Designate

Recommendation to restrict zone name creation

Asked by Chris DeVita on 2017-08-17

We want to restrict a tenant to only be able to create a SLD zones under a given TLD. Instead of a blacklist of what you can't create we want a list of what zones you CAN create. For example if the the lists contains xyz.com , then the tenant could create abc.xyz.com but no other domains / zones.

Question information

Language:: English Edit question

Status:: Expired

For:: Designate Edit question

Assignee:: No assignee Edit question

Last query:: 2017-08-25

Last reply:: 2017-09-10

Link existing bug

Revision history for this message

Chris DeVita (cdev3) said on 2017-08-25:

As Admin I can create a tld, to keep the tenant from hijacking other domains

$ openstack tld create --name tld
-> ok
$ openstack tld list
+--------------------------------------+------+-------------+
| id | name | description |
+--------------------------------------+------+-------------+
| 434abc87-9dbf-4e74-a9aa-faec8bde5b67 | tld | |
+

Then logged in as as the DEMO project

I cannot create zone for TLD,

$ openstack zone create --email test@tld tld.
More than one label is required

But can create sub domains

$ openstack zone create --email test@tld sld.tld.
-> ok
$ openstack zone create --email test@tld xyz.sld.tld.
-> ok

I can also make other zones not in the tld list

So if the admin sets up a TLD the project user can make any zone but not the TLD zone itself ( tld. )

Revision history for this message

Launchpad Janitor (janitor) said on 2017-09-10:

This question was expired because it remained in the 'Open' state without activity for the last 15 days.

To post a message you must log in.

Ask a question

Edit question

Designate

Recommendation to restrict zone name creation

Question information

Related bugs

Related FAQ:

Subscribers