This patch marks the agent framework and drivers as deprecated in the Antelope release for removal in the "C" release.
Please see the announcement on the OpenStack discuss mailing list for more information about the deprecation:
https://lists.openstack.org/pipermail/openstack-discuss/2023-January/031803.html
Change-Id: I3a90243dc323a2815ce7d973a5e52248ed1c2ad6
The dnspython module >= 2.3.0 now validates the opcodes used when building DNS messages. This breaks Designate because designate is using an "unassigned"[1] opcode 14 for command/control messages inside the backend agents framework.
This patch adds a workaround to override the dnspython opcode enum to include
opcode 14. This will give us time to either remove the agent framework via deprecation or to change the agent framework protocol to not rely on unassigned opcode values.
[1] https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-5
Partial-Bug: #2002950
Change-Id: If10443b2e361aa1b467fb64124ad3c82540bcddd
Designate does not delete the zone-files on the back-end when zone is
deleted. This results in thousands leftover zone files on backend e.g.
bind. Add option in designate zone delete API to force clean/delete
zone-files on the back-end. This option is restricted for admin or
owner roles.
Closes-Bug: 1966517
Change-Id: Ic7b8fee4d4702b0632774d32542b23d7d2a8c253
Jsonschema has changed the type of a parameter from a simple
tuple to a pyrsistent map object. Since we were passing in the
defaults anyway, this patch removes those parameters from the
jsonschema call. This makes designate compatible with
jsonschema >= 4.16.0.
Closes-Bug: #1992677
Change-Id: I9cc94506a63371ad78b204030e5e87339982e9e7
This patch fixes a bug where adding an additional pool to designate using the "designate-manage pool update" command may fail with an exception:
designate.exceptions.MissingProjectID: A project ID must be specified when not using a project scoped token.
There was an extra check added as part of the scoped token work that a project ID must be provided when creating pools. This was incorrect as pools are still valid with a None project ID as they are a system resource and not tied to a specific project.
This patch removes that check, but retains the RBAC check for and "admin" token.
Closes-Bug: #1986733
Change-Id: I7345d7ef505420767209ba037e3c8930a282d03f
Currently Designate is using sqlalchemy-migrate for database schema
migrations. sqlalchemy-migrate/migrate have been deprecated for some
time. This patch moves switches Designate to use Alembic for database
migrations.
Change-Id: I90ecb4d409b8b609b384997fa4cc9c65755409b3
This patch removes the 'netaddr' module from the Designate requirements list.
It replaces the use of netaddr in Designate with the python standard library 'ipaddress' module.
Change-Id: I2fb1549e1d6cbccf58c03810c7d74c8c378682d5
Currently, designate does not validate that if a TXT recordset starts
with a double quote, it also ends with a double quote. So, if user has
provided TXT record in this unmatched doublequote format, zone ends up
in error.
This change verifies that if a TXT record starts with a double quote,
it also ends with a double quote.
Closes-Bug: 1980757
Change-Id: I75bd7c1657a9178c8e7ef2d66fa7318255c67582
Adds simple API versioning for Designate. Designate API minor releases are
additive to the API major revision and share the same URL path. Subsequent
minor versions are a superset of the previous versions of the same major
revision.
Updates the version discovery document to be compliant with OpenStack
version discovery.
Restructures the API reference to provide more information about the
versioning.
Depends-On: https://review.opendev.org/c/openstack/designate-tempest-plugin/+/848323
Change-Id: I13162711b521472ec8b796ced34d0b7107aaed36
This patch moved the remaining RPC calls away from the
MDNS service to the Worker and re-worked them to better
match the patterns used in the Worker. This means that
the MDNS service now only handles incoming DNS queries.
In addition the metrics backend has been removed as it was
only used by the MDNS RPC implementation and the monascastatsd
implementation no longer serves a purpose.
Closes-Bug: #1978742
Closes-Bug: #1978743
Change-Id: I5ef106717546a201fd62a51adacd43495c148cd4
Due to parallel development paths, the release note added for the fixes to
the secure-RBAC patches implied it was adding a new feature when in fact the
feature already existed.
Change-Id: Ia9a904403a2336cc9cd4645d918fc0ff64d5e871
Adds a configuration variable that allows a user to
declare the CA certificate to be used to verify
traffic with a PowerDNS API endpoint.
Closes-Bug: #1971856
Signed-off-by: Juan Pablo Suazo <jsuazo@whitestack.com>
Change-Id: I57f3d5a1d1f79186cc5b38e76d30f62e01b60482
According to ITEF https://tools.ietf.org/html/rfc2181#section-8
the definition of the ttl value is unsigned integer and can have a
minimum value of 0. This patch changes the minimum value of 1 to allow
for 0. Unit test have also been modified accordingly.
Closes-Bug: #1926429
Change-Id: I7876b4c1e2c800b654ca750211ee2e58f3ea4309
This parmaeter has had no effect since [1] was merged. Because
the parmaeter has been broken for several cycles and there has been
the alternative parameter ([DEFAULT] max_header_line) to configure
the same, this change makes the parameter for removal instead of fixing
it.
[1] a09064a5d15859703b97d61a1f014681a17799c6
Closes-Bug: #1967825
Change-Id: I04ea6b8132e6aee35eb72992273f63f3512d4aeb
Previously, if set-quotas was called with a non-project scoped token and the all-projects flag was not set, the quotas would be updated but the result returned
would always be the default quota values.
This patch changes the API to require the all-projects flag when set-quota is called and the token is not project scoped.
Closes-Bug: #1966128
Change-Id: I55ca76ef7c2cbeb5fdae1aed1dcbe58b7acddc34
When a new Bind9 is added to the pool, Designate will trigger 'modzone'
rndc command that will fail, unless zone is already present on the backend.
This change will first verify that the zone is present on the backend,
before an update attempt. If zone is not present - zone creation will be
triggered.
Closes-Bug: 1958409
Co-authored-by: Kiran Pawar <kinpaa@gmail.com>
Change-Id: I782bf38a68f24a2e7133ff2afad7c96e2ae6b7f0
This patch adds a new status value for floating ips called
inactive that is used to indicate if there is not a dns record
assosciated with a floating ip.
Partial-Bug: #1932026
Change-Id: Ieca3cb06b99ba4556f4e6e770f82ec594d1ab1b6
Adds new field check method DenyListFields to validate
the pattern string. in addition, check for a zero
length string as well.
Closes-Bug: #1934252
Change-Id: I2b69025fc11125bb73a4e0f8c0dedad951399cbf
First I set recordset_records=3, and I can create recordset with 4 records
successfully.
Now enforce record quota by count records in database. when create recordset
the number in database is 0., and quotas will not work no matter how much
quota recordset_records are set. And once the excess quota is created
successfully, it can not be updated. Unless quotas are updated.
Closes-Bug: #1847200
Change-Id: If8bc6043d95f52f67899a5ac69a2f72c8fd4de17
*) Add osprofiler wsgi middleware
This middleware is used for 2 things:
1) It checks that person who want to trace is trusted and knows
secret HMAC key.
2) It start tracing in case of proper trace headers and add
first wsgi trace point, with info about HTTP request
*) Add initialization of osprofiler at start of serivce.
You should use python-designateclient with this patch:
https://review.opendev.org/#/c/773575
Run any command with --os-profile SECRET_KEY
$ openstack zone create --email <email_id> <zone_name> \
--os-profile SECRET_KEY
# it will print <Trace ID>
Get pretty HTML with traces:
$ osprofiler trace show --html <Trace ID> --connection-string \
<connection_string> --out <output.html>
e.g. --connection-string can be redis://localhost:6379
Note that osprofiler should be run from admin user name & tenant.
Implements: blueprint designate-os-profiler
Change-Id: I2a3787b6428d679555a9add3a57ffe8c2112b6d3
In this patch we revise the workflow after the zone api has
finished updating the upstream dns servers after a change. The goal
is to fix issues with actions that would overwrite other actions,
potentially causing zone change notifications to not be sent in a
timely manner.
Additional changes.
- Changed update_status method args
- Improved unit test coverage of multiple code paths.
Change-Id: I5d566588be66e9ed0df9484e36504a69b4f4b5a9
This patch allows for +subaddress to be used for the local part of mail urls
used for CAA records. While there are more characters allowed in email
addresses, using subadresses for incoming email to role accounts is quite
common.
Closes-Bug: 1958533
Change-Id: Id265fa1dfa5c0703d8e95b5de1334d4ca716fbc0
... because its implementation was already removed during the Ussuri
cycle[1] and http-proxy_to_wsgi from oslo.middleware is used instead.
[1] f628acd526e0de211dd82126f4bf65aaaf0f12fe
Change-Id: I18f17aa83359077db2cd313eba608de649a4f271
This patchset adds support for DNS CERT Resource Record which is
described in RFC 4398
(https://tools.ietf.org/html/rfc4398)
Closes-Bug: 1937113
Change-Id: I0cdfa1decd28096b7135b820b01ee7ec17b1a57d
The API reference incorrectly listed the URL path for list service
statuses as /v2/service_status.
This patch corrects that to the actual path and adds compatiblity
for the /v2/service_status path in the code in case there are
users or libraries coded to the incorrect path.
Closes-Bug: #1919183
Change-Id: I3cdf0f8dcde12891e244822480270aec48e0df0d
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to do two things:
1. Change the default value of '[oslo_policy] policy_file''
config option from 'policy.json' to 'policy.yaml' with
upgrade checks.
2. Deprecate the JSON formatted policy file on the project side
via warning in doc and releasenotes.
Also replace policy.json to policy.yaml ref from doc.
[1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html
Change-Id: I81e7ee3243af11ebb3589f530533731b87178a96
* Mark Akamai v2 as untested
* Mark Akamai eDNS as known broken due to the API being removed
* Add basic docs for Akamai v2
Change-Id: I4f6c6c1c96251bfc4f7ad3bb6b0bd2025397fa03
Signed-off-by: Graham Hayes <gr@ham.ie>
We are currently using host_url to build the version
href which causes the /dns portion to get dropped. This
patch changes host_url to url_root. We also enable
enable_host_header by default.
Finally we add a help url that points at the
designate api reference.
Change-Id: Ie8d815391b316d664b0c51099a08d8d32932c555
--dry-run and --delete should be switchs.
now --dry_run acts as key value pair. users do not know what is behind
--dry-run. and now whatever the value is acceptable. this is unreasonable.
Closes-bug: #1847393
Change-Id: Ia6ab93395deb95173e443f9d3ea77dd52edfcf2c