We exuberantly announce the release of: designate 13.0.1: DNS as a Service This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/designate Download the package from: https://tarballs.openstack.org/designate/ Please report issues through: https://bugs.launchpad.net/designate/+bugs For more details, please see below. 13.0.1 ^^^^^^ Bug Fixes * Fixed an issue that caused the recordset_records quota to not be enforced. * Fixes bug 1934252 which ignored invalid denylist patterns. The fix entailed checking the pattern string via regular expression compiler and testing for zero length. Previously you could create blacklist/denylist using string that cannot be used either as a regex or as a zone name, for example: patterns = ['', "'#(*&^%$%$#@$']" In addition, the server will return a 400 BadRequest response to an invalid pattern. (https://bugs.launchpad.net/designate/+bug/1934252) * Fixed an issue where new BIND9 pool instances may fail on zone update. * Fixed an issue where set-quotas will always return the default quotas if it was called with a non-project scoped token and the all- projects flag was not set. * Fixes support for keystone default roles and scoped tokens. * Allows for a minimum TTL value of zero to be used instead of 1. As stated in RFC https://datatracker.ietf.org/doc/html/rfc2181#section-8. (https://bugs.launchpad.net/designate/+bug/1926429) * CAA records now allow the use of *+* prefixed subadresses like *security+caa@example.net* within mail urls. (https://www.rfc- editor.org/rfc/rfc5233.html#section-1) See bug 1958533 for more information. (https://bugs.launchpad.net/designate/+bug/1958533) * Fixed a bug where deleting a zone transfer request may fail when using a system scoped token. Changes in designate 13.0.0..13.0.1 ----------------------------------- 2159c7a5 Fix misleading release note for RBAC changes. 2862a550 Clarifies the zone import error message 8fea6838 Fix duplicate zone when creating ptr records 5237ce97 Fix incorrect 404 error on floating IP create fab62ff8 Fix dns.query.tcp/udp not always handling ipv6 properly 4e6da9b9 Improve wording for validation error messages 9f9480bd Modernize PTR implementation in Central d04a2e17 Fix designate-manage pool update bugs 0b818283 Allow email subadresses to be used within mail url of CAA records e6922d74 Simplify create zone import implementation d1402da7 Fixed incorrect message when zone import failed due to quota 5b1b404e Fix zone update when adding new Bind9 target to pool. 6b595bd4 Add proper quota error messages 63bc0c1d Fix delete zone transfer request with scoped token 264ac571 Minimum TTL value allowed is zero f4396df7 Fix a typo in the tsigkey policy file 721184fc Validate worker actions before retrying poll fc0c6b37 Fixed incorrect quota exception message b5bb17cf Fix support for scoped tokens and default roles c78db47c Update zuul queue configuration 28e969e7 Improve quota API validations 08d56f87 Fix tox docs env to have the correct dependencies 6072ef37 Fix set-quotas for non-project scoped tokens df605a79 Fix recordset_records quota enforcement e2027bfb Add fips jobs b55afb59 Checks for invalid denylist regex patterns e8217d5b Remove lower-constraint job from stable/xena 5e9cca1b Allow TXT record over 255 characters if split 8634d531 Fix race condition in the sink when deleting records 86db7954 Update TOX_CONSTRAINTS_FILE for stable/xena 1bfcf16c Update .gitreview for stable/xena Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .zuul.yaml | 37 +- designate/api/middleware.py | 6 +- designate/api/v2/controllers/quotas.py | 10 + .../api/v2/controllers/zones/tasks/exports.py | 9 +- designate/backend/agent.py | 40 +- designate/backend/impl_bind9.py | 31 +- designate/central/service.py | 1266 +++++++++++++------- designate/common/constants.py | 28 + designate/common/policies/base.py | 70 +- designate/common/policies/context.py | 50 +- designate/common/policies/diagnostics.py | 51 +- designate/common/policies/quota.py | 2 +- designate/common/policies/recordset.py | 64 +- designate/common/policies/tsigkey.py | 15 +- designate/common/policies/zone.py | 25 +- designate/common/policies/zone_export.py | 24 +- designate/common/policies/zone_import.py | 2 +- designate/common/policies/zone_transfer_accept.py | 6 +- designate/common/policies/zone_transfer_request.py | 25 +- designate/context.py | 5 +- designate/dnsutils.py | 152 ++- designate/exceptions.py | 13 + designate/mdns/notify.py | 24 +- designate/notification_handler/base.py | 50 +- .../adapters/api_v2/zone_transfer_request.py | 12 +- designate/objects/blacklist.py | 4 +- designate/objects/fields.py | 53 +- designate/objects/quota.py | 8 +- designate/objects/rrdata_txt.py | 38 +- designate/objects/zone.py | 2 +- designate/policy.py | 15 +- designate/quota/base.py | 19 +- designate/quota/impl_storage.py | 2 +- designate/storage/impl_sqlalchemy/__init__.py | 11 +- .../nova/compute.instance.create.end-2.json | 180 +++ .../test_notification_handler/test_neutron.py | 40 +- designate/worker/README.md | 2 +- designate/worker/tasks/base.py | 48 + designate/worker/tasks/zone.py | 38 +- designate/worker/utils.py | 82 -- playbooks/enable-fips.yaml | 3 + ...x-recordset-records-quota-76ed3095dd2afbbe.yaml | 4 + ...atterns-not-being-checked-ec1f1316ccc6cb1d.yaml | 16 + ...x-update-zone-create-zone-ada1fd81de479492.yaml | 4 + ...non-project-scoped-tokens-ffe3082db3dbb55b.yaml | 6 + .../Support-scoped-tokens-6b7d6052a258cd11.yaml | 4 + ...429-allow-ttl-min-of-zero-688f7c2cf095d89d.yaml | 8 + ...33-allow-caa-mail-subaddr-d02cdc46bbb118ad.yaml | 10 + ...sfer-request-scoped-token-fc9d3be407e1a50a.yaml | 5 + tox.ini | 9 +- 73 files changed, 2778 insertions(+), 1156 deletions(-)