diff options
| author | Michael Johnson <johnsomor@gmail.com> | 2023-03-31 20:57:56 +0000 |
|---|---|---|
| committer | Michael Johnson <johnsomor@gmail.com> | 2023-03-31 21:02:24 +0000 |
| commit | edcd2e09989852da94dd1333fcab0eab244d09d7 (patch) | |
| tree | 47ec8ead27cfd4f8b96bf1f72b2caa38f862de93 | |
| parent | 15fcba15e80a47b9c43518e35d127e675d5c3f42 (diff) | |
| download | designate-edcd2e09989852da94dd1333fcab0eab244d09d7.tar.gz | |
Fix sharing a zone with the zone owner
There was a bug that allowed users to create a zone share with the zone
owner. This would then cause issues deleting the zone share as the zone
owner owns the NS and SOA recordsets in the zone.
This patch raises a BadRequest if the user attempts to create a zone
share for the zone owner.
Closes-Bug: #2011585
Change-Id: I1b56c492436821f650d1ba669614d92595d2f476
| -rw-r--r-- | designate/central/service.py | 4 | ||||
| -rw-r--r-- | designate/tests/test_central/test_service.py | 11 | ||||
| -rw-r--r-- | releasenotes/notes/Fix-share-zone-with-zone-owner-31a20c57a65c0cc4.yaml | 4 |
3 files changed, 19 insertions, 0 deletions
diff --git a/designate/central/service.py b/designate/central/service.py index fa7be5f3..1a87db73 100644 --- a/designate/central/service.py +++ b/designate/central/service.py @@ -1209,6 +1209,10 @@ class Service(service.RPCService): policy.check('share_zone', context, target) + if zone.tenant_id == shared_zone.target_project_id: + raise exceptions.BadRequest( + 'Cannot share the zone with the zone owner.') + shared_zone['project_id'] = context.project_id shared_zone['zone_id'] = zone_id diff --git a/designate/tests/test_central/test_service.py b/designate/tests/test_central/test_service.py index 641bac7b..e2d98028 100644 --- a/designate/tests/test_central/test_service.py +++ b/designate/tests/test_central/test_service.py @@ -3795,6 +3795,17 @@ class CentralServiceTest(CentralTestCase): self.assertEqual(context.project_id, shared_zone.project_id) self.assertEqual(zone.id, shared_zone.zone_id) + def test_share_zone_with_zone_owner(self): + # Create a Shared Zone + context = self.get_context(project_id='1') + zone = self.create_zone(context=context) + exc = self.assertRaises( + rpc_dispatcher.ExpectedException, self.share_zone, + context=context, zone_id=zone.id, + target_project_id=zone.tenant_id) + + self.assertEqual(exceptions.BadRequest, exc.exc_info[0]) + def test_unshare_zone(self): context = self.get_context(project_id='1') zone = self.create_zone(context=context) diff --git a/releasenotes/notes/Fix-share-zone-with-zone-owner-31a20c57a65c0cc4.yaml b/releasenotes/notes/Fix-share-zone-with-zone-owner-31a20c57a65c0cc4.yaml new file mode 100644 index 00000000..8ddebaa6 --- /dev/null +++ b/releasenotes/notes/Fix-share-zone-with-zone-owner-31a20c57a65c0cc4.yaml @@ -0,0 +1,4 @@ +--- +fixes: + - | + Fixed a bug that allowed users to create a zone share for the zone owner. |