fix: reject snapshot when template already attached (409); handle domains-load error; drop orphaned useDeleteDomain

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-07-05 12:54:52 +07:00
parent 137113cbe6
commit 9f0938daea
5 changed files with 80 additions and 17 deletions
+10
View File
@@ -114,6 +114,16 @@ func (a *API) handleTemplateFromZone(w http.ResponseWriter, r *http.Request) {
writeErr(w, http.StatusNotFound, "домен не найден")
return
}
// This endpoint only makes sense for a domain with no template attached
// yet — it snapshots the zone's live state into a brand-new template.
// If a template is already bound, re-attaching a fresh snapshot would
// silently orphan the existing one; re-pointing a domain to a different
// template is a separate, explicit action and must not happen as a side
// effect of a retried/duplicate POST here.
if dom.TemplateID != nil {
writeErr(w, http.StatusConflict, "шаблон уже привязан")
return
}
recs, err := a.Svc.ZoneRecords(r.Context(), pid, did)
if err != nil {
log.Printf("api: template-from-zone: zone records failed: %v", err)
+29
View File
@@ -689,6 +689,35 @@ func TestTemplateFromZone_SnapshotsManagedRecordsOnlyAndAttaches(t *testing.T) {
}
}
// TestTemplateFromZone_AlreadyAttachedReturns409 covers the guard against
// re-snapshotting a domain that already has a template bound: a direct
// POST (e.g. curl or a client retry) must not silently create a new
// template and re-point the domain, orphaning the previously attached one.
func TestTemplateFromZone_AlreadyAttachedReturns409(t *testing.T) {
a, ts := newTenantTestAPI()
domID := uuid.New()
existingTemplateID := uuid.New()
ts.domains = []store.Domain{{ID: domID, ZoneName: "example.com", ZoneID: "z1", TemplateID: &existingTemplateID}}
a.Svc = &mockCheckApplier{zoneRecords: []model.Record{
{Type: model.A, Name: "a.example.com.", TTL: 300, Values: []string{"1.1.1.1"}},
}}
router := NewRouter(a)
req := requestWithSessionCookie(http.MethodPost, "/api/v1/projects/"+testPID+"/domains/"+domID.String()+"/template-from-zone", nil)
w := httptest.NewRecorder()
router.ServeHTTP(w, req)
if w.Code != http.StatusConflict {
t.Fatalf("status %d body %s", w.Code, w.Body.String())
}
if ts.createTemplate != nil {
t.Fatalf("expected CreateTemplate NOT to be called, got %+v", ts.createTemplate)
}
if ts.domains[0].TemplateID == nil || *ts.domains[0].TemplateID != existingTemplateID {
t.Fatalf("expected existing template binding untouched, got %+v", ts.domains[0].TemplateID)
}
}
// TestZoneRecords_ProviderErrorReturns502 covers the provider-failure path:
// an error wrapping service.ErrProviderUnavailable (i.e. GetRecords itself
// failed) must surface as 502 (bad gateway), not a generic 500 or 404.