Difference between revisions of "Designate/Blueprints/Blacklist API"

Revision as of 17:11, 18 November 2013

Overview

This blueprint proposes to provide an admin-only API call to dynamically manage blacklisted domains.

Blacklisted domains are domains that Designate will prevent from being used at the TLD level. It does not prevent them from being used as lower level domains. For instance, if google.com is blacklisted, then that would effectively stop someone trying to add the domain www.google.com. However, it would not prohibit google.com.au, so that domain would need to be blacklisted separately, if desired.

Currently, the list of blacklisted domains resides in the .config file. Designate must be restarted before any changes to the .config file take place. One possible solution to this could be to make the .config file reloadable without restarting the Designate service. However, there are only limited Operations personnel who have access to the .config file, and while blacklisted domains are not normally added or changed often, when it is needed, it needs to be done quickly. Providing an API call would allow support personnel to be given admin rights to this API call so that they can effectively make the change in a timely manner, without trying to find the one or two people who can change the .config file.

To implement this management capability, a new API call will be created, along with a new database table to store the blacklisted domains, and they will no longer be in the .config file.

API Resource

One new resource, blacklist will be exposed as part of the Designate API. The blacklist resource will allow authorized users to create a new blacklisted domain.

The blacklist resource provides the following data:

• id – A system-defined UUID assigned to the blacklisted domain when it is created for the first time (required)
• name – The name of the blacklisted domain (required)
• created_at – Timestamp the blacklisted domain was created (required)
• updated_at – Timestamp the blacklisted domain was updated (can be null)
• description – UTF-8 text field (optional)

API Details: Create / List / Delete Instance

Get Blacklisted Domains (GET)

When no id is specified all blacklisted domains are returned. If a domain is specified in the URL, then only that specific blacklisted domain is returned.

There is no request message body in either case.

Response

   {
       “blacklist”: [
           {
               “id”: "2e32e609-3a4f-45ba-bdef-e50eacd345ad",
               “name”: “google.com”,
               "created_at": "2012-11-02T19:56:26.000000",      
               "updated_at": null
               “description”: null
           },
           {
               “id”: "2e32e609-3a4f-45ba-bdef-e50eacd34521",
               “name”: “rackspace.com”,
               “created_at”: “2012-11-02T19:56:26.000000",      
               “updated_at”: null
               “description”: null
             }
         ]
   }

Create a Blacklisted Domain (POST)

When creating a blacklisted domain, the caller must supply a domain name.

Request

   {
       “blacklist”: {
           “name”: “google.com.”
       }
    }

Response

   {
       “blacklist”: {
           {
              “id”: "2e32e609-3a4f-45ba-bdef-e50eacd345ad",
              “name”: “google.com”,
              "created_at": "2012-11-02T19:56:26.000000",      
              "updated_at": null,
              “description”: null
           }
       }
   }

Update a Blacklisted Domain (PUT)

No operation. An call is not needed to update a single blacklisted domain. The user would delete the domain they did not want to be blacklisted and add a new one, if desired.

Delete a Blacklisted Domain (DELETE)

When deleting a blacklisted domain, the user must supply the id in the url. The request body is empty. The return body is empty.

Database Schema

A new table will be created in the Designate database: blacklist, which will store the blacklisted domain name, along with other data.