Add documentation

modules/api/src/it/resources/application.conf

@@ -163,6 +163,28 @@ vinyldns {
     "ns1.parent.com4."
   ]
 
+  # approved zones, individual users, users in groups and record types that are allowed for dotted hosts
+  dotted-hosts = {
+    # for local testing
+    allowed-settings = [
+      {
+      type = "auth-configs"
+      zone = "dummy."
+      allowed-user-list = ["testuser"]
+      allowed-group-list = ["dummy-group"]
+      allowed-record-type = ["AAAA"]
+      },
+      {
+      # for wildcard zones. Settings will be applied to all matching zones
+      type = "auth-configs"
+      zone = "*ent.com."
+      allowed-user-list = ["professor", "testuser"]
+      allowed-group-list = ["testing-group"]
+      allowed-record-type = ["A", "CNAME"]
+      }
+    ]
+  }
+
   # Note: This MUST match the Portal or strange errors will ensue, NoOpCrypto should not be used for production
   crypto {
     type = "vinyldns.core.crypto.NoOpCrypto"

modules/api/src/main/resources/application.conf

@@ -165,27 +165,10 @@ vinyldns {
     "ns1.parent.com4."
   ]
 
-# approved zones, individual users, users in groups and record types that are allowed for dotted hosts
+  # approved zones, individual users, users in groups and record types that are allowed for dotted hosts
-dotted-hosts = {
+  dotted-hosts = {
-  # for local testing
+    allowed-settings = []
-  allowed-settings = [
+  }
-    {
-    type = "auth-configs"
-    zone = "dummy."
-    allowed-user-list = ["testuser"]
-    allowed-group-list = ["dummy-group"]
-    allowed-record-type = ["AAAA"]
-    },
-    {
-    # for wildcard zones. Settings will be applied to all matching zones
-    type = "auth-configs"
-    zone = "*ent.com."
-    allowed-user-list = ["professor", "testuser"]
-    allowed-group-list = ["testing-group"]
-    allowed-record-type = ["A", "CNAME"]
-    }
-  ]
-}
 
   # Note: This MUST match the Portal or strange errors will ensue, NoOpCrypto should not be used for production
   crypto {

modules/api/src/main/resources/reference.conf

@@ -93,22 +93,22 @@ vinyldns {
   # approved zones, individual users, users in groups and record types that are allowed for dotted hosts
   dotted-hosts = {
     allowed-settings = [
-        {
+      {
-        # for wildcard zones. Settings will be applied to all matching zones
+      # for wildcard zones. Settings will be applied to all matching zones
-        type = "auth-configs"
+      type = "auth-configs"
-        zone = "*ent.com*."
+      zone = "*ent.com*."
-        allowed-user-list = ["ok"]
+      allowed-user-list = ["ok"]
-        allowed-group-list = ["dummy-group"]
+      allowed-group-list = ["dummy-group"]
-        allowed-record-type = ["CNAME"]
+      allowed-record-type = ["CNAME"]
-        },
+      },
-        {
+      {
-        # for wildcard zones. Settings will be applied to all matching zones
+      # for wildcard zones. Settings will be applied to all matching zones
-        type = "auth-configs"
+      type = "auth-configs"
-        zone = "dummy*."
+      zone = "dummy*."
-        allowed-user-list = ["sharedZoneUser"]
+      allowed-user-list = ["sharedZoneUser"]
-        allowed-group-list = ["history-group1"]
+      allowed-group-list = ["history-group1"]
-        allowed-record-type = ["A"]
+      allowed-record-type = ["A"]
-        }
+      }
     ]
   }
 

modules/docs/src/main/mdoc/operator/config-api.md

@@ -536,7 +536,50 @@ v6-discovery-nibble-boundaries {
   min = 5
   max = 20
 }
+```
 
+### Dotted Hosts
+
+Configuration setting that determines the zones, users (either individual or based on group) and record types that are 
+allowed to create dotted hosts. If only all the above are satisfied, one can create a dotted host in VinylDNS.
+
+Note the following: 
+1. The config `type = "auth-configs"` is a default which shouldn't be changed.
+2. Zones defined in the `zone` must always end with a dot. Eg: `comcast.com.`
+3. Wildcard character `*` can be used in `zone` to allow dotted hosts for all zones matching it.
+4. Individual users who are allowed to create dotted hosts are added to the `allowed-user-list` using their username.
+5. A set of users in a group who are allowed to create dotted hosts are added to the `allowed-group-list` using group name.
+6. The record types which are allowed while creating a dotted host is added to the `allowed-record-type`.
+
+```yaml
+# approved zones, individual users, users in groups and record types that are allowed for dotted hosts
+dotted-hosts = {
+   allowed-settings = [
+      {
+      type = "auth-configs"
+      zone = "dummy."
+      allowed-user-list = ["testuser"]
+      allowed-group-list = ["dummy-group"]
+      allowed-record-type = ["AAAA"]
+      },
+      {
+      # for wildcard zones. Settings will be applied to all matching zones
+      type = "auth-configs"
+      zone = "*ent.com."
+      allowed-user-list = ["professor", "testuser"]
+      allowed-group-list = ["testing-group"]
+      allowed-record-type = ["A", "CNAME"]
+      }
+   ]
+}
+```
+
+The config can be left empty as follows if we don't want to use it:
+
+```yaml
+dotted-hosts = {
+   allowed-settings = []
+}
 ```
 
 ### Full Example Config
@@ -713,6 +756,27 @@ v6-discovery-nibble-boundaries {
      }
   }
 
+  # approved zones, individual users, users in groups and record types that are allowed for dotted hosts
+  dotted-hosts = {
+     allowed-settings = [
+        {
+        type = "auth-configs"
+        zone = "dummy."
+        allowed-user-list = ["testuser"]
+        allowed-group-list = ["dummy-group"]
+        allowed-record-type = ["AAAA"]
+        },
+        {
+        # for wildcard zones. Settings will be applied to all matching zones
+        type = "auth-configs"
+        zone = "*ent.com."
+        allowed-user-list = ["professor", "testuser"]
+        allowed-group-list = ["testing-group"]
+        allowed-record-type = ["A", "CNAME"]
+        }
+     ]
+  }
+
   # true if you want to enable manual review for non-fatal errors
   manual-batch-review-enabled = true