summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Merge "Use ids when removing ptr records" into stable/xenastable/xenaZuul2023-04-201-9/+17
|\
| * Use ids when removing ptr recordsErik Olof Gunnar Andersson2023-04-131-9/+17
| | | | | | | | | | | | | | | | If the record status changes during the removal process, the current implementation will fail. Change-Id: I02b5d7499440154160c89ed63a2f70652fe72145 (cherry picked from commit b3161ece234b5e2ee7658060aaa936af625bef38)
* | Use ids when removing sink managed recordsErik Olof Gunnar Andersson2023-04-133-13/+111
|/ | | | | | | | | If the record status changes during the removal process, the current implementation will fail. Closes-Bug: 2015762 Change-Id: Iebe609e5f365d03e99f2a4580671175b4642763c (cherry picked from commit 2cb42ac9f6e5273ad64e697919b62e029466078f)
* [coordination] backend_url should be secretTakashi Kajinami2023-03-211-0/+1
| | | | | | | | | | | | | | | | | The backend_url option can sometimes contain secrets. For example when redis coordination backend is used and authentication is enabled in redis, the plain redis password is put as an URL element. [coordination] backend_url=redis://:password@127.0.0.1:6379 Closes-Bug: #2012246 Change-Id: I0ee95fc56130e51bf5c799d252e79a469492b7db (cherry picked from commit 541395c42414c40d105ce206e2f200456bbc375f) (cherry picked from commit bda31ec62c3eaa7fcdd25d69f97742744debf915) (cherry picked from commit be775801e33313305b5d90dca10bae166e6938c8) (cherry picked from commit f1981d057f08f9229eba2e8191dc06b22be1cffd)
* Removed unsupported test B309 from banditErik Olof Gunnar Andersson2023-03-151-1/+1
| | | | | | | | B309 was removed with this patch and breaks the CI. https://github.com/PyCQA/bandit/commit/130a467434ff6b8f9bbd83100e409bc1fcb6f407 Change-Id: I15864a76c8913f151154e2398ae86aea71883498 (cherry picked from commit 758956d5b9321c72d63cbf3d8a1987d5dc6e6bb3)
* Switch CentOS jobs over to CentOS 9 StreamMichael Johnson2023-02-201-4/+11
| | | | | | | | | | Since Devstack is dropping CentOS 8 Stream[1], we need to move our jobs over to CentOS 9 Stream. Now that there is a "devstack-single-node-centos-9-stream" nodeset we can remove our local CentOS 9 Stream nodeset. [1] http://lists.openstack.org/pipermail/openstack-discuss/2022-April/028321.html Change-Id: I1c8dfec7bd2b5f80b12d7229e47ef8ff70bd283b
* Fix dns.resolver import for mdnsErik Olof Gunnar Andersson2023-02-111-1/+3
| | | | | | | | | We are currently failing with module 'dns' has no attribute 'resolver'. Closes-Bug: #2006537 Change-Id: I31a1b1892a7112018b1261f956f51ed4eaa7cfb9 (cherry picked from commit 5cd63481c68ca5d2c8764a93dee5cbb8b45ecf63)
* CI: Move queue configuration into project-templatexena-em13.0.2Dr. Jens Harbott2022-10-231-2/+1
| | | | | | | | | | | | | With this it can be reused by the other designate repos and we can reduce the replication everywhere. Conflicts: .zuul.yaml Change-Id: I1fe73145e4a4699939244bc857600efa264f2340 (cherry picked from commit c907cfa1e68249c21e8cad9f58ff3dc3d9cea6df) (cherry picked from commit 96d788c6733b3e3f78fab96ebc5e0aae2203842a) (cherry picked from commit 5f921b78896e68e473ab0c139d534f02a4105840)
* Merge "Check zone_id in notification_handler to avoid UUID format issue." ↵Zuul2022-09-162-0/+11
|\ | | | | | | into stable/xena
| * Check zone_id in notification_handler to avoid UUID format issue.junbo2022-09-142-0/+11
| | | | | | | | | | | | Closes-Bug: #1977826 Change-Id: I81a4883fd48653c3b0d60ac07210fc0de55ac12a (cherry picked from commit 42dac06e0cdef9eccabc7085d0ff9da47563b318)
* | Fix Redis connection over TLSMichael Johnson2022-09-141-0/+7
|/ | | | | | | | | | When Designate is configured to use Redis for coordination over a TLS connection, it will fail to connect with "ssl.SSLError: ('timed out',)". This is caused by eventlet raising ssl.SSLError instead of the expected socket timeout the core libraries return. This patch monkey-patches eventlet to return the proper exception. Closes-Bug: #1989020 Change-Id: I5bd1c10d863212683752e05bb450e6f531ff7e72 (cherry picked from commit 93dee6a3ff44fb7470b3008e8fbbaf99822bbe82)
* Fix designate-manage pool update MissingProjectIDMichael Johnson2022-08-182-2/+6
| | | | | | | | | | | | | | This patch fixes a bug where adding an additional pool to designate using the "designate-manage pool update" command may fail with an exception: designate.exceptions.MissingProjectID: A project ID must be specified when not using a project scoped token. There was an extra check added as part of the scoped token work that a project ID must be provided when creating pools. This was incorrect as pools are still valid with a None project ID as they are a system resource and not tied to a specific project. This patch removes that check, but retains the RBAC check for and "admin" token. Closes-Bug: #1986733 Change-Id: I7345d7ef505420767209ba037e3c8930a282d03f (cherry picked from commit a03c4657c2bf957fef035807ef7df732f7a1c994)
* Minmum TTL value is zerodkehn2022-07-122-17/+41
| | | | | | | | | | | According to IETF https://tools.ietf.org/html/rfc2181#section-8 the definition of the ttl value is unsigned and can have a minimum value of 0. This path changes the minimum value of 1 to allow for 0 in recordset creats and updates. Unit test have also been modified accordingly. Closes-Bug: #1926429 Change-Id: I9b08e25a007bea598442da377dc227538f6e35f7
* Fix misleading release note for RBAC changes.13.0.1Michael Johnson2022-06-071-2/+2
| | | | | | | | Due to parallel development paths, the release note added for the fixes to the secure-RBAC patches implied it was adding a new feature when in fact the feature already existed. Change-Id: Ia9a904403a2336cc9cd4645d918fc0ff64d5e871
* Clarifies the zone import error messagedekehn2022-06-072-0/+112
| | | | | | | | | | | | | | | | | | | This patch defines the situation where the import_zone exception handler produces the message 'An undefined error occurred' to the exception during the zone import where an underlying exception occurred from the rpc dispatcher at the same time as a duplicate zone exception. Kiall Mac Innes explains this in https://opendev.org/openstack/designate/commit/2c9460505d07d0e46765a552b637e5a3296b667b the problem here is in the way the _import_zone was written where https://github.com/openstack/designate/commit/9b809a11b3068552274340606eb76d2217411b85 was written with threading.local, so it only works if it stays within the same thread. Since _import_zone is created on a separate thread, the necessity to add the decorator @rpc_expected_exceptions() at the top. Closes-bug: #1950118 Closes-bug: #1964323 Change-Id: If7d50cbd4fa0ce86e0ddf03068da36acd7d72cb4 (cherry picked from commit d705c5d6b861f319096afdd3ad50a2100651b064)
* Merge "Minimum TTL value allowed is zero" into stable/xenaZuul2022-06-064-7/+15
|\
| * Minimum TTL value allowed is zerodekehn2022-05-314-7/+15
| | | | | | | | | | | | | | | | | | | | | | According to ITEF https://tools.ietf.org/html/rfc2181#section-8 the definition of the ttl value is unsigned integer and can have a minimum value of 0. This patch changes the minimum value of 1 to allow for 0. Unit test have also been modified accordingly. Closes-Bug: #1926429 Change-Id: I7876b4c1e2c800b654ca750211ee2e58f3ea4309 (cherry picked from commit 6ac659d241c65c245d8a090768ac7559c32a13f1)
* | Merge "Fix duplicate zone when creating ptr records" into stable/xenaZuul2022-06-043-18/+56
|\ \
| * | Fix duplicate zone when creating ptr recordsErik Olof Gunnar Andersson2022-06-033-18/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes a race-condition when creating multiple PTR records under the same zone. There is a brief window when creating two identical zones can cause an error. This adds a fallback that should prevent the error. I also added a threaded test that caught multiple additional bugs in this code. - Wrong find_recordset used caused the wrong exception to be thrown. - The transaction workflow would break error handling. Change-Id: Ia1194ab838c52d5d91cb1d26c4556c73b4f3a745 (cherry picked from commit 0c7d218ba103e8260322e40f76a49a8c92556bfe)
* | | Fix incorrect 404 error on floating IP createMichael Johnson2022-06-031-2/+6
|/ / | | | | | | | | | | | | | | | | There is a case when creating a floating IP could return a 404 error instead of the expected floating IP payload. This fix is extracted from a non-backportable fix that was applied on yoga a newer branches[1]. [1] https://review.opendev.org/c/openstack/designate/+/830549 Change-Id: I53c2a0faf93be19eca259100fe6c3961ef4e7938
* | Merge "Allow email subadresses to be used within mail url of CAA records" ↵Zuul2022-06-033-1/+18
|\ \ | | | | | | | | | into stable/xena
| * | Allow email subadresses to be used within mail url of CAA recordsChristian Rohmann2022-06-023-1/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch allows for +subaddress to be used for the local part of mail urls used for CAA records. While there are more characters allowed in email addresses, using subadresses for incoming email to role accounts is quite common. Closes-Bug: 1958533 Change-Id: Id265fa1dfa5c0703d8e95b5de1334d4ca716fbc0 (cherry picked from commit 1cef20edbc462fab75a919fc0de796c2d6edb30b)
* | | Merge "Fix delete zone transfer request with scoped token" into stable/xenaZuul2022-06-032-0/+7
|\ \ \
| * | | Fix delete zone transfer request with scoped tokenMichael Johnson2022-06-012-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch fixes an issue were deleting a zone transfer request with a scoped token may fail. Change-Id: I4522796ac056630c63798830e8f8d92628f14a37 (cherry picked from commit 6f847aeb5a309eb6e70dee58057fef01886573f6) (cherry picked from commit 276a9fbe89f84dd43ed0495a5445eb9fd4cc56ef)
* | | | Merge "Fix a typo in the tsigkey policy file" into stable/xenaZuul2022-06-031-6/+6
|\ \ \ \
| * | | | Fix a typo in the tsigkey policy fileMichael Johnson2022-05-311-6/+6
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | This patch fixes a typo in the deprecated reason string variable name. Change-Id: I06cf5b5cbe5544327e30971115f3bf98214293f6
* | | | Merge "Fixed incorrect quota exception message" into stable/xenaZuul2022-06-032-2/+2
|\ \ \ \
| * | | | Fixed incorrect quota exception messageErik Olof Gunnar Andersson2022-05-312-2/+2
| |/ / / | | | | | | | | | | | | | | | | Change-Id: I38efa22bb8b0de6fd9a70339e8044fea70080004 (cherry picked from commit 291558c380232b726be0253fdee1f88902522beb)
* | | | Merge "Fix zone update when adding new Bind9 target to pool." into stable/xenaZuul2022-06-033-1/+43
|\ \ \ \
| * | | | Fix zone update when adding new Bind9 target to pool.Dmitry Galkin2022-06-023-1/+43
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a new Bind9 is added to the pool, Designate will trigger 'modzone' rndc command that will fail, unless zone is already present on the backend. This change will first verify that the zone is present on the backend, before an update attempt. If zone is not present - zone creation will be triggered. Closes-Bug: 1958409 Co-authored-by: Kiran Pawar <kinpaa@gmail.com> Change-Id: I782bf38a68f24a2e7133ff2afad7c96e2ae6b7f0 (cherry picked from commit 66cc876eadd9a4ded3afa35aed675c15c60f149d)
* | | | Merge "Improve wording for validation error messages" into stable/xenaZuul2022-06-032-19/+20
|\ \ \ \
| * | | | Improve wording for validation error messagesDr. Jens Harbott2022-06-022-19/+20
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Correct some grammatical issues and harmonize the responses Signed-off-by: Dr. Jens Harbott <harbott@osism.tech> Change-Id: Ib45eae335160d53bb25e3745fcbe451bffa2cc31 (cherry picked from commit 296a5adaf95a221b985c026899662a611d936895)
* | | | Merge "Add proper quota error messages" into stable/xenaZuul2022-06-032-57/+114
|\ \ \ \
| * | | | Add proper quota error messagesErik Olof Gunnar Andersson2022-06-012-57/+114
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds a message to OverQuota containing information on the actual quota reached and fixes a minor visual bug with QuotaResourceUnknown. Change-Id: Ibd01f6ad3046ca29eec02032e9115183f89a6a4b (cherry picked from commit 907a029625a7f95369ca5a2f5173efefdb04d28f)
* | | | Merge "Modernize PTR implementation in Central" into stable/xenaZuul2022-06-033-196/+186
|\ \ \ \
| * | | | Modernize PTR implementation in CentralErik Olof Gunnar Andersson2022-06-023-196/+186
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Updated the PTR (floating ips) code to behave closer to how we handle this type of operations in designate.api.v2. This should resolve some issues (e.g. race conditions) with the older floating ips code. Additional changes. - Fixed minor typos in documentation. - Updated wording where it makes sense to use project instead of tenant. Change-Id: I897d7da185c2dd246b80d1a598e9e8a5c667304e (cherry picked from commit 7ec7adc44a9914ad9492014ca0edec2341fb5de0)
* | | | Merge "Fix dns.query.tcp/udp not always handling ipv6 properly" into stable/xenaZuul2022-06-0310-266/+213
|\ \ \ \
| * | | | Fix dns.query.tcp/udp not always handling ipv6 properlyErik Olof Gunnar Andersson2022-06-0210-266/+213
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Created a new generic send_dns_msg that properly handles both ip and hostnames and fully supports ipv4 and ipv6. Also, moved all usage of dns.query.tcp/udp to a central location. Change-Id: I403ed6716b3ceffa1910269adf0e352f75e9dd5b (cherry picked from commit acd930d3429aa30bea449f5fc7246581b0d2eb25)
* | | | Merge "Fixed incorrect message when zone import failed due to quota" into ↵Zuul2022-06-034-15/+44
|\ \ \ \ | | | | | | | | | | | | | | | stable/xena
| * | | | Fixed incorrect message when zone import failed due to quotaErik Olof Gunnar Andersson2022-06-024-15/+44
| |/ / / | | | | | | | | | | | | | | | | | | | | Closes-Bug: #1960764 Change-Id: Ib91e49081855e5f4ec9f46a060d1587dcfeaac29 (cherry picked from commit 7e543c2d22516254cbaab111e9dad87a408ab80d)
* | | | Merge "Simplify create zone import implementation" into stable/xenaZuul2022-06-021-58/+48
|\ \ \ \
| * | | | Simplify create zone import implementationErik Olof Gunnar Andersson2022-06-021-58/+48
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | Removed unnecessarily complex threading code. Change-Id: If00b37e72dabd1bc66a78d9a832c3847c12f6692 (cherry picked from commit eed5042c41f8cd557dd3b53b28e17d520178af64)
* | | | Fix designate-manage pool update bugsErik Olof Gunnar Andersson2022-06-022-81/+65
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch addresses a few problems with the manage command for pools and NS records. - Fixed an issue where having multiple NS records would break the pool command. - Fixed a scenario where manually (non-managed) NS records could break the pool command. - Fixed a potential edge case that could break the pool command. The biggest change is that we now only manage the NS record for the zone itself. This was always the case, but because we didn't check for this specifically, other NS records would conflict with the command. Change-Id: I4e6ea0b6b717d2a1b5cc420874d1bb8fb290e04b (cherry picked from commit bff3d5f6e31fe595a77143ec4ac779c187bf72a8)
* | | Merge "Validate worker actions before retrying poll" into stable/xenaZuul2022-06-013-11/+155
|\ \ \ | |/ / |/| |
| * | Validate worker actions before retrying pollErik Olof Gunnar Andersson2022-05-313-11/+155
| |/ | | | | | | | | | | | | | | This adds a check to validate if we need to keep retrying the current action. Change-Id: I4b2991499f33e65790388aea902a8b3e6023eb4e (cherry picked from commit dc45a03563bc075242b4d27dfbc6d340166c1c0c)
* | Merge "Fix support for scoped tokens and default roles" into stable/xenaZuul2022-06-0126-321/+852
|\ \
| * | Fix support for scoped tokens and default rolesMichael Johnson2022-05-3126-321/+852
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch is the base patch to enable support for Keystone scoped tokens[1] and default roles[2] in the Designate API. It also migrates to using project_id in the context objects instead of the deprecated tenant_id. [1] https://docs.openstack.org/keystone/latest/admin/tokens-overview.html#authorization-scopes [2] https://docs.openstack.org/keystone/latest/admin/service-api-protection.html Depends-On: https://review.opendev.org/c/openstack/designate-tempest-plugin/+/821632 Change-Id: I43bb76dc4dc1d167d86fd5ea139a50f95f3b0b4a (cherry picked from commit 5f87d207b448ec4e24988af5671c3b3593b13804)
* | Merge "Checks for invalid denylist regex patterns" into stable/xenaZuul2022-05-314-2/+85
|\ \ | |/ |/|
| * Checks for invalid denylist regex patternsdekehn2022-02-014-2/+85
| | | | | | | | | | | | | | | | | | Adds new field check method DenyListFields to validate the pattern string. in addition, check for a zero length string as well. Closes-Bug: #1934252 Change-Id: I2b69025fc11125bb73a4e0f8c0dedad951399cbf
* | Update zuul queue configurationMichael Johnson2022-05-271-4/+2
| | | | | | | | | | | | | | | | | | Zuul is changing how queues are declared[1]. This patch updates Designate for the new way to define the queue. [1] https://lists.zuul-ci.org/pipermail/zuul-discuss/2022-May/001801.html Change-Id: I94324104a7ed89e757d48bb250d8b1132026ce46 (cherry picked from commit fe9fb45c21a7be2f88600e1f29fd37f56244cc1a)
View Lorry Controller Status