4285 Commits

Author SHA1 Message Date
Lance Bragstad
b3363cc863 Fix typos in zone policy deprecations
Two of the zone policies were referencing the wrong policy variables in
the same file. This causes oslo.policy to think the rules were changing
when they are not. This commit updates the policy deprecations to use
the proper deprecated rules for the appropriate policies.

Change-Id: I68b71e680cd72692b0bcb470be1bc4902d5e7bc8
2021-09-07 17:54:36 +00:00
Zuul
76bb79dd0d Merge "CERT DNS records" 2021-08-31 00:49:33 +00:00
Takashi Kajinami
d65faea1d5 Add missing [oslo_reports] options
The oslo.reports library provides some options under the [oslo_reports]
section. This change ensures these parameters are rendered by
the oslo-config-generator command.

Closes-Bug: #1940733
Change-Id: Ia5491fc97e431e5fce52091729738e6958f764e2
2021-08-21 17:27:36 +09:00
Michael Johnson
b0e83084c2 Fix grenade upgrade API check URL path
Previously, the grenade API started check during the upgrade was
checking if the root of the web server was functioning. In this job
that is testing the horizon endpoint and not the designate API.
This patch fixes this to have the check run against the designate
endpoint under apache. This prevents false failures when horizon
has an issue.

Change-Id: Idbfec1adca2024cd5f352017a7c9319dcec65d42
2021-07-28 23:45:28 +00:00
Michael Johnson
beb75cc529 Fix doc building for sphinx 4.x
Sphinx 4.x has renamed add_stylesheet to add_css_file and
add_javascript to add_js_file.
This patch updates the sphinx extensions in designate to use the
new methods.

Change-Id: I71baf9abb5566908da580d0c104831dea20c9d3c
2021-07-27 23:59:28 +00:00
kpdev
e7b0246609 CERT DNS records
This patchset adds support for DNS CERT Resource Record which is
described in RFC 4398
(https://tools.ietf.org/html/rfc4398)

Closes-Bug: 1937113
Change-Id: I0cdfa1decd28096b7135b820b01ee7ec17b1a57d
2021-07-25 11:12:44 +02:00
Zuul
6fc04e72ec Merge "Replace md5 for fips" 2021-07-12 23:09:35 +00:00
Ghanshyam Mann
4797efae2e Fix oslo policy DeprecatedRule warnings
Since 3.7.0, oslo policy started the DeprecationWarning[1] if
deprecated_reason and deprecated_since param are not passed
in DeprecatedRule or they are passed in RuleDefault object.

These warnings are logged for every test which increase the
log size and sometime can full the log buffer and fail the
job.

[1] https://github.com/openstack/oslo.policy/blob/3.7.0/oslo_policy/policy.py#L1538

Change-Id: I7034a70950b787f1cdbc510e88ab777957339ba7
2021-07-04 18:04:14 -05:00
Zuul
5d1127d3e0 Merge "Improvements to zone blacklist doc" 2021-06-29 23:50:01 +00:00
Ade Lee
7ea5643290 Replace md5 for fips
md5 is not an approved algorithm in FIPS mode, and trying to
instantiate a hashlib.md5() will fail when the system is running in
FIPS mode.

md5 is allowed when in a non-security context.  There is a plan to
add a keyword parameter (usedforsecurity) to hashlib.md5() to annotate
whether or not the instance is being used in a security context.

In the case where it is not, the instantiation of md5 will be allowed.
See https://bugs.python.org/issue9216 for more details.

Some downstream python versions already support this parameter.  To
support these versions, a new encapsulation of md5() has been added to
oslo_utils.  See https://review.opendev.org/#/c/750031/

In this case, md5 is used to calculate the hash of a database record
to ensure record uniqueness.

Change-Id: Ic2571caa71dc99c417ea0933d5d4947287cbe312
2021-06-28 14:13:58 -04:00
Michael Chapman
0dcc1e0921 Improvements to zone blacklist doc
Replaced http api calls with openstack client commands.
Note blacklist exception policy for admin users.
Changed voicing to be more passive
Blacklists only apply to zones, not records.

Change-Id: I7f3662c57ee9bccb42381134523e8fdd21e93740
2021-06-28 13:19:57 +10:00
Erik Olof Gunnar Andersson
4438350451 Cleanup scheduler
This patch is not changing any functionality, but instead it is
aimed at cleaning up the scheduler code. It also removes the use
of reserved keywords in the scheduler code.

Change-Id: I93cede3371f1ec650adf3b00bf8250457a38f96c
2021-06-26 22:07:00 -07:00
Zuul
5a4f0982d6 Merge "Remove six" 2021-06-22 23:34:12 +00:00
Zuul
d29e4a71fd Merge "TLD Doc update" 2021-06-22 07:46:14 +00:00
Zuul
029f4e5bfa Merge "replace whitelist_externals by allowlist_externals" 2021-06-22 07:46:10 +00:00
wangzihao
88a4be5e5c Remove six
Remove six Replace the following items with Python 3 style code.

- six.PY3
- six.moves.urllib
- six.PY2
- six.text_type
- six.string_types
- six.iterkeys
- six.moves.range
- six.add_metaclass
- six.moves.map
- six.moves.zip
- six.MAXSIZE

Change-Id: I4cd26693fac7c16f4fa3d3c0015cd7af796f0877
2021-06-22 06:41:24 +00:00
wangzihao
6916137b82 replace whitelist_externals by allowlist_externals
replace tox's whitelist_externals by allowlist_externals option:
https://github.com/tox-dev/tox/blob/master/docs/changelog.rst#v3180-2020-07-23

Depends-on: https://review.opendev.org/c/openstack/designate/+/796597
Change-Id: Id28a67abc74c3e14d4cba8d3278c89a1fe029252
2021-06-22 10:15:40 +08:00
Michael Chapman
fb9f0b33d3 Support filtering on zone import/export list
List operations should add the task_type criterion to the user
provided criterion.

Change-Id: I983d930f975c109cce24a9587bba6db563b3f19f
Launchpad: 1926058
2021-06-19 03:38:40 +00:00
Zuul
40b5633dfd Merge "Add simple scheduler permutation tests" 2021-06-17 20:10:43 +00:00
Zuul
4d66600def Merge "Changed minversion in tox to 3.18.0" 2021-06-17 18:59:55 +00:00
Erik Olof Gunnar Andersson
c0bd7c7ff0 Add simple scheduler permutation tests
Change-Id: Ib55d16b2f05269ae58bbcf38e816fb776dbe4f3c
2021-06-17 10:57:23 -07:00
Michael Chapman
3df130af12 TLD Doc update
Add some more detail to the TLD admin doc. Replace API calls with
cli.

Change-Id: If9e7d1ac3a8d518ed445ad76ce5175f40408a02a
2021-06-17 11:43:32 +10:00
Zuul
505be14630 Merge "Fixed a potential circular dependency" 2021-06-16 22:28:20 +00:00
wangzihao
c05d3b2e5d Changed minversion in tox to 3.18.0
The patch bumps min version of tox to 3.18.0 in order to
replace tox's whitelist_externals by allowlist_externals option:
https://github.com/tox-dev/tox/blob/master/docs/changelog.rst#v3180-2020-07-23

Change-Id: I2ce7d33d8b8af214145a53165214c9c018d27e20
2021-06-16 16:00:49 +08:00
Michael Johnson
057dd2b3c6 Re-enable the tempest scenario jobs
This patch re-enables the tempest scenario jobs after the gate fix
patch has merged.

Change-Id: I4f97559cbbd5bc360850571b94f58aa296467ae8
2021-06-14 21:45:29 +00:00
Michael Johnson
fba57ab1ca Fix migration for sqlalchemy 1.4
This patch fixes a database migration for sqlalchemy 1.4.
It also removes some unused functions from that migration.

Note: This patch temporarily disables the scenario jobs to allow
this gate fix to merge while the tempest test issue is being
resolved.
A direct follow up patch will re-enable the tests.

Change-Id: I4fee32f9be080eea6eef38fcecbdb2dd3940b9e6
2021-06-14 21:43:55 +00:00
Zuul
ddbbd430df Merge "Add user doc for managing recordsets" 2021-06-09 21:34:01 +00:00
Michael Chapman
999abb0d92 Add user doc for managing recordsets
Documentation targeted at member personas who wish to manage records.

Change-Id: I5400cfe61b2608aa4a1b383f140ef71c2dc342f7
2021-06-09 16:07:58 +10:00
Erik Olof Gunnar Andersson
4da58a2438 Fixed a potential circular dependency
When running individual unit tests there was a possibility
of triggering a circular dependency. This patch fixes
this by moving DEFAULT MDNS and AGENT ports into
the configuration.

Change-Id: I5f7c1ef14daf0a01e4d37cc5416d08cc75f2b485
2021-06-01 22:32:12 -07:00
Nicolas Bock
5c60084f13
Moving to OFTC
Change-Id: I12f03dfd22b4835cd86f2f3a03d1915fc33bf678
Signed-off-by: Nicolas Bock <nicolas.bock@canonical.com>
2021-05-27 06:21:33 -06:00
Yandong Xuan
290b8c068e setup.cfg: Replace dashes with underscores
Resolves warnings like the following:

  UserWarning: Usage of dash-separated 'description-file' will not be
  supported in future versions. Please use the underscore name
  'description_file' instead

Change-Id: I6c161fc4bbc1fafa576916bb9dc3a039c06f9ffa
2021-05-01 15:15:45 +08:00
Michael Chapman
3bde7a843f Add user doc for managing zones
Add some basic documentation for users covering how to create zones.

Nameserver list is not in the client CLI, once that is
available an additional command can be added showing how to get
the backend nameserver to query when verifying results.

Change-Id: I914875cfd6273c01c74194c8a6296ae74537d169
2021-04-23 11:50:47 +10:00
OpenStack Proposal Bot
518e8a74c6 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: Ia61939d31b0a07ad70c69535fedfbc3a42bc7fbd
2021-03-27 06:12:46 +00:00
05343d4226 Add Python3 xena unit tests
This is an automatically generated patch to ensure unit testing
is in place for all the of the tested runtimes for xena.

See also the PTI in governance [1].

[1]: https://governance.openstack.org/tc/reference/project-testing-interface.html

Change-Id: I7db9ad45d719db4912a365043bfea5944bb71dfd
2021-03-26 10:33:07 +00:00
de5d512a61 Update master for stable/wallaby
Add file to the reno documentation build to show release notes for
stable/wallaby.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/wallaby.

Sem-Ver: feature
Change-Id: I2e7d89c3fe7ebdc6f88af3af0680206a4e7d41fc
2021-03-26 10:33:00 +00:00
Zuul
37b3fa2ea4 Merge "[goal] Deprecate the JSON formatted policy file" 2021-03-09 21:54:28 +00:00
Ghanshyam Mann
1c0bd99c08 [goal] Deprecate the JSON formatted policy file
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to do two things:

1. Change the default value of '[oslo_policy] policy_file''
config option from 'policy.json' to 'policy.yaml' with
upgrade checks.

2. Deprecate the JSON formatted policy file on the project side
via warning in doc and releasenotes.

Also replace policy.json to policy.yaml ref from doc.

[1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Change-Id: I81e7ee3243af11ebb3589f530533731b87178a96
2021-03-08 19:13:17 -06:00
Michael Hood
5aac48f08b Add NS1 backend
Introduce an NS1 backend.

Signed-off-by: Michael Hood <mhood@ns1.com>
Change-Id: I80fe08238005a94161e2dbcc89e77c90cde0a715
2021-03-08 10:55:06 -08:00
Michael Chapman
75668d084c New Doc intro section
Added a new section to the documentation introducing the core
concepts of DNS, providing an overview of Designate and how
it integrates with Neutron and external nameservers and linking
to other documentation for more information.

The Designate architecture diagram has been updated to reflect
modern deployments:
  - All services are run as HA
  - Nova does not interact with the Designate API, it has been
    replaced with 'Users'
  - The DB only receives connections from MiniDNS or Central so
    its arrows are all incoming
  - The backend is a part of the worker service
  - MiniDNS sends NOTIFY to customer DNS Servers and
    also receives transfer requests so their connection is
    bidirectional

A subsequent change can update the architecture section to reflect
these clarifications, though they are for the most part already
mentioned in the text there.

Change-Id: I471db98544332cb454d15f29d86407cd09e91d6c
2021-02-08 15:55:13 +11:00
Jens Harbott
e8c901c323 Fix lower-constraints
An updated pip version has shown multiple inconsistencies within
our lower constraints, so bump the affected versions.

Change-Id: I558e77dbba6abf64e6857d7f880104f0237dca1b
2020-12-13 14:07:52 +01:00
Lance Bragstad
1ea6d44a51 Implement secure RBAC for zone transfer requests
This commit updates the policies for zone transfer requests to
understand scope checking and account for a read-only role. This is
part of a broader series of changes across OpenStack to provide a
consistent RBAC experience and improve security.

Change-Id: I56ae44c6ae302d521d8ec52c871f77ef1bbb072d
2020-11-24 04:08:05 +00:00
Lance Bragstad
62cef160c0 Implement secure RBAC for zone transfer accepts
This commit updates the policies for zone transfer accepts to
understand scope checking and account for a read-only role. This is
part of a broader series of changes across OpenStack to provide a
consistent RBAC experience and improve security.

Change-Id: If1329182043001e27713457c2d591e6c55ad3e87
2020-11-24 04:08:05 +00:00
Lance Bragstad
40eb2626f0 Implement secure RBAC for zone imports
This commit updates the policies for zone imports to understand scope
checking and account for a read-only role. This is part of a broader
series of changes across OpenStack to provide a consistent RBAC
experience and improve security.

Change-Id: I319b2398de9bd9d841bfb3bbdbe8f50434762602
2020-11-24 04:08:05 +00:00
Lance Bragstad
d9ee5be3b9 Implement secure RBAC for zone exports
This commit updates the policies for zone exports to understand scope
checking and account for a read-only role. This is part of a broader
series of changes across OpenStack to provide a consistent RBAC
experience and improve security.

Change-Id: I5dde051a1ce565cd35cedc11cb0ff5afe35a8d72
2020-11-24 04:08:05 +00:00
Lance Bragstad
0c952e4a74 Implement secure RBAC for zones
This commit updates the policies for zones to understand scope
checking and account for a read-only role. This is part of a broader
series of changes across OpenStack to provide a consistent RBAC
experience and improve security.

Change-Id: Ib31cb82cbf62460723f261f1eaeec918633508c0
2020-11-24 04:08:05 +00:00
Lance Bragstad
da1c94e47b Implement secure RBAC for tsigkeys
This commit updates the policies for tsigkeys to understand scope
checking and account for a read-only role. This is part of a broader
series of changes across OpenStack to provide a consistent RBAC
experience and improve security.

Change-Id: I8ad4e61337f00a2c7b0019a6748c2fab42a65255
2020-11-24 04:08:05 +00:00
Lance Bragstad
e99f3588f1 Implement secure RBAC for top-level domains
This commit updates the policies for top-level domains to understand
scope checking and account for a read-only role. This is part of a
broader series of changes across OpenStack to provide a consistent
RBAC experience and improve security.

Change-Id: I0df00a826dcaf73c6a078a39585839022b71268a
2020-11-24 04:08:05 +00:00
Lance Bragstad
e477cf33b4 Implement secure RBAC for tenant policies
This commit updates the tenant policies to understand scope checking
and account for a read-only role. This is part of a broader series of
changes across OpenStack to provide a consistent RBAC experience and
improve security.

I'm not entirely sure I understand these policies. It'll be good to
work through these policy changes with someone more familiar with
desginate and why these policies exist.

Change-Id: I9b6bce0c43720f61cdebfa416d953e5a2b920e87
2020-11-24 04:08:05 +00:00
Lance Bragstad
d9360b35fe Implement secure RBAC for service status
This commit updates the policies for service status to understand
scope checking and account for a read-only role. This is part of a
broader series of changes across OpenStack to provide a consistent
RBAC experience and improve security.

Change-Id: I11c3d7ec8dc871338db7fcd3746e56516683ecd1
2020-11-24 04:08:05 +00:00
Lance Bragstad
5402e40319 Implement secure RBAC for recordsets
This commit updates the policies for recordsets to understand scope
checking and account for a read-only role. This is part of a broader
series of changes across OpenStack to provide a consistent RBAC
experience and improve security.

Change-Id: I064a5021282be247ee7339a47871e3dba08ab2fa
2020-11-24 04:08:05 +00:00