From 582b6876d41e929a023551ecaacf911acef8bdde Mon Sep 17 00:00:00 2001 From: Manoj Kumar Date: Sat, 21 Feb 2026 22:15:08 +0530 Subject: [PATCH] add ACL annotation, entitytype, minor cleanup --- .../api/command/user/dns/AddDnsServerCmd.java | 15 +++++++-------- .../dns/AssociateDnsZoneToNetworkCmd.java | 10 +++++++--- .../command/user/dns/CreateDnsRecordCmd.java | 12 +++++++++--- .../command/user/dns/CreateDnsZoneCmd.java | 18 +++++++++--------- .../command/user/dns/DeleteDnsRecordCmd.java | 13 ++++++++++--- .../command/user/dns/DeleteDnsServerCmd.java | 13 ++++++++++--- .../command/user/dns/DeleteDnsZoneCmd.java | 16 ++++++++++++---- .../DisassociateDnsZoneFromNetworkCmd.java | 12 +++++++++--- .../command/user/dns/ListDnsProvidersCmd.java | 19 +++++++++---------- .../command/user/dns/ListDnsRecordsCmd.java | 13 ++++++++++--- .../command/user/dns/ListDnsServersCmd.java | 19 ++++++++++--------- .../api/command/user/dns/ListDnsZonesCmd.java | 13 ++++++++++--- .../user/dns/RegisterDnsRecordForVmCmd.java | 8 +++++++- .../user/dns/RemoveDnsRecordForVmCmd.java | 9 +++++++-- .../command/user/dns/UpdateDnsServerCmd.java | 17 +++++++++-------- .../command/user/dns/UpdateDnsZoneCmd.java | 14 ++++++-------- .../dns/DnsProviderManagerImpl.java | 2 -- .../cloudstack/dns/dao/DnsServerDao.java | 1 + 18 files changed, 142 insertions(+), 82 deletions(-) diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/AddDnsServerCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/AddDnsServerCmd.java index 77525cb8900..03f79a59108 100644 --- a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/AddDnsServerCmd.java +++ b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/AddDnsServerCmd.java @@ -19,8 +19,6 @@ package org.apache.cloudstack.api.command.user.dns; import java.util.List; -import javax.inject.Inject; - import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; @@ -30,18 +28,19 @@ import org.apache.cloudstack.api.Parameter; import org.apache.cloudstack.api.ServerApiException; import org.apache.cloudstack.api.response.DnsServerResponse; import org.apache.cloudstack.context.CallContext; -import org.apache.cloudstack.dns.DnsProviderManager; import org.apache.cloudstack.dns.DnsServer; import org.apache.commons.lang3.BooleanUtils; -@APICommand(name = "addDnsServer", description = "Adds a new external DNS server", responseObject = DnsServerResponse.class, - requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, since = "4.23.0", +@APICommand(name = "addDnsServer", + description = "Adds a new external DNS server", + responseObject = DnsServerResponse.class, + entityType = {DnsServer.class}, + requestHasSensitiveInfo = false, + responseHasSensitiveInfo = false, + since = "4.23.0", authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User}) public class AddDnsServerCmd extends BaseCmd { - @Inject - DnsProviderManager dnsProviderManager; - ///////////////////////////////////////////////////// //////////////// API parameters ///////////////////// ///////////////////////////////////////////////////// diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/AssociateDnsZoneToNetworkCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/AssociateDnsZoneToNetworkCmd.java index 1c3de2916aa..60f9c70c9c9 100644 --- a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/AssociateDnsZoneToNetworkCmd.java +++ b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/AssociateDnsZoneToNetworkCmd.java @@ -34,9 +34,13 @@ import com.cloud.exception.NetworkRuleConflictException; import com.cloud.exception.ResourceAllocationException; import com.cloud.exception.ResourceUnavailableException; -@APICommand(name = "associateDnsZoneToNetwork", description = "Associates a DNS Zone with a Network for VM auto-registration", - responseObject = DnsZoneNetworkMapResponse.class, requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, - since = "4.23.0", authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User}) +@APICommand(name = "associateDnsZoneToNetwork", + description = "Associates a DNS Zone with a Network for VM auto-registration", + responseObject = DnsZoneNetworkMapResponse.class, + requestHasSensitiveInfo = false, + responseHasSensitiveInfo = false, + since = "4.23.0", + authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User}) public class AssociateDnsZoneToNetworkCmd extends BaseCmd { @Parameter(name = ApiConstants.DNS_ZONE_ID, type = CommandType.UUID, entityType = DnsZoneResponse.class, diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/CreateDnsRecordCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/CreateDnsRecordCmd.java index ad4c3712285..ab00c8d8c7e 100644 --- a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/CreateDnsRecordCmd.java +++ b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/CreateDnsRecordCmd.java @@ -20,6 +20,7 @@ package org.apache.cloudstack.api.command.user.dns; import java.util.List; import org.apache.cloudstack.acl.RoleType; +import org.apache.cloudstack.api.ACL; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.ApiErrorCode; @@ -35,11 +36,16 @@ import com.cloud.event.EventTypes; import com.cloud.exception.InvalidParameterValueException; import com.cloud.utils.EnumUtils; -@APICommand(name = "createDnsRecord", description = "Creates a DNS record directly on the provider", - responseObject = DnsRecordResponse.class, requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, - since = "4.23.0", authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User}) +@APICommand(name = "createDnsRecord", + description = "Creates a DNS record directly on the provider", + responseObject = DnsRecordResponse.class, + entityType = {DnsRecord.class}, + requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, + since = "4.23.0", + authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User}) public class CreateDnsRecordCmd extends BaseAsyncCmd { + @ACL @Parameter(name = ApiConstants.DNS_ZONE_ID, type = CommandType.UUID, entityType = DnsZoneResponse.class, required = true, description = "ID of the DNS zone") private Long dnsZoneId; diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/CreateDnsZoneCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/CreateDnsZoneCmd.java index 4bce7bc8fab..b69752e67b2 100644 --- a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/CreateDnsZoneCmd.java +++ b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/CreateDnsZoneCmd.java @@ -19,9 +19,8 @@ package org.apache.cloudstack.api.command.user.dns; import java.util.Arrays; -import javax.inject.Inject; - import org.apache.cloudstack.acl.RoleType; +import org.apache.cloudstack.api.ACL; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.ApiErrorCode; @@ -31,7 +30,6 @@ import org.apache.cloudstack.api.ServerApiException; import org.apache.cloudstack.api.response.DnsServerResponse; import org.apache.cloudstack.api.response.DnsZoneResponse; import org.apache.cloudstack.context.CallContext; -import org.apache.cloudstack.dns.DnsProviderManager; import org.apache.cloudstack.dns.DnsZone; import org.apache.commons.lang3.StringUtils; @@ -39,14 +37,15 @@ import com.cloud.event.EventTypes; import com.cloud.exception.ResourceAllocationException; import com.cloud.utils.EnumUtils; -@APICommand(name = "createDnsZone", description = "Creates a new DNS Zone on a specific server", - responseObject = DnsZoneResponse.class, requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, - since = "4.23.0", authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User}) +@APICommand(name = "createDnsZone", + description = "Creates a new DNS Zone on a specific server", + responseObject = DnsZoneResponse.class, + entityType = {DnsZone.class}, + requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, + since = "4.23.0", + authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User}) public class CreateDnsZoneCmd extends BaseAsyncCreateCmd { - @Inject - DnsProviderManager dnsProviderManager; - ///////////////////////////////////////////////////// //////////////// API Parameters ///////////////////// ///////////////////////////////////////////////////// @@ -55,6 +54,7 @@ public class CreateDnsZoneCmd extends BaseAsyncCreateCmd { description = "The name of the DNS zone (e.g. example.com)") private String name; + @ACL @Parameter(name = ApiConstants.DNS_SERVER_ID, type = CommandType.UUID, entityType = DnsServerResponse.class, required = true, description = "The ID of the DNS server to host this zone") private Long dnsServerId; diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/DeleteDnsRecordCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/DeleteDnsRecordCmd.java index c0328b36dc0..1d7914c346e 100644 --- a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/DeleteDnsRecordCmd.java +++ b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/DeleteDnsRecordCmd.java @@ -18,6 +18,8 @@ package org.apache.cloudstack.api.command.user.dns; import org.apache.cloudstack.acl.RoleType; +import org.apache.cloudstack.acl.SecurityChecker; +import org.apache.cloudstack.api.ACL; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.ApiErrorCode; @@ -33,11 +35,16 @@ import com.cloud.event.EventTypes; import com.cloud.exception.InvalidParameterValueException; import com.cloud.utils.EnumUtils; -@APICommand(name = "deleteDnsRecord", description = "Deletes a DNS record from the external provider", - responseObject = SuccessResponse.class, requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, - since = "4.23.0", authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User}) +@APICommand(name = "deleteDnsRecord", + description = "Deletes a DNS record from the external provider", + responseObject = SuccessResponse.class, + entityType = {DnsRecord.class}, + requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, + since = "4.23.0", + authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User}) public class DeleteDnsRecordCmd extends BaseAsyncCmd { + @ACL(accessType = SecurityChecker.AccessType.OperateEntry) @Parameter(name = ApiConstants.DNS_ZONE_ID, type = CommandType.UUID, entityType = DnsZoneResponse.class, required = true, description = "The ID of the DNS zone") private Long dnsZoneId; diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/DeleteDnsServerCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/DeleteDnsServerCmd.java index 120866074d8..6cc86312f24 100644 --- a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/DeleteDnsServerCmd.java +++ b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/DeleteDnsServerCmd.java @@ -18,6 +18,8 @@ package org.apache.cloudstack.api.command.user.dns; import org.apache.cloudstack.acl.RoleType; +import org.apache.cloudstack.acl.SecurityChecker; +import org.apache.cloudstack.api.ACL; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.ApiErrorCode; @@ -31,15 +33,20 @@ import org.apache.cloudstack.dns.DnsServer; import com.cloud.event.EventTypes; import com.cloud.user.Account; -@APICommand(name = "deleteDnsServer", description = "Removes a DNS server integration", - responseObject = SuccessResponse.class, requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, - since = "4.23.0", authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User}) +@APICommand(name = "deleteDnsServer", + description = "Removes a DNS server integration", + responseObject = SuccessResponse.class, + entityType = {DnsServer.class}, + requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, + since = "4.23.0", + authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User}) public class DeleteDnsServerCmd extends BaseAsyncCmd { ///////////////////////////////////////////////////// //////////////// API Parameters ///////////////////// ///////////////////////////////////////////////////// + @ACL(accessType = SecurityChecker.AccessType.OperateEntry) @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = DnsServerResponse.class, required = true, description = "the ID of the DNS server") private Long id; diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/DeleteDnsZoneCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/DeleteDnsZoneCmd.java index b122c147301..88b3713fe2e 100644 --- a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/DeleteDnsZoneCmd.java +++ b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/DeleteDnsZoneCmd.java @@ -18,6 +18,8 @@ package org.apache.cloudstack.api.command.user.dns; import org.apache.cloudstack.acl.RoleType; +import org.apache.cloudstack.acl.SecurityChecker; +import org.apache.cloudstack.api.ACL; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.ApiErrorCode; @@ -31,16 +33,22 @@ import org.apache.cloudstack.dns.DnsZone; import com.cloud.event.EventTypes; import com.cloud.user.Account; -@APICommand(name = "deleteDnsZone", description = "Removes a DNS Zone from CloudStack and the external provider", - responseObject = SuccessResponse.class, requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, - since = "4.23.0", authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User}) +@APICommand(name = "deleteDnsZone", + description = "Removes a DNS Zone from CloudStack and the external provider", + responseObject = SuccessResponse.class, + entityType = {DnsZone.class}, + requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, + since = "4.23.0", + authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User}) public class DeleteDnsZoneCmd extends BaseAsyncCmd { ///////////////////////////////////////////////////// //////////////// API Parameters ///////////////////// ///////////////////////////////////////////////////// - @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = DnsZoneResponse.class, required = true, description = "The ID of the DNS zone") + @ACL(accessType = SecurityChecker.AccessType.OperateEntry) + @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = DnsZoneResponse.class, required = true, + description = "The ID of the DNS zone") private Long id; ///////////////////////////////////////////////////// diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/DisassociateDnsZoneFromNetworkCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/DisassociateDnsZoneFromNetworkCmd.java index 0ad41271c76..bd31737d30e 100644 --- a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/DisassociateDnsZoneFromNetworkCmd.java +++ b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/DisassociateDnsZoneFromNetworkCmd.java @@ -18,6 +18,8 @@ package org.apache.cloudstack.api.command.user.dns; import org.apache.cloudstack.acl.RoleType; +import org.apache.cloudstack.acl.SecurityChecker; +import org.apache.cloudstack.api.ACL; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.ApiErrorCode; @@ -34,11 +36,15 @@ import com.cloud.exception.ResourceAllocationException; import com.cloud.exception.ResourceUnavailableException; import com.cloud.user.Account; -@APICommand(name = "disassociateDnsZoneFromNetwork", description = "Removes the association between a DNS Zone and a Network", - responseObject = SuccessResponse.class, requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, - since = "4.23.0", authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User}) +@APICommand(name = "disassociateDnsZoneFromNetwork", + description = "Removes the association between a DNS Zone and a Network", + responseObject = SuccessResponse.class, + requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, + since = "4.23.0", + authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User}) public class DisassociateDnsZoneFromNetworkCmd extends BaseCmd { + @ACL(accessType = SecurityChecker.AccessType.OperateEntry) @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = DnsZoneNetworkMapResponse.class, required = true, description = "The ID of the DNS zone to network mapping") private Long id; diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/ListDnsProvidersCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/ListDnsProvidersCmd.java index b847f6518c8..800f030754b 100644 --- a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/ListDnsProvidersCmd.java +++ b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/ListDnsProvidersCmd.java @@ -20,26 +20,25 @@ package org.apache.cloudstack.api.command.user.dns; import java.util.ArrayList; import java.util.List; -import javax.inject.Inject; - import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.BaseListCmd; import org.apache.cloudstack.api.response.DnsProviderResponse; import org.apache.cloudstack.api.response.ListResponse; -import org.apache.cloudstack.dns.DnsProviderManager; +import org.apache.cloudstack.dns.DnsProvider; -@APICommand(name = "listDnsProviders", description = "Lists available DNS plugin providers", - responseObject = DnsProviderResponse.class, requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, - since = "4.23.0", authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User}) +@APICommand(name = "listDnsProviders", + description = "Lists available DNS plugin providers", + responseObject = DnsProviderResponse.class, + entityType = {DnsProvider.class}, + requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, + since = "4.23.0", + authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User}) public class ListDnsProvidersCmd extends BaseListCmd { - @Inject - DnsProviderManager dnsManager; - @Override public void execute() { - List providers = dnsManager.listProviderNames(); + List providers = dnsProviderManager.listProviderNames(); ListResponse response = new ListResponse<>(); List responses = new ArrayList<>(); for (String name : providers) { diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/ListDnsRecordsCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/ListDnsRecordsCmd.java index fcd07e788ce..3bfa4af18db 100644 --- a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/ListDnsRecordsCmd.java +++ b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/ListDnsRecordsCmd.java @@ -18,6 +18,7 @@ package org.apache.cloudstack.api.command.user.dns; import org.apache.cloudstack.acl.RoleType; +import org.apache.cloudstack.api.ACL; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.BaseListCmd; @@ -25,12 +26,18 @@ import org.apache.cloudstack.api.Parameter; import org.apache.cloudstack.api.response.DnsRecordResponse; import org.apache.cloudstack.api.response.DnsZoneResponse; import org.apache.cloudstack.api.response.ListResponse; +import org.apache.cloudstack.dns.DnsRecord; -@APICommand(name = "listDnsRecords", description = "Lists DNS records from the external provider", - responseObject = DnsRecordResponse.class, requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, - since = "4.23.0", authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User}) +@APICommand(name = "listDnsRecords", + description = "Lists DNS records from the external provider", + responseObject = DnsRecordResponse.class, + entityType = {DnsRecord.class}, + requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, + since = "4.23.0", + authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User}) public class ListDnsRecordsCmd extends BaseListCmd { + @ACL @Parameter(name = ApiConstants.DNS_ZONE_ID, type = CommandType.UUID, entityType = DnsZoneResponse.class, required = true, description = "ID of the DNS zone to list records from") private Long dnsZoneId; diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/ListDnsServersCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/ListDnsServersCmd.java index 3ee941de105..fa301bf2851 100644 --- a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/ListDnsServersCmd.java +++ b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/ListDnsServersCmd.java @@ -17,29 +17,30 @@ package org.apache.cloudstack.api.command.user.dns; -import javax.inject.Inject; - import org.apache.cloudstack.acl.RoleType; +import org.apache.cloudstack.api.ACL; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.BaseListAccountResourcesCmd; import org.apache.cloudstack.api.Parameter; import org.apache.cloudstack.api.response.DnsServerResponse; import org.apache.cloudstack.api.response.ListResponse; -import org.apache.cloudstack.dns.DnsProviderManager; +import org.apache.cloudstack.dns.DnsServer; -@APICommand(name = "listDnsServers", description = "Lists DNS servers owned by the account.", - responseObject = DnsServerResponse.class, requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, - since = "4.23.0", authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User}) +@APICommand(name = "listDnsServers", + description = "Lists DNS servers owned by the account.", + responseObject = DnsServerResponse.class, + entityType = {DnsServer.class}, + requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, + since = "4.23.0", + authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User}) public class ListDnsServersCmd extends BaseListAccountResourcesCmd { - @Inject - DnsProviderManager dnsProviderManager; - ///////////////////////////////////////////////////// //////////////// API Parameters ///////////////////// ///////////////////////////////////////////////////// + @ACL @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = DnsServerResponse.class, description = "the ID of the DNS server") private Long id; diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/ListDnsZonesCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/ListDnsZonesCmd.java index 43b2a8758bc..f848c3525d2 100644 --- a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/ListDnsZonesCmd.java +++ b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/ListDnsZonesCmd.java @@ -18,6 +18,7 @@ package org.apache.cloudstack.api.command.user.dns; import org.apache.cloudstack.acl.RoleType; +import org.apache.cloudstack.api.ACL; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.BaseListAccountResourcesCmd; @@ -25,20 +26,26 @@ import org.apache.cloudstack.api.Parameter; import org.apache.cloudstack.api.response.DnsServerResponse; import org.apache.cloudstack.api.response.DnsZoneResponse; import org.apache.cloudstack.api.response.ListResponse; +import org.apache.cloudstack.dns.DnsZone; -@APICommand(name = "listDnsZones", description = "Lists DNS zones.", responseObject = DnsZoneResponse.class, - requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, since = "4.23.0", +@APICommand(name = "listDnsZones", + description = "Lists DNS zones.", responseObject = DnsZoneResponse.class, + entityType = {DnsZone.class}, + requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, + since = "4.23.0", authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User}) public class ListDnsZonesCmd extends BaseListAccountResourcesCmd { ///////////////////////////////////////////////////// //////////////// API parameters ///////////////////// ///////////////////////////////////////////////////// - /// + + @ACL @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = DnsZoneResponse.class, description = "List DNS zone by ID") private Long id; + @ACL @Parameter(name = "dnsserverid", type = CommandType.UUID, entityType = DnsServerResponse.class, description = "List DNS zones belonging to a specific DNS server") private Long dnsServerId; diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/RegisterDnsRecordForVmCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/RegisterDnsRecordForVmCmd.java index 1ec858d2510..935c78e85fb 100644 --- a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/RegisterDnsRecordForVmCmd.java +++ b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/RegisterDnsRecordForVmCmd.java @@ -18,6 +18,7 @@ package org.apache.cloudstack.api.command.user.dns; import org.apache.cloudstack.acl.RoleType; +import org.apache.cloudstack.api.ACL; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.ApiErrorCode; @@ -28,6 +29,7 @@ import org.apache.cloudstack.api.response.NetworkResponse; import org.apache.cloudstack.api.response.SuccessResponse; import org.apache.cloudstack.api.response.UserVmResponse; import org.apache.cloudstack.context.CallContext; +import org.apache.cloudstack.dns.DnsRecord; import com.cloud.exception.ConcurrentOperationException; import com.cloud.exception.InsufficientCapacityException; @@ -37,14 +39,18 @@ import com.cloud.exception.ResourceUnavailableException; @APICommand(name = "registerDnsRecordForVm", description = "Automatically registers a DNS record for a VM based on its associated Network and DNS Zone mapping", - responseObject = SuccessResponse.class, since = "4.23.0", + responseObject = SuccessResponse.class, + entityType = {DnsRecord.class}, + since = "4.23.0", authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User}) public class RegisterDnsRecordForVmCmd extends BaseCmd { + @ACL @Parameter(name = ApiConstants.VIRTUAL_MACHINE_ID, type = CommandType.UUID, entityType = UserVmResponse.class, required = true, description = "The ID of the Virtual Machine") private Long vmId; + @ACL @Parameter(name = ApiConstants.NETWORK_ID, type = CommandType.UUID, entityType = NetworkResponse.class, description = "The ID of the network. If not specified, the VM's default NIC network is used.") private Long networkId; diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/RemoveDnsRecordForVmCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/RemoveDnsRecordForVmCmd.java index f0ee7d6c61a..0d1adf7cfb0 100644 --- a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/RemoveDnsRecordForVmCmd.java +++ b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/RemoveDnsRecordForVmCmd.java @@ -18,6 +18,7 @@ package org.apache.cloudstack.api.command.user.dns; import org.apache.cloudstack.acl.RoleType; +import org.apache.cloudstack.api.ACL; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.ApiErrorCode; @@ -35,15 +36,19 @@ import com.cloud.exception.NetworkRuleConflictException; import com.cloud.exception.ResourceAllocationException; import com.cloud.exception.ResourceUnavailableException; -@APICommand(name = "removeDnsRecordForVm", description = "Removes the auto-registered DNS record for a VM", - responseObject = SuccessResponse.class, since = "4.23.0", +@APICommand(name = "removeDnsRecordForVm", + description = "Removes the auto-registered DNS record for a VM", + responseObject = SuccessResponse.class, + since = "4.23.0", authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User}) public class RemoveDnsRecordForVmCmd extends BaseCmd { + @ACL @Parameter(name = ApiConstants.VIRTUAL_MACHINE_ID, type = CommandType.UUID, entityType = UserVmResponse.class, required = true, description = "The ID of the Virtual Machine") private Long vmId; + @ACL @Parameter(name = ApiConstants.NETWORK_ID, type = CommandType.UUID, entityType = NetworkResponse.class, description = "The ID of the network. If not specified, the VM's default NIC network is used.") private Long networkId; diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/UpdateDnsServerCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/UpdateDnsServerCmd.java index f2c7ce365ee..4077f7f1b91 100644 --- a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/UpdateDnsServerCmd.java +++ b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/UpdateDnsServerCmd.java @@ -17,9 +17,9 @@ package org.apache.cloudstack.api.command.user.dns; -import javax.inject.Inject; - import org.apache.cloudstack.acl.RoleType; +import org.apache.cloudstack.acl.SecurityChecker; +import org.apache.cloudstack.api.ACL; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.ApiErrorCode; @@ -28,25 +28,26 @@ import org.apache.cloudstack.api.Parameter; import org.apache.cloudstack.api.ServerApiException; import org.apache.cloudstack.api.response.DnsServerResponse; import org.apache.cloudstack.context.CallContext; -import org.apache.cloudstack.dns.DnsProviderManager; import org.apache.cloudstack.dns.DnsServer; import org.apache.commons.lang3.BooleanUtils; import org.apache.commons.lang3.StringUtils; import com.cloud.utils.EnumUtils; -@APICommand(name = "updateDnsServer", description = "Update DNS server", responseObject = DnsServerResponse.class, - requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, since = "4.23.0", +@APICommand(name = "updateDnsServer", + description = "Update DNS server", + responseObject = DnsServerResponse.class, + entityType = {DnsServer.class}, + requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, + since = "4.23.0", authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User}) public class UpdateDnsServerCmd extends BaseCmd { - @Inject - DnsProviderManager dnsProviderManager; - ///////////////////////////////////////////////////// //////////////// API parameters ///////////////////// ///////////////////////////////////////////////////// + @ACL(accessType = SecurityChecker.AccessType.OperateEntry) @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = DnsServerResponse.class, required = true, description = "The ID of the DNS server to update") private Long id; diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/UpdateDnsZoneCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/UpdateDnsZoneCmd.java index 69068243d3f..d4ebe71396c 100644 --- a/api/src/main/java/org/apache/cloudstack/api/command/user/dns/UpdateDnsZoneCmd.java +++ b/api/src/main/java/org/apache/cloudstack/api/command/user/dns/UpdateDnsZoneCmd.java @@ -17,8 +17,6 @@ package org.apache.cloudstack.api.command.user.dns; -import javax.inject.Inject; - import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; @@ -28,17 +26,17 @@ import org.apache.cloudstack.api.Parameter; import org.apache.cloudstack.api.ServerApiException; import org.apache.cloudstack.api.response.DnsZoneResponse; import org.apache.cloudstack.context.CallContext; -import org.apache.cloudstack.dns.DnsProviderManager; import org.apache.cloudstack.dns.DnsZone; -@APICommand(name = "updateDnsZone", description = "Updates a DNS Zone's metadata", responseObject = DnsZoneResponse.class, - requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, since = "4.23.0", +@APICommand(name = "updateDnsZone", + description = "Updates a DNS Zone's metadata", + responseObject = DnsZoneResponse.class, + entityType = {DnsZone.class}, + requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, + since = "4.23.0", authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User}) public class UpdateDnsZoneCmd extends BaseCmd { - @Inject - DnsProviderManager dnsProviderManager; - ///////////////////////////////////////////////////// //////////////// API Parameters ///////////////////// ///////////////////////////////////////////////////// diff --git a/server/src/main/java/org/apache/cloudstack/dns/DnsProviderManagerImpl.java b/server/src/main/java/org/apache/cloudstack/dns/DnsProviderManagerImpl.java index d76957fee73..b48eece57aa 100644 --- a/server/src/main/java/org/apache/cloudstack/dns/DnsProviderManagerImpl.java +++ b/server/src/main/java/org/apache/cloudstack/dns/DnsProviderManagerImpl.java @@ -59,12 +59,10 @@ import com.cloud.exception.InvalidParameterValueException; import com.cloud.exception.PermissionDeniedException; import com.cloud.network.dao.NetworkDao; import com.cloud.network.dao.NetworkVO; -import com.cloud.projects.Project; import com.cloud.user.Account; import com.cloud.user.AccountManager; import com.cloud.utils.Pair; import com.cloud.utils.StringUtils; -import com.cloud.utils.Ternary; import com.cloud.utils.component.ManagerBase; import com.cloud.utils.component.PluggableService; import com.cloud.utils.db.Filter; diff --git a/server/src/main/java/org/apache/cloudstack/dns/dao/DnsServerDao.java b/server/src/main/java/org/apache/cloudstack/dns/dao/DnsServerDao.java index 5cbf5e3256d..d68e456a6dd 100644 --- a/server/src/main/java/org/apache/cloudstack/dns/dao/DnsServerDao.java +++ b/server/src/main/java/org/apache/cloudstack/dns/dao/DnsServerDao.java @@ -28,5 +28,6 @@ import com.cloud.utils.db.GenericDao; public interface DnsServerDao extends GenericDao { DnsServer findByUrlAndAccount(String url, long accountId); + Pair, Integer> searchDnsServers(Long id, String keyword, String provider, Long accountId, Filter filter); }