Fix the child search logic during zone deletion.
This patch uses elevated context to look up the child zones when a (parent) zone is deleted. If policy allows deleting a zone with non-admin role - the search will not find the child zones in another tenant and therefore parent zone gets deleted. Change-Id: Id1a8228f287a8f8e02462017cd062607ff4bebf8 Closes-Bug: 1809906
This commit is contained in:
parent
b827073880
commit
9a20caa336
|
@ -1094,7 +1094,9 @@ class Service(service.RPCService, service.Service):
|
|||
# Prevent deletion of a zone which has child zones
|
||||
criterion = {'parent_zone_id': zone_id}
|
||||
|
||||
if self.storage.count_zones(context, criterion) > 0:
|
||||
# Look for child zones across all tenants with elevated context
|
||||
if self.storage.count_zones(context.elevated(all_tenants=True),
|
||||
criterion) > 0:
|
||||
raise exceptions.ZoneHasSubZone('Please delete any subzones '
|
||||
'before deleting this zone')
|
||||
|
||||
|
|
Loading…
Reference in New Issue