fix list dnsservers api, ui screens for dns servers, generate events

Author: sudo87

api/src/main/java/com/cloud/event/EventTypes.java

@@ -864,8 +864,10 @@ public class EventTypes {
 
     // DNS Framework Events
     public static final String EVENT_DNS_SERVER_ADD = "DNS.SERVER.ADD";
+    public static final String EVENT_DNS_SERVER_UPDATE = "DNS.SERVER.UPDATE";
     public static final String EVENT_DNS_SERVER_DELETE = "DNS.SERVER.DELETE";
     public static final String EVENT_DNS_ZONE_CREATE = "DNS.ZONE.CREATE";
+    public static final String EVENT_DNS_ZONE_UPDATE = "DNS.ZONE.UPDATE";
     public static final String EVENT_DNS_ZONE_DELETE = "DNS.ZONE.DELETE";
     public static final String EVENT_DNS_RECORD_CREATE = "DNS.RECORD.CREATE";
     public static final String EVENT_DNS_RECORD_DELETE = "DNS.RECORD.DELETE";

api/src/main/java/com/cloud/user/AccountService.java

@@ -19,14 +19,16 @@
 import java.util.List;
 import java.util.Map;
 
-import com.cloud.utils.Pair;
 import org.apache.cloudstack.acl.ControlledEntity;
 import org.apache.cloudstack.acl.RoleType;
 import org.apache.cloudstack.acl.SecurityChecker.AccessType;
 import org.apache.cloudstack.api.command.admin.account.CreateAccountCmd;
 import org.apache.cloudstack.api.command.admin.user.GetUserKeysCmd;
 import org.apache.cloudstack.api.command.admin.user.RegisterUserKeyCmd;
 import org.apache.cloudstack.api.command.admin.user.UpdateUserCmd;
+import org.apache.cloudstack.auth.UserTwoFactorAuthenticator;
+import org.apache.cloudstack.backup.BackupOffering;
+import org.apache.cloudstack.dns.DnsServer;
 
 import com.cloud.dc.DataCenter;
 import com.cloud.domain.Domain;
@@ -35,8 +37,7 @@
 import com.cloud.offering.DiskOffering;
 import com.cloud.offering.NetworkOffering;
 import com.cloud.offering.ServiceOffering;
-import org.apache.cloudstack.auth.UserTwoFactorAuthenticator;
-import org.apache.cloudstack.backup.BackupOffering;
+import com.cloud.utils.Pair;
 
 public interface AccountService {
 
@@ -119,6 +120,8 @@ User createUser(String userName, String password, String firstName, String lastN
 
     void checkAccess(Account account, BackupOffering bof) throws PermissionDeniedException;
 
+    void checkAccess(Account account, DnsServer dnsServer) throws PermissionDeniedException;
+
     void checkAccess(User user, ControlledEntity entity);
 
     void checkAccess(Account account, AccessType accessType, boolean sameOwner, String apiName, ControlledEntity... entities) throws PermissionDeniedException;

api/src/main/java/org/apache/cloudstack/api/command/user/dns/AddDnsServerCmd.java

@@ -55,8 +55,8 @@ public class AddDnsServerCmd extends BaseCmd {
     @Parameter(name = ApiConstants.URL, type = CommandType.STRING, required = true, description = "API URL of the provider")
     private String url;
 
-    @Parameter(name = ApiConstants.PROVIDER_TYPE, type = CommandType.STRING, required = true, description = "Provider type (e.g., PowerDNS)")
-    private String providerType;
+    @Parameter(name = ApiConstants.PROVIDER, type = CommandType.STRING, required = true, description = "Provider type (e.g., PowerDNS)")
+    private String provider;
 
     @Parameter(name = ApiConstants.DNS_USER_NAME, type = CommandType.STRING,
             description = "Username or email associated with the external DNS provider account (used for authentication)")
@@ -109,8 +109,8 @@ public List<String> getNameServers() {
         return nameServers;
     }
 
-    public DnsProviderType getProviderType() {
-        DnsProviderType dnsProviderType = EnumUtils.getEnumIgnoreCase(DnsProviderType.class, providerType, DnsProviderType.PowerDNS);
+    public DnsProviderType getProvider() {
+        DnsProviderType dnsProviderType = EnumUtils.getEnumIgnoreCase(DnsProviderType.class, provider, DnsProviderType.PowerDNS);
         if (dnsProviderType == null) {
             throw new InvalidParameterValueException(String.format("Invalid value passed for provider type, valid values are: %s",
                     EnumUtils.listValues(DnsProviderType.values())));

api/src/main/java/org/apache/cloudstack/dns/DnsProviderManager.java

@@ -38,7 +38,6 @@
 import org.apache.cloudstack.api.response.ListResponse;
 
 import com.cloud.network.Network;
-import com.cloud.user.Account;
 import com.cloud.utils.component.Manager;
 import com.cloud.utils.component.PluggableService;
 import com.cloud.vm.Nic;
@@ -75,7 +74,5 @@ public interface DnsProviderManager extends Manager, PluggableService {
 
     boolean disassociateZoneFromNetwork(DisassociateDnsZoneFromNetworkCmd cmd);
 
-    void checkDnsServerPermissions(Account caller, DnsServer server);
-
     String processDnsRecordForInstance(VirtualMachine instance, Network network, Nic nic, boolean isAdd);
 }

server/src/main/java/com/cloud/acl/DomainChecker.java

@@ -30,8 +30,6 @@
 import org.apache.cloudstack.backup.BackupOffering;
 import org.apache.cloudstack.backup.dao.BackupOfferingDetailsDao;
 import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.dns.DnsProviderManager;
-import org.apache.cloudstack.dns.DnsServer;
 import org.apache.cloudstack.query.QueryService;
 import org.apache.cloudstack.resourcedetail.dao.DiskOfferingDetailsDao;
 import org.springframework.stereotype.Component;
@@ -103,8 +101,6 @@ public class DomainChecker extends AdapterBase implements SecurityChecker {
     private ProjectDao projectDao;
     @Inject
     private AccountService accountService;
-    @Inject
-    private DnsProviderManager dnsProviderManager;
 
     protected DomainChecker() {
         super();
@@ -220,8 +216,6 @@ public boolean checkAccess(Account caller, ControlledEntity entity, AccessType a
             _networkMgr.checkRouterPermissions(caller, (VirtualRouter)entity);
         } else if (entity instanceof AffinityGroup) {
             return false;
-        } else if (entity instanceof DnsServer) {
-            dnsProviderManager.checkDnsServerPermissions(caller, (DnsServer) entity);
         } else {
             validateCallerHasAccessToEntityOwner(caller, entity, accessType);
         }

server/src/main/java/com/cloud/user/AccountManagerImpl.java

@@ -179,9 +179,9 @@
 import com.cloud.utils.ConstantTimeComparator;
 import com.cloud.utils.NumbersUtil;
 import com.cloud.utils.Pair;
+import com.cloud.utils.StringUtils;
 import com.cloud.utils.Ternary;
 import com.cloud.utils.UuidUtils;
-import com.cloud.utils.StringUtils;
 import com.cloud.utils.component.ComponentContext;
 import com.cloud.utils.component.Manager;
 import com.cloud.utils.component.ManagerBase;
@@ -737,8 +737,7 @@ public void checkAccess(Account caller, AccessType accessType, boolean sameOwner
             }
             if (entity.getAccountId() != -1 && domainId != -1 && !(entity instanceof VirtualMachineTemplate)
                     && !(entity instanceof Network && (accessType == AccessType.UseEntry || accessType == AccessType.OperateEntry))
-                    && !(entity instanceof AffinityGroup) && !(entity instanceof VirtualRouter)
-                    && !(entity instanceof DnsServer)) {
+                    && !(entity instanceof AffinityGroup) && !(entity instanceof VirtualRouter)) {
                 List<ControlledEntity> toBeChecked = domains.get(entity.getDomainId());
                 // for templates, we don't have to do cross domains check
                 if (toBeChecked == null) {
@@ -3636,6 +3635,20 @@ public void checkAccess(Account account, BackupOffering bof) throws PermissionDe
         throw new PermissionDeniedException("There's no way to confirm " + account + " has access to " + bof);
     }
 
+    @Override
+    public void checkAccess(Account caller, DnsServer dnsServer) throws PermissionDeniedException {
+        if (caller.getId() == dnsServer.getAccountId()) {
+            return;
+        }
+        if (!dnsServer.isPublicServer()) {
+            throw new PermissionDeniedException(caller + "is not allowed to access the DNS server " + dnsServer.getName());
+        }
+        Account owner = getAccount(dnsServer.getAccountId());
+        if (!_domainDao.isChildDomain(owner.getDomainId(), caller.getDomainId())) {
+            throw new PermissionDeniedException(caller + "is not allowed to access the DNS server " + dnsServer.getName());
+        }
+    }
+
     @Override
     public void checkAccess(User user, ControlledEntity entity) throws PermissionDeniedException {
         for (SecurityChecker checker : _securityCheckers) {

server/src/main/java/org/apache/cloudstack/dns/DnsProviderManagerImpl.java

@@ -60,22 +60,20 @@
 import org.springframework.stereotype.Component;
 
 import com.cloud.domain.dao.DomainDao;
+import com.cloud.event.ActionEvent;
+import com.cloud.event.EventTypes;
 import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.exception.PermissionDeniedException;
 import com.cloud.network.Network;
 import com.cloud.network.dao.NetworkDao;
 import com.cloud.network.dao.NetworkVO;
-import com.cloud.projects.Project;
 import com.cloud.user.Account;
 import com.cloud.user.AccountManager;
 import com.cloud.utils.Pair;
 import com.cloud.utils.StringUtils;
-import com.cloud.utils.Ternary;
 import com.cloud.utils.component.ManagerBase;
 import com.cloud.utils.component.PluggableService;
 import com.cloud.utils.db.Filter;
-import com.cloud.utils.db.SearchBuilder;
-import com.cloud.utils.db.SearchCriteria;
 import com.cloud.utils.exception.CloudRuntimeException;
 import com.cloud.vm.Nic;
 import com.cloud.vm.VirtualMachine;
@@ -119,6 +117,7 @@ private DnsProvider getProviderByType(DnsProviderType type) {
     }
 
     @Override
+    @ActionEvent(eventType = EventTypes.EVENT_DNS_SERVER_ADD, eventDescription = "Adding a DNS Server")
     public DnsServer addDnsServer(AddDnsServerCmd cmd) {
         Account caller = CallContext.current().getCallingAccount();
         DnsServer existing = dnsServerDao.findByUrlAndAccount(cmd.getUrl(), caller.getId());
@@ -139,7 +138,7 @@ public DnsServer addDnsServer(AddDnsServerCmd cmd) {
             publicDomainSuffix = DnsProviderUtil.normalizeDomain(publicDomainSuffix);
         }
 
-        DnsProviderType type = cmd.getProviderType();
+        DnsProviderType type = cmd.getProvider();
         DnsServerVO server = new DnsServerVO(cmd.getName(), cmd.getUrl(), cmd.getPort(), cmd.getExternalServerId(), type,
                 cmd.getDnsUserName(), cmd.getCredentials(), isDnsPublic, publicDomainSuffix, cmd.getNameServers(),
                 caller.getAccountId(), caller.getDomainId());
@@ -159,12 +158,15 @@ public DnsServer addDnsServer(AddDnsServerCmd cmd) {
     @Override
     public ListResponse<DnsServerResponse> listDnsServers(ListDnsServersCmd cmd) {
         Pair<List<DnsServerVO>, Integer> result = searchForDnsServerInternal(cmd);
+        ListResponse<DnsServerResponse> response = new ListResponse<>();
+        if (result == null) {
+            return response;
+        }
         List<String> serverIds = new ArrayList<>();
         for (DnsServer server : result.first()) {
             serverIds.add(server.getUuid());
         }
         List<DnsServerJoinVO> joinResult = dnsServerJoinDao.listByUuids(serverIds);
-        ListResponse<DnsServerResponse> response = new ListResponse<>();
         List<DnsServerResponse> serverResponses = new ArrayList<>();
         for (DnsServerJoinVO server : joinResult) {
             serverResponses.add(createDnsServerResponse(server));
@@ -176,64 +178,20 @@ public ListResponse<DnsServerResponse> listDnsServers(ListDnsServersCmd cmd) {
     private Pair<List<DnsServerVO>, Integer> searchForDnsServerInternal(ListDnsServersCmd cmd) {
         Long dnsServerId = cmd.getId();
         Account caller = CallContext.current().getCallingAccount();
-        Long domainId = cmd.getDomainId();
-        boolean isRecursive = cmd.isRecursive();
-
-        // Step 1: Build ACL search parameters based on caller permissions
-        List<Long> permittedAccountIds = new ArrayList<>();
-        Ternary<Long, Boolean, Project.ListProjectResourcesCriteria> domainIdRecursiveListProject = new Ternary<>(
-                domainId, isRecursive, null);
-        accountMgr.buildACLSearchParameters(caller, dnsServerId, cmd.getAccountName(), null, permittedAccountIds,
-                domainIdRecursiveListProject, cmd.listAll(), false);
-
-        domainId = domainIdRecursiveListProject.first();
-        isRecursive = domainIdRecursiveListProject.second();
-        Project.ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third();
-        Filter searchFilter = new Filter(DnsServerVO.class, ApiConstants.ID, true, cmd.getStartIndex(), cmd.getPageSizeVal());
-
-        // Step 2: Search for caller's own DNS servers using standard ACL pattern
-        SearchBuilder<DnsServerVO> sb = dnsServerDao.createSearchBuilder();
-        accountMgr.buildACLSearchBuilder(sb, domainId, isRecursive, permittedAccountIds, listProjectResourcesCriteria);
-        sb.and(ApiConstants.STATE, sb.entity().getState(), SearchCriteria.Op.EQ);
-        sb.and(ApiConstants.PROVIDER_TYPE, sb.entity().getProviderType(), SearchCriteria.Op.EQ);
-        sb.done();
-
-        SearchCriteria<DnsServerVO> sc = sb.create();
-        accountMgr.buildACLSearchCriteria(sc, domainId, isRecursive, permittedAccountIds, listProjectResourcesCriteria);
-        sc.setParameters(ApiConstants.STATE, DnsServer.State.Enabled);
-        sc.setParameters(ApiConstants.PROVIDER_TYPE, cmd.getProviderType());
-
-        Pair<List<DnsServerVO>, Integer> ownServersPair = dnsServerDao.searchAndCount(sc, searchFilter);
-        List<DnsServerVO> dnsServers = new ArrayList<>(ownServersPair.first());
-        int count = ownServersPair.second();
-        if (cmd.getId() == null) {
-            Set<Long> parentDomainIds = domainDao.getDomainParentIds(caller.getDomainId());
-            if (!parentDomainIds.isEmpty()) {
-                SearchBuilder<DnsServerVO> publicSb = dnsServerDao.createSearchBuilder();
-                publicSb.and(ApiConstants.IS_PUBLIC, publicSb.entity().isPublicServer(), SearchCriteria.Op.EQ);
-                publicSb.and(ApiConstants.DOMAIN_IDS, publicSb.entity().getDomainId(), SearchCriteria.Op.IN);
-                publicSb.and(ApiConstants.STATE, publicSb.entity().getState(), SearchCriteria.Op.EQ);
-                publicSb.and(ApiConstants.PROVIDER_TYPE, publicSb.entity().getProviderType(), SearchCriteria.Op.EQ);
-                publicSb.done();
-                SearchCriteria<DnsServerVO> publicSc = publicSb.create();
-                publicSc.setParameters(ApiConstants.IS_PUBLIC, 1);
-                publicSc.setParameters(ApiConstants.DOMAIN_IDS, parentDomainIds.toArray());
-                publicSc.setParameters(ApiConstants.STATE, DnsServer.State.Enabled);
-                publicSc.setParameters(ApiConstants.PROVIDER_TYPE, cmd.getProviderType());
-                List<DnsServerVO> publicServers = dnsServerDao.search(publicSc, null);
-                List<Long> ownServerIds = dnsServers.stream().map(DnsServerVO::getId).collect(Collectors.toList());
-                for (DnsServerVO publicServer : publicServers) {
-                    if (!ownServerIds.contains(publicServer.getId())) {
-                        dnsServers.add(publicServer);
-                        count++;
-                    }
-                }
+        if (dnsServerId != null) {
+            DnsServerVO dnsServerVO = dnsServerDao.findById(dnsServerId);
+            if (dnsServerVO == null) {
+                return null;
             }
+            return new Pair<>(Collections.singletonList(dnsServerVO), 1);
         }
-        return new Pair<>(dnsServers, count);
+        Set<Long> parentDomainIds = domainDao.getDomainParentIds(caller.getDomainId());
+        Filter searchFilter = new Filter(DnsServerVO.class, ApiConstants.ID, true, cmd.getStartIndex(), cmd.getPageSizeVal());
+        return dnsServerDao.searchDnsServer(dnsServerId, caller.getAccountId(), parentDomainIds, cmd.getProviderType(), cmd.getKeyword(), searchFilter);
     }
 
     @Override
+    @ActionEvent(eventType = EventTypes.EVENT_DNS_SERVER_UPDATE, eventDescription = "Updating DNS Server")
     public DnsServer updateDnsServer(UpdateDnsServerCmd cmd) {
         Long dnsServerId = cmd.getId();
         DnsServerVO dnsServer = dnsServerDao.findById(dnsServerId);
@@ -242,7 +200,7 @@ public DnsServer updateDnsServer(UpdateDnsServerCmd cmd) {
         }
 
         Account caller = CallContext.current().getCallingAccount();
-        accountMgr.checkAccess(caller, null, true, dnsServer);
+        accountMgr.checkAccess(caller, dnsServer);
 
         boolean validationRequired = false;
         String originalUrl = dnsServer.getUrl();
@@ -305,18 +263,20 @@ public DnsServer updateDnsServer(UpdateDnsServerCmd cmd) {
     }
 
     @Override
+    @ActionEvent(eventType = EventTypes.EVENT_DNS_SERVER_DELETE, eventDescription = "Deleting DNS Server")
     public boolean deleteDnsServer(DeleteDnsServerCmd cmd) {
         Long dnsServerId = cmd.getId();
         DnsServerVO dnsServer = dnsServerDao.findById(dnsServerId);
         if (dnsServer == null) {
             throw new InvalidParameterValueException(String.format("DNS server with ID: %s not found.", dnsServerId));
         }
         Account caller = CallContext.current().getCallingAccount();
-        accountMgr.checkAccess(caller, null, true, dnsServer);
+        accountMgr.checkAccess(caller, dnsServer);
         return dnsServerDao.remove(dnsServerId);
     }
 
     @Override
+    @ActionEvent(eventType = EventTypes.EVENT_DNS_ZONE_DELETE, eventDescription = "Deleting DNS Zone")
     public boolean deleteDnsZone(Long zoneId) {
         DnsZoneVO zone = dnsZoneDao.findById(zoneId);
         if (zone == null) {
@@ -340,6 +300,7 @@ public boolean deleteDnsZone(Long zoneId) {
     }
 
     @Override
+    @ActionEvent(eventType = EventTypes.EVENT_DNS_ZONE_UPDATE, eventDescription = "Updating DNS Zone")
     public DnsZone updateDnsZone(UpdateDnsZoneCmd cmd) {
         DnsZoneVO dnsZone = dnsZoneDao.findById(cmd.getId());
         if (dnsZone == null) {
@@ -396,7 +357,7 @@ private Pair<List<DnsZoneVO>, Integer> searchForDnsZonesInternal(ListDnsZonesCmd
         Account caller = CallContext.current().getCallingAccount();
         if (cmd.getDnsServerId() != null) {
             DnsServer dnsServer = dnsServerDao.findById(cmd.getDnsServerId());
-            accountMgr.checkAccess(caller, null, false, dnsServer);
+            accountMgr.checkAccess(caller, dnsServer);
         }
         List<Long> ownDnsServerIds = dnsServerDao.listDnsServerIdsByAccountId(caller.getAccountId());
         String keyword = cmd.getKeyword();
@@ -408,6 +369,7 @@ private Pair<List<DnsZoneVO>, Integer> searchForDnsZonesInternal(ListDnsZonesCmd
     }
 
     @Override
+    @ActionEvent(eventType = EventTypes.EVENT_DNS_RECORD_CREATE, eventDescription = "Creating DNS Record")
     public DnsRecordResponse createDnsRecord(CreateDnsRecordCmd cmd) {
         String recordName = StringUtils.trimToEmpty(cmd.getName()).toLowerCase();
         if (StringUtils.isBlank(recordName)) {
@@ -436,6 +398,7 @@ public DnsRecordResponse createDnsRecord(CreateDnsRecordCmd cmd) {
     }
 
     @Override
+    @ActionEvent(eventType = EventTypes.EVENT_DNS_RECORD_DELETE, eventDescription = "Deleting DNS Record")
     public boolean deleteDnsRecord(DeleteDnsRecordCmd cmd) {
         DnsZoneVO zone = dnsZoneDao.findById(cmd.getDnsZoneId());
         if (zone == null) {
@@ -651,21 +614,6 @@ public boolean disassociateZoneFromNetwork(DisassociateDnsZoneFromNetworkCmd cmd
         return dnsZoneNetworkMapDao.remove(mapping.getId());
     }
 
-
-    @Override
-    public void checkDnsServerPermissions(Account caller, DnsServer server) {
-        if (caller.getId() == server.getAccountId()) {
-            return;
-        }
-        if (!server.isPublicServer()) {
-            throw new PermissionDeniedException(caller + "is not allowed to access the DNS server " + server.getName());
-        }
-        Account owner = accountMgr.getAccount(server.getAccountId());
-        if (!domainDao.isChildDomain(caller.getDomainId(), owner.getDomainId())) {
-            throw new PermissionDeniedException(caller + "is not allowed to access the DNS server " + server.getName());
-        }
-    }
-
     @Override
     public String processDnsRecordForInstance(VirtualMachine instance, Network network, Nic nic, boolean isAdd) {
         long networkId = network.getId();