auth: add edited_serial to Zone object

This gives API consumers the ability to see the edited SOA serial. The
API code used the same functions as the DNSSECKeeper, so this serial
will match the one send to clients in response to queries.

Closes #7961

diff --git a/docs/http-api/swagger/authoritative-api-swagger.yaml b/docs/http-api/swagger/authoritative-api-swagger.yaml
index fa0fe9528bbd319fc024f9c033e762fd49700a79..11d7861b14de08063a937cd457cf27b2e993b598 100644 (file)
--- a/docs/http-api/swagger/authoritative-api-swagger.yaml
+++ b/docs/http-api/swagger/authoritative-api-swagger.yaml
@@ -919,6 +919,9 @@ definitions:
       notified_serial:
         type: integer
         description: 'The SOA serial notifications have been sent out for'
+      edited_serial:
+        type: integer
+        description: 'The SOA serial as seen in query responses. Calculated using the SOA-EDIT metadata, default-soa-edit and default-soa-edit-signed settings'
       masters:
         type: array
         items:

diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index 61d9cb5380135d50472c9a18410b4e30626e51d3..25f980e858e4b4b4522d81247b118bf58f7e916a 100644 (file)
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -336,6 +336,7 @@ static Json::object getZoneInfo(const DomainInfo& di, DNSSECKeeper *dk) {
     { "account", di.account },
     { "masters", masters },
     { "serial", (double)di.serial },
+    { "edited_serial", (double)calculateEditSOA(di.serial, *dk, di.zone) },
     { "notified_serial", (double)di.notified_serial },
     { "last_check", (double)di.last_check }
   };

diff --git a/regression-tests.api/runtests.py b/regression-tests.api/runtests.py
index 56d5e3e7b2d2bad68ed062e3e18fce95dc36a5d4..f9f4dba1798222aa058b3ac0e6a647c485f4cd23 100755 (executable)
--- a/regression-tests.api/runtests.py
+++ b/regression-tests.api/runtests.py
@@ -38,6 +38,7 @@ gsqlite3-dnssec=on
 gsqlite3-database="""+SQLITE_DB+"""
 module-dir=../regression-tests/modules
 bind-config=bindbackend.conf
+default-soa-edit=INCEPTION-INCREMENT
 """
 
 BINDBACKEND_CONF_TPL = """

diff --git a/regression-tests.api/test_Zones.py b/regression-tests.api/test_Zones.py
index 514cea8e0ee2b72ad1e47d5b0ab7a5a3815aa468..03fd58646d147556e1f6004bc632411d5f69bf66 100644 (file)
--- a/regression-tests.api/test_Zones.py
+++ b/regression-tests.api/test_Zones.py
@@ -59,7 +59,7 @@ class Zones(ApiTestCase):
         print(example_com)
         required_fields = ['id', 'url', 'name', 'kind']
         if is_auth():
-            required_fields = required_fields + ['masters', 'last_check', 'notified_serial', 'serial', 'account']
+            required_fields = required_fields + ['masters', 'last_check', 'notified_serial', 'edited_serial', 'serial', 'account']
             self.assertNotEquals(example_com['serial'], 0)
         elif is_recursor():
             required_fields = required_fields + ['recursion_desired', 'servers']
@@ -99,7 +99,7 @@ class AuthZones(ApiTestCase, AuthZonesHelperMixin):
     def test_create_zone(self):
         # soa_edit_api has a default, override with empty for this test
         name, payload, data = self.create_zone(serial=22, soa_edit_api='')
-        for k in ('id', 'url', 'name', 'masters', 'kind', 'last_check', 'notified_serial', 'serial', 'soa_edit_api', 'soa_edit', 'account'):
+        for k in ('id', 'url', 'name', 'masters', 'kind', 'last_check', 'notified_serial', 'serial', 'edited_serial', 'soa_edit_api', 'soa_edit', 'account'):
             self.assertIn(k, data)
             if k in payload:
                 self.assertEquals(data[k], payload[k])
@@ -113,6 +113,7 @@ class AuthZones(ApiTestCase, AuthZonesHelperMixin):
         # Because we had confusion about dots, check that the DB is without dots.
         dbrecs = get_db_records(name, 'SOA')
         self.assertEqual(dbrecs[0]['content'], expected_soa.replace('. ', ' '))
+        self.assertNotEquals(data['serial'], data['edited_serial'])
 
     def test_create_zone_with_soa_edit_api(self):
         # soa_edit_api wins over serial