Due to parallel development paths, the release note added for the fixes to
the secure-RBAC patches implied it was adding a new feature when in fact the
feature already existed.

Change-Id: Ia9a904403a2336cc9cd4645d918fc0ff64d5e871

This patch defines the situation where the import_zone exception handler
produces the message 'An undefined error occurred' to the exception during
the zone import where an underlying exception occurred from the rpc
dispatcher at the same time as a duplicate zone exception. Kiall Mac Innes
explains this in
https://opendev.org/openstack/designate/commit/2c9460505d07d0e46765a552b637e5a3296b667b
the problem here is in the way the _import_zone was written where
https://github.com/openstack/designate/commit/9b809a11b3068552274340606eb76d2217411b85
was written with threading.local, so it only works if it stays within the same
thread. Since _import_zone is created on a separate thread, the necessity to add
the decorator @rpc_expected_exceptions() at the top.

Closes-bug: #1950118
Closes-bug: #1964323
Change-Id: If7d50cbd4fa0ce86e0ddf03068da36acd7d72cb4
(cherry picked from commit d705c5d6)

This fixes a race-condition when creating multiple PTR records
under the same zone. There is a brief window when creating two
identical zones can cause an error. This adds a fallback that
should prevent the error.

I also added a threaded test that caught multiple additional
bugs in this code.
- Wrong find_recordset used caused the wrong exception to be thrown.
- The transaction workflow would break error handling.

Change-Id: Ia1194ab838c52d5d91cb1d26c4556c73b4f3a745
(cherry picked from commit 0c7d218b)

There is a case when creating a floating IP could return a 404 error instead of the expected floating IP payload.
This fix is extracted from a non-backportable fix that was applied on yoga a newer branches[1].

[1] https://review.opendev.org/c/openstack/designate/+/830549

Change-Id: I53c2a0faf93be19eca259100fe6c3961ef4e7938

Created a new generic send_dns_msg that properly handles
both ip and hostnames and fully supports ipv4 and ipv6.

Also, moved all usage of dns.query.tcp/udp to a central
location.

Change-Id: I403ed6716b3ceffa1910269adf0e352f75e9dd5b
(cherry picked from commit acd930d3)

Correct some grammatical issues and harmonize the responses

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Ib45eae335160d53bb25e3745fcbe451bffa2cc31
(cherry picked from commit 296a5ada)

Updated the PTR (floating ips) code to behave closer to how we handle
this type of operations in designate.api.v2. This should resolve
some issues (e.g. race conditions) with the older floating ips code.

Additional changes.
- Fixed minor typos in documentation.
- Updated wording where it makes sense to use project instead of tenant.

Change-Id: I897d7da185c2dd246b80d1a598e9e8a5c667304e
(cherry picked from commit 7ec7adc4)

This patch addresses a few problems with the manage
command for pools and NS records.

- Fixed an issue where having multiple NS records
  would break the pool command.

- Fixed a scenario where manually (non-managed) NS
  records could break the pool command.

- Fixed a potential edge case that could break the
  pool command.

The biggest change is that we now only manage the NS
record for the zone itself. This was always the case,
but because we didn't check for this specifically,
other NS records would conflict with the command.

Change-Id: I4e6ea0b6b717d2a1b5cc420874d1bb8fb290e04b
(cherry picked from commit bff3d5f6)

This patch allows for +subaddress to be used for the local part of mail urls
used for CAA records. While there are more characters allowed in email
addresses, using subadresses for incoming email to role accounts is quite
common.

Closes-Bug: 1958533
Change-Id: Id265fa1dfa5c0703d8e95b5de1334d4ca716fbc0
(cherry picked from commit 1cef20ed)

Removed unnecessarily complex threading code.

Change-Id: If00b37e72dabd1bc66a78d9a832c3847c12f6692
(cherry picked from commit eed5042c)

Closes-Bug: #1960764
Change-Id: Ib91e49081855e5f4ec9f46a060d1587dcfeaac29
(cherry picked from commit 7e543c2d)

When a new Bind9 is added to the pool, Designate will trigger 'modzone'
rndc command that will fail, unless zone is already present on the backend.

This change will first verify that the zone is present on the backend,
before an update attempt. If zone is not present - zone creation will be
triggered.

Closes-Bug: 1958409

Co-authored-by: Kiran Pawar <kinpaa@gmail.com>
Change-Id: I782bf38a68f24a2e7133ff2afad7c96e2ae6b7f0
(cherry picked from commit 66cc876e)

This patch adds a message to OverQuota containing information
on the actual quota reached and fixes a minor visual bug
with QuotaResourceUnknown.

Change-Id: Ibd01f6ad3046ca29eec02032e9115183f89a6a4b
(cherry picked from commit 907a0296)

This patch fixes an issue were deleting a zone transfer request with a scoped
token may fail.

Change-Id: I4522796ac056630c63798830e8f8d92628f14a37
(cherry picked from commit 6f847aeb)
(cherry picked from commit 276a9fbe)

According to ITEF https://tools.ietf.org/html/rfc2181#section-8
the definition of the ttl value is unsigned integer and can have a
minimum value of 0. This patch changes the minimum value of 1 to allow
for 0. Unit test have also been modified accordingly.

Closes-Bug: #1926429
Change-Id: I7876b4c1e2c800b654ca750211ee2e58f3ea4309
(cherry picked from commit 6ac659d2)

This patch fixes a typo in the deprecated reason string variable
name.

Change-Id: I06cf5b5cbe5544327e30971115f3bf98214293f6

This adds a check to validate if we need to
keep retrying the current action.

Change-Id: I4b2991499f33e65790388aea902a8b3e6023eb4e
(cherry picked from commit dc45a035)

Change-Id: I38efa22bb8b0de6fd9a70339e8044fea70080004
(cherry picked from commit 291558c3)

This patch is the base patch to enable support for Keystone
scoped tokens[1] and default roles[2] in the Designate API.

It also migrates to using project_id in the context objects instead of
the deprecated tenant_id.

[1] https://docs.openstack.org/keystone/latest/admin/tokens-overview.html#authorization-scopes
[2] https://docs.openstack.org/keystone/latest/admin/service-api-protection.html

Depends-On: https://review.opendev.org/c/openstack/designate-tempest-plugin/+/821632

Change-Id: I43bb76dc4dc1d167d86fd5ea139a50f95f3b0b4a
(cherry picked from commit 5f87d207)

Zuul is changing how queues are declared[1]. This patch updates Designate for the new way to define the queue.

[1] https://lists.zuul-ci.org/pipermail/zuul-discuss/2022-May/001801.html

Change-Id: I94324104a7ed89e757d48bb250d8b1132026ce46
(cherry picked from commit fe9fb45c)

This patch improves the quotas API validations and test coverage. Invalid quota settings will now be caught at the API/Central layer and not down in the storage layer(DB).

Closes-Bug: #1934596
Change-Id: I474bdd988a6cc3a9bcce1b65c2f49216dd85addf
(cherry picked from commit 38178c07)

Pip is pulling in unstrained dependencies during the "sibblings" package
install step. Normally this is fine as the dependencies have already been
installed and it's just installing the package under test. However, with
designate there are a lot of overlapping dependencies and pip will end up
reinstalling an unconstrained version. In this case it was Jinja2.

Change-Id: Ie49f99ba8e86913471ee6cd078f5afd28282c0f5
(cherry picked from commit 5b40d3d9)

Previously, if set-quotas was called with a non-project scoped token and the all-projects flag was not set, the quotas would be updated but the result returned
would always be the default quota values.
This patch changes the API to require the all-projects flag when set-quota is called and the token is not project scoped.

Closes-Bug: #1966128
Change-Id: I55ca76ef7c2cbeb5fdae1aed1dcbe58b7acddc34
(cherry picked from commit 158e017b)