Fix the child search logic during zone deletion.

This patch uses elevated context to look up the child zones when a (parent) zone is deleted. If policy allows deleting a zone with non-admin role - the search will not find the child zones in another tenant and therefore parent zone gets deleted. Change-Id: Id1a8228f287a8f8e02462017cd062607ff4bebf8 Closes-Bug: 1809906
author: Dmitry Galkin <galkindmitrii@gmail.com> 2018-12-27 15:11:16 +0000
committer: Erik Olof Gunnar Andersson <eandersson@blizzard.com> 2019-01-04 19:02:03 +0000
commit: 9a20caa33682bafdb71398665974e7fa32dfb75d (patch)
tree: 059e67697834cec757ef1ec851d88d547602ec39
parent: b8270738802db64d3b7220125d95c745e2d00954 (diff)
download: designate-9a20caa33682bafdb71398665974e7fa32dfb75d.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/designate/central/service.py b/designate/central/service.py
index 3407a1c0..ec249018 100644
--- a/designate/central/service.py
+++ b/designate/central/service.py
@@ -1094,7 +1094,9 @@ class Service(service.RPCService, service.Service):
         # Prevent deletion of a zone which has child zones
         criterion = {'parent_zone_id': zone_id}
 
-        if self.storage.count_zones(context, criterion) > 0:
+        # Look for child zones across all tenants with elevated context
+        if self.storage.count_zones(context.elevated(all_tenants=True),
+                                    criterion) > 0:
             raise exceptions.ZoneHasSubZone('Please delete any subzones '
                                             'before deleting this zone')
author	Dmitry Galkin <galkindmitrii@gmail.com>	2018-12-27 15:11:16 +0000
committer	Erik Olof Gunnar Andersson <eandersson@blizzard.com>	2019-01-04 19:02:03 +0000
commit	9a20caa33682bafdb71398665974e7fa32dfb75d (patch)
tree	059e67697834cec757ef1ec851d88d547602ec39
parent	b8270738802db64d3b7220125d95c745e2d00954 (diff)
download	designate-9a20caa33682bafdb71398665974e7fa32dfb75d.tar.gz