From 6bb25159c1fa0585ebcabc1d311439861597f78e Mon Sep 17 00:00:00 2001
From: Mark Schouten <mark@tuxis.nl>
Date: Mon, 26 May 2014 20:49:52 +0200
Subject: [PATCH] Implement the bool() dnssec in
 <api>/servers/localhost/zones/<zone>

Allow setting SOA-EDIT via the API
---
 pdns/ws-auth.cc                    |  8 ++++++++
 regression-tests.api/test_Zones.py | 24 ++++++++++++++++++++----
 2 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index 63d148b20..d53fe6feb 100644
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -286,6 +286,7 @@ void AuthWebServer::indexfunction(HttpRequest* req, HttpResponse* resp)
 static void fillZone(const string& zonename, HttpResponse* resp) {
   UeberBackend B;
   DomainInfo di;
+  DNSSECKeeper dk;
   if(!B.getDomainInfo(zonename, di))
     throw ApiException("Could not find domain '"+zonename+"'");
 
@@ -302,9 +303,13 @@ static void fillZone(const string& zonename, HttpResponse* resp) {
   doc.AddMember("name", di.zone.c_str(), doc.GetAllocator());
   doc.AddMember("type", "Zone", doc.GetAllocator());
   doc.AddMember("kind", di.getKindString(), doc.GetAllocator());
+  doc.AddMember("dnssec", dk.isSecuredZone(di.zone.c_str()), doc.GetAllocator());
   string soa_edit_api;
   di.backend->getDomainMetadataOne(zonename, "SOA-EDIT-API", soa_edit_api);
   doc.AddMember("soa_edit_api", soa_edit_api.c_str(), doc.GetAllocator());
+  string soa_edit;
+  di.backend->getDomainMetadataOne(zonename, "SOA-EDIT", soa_edit);
+  doc.AddMember("soa_edit", soa_edit.c_str(), doc.GetAllocator());
   Value masters;
   masters.SetArray();
   BOOST_FOREACH(const string& master, di.masters) {
@@ -464,6 +469,9 @@ static void updateDomainSettingsFromDocument(const DomainInfo& di, const string&
   if (document["soa_edit_api"].IsString()) {
     di.backend->setDomainMetadataOne(zonename, "SOA-EDIT-API", document["soa_edit_api"].GetString());
   }
+  if (document["soa_edit"].IsString()) {
+    di.backend->setDomainMetadataOne(zonename, "SOA-EDIT", document["soa_edit"].GetString());
+  }
 }
 
 static void apiServerZones(HttpRequest* req, HttpResponse* resp) {
diff --git a/regression-tests.api/test_Zones.py b/regression-tests.api/test_Zones.py
index 3b150ce58..6a104921f 100644
--- a/regression-tests.api/test_Zones.py
+++ b/regression-tests.api/test_Zones.py
@@ -48,7 +48,7 @@ class AuthZones(ApiTestCase):
 
     def test_create_zone(self):
         payload, data = self.create_zone(serial=22)
-        for k in ('id', 'url', 'name', 'masters', 'kind', 'last_check', 'notified_serial', 'serial', 'soa_edit_api'):
+        for k in ('id', 'url', 'name', 'masters', 'kind', 'last_check', 'notified_serial', 'serial', 'soa_edit_api', 'soa_edit'):
             self.assertIn(k, data)
             if k in payload:
                 self.assertEquals(data[k], payload[k])
@@ -74,6 +74,20 @@ class AuthZones(ApiTestCase):
         self.assertGreater(soa_serial, payload['serial'])
         self.assertEquals(soa_serial, data['serial'])
 
+    def test_create_zone_with_soa_edit(self):
+        # soa_edit wins over serial
+        payload, data = self.create_zone(soa_edit='EPOCH', serial=10)
+        for k in ('soa_edit', ):
+            self.assertIn(k, data)
+            if k in payload:
+                self.assertEquals(data[k], payload[k])
+        # generated EPOCH serial surely is > fixed serial we passed in
+        print data
+        self.assertGreater(data['serial'], payload['serial'])
+        soa_serial = int([r['content'].split(' ')[2] for r in data['records'] if r['type'] == 'SOA'][0])
+        self.assertGreater(soa_serial, payload['serial'])
+        self.assertEquals(soa_serial, data['serial'])
+
     def test_create_zone_with_records(self):
         name = unique_zone_name()
         records = [
@@ -185,7 +199,7 @@ class AuthZones(ApiTestCase):
         zone_id = (name.replace('/', '=2F')) + '.'
         r = self.session.get(self.url("/servers/localhost/zones/" + zone_id))
         data = r.json()
-        for k in ('id', 'url', 'name', 'masters', 'kind', 'last_check', 'notified_serial', 'serial'):
+        for k in ('id', 'url', 'name', 'masters', 'kind', 'last_check', 'notified_serial', 'serial', 'dnssec'):
             self.assertIn(k, data)
             if k in payload:
                 self.assertEquals(data[k], payload[k])
@@ -240,7 +254,8 @@ class AuthZones(ApiTestCase):
         payload = {
             'kind': 'Master',
             'masters': ['192.0.2.1', '192.0.2.2'],
-            'soa_edit_api': 'EPOCH'
+            'soa_edit_api': 'EPOCH',
+            'soa_edit': 'EPOCH'
         }
         r = self.session.put(
             self.url("/servers/localhost/zones/" + name),
@@ -254,7 +269,8 @@ class AuthZones(ApiTestCase):
         # update, back to Native and empty(off)
         payload = {
             'kind': 'Native',
-            'soa_edit_api': ''
+            'soa_edit_api': '',
+            'soa_edit': ''
         }
         r = self.session.put(
             self.url("/servers/localhost/zones/" + name),
-- 
2.40.0