alphard/pdns-admin
1
0
Fork 0
Code Issues Pull Requests Activity

primeiro commit

Browse Source
This commit is contained in:
alphard
2026-06-18 22:32:42 -03:00
commit 968f4ef5d9
25 changed files with 3222 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

327
internal/pdns/client.go Normal file
View File

@@ -0,0 +1,327 @@
package pdns
import (
"bytes"
"context"
"encoding/json"
"fmt"
"io"
"net/http"
"net/url"
"strconv"
"strings"
"time"
)
type HTTPClient interface {
Do(*http.Request) (*http.Response, error)
}
type Client struct {
baseURL string
apiKey string
serverID string
httpClient HTTPClient
}
type Server struct {
ID string `json:"id"`
Type string `json:"type"`
DaemonType string `json:"daemon_type"`
Version string `json:"version"`
URL string `json:"url"`
ConfigURL string `json:"config_url"`
ZonesURL string `json:"zones_url"`
}
type Zone struct {
ID string `json:"id,omitempty"`
Name string `json:"name"`
Type string `json:"type,omitempty"`
Kind string `json:"kind,omitempty"`
Serial uint64 `json:"serial,omitempty"`
EditedSerial uint64 `json:"edited_serial,omitempty"`
SOAEditAPI string `json:"soa_edit_api,omitempty"`
Nameservers []string `json:"nameservers,omitempty"`
Masters []string `json:"masters,omitempty"`
RRSets []RRSet `json:"rrsets,omitempty"`
}
type RRSet struct {
Name string `json:"name"`
Type string `json:"type"`
TTL uint32 `json:"ttl"`
Records []Record `json:"records"`
}
type Record struct {
Content string `json:"content"`
Disabled bool `json:"disabled"`
}
type changeRRSet struct {
Name string `json:"name"`
Type string `json:"type"`
TTL uint32 `json:"ttl,omitempty"`
ChangeType string `json:"changetype"`
Records []Record `json:"records,omitempty"`
}
func (z Zone) DisplayKind() string {
if z.Kind != "" {
return z.Kind
}
return z.Type
}
func NewClient(baseURL, apiKey, serverID string, httpClient HTTPClient) *Client {
if httpClient == nil {
httpClient = &http.Client{Timeout: 15 * time.Second}
}
return &Client{
baseURL: strings.TrimRight(baseURL, "/"),
apiKey: apiKey,
serverID: strings.Trim(serverID, "/"),
httpClient: httpClient,
}
}
func (c *Client) GetServer(ctx context.Context) (Server, error) {
var server Server
err := c.do(ctx, http.MethodGet, c.path(""), nil, &server)
return server, err
}
func (c *Client) ListZones(ctx context.Context) ([]Zone, error) {
var zones []Zone
err := c.do(ctx, http.MethodGet, c.path("/zones"), nil, &zones)
return zones, err
}
func (c *Client) CreateZone(ctx context.Context, zone Zone) (Zone, error) {
var created Zone
err := c.do(ctx, http.MethodPost, c.path("/zones"), zone, &created)
return created, err
}
func (c *Client) DeleteZone(ctx context.Context, zoneID string) error {
return c.do(ctx, http.MethodDelete, c.path("/zones/"+url.PathEscape(zoneID)), nil, nil)
}
func (c *Client) GetZone(ctx context.Context, zoneID string) (Zone, error) {
var zone Zone
err := c.do(ctx, http.MethodGet, c.path("/zones/"+url.PathEscape(zoneID)), nil, &zone)
return zone, err
}
func (c *Client) CreateRRSet(ctx context.Context, zoneID string, rrset RRSet) error {
var before *Zone
if allowsMultipleRecords(rrset.Type) {
zone, err := c.GetZone(ctx, zoneID)
if err != nil {
return fmt.Errorf("read zone before merging records: %w", err)
}
before = &zone
if existing, ok := findRRSet(zone, rrset.Name, rrset.Type); ok {
rrset.Records = mergeRecords(existing.Records, rrset.Records)
}
}
return c.patchZoneWithSerialBump(ctx, zoneID, before, []changeRRSet{{
Name: rrset.Name,
Type: rrset.Type,
TTL: rrset.TTL,
ChangeType: "REPLACE",
Records: rrset.Records,
}})
}
func allowsMultipleRecords(recordType string) bool {
switch strings.ToUpper(strings.TrimSpace(recordType)) {
case "A", "AAAA", "CAA", "MX", "NS", "SRV", "TXT":
return true
default:
return false
}
}
func findRRSet(zone Zone, name, recordType string) (RRSet, bool) {
recordType = strings.ToUpper(strings.TrimSpace(recordType))
for _, rrset := range zone.RRSets {
if strings.EqualFold(rrset.Name, name) && strings.EqualFold(rrset.Type, recordType) {
return rrset, true
}
}
return RRSet{}, false
}
func mergeRecords(existing, added []Record) []Record {
merged := make([]Record, 0, len(existing)+len(added))
seen := make(map[string]struct{}, len(existing)+len(added))
for _, record := range append(append([]Record{}, existing...), added...) {
key := recordKey(record)
if _, ok := seen[key]; ok {
continue
}
seen[key] = struct{}{}
merged = append(merged, record)
}
return merged
}
func recordKey(record Record) string {
return strings.TrimSpace(record.Content) + "\x00" + strconv.FormatBool(record.Disabled)
}
func (c *Client) DeleteRRSet(ctx context.Context, zoneID, name, recordType string) error {
return c.patchZoneWithSerialBump(ctx, zoneID, nil, []changeRRSet{{
Name: name,
Type: recordType,
ChangeType: "DELETE",
}})
}
func (c *Client) patchZone(ctx context.Context, zoneID string, rrsets []changeRRSet) error {
body := struct {
RRSets []changeRRSet `json:"rrsets"`
}{RRSets: rrsets}
return c.do(ctx, http.MethodPatch, c.path("/zones/"+url.PathEscape(zoneID)), body, nil)
}
func (c *Client) patchZoneWithSerialBump(ctx context.Context, zoneID string, before *Zone, rrsets []changeRRSet) error {
if before == nil {
zone, err := c.GetZone(ctx, zoneID)
if err != nil {
return fmt.Errorf("read zone before change: %w", err)
}
before = &zone
}
if err := c.patchZone(ctx, zoneID, rrsets); err != nil {
return err
}
after, err := c.GetZone(ctx, zoneID)
if err != nil {
return fmt.Errorf("read zone after change: %w", err)
}
if serialIncreased(*before, after) {
return nil
}
soa, err := bumpedSOA(after, before.Serial+1)
if err != nil {
return fmt.Errorf("bump SOA serial: %w", err)
}
return c.patchZone(ctx, zoneID, []changeRRSet{{
Name: soa.Name,
Type: soa.Type,
TTL: soa.TTL,
ChangeType: "REPLACE",
Records: soa.Records,
}})
}
func (c *Client) path(suffix string) string {
return "/api/v1/servers/" + url.PathEscape(c.serverID) + suffix
}
func (c *Client) do(ctx context.Context, method, apiPath string, in any, out any) error {
var body io.Reader
if in != nil {
payload, err := json.Marshal(in)
if err != nil {
return fmt.Errorf("encode request: %w", err)
}
body = bytes.NewReader(payload)
}
req, err := http.NewRequestWithContext(ctx, method, c.baseURL+apiPath, body)
if err != nil {
return fmt.Errorf("create request: %w", err)
}
req.Header.Set("X-API-Key", c.apiKey)
req.Header.Set("Accept", "application/json")
if in != nil {
req.Header.Set("Content-Type", "application/json")
}
resp, err := c.httpClient.Do(req)
if err != nil {
return fmt.Errorf("powerdns request failed: %w", err)
}
defer resp.Body.Close()
responseBody, err := io.ReadAll(io.LimitReader(resp.Body, 1<<20))
if err != nil {
return fmt.Errorf("read powerdns response: %w", err)
}
if resp.StatusCode < 200 || resp.StatusCode >= 300 {
message := strings.TrimSpace(string(responseBody))
if message == "" {
message = resp.Status
}
return fmt.Errorf("powerdns returned %s: %s", resp.Status, message)
}
if out == nil || len(responseBody) == 0 {
return nil
}
if err := json.Unmarshal(responseBody, out); err != nil {
return fmt.Errorf("decode powerdns response: %w", err)
}
return nil
}
func serialIncreased(before, after Zone) bool {
if after.Serial > before.Serial {
return true
}
if (before.EditedSerial != 0 || after.EditedSerial != 0) && after.EditedSerial > before.EditedSerial {
return true
}
return false
}
func bumpedSOA(zone Zone, minimum uint64) (RRSet, error) {
for _, rrset := range zone.RRSets {
if !strings.EqualFold(rrset.Type, "SOA") {
continue
}
if len(rrset.Records) != 1 {
return RRSet{}, fmt.Errorf("expected exactly one SOA record, got %d", len(rrset.Records))
}
record := rrset.Records[0]
fields := strings.Fields(record.Content)
if len(fields) != 7 {
return RRSet{}, fmt.Errorf("SOA record must have 7 fields")
}
current, err := strconv.ParseUint(fields[2], 10, 32)
if err != nil {
return RRSet{}, fmt.Errorf("parse SOA serial: %w", err)
}
if current == 1<<32-1 {
return RRSet{}, fmt.Errorf("SOA serial is already at maximum uint32 value")
}
next := current + 1
if next < minimum {
next = minimum
}
if next > 1<<32-1 {
return RRSet{}, fmt.Errorf("next SOA serial exceeds maximum uint32 value")
}
fields[2] = strconv.FormatUint(next, 10)
record.Content = strings.Join(fields, " ")
rrset.Records[0] = record
return rrset, nil
}
return RRSet{}, fmt.Errorf("SOA record not found")
}

357
internal/pdns/client_test.go Normal file
View File

@@ -0,0 +1,357 @@
package pdns
import (
"context"
"encoding/json"
"net/http"
"net/http/httptest"
"strconv"
"strings"
"testing"
)
func TestListZonesSendsAPIKey(t *testing.T) {
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.URL.Path != "/api/v1/servers/localhost/zones" {
t.Fatalf("unexpected path: %s", r.URL.Path)
}
if got := r.Header.Get("X-API-Key"); got != "secret" {
t.Fatalf("unexpected api key: %q", got)
}
_ = json.NewEncoder(w).Encode([]Zone{{ID: "example.org.", Name: "example.org."}})
}))
defer server.Close()
client := NewClient(server.URL, "secret", "localhost", server.Client())
zones, err := client.ListZones(context.Background())
if err != nil {
t.Fatalf("ListZones returned error: %v", err)
}
if len(zones) != 1 || zones[0].ID != "example.org." {
t.Fatalf("unexpected zones: %#v", zones)
}
}
func TestCreateRRSetPatchesZone(t *testing.T) {
var patchCount int
var getCount int
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if !strings.HasPrefix(r.URL.Path, "/api/v1/servers/localhost/zones/example.org.") {
t.Fatalf("unexpected path: %s", r.URL.Path)
}
switch r.Method {
case http.MethodGet:
getCount++
serial := uint64(10)
if getCount == 2 {
serial = 11
}
writeZone(t, w, serial)
case http.MethodPatch:
patchCount++
var payload struct {
RRSets []changeRRSet `json:"rrsets"`
}
if err := json.NewDecoder(r.Body).Decode(&payload); err != nil {
t.Fatalf("decode request: %v", err)
}
if len(payload.RRSets) != 1 || payload.RRSets[0].ChangeType != "REPLACE" {
t.Fatalf("unexpected payload: %#v", payload)
}
w.WriteHeader(http.StatusNoContent)
default:
t.Fatalf("unexpected method: %s", r.Method)
}
}))
defer server.Close()
client := NewClient(server.URL, "secret", "localhost", server.Client())
err := client.CreateRRSet(context.Background(), "example.org.", RRSet{
Name: "www.example.org.",
Type: "A",
TTL: 300,
Records: []Record{{
Content: "192.0.2.10",
}},
})
if err != nil {
t.Fatalf("CreateRRSet returned error: %v", err)
}
if patchCount != 1 {
t.Fatalf("expected one patch when serial increases, got %d", patchCount)
}
}
func TestCreateRRSetBumpsSOAWhenSerialDoesNotIncrease(t *testing.T) {
var patchCount int
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if !strings.HasPrefix(r.URL.Path, "/api/v1/servers/localhost/zones/example.org.") {
t.Fatalf("unexpected path: %s", r.URL.Path)
}
switch r.Method {
case http.MethodGet:
writeZone(t, w, 10)
case http.MethodPatch:
patchCount++
var payload struct {
RRSets []changeRRSet `json:"rrsets"`
}
if err := json.NewDecoder(r.Body).Decode(&payload); err != nil {
t.Fatalf("decode request: %v", err)
}
if len(payload.RRSets) != 1 {
t.Fatalf("unexpected payload: %#v", payload)
}
if patchCount == 2 {
rrset := payload.RRSets[0]
if rrset.Type != "SOA" {
t.Fatalf("expected SOA fallback patch, got %#v", rrset)
}
if got := rrset.Records[0].Content; !strings.Contains(got, " 11 ") {
t.Fatalf("expected bumped SOA serial, got %q", got)
}
}
w.WriteHeader(http.StatusNoContent)
default:
t.Fatalf("unexpected method: %s", r.Method)
}
}))
defer server.Close()
client := NewClient(server.URL, "secret", "localhost", server.Client())
err := client.CreateRRSet(context.Background(), "example.org.", RRSet{
Name: "www.example.org.",
Type: "A",
TTL: 300,
Records: []Record{{
Content: "192.0.2.10",
}},
})
if err != nil {
t.Fatalf("CreateRRSet returned error: %v", err)
}
if patchCount != 2 {
t.Fatalf("expected requested patch plus SOA fallback patch, got %d", patchCount)
}
}
func TestCreateRRSetMergesMultiValueRecordTypes(t *testing.T) {
var patched RRSet
var getCount int
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if !strings.HasPrefix(r.URL.Path, "/api/v1/servers/localhost/zones/example.org.") {
t.Fatalf("unexpected path: %s", r.URL.Path)
}
switch r.Method {
case http.MethodGet:
getCount++
writeZoneWithRRSets(t, w, 10, []RRSet{{
Name: "example.org.",
Type: "NS",
TTL: 3600,
Records: []Record{{
Content: "ns1.example.org.",
}},
}})
case http.MethodPatch:
var payload struct {
RRSets []changeRRSet `json:"rrsets"`
}
if err := json.NewDecoder(r.Body).Decode(&payload); err != nil {
t.Fatalf("decode request: %v", err)
}
if payload.RRSets[0].Type == "NS" {
patched = RRSet{
Name: payload.RRSets[0].Name,
Type: payload.RRSets[0].Type,
TTL: payload.RRSets[0].TTL,
Records: payload.RRSets[0].Records,
}
}
w.WriteHeader(http.StatusNoContent)
default:
t.Fatalf("unexpected method: %s", r.Method)
}
}))
defer server.Close()
client := NewClient(server.URL, "secret", "localhost", server.Client())
err := client.CreateRRSet(context.Background(), "example.org.", RRSet{
Name: "example.org.",
Type: "NS",
TTL: 3600,
Records: []Record{{
Content: "ns2.example.org.",
}},
})
if err != nil {
t.Fatalf("CreateRRSet returned error: %v", err)
}
if getCount == 0 {
t.Fatal("expected zone read before merge")
}
if len(patched.Records) != 2 {
t.Fatalf("expected merged records, got %#v", patched.Records)
}
if patched.Records[0].Content != "ns1.example.org." || patched.Records[1].Content != "ns2.example.org." {
t.Fatalf("unexpected merged records: %#v", patched.Records)
}
}
func TestCreateRRSetDoesNotMergeSingleValueRecordTypes(t *testing.T) {
var patched RRSet
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if !strings.HasPrefix(r.URL.Path, "/api/v1/servers/localhost/zones/www.example.org.") {
t.Fatalf("unexpected path: %s", r.URL.Path)
}
switch r.Method {
case http.MethodGet:
writeZoneWithRRSets(t, w, 11, []RRSet{{
Name: "www.example.org.",
Type: "CNAME",
TTL: 3600,
Records: []Record{{
Content: "old.example.org.",
}},
}})
case http.MethodPatch:
var payload struct {
RRSets []changeRRSet `json:"rrsets"`
}
if err := json.NewDecoder(r.Body).Decode(&payload); err != nil {
t.Fatalf("decode request: %v", err)
}
if payload.RRSets[0].Type == "CNAME" {
patched = RRSet{
Name: payload.RRSets[0].Name,
Type: payload.RRSets[0].Type,
TTL: payload.RRSets[0].TTL,
Records: payload.RRSets[0].Records,
}
}
w.WriteHeader(http.StatusNoContent)
default:
t.Fatalf("unexpected method: %s", r.Method)
}
}))
defer server.Close()
client := NewClient(server.URL, "secret", "localhost", server.Client())
err := client.CreateRRSet(context.Background(), "www.example.org.", RRSet{
Name: "www.example.org.",
Type: "CNAME",
TTL: 3600,
Records: []Record{{
Content: "new.example.org.",
}},
})
if err != nil {
t.Fatalf("CreateRRSet returned error: %v", err)
}
if len(patched.Records) != 1 || patched.Records[0].Content != "new.example.org." {
t.Fatalf("expected replacement record only, got %#v", patched.Records)
}
}
func TestGetServerUsesConfiguredServerID(t *testing.T) {
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.URL.Path != "/api/v1/servers/localhost" {
t.Fatalf("unexpected path: %s", r.URL.Path)
}
_ = json.NewEncoder(w).Encode(Server{ID: "localhost", Version: "5.0.0"})
}))
defer server.Close()
client := NewClient(server.URL, "secret", "localhost", server.Client())
got, err := client.GetServer(context.Background())
if err != nil {
t.Fatalf("GetServer returned error: %v", err)
}
if got.ID != "localhost" {
t.Fatalf("unexpected server: %#v", got)
}
}
func TestCreateZonePostsZone(t *testing.T) {
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.Method != http.MethodPost {
t.Fatalf("unexpected method: %s", r.Method)
}
if r.URL.Path != "/api/v1/servers/localhost/zones" {
t.Fatalf("unexpected path: %s", r.URL.Path)
}
var payload Zone
if err := json.NewDecoder(r.Body).Decode(&payload); err != nil {
t.Fatalf("decode request: %v", err)
}
if payload.Name != "example.org." || payload.Kind != "Native" {
t.Fatalf("unexpected payload: %#v", payload)
}
w.WriteHeader(http.StatusCreated)
_ = json.NewEncoder(w).Encode(payload)
}))
defer server.Close()
client := NewClient(server.URL, "secret", "localhost", server.Client())
created, err := client.CreateZone(context.Background(), Zone{Name: "example.org.", Kind: "Native"})
if err != nil {
t.Fatalf("CreateZone returned error: %v", err)
}
if created.Name != "example.org." {
t.Fatalf("unexpected zone: %#v", created)
}
}
func TestDeleteZoneDeletesZone(t *testing.T) {
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.Method != http.MethodDelete {
t.Fatalf("unexpected method: %s", r.Method)
}
if r.URL.Path != "/api/v1/servers/localhost/zones/example.org." {
t.Fatalf("unexpected path: %s", r.URL.Path)
}
w.WriteHeader(http.StatusNoContent)
}))
defer server.Close()
client := NewClient(server.URL, "secret", "localhost", server.Client())
if err := client.DeleteZone(context.Background(), "example.org."); err != nil {
t.Fatalf("DeleteZone returned error: %v", err)
}
}
func writeZone(t *testing.T, w http.ResponseWriter, serial uint64) {
t.Helper()
writeZoneWithRRSets(t, w, serial, nil)
}
func writeZoneWithRRSets(t *testing.T, w http.ResponseWriter, serial uint64, rrsets []RRSet) {
t.Helper()
allRRSets := []RRSet{{
Name: "example.org.",
Type: "SOA",
TTL: 3600,
Records: []Record{{
Content: "ns1.example.org. hostmaster.example.org. " + strconv.FormatUint(serial, 10) + " 3600 600 604800 300",
}},
}}
allRRSets = append(allRRSets, rrsets...)
_ = json.NewEncoder(w).Encode(Zone{
ID: "example.org.",
Name: "example.org.",
Serial: serial,
RRSets: allRRSets,
})
}