._pull()
         return self._value
 
     @value.setter

dyn/tm/zones.py

@@ -9,7 +9,7 @@
 from dyn.tm.errors import (DynectCreateError, DynectGetError,
                            DynectInvalidArgumentError)
 from dyn.tm.records import (ARecord, AAAARecord, ALIASRecord, CDSRecord,
-                            CAA, CDNSKEYRecord, CSYNCRecord, CERTRecord,
+                            CAARecord, CDNSKEYRecord, CSYNCRecord, CERTRecord,
                             CNAMERecord, DHCIDRecord, DNAMERecord,
                             DNSKEYRecord, DSRecord, KEYRecord, KXRecord,
                             LOCRecord, IPSECKEYRecord, MXRecord, NAPTRRecord,