reword, disable option dry-run not implemented

pan-net-security · Jan 18, 2019 · bbd4cf3 · bbd4cf3
1 parent fb51240
commit bbd4cf3
Show file tree

Hide file tree

Showing 2 changed files with 120 additions and 22 deletions.
diff --git a/README.MD b/README.MD
@@ -29,7 +29,6 @@ optional arguments:
   --ca-cert-file CA_CERT_FILE
                         A file containing root CA(s) for TLS verification
   -d, --debug           increase output verbosity
-  --dry-run             don't make changes, only print
 ```
 
 ## Running
@@ -38,30 +37,127 @@ optional arguments:
 export PDNS_API_KEY="somekey"
 export PDNS_SERVER_URL="https://pdns-api.example.org/"
 pdns-umanager --file tests/test.yaml -d
-2019-01-18 11:15:02,432 main+82:	DEBUG    [8774] PDNS_SERVER_URL: https://pdns-api.example.org/
-2019-01-18 11:15:02,432 main+83:	DEBUG    [8774] PDNS_API_KEY: ****
-2019-01-18 11:15:02,432 main+84:	DEBUG    [8774] CA_CERT_FILE: /etc/ssl/certs/ca-certificates.crt
-2019-01-18 11:15:02,436 main+102:	DEBUG    [8774] Loaded zone content from file
-2019-01-18 11:15:02,436 main+103:	DEBUG    [8774] {'example.org': {'wwww': {'records': ['web.frontend.example.org']}, 'monitoring': {'type': 'cNaMe', 'records': ['web.monitoring.example.org']}, 'hello': {'type': 'A', 'records': ['172.162.3.5', '172.162.3.6']}, 'web': {'type': 'A', 'records': ['']}}}
-2019-01-18 11:15:02,436 config+58:	DEBUG    [8774] Setting up config for PDNSJanitor
-2019-01-18 11:15:02,436 setup_api+230:	DEBUG    [8774] API Host set to 'https://pdns-api.example.org'
-2019-01-18 11:15:02,436 setup_api+234:	DEBUG    [8774] Full URL API set to 'https://pdns-api.example.org/api/v1/servers/localhost/'
-2019-01-18 11:15:02,436 zone_order+69:	DEBUG    [8774] Found the following declared zones:
+2019-01-18 11:25:45,726 main+82:	DEBUG    [8981] PDNS_SERVER_URL: https://pdns-api.example.org/
+2019-01-18 11:25:45,726 main+83:	DEBUG    [8981] PDNS_API_KEY: ****
+2019-01-18 11:25:45,726 main+84:	DEBUG    [8981] CA_CERT_FILE: /etc/ssl/certs/ca-certificates.crt
+2019-01-18 11:25:45,730 main+102:	DEBUG    [8981] Loaded zone content from file
+2019-01-18 11:25:45,730 main+103:	DEBUG    [8981] {'example.org': {'wwww': {'records': ['web.frontend.example.org']}, 'graphs': {'type': 'cNaMe', 'records': ['web.frontend.monitoring.example.org']}, 'hello': {'type': 'A', 'records': ['10.235.2.21', '10.235.2.22']}, 'web': {'type': 'A', 'records': ['']}}, 'it.example.org': {'wwww': {'records': ['web.frontend.it.example.org']}}}
+2019-01-18 11:25:45,731 config+58:	DEBUG    [8981] Setting up config for PDNSJanitor
+2019-01-18 11:25:45,731 setup_api+230:	DEBUG    [8981] API Host set to 'https://pdns-api.example.org'
+2019-01-18 11:25:45,731 setup_api+234:	DEBUG    [8981] Full URL API set to 'https://pdns-api.example.org/api/v1/servers/localhost/'
+2019-01-18 11:25:45,731 zone_order+69:	DEBUG    [8981] Found the following declared zones:
 example.org
-2019-01-18 11:15:02,436 zone_order+75:	DEBUG    [8774] Sorted zones:
+it.example.org
+2019-01-18 11:25:45,731 zone_order+75:	DEBUG    [8981] Sorted zones:
 example.org
-2019-01-18 11:15:02,436 run+81:	INFO     [8774] * ZONE: 'example.org'
-2019-01-18 11:15:02,436 query_zone+193:	DEBUG    [8774] Check if the zone 'example.org.' exists and is readable
-2019-01-18 11:15:02,450 _new_conn+813:	DEBUG    [8774] Starting new HTTPS connection (1): pdns-api.example.org:443
-2019-01-18 11:15:02,698 _make_request+393:	DEBUG    [8774] https://pdns-api.example.org:443 "GET /api/v1/servers/localhost/zones/example.org. HTTP/1.1" 403 None
-2019-01-18 11:15:02,704 query_zone+205:	ERROR    [8774] Unable to read zone 'example.org.'.
-2019-01-18 11:15:02,705 query_zone+207:	INFO     [8774] Not enough rights to list 'example.org.'
-2019-01-18 11:15:02,705 query_zone+208:	DEBUG    [8774] Server returned status '403': 'Not authorized for zone "example.org."!'
-2019-01-18 11:15:02,705 run+90:	WARNING  [8774] Skipping zone 'example.org'...
+it.example.org
+2019-01-18 11:25:45,731 run+81:	INFO     [8981] * ZONE: 'example.org'
+2019-01-18 11:25:45,731 query_zone+193:	DEBUG    [8981] Check if the zone 'example.org.' exists and is readable
+2019-01-18 11:25:45,743 _new_conn+813:	DEBUG    [8981] Starting new HTTPS connection (1): pdns-api.example.org:443
+2019-01-18 11:25:45,995 _make_request+393:	DEBUG    [8981] https://pdns-api.example.org:443 "GET /api/v1/servers/localhost/zones/example.org. HTTP/1.1" 200 1457
+2019-01-18 11:25:46,002 query_zone+202:	DEBUG    [8981] Content of zone 'example.org.: {
+    "account": "",
+    "api_rectify": false,
+    "dnssec": false,
+    "id": "example.org.",
+    "kind": "Master",
+    "last_check": 0,
+    "masters": [],
+    "name": "example.org.",
+    "notified_serial": 2019011848,
+    "nsec3narrow": false,
+    "nsec3param": "",
+    "rrsets": [
+        {
+            "comments": [],
+            "name": "example.org.",
+            "records": [
+                {
+                    "content": "hostmaster.example.org. 0. 2019011848 10800 3600 604800 3600",
+                    "disabled": false
+                }
+            ],
+            "ttl": 3600,
+            "type": "SOA"
+        },
+        {
+            "comments": [],
+            "name": "example.org.",
+            "records": [
+                {
+                    "content": "ns1.example.org.",
+                    "disabled": false
+                },
+                {
+                    "content": "ns2.example.org.",
+                    "disabled": false
+                }
+            ],
+            "ttl": 3600,
+            "type": "NS"
+        }
+    ],
+    "serial": 2019011848,
+    "soa_edit": "",
+    "soa_edit_api": "DEFAULT",
+    "url": "/api/v1/servers/localhost/zones/example.org."
+}
+2019-01-18 11:25:46,002 run+85:	INFO     [8981] Zone 'example.org' exists and is readable
+2019-01-18 11:25:46,002 run+93:	INFO     [8981] Applying updates for zone 'example.org'
+2019-01-18 11:25:46,002 add_record+107:	DEBUG    [8981] RRSET_NAME: wwww
+2019-01-18 11:25:46,002 add_record+115:	WARNING  [8981] Missing 'type' for record 'wwww' in zone 'example.org', using 'CNAME'
+2019-01-18 11:25:46,002 add_record+120:	WARNING  [8981] Missing 'ttl' for record 'wwww' in zone 'example.org', using '150'
+2019-01-18 11:25:46,003 add_record+126:	DEBUG    [8981]  RRSET_TYPE: CNAME
+2019-01-18 11:25:46,003 add_record+127:	DEBUG    [8981]  RRSET_TTL: 150
+2019-01-18 11:25:46,003 add_record+128:	DEBUG    [8981]  RRSET_RECORDS: ['web.frontend.example.org']
+2019-01-18 11:25:46,003 add_record+144:	DEBUG    [8981]  RECORD_PAYLOAD: [{'content': 'web.frontend.example.org.', 'disabled': False, 'set-ptr': False}]
+2019-01-18 11:25:46,003 add_record+158:	DEBUG    [8981] Patching zone 'example.org' with payload {'rrsets': [{'name': 'wwww.example.org.', 'type': 'cname', 'ttl': '150', 'records': [{'content': 'web.frontend.example.org.', 'disabled': False, 'set-ptr': False}], 'changetype': 'REPLACE'}]}
+2019-01-18 11:25:46,006 _new_conn+813:	DEBUG    [8981] Starting new HTTPS connection (1): pdns-api.example.org:443
+2019-01-18 11:25:46,291 _make_request+393:	DEBUG    [8981] https://pdns-api.example.org:443 "PATCH /api/v1/servers/localhost/zones/example.org. HTTP/1.1" 204 0
+2019-01-18 11:25:46,298 add_record+174:	INFO     [8981] OK: Done updating zone 'example.org' with rrset 'wwww'.
+2019-01-18 11:25:46,299 add_record+107:	DEBUG    [8981] RRSET_NAME: graphs
+2019-01-18 11:25:46,299 add_record+120:	WARNING  [8981] Missing 'ttl' for record 'graphs' in zone 'example.org', using '150'
+2019-01-18 11:25:46,299 add_record+126:	DEBUG    [8981]  RRSET_TYPE: cNaMe
+2019-01-18 11:25:46,299 add_record+127:	DEBUG    [8981]  RRSET_TTL: 150
+2019-01-18 11:25:46,300 add_record+128:	DEBUG    [8981]  RRSET_RECORDS: ['web.frontend.monitoring.example.org']
+2019-01-18 11:25:46,302 add_record+144:	DEBUG    [8981]  RECORD_PAYLOAD: [{'content': 'web.frontend.monitoring.example.org.', 'disabled': False, 'set-ptr': False}]
+2019-01-18 11:25:46,302 add_record+158:	DEBUG    [8981] Patching zone 'example.org' with payload {'rrsets': [{'name': 'graphs.example.org.', 'type': 'cname', 'ttl': '150', 'records': [{'content': 'web.frontend.monitoring.example.org.', 'disabled': False, 'set-ptr': False}], 'changetype': 'REPLACE'}]}
+2019-01-18 11:25:46,306 _new_conn+813:	DEBUG    [8981] Starting new HTTPS connection (1): pdns-api.example.org:443
+2019-01-18 11:25:49,602 _make_request+393:	DEBUG    [8981] https://pdns-api.example.org:443 "PATCH /api/v1/servers/localhost/zones/example.org. HTTP/1.1" 204 0
+2019-01-18 11:25:49,605 add_record+174:	INFO     [8981] OK: Done updating zone 'example.org' with rrset 'graphs'.
+2019-01-18 11:25:49,605 add_record+107:	DEBUG    [8981] RRSET_NAME: hello
+2019-01-18 11:25:49,605 add_record+120:	WARNING  [8981] Missing 'ttl' for record 'hello' in zone 'example.org', using '150'
+2019-01-18 11:25:49,605 add_record+126:	DEBUG    [8981]  RRSET_TYPE: A
+2019-01-18 11:25:49,605 add_record+127:	DEBUG    [8981]  RRSET_TTL: 150
+2019-01-18 11:25:49,605 add_record+128:	DEBUG    [8981]  RRSET_RECORDS: ['10.235.2.21', '10.235.2.22']
+2019-01-18 11:25:49,605 add_record+144:	DEBUG    [8981]  RECORD_PAYLOAD: [{'content': '10.235.2.21', 'disabled': False, 'set-ptr': False}, {'content': '10.235.2.22', 'disabled': False, 'set-ptr': False}]
+2019-01-18 11:25:49,605 add_record+158:	DEBUG    [8981] Patching zone 'example.org' with payload {'rrsets': [{'name': 'hello.example.org.', 'type': 'a', 'ttl': '150', 'records': [{'content': '10.235.2.21', 'disabled': False, 'set-ptr': False}, {'content': '10.235.2.22', 'disabled': False, 'set-ptr': False}], 'changetype': 'REPLACE'}]}
+2019-01-18 11:25:49,607 _new_conn+813:	DEBUG    [8981] Starting new HTTPS connection (1): pdns-api.example.org:443
+2019-01-18 11:25:50,758 _make_request+393:	DEBUG    [8981] https://pdns-api.example.org:443 "PATCH /api/v1/servers/localhost/zones/example.org. HTTP/1.1" 204 0
+2019-01-18 11:25:50,764 add_record+174:	INFO     [8981] OK: Done updating zone 'example.org' with rrset 'hello'.
+2019-01-18 11:25:50,764 add_record+107:	DEBUG    [8981] RRSET_NAME: web
+2019-01-18 11:25:50,764 add_record+120:	WARNING  [8981] Missing 'ttl' for record 'web' in zone 'example.org', using '150'
+2019-01-18 11:25:50,764 add_record+126:	DEBUG    [8981]  RRSET_TYPE: A
+2019-01-18 11:25:50,764 add_record+127:	DEBUG    [8981]  RRSET_TTL: 150
+2019-01-18 11:25:50,765 add_record+128:	DEBUG    [8981]  RRSET_RECORDS: ['']
+2019-01-18 11:25:50,765 add_record+144:	DEBUG    [8981]  RECORD_PAYLOAD: []
+2019-01-18 11:25:50,765 add_record+158:	DEBUG    [8981] Patching zone 'example.org' with payload {'rrsets': [{'name': 'web.example.org.', 'type': 'a', 'ttl': '150', 'records': [], 'changetype': 'REPLACE'}]}
+2019-01-18 11:25:50,767 _new_conn+813:	DEBUG    [8981] Starting new HTTPS connection (1): pdns-api.example.org:443
+2019-01-18 11:25:51,069 _make_request+393:	DEBUG    [8981] https://pdns-api.example.org:443 "PATCH /api/v1/servers/localhost/zones/example.org. HTTP/1.1" 204 0
+2019-01-18 11:25:51,072 add_record+174:	INFO     [8981] OK: Done updating zone 'example.org' with rrset 'web'.
+2019-01-18 11:25:51,072 run+81:	INFO     [8981] * ZONE: 'it.example.org'
+2019-01-18 11:25:51,072 query_zone+193:	DEBUG    [8981] Check if the zone 'it.example.org.' exists and is readable
+2019-01-18 11:25:51,074 _new_conn+813:	DEBUG    [8981] Starting new HTTPS connection (1): pdns-api.example.org:443
+2019-01-18 11:25:51,346 _make_request+393:	DEBUG    [8981] https://pdns-api.example.org:443 "GET /api/v1/servers/localhost/zones/it.example.org. HTTP/1.1" 403 None
+2019-01-18 11:25:51,352 query_zone+205:	ERROR    [8981] Unable to read zone 'it.example.org.'.
+2019-01-18 11:25:51,352 query_zone+207:	INFO     [8981] Not enough rights to list 'it.example.org.'
+2019-01-18 11:25:51,352 query_zone+208:	DEBUG    [8981] Server returned status '403': 'Not authorized for zone "it.example.org."!'
+2019-01-18 11:25:51,352 run+90:	WARNING  [8981] Skipping zone 'it.example.org'...
 ```
 
-## File format - yaml
+## File Examples
 
+Files must be in yaml format. Here is an example with inline comments on what to expect.
 ```
 
 # the data structure should be read as:

diff --git a/pdnsumanager/pdnsumanager.py b/pdnsumanager/pdnsumanager.py
@@ -55,8 +55,10 @@ def main():
 
     parser.add_argument("-d", "--debug", help="increase output verbosity",
                         action="store_true")
-    parser.add_argument("--dry-run", help="don't make changes, only print",
-                        action="store_true")
+
+    # TODO.
+    # parser.add_argument("--dry-run", help="don't make changes, only print",
+    #                     action="store_true")
 
     args = parser.parse_args()
     config = vars(args)