Optionally use admin powers when deleting DNS records
This resolves a bug that causes stale records to be kept in place when an admin deletes a port, server or floating IP that was created in some project other than the admin project. Change-Id: I7cbb0e87a7e87f23ccf5d8750835b4785693473a Closes-Bug: #1875981
This commit is contained in:
Jens Harbott
parent
f951871430
commit
622714b63e
@ -62,6 +62,11 @@ def get_clients(context):
|
|||||||
return client, admin_client
|
return client, admin_client
|
||||||
|
|
||||||
|
|
||||||
|
def get_all_projects_client(context):
|
||||||
|
auth = token_endpoint.Token(CONF.designate.url, context.auth_token)
|
||||||
|
return d_client.Client(session=_SESSION, auth=auth, all_projects=True)
|
||||||
|
|
||||||
|
|
||||||
class Designate(driver.ExternalDNSService):
|
class Designate(driver.ExternalDNSService):
|
||||||
"""Driver for Designate."""
|
"""Driver for Designate."""
|
||||||
|
|
||||||
@ -147,18 +152,25 @@ class Designate(driver.ExternalDNSService):
|
|||||||
CONF.designate.ipv6_ptr_zone_prefix_size) / 4)
|
CONF.designate.ipv6_ptr_zone_prefix_size) / 4)
|
||||||
|
|
||||||
def delete_record_set(self, context, dns_domain, dns_name, records):
|
def delete_record_set(self, context, dns_domain, dns_name, records):
|
||||||
designate, designate_admin = get_clients(context)
|
client, admin_client = get_clients(context)
|
||||||
ids_to_delete = self._get_ids_ips_to_delete(
|
try:
|
||||||
dns_domain, '%s.%s' % (dns_name, dns_domain), records, designate)
|
ids_to_delete = self._get_ids_ips_to_delete(
|
||||||
|
dns_domain, '%s.%s' % (dns_name, dns_domain), records, client)
|
||||||
|
except dns_exc.DNSDomainNotFound:
|
||||||
|
# Try whether we have admin powers and can see all projects
|
||||||
|
client = get_all_projects_client(context)
|
||||||
|
ids_to_delete = self._get_ids_ips_to_delete(
|
||||||
|
dns_domain, '%s.%s' % (dns_name, dns_domain), records, client)
|
||||||
|
|
||||||
for _id in ids_to_delete:
|
for _id in ids_to_delete:
|
||||||
designate.recordsets.delete(dns_domain, _id)
|
client.recordsets.delete(dns_domain, _id)
|
||||||
if not CONF.designate.allow_reverse_dns_lookup:
|
if not CONF.designate.allow_reverse_dns_lookup:
|
||||||
return
|
return
|
||||||
|
|
||||||
for record in records:
|
for record in records:
|
||||||
in_addr_name = netaddr.IPAddress(record).reverse_dns
|
in_addr_name = netaddr.IPAddress(record).reverse_dns
|
||||||
in_addr_zone_name = self._get_in_addr_zone_name(in_addr_name)
|
in_addr_zone_name = self._get_in_addr_zone_name(in_addr_name)
|
||||||
designate_admin.recordsets.delete(in_addr_zone_name, in_addr_name)
|
admin_client.recordsets.delete(in_addr_zone_name, in_addr_name)
|
||||||
|
|
||||||
def _get_ids_ips_to_delete(self, dns_domain, name, records,
|
def _get_ids_ips_to_delete(self, dns_domain, name, records,
|
||||||
designate_client):
|
designate_client):
|
||||||
|
|||||||
6
releasenotes/notes/bug-1875981-ec32d8c3918b0dd4.yaml
Normal file
6
releasenotes/notes/bug-1875981-ec32d8c3918b0dd4.yaml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
`1875981 <https://bugs.launchpad.net/neutron/+bug/1875981>`_
|
||||||
|
Neutron now correctly removes associated DNS records when an admin
|
||||||
|
deletes ports, servers or floation IPs.
|
||||||
Loading…
Reference in New Issue
Block a user