Fix sharing a zone with the zone owner

There was a bug that allowed users to create a zone share with the zone
owner. This would then cause issues deleting the zone share as the zone
owner owns the NS and SOA recordsets in the zone.
This patch raises a BadRequest if the user attempts to create a zone
share for the zone owner.

Closes-Bug: #2011585
Change-Id: I1b56c492436821f650d1ba669614d92595d2f476

designate/central/service.py

@@ -1209,6 +1209,10 @@ class Service(service.RPCService):
 
         policy.check('share_zone', context, target)
 
+        if zone.tenant_id == shared_zone.target_project_id:
+            raise exceptions.BadRequest(
+                'Cannot share the zone with the zone owner.')
+
         shared_zone['project_id'] = context.project_id
         shared_zone['zone_id'] = zone_id
 

designate/tests/test_central/test_service.py

@@ -3795,6 +3795,17 @@ class CentralServiceTest(CentralTestCase):
         self.assertEqual(context.project_id, shared_zone.project_id)
         self.assertEqual(zone.id, shared_zone.zone_id)
 
+    def test_share_zone_with_zone_owner(self):
+        # Create a Shared Zone
+        context = self.get_context(project_id='1')
+        zone = self.create_zone(context=context)
+        exc = self.assertRaises(
+            rpc_dispatcher.ExpectedException, self.share_zone,
+            context=context, zone_id=zone.id,
+            target_project_id=zone.tenant_id)
+
+        self.assertEqual(exceptions.BadRequest, exc.exc_info[0])
+
     def test_unshare_zone(self):
         context = self.get_context(project_id='1')
         zone = self.create_zone(context=context)

releasenotes/notes/Fix-share-zone-with-zone-owner-31a20c57a65c0cc4.yaml

@@ -0,0 +1,4 @@
+---
+fixes:
+  - |
+    Fixed a bug that allowed users to create a zone share for the zone owner.