dnsdist: Allow editing the ACL via the API #4658
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zeha
reviewed
Nov 9, 2016
| @@ -1224,6 +1224,7 @@ Here are all functions: | |||
| * quit or ^D: exit the console | |||
| * `webserver(address:port, password [, apiKey [, customHeaders ]])`: launch a webserver with stats on that address with that password | |||
| * `includeDirectory(dir)`: all files ending in `.conf` in the directory `dir` are loaded into the configuration | |||
| * `setAPIWritable(bool, [dir])`: allow modifications via the API. If `dir` iset set, it must be a valid directory where the configuration files will be written by the API. Otherwise the modifications done via the API will not be written to the configuration and will not persist after a reload | |||
zeha
reviewed
Nov 9, 2016
| @@ -321,6 +321,7 @@ const std::vector<ConsoleKeyword> g_consoleKeywords{ | |||
| { "QTypeRule", true, "qtype", "matches queries with the specified qtype" }, | |||
| { "RCodeRule", true, "rcode", "matches responses with the specified rcode" }, | |||
| { "setACL", true, "{netmask, netmask}", "replace the ACL set with these netmasks. Use `setACL({})` to reset the list, meaning no one can use us" }, | |||
| { "setAPIWritable", true, "bool, dir", "allow modifications via the API. if `dir`is set, it must be a valid directory where the configuration files will be written by the API" }, | |||
zeha
reviewed
Nov 9, 2016
| g_apiConfigDirectory = *apiConfigDir; | ||
| } | ||
| else { | ||
| errlog("The API configuration directory cannot be empty!"); |
There was a problem hiding this comment.
this has confusion potential: "is this about the string itself or the directory?"
zeha
reviewed
Nov 9, 2016
| } | ||
|
|
||
| if (resp.status == 200) { | ||
| vinfolog("Updating the ACL via the API"); |
There was a problem hiding this comment.
maybe also log actual changes made? (for "audit")
rgacogne
force-pushed
the
dnsdist-set-acl
branch
from
dc73108
to
aefbb0c
Compare
|
Updated to fix the issues reported by @zeha (thanks!). |
|
Can the config setting name be renamed from 'acl' to 'allow-from' to be consistent with the recursor and auth server REST API? |
rgacogne
force-pushed
the
dnsdist-set-acl
branch
from
aefbb0c
to
56d68fa
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Short description
/api/v1/servers/localhost/config/aclto be able to retrieve and update the current ACL.setAPIWritable(bool, [dir])to allow modifications from the API, and to specify an optional directory where updated configuration files are written to on such update. The directory should be included in the configuration withincludeDirectory()to be of any use.Checklist
I have: