openstack
/
designate
Code Issues Proposed changes

Fix zone list with system scoped tokens 

If you used a system scoped token to list zones and the zone is not shared,
you could see more zones than expected.
This patch corrects that edge case.

Change-Id: I1be68b27dc052cc273fcfdf53940b38a7661e73b
This commit is contained in:
Michael Johnson 2023-06-02 21:38:27 +00:00 committed by Erik Olof Gunnar Andersson
parent aacea51715
commit 9c46364483
2 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.zuul.yaml
View File

@ -186,8 +186,7 @@
voting: false
- designate-bind9-centos-9-stream:
voting: false
- designate-bind9-keystone-default-roles:
voting: false
- designate-bind9-keystone-default-roles
- designate-pdns4
- designate-grenade-bind9
- designate-grenade-pdns4
@ -197,8 +196,7 @@
fail-fast: true
jobs:
- designate-bind9
- designate-bind9-keystone-default-roles:
voting: false
- designate-bind9-keystone-default-roles
- designate-pdns4
- designate-grenade-pdns4
- designate-ipv6-only-pdns4

5
designate/storage/sqlalchemy/base.py
View File

@ -182,7 +182,8 @@ class SQLAlchemy(object, metaclass=abc.ABCMeta):
# NOTE: The query doesn't work with table.c.tenant_id is None,
# so I had to force flake8 to skip the check
if include_null_tenant:
if include_shared:
# Account for scoped tokens with no project_id
if include_shared and context.project_id is not None:
query = query.where(or_(
table.c.tenant_id == context.project_id,
shared_zone_project_id == context.project_id,
@ -192,7 +193,7 @@ class SQLAlchemy(object, metaclass=abc.ABCMeta):
table.c.tenant_id == context.project_id,
table.c.tenant_id == None)) # NOQA
else:
if include_shared:
if include_shared and context.project_id is not None:
query = query.where(or_(
table.c.tenant_id == context.project_id,
shared_zone_project_id == context.project_id