]> granicus.if.org Git - pdns/commitdiff
projects / pdns / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 986e485)
API: add rectify endpoint
authorPieter Lexis <pieter.lexis@powerdns.com>
Fri, 6 Oct 2017 15:04:23 +0000 (17:04 +0200)
committerPieter Lexis <pieter.lexis@powerdns.com>
Tue, 17 Oct 2017 14:17:15 +0000 (16:17 +0200)
docs/http-api/endpoint-zones.rst patch | blob | history
pdns/ws-auth.cc patch | blob | history

diff --git a/docs/http-api/endpoint-zones.rst b/docs/http-api/endpoint-zones.rst
index 09a0793e50bad610f70b3698bfa5bbdd1871cf8b..2622a9d1a1a2c63e6c54bd8d89bc1dddf272c690 100644 (file)
--- a/docs/http-api/endpoint-zones.rst
+++ b/docs/http-api/endpoint-zones.rst
@@ -128,3 +128,12 @@ Zones endpoint
 
   :param server_id: The name of the server
   :param zone_id: The id number of the :json:object:`Zone`
+
+.. http:put:: /api/v1/servers/:server_id/zones/:zone_id/rectify
+
+  Rectify the zone data. This does not take into account the :ref:`metadata-api-rectify` metadata.
+
+  :param server_id: The name of the server
+  :param zone_id: The id number of the :json:object:`Zone`
+
+  Fails on slave zones and zones that do not have DNSSEC.
diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index 51d2dd8415eaf28520c30cecf0acd778179fe659..9d22bd71898f32c3216e690fe35c8b3ebb43db7a 100644 (file)
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -1447,6 +1447,32 @@ static void apiServerZoneNotify(HttpRequest* req, HttpResponse* resp) {
   resp->setSuccessResult("Notification queued");
 }
 
+static void apiServerZoneRectify(HttpRequest* req, HttpResponse* resp) {
+  DNSName zonename = apiZoneIdToName(req->parameters["id"]);
+
+  if(req->method != "PUT")
+    throw HttpMethodNotAllowedException();
+
+  UeberBackend B;
+  DomainInfo di;
+  if(!B.getDomainInfo(zonename, di))
+    throw ApiException("Could not find domain '"+zonename.toString()+"'");
+
+  DNSSECKeeper dk(&B);
+
+  if (!dk.isSecuredZone(zonename))
+    throw ApiException("Zone '" + zonename.toString() + "' is not DNSSEC signed, not rectifying.");
+
+  if (di.kind == DomainInfo::Slave)
+    throw ApiException("Zone '" + zonename.toString() + "' is a slave zone, not rectifying.");
+
+  string error_msg = "";
+  if (!dk.rectifyZone(zonename, error_msg))
+    throw ApiException("Failed to rectify '" + zonename.toString() + "' " + error_msg);
+
+  resp->setSuccessResult("Rectified");
+}
+
 static void makePtr(const DNSResourceRecord& rr, DNSResourceRecord* ptr) {
   if (rr.qtype.getCode() == QType::A) {
     uint32_t ip;
@@ -1831,6 +1857,7 @@ void AuthWebServer::webThread()
       d_ws->registerApiHandler("/api/v1/servers/localhost/zones/<id>/metadata/<kind>", &apiZoneMetadataKind);
       d_ws->registerApiHandler("/api/v1/servers/localhost/zones/<id>/metadata", &apiZoneMetadata);
       d_ws->registerApiHandler("/api/v1/servers/localhost/zones/<id>/notify", &apiServerZoneNotify);
+      d_ws->registerApiHandler("/api/v1/servers/localhost/zones/<id>/rectify", &apiServerZoneRectify);
       d_ws->registerApiHandler("/api/v1/servers/localhost/zones/<id>", &apiServerZoneDetail);
       d_ws->registerApiHandler("/api/v1/servers/localhost/zones", &apiServerZones);
       d_ws->registerApiHandler("/api/v1/servers/localhost", &apiServerDetail);
Unnamed repository; edit this file 'description' to name the repository.