This PS will help project avoid pep8 some issues for *.rst in whole project. Co-authored-By: Hoang Trung Hieu <hieuht@vn.fujitsu.com> Change-Id: I7a01863b1aa0bcf999be6e6e2261ab35530c196a
2.9 KiB
Blacklisting Domain Names
Zone and recordset names can be blacklisted in Designate, disallowing the creation of certain names, specified by regular expressions.
The simple use case here could be "I don't want anyone to be able to
create anything with mycompany.com.
in it!", or maybe
disallowing subzones on a certain zone. Or simply disallowing the
creation of a single zone, like google.com.
.
If wanted to blacklist example.com.
and all of it's
subdomains, we could make the following API calls.
POST /v2/blacklists/ HTTP/1.1
Accept: application/json
Content-Type: application/json
{
"pattern" : "^([A-Za-z0-9_\\-]+\\.)*example\\.com\\.$",
"description" : "This blacklists \*.example.com."
}
Response:
HTTP/1.1 201 CREATED
Content-Type: application/json; charset=UTF-8
X-Openstack-Request-Id: req-bfcd0723-624c-4ec2-bbd5-99e985efe8db
{
"description": "This blacklists \*.example.com.",
"links": {
"self": "http://127.0.0.1:9001/v2/blacklists/af91edb5-ede8-453f-af13-feabdd088f9c"
},
"pattern": "^([A-Za-z0-9_\\-]+\\.)*example\\.com\\.$",
"created_at": "2016-05-20 06:15:42",
"updated_at": null,
"id": "af91edb5-ede8-453f-af13-feabdd088f9c"
}
Now, if someone were to try and create foo.example.com.
,
or example.com.
they would encounter an error:
HTTP/1.1 400 BAD REQUEST
Content-Type: application/json
X-Openstack-Request-Id: req-b7be7770-ec4f-4573-b4db-70f95475f691
{
"message": "Blacklisted zone name",
"code": 400,
"type": "invalid_zone_name",
"request_id": "req-b7be7770-ec4f-4573-b4db-70f95475f691"
}
Blacklists can be deleted, just like an other resource in the API,
DELETE /v2/blacklists/<id>
.
Regular Expressions
The regular expressions used here can be a bit difficult to wrap your mind around at first. Try using a tool like https://www.debuggex.com/
It's important to note that the regular expressions we enter are similar to Python regular expressions, but we need to escape certain characters when we make HTTP calls.
This means that if you wanted to debug this regex:
^([A-Za-z0-9_\\-]+\\.)*example\\.com\\.$
you're really working with this regex:
^([A-Za-z0-9_\\-]+\.)*example\.com\.$