From 493bda16eaffeb9dcbe9fddf657b010954e2833e Mon Sep 17 00:00:00 2001
From: James Mittermair <48706313+jmittermair@users.noreply.github.com>
Date: Sat, 4 May 2024 15:44:46 +1000
Subject: [PATCH 1/4] fix: allow whitespace in CAA value for optional
 parameters

- Currently, CAA records with whitespace inside of the value will fail
  to tuple unpack, because split expects only two spaces.
- Added fix to force split to only split twice, instead of as many spaces
  as are detected, since a valid CAA record shouldn't have more than two
  whitespace characters separating between the flag, tag and value.
- As per RFC 6844, optional parameters are defined as the below:

```
5.2.  CAA issue Property

   The issue property tag is used to request that certificate issuers
   perform CAA issue restriction processing for the domain and to grant
   authorization to specific certificate issuers.

   The CAA issue property value has the following sub-syntax (specified
   in ABNF as per [RFC5234]).

   issuevalue  = space [domain] space [";" *(space parameter) space]

   domain = label *("." label)
   label = (ALPHA / DIGIT) *( *("-") (ALPHA / DIGIT))

   space = *(SP / HTAB)

   parameter =  tag "=" value

   tag = 1*(ALPHA / DIGIT)

   value = *VCHAR

   For consistency with other aspects of DNS administration, domain name
   values are specified in letter-digit-hyphen Label (LDH-Label) form.
```

- This allows for records that look like the below:
```
CAA 0 issue "cert.example.com; cansignhttpexchanges=yes"
```
---
 octodns_route53/provider.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/octodns_route53/provider.py b/octodns_route53/provider.py
index ee50e86..959aa3a 100644
--- a/octodns_route53/provider.py
+++ b/octodns_route53/provider.py
@@ -913,7 +913,7 @@ def _data_for_geo(self, rrset):
     def _data_for_CAA(self, rrset):
         values = []
         for rr in rrset['ResourceRecords']:
-            flags, tag, value = rr['Value'].split()
+            flags, tag, value = rr['Value'].split(' ', 2)
             values.append({'flags': flags, 'tag': tag, 'value': value[1:-1]})
         return {
             'type': rrset['Type'],

From a83c0ee8f9e83dc09824ca3e4a88c867f215c280 Mon Sep 17 00:00:00 2001
From: James Mittermair <48706313+jmittermair@users.noreply.github.com>
Date: Sat, 4 May 2024 15:54:02 +1000
Subject: [PATCH 2/4] tests: add property 'cansignhttpexchanges' to CAA

- Added property 'cansignhttpexchanges=yes' to CAA record test.
- Whitespace is added as this is the example provided in RFC 6844.
- This change addresses failure to tuple unpack, caused by whitespaces
  in optional issuer parameters, when following RFC conventions.
---
 tests/test_octodns_provider_route53.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/test_octodns_provider_route53.py b/tests/test_octodns_provider_route53.py
index d73e620..9f83fb0 100644
--- a/tests/test_octodns_provider_route53.py
+++ b/tests/test_octodns_provider_route53.py
@@ -401,7 +401,7 @@ class TestRoute53Provider(TestCase):
             {
                 'ttl': 69,
                 'type': 'CAA',
-                'value': {'flags': 0, 'tag': 'issue', 'value': 'ca.unit.tests'},
+                'value': {'flags': 0, 'tag': 'issue', 'value': 'ca.unit.tests; cansignhttpexchanges=yes'},
             },
         ),
         (
@@ -1125,7 +1125,7 @@ def test_populate(self):
                 {
                     'Name': 'unit.tests.',
                     'Type': 'CAA',
-                    'ResourceRecords': [{'Value': '0 issue "ca.unit.tests"'}],
+                    'ResourceRecords': [{'Value': '0 issue "ca.unit.tests; cansignhttpexchanges=yes"'}],
                     'TTL': 69,
                 },
                 {

From b0aa6c02bb6ee3f10bb56a4e1b86f4c55b585d4d Mon Sep 17 00:00:00 2001
From: James Mittermair <48706313+jmittermair@users.noreply.github.com>
Date: Mon, 6 May 2024 10:25:58 +1000
Subject: [PATCH 3/4] fix: PEP8/black formatting to fix CI

---
 tests/test_octodns_provider_route53.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/tests/test_octodns_provider_route53.py b/tests/test_octodns_provider_route53.py
index 9f83fb0..fb31396 100644
--- a/tests/test_octodns_provider_route53.py
+++ b/tests/test_octodns_provider_route53.py
@@ -401,7 +401,11 @@ class TestRoute53Provider(TestCase):
             {
                 'ttl': 69,
                 'type': 'CAA',
-                'value': {'flags': 0, 'tag': 'issue', 'value': 'ca.unit.tests; cansignhttpexchanges=yes'},
+                'value': {
+                    'flags': 0,
+                    'tag': 'issue',
+                    'value': 'ca.unit.tests; cansignhttpexchanges=yes',
+                },
             },
         ),
         (
@@ -1125,7 +1129,11 @@ def test_populate(self):
                 {
                     'Name': 'unit.tests.',
                     'Type': 'CAA',
-                    'ResourceRecords': [{'Value': '0 issue "ca.unit.tests; cansignhttpexchanges=yes"'}],
+                    'ResourceRecords': [
+                        {
+                            'Value': '0 issue "ca.unit.tests; cansignhttpexchanges=yes"'
+                        }
+                    ],
                     'TTL': 69,
                 },
                 {

From 33acea11b2cbca334c924c07c4a23fa06f6dcc0c Mon Sep 17 00:00:00 2001
From: Ross McFarland <rwmcfa1@gmail.com>
Date: Sun, 5 May 2024 18:33:39 -0700
Subject: [PATCH 4/4] changelog entry for caa value parsing fix

---
 CHANGELOG.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e4602f9..36bf368 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,7 @@
+## v0.0.? - 2024-??-?? - 
+
+* Fix CAA rdata parsing to allow values with tags
+
 ## v0.0.7 - 2024-04-11 - Helps if you use the actual Session token
 
 ### Important