diff --git a/modules/api/src/it/resources/application.conf b/modules/api/src/it/resources/application.conf index aedb547d1..550af4139 100644 --- a/modules/api/src/it/resources/application.conf +++ b/modules/api/src/it/resources/application.conf @@ -169,18 +169,18 @@ vinyldns { allowed-settings = [ { zone = "*mmy." - allowed-user-list = ["testuser"] - allowed-group-list = ["dummy-group"] - allowed-record-type = ["AAAA"] - allowed-dots-limit = 3 + user-list = ["testuser"] + group-list = ["dummy-group"] + record-types = ["AAAA"] + dots-limit = 3 }, { # for wildcard zones. Settings will be applied to all matching zones zone = "parent.com." - allowed-user-list = ["professor", "testuser"] - allowed-group-list = ["testing-group"] - allowed-record-type = ["A", "CNAME"] - allowed-dots-limit = 3 + user-list = ["professor", "testuser"] + group-list = ["testing-group"] + record-types = ["A", "CNAME"] + dots-limit = 3 } ] } diff --git a/modules/api/src/it/scala/vinyldns/api/domain/record/RecordSetServiceIntegrationSpec.scala b/modules/api/src/it/scala/vinyldns/api/domain/record/RecordSetServiceIntegrationSpec.scala index 52bded45e..c789d8305 100644 --- a/modules/api/src/it/scala/vinyldns/api/domain/record/RecordSetServiceIntegrationSpec.scala +++ b/modules/api/src/it/scala/vinyldns/api/domain/record/RecordSetServiceIntegrationSpec.scala @@ -391,7 +391,7 @@ class RecordSetServiceIntegrationSpec .name shouldBe "test.dotted" } - "fail creating dotted record if it satisfies all dotted hosts config except allowed-dots-limit for the zone" in { + "fail creating dotted record if it satisfies all dotted hosts config except dots-limit for the zone" in { val newRecord = RecordSet( dummyZone.id, "test.dotted.more.dots.than.allowed", diff --git a/modules/api/src/main/resources/reference.conf b/modules/api/src/main/resources/reference.conf index 021ad67ce..402a8b1e6 100644 --- a/modules/api/src/main/resources/reference.conf +++ b/modules/api/src/main/resources/reference.conf @@ -97,18 +97,18 @@ vinyldns { { # for wildcard zones. Settings will be applied to all matching zones zone = "*ent.com*." - allowed-user-list = ["ok"] - allowed-group-list = ["dummy-group"] - allowed-record-type = ["CNAME"] - allowed-dots-limit = 3 + user-list = ["ok"] + group-list = ["dummy-group"] + record-types = ["CNAME"] + dots-limit = 3 }, { # for wildcard zones. Settings will be applied to all matching zones zone = "dummy*." - allowed-user-list = ["sharedZoneUser"] - allowed-group-list = ["history-group1"] - allowed-record-type = ["A"] - allowed-dots-limit = 3 + user-list = ["sharedZoneUser"] + group-list = ["history-group1"] + record-types = ["A"] + dots-limit = 3 } ] } diff --git a/modules/api/src/main/scala/vinyldns/api/config/DottedHostsConfig.scala b/modules/api/src/main/scala/vinyldns/api/config/DottedHostsConfig.scala index 2c0721ac7..a5d1e546d 100644 --- a/modules/api/src/main/scala/vinyldns/api/config/DottedHostsConfig.scala +++ b/modules/api/src/main/scala/vinyldns/api/config/DottedHostsConfig.scala @@ -19,7 +19,7 @@ package vinyldns.api.config import pureconfig.ConfigReader import pureconfig.generic.auto._ -final case class ZoneAuthConfigs(zone: String, allowedUserList: List[String], allowedGroupList: List[String], allowedRecordType: List[String], allowedDotsLimit: Int) +final case class ZoneAuthConfigs(zone: String, userList: List[String], groupList: List[String], recordTypes: List[String], dotsLimit: Int) final case class DottedHostsConfig(zoneAuthConfigs: List[ZoneAuthConfigs]) object DottedHostsConfig { diff --git a/modules/api/src/main/scala/vinyldns/api/domain/record/RecordSetService.scala b/modules/api/src/main/scala/vinyldns/api/domain/record/RecordSetService.scala index cd699261d..0a38bae89 100644 --- a/modules/api/src/main/scala/vinyldns/api/domain/record/RecordSetService.scala +++ b/modules/api/src/main/scala/vinyldns/api/domain/record/RecordSetService.scala @@ -252,10 +252,10 @@ class RecordSetService( val isContainWildcardZone = dottedZoneConfig.exists(x => zoneName.matches(x)) val isContainNormalZone = configZones.contains(zoneName) if(isContainNormalZone){ - config.zoneAuthConfigs.filter(x => x.zone == zoneName).head.allowedDotsLimit + config.zoneAuthConfigs.filter(x => x.zone == zoneName).head.dotsLimit } else if(isContainWildcardZone){ - config.zoneAuthConfigs.filter(x => zoneName.matches(x.zone.replace("*", "[A-Za-z0-9.]*"))).head.allowedDotsLimit + config.zoneAuthConfigs.filter(x => zoneName.matches(x.zone.replace("*", "[A-Za-z0-9.]*"))).head.dotsLimit } else { 0 @@ -272,7 +272,7 @@ class RecordSetService( if(isContainNormalZone){ val users = config.zoneAuthConfigs.flatMap { x: ZoneAuthConfigs => - if (x.zone == zoneName) x.allowedUserList else List.empty + if (x.zone == zoneName) x.userList else List.empty } if(users.contains(auth.signedInUser.userName)){ true @@ -286,7 +286,7 @@ class RecordSetService( x: ZoneAuthConfigs => if (x.zone.contains("*")) { val wildcardZone = x.zone.replace("*", "[A-Za-z0-9.]*") - if (zoneName.matches(wildcardZone)) x.allowedUserList else List.empty + if (zoneName.matches(wildcardZone)) x.userList else List.empty } else List.empty } if(users.contains(auth.signedInUser.userName)){ @@ -311,7 +311,7 @@ class RecordSetService( if(isContainNormalZone){ val rType = config.zoneAuthConfigs.flatMap { x: ZoneAuthConfigs => - if (x.zone == zoneName) x.allowedRecordType else List.empty + if (x.zone == zoneName) x.recordTypes else List.empty } if(rType.contains(rs.typ.toString)){ true @@ -325,7 +325,7 @@ class RecordSetService( x: ZoneAuthConfigs => if (x.zone.contains("*")) { val wildcardZone = x.zone.replace("*", "[A-Za-z0-9.]*") - if (zoneName.matches(wildcardZone)) x.allowedRecordType else List.empty + if (zoneName.matches(wildcardZone)) x.recordTypes else List.empty } else List.empty } if(rType.contains(rs.typ.toString)){ @@ -350,7 +350,7 @@ class RecordSetService( val groups = if(isContainNormalZone){ config.zoneAuthConfigs.flatMap { x: ZoneAuthConfigs => - if (x.zone == zoneName) x.allowedGroupList else List.empty + if (x.zone == zoneName) x.groupList else List.empty } } else if(isContainWildcardZone){ @@ -358,7 +358,7 @@ class RecordSetService( x: ZoneAuthConfigs => if (x.zone.contains("*")) { val wildcardZone = x.zone.replace("*", "[A-Za-z0-9.]*") - if (zoneName.matches(wildcardZone)) x.allowedGroupList else List.empty + if (zoneName.matches(wildcardZone)) x.groupList else List.empty } else List.empty } } diff --git a/modules/api/src/main/scala/vinyldns/api/domain/record/RecordSetValidations.scala b/modules/api/src/main/scala/vinyldns/api/domain/record/RecordSetValidations.scala index 4a625e0cc..cbbd35b60 100644 --- a/modules/api/src/main/scala/vinyldns/api/domain/record/RecordSetValidations.scala +++ b/modules/api/src/main/scala/vinyldns/api/domain/record/RecordSetValidations.scala @@ -361,7 +361,7 @@ object RecordSetValidations { ensuring( InvalidRequest( s"RecordSet with name ${recordSet.name} has more dots than that is allowed in config for this zone " + - s"which is, 'allowed-dots-limit = $allowedDotsLimit'." + s"which is, 'dots-limit = $allowedDotsLimit'." ) )( recordSet.name.count(_ == '.') <= allowedDotsLimit || (recordSet.name.count(_ == '.') == 1 && diff --git a/modules/api/src/test/functional/tests/recordsets/create_recordset_test.py b/modules/api/src/test/functional/tests/recordsets/create_recordset_test.py index d6c9a6cff..f04152c13 100644 --- a/modules/api/src/test/functional/tests/recordsets/create_recordset_test.py +++ b/modules/api/src/test/functional/tests/recordsets/create_recordset_test.py @@ -562,7 +562,7 @@ def test_create_dotted_a_record_fails_if_all_dotted_hosts_config_not_satisfied(s Test that creating a A record set with dotted host record name fails Here the zone, user (in group) and record type is allowed. But the record name has more dots than the number of dots allowed for this zone. Hence the test fails - The 'allowed-dots-limit' config from dotted-hosts config is not satisfied. Config present in reference.conf + The 'dots-limit' config from dotted-hosts config is not satisfied. Config present in reference.conf """ client = shared_zone_test_context.history_client zone = shared_zone_test_context.dummy_zone @@ -576,7 +576,7 @@ def test_create_dotted_a_record_fails_if_all_dotted_hosts_config_not_satisfied(s error = client.create_recordset(dotted_host_a_record, status=422) assert_that(error, is_("RecordSet with name " + dotted_host_a_record["name"] + " has more dots than that is " - "allowed in config for this zone which is, 'allowed-dots-limit = 3'.")) + "allowed in config for this zone which is, 'dots-limit = 3'.")) def test_create_dotted_a_record_apex_succeeds(shared_zone_test_context): diff --git a/modules/api/src/test/scala/vinyldns/api/domain/record/RecordSetServiceSpec.scala b/modules/api/src/test/scala/vinyldns/api/domain/record/RecordSetServiceSpec.scala index 43b5ffc0c..520a4bd9e 100644 --- a/modules/api/src/test/scala/vinyldns/api/domain/record/RecordSetServiceSpec.scala +++ b/modules/api/src/test/scala/vinyldns/api/domain/record/RecordSetServiceSpec.scala @@ -138,9 +138,9 @@ class RecordSetServiceSpec x: ZoneAuthConfigs => if (x.zone.contains("*")) { val wildcardZone = x.zone.replace("*", "[A-Za-z.]*") - if (zoneName.substring(0, zoneName.length - 1).matches(wildcardZone)) x.allowedGroupList else List.empty + if (zoneName.substring(0, zoneName.length - 1).matches(wildcardZone)) x.groupList else List.empty } else { - if (x.zone == zoneName) x.allowedGroupList else List.empty + if (x.zone == zoneName) x.groupList else List.empty } } } diff --git a/modules/docs/src/main/mdoc/operator/config-api.md b/modules/docs/src/main/mdoc/operator/config-api.md index 9e31806ef..db3e449dc 100644 --- a/modules/docs/src/main/mdoc/operator/config-api.md +++ b/modules/docs/src/main/mdoc/operator/config-api.md @@ -546,18 +546,18 @@ allowed to create dotted hosts. If only all the above are satisfied, one can cre Note the following: 1. Zones defined in the `zone` must always end with a dot. Eg: `comcast.com.` 2. Wildcard character `*` can be used in `zone` to allow dotted hosts for all zones matching it. -3. Individual users who are allowed to create dotted hosts are added to the `allowed-user-list` using their username. -4. A set of users in a group who are allowed to create dotted hosts are added to the `allowed-group-list` using group name. -5. If the user is either in `allowed-user-list` or `allowed-group-list`, they are allowed to create a dotted host. It is -not necessary for the user to be in both `allowed-user-list` and `allowed-group-list`. -6. The record types which are allowed while creating a dotted host is added to the `allowed-record-type`. -7. The number of dots allowed in a record name for a zone is given in `allowed-dots-limit`. -8. If `allowed-user-list` is left empty (`allowed-user-list = []`), no user will be allowed to create dotted hosts unless -they're present in `allowed-group-list` and vice-versa. If both `allowed-user-list` and `allowed-group-list` is left empty +3. Individual users who are allowed to create dotted hosts are added to the `user-list` using their username. +4. A set of users in a group who are allowed to create dotted hosts are added to the `group-list` using group name. +5. If the user is either in `user-list` or `group-list`, they are allowed to create a dotted host. It is +not necessary for the user to be in both `user-list` and `group-list`. +6. The record types which are allowed while creating a dotted host is added to the `record-types`. +7. The number of dots allowed in a record name for a zone is given in `dots-limit`. +8. If `user-list` is left empty (`user-list = []`), no user will be allowed to create dotted hosts unless +they're present in `group-list` and vice-versa. If both `user-list` and `group-list` is left empty no users will be allowed to create dotted hosts in that zone. -9. If `allowed-record-type` is left empty (`allowed-record-type = []`), user cannot create dotted hosts of any record type +9. If `record-types` is left empty (`record-types = []`), user cannot create dotted hosts of any record type in that zone. -10. If `allowed-dots-limit` is set to 0 (`allowed-dots-limit = 0`), we cannot create dotted hosts record in that zone. +10. If `dots-limit` is set to 0 (`dots-limit = 0`), we cannot create dotted hosts record in that zone. ```yaml # approved zones, individual users, users in groups and record types that are allowed for dotted hosts @@ -565,18 +565,18 @@ dotted-hosts = { allowed-settings = [ { zone = "dummy." - allowed-user-list = ["testuser"] - allowed-group-list = ["dummy-group"] - allowed-record-type = ["AAAA"] - allowed-dots-limit = 3 + user-list = ["testuser"] + group-list = ["dummy-group"] + record-types = ["AAAA"] + dots-limit = 3 }, { # for wildcard zones. Settings will be applied to all matching zones zone = "*ent.com." - allowed-user-list = ["professor", "testuser"] - allowed-group-list = ["testing-group"] - allowed-record-type = ["A", "CNAME"] - allowed-dots-limit = 3 + user-list = ["professor", "testuser"] + group-list = ["testing-group"] + record-types = ["A", "CNAME"] + dots-limit = 3 } ] } @@ -586,9 +586,9 @@ In the above, the dotted hosts can be created only in the zone `dummy.` and zone Also, it must satisfy the allowed users or group users and record type of the respective zone to create a dotted host. -For eg, we can't create a dotted host with `CNAME` record type in the zone `dummy.` as it's not in `allowed-record-type`. -And the user `professor` can't create a dotted host in the zone `dummy.` as the user is not in `allowed-user-list` or -`allowed-group-list` (not part of `dummy-group`). +For eg, we can't create a dotted host with `CNAME` record type in the zone `dummy.` as it's not in `record-types`. +And the user `professor` can't create a dotted host in the zone `dummy.` as the user is not in `user-list` or +`group-list` (not part of `dummy-group`). The config can be left empty as follows if we don't want to use it: @@ -777,18 +777,18 @@ dotted-hosts = { allowed-settings = [ { zone = "dummy." - allowed-user-list = ["testuser"] - allowed-group-list = ["dummy-group"] - allowed-record-type = ["AAAA"] - allowed-dots-limit = 3 + user-list = ["testuser"] + group-list = ["dummy-group"] + record-types = ["AAAA"] + dots-limit = 3 }, { # for wildcard zones. Settings will be applied to all matching zones zone = "*ent.com." - allowed-user-list = ["professor", "testuser"] - allowed-group-list = ["testing-group"] - allowed-record-type = ["A", "CNAME"] - allowed-dots-limit = 3 + user-list = ["professor", "testuser"] + group-list = ["testing-group"] + record-types = ["A", "CNAME"] + dots-limit = 3 } ] }