96 Commits

Author SHA1 Message Date
Michael Johnson
63ca389755 Deprecate the agent framework and drivers
This patch marks the agent framework and drivers as deprecated in the Antelope release for removal in the "C" release.

Please see the announcement on the OpenStack discuss mailing list for more information about the deprecation:
https://lists.openstack.org/pipermail/openstack-discuss/2023-January/031803.html

Change-Id: I3a90243dc323a2815ce7d973a5e52248ed1c2ad6
2023-02-05 00:29:55 +00:00
Zuul
766d089c46 Merge "Bump minimum dnspython to 2.2.1 for python 3.10" 2023-01-21 21:10:17 +00:00
Michael Johnson
969e80491c Bump minimum dnspython to 2.2.1 for python 3.10
This patch proposes bumping the minimum dnspython version to 2.2.1 to support
python 3.10 which is part of the antelope (2023.1) tested runtimes[1].

2.2.0 had a bug[2] and has been blocked in global requirements.

[1] https://governance.openstack.org/tc/reference/runtimes/2023.1.html
[2] https://github.com/rthalley/dnspython/issues/766

Change-Id: I43617fcf29e404bf58b1a3467f2aaf23c5acd460
2023-01-19 17:21:42 +00:00
Michael Johnson
41bf7dd319 Workaround issue with dnspython >= 2.3.0
The dnspython module >= 2.3.0 now validates the opcodes used when building DNS messages. This breaks Designate because designate is using an "unassigned"[1] opcode 14 for command/control messages inside the backend agents framework.

This patch adds a workaround to override the dnspython opcode enum to include
opcode 14. This will give us time to either remove the agent framework via deprecation or to change the agent framework protocol to not rely on unassigned opcode values.

[1] https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-5

Partial-Bug: #2002950

Change-Id: If10443b2e361aa1b467fb64124ad3c82540bcddd
2023-01-17 17:46:27 +00:00
Manish Honap
d193b0c70c Add option to force delete zone-files in delete API.
Designate does not delete the zone-files on the back-end when zone is
deleted. This results in thousands leftover zone files on backend e.g.
bind. Add option in designate zone delete API to force clean/delete
zone-files on the back-end. This option is restricted for admin or
owner roles.

Closes-Bug: 1966517
Change-Id: Ic7b8fee4d4702b0632774d32542b23d7d2a8c253
2022-10-20 10:01:23 +00:00
Michael Johnson
d6eabef4de Fixes compatibility with jsonschema >= 4.16.0
Jsonschema has changed the type of a parameter from a simple
tuple to a pyrsistent map object. Since we were passing in the
defaults anyway, this patch removes those parameters from the
jsonschema call. This makes designate compatible with
jsonschema >= 4.16.0.

Closes-Bug: #1992677
Change-Id: I9cc94506a63371ad78b204030e5e87339982e9e7
2022-10-13 06:17:29 +00:00
Zuul
13a7048814 Merge "Add simple API versioning to the Designate API" 2022-08-31 18:05:26 +00:00
Zuul
218e11ea20 Merge "Switch Designate to Alembic database migrations" 2022-08-30 05:11:25 +00:00
Michael Johnson
a03c4657c2 Fix designate-manage pool update MissingProjectID
This patch fixes a bug where adding an additional pool to designate using the "designate-manage pool update" command may fail with an exception:

designate.exceptions.MissingProjectID: A project ID must be specified when not using a project scoped token.

There was an extra check added as part of the scoped token work that a project ID must be provided when creating pools. This was incorrect as pools are still valid with a None project ID as they are a system resource and not tied to a specific project.

This patch removes that check, but retains the RBAC check for and "admin" token.

Closes-Bug: #1986733
Change-Id: I7345d7ef505420767209ba037e3c8930a282d03f
2022-08-16 22:22:19 +00:00
Michael Johnson
60c378763a Switch Designate to Alembic database migrations
Currently Designate is using sqlalchemy-migrate for database schema
migrations. sqlalchemy-migrate/migrate have been deprecated for some
time. This patch moves switches Designate to use Alembic for database
migrations.

Change-Id: I90ecb4d409b8b609b384997fa4cc9c65755409b3
2022-08-04 17:15:09 +00:00
Michael Johnson
968e3d348d Remove netaddr module requirement
This patch removes the 'netaddr' module from the Designate requirements list.
It replaces the use of netaddr in Designate with the python standard library 'ipaddress' module.

Change-Id: I2fb1549e1d6cbccf58c03810c7d74c8c378682d5
2022-08-02 22:02:13 +00:00
Manish Honap
7f428e8ab5 Validate matching double quotes in TXT recordsets.
Currently, designate does not validate that if a TXT recordset starts
with a double quote, it also ends with a double quote. So, if user has
provided TXT record in this unmatched doublequote format, zone ends up
in error.

This change verifies that if a TXT record starts with a double quote,
it also ends with a double quote.

Closes-Bug: 1980757
Change-Id: I75bd7c1657a9178c8e7ef2d66fa7318255c67582
2022-07-19 23:52:41 +05:30
Michael Johnson
39652d7a51 Add simple API versioning to the Designate API
Adds simple API versioning for Designate. Designate API minor releases are
additive to the API major revision and share the same URL path. Subsequent
minor versions are a superset of the previous versions of the same major
revision.
Updates the version discovery document to be compliant with OpenStack
version discovery.
Restructures the API reference to provide more information about the
versioning.

Depends-On: https://review.opendev.org/c/openstack/designate-tempest-plugin/+/848323
Change-Id: I13162711b521472ec8b796ced34d0b7107aaed36
2022-06-30 18:30:54 +00:00
Erik Olof Gunnar Andersson
8050680948 Removed RPC calls from MDNS and moved them to the Worker
This patch moved the remaining RPC calls away from the
MDNS service to the Worker and re-worked them to better
match the patterns used in the Worker. This means that
the MDNS service now only handles incoming DNS queries.

In addition the metrics backend has been removed as it was
only used by the MDNS RPC implementation and the monascastatsd
implementation no longer serves a purpose.

Closes-Bug: #1978742
Closes-Bug: #1978743
Change-Id: I5ef106717546a201fd62a51adacd43495c148cd4
2022-06-23 23:31:41 +00:00
Michael Johnson
9a816ef8b6 Fix misleading release note for RBAC changes.
Due to parallel development paths, the release note added for the fixes to
the secure-RBAC patches implied it was adding a new feature when in fact the
feature already existed.

Change-Id: Ia9a904403a2336cc9cd4645d918fc0ff64d5e871
2022-06-07 15:57:41 +00:00
Juan Pablo Suazo
c230ddb8c5 Adds api_ca_cert configuration variable to pools.yaml
Adds a configuration variable that allows a user to
declare the CA certificate to be used to verify
traffic with a PowerDNS API endpoint.

Closes-Bug: #1971856
Signed-off-by: Juan Pablo Suazo <jsuazo@whitestack.com>
Change-Id: I57f3d5a1d1f79186cc5b38e76d30f62e01b60482
2022-05-13 11:21:47 -04:00
Zuul
6d3c377bd5 Merge "Deprecate ineffective [service:api] max_header_line" 2022-05-06 11:13:54 +00:00
Erik Olof Gunnar Andersson
5d5d83e511 Remove deprecated and unused MDNS RPC calls
- Remove deprecated mdns notify option.

Change-Id: I91a05bda874658d8fdc051866fb49a5a97a00fe6
2022-05-05 19:17:51 +00:00
dekehn
6ac659d241 Minimum TTL value allowed is zero
According to ITEF https://tools.ietf.org/html/rfc2181#section-8
the definition of the ttl value is unsigned integer and can have a
minimum value of 0. This patch changes the minimum value of 1 to allow
for 0. Unit test have also been modified accordingly.

Closes-Bug: #1926429
Change-Id: I7876b4c1e2c800b654ca750211ee2e58f3ea4309
2022-05-03 19:28:52 +00:00
Erik Olof Gunnar Andersson
fc905bf760 Removing more unused rpc calls
Removed unused central rpc calls and extended
testing on previously untested paths.

The following rpc calls were removed.
- count_records
- count_recordsets
- count_zones
- count_tenants
- delete_zone_transfer_accept
- find_blacklist
- find_record
- find_zone
- find_zone_transfer_accept
- find_zone_transfer_request
- get_record
- get_quota
- update_zone_transfer_accept

Change-Id: I705cfc06f56a1f1285e9c0d29541dc10505ae62f
2022-04-26 02:08:49 +00:00
Takashi Kajinami
1a4ace8a9a Deprecate ineffective [service:api] max_header_line
This parmaeter has had no effect since [1] was merged. Because
the parmaeter has been broken for several cycles and there has been
the alternative parameter ([DEFAULT] max_header_line) to configure
the same, this change makes the parameter for removal instead of fixing
it.

[1] a09064a5d15859703b97d61a1f014681a17799c6

Closes-Bug: #1967825
Change-Id: I04ea6b8132e6aee35eb72992273f63f3512d4aeb
2022-04-05 16:39:22 +09:00
Michael Johnson
6f847aeb5a Fix delete zone transfer request with scoped token
This patch fixes an issue were deleting a zone transfer request with a scoped
token may fail.

Change-Id: I4522796ac056630c63798830e8f8d92628f14a37
2022-04-01 22:26:17 +00:00
Michael Johnson
158e017be4 Fix set-quotas for non-project scoped tokens
Previously, if set-quotas was called with a non-project scoped token and the all-projects flag was not set, the quotas would be updated but the result returned
would always be the default quota values.
This patch changes the API to require the all-projects flag when set-quota is called and the token is not project scoped.

Closes-Bug: #1966128
Change-Id: I55ca76ef7c2cbeb5fdae1aed1dcbe58b7acddc34
2022-03-23 21:06:46 +00:00
Zuul
13ca3954a0 Merge "Fix zone update when adding new Bind9 target to pool." 2022-03-10 01:25:33 +00:00
Dmitry Galkin
66cc876ead Fix zone update when adding new Bind9 target to pool.
When a new Bind9 is added to the pool, Designate will trigger 'modzone'
rndc command that will fail, unless zone is already present on the backend.

This change will first verify that the zone is present on the backend,
before an update attempt. If zone is not present - zone creation will be
triggered.

Closes-Bug: 1958409

Co-authored-by: Kiran Pawar <kinpaa@gmail.com>
Change-Id: I782bf38a68f24a2e7133ff2afad7c96e2ae6b7f0
2022-03-09 17:46:08 +00:00
Erik Olof Gunnar Andersson
93ebb1af53 Add inactive value to floating ip status
This patch adds a new status value for floating ips called
inactive that is used to indicate if there is not a dns record
assosciated with a floating ip.

Partial-Bug: #1932026

Change-Id: Ieca3cb06b99ba4556f4e6e770f82ec594d1ab1b6
2022-03-02 17:57:48 -08:00
dekehn
f44395870d Checks for invalid denylist regex patterns
Adds new field check method DenyListFields to validate
the pattern string. in addition, check for a zero
length string as well.

Closes-Bug: #1934252
Change-Id: I2b69025fc11125bb73a4e0f8c0dedad951399cbf
2022-02-18 19:14:35 +00:00
Zuul
99fe04953f Merge "Fix API reference for list service statuses" 2022-02-18 02:49:58 +00:00
Erik Olof Gunnar Andersson
c38810b15f Remove unused central code
The following unused rpc calls were removed.
- create_record
- update_record
- delete_record
- sync_record
- sync_zone
- sync_zones
- touch_zone

Change-Id: Iaccdb9b7d586ee04270dad656924a8867f8f7c2c
2022-02-14 20:35:31 +00:00
Zuul
057329deb1 Merge "Integrate OSprofiler and Designate" 2022-02-14 20:28:53 +00:00
zhouhenglc
df10ff5b5c Fix recordset_records quota enforcement
First I set recordset_records=3, and I can create recordset with 4 records
successfully.
Now enforce record quota by count records in database. when create recordset
the number in database is 0., and quotas will not work no matter how much
quota recordset_records are set. And once the excess quota is created
successfully, it can not be updated. Unless quotas are updated.

Closes-Bug: #1847200

Change-Id: If8bc6043d95f52f67899a5ac69a2f72c8fd4de17
2022-02-11 20:49:45 +00:00
kpdev
9541a29761 Integrate OSprofiler and Designate
*) Add osprofiler wsgi middleware

This middleware is used for 2 things:
1) It checks that person who want to trace is trusted and knows
secret HMAC key.
2) It start tracing in case of proper trace headers and add
first wsgi trace point, with info about HTTP request
*) Add initialization of osprofiler at start of serivce.

You should use python-designateclient with this patch:

https://review.opendev.org/#/c/773575

Run any command with --os-profile SECRET_KEY

  $ openstack zone create --email <email_id> <zone_name> \
    --os-profile SECRET_KEY
  # it will print <Trace ID>

Get pretty HTML with traces:

  $ osprofiler trace show --html <Trace ID> --connection-string \
   <connection_string> --out <output.html>
  e.g. --connection-string can be redis://localhost:6379

Note that osprofiler should be run from admin user name & tenant.

Implements: blueprint designate-os-profiler
Change-Id: I2a3787b6428d679555a9add3a57ffe8c2112b6d3
2022-02-07 07:12:18 +00:00
Erik Olof Gunnar Andersson
3c495ed76d Updated status logic to always NOTIFY on change
In this patch we revise the workflow after the zone api has
finished updating the upstream dns servers after a change. The goal
is to fix issues with actions that would overwrite other actions,
potentially causing zone change notifications to not be sent in a
timely manner.

Additional changes.
- Changed update_status method args
- Improved unit test coverage of multiple code paths.

Change-Id: I5d566588be66e9ed0df9484e36504a69b4f4b5a9
2022-02-06 08:01:20 +00:00
Christian Rohmann
1cef20edbc Allow email subadresses to be used within mail url of CAA records
This patch allows for +subaddress to be used for the local part of mail urls
used for CAA records. While there are more characters allowed in email
addresses, using subadresses for incoming email to role accounts is quite
common.

Closes-Bug: 1958533
Change-Id: Id265fa1dfa5c0703d8e95b5de1334d4ca716fbc0
2022-01-22 20:24:12 +01:00
Michael Johnson
5f87d207b4 Fix support for scoped tokens and default roles
This patch is the base patch to enable support for Keystone
scoped tokens[1] and default roles[2] in the Designate API.

It also migrates to using project_id in the context objects instead of
the deprecated tenant_id.

[1] https://docs.openstack.org/keystone/latest/admin/tokens-overview.html#authorization-scopes
[2] https://docs.openstack.org/keystone/latest/admin/service-api-protection.html

Depends-On: https://review.opendev.org/c/openstack/designate-tempest-plugin/+/821632

Change-Id: I43bb76dc4dc1d167d86fd5ea139a50f95f3b0b4a
2021-12-14 01:02:50 +00:00
Takashi Kajinami
79c61e46f3 Deprecate parameters of SSLMiddleware
... because its implementation was already removed during the Ussuri
cycle[1] and http-proxy_to_wsgi from oslo.middleware is used instead.

[1] f628acd526e0de211dd82126f4bf65aaaf0f12fe

Change-Id: I18f17aa83359077db2cd313eba608de649a4f271
2021-11-15 13:55:26 +09:00
Gunju Kim
771197c2f3 Remove Akamai (eDNS SOAP API) backend
The Akamai eDNS SOAP API this backend uses no longer exists at Akamai.

Related-Bug: 1946340
Change-Id: I6545781f263c6a3d124364785aedcf2518116485
2021-10-12 16:32:49 +00:00
kpdev
e7b0246609 CERT DNS records
This patchset adds support for DNS CERT Resource Record which is
described in RFC 4398
(https://tools.ietf.org/html/rfc4398)

Closes-Bug: 1937113
Change-Id: I0cdfa1decd28096b7135b820b01ee7ec17b1a57d
2021-07-25 11:12:44 +02:00
Michael Johnson
2e6611b112 Fix API reference for list service statuses
The API reference incorrectly listed the URL path for list service
statuses as /v2/service_status.
This patch corrects that to the actual path and adds compatiblity
for the /v2/service_status path in the code in case there are
users or libraries coded to the incorrect path.

Closes-Bug: #1919183
Change-Id: I3cdf0f8dcde12891e244822480270aec48e0df0d
2021-03-24 23:13:02 +00:00
Ghanshyam Mann
1c0bd99c08 [goal] Deprecate the JSON formatted policy file
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to do two things:

1. Change the default value of '[oslo_policy] policy_file''
config option from 'policy.json' to 'policy.yaml' with
upgrade checks.

2. Deprecate the JSON formatted policy file on the project side
via warning in doc and releasenotes.

Also replace policy.json to policy.yaml ref from doc.

[1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Change-Id: I81e7ee3243af11ebb3589f530533731b87178a96
2021-03-08 19:13:17 -06:00
hamza alqtaishat
12d50c7f5b Adding the option to set the zone quota to unlimited
by assigning negative value for the resource like -1

Change-Id: Iaeca2be8b38075e3e7e8f79621b4b41cbe9934f7
Closes-Bug: #1876198
2020-05-14 08:25:18 +00:00
Zuul
8b5ec12818 Merge "Update the Akamai DNS Driver matrix information" 2020-02-14 02:59:15 +00:00
Graham Hayes
ce7a4a8886
Update the Akamai DNS Driver matrix information
* Mark Akamai v2 as untested
* Mark Akamai eDNS as known broken due to the API being removed
* Add basic docs for Akamai v2

Change-Id: I4f6c6c1c96251bfc4f7ad3bb6b0bd2025397fa03
Signed-off-by: Graham Hayes <gr@ham.ie>
2020-02-13 15:11:54 +00:00
Erik Olof Gunnar Andersson
92fa6bbbff Updated reno for dropping Python 2 support
Change-Id: I1a9d8dd2aecfe095550041a21bc4efe46adb295f
2019-12-24 15:27:41 -08:00
Ghanshyam Mann
cdac0fc2f9 [ussuri][goal] Drop python 2.7 support and testing
OpenStack is dropping the py2.7 support in ussuri cycle.

Designate is ready with python 3 and ok to drop the
python 2.7 support.

Complete discussion & schedule can be found in
- http://lists.openstack.org/pipermail/openstack-discuss/2019-October/010142.html
- https://etherpad.openstack.org/p/drop-python2-support

Ussuri Communtiy-wide goal:
https://governance.openstack.org/tc/goals/selected/ussuri/drop-py27.html

Depends-On: https://review.opendev.org/#/c/693631/
Change-Id: I5a5bdc859f87f82097b95b2ebb31edb6e9b72b3a
2019-12-13 18:49:14 +00:00
Erik Olof Gunnar Andersson
30d454a223 Renamed enable_host_header by default reno
Change-Id: I1fc06616ed410b473c587253f774ea0a13961707
2019-10-22 10:36:28 -07:00
Erik Olof Gunnar Andersson
2823921582 Fix api version not providing the full url
We are currently using host_url to build the version
href which causes the /dns portion to get dropped. This
patch changes host_url to url_root. We also enable
enable_host_header by default.

Finally we add a help url that points at the
designate api reference.

Change-Id: Ie8d815391b316d664b0c51099a08d8d32932c555
2019-10-22 01:43:54 -07:00
zhouhenglc
d708ff588b designate-manage pool update --dry-run not should pass argument
--dry-run and --delete should be switchs.
now --dry_run acts as key value pair. users do not know what is behind
--dry-run. and now whatever the value is acceptable. this is unreasonable.

Closes-bug: #1847393

Change-Id: Ia6ab93395deb95173e443f9d3ea77dd52edfcf2c
2019-10-11 17:51:57 +08:00
Erik Olof Gunnar Andersson
c030d8dc46 Experimental wsgi support
Added experimental wsgi support. This is largley untested,
but should be functional.

Change-Id: I079702a4fd7547b1fb577f4e231863df3ed90adf
2019-09-25 10:36:45 -07:00
Erik Olof Gunnar Andersson
660eacbce4 Removed deprecated powerdns 3 driver
This driver was replaced by the pdns 4 driver
many cycles ago and is being permanently removed.

Change-Id: Ic34cee5fde21f838b6dd6b54fcdd767ec8b0bc18
2019-09-24 04:26:19 -07:00