This patch replaces request.request_mac with request.mac
to provide TSIG verification.
Change-Id: Ide4f48dc3b4de7a919cc41abebf9843d0ba77763
Closes-Bug: #1466300
This patch adds forbidden exception for all_tenants
and edit_managed attributes.
Change-Id: I7a160abee99cc787f18593cba5c9e33485a85239
Closes-Bug: #1486709
* Fixes a policy check on doing the zone export that caused a 403
unless the tenant was an admin
* Adds ZoneFile and ZoneFileRecord models to parse a zone file
* Adds some "meta" tests for the new models
* Updates the test_export_domain test to check the zone file text
Change-Id: I65c93f5d5283fc5962f4a2bf0ac8abae1966e6d6
Spelling out all the hosts that are allowed to send messages
to the Agent could get really tedious, and there are other ways of
controlling access to this service that might be smarter in a
production environment.
Change-Id: Ie6ee5cf748d7fc9d138b09d14b5be99cd22c05f4
The agent is calling the `do_axfr` function in `dnsutils`, passing in
a dict with {"ip": "x"}, this was changed in
9350ea7ad0
this changes catches the agent up and restores functionality.
Change-Id: I339f5c6ebffe009c19f66d924648f44799c83479
* Dont load masters when loading attribute relations as this causes
update_domain() to explode after the zone is AXFR'd
* Change srv.ip > srv.host
Closes-Bug: #1492749
Closes-Bug: #1492750
Change-Id: Ia6b1e855708254ab2d17ffd92eed3c140b2b9836
Remove the specification in tox.ini that _ is a builtin so that
it will no longer assume that _ does not need to be imported.
This helps ensure that the _ from i18n is used.
Activating this check did not flag any violations.
Change-Id: I5ce6b01544eab566353ad69a3d36d009f178f606
Adds SSLMiddleware that checks a configurable header to set
the correct url_scheme used to generate links when host headers
are in use.
Change-Id: Id864bb53d175c868fdee58c04fd2ea27ee188e08
Closes-Bug: #1490034
When https://review.openstack.org/#/c/170612/ landed, the host/port
configuration for pool targets moved to be regular pool_target options.
The config that is shown in the documentation reflects this, but the sample
config does not. This gets really confusing, because the default host/port
is 127.0.0.1:53, so the Pool Manager will still start, and NOTIFYs will
be sent there.
Change-Id: If682bdcdf2bfb5f2a6c7f435a41e0577e262a5f3
Do the needful to move Zone Exports to an asynchronous resource in the
v2 API, as discussed at the Austin 2015 summe mid-cycle
* Make designate-zone-manager an RPC service, with a read-only connection
to the database
* Add a 'location' column to the zone_tasks table that stores a location
(swift, URI) that is used to determine where the export will be made
available to the user
* Add all the infrastucture to make zone export resources live (objects,
central, storage methods)
* Add a quota on the size of allowed synchronous exports
* Tests, docs
THIS DOES NOT IMPLEMENT
* Zone exports to Swift
* Debateable: See the note in zone_manager/service.py about how the configuration
and determination of future swift exports will work.
ApiImpact
Blueprint: async-export
Change-Id: I1c168b10358164c3ca5be986b4d615df71062851
This lets us run functional tests that need to auth with keystone
but that need to run against a url outside of the service catalog.
Change-Id: Ie3f739ea2626bd0c597188f3312a7c2b950ae4fb
In preparation for async zone exports, move imports to be their own objects,
away from zone tasks. This is essentially a giant renaming.
Change-Id: If6eefbf5553d0fc09e638e879b88c73c133c56fe
* Failed test cases will show all captured logging
* Forward OS_*_CAPTURE environment variables along from tox to testr
Change-Id: Ice9a64d07bb77dd46fb1da6a8ffaa8fd85d5f38b
* Call them "functional tests" instead of "tempest tests"
* The functional tests are run with tox now
* Updated the config file
Change-Id: Ibf9e986ac63e277e1b4f5f319113b4558be2a900
