Skip to content

[WIP] DNS provider framework - PowerDNS plugin #12737

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
sudo87 wants to merge 51 commits into
base: main
Choose a base branch
from
+13,891 −16
Draft

[WIP] DNS provider framework - PowerDNS plugin #12737

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
51 commits
Select commit Hold shift + click to select a range
7b9fc0e
wip: dns provider framework
sudo87 Feb 4, 2026
b2d597c
add db schema, vo and dao classes
sudo87 Feb 10, 2026
6ef7f9b
add powerdns module in plugins
sudo87 Feb 11, 2026
9911c28
Changes done to AddDnsServer, ListDnsServer, DeleteDnsServer and Upda…
sudo87 Feb 12, 2026
df21318
1. Setup Dns zone schema
sudo87 Feb 13, 2026
f29b8be
following dns zone apis are integrated:
sudo87 Feb 15, 2026
9b77c37
Tested following flow:
sudo87 Feb 16, 2026
c5972ae
Add associate and disassociate zone to network APIs
sudo87 Feb 16, 2026
99f8c7d
following things are done:
sudo87 Feb 17, 2026
e011ce1
add missing license, cleanup, log std
sudo87 Feb 18, 2026
4a9f66d
following changes are done:
sudo87 Feb 19, 2026
c64cf81
include:
sudo87 Feb 20, 2026
4df11a4
normalize dns zone and record in svc layer, always use dotless data i…
sudo87 Feb 21, 2026
857436e
enable apis for all roles
sudo87 Feb 21, 2026
582b687
add ACL annotation, entitytype, minor cleanup
sudo87 Feb 21, 2026
add7763
acl related changes, fixes, mistakes
sudo87 Feb 25, 2026
1fe79bd
fixes related to acl, dao
sudo87 Feb 25, 2026
6ca9d5a
add views for dns_server and dns_zone
sudo87 Feb 26, 2026
1c1eef3
Add Listener for VM lifecycle to add dnsrecords for associated dns zone
sudo87 Mar 2, 2026
caf8533
1. implement event processing for vm start/stop/destroy, nic create/d…
sudo87 Mar 3, 2026
856158c
starting on ui work
sudo87 Mar 3, 2026
928db65
resolve merge conflict with main
sudo87 Mar 3, 2026
369bb16
fix lint issue
sudo87 Mar 3, 2026
0df50ce
fix list dnsservers api, ui screens for dns servers, generate events
sudo87 Mar 4, 2026
a9afbce
UI related work and fixes in updateDnsServer cmd
sudo87 Mar 10, 2026
6bcfbc6
resolve conflict with main
sudo87 Mar 13, 2026
c74a579
resolve build and licensefailure issue
sudo87 Mar 14, 2026
7f5e2a7
continue UI component work, fix minor issue with apis
sudo87 Mar 17, 2026
d8cca73
resolve conflict with main
sudo87 Mar 17, 2026
a1eca74
work on updateDnsServer ui screen, fixed acl issue for dns server and…
sudo87 Mar 18, 2026
981bb64
add associate and disassociate dns zone to network ui screens, networ…
sudo87 Mar 19, 2026
af7ce8e
fix addDnsRecord and deleteDnsRecord flow for automatic registration …
sudo87 Mar 20, 2026
bde9fd9
improve cleanup logic for DNS zone and server
sudo87 Mar 23, 2026
5682a5a
modify delete flow for dns zone and server, ask to key in name
sudo87 Mar 23, 2026
c6abed1
Following changes are part of this commit:
sudo87 Mar 25, 2026
f1dcd00
add unit tests
sudo87 Apr 1, 2026
f524bbe
resolve conflict with main
sudo87 Apr 1, 2026
9d4e141
unit tests
sudo87 Apr 1, 2026
8d10ae1
Following changes are done:
sudo87 Apr 6, 2026
3567819
fix automatic dns record registration based on vm and nic lifecycle
sudo87 Apr 9, 2026
883dc32
changes:
sudo87 Apr 10, 2026
3ae9834
fix normalizing dns record values for mx, srv and other type
sudo87 Apr 11, 2026
a036281
split cleanup of old dns urls and new record registration
sudo87 Apr 13, 2026
6466362
unit tests
sudo87 Apr 14, 2026
9d0884a
add marvin test for powerdns
sudo87 Apr 15, 2026
30566d1
merge main changes
sudo87 Apr 15, 2026
f96d4cd
trim trailing space
sudo87 Apr 15, 2026
2d14c26
rename credentials param in dns server vue files to apikey
sudo87 Apr 16, 2026
001a197
rename apikey to dnsapikey, refactor ui and add dig verification in i…
sudo87 Apr 17, 2026
172ac67
rename dnsrecordurl -> nicdnsname, DnsNicJoinView -> nicDnsJoinVo
sudo87 Apr 20, 2026
5f627aa
changes in this commit:
sudo87 Apr 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
fix list dnsservers api, ui screens for dns servers, generate events
  • Loading branch information
@sudo87
sudo87 committed Mar 4, 2026
commit 0df50cedf865b13b7d6e54c28971e6a1fbfad95c
2 changes: 2 additions & 0 deletions api/src/main/java/com/cloud/event/EventTypes.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -864,8 +864,10 @@ public class EventTypes {

// DNS Framework Events
public static final String EVENT_DNS_SERVER_ADD = "DNS.SERVER.ADD";
public static final String EVENT_DNS_SERVER_UPDATE = "DNS.SERVER.UPDATE";
public static final String EVENT_DNS_SERVER_DELETE = "DNS.SERVER.DELETE";
public static final String EVENT_DNS_ZONE_CREATE = "DNS.ZONE.CREATE";
public static final String EVENT_DNS_ZONE_UPDATE = "DNS.ZONE.UPDATE";
public static final String EVENT_DNS_ZONE_DELETE = "DNS.ZONE.DELETE";
public static final String EVENT_DNS_RECORD_CREATE = "DNS.RECORD.CREATE";
public static final String EVENT_DNS_RECORD_DELETE = "DNS.RECORD.DELETE";
Expand Down
9 changes: 6 additions & 3 deletions api/src/main/java/com/cloud/user/AccountService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,14 +19,16 @@
import java.util.List;
import java.util.Map;

import com.cloud.utils.Pair;
import org.apache.cloudstack.acl.ControlledEntity;
import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.command.admin.account.CreateAccountCmd;
import org.apache.cloudstack.api.command.admin.user.GetUserKeysCmd;
import org.apache.cloudstack.api.command.admin.user.RegisterUserKeyCmd;
import org.apache.cloudstack.api.command.admin.user.UpdateUserCmd;
import org.apache.cloudstack.auth.UserTwoFactorAuthenticator;
import org.apache.cloudstack.backup.BackupOffering;
import org.apache.cloudstack.dns.DnsServer;

import com.cloud.dc.DataCenter;
import com.cloud.domain.Domain;
Expand All @@ -35,8 +37,7 @@
import com.cloud.offering.DiskOffering;
import com.cloud.offering.NetworkOffering;
import com.cloud.offering.ServiceOffering;
import org.apache.cloudstack.auth.UserTwoFactorAuthenticator;
import org.apache.cloudstack.backup.BackupOffering;
import com.cloud.utils.Pair;

public interface AccountService {

Expand Down Expand Up @@ -119,6 +120,8 @@ User createUser(String userName, String password, String firstName, String lastN

void checkAccess(Account account, BackupOffering bof) throws PermissionDeniedException;

void checkAccess(Account account, DnsServer dnsServer) throws PermissionDeniedException;

void checkAccess(User user, ControlledEntity entity);

void checkAccess(Account account, AccessType accessType, boolean sameOwner, String apiName, ControlledEntity... entities) throws PermissionDeniedException;
Expand Down
8 changes: 4 additions & 4 deletions api/src/main/java/org/apache/cloudstack/api/command/user/dns/AddDnsServerCmd.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,8 +55,8 @@ public class AddDnsServerCmd extends BaseCmd {
@Parameter(name = ApiConstants.URL, type = CommandType.STRING, required = true, description = "API URL of the provider")
private String url;

@Parameter(name = ApiConstants.PROVIDER_TYPE, type = CommandType.STRING, required = true, description = "Provider type (e.g., PowerDNS)")
private String providerType;
@Parameter(name = ApiConstants.PROVIDER, type = CommandType.STRING, required = true, description = "Provider type (e.g., PowerDNS)")
private String provider;

@Parameter(name = ApiConstants.DNS_USER_NAME, type = CommandType.STRING,
description = "Username or email associated with the external DNS provider account (used for authentication)")
Expand Down Expand Up @@ -109,8 +109,8 @@ public List<String> getNameServers() {
return nameServers;
}

public DnsProviderType getProviderType() {
DnsProviderType dnsProviderType = EnumUtils.getEnumIgnoreCase(DnsProviderType.class, providerType, DnsProviderType.PowerDNS);
public DnsProviderType getProvider() {
DnsProviderType dnsProviderType = EnumUtils.getEnumIgnoreCase(DnsProviderType.class, provider, DnsProviderType.PowerDNS);
if (dnsProviderType == null) {
throw new InvalidParameterValueException(String.format("Invalid value passed for provider type, valid values are: %s",
EnumUtils.listValues(DnsProviderType.values())));
Expand Down
3 changes: 0 additions & 3 deletions api/src/main/java/org/apache/cloudstack/dns/DnsProviderManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,6 @@
import org.apache.cloudstack.api.response.ListResponse;

import com.cloud.network.Network;
import com.cloud.user.Account;
import com.cloud.utils.component.Manager;
import com.cloud.utils.component.PluggableService;
import com.cloud.vm.Nic;
Expand Down Expand Up @@ -75,7 +74,5 @@ public interface DnsProviderManager extends Manager, PluggableService {

boolean disassociateZoneFromNetwork(DisassociateDnsZoneFromNetworkCmd cmd);

void checkDnsServerPermissions(Account caller, DnsServer server);

String processDnsRecordForInstance(VirtualMachine instance, Network network, Nic nic, boolean isAdd);
}
6 changes: 0 additions & 6 deletions server/src/main/java/com/cloud/acl/DomainChecker.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,6 @@
import org.apache.cloudstack.backup.BackupOffering;
import org.apache.cloudstack.backup.dao.BackupOfferingDetailsDao;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.dns.DnsProviderManager;
import org.apache.cloudstack.dns.DnsServer;
import org.apache.cloudstack.query.QueryService;
import org.apache.cloudstack.resourcedetail.dao.DiskOfferingDetailsDao;
import org.springframework.stereotype.Component;
Expand Down Expand Up @@ -103,8 +101,6 @@ public class DomainChecker extends AdapterBase implements SecurityChecker {
private ProjectDao projectDao;
@Inject
private AccountService accountService;
@Inject
private DnsProviderManager dnsProviderManager;

protected DomainChecker() {
super();
Expand Down Expand Up @@ -220,8 +216,6 @@ public boolean checkAccess(Account caller, ControlledEntity entity, AccessType a
_networkMgr.checkRouterPermissions(caller, (VirtualRouter)entity);
} else if (entity instanceof AffinityGroup) {
return false;
} else if (entity instanceof DnsServer) {
dnsProviderManager.checkDnsServerPermissions(caller, (DnsServer) entity);
} else {
validateCallerHasAccessToEntityOwner(caller, entity, accessType);
}
Expand Down
19 changes: 16 additions & 3 deletions server/src/main/java/com/cloud/user/AccountManagerImpl.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -179,9 +179,9 @@
import com.cloud.utils.ConstantTimeComparator;
import com.cloud.utils.NumbersUtil;
import com.cloud.utils.Pair;
import com.cloud.utils.StringUtils;
import com.cloud.utils.Ternary;
import com.cloud.utils.UuidUtils;
import com.cloud.utils.StringUtils;
import com.cloud.utils.component.ComponentContext;
import com.cloud.utils.component.Manager;
import com.cloud.utils.component.ManagerBase;
Expand Down Expand Up @@ -737,8 +737,7 @@ public void checkAccess(Account caller, AccessType accessType, boolean sameOwner
}
if (entity.getAccountId() != -1 && domainId != -1 && !(entity instanceof VirtualMachineTemplate)
&& !(entity instanceof Network && (accessType == AccessType.UseEntry || accessType == AccessType.OperateEntry))
&& !(entity instanceof AffinityGroup) && !(entity instanceof VirtualRouter)
&& !(entity instanceof DnsServer)) {
&& !(entity instanceof AffinityGroup) && !(entity instanceof VirtualRouter)) {
List<ControlledEntity> toBeChecked = domains.get(entity.getDomainId());
// for templates, we don't have to do cross domains check
if (toBeChecked == null) {
Expand Down Expand Up @@ -3636,6 +3635,20 @@ public void checkAccess(Account account, BackupOffering bof) throws PermissionDe
throw new PermissionDeniedException("There's no way to confirm " + account + " has access to " + bof);
}

@Override
public void checkAccess(Account caller, DnsServer dnsServer) throws PermissionDeniedException {
if (caller.getId() == dnsServer.getAccountId()) {
return;
}
if (!dnsServer.isPublicServer()) {
throw new PermissionDeniedException(caller + "is not allowed to access the DNS server " + dnsServer.getName());
}
Account owner = getAccount(dnsServer.getAccountId());
if (!_domainDao.isChildDomain(owner.getDomainId(), caller.getDomainId())) {
throw new PermissionDeniedException(caller + "is not allowed to access the DNS server " + dnsServer.getName());
}
}

@Override
public void checkAccess(User user, ControlledEntity entity) throws PermissionDeniedException {
for (SecurityChecker checker : _securityCheckers) {
Expand Down
102 changes: 25 additions & 77 deletions server/src/main/java/org/apache/cloudstack/dns/DnsProviderManagerImpl.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,22 +60,20 @@
import org.springframework.stereotype.Component;

import com.cloud.domain.dao.DomainDao;
import com.cloud.event.ActionEvent;
import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.PermissionDeniedException;
import com.cloud.network.Network;
import com.cloud.network.dao.NetworkDao;
import com.cloud.network.dao.NetworkVO;
import com.cloud.projects.Project;
import com.cloud.user.Account;
import com.cloud.user.AccountManager;
import com.cloud.utils.Pair;
import com.cloud.utils.StringUtils;
import com.cloud.utils.Ternary;
import com.cloud.utils.component.ManagerBase;
import com.cloud.utils.component.PluggableService;
import com.cloud.utils.db.Filter;
import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
import com.cloud.utils.exception.CloudRuntimeException;
import com.cloud.vm.Nic;
import com.cloud.vm.VirtualMachine;
Expand Down Expand Up @@ -119,6 +117,7 @@ private DnsProvider getProviderByType(DnsProviderType type) {
}

@Override
@ActionEvent(eventType = EventTypes.EVENT_DNS_SERVER_ADD, eventDescription = "Adding a DNS Server")
public DnsServer addDnsServer(AddDnsServerCmd cmd) {
Account caller = CallContext.current().getCallingAccount();
DnsServer existing = dnsServerDao.findByUrlAndAccount(cmd.getUrl(), caller.getId());
Expand All @@ -139,7 +138,7 @@ public DnsServer addDnsServer(AddDnsServerCmd cmd) {
publicDomainSuffix = DnsProviderUtil.normalizeDomain(publicDomainSuffix);
}

DnsProviderType type = cmd.getProviderType();
DnsProviderType type = cmd.getProvider();
DnsServerVO server = new DnsServerVO(cmd.getName(), cmd.getUrl(), cmd.getPort(), cmd.getExternalServerId(), type,
cmd.getDnsUserName(), cmd.getCredentials(), isDnsPublic, publicDomainSuffix, cmd.getNameServers(),
caller.getAccountId(), caller.getDomainId());
Expand All @@ -159,12 +158,15 @@ public DnsServer addDnsServer(AddDnsServerCmd cmd) {
@Override
public ListResponse<DnsServerResponse> listDnsServers(ListDnsServersCmd cmd) {
Pair<List<DnsServerVO>, Integer> result = searchForDnsServerInternal(cmd);
ListResponse<DnsServerResponse> response = new ListResponse<>();
if (result == null) {
return response;
}
List<String> serverIds = new ArrayList<>();
for (DnsServer server : result.first()) {
serverIds.add(server.getUuid());
}
List<DnsServerJoinVO> joinResult = dnsServerJoinDao.listByUuids(serverIds);
ListResponse<DnsServerResponse> response = new ListResponse<>();
List<DnsServerResponse> serverResponses = new ArrayList<>();
for (DnsServerJoinVO server : joinResult) {
serverResponses.add(createDnsServerResponse(server));
Expand All @@ -176,64 +178,20 @@ public ListResponse<DnsServerResponse> listDnsServers(ListDnsServersCmd cmd) {
private Pair<List<DnsServerVO>, Integer> searchForDnsServerInternal(ListDnsServersCmd cmd) {
Long dnsServerId = cmd.getId();
Account caller = CallContext.current().getCallingAccount();
Long domainId = cmd.getDomainId();
boolean isRecursive = cmd.isRecursive();

// Step 1: Build ACL search parameters based on caller permissions
List<Long> permittedAccountIds = new ArrayList<>();
Ternary<Long, Boolean, Project.ListProjectResourcesCriteria> domainIdRecursiveListProject = new Ternary<>(
domainId, isRecursive, null);
accountMgr.buildACLSearchParameters(caller, dnsServerId, cmd.getAccountName(), null, permittedAccountIds,
domainIdRecursiveListProject, cmd.listAll(), false);

domainId = domainIdRecursiveListProject.first();
isRecursive = domainIdRecursiveListProject.second();
Project.ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third();
Filter searchFilter = new Filter(DnsServerVO.class, ApiConstants.ID, true, cmd.getStartIndex(), cmd.getPageSizeVal());

// Step 2: Search for caller's own DNS servers using standard ACL pattern
SearchBuilder<DnsServerVO> sb = dnsServerDao.createSearchBuilder();
accountMgr.buildACLSearchBuilder(sb, domainId, isRecursive, permittedAccountIds, listProjectResourcesCriteria);
sb.and(ApiConstants.STATE, sb.entity().getState(), SearchCriteria.Op.EQ);
sb.and(ApiConstants.PROVIDER_TYPE, sb.entity().getProviderType(), SearchCriteria.Op.EQ);
sb.done();

SearchCriteria<DnsServerVO> sc = sb.create();
accountMgr.buildACLSearchCriteria(sc, domainId, isRecursive, permittedAccountIds, listProjectResourcesCriteria);
sc.setParameters(ApiConstants.STATE, DnsServer.State.Enabled);
sc.setParameters(ApiConstants.PROVIDER_TYPE, cmd.getProviderType());

Pair<List<DnsServerVO>, Integer> ownServersPair = dnsServerDao.searchAndCount(sc, searchFilter);
List<DnsServerVO> dnsServers = new ArrayList<>(ownServersPair.first());
int count = ownServersPair.second();
if (cmd.getId() == null) {
Set<Long> parentDomainIds = domainDao.getDomainParentIds(caller.getDomainId());
if (!parentDomainIds.isEmpty()) {
SearchBuilder<DnsServerVO> publicSb = dnsServerDao.createSearchBuilder();
publicSb.and(ApiConstants.IS_PUBLIC, publicSb.entity().isPublicServer(), SearchCriteria.Op.EQ);
publicSb.and(ApiConstants.DOMAIN_IDS, publicSb.entity().getDomainId(), SearchCriteria.Op.IN);
publicSb.and(ApiConstants.STATE, publicSb.entity().getState(), SearchCriteria.Op.EQ);
publicSb.and(ApiConstants.PROVIDER_TYPE, publicSb.entity().getProviderType(), SearchCriteria.Op.EQ);
publicSb.done();
SearchCriteria<DnsServerVO> publicSc = publicSb.create();
publicSc.setParameters(ApiConstants.IS_PUBLIC, 1);
publicSc.setParameters(ApiConstants.DOMAIN_IDS, parentDomainIds.toArray());
publicSc.setParameters(ApiConstants.STATE, DnsServer.State.Enabled);
publicSc.setParameters(ApiConstants.PROVIDER_TYPE, cmd.getProviderType());
List<DnsServerVO> publicServers = dnsServerDao.search(publicSc, null);
List<Long> ownServerIds = dnsServers.stream().map(DnsServerVO::getId).collect(Collectors.toList());
for (DnsServerVO publicServer : publicServers) {
if (!ownServerIds.contains(publicServer.getId())) {
dnsServers.add(publicServer);
count++;
}
}
if (dnsServerId != null) {
DnsServerVO dnsServerVO = dnsServerDao.findById(dnsServerId);
if (dnsServerVO == null) {
return null;
}
return new Pair<>(Collections.singletonList(dnsServerVO), 1);
}
return new Pair<>(dnsServers, count);
Set<Long> parentDomainIds = domainDao.getDomainParentIds(caller.getDomainId());
Filter searchFilter = new Filter(DnsServerVO.class, ApiConstants.ID, true, cmd.getStartIndex(), cmd.getPageSizeVal());
return dnsServerDao.searchDnsServer(dnsServerId, caller.getAccountId(), parentDomainIds, cmd.getProviderType(), cmd.getKeyword(), searchFilter);
}

@Override
@ActionEvent(eventType = EventTypes.EVENT_DNS_SERVER_UPDATE, eventDescription = "Updating DNS Server")
public DnsServer updateDnsServer(UpdateDnsServerCmd cmd) {
Long dnsServerId = cmd.getId();
DnsServerVO dnsServer = dnsServerDao.findById(dnsServerId);
Expand All @@ -242,7 +200,7 @@ public DnsServer updateDnsServer(UpdateDnsServerCmd cmd) {
}

Account caller = CallContext.current().getCallingAccount();
accountMgr.checkAccess(caller, null, true, dnsServer);
accountMgr.checkAccess(caller, dnsServer);

boolean validationRequired = false;
String originalUrl = dnsServer.getUrl();
Expand Down Expand Up @@ -305,18 +263,20 @@ public DnsServer updateDnsServer(UpdateDnsServerCmd cmd) {
}

@Override
@ActionEvent(eventType = EventTypes.EVENT_DNS_SERVER_DELETE, eventDescription = "Deleting DNS Server")
public boolean deleteDnsServer(DeleteDnsServerCmd cmd) {
Long dnsServerId = cmd.getId();
DnsServerVO dnsServer = dnsServerDao.findById(dnsServerId);
if (dnsServer == null) {
throw new InvalidParameterValueException(String.format("DNS server with ID: %s not found.", dnsServerId));
}
Account caller = CallContext.current().getCallingAccount();
accountMgr.checkAccess(caller, null, true, dnsServer);
accountMgr.checkAccess(caller, dnsServer);
return dnsServerDao.remove(dnsServerId);
}

@Override
@ActionEvent(eventType = EventTypes.EVENT_DNS_ZONE_DELETE, eventDescription = "Deleting DNS Zone")
public boolean deleteDnsZone(Long zoneId) {
DnsZoneVO zone = dnsZoneDao.findById(zoneId);
if (zone == null) {
Expand All @@ -340,6 +300,7 @@ public boolean deleteDnsZone(Long zoneId) {
}

@Override
@ActionEvent(eventType = EventTypes.EVENT_DNS_ZONE_UPDATE, eventDescription = "Updating DNS Zone")
public DnsZone updateDnsZone(UpdateDnsZoneCmd cmd) {
DnsZoneVO dnsZone = dnsZoneDao.findById(cmd.getId());
if (dnsZone == null) {
Expand Down Expand Up @@ -396,7 +357,7 @@ private Pair<List<DnsZoneVO>, Integer> searchForDnsZonesInternal(ListDnsZonesCmd
Account caller = CallContext.current().getCallingAccount();
if (cmd.getDnsServerId() != null) {
DnsServer dnsServer = dnsServerDao.findById(cmd.getDnsServerId());
accountMgr.checkAccess(caller, null, false, dnsServer);
accountMgr.checkAccess(caller, dnsServer);
}
List<Long> ownDnsServerIds = dnsServerDao.listDnsServerIdsByAccountId(caller.getAccountId());
String keyword = cmd.getKeyword();
Expand All @@ -408,6 +369,7 @@ private Pair<List<DnsZoneVO>, Integer> searchForDnsZonesInternal(ListDnsZonesCmd
}

@Override
@ActionEvent(eventType = EventTypes.EVENT_DNS_RECORD_CREATE, eventDescription = "Creating DNS Record")
public DnsRecordResponse createDnsRecord(CreateDnsRecordCmd cmd) {
String recordName = StringUtils.trimToEmpty(cmd.getName()).toLowerCase();
if (StringUtils.isBlank(recordName)) {
Expand Down Expand Up @@ -436,6 +398,7 @@ public DnsRecordResponse createDnsRecord(CreateDnsRecordCmd cmd) {
}

@Override
@ActionEvent(eventType = EventTypes.EVENT_DNS_RECORD_DELETE, eventDescription = "Deleting DNS Record")
public boolean deleteDnsRecord(DeleteDnsRecordCmd cmd) {
DnsZoneVO zone = dnsZoneDao.findById(cmd.getDnsZoneId());
if (zone == null) {
Expand Down Expand Up @@ -651,21 +614,6 @@ public boolean disassociateZoneFromNetwork(DisassociateDnsZoneFromNetworkCmd cmd
return dnsZoneNetworkMapDao.remove(mapping.getId());
}


@Override
public void checkDnsServerPermissions(Account caller, DnsServer server) {
if (caller.getId() == server.getAccountId()) {
return;
}
if (!server.isPublicServer()) {
throw new PermissionDeniedException(caller + "is not allowed to access the DNS server " + server.getName());
}
Account owner = accountMgr.getAccount(server.getAccountId());
if (!domainDao.isChildDomain(caller.getDomainId(), owner.getDomainId())) {
throw new PermissionDeniedException(caller + "is not allowed to access the DNS server " + server.getName());
}
}

@Override
public String processDnsRecordForInstance(VirtualMachine instance, Network network, Nic nic, boolean isAdd) {
long networkId = network.getId();
Expand Down
Loading
Loading