From: Peter van Dijk <peter.van.dijk@powerdns.com>
Date: Tue, 12 Sep 2023 10:34:43 +0000 (+0200)
Subject: auth: add default-catalog-zone setting
X-Git-Tag: dnsdist-1.9.0-alpha1~3^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F13238%2Fhead;p=thirdparty%2Fpdns.git

auth: add default-catalog-zone setting
---

diff --git a/docs/settings.rst b/docs/settings.rst
index 95d3956baa..d8bed0d47c 100644
--- a/docs/settings.rst
+++ b/docs/settings.rst
@@ -366,6 +366,18 @@ The value of :ref:`metadata-api-rectify` if it is not set on the zone.
 .. note::
   Pre 4.2.0 the default was always no.
 
+.. _setting-default-catalog-zone:
+
+``default-catalog-zone``
+------------------------
+
+- String:
+- Default: empty
+
+.. versionadded:: 4.8.3
+
+When a primary zone is created via the API, and the request does not specify a catalog zone, the name given here will be used.
+
 .. _setting-default-ksk-algorithms:
 .. _setting-default-ksk-algorithm:
 
diff --git a/pdns/auth-main.cc b/pdns/auth-main.cc
index c28931fe3f..e3d4b39b09 100644
--- a/pdns/auth-main.cc
+++ b/pdns/auth-main.cc
@@ -328,6 +328,8 @@ static void declareArguments()
   ::arg().setSwitch("consistent-backends", "Assume individual zones are not divided over backends. Send only ANY lookup operations to the backend to reduce the number of lookups") = "yes";
 
   ::arg().set("rng", "Specify the random number generator to use. Valid values are auto,sodium,openssl,getrandom,arc4random,urandom.") = "auto";
+
+  ::arg().set("default-catalog-zone", "Catalog zone to assign newly created primary zones (via the API) to") = "";
 #ifdef ENABLE_GSS_TSIG
   ::arg().setSwitch("enable-gss-tsig", "Enable GSS TSIG processing") = "no";
 #endif
@@ -1482,6 +1484,17 @@ int main(int argc, char** argv)
     g_log << Logger::Error << "Exiting because: " << PE.reason << endl;
     exit(1);
   }
+
+  try {
+    auto defaultCatalog = ::arg()["default-catalog-zone"];
+    if (!defaultCatalog.empty()) {
+      auto defCatalog = DNSName(defaultCatalog);
+    }
+  }
+  catch (const std::exception& e) {
+    g_log << Logger::Error << "Invalid value '" << ::arg()["default-catalog-zone"] << "' for default-catalog-zone: " << e.what() << endl;
+    exit(1);
+  }
   S.blacklist("special-memory-usage");
 
   DLOG(g_log << Logger::Warning << "Verbose logging in effect" << endl);
diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index fc8d7832fa..20bac3e349 100644
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -1872,6 +1872,13 @@ static void apiServerZonesPost(HttpRequest* req, HttpResponse* resp) {
 
   updateDomainSettingsFromDocument(B, di, zonename, document, !new_records.empty());
 
+  if (!catalog && kind == DomainInfo::Master) {
+    auto defaultCatalog = ::arg()["default-catalog-zone"];
+    if (!defaultCatalog.empty()) {
+      di.backend->setCatalog(zonename, DNSName(defaultCatalog));
+    }
+  }
+
   di.backend->commitTransaction();
 
   g_zoneCache.add(zonename, static_cast<int>(di.id)); // make new zone visible
diff --git a/regression-tests.api/runtests.py b/regression-tests.api/runtests.py
index 50065051d1..51e603e4b3 100755
--- a/regression-tests.api/runtests.py
+++ b/regression-tests.api/runtests.py
@@ -75,6 +75,7 @@ default-soa-edit=INCEPTION-INCREMENT
 launch+=bind
 bind-config=bindbackend.conf
 loglevel=5
+default-catalog-zone=default-catalog.example.com
 """
 
 BINDBACKEND_CONF_TPL = """
diff --git a/regression-tests.api/test_Zones.py b/regression-tests.api/test_Zones.py
index 7257168bb3..8193070a60 100644
--- a/regression-tests.api/test_Zones.py
+++ b/regression-tests.api/test_Zones.py
@@ -239,13 +239,16 @@ class AuthZones(ApiTestCase, AuthZonesHelperMixin):
 
     def test_create_zone_with_account(self):
         # soa_edit_api wins over serial
-        name, payload, data = self.create_zone(account='anaccount', serial=10)
+        name, payload, data = self.create_zone(account='anaccount', serial=10, kind='Master')
         print(data)
         for k in ('account', ):
             self.assertIn(k, data)
             if k in payload:
                 self.assertEqual(data[k], payload[k])
 
+        # as we did not set a catalog in our request, check that the default catalog was applied
+        self.assertEqual(data['catalog'], "default-catalog.example.com.")
+
     def test_create_zone_default_soa_edit_api(self):
         name, payload, data = self.create_zone()
         print(data)