diff options
author | Dmitry Galkin <galkindmitrii@gmail.com> | 2018-12-27 15:11:16 +0000 |
---|---|---|
committer | Erik Olof Gunnar Andersson <eandersson@blizzard.com> | 2019-01-04 19:02:03 +0000 |
commit | 9a20caa33682bafdb71398665974e7fa32dfb75d (patch) | |
tree | 059e67697834cec757ef1ec851d88d547602ec39 | |
parent | b8270738802db64d3b7220125d95c745e2d00954 (diff) | |
download | designate-9a20caa33682bafdb71398665974e7fa32dfb75d.tar.gz |
Fix the child search logic during zone deletion.
This patch uses elevated context to look up the child zones
when a (parent) zone is deleted. If policy allows deleting a
zone with non-admin role - the search will not find the child
zones in another tenant and therefore parent zone gets deleted.
Change-Id: Id1a8228f287a8f8e02462017cd062607ff4bebf8
Closes-Bug: 1809906
-rw-r--r-- | designate/central/service.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/designate/central/service.py b/designate/central/service.py index 3407a1c0..ec249018 100644 --- a/designate/central/service.py +++ b/designate/central/service.py @@ -1094,7 +1094,9 @@ class Service(service.RPCService, service.Service): # Prevent deletion of a zone which has child zones criterion = {'parent_zone_id': zone_id} - if self.storage.count_zones(context, criterion) > 0: + # Look for child zones across all tenants with elevated context + if self.storage.count_zones(context.elevated(all_tenants=True), + criterion) > 0: raise exceptions.ZoneHasSubZone('Please delete any subzones ' 'before deleting this zone') |