diff --git a/README_dnssync_perm.md b/README_dnssync_perm.md index e80250de91f4ac31e480acb13fb0fcb1c054d265..500b0a159a9de58bf60423b70be992b8bdf00ef9 100644 --- a/README_dnssync_perm.md +++ b/README_dnssync_perm.md @@ -2,11 +2,22 @@ ## Purpose -By design, the NetBox DNS DNSsync feature does not check DNS permissions when syncing DNS records through an action done in the IPAM. +### Permissions validation on dns_name -The script *dnssync_perm.py* provides partial permission validation for DNSsync, but only when adding or modifying an IP address. +By design, the NetBox DNS DNSsync feature does not check DNS permissions +when syncing DNS records through an action done in the IPAM. +NamePermissionValidator provides partial permission validation for +DNSsync, but only when adding or modifying an IP address. +NB: No permission is checked when deleting an IP address. This is +consistent with the idea that IPAM actions have complete control over +the DNSsync-ed records. + +### Correctness of dns_name + +NameZoneValidator implement a strict policy for dns_name when used with +dns_sync, ensuring that the name is not empty and only contains a +valid zone. -No permission is checked when deleting an IP address This is consistent with the idea that IPAM actions have complete control over the DNSsync-ed records. ## Installation @@ -15,10 +26,10 @@ Copy this script to a "validators" directory into Netbox: mkdir -p /opt/netbox/netbox/validators cp dnssync_perm.py /opt/netbox/netbox/validators/ -Activate the validator by adding the following lines in /opt/netbox/netbox/netbox/configuration.py: +Activate the validators by adding the following lines in /opt/netbox/netbox/netbox/configuration.py: - from validators.dnssync_perm import NamePermissionValidator + from validators.dnssync_perm import NamePermissionValidator, NameZoneValidator, CUSTOM_VALIDATORS = { - "ipam.ipaddress": ( NamePermissionValidator(), ), + "ipam.ipaddress": ( NameZoneValidator(), NamePermissionValidator(), ), }