| Commit message (Collapse) | Author | Age | Files | Lines |
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
If the record status changes during the removal process,
the current implementation will fail.
Change-Id: I02b5d7499440154160c89ed63a2f70652fe72145
(cherry picked from commit b3161ece234b5e2ee7658060aaa936af625bef38)
|
|/
|
|
|
|
|
|
|
| |
If the record status changes during the removal process,
the current implementation will fail.
Closes-Bug: 2015762
Change-Id: Iebe609e5f365d03e99f2a4580671175b4642763c
(cherry picked from commit 2cb42ac9f6e5273ad64e697919b62e029466078f)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The backend_url option can sometimes contain secrets.
For example when redis coordination backend is used and authentication
is enabled in redis, the plain redis password is put as an URL element.
[coordination]
backend_url=redis://:password@127.0.0.1:6379
Closes-Bug: #2012246
Change-Id: I0ee95fc56130e51bf5c799d252e79a469492b7db
(cherry picked from commit 541395c42414c40d105ce206e2f200456bbc375f)
(cherry picked from commit bda31ec62c3eaa7fcdd25d69f97742744debf915)
(cherry picked from commit be775801e33313305b5d90dca10bae166e6938c8)
(cherry picked from commit f1981d057f08f9229eba2e8191dc06b22be1cffd)
|
|
|
|
|
|
|
|
| |
B309 was removed with this patch and breaks the CI.
https://github.com/PyCQA/bandit/commit/130a467434ff6b8f9bbd83100e409bc1fcb6f407
Change-Id: I15864a76c8913f151154e2398ae86aea71883498
(cherry picked from commit 758956d5b9321c72d63cbf3d8a1987d5dc6e6bb3)
|
|
|
|
|
|
|
|
|
|
| |
Since Devstack is dropping CentOS 8 Stream[1], we need to move our jobs over to CentOS 9 Stream.
Now that there is a "devstack-single-node-centos-9-stream" nodeset we can remove our local
CentOS 9 Stream nodeset.
[1] http://lists.openstack.org/pipermail/openstack-discuss/2022-April/028321.html
Change-Id: I1c8dfec7bd2b5f80b12d7229e47ef8ff70bd283b
|
|
|
|
|
|
|
|
|
| |
We are currently failing with module 'dns' has no
attribute 'resolver'.
Closes-Bug: #2006537
Change-Id: I31a1b1892a7112018b1261f956f51ed4eaa7cfb9
(cherry picked from commit 5cd63481c68ca5d2c8764a93dee5cbb8b45ecf63)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With this it can be reused by the other designate repos and we can
reduce the replication everywhere.
Conflicts:
.zuul.yaml
Change-Id: I1fe73145e4a4699939244bc857600efa264f2340
(cherry picked from commit c907cfa1e68249c21e8cad9f58ff3dc3d9cea6df)
(cherry picked from commit 96d788c6733b3e3f78fab96ebc5e0aae2203842a)
(cherry picked from commit 5f921b78896e68e473ab0c139d534f02a4105840)
|
|\
| |
| |
| | |
into stable/xena
|
| |
| |
| |
| |
| |
| | |
Closes-Bug: #1977826
Change-Id: I81a4883fd48653c3b0d60ac07210fc0de55ac12a
(cherry picked from commit 42dac06e0cdef9eccabc7085d0ff9da47563b318)
|
|/
|
|
|
|
|
|
|
|
| |
When Designate is configured to use Redis for coordination over a TLS connection, it will fail to connect with "ssl.SSLError: ('timed out',)".
This is caused by eventlet raising ssl.SSLError instead of the expected socket timeout the core libraries return.
This patch monkey-patches eventlet to return the proper exception.
Closes-Bug: #1989020
Change-Id: I5bd1c10d863212683752e05bb450e6f531ff7e72
(cherry picked from commit 93dee6a3ff44fb7470b3008e8fbbaf99822bbe82)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes a bug where adding an additional pool to designate using the "designate-manage pool update" command may fail with an exception:
designate.exceptions.MissingProjectID: A project ID must be specified when not using a project scoped token.
There was an extra check added as part of the scoped token work that a project ID must be provided when creating pools. This was incorrect as pools are still valid with a None project ID as they are a system resource and not tied to a specific project.
This patch removes that check, but retains the RBAC check for and "admin" token.
Closes-Bug: #1986733
Change-Id: I7345d7ef505420767209ba037e3c8930a282d03f
(cherry picked from commit a03c4657c2bf957fef035807ef7df732f7a1c994)
|
|
|
|
|
|
|
|
|
|
|
| |
According to IETF https://tools.ietf.org/html/rfc2181#section-8 the
definition of the ttl value is unsigned and can have a minimum
value of 0. This path changes the minimum value of 1 to allow for
0 in recordset creats and updates. Unit test have also been modified
accordingly.
Closes-Bug: #1926429
Change-Id: I9b08e25a007bea598442da377dc227538f6e35f7
|
|
|
|
|
|
|
|
| |
Due to parallel development paths, the release note added for the fixes to
the secure-RBAC patches implied it was adding a new feature when in fact the
feature already existed.
Change-Id: Ia9a904403a2336cc9cd4645d918fc0ff64d5e871
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch defines the situation where the import_zone exception handler
produces the message 'An undefined error occurred' to the exception during
the zone import where an underlying exception occurred from the rpc
dispatcher at the same time as a duplicate zone exception. Kiall Mac Innes
explains this in
https://opendev.org/openstack/designate/commit/2c9460505d07d0e46765a552b637e5a3296b667b
the problem here is in the way the _import_zone was written where
https://github.com/openstack/designate/commit/9b809a11b3068552274340606eb76d2217411b85
was written with threading.local, so it only works if it stays within the same
thread. Since _import_zone is created on a separate thread, the necessity to add
the decorator @rpc_expected_exceptions() at the top.
Closes-bug: #1950118
Closes-bug: #1964323
Change-Id: If7d50cbd4fa0ce86e0ddf03068da36acd7d72cb4
(cherry picked from commit d705c5d6b861f319096afdd3ad50a2100651b064)
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
According to ITEF https://tools.ietf.org/html/rfc2181#section-8
the definition of the ttl value is unsigned integer and can have a
minimum value of 0. This patch changes the minimum value of 1 to allow
for 0. Unit test have also been modified accordingly.
Closes-Bug: #1926429
Change-Id: I7876b4c1e2c800b654ca750211ee2e58f3ea4309
(cherry picked from commit 6ac659d241c65c245d8a090768ac7559c32a13f1)
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This fixes a race-condition when creating multiple PTR records
under the same zone. There is a brief window when creating two
identical zones can cause an error. This adds a fallback that
should prevent the error.
I also added a threaded test that caught multiple additional
bugs in this code.
- Wrong find_recordset used caused the wrong exception to be thrown.
- The transaction workflow would break error handling.
Change-Id: Ia1194ab838c52d5d91cb1d26c4556c73b4f3a745
(cherry picked from commit 0c7d218ba103e8260322e40f76a49a8c92556bfe)
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
There is a case when creating a floating IP could return a 404 error instead of the expected floating IP payload.
This fix is extracted from a non-backportable fix that was applied on yoga a newer branches[1].
[1] https://review.opendev.org/c/openstack/designate/+/830549
Change-Id: I53c2a0faf93be19eca259100fe6c3961ef4e7938
|
|\ \
| | |
| | |
| | | |
into stable/xena
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This patch allows for +subaddress to be used for the local part of mail urls
used for CAA records. While there are more characters allowed in email
addresses, using subadresses for incoming email to role accounts is quite
common.
Closes-Bug: 1958533
Change-Id: Id265fa1dfa5c0703d8e95b5de1334d4ca716fbc0
(cherry picked from commit 1cef20edbc462fab75a919fc0de796c2d6edb30b)
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This patch fixes an issue were deleting a zone transfer request with a scoped
token may fail.
Change-Id: I4522796ac056630c63798830e8f8d92628f14a37
(cherry picked from commit 6f847aeb5a309eb6e70dee58057fef01886573f6)
(cherry picked from commit 276a9fbe89f84dd43ed0495a5445eb9fd4cc56ef)
|
|\ \ \ \ |
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | | |
This patch fixes a typo in the deprecated reason string variable
name.
Change-Id: I06cf5b5cbe5544327e30971115f3bf98214293f6
|
|\ \ \ \ |
|
| |/ / /
| | | |
| | | |
| | | |
| | | | |
Change-Id: I38efa22bb8b0de6fd9a70339e8044fea70080004
(cherry picked from commit 291558c380232b726be0253fdee1f88902522beb)
|
|\ \ \ \ |
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When a new Bind9 is added to the pool, Designate will trigger 'modzone'
rndc command that will fail, unless zone is already present on the backend.
This change will first verify that the zone is present on the backend,
before an update attempt. If zone is not present - zone creation will be
triggered.
Closes-Bug: 1958409
Co-authored-by: Kiran Pawar <kinpaa@gmail.com>
Change-Id: I782bf38a68f24a2e7133ff2afad7c96e2ae6b7f0
(cherry picked from commit 66cc876eadd9a4ded3afa35aed675c15c60f149d)
|
|\ \ \ \ |
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Correct some grammatical issues and harmonize the responses
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Ib45eae335160d53bb25e3745fcbe451bffa2cc31
(cherry picked from commit 296a5adaf95a221b985c026899662a611d936895)
|
|\ \ \ \ |
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This patch adds a message to OverQuota containing information
on the actual quota reached and fixes a minor visual bug
with QuotaResourceUnknown.
Change-Id: Ibd01f6ad3046ca29eec02032e9115183f89a6a4b
(cherry picked from commit 907a029625a7f95369ca5a2f5173efefdb04d28f)
|
|\ \ \ \ |
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Updated the PTR (floating ips) code to behave closer to how we handle
this type of operations in designate.api.v2. This should resolve
some issues (e.g. race conditions) with the older floating ips code.
Additional changes.
- Fixed minor typos in documentation.
- Updated wording where it makes sense to use project instead of tenant.
Change-Id: I897d7da185c2dd246b80d1a598e9e8a5c667304e
(cherry picked from commit 7ec7adc44a9914ad9492014ca0edec2341fb5de0)
|
|\ \ \ \ |
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Created a new generic send_dns_msg that properly handles
both ip and hostnames and fully supports ipv4 and ipv6.
Also, moved all usage of dns.query.tcp/udp to a central
location.
Change-Id: I403ed6716b3ceffa1910269adf0e352f75e9dd5b
(cherry picked from commit acd930d3429aa30bea449f5fc7246581b0d2eb25)
|
|\ \ \ \
| | | | |
| | | | |
| | | | | |
stable/xena
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
Closes-Bug: #1960764
Change-Id: Ib91e49081855e5f4ec9f46a060d1587dcfeaac29
(cherry picked from commit 7e543c2d22516254cbaab111e9dad87a408ab80d)
|
|\ \ \ \ |
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Removed unnecessarily complex threading code.
Change-Id: If00b37e72dabd1bc66a78d9a832c3847c12f6692
(cherry picked from commit eed5042c41f8cd557dd3b53b28e17d520178af64)
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This patch addresses a few problems with the manage
command for pools and NS records.
- Fixed an issue where having multiple NS records
would break the pool command.
- Fixed a scenario where manually (non-managed) NS
records could break the pool command.
- Fixed a potential edge case that could break the
pool command.
The biggest change is that we now only manage the NS
record for the zone itself. This was always the case,
but because we didn't check for this specifically,
other NS records would conflict with the command.
Change-Id: I4e6ea0b6b717d2a1b5cc420874d1bb8fb290e04b
(cherry picked from commit bff3d5f6e31fe595a77143ec4ac779c187bf72a8)
|
|\ \ \
| |/ /
|/| | |
|
| |/
| |
| |
| |
| |
| |
| |
| | |
This adds a check to validate if we need to
keep retrying the current action.
Change-Id: I4b2991499f33e65790388aea902a8b3e6023eb4e
(cherry picked from commit dc45a03563bc075242b4d27dfbc6d340166c1c0c)
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch is the base patch to enable support for Keystone
scoped tokens[1] and default roles[2] in the Designate API.
It also migrates to using project_id in the context objects instead of
the deprecated tenant_id.
[1] https://docs.openstack.org/keystone/latest/admin/tokens-overview.html#authorization-scopes
[2] https://docs.openstack.org/keystone/latest/admin/service-api-protection.html
Depends-On: https://review.opendev.org/c/openstack/designate-tempest-plugin/+/821632
Change-Id: I43bb76dc4dc1d167d86fd5ea139a50f95f3b0b4a
(cherry picked from commit 5f87d207b448ec4e24988af5671c3b3593b13804)
|
|\ \
| |/
|/| |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Adds new field check method DenyListFields to validate
the pattern string. in addition, check for a zero
length string as well.
Closes-Bug: #1934252
Change-Id: I2b69025fc11125bb73a4e0f8c0dedad951399cbf
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Zuul is changing how queues are declared[1]. This patch updates Designate for the new way to define the queue.
[1] https://lists.zuul-ci.org/pipermail/zuul-discuss/2022-May/001801.html
Change-Id: I94324104a7ed89e757d48bb250d8b1132026ce46
(cherry picked from commit fe9fb45c21a7be2f88600e1f29fd37f56244cc1a)
|