From 1bf803b4a9aece29e21db85c6be3b3a9f43fd7e0 Mon Sep 17 00:00:00 2001 From: Jean Benoit <jean@unistra.fr> Date: Sun, 9 Mar 2025 19:16:12 +0000 Subject: [PATCH] document second validator --- README_dnssync_perm.md | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/README_dnssync_perm.md b/README_dnssync_perm.md index e80250d..500b0a1 100644 --- a/README_dnssync_perm.md +++ b/README_dnssync_perm.md @@ -2,11 +2,22 @@ ## Purpose -By design, the NetBox DNS DNSsync feature does not check DNS permissions when syncing DNS records through an action done in the IPAM. +### Permissions validation on dns_name -The script *dnssync_perm.py* provides partial permission validation for DNSsync, but only when adding or modifying an IP address. +By design, the NetBox DNS DNSsync feature does not check DNS permissions +when syncing DNS records through an action done in the IPAM. +NamePermissionValidator provides partial permission validation for +DNSsync, but only when adding or modifying an IP address. +NB: No permission is checked when deleting an IP address. This is +consistent with the idea that IPAM actions have complete control over +the DNSsync-ed records. + +### Correctness of dns_name + +NameZoneValidator implement a strict policy for dns_name when used with +dns_sync, ensuring that the name is not empty and only contains a +valid zone. -No permission is checked when deleting an IP address This is consistent with the idea that IPAM actions have complete control over the DNSsync-ed records. ## Installation @@ -15,10 +26,10 @@ Copy this script to a "validators" directory into Netbox: mkdir -p /opt/netbox/netbox/validators cp dnssync_perm.py /opt/netbox/netbox/validators/ -Activate the validator by adding the following lines in /opt/netbox/netbox/netbox/configuration.py: +Activate the validators by adding the following lines in /opt/netbox/netbox/netbox/configuration.py: - from validators.dnssync_perm import NamePermissionValidator + from validators.dnssync_perm import NamePermissionValidator, NameZoneValidator, CUSTOM_VALIDATORS = { - "ipam.ipaddress": ( NamePermissionValidator(), ), + "ipam.ipaddress": ( NameZoneValidator(), NamePermissionValidator(), ), } -- GitLab