Fix the child search logic during zone deletion.

This patch uses elevated context to look up the child zones
when a (parent) zone is deleted. If policy allows deleting a
zone with non-admin role - the search will not find the child
zones in another tenant and therefore parent zone gets deleted.

Change-Id: Id1a8228f287a8f8e02462017cd062607ff4bebf8
Closes-Bug: 1809906
This commit is contained in:
Dmitry Galkin 2018-12-27 15:11:16 +00:00 committed by Erik Olof Gunnar Andersson
parent b827073880
commit 9a20caa336
1 changed files with 3 additions and 1 deletions

View File

@ -1094,7 +1094,9 @@ class Service(service.RPCService, service.Service):
# Prevent deletion of a zone which has child zones
criterion = {'parent_zone_id': zone_id}
if self.storage.count_zones(context, criterion) > 0:
# Look for child zones across all tenants with elevated context
if self.storage.count_zones(context.elevated(all_tenants=True),
criterion) > 0:
raise exceptions.ZoneHasSubZone('Please delete any subzones '
'before deleting this zone')