|
71 | 71 | import com.cloud.network.dao.NetworkVO; |
72 | 72 | import com.cloud.user.Account; |
73 | 73 | import com.cloud.user.AccountManager; |
| 74 | +import com.cloud.user.dao.AccountDao; |
74 | 75 | import com.cloud.utils.Pair; |
75 | 76 | import com.cloud.utils.StringUtils; |
76 | 77 | import com.cloud.utils.component.ManagerBase; |
77 | 78 | import com.cloud.utils.component.PluggableService; |
78 | 79 | import com.cloud.utils.db.Filter; |
| 80 | +import com.cloud.utils.db.Transaction; |
| 81 | +import com.cloud.utils.db.TransactionCallback; |
79 | 82 | import com.cloud.utils.exception.CloudRuntimeException; |
80 | 83 | import com.cloud.vm.Nic; |
81 | 84 | import com.cloud.vm.VirtualMachine; |
@@ -105,6 +108,8 @@ public class DnsProviderManagerImpl extends ManagerBase implements DnsProviderMa |
105 | 108 | DnsZoneJoinDao dnsZoneJoinDao; |
106 | 109 | @Inject |
107 | 110 | DnsServerJoinDao dnsServerJoinDao; |
| 111 | + @Inject |
| 112 | + AccountDao accountDao; |
108 | 113 |
|
109 | 114 | private DnsProvider getProviderByType(DnsProviderType type) { |
110 | 115 | if (type == null) { |
@@ -194,7 +199,7 @@ public DnsServer updateDnsServer(UpdateDnsServerCmd cmd) { |
194 | 199 | } |
195 | 200 |
|
196 | 201 | Account caller = CallContext.current().getCallingAccount(); |
197 | | - accountMgr.checkAccess(caller, dnsServer); |
| 202 | + accountMgr.checkAccess(caller, null, true, dnsServer); |
198 | 203 |
|
199 | 204 | boolean validationRequired = false; |
200 | 205 | String originalUrl = dnsServer.getUrl(); |
@@ -265,35 +270,55 @@ public boolean deleteDnsServer(DeleteDnsServerCmd cmd) { |
265 | 270 | throw new InvalidParameterValueException(String.format("DNS server with ID: %s not found.", dnsServerId)); |
266 | 271 | } |
267 | 272 | Account caller = CallContext.current().getCallingAccount(); |
268 | | - accountMgr.checkAccess(caller, dnsServer); |
269 | | - if (cmd.getCleanup()) { |
270 | | - // ToDo cleanup associated dnsZones |
271 | | - } |
272 | | - return dnsServerDao.remove(dnsServerId); |
| 273 | + accountMgr.checkAccess(caller, null, true, dnsServer); |
| 274 | + return Transaction.execute((TransactionCallback<Boolean>) status -> { |
| 275 | + if (cmd.getCleanup()) { |
| 276 | + List<DnsZoneVO> dnsZones = dnsZoneDao.findDnsZonesByServerId(dnsServerId); |
| 277 | + for (DnsZoneVO dnsZone : dnsZones) { |
| 278 | + long dnsZoneId = dnsZone.getId(); |
| 279 | + dnsZoneNetworkMapDao.removeNetworkMappingByZoneId(dnsZoneId); |
| 280 | + // ToDo: delete nic_record_urls from vm_details if present before removing dnsZone |
| 281 | + dnsZoneDao.remove(dnsZoneId); |
| 282 | + } |
| 283 | + } |
| 284 | + return dnsServerDao.remove(dnsServerId); |
| 285 | + }); |
273 | 286 | } |
274 | 287 |
|
275 | 288 | @Override |
276 | 289 | @ActionEvent(eventType = EventTypes.EVENT_DNS_ZONE_DELETE, eventDescription = "Deleting DNS Zone") |
277 | 290 | public boolean deleteDnsZone(Long zoneId) { |
278 | | - DnsZoneVO zone = dnsZoneDao.findById(zoneId); |
279 | | - if (zone == null) { |
| 291 | + DnsZoneVO dnsZone = dnsZoneDao.findById(zoneId); |
| 292 | + if (dnsZone == null) { |
280 | 293 | throw new InvalidParameterValueException("DNS zone not found for the given ID."); |
281 | 294 | } |
282 | | - |
| 295 | + String dnsZoneName = dnsZone.getName(); |
283 | 296 | Account caller = CallContext.current().getCallingAccount(); |
284 | | - accountMgr.checkAccess(caller, null, true, zone); |
285 | | - DnsServerVO server = dnsServerDao.findById(zone.getDnsServerId()); |
286 | | - if (server != null && zone.getState() == DnsZone.State.Active) { |
287 | | - try { |
288 | | - DnsProvider provider = getProviderByType(server.getProviderType()); |
289 | | - provider.deleteZone(server, zone); |
290 | | - logger.debug("Deleted DNS zone: {}", zone.getName()); |
291 | | - } catch (Exception ex) { |
292 | | - logger.error("Failed to delete DNS zone from provider", ex); |
293 | | - throw new CloudRuntimeException("Failed to delete DNS zone."); |
294 | | - } |
| 297 | + accountMgr.checkAccess(caller, null, true, dnsZone); |
| 298 | + DnsServerVO server = dnsServerDao.findById(dnsZone.getDnsServerId()); |
| 299 | + if (server == null) { |
| 300 | + throw new CloudRuntimeException(String.format("The DNS server not found for DNS zone: %s", dnsZoneName)); |
295 | 301 | } |
296 | | - return dnsZoneDao.remove(zoneId); |
| 302 | + try { |
| 303 | + DnsProvider provider = getProviderByType(server.getProviderType()); |
| 304 | + provider.deleteZone(server, dnsZone); |
| 305 | + logger.debug("Deleted DNS zone: {} from provider", dnsZoneName); |
| 306 | + } catch (DnsNotFoundException ex) { |
| 307 | + logger.warn("DNS zone: {} is not present in the provider, proceeding with cleanup", dnsZoneName); |
| 308 | + } catch (Exception ex) { |
| 309 | + logger.error("Failed to delete DNS zone from provider", ex); |
| 310 | + throw new CloudRuntimeException(String.format("Failed to delete DNS zone: %s.", dnsZoneName)); |
| 311 | + } |
| 312 | + |
| 313 | + boolean dbResult = Transaction.execute((TransactionCallback<Boolean>) status -> { |
| 314 | + dnsZoneNetworkMapDao.removeNetworkMappingByZoneId(zoneId); |
| 315 | + // ToDo: delete nic_record_urls from vm_details if present before removing dnsZone |
| 316 | + return dnsZoneDao.remove(zoneId); |
| 317 | + }); |
| 318 | + if (!dbResult) { |
| 319 | + logger.error("Failed to remove DNS zone {} from DB after provider deletion", dnsZoneName); |
| 320 | + } |
| 321 | + return dbResult; |
297 | 322 | } |
298 | 323 |
|
299 | 324 | @Override |
@@ -355,7 +380,7 @@ private Pair<List<DnsZoneVO>, Integer> searchForDnsZonesInternal(ListDnsZonesCmd |
355 | 380 | Account caller = CallContext.current().getCallingAccount(); |
356 | 381 | if (cmd.getDnsServerId() != null) { |
357 | 382 | DnsServer dnsServer = dnsServerDao.findById(cmd.getDnsServerId()); |
358 | | - accountMgr.checkAccess(caller, dnsServer); |
| 383 | + accountMgr.checkAccess(caller, null, true, dnsServer); |
359 | 384 | } |
360 | 385 | List<Long> ownDnsServerIds = dnsServerDao.listDnsServerIdsByAccountId(caller.getAccountId()); |
361 | 386 | String keyword = cmd.getKeyword(); |
@@ -538,6 +563,7 @@ DnsServerResponse createDnsServerResponse(DnsServerJoinVO server) { |
538 | 563 | response.setAccountName(server.getAccountName()); |
539 | 564 | response.setDomainId(server.getDomainUuid()); // Note: APIs always return UUIDs, not internal DB IDs! |
540 | 565 | response.setDomainName(server.getDomainName()); |
| 566 | + response.setState(server.getState().name()); |
541 | 567 | response.setObjectName("dnsserver"); |
542 | 568 | return response; |
543 | 569 | } |
@@ -677,6 +703,31 @@ public String processDnsRecordForInstance(VirtualMachine instance, Network netwo |
677 | 703 | return null; |
678 | 704 | } |
679 | 705 |
|
| 706 | + @Override |
| 707 | + public void checkDnsServerPermission(Account caller, DnsServer dnsServer) throws PermissionDeniedException { |
| 708 | + if (caller.getId() == dnsServer.getAccountId()) { |
| 709 | + return; |
| 710 | + } |
| 711 | + if (!dnsServer.getPublicServer()) { |
| 712 | + throw new PermissionDeniedException(caller + "is not allowed to access the DNS server " + dnsServer.getName()); |
| 713 | + } |
| 714 | + Account owner = getAccount(dnsServer.getAccountId()); |
| 715 | + if (!domainDao.isChildDomain(owner.getDomainId(), caller.getDomainId())) { |
| 716 | + throw new PermissionDeniedException(caller + "is not allowed to access the DNS server " + dnsServer.getName()); |
| 717 | + } |
| 718 | + } |
| 719 | + |
| 720 | + @Override |
| 721 | + public void checkDnsZonePermission(Account caller, DnsZone zone) { |
| 722 | + if (caller.getId() != zone.getAccountId()) { |
| 723 | + throw new PermissionDeniedException(caller + "is not allowed to access the DNS Zone " + zone.getName()); |
| 724 | + } |
| 725 | + } |
| 726 | + |
| 727 | + public Account getAccount(long accountId) { |
| 728 | + return accountDao.findByIdIncludingRemoved(accountId); |
| 729 | + } |
| 730 | + |
680 | 731 | @Override |
681 | 732 | public boolean start() { |
682 | 733 | if (dnsProviders == null || dnsProviders.isEmpty()) { |
|
0 commit comments