API: Allow setting extra domain metadata

This allows setting domain metadata starting with "X-".

diff --git a/docs/markdown/authoritative/domainmetadata.md b/docs/markdown/authoritative/domainmetadata.md
index ce6b3b687b3b1c11dcea1a1b975ed7d3225ea693..3d95454786b99296a9ad7354ab8eca3633ed53c6 100644 (file)
--- a/docs/markdown/authoritative/domainmetadata.md
+++ b/docs/markdown/authoritative/domainmetadata.md
@@ -107,3 +107,7 @@ Allow these named TSIG keys to AXFR this zone, see [Provisioning outbound AXFR a
 ## TSIG-ALLOW-DNSUPDATE
 This setting allows you to set the TSIG key required to do an [DNS update](dnsupdate.md). If
 [GSS-TSIG](tsig.md#gss-tsig) is enabled, you can put kerberos principals here as well.
+
+## Extra metadata
+Through the API and on the [`pdnsutil set-meta`](dnssec.md#pdnsutil) commandline, metadata unused by PowerDNS can be added.
+It is mandatory to prefix this extra metadata with "X-" and the name of the external application; the API will only allow this metadata if it starts with "X-".

diff --git a/docs/markdown/httpapi/api_spec.md b/docs/markdown/httpapi/api_spec.md
index 793daaa536f02ec5abb8d526657aca72fe3c55c7..5d1bc62be44fe85316b247d14a935a2e1025bf35 100644 (file)
--- a/docs/markdown/httpapi/api_spec.md
+++ b/docs/markdown/httpapi/api_spec.md
@@ -626,8 +626,7 @@ zone\_metadata\_resource
 
 Clients MUST NOT modify `NSEC3PARAM`, `NSEC3NARROW`, `PRESIGNED` and
 `LUA-AXFR-SCRIPT` through this interface. The server rejects updates to
-these metadata. Modifications to custom metadata kinds are rejected
-through this interface.
+these metadata. Modifications to custom metadata kinds starting with `X-` is allowed as well.
 
 
 URL: /api/v1/servers/:server\_id/zones/:zone\_name/metadata

diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index c99e047a2a6427399f5c722ab5bda2aae8c7ad47..d9322867c1cf15fb4f90ce401f14644d3c9c6698 100644 (file)
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -555,6 +555,9 @@ static bool isValidMetadataKind(const string& kind, bool readonly) {
     "LUA-AXFR-SCRIPT"
   };
 
+  if (kind.find("X-") == 0)
+    return true;
+
   bool found = false;
 
   for (const string& s : builtinOptions) {

diff --git a/regression-tests.api/test_Zones.py b/regression-tests.api/test_Zones.py
index 52daeb1770dc0bb13413606d713f9b36f9179fe4..11fb3cc441765b6b688e2f0bb3d68a4d141e7043 100644 (file)
--- a/regression-tests.api/test_Zones.py
+++ b/regression-tests.api/test_Zones.py
@@ -385,6 +385,14 @@ class AuthZones(ApiTestCase, AuthZonesHelperMixin):
         self.assertEquals(r.status_code, 200)
         self.assertEquals(rdata["metadata"], [])
 
+    def test_create_external_zone_metadata(self):
+        payload_metadata = {"metadata": ["My very important message"]}
+        r = self.session.put(self.url("/api/v1/servers/localhost/zones/example.com/metadata/X-MYMETA"),
+                             data=json.dumps(payload_metadata))
+        self.assertEquals(r.status_code, 200)
+        rdata = r.json()
+        self.assertEquals(rdata["metadata"], payload_metadata["metadata"])
+
     def test_create_slave_zone(self):
         # Test that nameservers can be absent for slave zones.
         name, payload, data = self.create_zone(kind='Slave', nameservers=None, masters=['127.0.0.2'])