From 622714b63e08feaba4e81d218541319d2ffada30 Mon Sep 17 00:00:00 2001 From: Jens Harbott Date: Fri, 15 May 2020 08:43:18 +0000 Subject: [PATCH] Optionally use admin powers when deleting DNS records This resolves a bug that causes stale records to be kept in place when an admin deletes a port, server or floating IP that was created in some project other than the admin project. Change-Id: I7cbb0e87a7e87f23ccf5d8750835b4785693473a Closes-Bug: #1875981 --- .../externaldns/drivers/designate/driver.py | 22 ++++++++++++++----- .../notes/bug-1875981-ec32d8c3918b0dd4.yaml | 6 +++++ 2 files changed, 23 insertions(+), 5 deletions(-) create mode 100644 releasenotes/notes/bug-1875981-ec32d8c3918b0dd4.yaml diff --git a/neutron/services/externaldns/drivers/designate/driver.py b/neutron/services/externaldns/drivers/designate/driver.py index baeedd9e80c..b7e329c27d5 100644 --- a/neutron/services/externaldns/drivers/designate/driver.py +++ b/neutron/services/externaldns/drivers/designate/driver.py @@ -62,6 +62,11 @@ def get_clients(context): return client, admin_client +def get_all_projects_client(context): + auth = token_endpoint.Token(CONF.designate.url, context.auth_token) + return d_client.Client(session=_SESSION, auth=auth, all_projects=True) + + class Designate(driver.ExternalDNSService): """Driver for Designate.""" @@ -147,18 +152,25 @@ class Designate(driver.ExternalDNSService): CONF.designate.ipv6_ptr_zone_prefix_size) / 4) def delete_record_set(self, context, dns_domain, dns_name, records): - designate, designate_admin = get_clients(context) - ids_to_delete = self._get_ids_ips_to_delete( - dns_domain, '%s.%s' % (dns_name, dns_domain), records, designate) + client, admin_client = get_clients(context) + try: + ids_to_delete = self._get_ids_ips_to_delete( + dns_domain, '%s.%s' % (dns_name, dns_domain), records, client) + except dns_exc.DNSDomainNotFound: + # Try whether we have admin powers and can see all projects + client = get_all_projects_client(context) + ids_to_delete = self._get_ids_ips_to_delete( + dns_domain, '%s.%s' % (dns_name, dns_domain), records, client) + for _id in ids_to_delete: - designate.recordsets.delete(dns_domain, _id) + client.recordsets.delete(dns_domain, _id) if not CONF.designate.allow_reverse_dns_lookup: return for record in records: in_addr_name = netaddr.IPAddress(record).reverse_dns in_addr_zone_name = self._get_in_addr_zone_name(in_addr_name) - designate_admin.recordsets.delete(in_addr_zone_name, in_addr_name) + admin_client.recordsets.delete(in_addr_zone_name, in_addr_name) def _get_ids_ips_to_delete(self, dns_domain, name, records, designate_client): diff --git a/releasenotes/notes/bug-1875981-ec32d8c3918b0dd4.yaml b/releasenotes/notes/bug-1875981-ec32d8c3918b0dd4.yaml new file mode 100644 index 00000000000..bfdeb2052af --- /dev/null +++ b/releasenotes/notes/bug-1875981-ec32d8c3918b0dd4.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + `1875981 `_ + Neutron now correctly removes associated DNS records when an admin + deletes ports, servers or floation IPs.