)]}'
{"doc/source/admin/tlds.rst":[{"author":{"_account_id":31933,"name":"Greg Rakauskas","display_name":"Greg Rakauskas","email":"gregraka@redhat.com","username":"gregraka"},"change_message_id":"919f8cef4ed2be02171ea92aacda3793de265c73","unresolved":true,"context_lines":[{"line_number":18,"context_line":"Managing Top Level Domain Names"},{"line_number":19,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"System Administrators can restrict the domains under which users can create"},{"line_number":22,"context_line":"zones using TLDs. While in the Domain Name System the term \"TLD\" refers"},{"line_number":23,"context_line":"specifically to the set of domains that lie directly below the root, such as"},{"line_number":24,"context_line":"``.org``, in Designate a TLD can be any domain."}],"source_content_type":"text/x-rst","patch_set":3,"id":"6301817c_f6fc26d1","line":21,"updated":"2021-06-11 16:22:47.000000000","message":"Nit: don\u0027t think \u0027Administrators\u0027 needs to be capitalized.","commit_id":"f2a5f6c435409d9738dad8c591a807dca1175c8a"},{"author":{"_account_id":6994,"name":"Michael Chapman","email":"woppin@gmail.com","username":"michaeltchapman"},"change_message_id":"e2d33d6a0cfb8ca0a75f75eececf23159ed111d3","unresolved":true,"context_lines":[{"line_number":18,"context_line":"Managing Top Level Domain Names"},{"line_number":19,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"System Administrators can restrict the domains under which users can create"},{"line_number":22,"context_line":"zones using TLDs. While in the Domain Name System the term \"TLD\" refers"},{"line_number":23,"context_line":"specifically to the set of domains that lie directly below the root, such as"},{"line_number":24,"context_line":"``.org``, in Designate a TLD can be any domain."}],"source_content_type":"text/x-rst","patch_set":3,"id":"94972124_b31a7d85","line":21,"in_reply_to":"6301817c_f6fc26d1","updated":"2021-06-17 01:43:10.000000000","message":"This was meant to be turned into a link to the RBAC page like the other ones. Fixed.","commit_id":"f2a5f6c435409d9738dad8c591a807dca1175c8a"},{"author":{"_account_id":31933,"name":"Greg Rakauskas","display_name":"Greg Rakauskas","email":"gregraka@redhat.com","username":"gregraka"},"change_message_id":"919f8cef4ed2be02171ea92aacda3793de265c73","unresolved":true,"context_lines":[{"line_number":19,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"System Administrators can restrict the domains under which users can create"},{"line_number":22,"context_line":"zones using TLDs. While in the Domain Name System the term \"TLD\" refers"},{"line_number":23,"context_line":"specifically to the set of domains that lie directly below the root, such as"},{"line_number":24,"context_line":"``.org``, in Designate a TLD can be any domain."},{"line_number":25,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"3fcaec13_7db82915","line":22,"range":{"start_line":22,"start_character":12,"end_line":22,"end_character":16},"updated":"2021-06-11 16:22:47.000000000","message":"Suggestion: For the first use, spell out abbreviations. Later, you can refer to them using their abbreviation:\n\n   top level domains (TLDs)","commit_id":"f2a5f6c435409d9738dad8c591a807dca1175c8a"},{"author":{"_account_id":6994,"name":"Michael Chapman","email":"woppin@gmail.com","username":"michaeltchapman"},"change_message_id":"e2d33d6a0cfb8ca0a75f75eececf23159ed111d3","unresolved":false,"context_lines":[{"line_number":19,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"System Administrators can restrict the domains under which users can create"},{"line_number":22,"context_line":"zones using TLDs. While in the Domain Name System the term \"TLD\" refers"},{"line_number":23,"context_line":"specifically to the set of domains that lie directly below the root, such as"},{"line_number":24,"context_line":"``.org``, in Designate a TLD can be any domain."},{"line_number":25,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"ab9e74cd_725af21e","line":22,"range":{"start_line":22,"start_character":12,"end_line":22,"end_character":16},"in_reply_to":"3fcaec13_7db82915","updated":"2021-06-17 01:43:10.000000000","message":"Done","commit_id":"f2a5f6c435409d9738dad8c591a807dca1175c8a"},{"author":{"_account_id":31933,"name":"Greg Rakauskas","display_name":"Greg Rakauskas","email":"gregraka@redhat.com","username":"gregraka"},"change_message_id":"919f8cef4ed2be02171ea92aacda3793de265c73","unresolved":true,"context_lines":[{"line_number":23,"context_line":"specifically to the set of domains that lie directly below the root, such as"},{"line_number":24,"context_line":"``.org``, in Designate a TLD can be any domain."},{"line_number":25,"context_line":""},{"line_number":26,"context_line":"For example, if you want to only allow users to create zones that end in"},{"line_number":27,"context_line":"``.org.``, this can be achieved by creating a single ``.org`` TLD:"},{"line_number":28,"context_line":""},{"line_number":29,"context_line":".. code-block:: console"}],"source_content_type":"text/x-rst","patch_set":3,"id":"face700d_a0fe537c","line":26,"updated":"2021-06-11 16:22:47.000000000","message":"Move \u0027only\u0027 as close as possible to the thing it is modifying. Here\u0027s a suggestion:\n\n\"For example, if you want to allow users to create zones that only end in\n``.org.``, create a TLD named, ``.org``:\"","commit_id":"f2a5f6c435409d9738dad8c591a807dca1175c8a"},{"author":{"_account_id":6994,"name":"Michael Chapman","email":"woppin@gmail.com","username":"michaeltchapman"},"change_message_id":"e2d33d6a0cfb8ca0a75f75eececf23159ed111d3","unresolved":true,"context_lines":[{"line_number":23,"context_line":"specifically to the set of domains that lie directly below the root, such as"},{"line_number":24,"context_line":"``.org``, in Designate a TLD can be any domain."},{"line_number":25,"context_line":""},{"line_number":26,"context_line":"For example, if you want to only allow users to create zones that end in"},{"line_number":27,"context_line":"``.org.``, this can be achieved by creating a single ``.org`` TLD:"},{"line_number":28,"context_line":""},{"line_number":29,"context_line":".. code-block:: console"}],"source_content_type":"text/x-rst","patch_set":3,"id":"5c546b98_a0b03b79","line":26,"in_reply_to":"face700d_a0fe537c","updated":"2021-06-17 01:43:10.000000000","message":"I changed this up since I wasn\u0027t happy with it.","commit_id":"f2a5f6c435409d9738dad8c591a807dca1175c8a"},{"author":{"_account_id":31933,"name":"Greg Rakauskas","display_name":"Greg Rakauskas","email":"gregraka@redhat.com","username":"gregraka"},"change_message_id":"919f8cef4ed2be02171ea92aacda3793de265c73","unresolved":true,"context_lines":[{"line_number":39,"context_line":"    | updated_at  | None                                 |"},{"line_number":40,"context_line":"    +-------------+--------------------------------------+"},{"line_number":41,"context_line":""},{"line_number":42,"context_line":".. note:: You must omit the trailing dot from the FQDN provided to the TLD"},{"line_number":43,"context_line":"   command."},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"If you now attempt to create a zone that does not lie within the ``.org`` TLD,"},{"line_number":46,"context_line":"it will fail:"}],"source_content_type":"text/x-rst","patch_set":3,"id":"7616f7c6_dcc46882","line":43,"range":{"start_line":42,"start_character":10,"end_line":43,"end_character":11},"updated":"2021-06-11 16:22:47.000000000","message":"Suggestion:\nWhen using the `openstack tld` command, ensure that the FQDN that you enter has no trailing dot (`example.net.`).","commit_id":"f2a5f6c435409d9738dad8c591a807dca1175c8a"},{"author":{"_account_id":6994,"name":"Michael Chapman","email":"woppin@gmail.com","username":"michaeltchapman"},"change_message_id":"e2d33d6a0cfb8ca0a75f75eececf23159ed111d3","unresolved":false,"context_lines":[{"line_number":39,"context_line":"    | updated_at  | None                                 |"},{"line_number":40,"context_line":"    +-------------+--------------------------------------+"},{"line_number":41,"context_line":""},{"line_number":42,"context_line":".. note:: You must omit the trailing dot from the FQDN provided to the TLD"},{"line_number":43,"context_line":"   command."},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"If you now attempt to create a zone that does not lie within the ``.org`` TLD,"},{"line_number":46,"context_line":"it will fail:"}],"source_content_type":"text/x-rst","patch_set":3,"id":"8a2361ba_fc140b36","line":43,"range":{"start_line":42,"start_character":10,"end_line":43,"end_character":11},"in_reply_to":"7616f7c6_dcc46882","updated":"2021-06-17 01:43:10.000000000","message":"Done","commit_id":"f2a5f6c435409d9738dad8c591a807dca1175c8a"},{"author":{"_account_id":31933,"name":"Greg Rakauskas","display_name":"Greg Rakauskas","email":"gregraka@redhat.com","username":"gregraka"},"change_message_id":"919f8cef4ed2be02171ea92aacda3793de265c73","unresolved":true,"context_lines":[{"line_number":50,"context_line":"    $ openstack zone create --email admin@test.net test.net."},{"line_number":51,"context_line":"    Invalid TLD"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"TLDs function much like an allowlist, in that if there are many TLDs then the"},{"line_number":54,"context_line":"zone must lie within one of the TLDs present. If no TLDs have been created in"},{"line_number":55,"context_line":"Designate, then users can create any zone. Unlike the blacklists feature, TLDs"},{"line_number":56,"context_line":"do not have a policy that allows priviliged users to create zones outside the"}],"source_content_type":"text/x-rst","patch_set":3,"id":"b941cc1f_5c9738dd","line":53,"range":{"start_line":53,"start_character":38,"end_line":53,"end_character":46},"updated":"2021-06-11 16:22:47.000000000","message":"Suggestion: omit \"in that.\"","commit_id":"f2a5f6c435409d9738dad8c591a807dca1175c8a"},{"author":{"_account_id":31933,"name":"Greg Rakauskas","display_name":"Greg Rakauskas","email":"gregraka@redhat.com","username":"gregraka"},"change_message_id":"919f8cef4ed2be02171ea92aacda3793de265c73","unresolved":true,"context_lines":[{"line_number":50,"context_line":"    $ openstack zone create --email admin@test.net test.net."},{"line_number":51,"context_line":"    Invalid TLD"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"TLDs function much like an allowlist, in that if there are many TLDs then the"},{"line_number":54,"context_line":"zone must lie within one of the TLDs present. If no TLDs have been created in"},{"line_number":55,"context_line":"Designate, then users can create any zone. Unlike the blacklists feature, TLDs"},{"line_number":56,"context_line":"do not have a policy that allows priviliged users to create zones outside the"}],"source_content_type":"text/x-rst","patch_set":3,"id":"de6b8549_7a88be6f","line":53,"range":{"start_line":53,"start_character":14,"end_line":53,"end_character":19},"updated":"2021-06-11 16:22:47.000000000","message":"Suggestion: omit \"much.\"","commit_id":"f2a5f6c435409d9738dad8c591a807dca1175c8a"},{"author":{"_account_id":6994,"name":"Michael Chapman","email":"woppin@gmail.com","username":"michaeltchapman"},"change_message_id":"e2d33d6a0cfb8ca0a75f75eececf23159ed111d3","unresolved":false,"context_lines":[{"line_number":50,"context_line":"    $ openstack zone create --email admin@test.net test.net."},{"line_number":51,"context_line":"    Invalid TLD"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"TLDs function much like an allowlist, in that if there are many TLDs then the"},{"line_number":54,"context_line":"zone must lie within one of the TLDs present. If no TLDs have been created in"},{"line_number":55,"context_line":"Designate, then users can create any zone. Unlike the blacklists feature, TLDs"},{"line_number":56,"context_line":"do not have a policy that allows priviliged users to create zones outside the"}],"source_content_type":"text/x-rst","patch_set":3,"id":"eabfeb93_59c0f560","line":53,"range":{"start_line":53,"start_character":38,"end_line":53,"end_character":46},"in_reply_to":"b941cc1f_5c9738dd","updated":"2021-06-17 01:43:10.000000000","message":"Done","commit_id":"f2a5f6c435409d9738dad8c591a807dca1175c8a"},{"author":{"_account_id":6994,"name":"Michael Chapman","email":"woppin@gmail.com","username":"michaeltchapman"},"change_message_id":"e2d33d6a0cfb8ca0a75f75eececf23159ed111d3","unresolved":false,"context_lines":[{"line_number":50,"context_line":"    $ openstack zone create --email admin@test.net test.net."},{"line_number":51,"context_line":"    Invalid TLD"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"TLDs function much like an allowlist, in that if there are many TLDs then the"},{"line_number":54,"context_line":"zone must lie within one of the TLDs present. If no TLDs have been created in"},{"line_number":55,"context_line":"Designate, then users can create any zone. Unlike the blacklists feature, TLDs"},{"line_number":56,"context_line":"do not have a policy that allows priviliged users to create zones outside the"}],"source_content_type":"text/x-rst","patch_set":3,"id":"bc82f54a_83cb615b","line":53,"range":{"start_line":53,"start_character":14,"end_line":53,"end_character":19},"in_reply_to":"de6b8549_7a88be6f","updated":"2021-06-17 01:43:10.000000000","message":"Done","commit_id":"f2a5f6c435409d9738dad8c591a807dca1175c8a"},{"author":{"_account_id":31933,"name":"Greg Rakauskas","display_name":"Greg Rakauskas","email":"gregraka@redhat.com","username":"gregraka"},"change_message_id":"919f8cef4ed2be02171ea92aacda3793de265c73","unresolved":true,"context_lines":[{"line_number":51,"context_line":"    Invalid TLD"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"TLDs function much like an allowlist, in that if there are many TLDs then the"},{"line_number":54,"context_line":"zone must lie within one of the TLDs present. If no TLDs have been created in"},{"line_number":55,"context_line":"Designate, then users can create any zone. Unlike the blacklists feature, TLDs"},{"line_number":56,"context_line":"do not have a policy that allows priviliged users to create zones outside the"},{"line_number":57,"context_line":"allowed TLDs."}],"source_content_type":"text/x-rst","patch_set":3,"id":"9de1ef53_d695dcf0","line":54,"range":{"start_line":54,"start_character":37,"end_line":54,"end_character":44},"updated":"2021-06-11 16:22:47.000000000","message":"Suggestion: omit \"present.\"","commit_id":"f2a5f6c435409d9738dad8c591a807dca1175c8a"},{"author":{"_account_id":31933,"name":"Greg Rakauskas","display_name":"Greg Rakauskas","email":"gregraka@redhat.com","username":"gregraka"},"change_message_id":"919f8cef4ed2be02171ea92aacda3793de265c73","unresolved":true,"context_lines":[{"line_number":51,"context_line":"    Invalid TLD"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"TLDs function much like an allowlist, in that if there are many TLDs then the"},{"line_number":54,"context_line":"zone must lie within one of the TLDs present. If no TLDs have been created in"},{"line_number":55,"context_line":"Designate, then users can create any zone. Unlike the blacklists feature, TLDs"},{"line_number":56,"context_line":"do not have a policy that allows priviliged users to create zones outside the"},{"line_number":57,"context_line":"allowed TLDs."}],"source_content_type":"text/x-rst","patch_set":3,"id":"9dbfd747_ae757aeb","line":54,"range":{"start_line":54,"start_character":10,"end_line":54,"end_character":13},"updated":"2021-06-11 16:22:47.000000000","message":"Suggestion: swap \"lie\" for \"exist.\"","commit_id":"f2a5f6c435409d9738dad8c591a807dca1175c8a"},{"author":{"_account_id":6994,"name":"Michael Chapman","email":"woppin@gmail.com","username":"michaeltchapman"},"change_message_id":"e2d33d6a0cfb8ca0a75f75eececf23159ed111d3","unresolved":false,"context_lines":[{"line_number":51,"context_line":"    Invalid TLD"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"TLDs function much like an allowlist, in that if there are many TLDs then the"},{"line_number":54,"context_line":"zone must lie within one of the TLDs present. If no TLDs have been created in"},{"line_number":55,"context_line":"Designate, then users can create any zone. Unlike the blacklists feature, TLDs"},{"line_number":56,"context_line":"do not have a policy that allows priviliged users to create zones outside the"},{"line_number":57,"context_line":"allowed TLDs."}],"source_content_type":"text/x-rst","patch_set":3,"id":"aba78d3f_f9f98786","line":54,"range":{"start_line":54,"start_character":10,"end_line":54,"end_character":13},"in_reply_to":"9dbfd747_ae757aeb","updated":"2021-06-17 01:43:10.000000000","message":"Done","commit_id":"f2a5f6c435409d9738dad8c591a807dca1175c8a"},{"author":{"_account_id":6994,"name":"Michael Chapman","email":"woppin@gmail.com","username":"michaeltchapman"},"change_message_id":"e2d33d6a0cfb8ca0a75f75eececf23159ed111d3","unresolved":false,"context_lines":[{"line_number":51,"context_line":"    Invalid TLD"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"TLDs function much like an allowlist, in that if there are many TLDs then the"},{"line_number":54,"context_line":"zone must lie within one of the TLDs present. If no TLDs have been created in"},{"line_number":55,"context_line":"Designate, then users can create any zone. Unlike the blacklists feature, TLDs"},{"line_number":56,"context_line":"do not have a policy that allows priviliged users to create zones outside the"},{"line_number":57,"context_line":"allowed TLDs."}],"source_content_type":"text/x-rst","patch_set":3,"id":"e1064c5e_ac1dd8e9","line":54,"range":{"start_line":54,"start_character":37,"end_line":54,"end_character":44},"in_reply_to":"9de1ef53_d695dcf0","updated":"2021-06-17 01:43:10.000000000","message":"Done","commit_id":"f2a5f6c435409d9738dad8c591a807dca1175c8a"},{"author":{"_account_id":31933,"name":"Greg Rakauskas","display_name":"Greg Rakauskas","email":"gregraka@redhat.com","username":"gregraka"},"change_message_id":"919f8cef4ed2be02171ea92aacda3793de265c73","unresolved":true,"context_lines":[{"line_number":56,"context_line":"do not have a policy that allows priviliged users to create zones outside the"},{"line_number":57,"context_line":"allowed TLDs."},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"You can modify the values for a TLD using the set command. You can use either"},{"line_number":60,"context_line":"the name or the ID to specify which TLD to set. The current name of the TLD is"},{"line_number":61,"context_line":"used to identify it, so if you modify the name then subsequent set calls will"},{"line_number":62,"context_line":"need to use the new name."}],"source_content_type":"text/x-rst","patch_set":3,"id":"ea79790b_ae469dde","line":59,"range":{"start_line":59,"start_character":46,"end_line":59,"end_character":49},"updated":"2021-06-11 16:22:47.000000000","message":"Use backticks for actual commands: `set` command.","commit_id":"f2a5f6c435409d9738dad8c591a807dca1175c8a"},{"author":{"_account_id":31933,"name":"Greg Rakauskas","display_name":"Greg Rakauskas","email":"gregraka@redhat.com","username":"gregraka"},"change_message_id":"919f8cef4ed2be02171ea92aacda3793de265c73","unresolved":true,"context_lines":[{"line_number":58,"context_line":""},{"line_number":59,"context_line":"You can modify the values for a TLD using the set command. You can use either"},{"line_number":60,"context_line":"the name or the ID to specify which TLD to set. The current name of the TLD is"},{"line_number":61,"context_line":"used to identify it, so if you modify the name then subsequent set calls will"},{"line_number":62,"context_line":"need to use the new name."},{"line_number":63,"context_line":""},{"line_number":64,"context_line":".. code-block:: console"},{"line_number":65,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"0866ba18_a8f2b399","line":62,"range":{"start_line":61,"start_character":21,"end_line":62,"end_character":25},"updated":"2021-06-11 16:22:47.000000000","message":"Suggestion. Change to:\n\n\"...so if you modify the name subsequent `set` calls must use the new name.\"","commit_id":"f2a5f6c435409d9738dad8c591a807dca1175c8a"},{"author":{"_account_id":31933,"name":"Greg Rakauskas","display_name":"Greg Rakauskas","email":"gregraka@redhat.com","username":"gregraka"},"change_message_id":"919f8cef4ed2be02171ea92aacda3793de265c73","unresolved":true,"context_lines":[{"line_number":76,"context_line":"    $ openstack tld set org --description \u0027hello\u0027"},{"line_number":77,"context_line":"    Name example.net didn\u0027t resolve"},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"You can delete a TLD by providing either the ID or current name:"},{"line_number":80,"context_line":""},{"line_number":81,"context_line":".. code-block:: console"},{"line_number":82,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"ad9dca28_d56f71a9","line":79,"range":{"start_line":79,"start_character":51,"end_line":79,"end_character":52},"updated":"2021-06-11 16:22:47.000000000","message":"Nit: insert \"the\" before \"current name:\"","commit_id":"f2a5f6c435409d9738dad8c591a807dca1175c8a"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"51b7a66d0397e4214116a936455f9fdc9710029f","unresolved":true,"context_lines":[{"line_number":18,"context_line":"Managing Top Level Domain Names"},{"line_number":19,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"`System Administrators`_ can use top level domains (TLDs) to restrict the"},{"line_number":22,"context_line":"domains under which users can create zones. While in the Domain Name System"},{"line_number":23,"context_line":"the term \"TLD\" refers specifically to the set of domains that lie directly"},{"line_number":24,"context_line":"below the root, such as ``.org``, in Designate a TLD can be any domain."}],"source_content_type":"text/x-rst","patch_set":4,"id":"0304957b_dcca9eb2","line":21,"updated":"2021-06-16 05:22:29.000000000","message":"This may need a bit more clarification, it seems to be possible still perform all these actions as a \"normal\" project admin, no need to use any of these system roles (yet?).","commit_id":"49942addb6af9abde577b3b0b16544662fb1ddd3"},{"author":{"_account_id":6994,"name":"Michael Chapman","email":"woppin@gmail.com","username":"michaeltchapman"},"change_message_id":"e2d33d6a0cfb8ca0a75f75eececf23159ed111d3","unresolved":true,"context_lines":[{"line_number":18,"context_line":"Managing Top Level Domain Names"},{"line_number":19,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"`System Administrators`_ can use top level domains (TLDs) to restrict the"},{"line_number":22,"context_line":"domains under which users can create zones. While in the Domain Name System"},{"line_number":23,"context_line":"the term \"TLD\" refers specifically to the set of domains that lie directly"},{"line_number":24,"context_line":"below the root, such as ``.org``, in Designate a TLD can be any domain."}],"source_content_type":"text/x-rst","patch_set":4,"id":"b630515a_3b98f118","line":21,"in_reply_to":"0304957b_dcca9eb2","updated":"2021-06-17 01:43:10.000000000","message":"I see the policy tied to SYSTEM_ADMIN here, https://opendev.org/openstack/designate/src/branch/master/designate/common/policies/tld.py#L50 is there a bug we\u0027re not aware of? RBAC isn\u0027t that well tested I think.","commit_id":"49942addb6af9abde577b3b0b16544662fb1ddd3"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"c1add06b78f1ba75ad8755c5a5e711716ab3762b","unresolved":true,"context_lines":[{"line_number":18,"context_line":"Managing Top Level Domain Names"},{"line_number":19,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"`System Administrators`_ can use top level domains (TLDs) to restrict the"},{"line_number":22,"context_line":"domains under which users can create zones. While in the Domain Name System"},{"line_number":23,"context_line":"the term \"TLD\" refers specifically to the set of domains that lie directly"},{"line_number":24,"context_line":"below the root, such as ``.org``, in Designate a TLD can be any domain."}],"source_content_type":"text/x-rst","patch_set":4,"id":"cc3376e5_ada72f88","line":21,"in_reply_to":"b630515a_3b98f118","updated":"2021-06-17 07:47:07.000000000","message":"IIUC that\u0027s the deprecated policy that still seems to be in effect in parallel. https://opendev.org/openstack/designate/src/branch/master/designate/common/policies/tld.py#L25-L28\n\nbut yes, likely this isn\u0027t well tested, too. I\u0027ve seen some patches in devstack that intend to start using system roles, but I think we\u0027re not there yet.","commit_id":"49942addb6af9abde577b3b0b16544662fb1ddd3"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"51b7a66d0397e4214116a936455f9fdc9710029f","unresolved":true,"context_lines":[{"line_number":28,"context_line":""},{"line_number":29,"context_line":".. code-block:: console"},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"    $ openstack tld create --name org"},{"line_number":32,"context_line":"    +-------------+--------------------------------------+"},{"line_number":33,"context_line":"    | Field       | Value                                |"},{"line_number":34,"context_line":"    +-------------+--------------------------------------+"}],"source_content_type":"text/x-rst","patch_set":4,"id":"36e8ca3a_0f1d84a5","line":31,"updated":"2021-06-16 05:22:29.000000000","message":"Not directly related, but the UI for the tld things seems very broken. Like a single required argument should be positional, the above should not need the \"--name\" option. Also other options like \"--all-projects\" or \"--edit-managed\" don\u0027t make sense in this context.","commit_id":"49942addb6af9abde577b3b0b16544662fb1ddd3"},{"author":{"_account_id":6994,"name":"Michael Chapman","email":"woppin@gmail.com","username":"michaeltchapman"},"change_message_id":"e2d33d6a0cfb8ca0a75f75eececf23159ed111d3","unresolved":false,"context_lines":[{"line_number":28,"context_line":""},{"line_number":29,"context_line":".. code-block:: console"},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"    $ openstack tld create --name org"},{"line_number":32,"context_line":"    +-------------+--------------------------------------+"},{"line_number":33,"context_line":"    | Field       | Value                                |"},{"line_number":34,"context_line":"    +-------------+--------------------------------------+"}],"source_content_type":"text/x-rst","patch_set":4,"id":"8a416c49_1a504174","line":31,"in_reply_to":"36e8ca3a_0f1d84a5","updated":"2021-06-17 01:43:10.000000000","message":"1. I agree. I think ideally renaming to allowlist and using the same regex system as blacklist would be preferable. The existing API could would still work by creating an equivalent regex, but there would need to be a migration.\n\n2. I have a patch up removing --edit-managed from all the commands it shouldn\u0027t be there for. It\u0027s currently an option for every command.\n\n3. I\u0027ll do the same for --all-projects.","commit_id":"49942addb6af9abde577b3b0b16544662fb1ddd3"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"51b7a66d0397e4214116a936455f9fdc9710029f","unresolved":true,"context_lines":[{"line_number":50,"context_line":"    $ openstack zone create --email admin@test.net test.net."},{"line_number":51,"context_line":"    Invalid TLD"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"TLDs much like an allowlist: if there are many TLDs then the"},{"line_number":54,"context_line":"zone must exist within one of the TLDs. If no TLDs have been created in"},{"line_number":55,"context_line":"Designate, then users can create any zone. Unlike the blacklists feature, TLDs"},{"line_number":56,"context_line":"do not have a policy that allows priviliged users to create zones outside the"}],"source_content_type":"text/x-rst","patch_set":4,"id":"54dbdd64_246169ca","line":53,"range":{"start_line":53,"start_character":0,"end_line":53,"end_character":9},"updated":"2021-06-16 05:22:29.000000000","message":"\"TLDs are much ...\"?","commit_id":"49942addb6af9abde577b3b0b16544662fb1ddd3"},{"author":{"_account_id":6994,"name":"Michael Chapman","email":"woppin@gmail.com","username":"michaeltchapman"},"change_message_id":"e2d33d6a0cfb8ca0a75f75eececf23159ed111d3","unresolved":false,"context_lines":[{"line_number":50,"context_line":"    $ openstack zone create --email admin@test.net test.net."},{"line_number":51,"context_line":"    Invalid TLD"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"TLDs much like an allowlist: if there are many TLDs then the"},{"line_number":54,"context_line":"zone must exist within one of the TLDs. If no TLDs have been created in"},{"line_number":55,"context_line":"Designate, then users can create any zone. Unlike the blacklists feature, TLDs"},{"line_number":56,"context_line":"do not have a policy that allows priviliged users to create zones outside the"}],"source_content_type":"text/x-rst","patch_set":4,"id":"e66904bb_bd34a178","line":53,"range":{"start_line":53,"start_character":0,"end_line":53,"end_character":9},"in_reply_to":"54dbdd64_246169ca","updated":"2021-06-17 01:43:10.000000000","message":"Done","commit_id":"49942addb6af9abde577b3b0b16544662fb1ddd3"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"51b7a66d0397e4214116a936455f9fdc9710029f","unresolved":true,"context_lines":[{"line_number":52,"context_line":""},{"line_number":53,"context_line":"TLDs much like an allowlist: if there are many TLDs then the"},{"line_number":54,"context_line":"zone must exist within one of the TLDs. If no TLDs have been created in"},{"line_number":55,"context_line":"Designate, then users can create any zone. Unlike the blacklists feature, TLDs"},{"line_number":56,"context_line":"do not have a policy that allows priviliged users to create zones outside the"},{"line_number":57,"context_line":"allowed TLDs."},{"line_number":58,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"53ac72f7_3ab52f22","line":55,"range":{"start_line":55,"start_character":54,"end_line":55,"end_character":64},"updated":"2021-06-16 05:22:29.000000000","message":"denylist? not sure we\u0027ve changed the terms yet, though","commit_id":"49942addb6af9abde577b3b0b16544662fb1ddd3"},{"author":{"_account_id":6994,"name":"Michael Chapman","email":"woppin@gmail.com","username":"michaeltchapman"},"change_message_id":"e2d33d6a0cfb8ca0a75f75eececf23159ed111d3","unresolved":false,"context_lines":[{"line_number":52,"context_line":""},{"line_number":53,"context_line":"TLDs much like an allowlist: if there are many TLDs then the"},{"line_number":54,"context_line":"zone must exist within one of the TLDs. If no TLDs have been created in"},{"line_number":55,"context_line":"Designate, then users can create any zone. Unlike the blacklists feature, TLDs"},{"line_number":56,"context_line":"do not have a policy that allows priviliged users to create zones outside the"},{"line_number":57,"context_line":"allowed TLDs."},{"line_number":58,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"fa95c641_798cb98f","line":55,"range":{"start_line":55,"start_character":54,"end_line":55,"end_character":64},"in_reply_to":"53ac72f7_3ab52f22","updated":"2021-06-17 01:43:10.000000000","message":"It\u0027s another bug we\u0027re tracking but it\u0027s a bigger body of work so I\u0027m leaving the doc until the API and client have been moved over with a redirect to denylist.","commit_id":"49942addb6af9abde577b3b0b16544662fb1ddd3"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"51b7a66d0397e4214116a936455f9fdc9710029f","unresolved":true,"context_lines":[{"line_number":70,"context_line":"    | created_at  | 2021-06-10T05:20:16.000000           |"},{"line_number":71,"context_line":"    | description |                                      |"},{"line_number":72,"context_line":"    | id          | 9fd0a12d-511e-4024-bf76-6ec2e3e71edd |"},{"line_number":73,"context_line":"    | name        | org                                  |"},{"line_number":74,"context_line":"    | updated_at  | 2021-06-10T07:09:45.000000           |"},{"line_number":75,"context_line":"    +-------------+--------------------------------------+"},{"line_number":76,"context_line":"    $ openstack tld set org --description \u0027hello\u0027"}],"source_content_type":"text/x-rst","patch_set":4,"id":"9202c778_6b44ac7d","line":73,"updated":"2021-06-16 05:22:29.000000000","message":"Shouldn\u0027t this show the new name already instead of the old one?\nAlso I don\u0027t understand what the effect will be. Existing .org zones will continue to exist, but new creations will only work with example.net?","commit_id":"49942addb6af9abde577b3b0b16544662fb1ddd3"},{"author":{"_account_id":6994,"name":"Michael Chapman","email":"woppin@gmail.com","username":"michaeltchapman"},"change_message_id":"e2d33d6a0cfb8ca0a75f75eececf23159ed111d3","unresolved":false,"context_lines":[{"line_number":70,"context_line":"    | created_at  | 2021-06-10T05:20:16.000000           |"},{"line_number":71,"context_line":"    | description |                                      |"},{"line_number":72,"context_line":"    | id          | 9fd0a12d-511e-4024-bf76-6ec2e3e71edd |"},{"line_number":73,"context_line":"    | name        | org                                  |"},{"line_number":74,"context_line":"    | updated_at  | 2021-06-10T07:09:45.000000           |"},{"line_number":75,"context_line":"    +-------------+--------------------------------------+"},{"line_number":76,"context_line":"    $ openstack tld set org --description \u0027hello\u0027"}],"source_content_type":"text/x-rst","patch_set":4,"id":"2da46782_64adf4bd","line":73,"in_reply_to":"9202c778_6b44ac7d","updated":"2021-06-17 01:43:10.000000000","message":"Done and yes that is the effect. No retroactive enforcement.","commit_id":"49942addb6af9abde577b3b0b16544662fb1ddd3"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"51b7a66d0397e4214116a936455f9fdc9710029f","unresolved":true,"context_lines":[{"line_number":74,"context_line":"    | updated_at  | 2021-06-10T07:09:45.000000           |"},{"line_number":75,"context_line":"    +-------------+--------------------------------------+"},{"line_number":76,"context_line":"    $ openstack tld set org --description \u0027hello\u0027"},{"line_number":77,"context_line":"    Name example.net didn\u0027t resolve"},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"You can delete a TLD by providing either the ID or the current name:"},{"line_number":80,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"0d3ccea7_c3c95f00","line":77,"updated":"2021-06-16 05:22:29.000000000","message":"That\u0027s kind of the expected behaviour for any object, that if you change it\u0027s name, afterwards you need to refer to it by the new name. So I don\u0027t understand why this is worth an explicit example.","commit_id":"49942addb6af9abde577b3b0b16544662fb1ddd3"},{"author":{"_account_id":6994,"name":"Michael Chapman","email":"woppin@gmail.com","username":"michaeltchapman"},"change_message_id":"e2d33d6a0cfb8ca0a75f75eececf23159ed111d3","unresolved":false,"context_lines":[{"line_number":74,"context_line":"    | updated_at  | 2021-06-10T07:09:45.000000           |"},{"line_number":75,"context_line":"    +-------------+--------------------------------------+"},{"line_number":76,"context_line":"    $ openstack tld set org --description \u0027hello\u0027"},{"line_number":77,"context_line":"    Name example.net didn\u0027t resolve"},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"You can delete a TLD by providing either the ID or the current name:"},{"line_number":80,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"1256679a_fba1dc2c","line":77,"in_reply_to":"0d3ccea7_c3c95f00","updated":"2021-06-17 01:43:10.000000000","message":"Done","commit_id":"49942addb6af9abde577b3b0b16544662fb1ddd3"}]}