Optionally use admin powers when deleting DNS records

This resolves a bug that causes stale records to be kept in place when
an admin deletes a port, server or floating IP that was created in some
project other than the admin project.

Change-Id: I7cbb0e87a7e87f23ccf5d8750835b4785693473a
Closes-Bug: #1875981
This commit is contained in:
Jens Harbott 2020-05-15 08:43:18 +00:00
parent f951871430
commit 622714b63e
2 changed files with 23 additions and 5 deletions

View File

@ -62,6 +62,11 @@ def get_clients(context):
return client, admin_client
def get_all_projects_client(context):
auth = token_endpoint.Token(CONF.designate.url, context.auth_token)
return d_client.Client(session=_SESSION, auth=auth, all_projects=True)
class Designate(driver.ExternalDNSService):
"""Driver for Designate."""
@ -147,18 +152,25 @@ class Designate(driver.ExternalDNSService):
CONF.designate.ipv6_ptr_zone_prefix_size) / 4)
def delete_record_set(self, context, dns_domain, dns_name, records):
designate, designate_admin = get_clients(context)
ids_to_delete = self._get_ids_ips_to_delete(
dns_domain, '%s.%s' % (dns_name, dns_domain), records, designate)
client, admin_client = get_clients(context)
try:
ids_to_delete = self._get_ids_ips_to_delete(
dns_domain, '%s.%s' % (dns_name, dns_domain), records, client)
except dns_exc.DNSDomainNotFound:
# Try whether we have admin powers and can see all projects
client = get_all_projects_client(context)
ids_to_delete = self._get_ids_ips_to_delete(
dns_domain, '%s.%s' % (dns_name, dns_domain), records, client)
for _id in ids_to_delete:
designate.recordsets.delete(dns_domain, _id)
client.recordsets.delete(dns_domain, _id)
if not CONF.designate.allow_reverse_dns_lookup:
return
for record in records:
in_addr_name = netaddr.IPAddress(record).reverse_dns
in_addr_zone_name = self._get_in_addr_zone_name(in_addr_name)
designate_admin.recordsets.delete(in_addr_zone_name, in_addr_name)
admin_client.recordsets.delete(in_addr_zone_name, in_addr_name)
def _get_ids_ips_to_delete(self, dns_domain, name, records,
designate_client):

View File

@ -0,0 +1,6 @@
---
fixes:
- |
`1875981 <https://bugs.launchpad.net/neutron/+bug/1875981>`_
Neutron now correctly removes associated DNS records when an admin
deletes ports, servers or floation IPs.