Optionally use admin powers when deleting DNS records

This resolves a bug that causes stale records to be kept in place when an admin deletes a port, server or floating IP that was created in some project other than the admin project. Change-Id: I7cbb0e87a7e87f23ccf5d8750835b4785693473a Closes-Bug: #1875981
2020-05-15 08:43:18 +00:00 · 2020-05-15 08:43:18 +00:00 · 622714b63e
commit 622714b63e
parent f951871430
2 changed files with 23 additions and 5 deletions
--- a/neutron/services/externaldns/drivers/designate/driver.py
+++ b/neutron/services/externaldns/drivers/designate/driver.py
@ -62,6 +62,11 @@ def get_clients(context):
    return client, admin_client


+def get_all_projects_client(context):
+    auth = token_endpoint.Token(CONF.designate.url, context.auth_token)
+    return d_client.Client(session=_SESSION, auth=auth, all_projects=True)
+
+
 class Designate(driver.ExternalDNSService):
    """Driver for Designate."""

@ -147,18 +152,25 @@ class Designate(driver.ExternalDNSService):
                    CONF.designate.ipv6_ptr_zone_prefix_size) / 4)

    def delete_record_set(self, context, dns_domain, dns_name, records):
-        designate, designate_admin = get_clients(context)
-        ids_to_delete = self._get_ids_ips_to_delete(
-            dns_domain, '%s.%s' % (dns_name, dns_domain), records, designate)
+        client, admin_client = get_clients(context)
+        try:
+            ids_to_delete = self._get_ids_ips_to_delete(
+                dns_domain, '%s.%s' % (dns_name, dns_domain), records, client)
+        except dns_exc.DNSDomainNotFound:
+            # Try whether we have admin powers and can see all projects
+            client = get_all_projects_client(context)
+            ids_to_delete = self._get_ids_ips_to_delete(
+                dns_domain, '%s.%s' % (dns_name, dns_domain), records, client)
+
        for _id in ids_to_delete:
-            designate.recordsets.delete(dns_domain, _id)
+            client.recordsets.delete(dns_domain, _id)
        if not CONF.designate.allow_reverse_dns_lookup:
            return

        for record in records:
            in_addr_name = netaddr.IPAddress(record).reverse_dns
            in_addr_zone_name = self._get_in_addr_zone_name(in_addr_name)
-            designate_admin.recordsets.delete(in_addr_zone_name, in_addr_name)
+            admin_client.recordsets.delete(in_addr_zone_name, in_addr_name)

    def _get_ids_ips_to_delete(self, dns_domain, name, records,
                               designate_client):
--- a/releasenotes/notes/bug-1875981-ec32d8c3918b0dd4.yaml
+++ b/releasenotes/notes/bug-1875981-ec32d8c3918b0dd4.yaml
@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    `1875981 <https://bugs.launchpad.net/neutron/+bug/1875981>`_
+    Neutron now correctly removes associated DNS records when an admin
+    deletes ports, servers or floation IPs.