From a0930e4594e314468897a24a768dea1f2bdbe895 Mon Sep 17 00:00:00 2001 From: Kees Monshouwer Date: Wed, 13 Jul 2022 21:55:08 +0200 Subject: [PATCH] auth: api, add catalog in zone endpoint --- .../swagger/authoritative-api-swagger.yaml | 11 +++-- modules/gsqlite3backend/gsqlite3backend.cc | 2 +- modules/lmdbbackend/lmdbbackend.cc | 2 +- pdns/ws-auth.cc | 43 ++++++++++++------- regression-tests.api/test_Zones.py | 11 +++++ 5 files changed, 49 insertions(+), 20 deletions(-) diff --git a/docs/http-api/swagger/authoritative-api-swagger.yaml b/docs/http-api/swagger/authoritative-api-swagger.yaml index 709a7f0ec7..e4f006b3c1 100644 --- a/docs/http-api/swagger/authoritative-api-swagger.yaml +++ b/docs/http-api/swagger/authoritative-api-swagger.yaml @@ -250,7 +250,7 @@ paths: put: summary: Modifies basic zone data. - description: 'The only fields in the zone structure which can be modified are: kind, masters, account, soa_edit, soa_edit_api, api_rectify, dnssec, and nsec3param. All other fields are ignored.' + description: 'The only fields in the zone structure which can be modified are: kind, masters, catalog, account, soa_edit, soa_edit_api, api_rectify, dnssec, and nsec3param. All other fields are ignored.' operationId: putZone tags: - zones @@ -988,7 +988,9 @@ definitions: - 'Native' - 'Master' - 'Slave' - description: 'Zone kind, one of “Native”, “Master”, “Slave”' + - 'Producer' + - 'Consumer' + description: 'Zone kind, one of “Native”, “Master”, “Slave”, “Producer”, “Consumer”' rrsets: type: array items: @@ -1028,10 +1030,13 @@ definitions: description: 'The SOA-EDIT-API metadata item' api_rectify: type: boolean - description: ' Whether or not the zone will be rectified on data changes via the API' + description: 'Whether or not the zone will be rectified on data changes via the API' zone: type: string description: 'MAY contain a BIND-style zone file when creating a zone' + catalog: + type: string + description: 'The catalog this zone is a member of' account: type: string description: 'MAY be set. Its value is defined by local policy' diff --git a/modules/gsqlite3backend/gsqlite3backend.cc b/modules/gsqlite3backend/gsqlite3backend.cc index df3aff2714..f966cc66eb 100644 --- a/modules/gsqlite3backend/gsqlite3backend.cc +++ b/modules/gsqlite3backend/gsqlite3backend.cc @@ -121,7 +121,7 @@ public: declare(suffix, "update-master-query", "", "update domains set master=:master where name=:domain"); declare(suffix, "update-kind-query", "", "update domains set type=:kind where name=:domain"); declare(suffix, "update-options-query", "", "update domains set options=:options where name=:domain"); - declare(suffix, "update-catalog-query", "", "update domains set catalog=:options where name=:domain"); + declare(suffix, "update-catalog-query", "", "update domains set catalog=:catalog where name=:domain"); declare(suffix, "update-account-query", "", "update domains set account=:account where name=:domain"); declare(suffix, "update-serial-query", "", "update domains set notified_serial=:serial where id=:domain_id"); declare(suffix, "update-lastcheck-query", "", "update domains set last_check=:last_check where id=:domain_id"); diff --git a/modules/lmdbbackend/lmdbbackend.cc b/modules/lmdbbackend/lmdbbackend.cc index 514cbccacb..1f200bc24c 100644 --- a/modules/lmdbbackend/lmdbbackend.cc +++ b/modules/lmdbbackend/lmdbbackend.cc @@ -162,7 +162,7 @@ namespace serialization ar& tmp; } else - ar & ""; + ar& std::string(); } template diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc index 883cb0618d..b07be2bdc4 100644 --- a/pdns/ws-auth.cc +++ b/pdns/ws-auth.cc @@ -319,18 +319,18 @@ static Json::object getZoneInfo(const DomainInfo& di, DNSSECKeeper* dk) { masters.push_back(m.toStringWithPortExcept(53)); } - auto obj = Json::object { + auto obj = Json::object{ // id is the canonical lookup key, which doesn't actually match the name (in some cases) - { "id", zoneId }, - { "url", "/api/v1/servers/localhost/zones/" + zoneId }, - { "name", di.zone.toString() }, - { "kind", di.getKindString() }, - { "account", di.account }, - { "masters", std::move(masters) }, - { "serial", (double)di.serial }, - { "notified_serial", (double)di.notified_serial }, - { "last_check", (double)di.last_check } - }; + {"id", zoneId}, + {"url", "/api/v1/servers/localhost/zones/" + zoneId}, + {"name", di.zone.toString()}, + {"kind", di.getKindString()}, + {"catalog", (!di.catalog.empty() ? di.catalog.toString() : "")}, + {"account", di.account}, + {"masters", std::move(masters)}, + {"serial", (double)di.serial}, + {"notified_serial", (double)di.notified_serial}, + {"last_check", (double)di.last_check}}; if (dk) { obj["dnssec"] = dk->isSecuredZone(di.zone); string soa_edit; @@ -612,8 +612,8 @@ static void throwUnableToSecure(const DNSName& zonename) { + "capable backends are loaded, or because the backends have DNSSEC disabled. Check your configuration."); } - -static void extractDomainInfoFromDocument(const Json& document, boost::optional& kind, boost::optional>& masters, boost::optional& account) { +static void extractDomainInfoFromDocument(const Json& document, boost::optional& kind, boost::optional>& masters, boost::optional& catalog, boost::optional& account) +{ if (document["kind"].is_string()) { kind = DomainInfo::stringToKind(stringFromJson(document, "kind")); } else { @@ -636,6 +636,14 @@ static void extractDomainInfoFromDocument(const Json& document, boost::optional< masters = boost::none; } + if (document["catalog"].is_string()) { + string catstring = document["catalog"].string_value(); + catalog = (!catstring.empty() ? DNSName(catstring) : DNSName()); + } + else { + catalog = boost::none; + } + if (document["account"].is_string()) { account = document["account"].string_value(); } else { @@ -646,9 +654,10 @@ static void extractDomainInfoFromDocument(const Json& document, boost::optional< static void updateDomainSettingsFromDocument(UeberBackend& B, const DomainInfo& di, const DNSName& zonename, const Json& document, bool rectifyTransaction=true) { boost::optional kind; boost::optional> masters; + boost::optional catalog; boost::optional account; - extractDomainInfoFromDocument(document, kind, masters, account); + extractDomainInfoFromDocument(document, kind, masters, catalog, account); if (kind) { di.backend->setKind(zonename, *kind); @@ -656,6 +665,9 @@ static void updateDomainSettingsFromDocument(UeberBackend& B, const DomainInfo& if (masters) { di.backend->setMasters(zonename, *masters); } + if (catalog) { + di.backend->setCatalog(zonename, *catalog); + } if (account) { di.backend->setAccount(zonename, *account); } @@ -1795,8 +1807,9 @@ static void apiServerZones(HttpRequest* req, HttpResponse* resp) { boost::optional kind; boost::optional> masters; + boost::optional catalog; boost::optional account; - extractDomainInfoFromDocument(document, kind, masters, account); + extractDomainInfoFromDocument(document, kind, masters, catalog, account); // no going back after this if(!B.createDomain(zonename, kind.get_value_or(DomainInfo::Native), masters.get_value_or(vector()), account.get_value_or(""))) diff --git a/regression-tests.api/test_Zones.py b/regression-tests.api/test_Zones.py index d9291f5c2d..4a5173700a 100644 --- a/regression-tests.api/test_Zones.py +++ b/regression-tests.api/test_Zones.py @@ -145,6 +145,15 @@ class AuthZones(ApiTestCase, AuthZonesHelperMixin): self.assertGreater(soa_serial, payload['serial']) self.assertEqual(soa_serial, data['serial']) + def test_create_zone_with_catalog(self): + # soa_edit_api wins over serial + name, payload, data = self.create_zone(catalog='catalog.invalid.', serial=10) + print(data) + for k in ('catalog', ): + self.assertIn(k, data) + if k in payload: + self.assertEqual(data[k], payload[k]) + def test_create_zone_with_account(self): # soa_edit_api wins over serial name, payload, data = self.create_zone(account='anaccount', serial=10) @@ -1053,6 +1062,7 @@ $ORIGIN %NAME% payload = { 'kind': 'Master', 'masters': ['192.0.2.1', '192.0.2.2'], + 'catalog': 'catalog.invalid.', 'soa_edit_api': 'EPOCH', 'soa_edit': 'EPOCH' } @@ -1068,6 +1078,7 @@ $ORIGIN %NAME% # update, back to Native and empty(off) payload = { 'kind': 'Native', + 'catalog': '', 'soa_edit_api': '', 'soa_edit': '' } -- 2.47.2