From 2054afbb6b2e96e760820ef34912b2ea52f0add4 Mon Sep 17 00:00:00 2001
From: Chris Hofstaedtler <chris.hofstaedtler@deduktiva.com>
Date: Fri, 10 Aug 2018 15:15:55 +0200
Subject: [PATCH] Drop api-readonly configuration setting

---
 pdns/common_startup.cc              |  1 -
 pdns/pdns_recursor.cc               |  5 ++---
 pdns/recursordist/docs/settings.rst |  1 +
 pdns/ws-auth.cc                     | 26 +++++++++++++-------------
 pdns/ws-recursor.cc                 |  8 ++++----
 regression-tests.recursor/config.sh |  1 -
 6 files changed, 20 insertions(+), 22 deletions(-)

diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
index 786a212a7..cb2104835 100644
--- a/pdns/common_startup.cc
+++ b/pdns/common_startup.cc
@@ -94,7 +94,6 @@ void declareArguments()
   ::arg().setSwitch("api", "Enable/disable the REST API (including HTTP listener)")="no";
   ::arg().set("api-key", "Static pre-shared authentication key for access to the REST API")="";
   ::arg().set("api-logfile", "Location of the server logfile (used by the REST API)")="/var/log/pdns.log";
-  ::arg().setSwitch("api-readonly", "Disallow data modification through the REST API when set")="no";
   ::arg().setSwitch("dname-processing", "If we should support DNAME records")="no";
 
   ::arg().setCmd("help","Provide a helpful message");
diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index d854a7f0e..6ce03ec55 100644
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -3921,7 +3921,6 @@ int main(int argc, char **argv)
     ::arg().set("api-config-dir", "Directory where REST API stores config and zones") = "";
     ::arg().set("api-key", "Static pre-shared authentication key for access to the REST API") = "";
     ::arg().set("api-logfile", "Location of the server logfile (used by the REST API)") = "/var/log/pdns.log";
-    ::arg().set("api-readonly", "Disallow data modification through the REST API when set") = "no";
     ::arg().setSwitch("webserver", "Start a webserver (for REST API)") = "no";
     ::arg().set("webserver-address", "IP Address of webserver to listen on") = "127.0.0.1";
     ::arg().set("webserver-port", "Port of webserver to listen on") = "8082";
@@ -4055,8 +4054,8 @@ int main(int argc, char **argv)
 
     ::arg().parse(argc,argv);
 
-    if( !::arg()["chroot"].empty() && !::arg()["api-config-dir"].empty() && !::arg().mustDo("api-readonly") )  {
-      g_log<<Logger::Error<<"Using chroot and a writable API is not possible"<<endl;
+    if( !::arg()["chroot"].empty() && !::arg()["api-config-dir"].empty() ) {
+      g_log<<Logger::Error<<"Using chroot and enabling the API is not possible"<<endl;
       exit(EXIT_FAILURE);
     }
 
diff --git a/pdns/recursordist/docs/settings.rst b/pdns/recursordist/docs/settings.rst
index caeb21f1e..537c15715 100644
--- a/pdns/recursordist/docs/settings.rst
+++ b/pdns/recursordist/docs/settings.rst
@@ -81,6 +81,7 @@ Static pre-shared authentication key for access to the REST API.
 ``api-readonly``
 ----------------
 .. versionadded:: 4.0.0
+.. versionremoved:: 4.2.0
 
 -  Boolean
 -  Default: no
diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index 03d45bc2f..509f6e2bc 100644
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -792,7 +792,7 @@ static void apiZoneMetadata(HttpRequest* req, HttpResponse *resp) {
     }
 
     resp->setBody(document);
-  } else if (req->method == "POST" && !::arg().mustDo("api-readonly")) {
+  } else if (req->method == "POST") {
     auto document = req->json();
     string kind;
     vector<string> entries;
@@ -875,7 +875,7 @@ static void apiZoneMetadataKind(HttpRequest* req, HttpResponse* resp) {
 
     document["metadata"] = entries;
     resp->setBody(document);
-  } else if (req->method == "PUT" && !::arg().mustDo("api-readonly")) {
+  } else if (req->method == "PUT") {
     auto document = req->json();
 
     if (!isValidMetadataKind(kind, false))
@@ -902,7 +902,7 @@ static void apiZoneMetadataKind(HttpRequest* req, HttpResponse* resp) {
     };
 
     resp->setBody(key);
-  } else if (req->method == "DELETE" && !::arg().mustDo("api-readonly")) {
+  } else if (req->method == "DELETE") {
     if (!isValidMetadataKind(kind, false))
       throw ApiException("Unsupported metadata kind '" + kind + "'");
 
@@ -1182,13 +1182,13 @@ static void apiZoneCryptokeys(HttpRequest *req, HttpResponse *resp) {
 
   if (req->method == "GET") {
     apiZoneCryptokeysGET(zonename, inquireKeyId, resp, &dk);
-  } else if (req->method == "DELETE" && !::arg().mustDo("api-readonly")) {
+  } else if (req->method == "DELETE") {
     if (inquireKeyId == -1)
       throw HttpBadRequestException();
     apiZoneCryptokeysDELETE(zonename, inquireKeyId, req, resp, &dk);
-  } else if (req->method == "POST" && !::arg().mustDo("api-readonly")) {
+  } else if (req->method == "POST") {
     apiZoneCryptokeysPOST(zonename, req, resp, &dk);
-  } else if (req->method == "PUT" && !::arg().mustDo("api-readonly")) {
+  } else if (req->method == "PUT") {
     if (inquireKeyId == -1)
       throw HttpBadRequestException();
     apiZoneCryptokeysPUT(zonename, inquireKeyId, req, resp, &dk);
@@ -1246,7 +1246,7 @@ static void checkDuplicateRecords(vector<DNSResourceRecord>& records) {
 static void apiServerZones(HttpRequest* req, HttpResponse* resp) {
   UeberBackend B;
   DNSSECKeeper dk(&B);
-  if (req->method == "POST" && !::arg().mustDo("api-readonly")) {
+  if (req->method == "POST") {
     DomainInfo di;
     auto document = req->json();
     DNSName zonename = apiNameToDNSName(stringFromJson(document, "name"));
@@ -1432,7 +1432,7 @@ static void apiServerZoneDetail(HttpRequest* req, HttpResponse* resp) {
     throw HttpNotFoundException();
   }
 
-  if(req->method == "PUT" && !::arg().mustDo("api-readonly")) {
+  if(req->method == "PUT") {
     // update domain settings
 
     updateDomainSettingsFromDocument(B, di, zonename, req->json());
@@ -1441,7 +1441,7 @@ static void apiServerZoneDetail(HttpRequest* req, HttpResponse* resp) {
     resp->status = 204; // No Content, but indicate success
     return;
   }
-  else if(req->method == "DELETE" && !::arg().mustDo("api-readonly")) {
+  else if(req->method == "DELETE") {
     // delete domain
     if(!di.backend->deleteDomain(zonename))
       throw ApiException("Deleting domain '"+zonename.toString()+"' failed: backend delete failed/unsupported");
@@ -1450,7 +1450,7 @@ static void apiServerZoneDetail(HttpRequest* req, HttpResponse* resp) {
     resp->body = "";
     resp->status = 204; // No Content: declare that the zone is gone now
     return;
-  } else if (req->method == "PATCH" && !::arg().mustDo("api-readonly")) {
+  } else if (req->method == "PATCH") {
     patchZone(req, resp);
     return;
   } else if (req->method == "GET") {
@@ -1501,7 +1501,7 @@ static void apiServerZoneExport(HttpRequest* req, HttpResponse* resp) {
 static void apiServerZoneAxfrRetrieve(HttpRequest* req, HttpResponse* resp) {
   DNSName zonename = apiZoneIdToName(req->parameters["id"]);
 
-  if(req->method != "PUT" || ::arg().mustDo("api-readonly"))
+  if(req->method != "PUT")
     throw HttpMethodNotAllowedException();
 
   UeberBackend B;
@@ -1521,7 +1521,7 @@ static void apiServerZoneAxfrRetrieve(HttpRequest* req, HttpResponse* resp) {
 static void apiServerZoneNotify(HttpRequest* req, HttpResponse* resp) {
   DNSName zonename = apiZoneIdToName(req->parameters["id"]);
 
-  if(req->method != "PUT" || ::arg().mustDo("api-readonly"))
+  if(req->method != "PUT")
     throw HttpMethodNotAllowedException();
 
   UeberBackend B;
@@ -1886,7 +1886,7 @@ static void apiServerSearchData(HttpRequest* req, HttpResponse* resp) {
 }
 
 void apiServerCacheFlush(HttpRequest* req, HttpResponse* resp) {
-  if(req->method != "PUT" || ::arg().mustDo("api-readonly"))
+  if(req->method != "PUT")
     throw HttpMethodNotAllowedException();
 
   DNSName canon = apiNameToDNSName(req->getvars["domain"]);
diff --git a/pdns/ws-recursor.cc b/pdns/ws-recursor.cc
index 4cea7898d..e3a5e8024 100644
--- a/pdns/ws-recursor.cc
+++ b/pdns/ws-recursor.cc
@@ -70,7 +70,7 @@ static void apiWriteConfigFile(const string& filebasename, const string& content
 
 static void apiServerConfigAllowFrom(HttpRequest* req, HttpResponse* resp)
 {
-  if (req->method == "PUT" && !::arg().mustDo("api-readonly")) {
+  if (req->method == "PUT") {
     Json document = req->json();
 
     auto jlist = document["value"];
@@ -248,7 +248,7 @@ static bool doDeleteZone(const DNSName& zonename)
 
 static void apiServerZones(HttpRequest* req, HttpResponse* resp)
 {
-  if (req->method == "POST" && !::arg().mustDo("api-readonly")) {
+  if (req->method == "POST") {
     if (::arg()["api-config-dir"].empty()) {
       throw ApiException("Config Option \"api-config-dir\" must be set");
     }
@@ -300,7 +300,7 @@ static void apiServerZoneDetail(HttpRequest* req, HttpResponse* resp)
   if (iter == SyncRes::t_sstorage.domainmap->end())
     throw ApiException("Could not find domain '"+zonename.toLogString()+"'");
 
-  if(req->method == "PUT" && !::arg().mustDo("api-readonly")) {
+  if(req->method == "PUT") {
     Json document = req->json();
 
     doDeleteZone(zonename);
@@ -309,7 +309,7 @@ static void apiServerZoneDetail(HttpRequest* req, HttpResponse* resp)
     resp->body = "";
     resp->status = 204; // No Content, but indicate success
   }
-  else if(req->method == "DELETE" && !::arg().mustDo("api-readonly")) {
+  else if(req->method == "DELETE") {
     if (!doDeleteZone(zonename)) {
       throw ApiException("Deleting domain failed");
     }
diff --git a/regression-tests.recursor/config.sh b/regression-tests.recursor/config.sh
index 6d2dbc05a..da2b47276 100755
--- a/regression-tests.recursor/config.sh
+++ b/regression-tests.recursor/config.sh
@@ -559,7 +559,6 @@ EOF
 cat > recursor-service/recursor.conf <<EOF
 webserver=yes
 api-key=secret
-api-readonly=yes
 forward-zones-file=$(pwd)/recursor-service/forward-zones-file
 
 socket-dir=/tmp/recursor-service
-- 
2.40.0