Allow email subadresses to be used within mail url of CAA records

This patch allows for +subaddress to be used for the local part of mail urls
used for CAA records. While there are more characters allowed in email
addresses, using subadresses for incoming email to role accounts is quite
common.

Closes-Bug: 1958533
Change-Id: Id265fa1dfa5c0703d8e95b5de1334d4ca716fbc0

designate/objects/fields.py

@@ -100,7 +100,7 @@ class StringFields(ovoo_fields.StringField):
     RE_NAPTR_SERVICE = r'^([A-Za-z]([A-Za-z0-9]*)(\+[A-Za-z]([A-Za-z0-9]{0,31}))*)?'  # noqa
     RE_NAPTR_REGEXP = r'^([^0-9i\\])(.*)\1((.+)|(\\[1-9]))\1(i?)'
     RE_KVP = r'^\s[A-Za-z0-9]+=[A-Za-z0-9]+'
-    RE_URL_MAIL = r'^mailto:[A-Za-z0-9_\-]+@.*'
+    RE_URL_MAIL = r'^mailto:[A-Za-z0-9_\-]+(\+[A-Za-z0-9_\-]+)?@.*'
     RE_URL_HTTP = r'^http(s)?://.*/'
     RE_CERT_TYPE = r'(^[A-Z]+$)|(^[0-9]+$)'
     RE_CERT_ALGO = r'(^[A-Z]+[A-Z0-9\-]+[A-Z0-9]$)|(^[0-9]+$)'

designate/tests/unit/objects/test_caa_object.py

@@ -50,6 +50,13 @@ class CAARecordTest(oslotest.base.BaseTestCase):
         self.assertEqual(0, caa_record.flags)
         self.assertEqual('iodef mailto:security@example.net', caa_record.prpt)
 
+        caa_record = objects.CAA()
+        caa_record._from_string('0 iodef mailto:security+caa@example.net')
+
+        self.assertEqual(0, caa_record.flags)
+        self.assertEqual('iodef mailto:security+caa@example.net',
+                         caa_record.prpt)
+
     def test_parse_caa_invalid(self):
         caa_record = objects.CAA()
         self.assertRaisesRegex(

releasenotes/notes/bug-1958533-allow-caa-mail-subaddr-d02cdc46bbb118ad.yaml

@@ -0,0 +1,10 @@
+---
+fixes:
+  - |
+    CAA records now allow the use of `+` prefixed subadresses like
+    `security+caa@example.net` within mail urls.
+    (https://www.rfc-editor.org/rfc/rfc5233.html#section-1)
+
+    See `bug 1958533`_ for more information.
+
+    .. _bug 1958533: https://bugs.launchpad.net/designate/+bug/1958533