)]}'
{"neutron/services/externaldns/drivers/designate/driver.py":[{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"19ae7a8f515554472b17dd7e667c39c700557402","unresolved":false,"context_lines":[{"line_number":150,"context_line":"    def delete_record_set(self, context, dns_domain, dns_name, records):"},{"line_number":151,"context_line":"        designate, designate_admin \u003d get_clients(context)"},{"line_number":152,"context_line":"        ids_to_delete \u003d self._get_ids_ips_to_delete("},{"line_number":153,"context_line":"            dns_domain, \u0027%s.%s\u0027 % (dns_name, dns_domain), records, designate_admin)"},{"line_number":154,"context_line":"        for _id in ids_to_delete:"},{"line_number":155,"context_line":"            designate_admin.recordsets.delete(dns_domain, _id)"},{"line_number":156,"context_line":"        if not CONF.designate.allow_reverse_dns_lookup:"}],"source_content_type":"text/x-python","patch_set":1,"id":"ff570b3c_38254cc3","line":153,"updated":"2020-05-15 11:41:21.000000000","message":"pep8: E501 line too long (83 \u003e 79 characters)","commit_id":"3997acbdfab9cf0a26eb2864f2a0f38607530043"},{"author":{"_account_id":16688,"name":"Rodolfo Alonso","email":"ralonsoh@redhat.com","username":"rodolfo-alonso-hernandez"},"change_message_id":"40340db74253fc541005fac7056bc6afa4c44d1c","unresolved":false,"context_lines":[{"line_number":47,"context_line":""},{"line_number":48,"context_line":"    auth \u003d token_endpoint.Token(CONF.designate.url, context.auth_token)"},{"line_number":49,"context_line":"    client \u003d d_client.Client(session\u003d_SESSION, auth\u003dauth)"},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"    if CONF.designate.auth_type:"},{"line_number":52,"context_line":"        admin_auth \u003d loading.load_auth_from_conf_options("},{"line_number":53,"context_line":"            CONF, \u0027designate\u0027)"}],"source_content_type":"text/x-python","patch_set":2,"id":"ff570b3c_c9fdf66e","line":50,"updated":"2020-06-05 11:55:04.000000000","message":"nit: not related","commit_id":"d0f197c9ad6da4f408ca34f0388ac8a7cb3cdf8e"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"494d6eef5b0f66cdda91b7a45a5565d37d05237b","unresolved":false,"context_lines":[{"line_number":47,"context_line":""},{"line_number":48,"context_line":"    auth \u003d token_endpoint.Token(CONF.designate.url, context.auth_token)"},{"line_number":49,"context_line":"    client \u003d d_client.Client(session\u003d_SESSION, auth\u003dauth)"},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"    if CONF.designate.auth_type:"},{"line_number":52,"context_line":"        admin_auth \u003d loading.load_auth_from_conf_options("},{"line_number":53,"context_line":"            CONF, \u0027designate\u0027)"}],"source_content_type":"text/x-python","patch_set":2,"id":"ff570b3c_7f961cf2","line":50,"in_reply_to":"ff570b3c_c9fdf66e","updated":"2020-06-05 12:22:03.000000000","message":"Yes, will fix in next iteration.","commit_id":"d0f197c9ad6da4f408ca34f0388ac8a7cb3cdf8e"},{"author":{"_account_id":16688,"name":"Rodolfo Alonso","email":"ralonsoh@redhat.com","username":"rodolfo-alonso-hernandez"},"change_message_id":"40340db74253fc541005fac7056bc6afa4c44d1c","unresolved":false,"context_lines":[{"line_number":159,"context_line":"                dns_domain, \u0027%s.%s\u0027 % (dns_name, dns_domain), records, client)"},{"line_number":160,"context_line":"        except dns_exc.DNSDomainNotFound:"},{"line_number":161,"context_line":"            # Try whether we have admin powers and can see all projects"},{"line_number":162,"context_line":"            client \u003d get_all_projects_client(context)"},{"line_number":163,"context_line":"            ids_to_delete \u003d self._get_ids_ips_to_delete("},{"line_number":164,"context_line":"                dns_domain, \u0027%s.%s\u0027 % (dns_name, dns_domain), records, client)"},{"line_number":165,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"ff570b3c_5fc07850","line":162,"range":{"start_line":162,"start_character":12,"end_line":162,"end_character":53},"updated":"2020-06-05 11:55:04.000000000","message":"Why don\u0027t you use the admin_client?","commit_id":"d0f197c9ad6da4f408ca34f0388ac8a7cb3cdf8e"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"ee972308a88e90bb96506289de70fcb2f0d1c05f","unresolved":false,"context_lines":[{"line_number":159,"context_line":"                dns_domain, \u0027%s.%s\u0027 % (dns_name, dns_domain), records, client)"},{"line_number":160,"context_line":"        except dns_exc.DNSDomainNotFound:"},{"line_number":161,"context_line":"            # Try whether we have admin powers and can see all projects"},{"line_number":162,"context_line":"            client \u003d get_all_projects_client(context)"},{"line_number":163,"context_line":"            ids_to_delete \u003d self._get_ids_ips_to_delete("},{"line_number":164,"context_line":"                dns_domain, \u0027%s.%s\u0027 % (dns_name, dns_domain), records, client)"},{"line_number":165,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"ff570b3c_3a02e1bb","line":162,"range":{"start_line":162,"start_character":12,"end_line":162,"end_character":53},"in_reply_to":"ff570b3c_19c292e9","updated":"2020-06-07 20:20:31.000000000","message":"Ok, I think I understand now.","commit_id":"d0f197c9ad6da4f408ca34f0388ac8a7cb3cdf8e"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"494d6eef5b0f66cdda91b7a45a5565d37d05237b","unresolved":false,"context_lines":[{"line_number":159,"context_line":"                dns_domain, \u0027%s.%s\u0027 % (dns_name, dns_domain), records, client)"},{"line_number":160,"context_line":"        except dns_exc.DNSDomainNotFound:"},{"line_number":161,"context_line":"            # Try whether we have admin powers and can see all projects"},{"line_number":162,"context_line":"            client \u003d get_all_projects_client(context)"},{"line_number":163,"context_line":"            ids_to_delete \u003d self._get_ids_ips_to_delete("},{"line_number":164,"context_line":"                dns_domain, \u0027%s.%s\u0027 % (dns_name, dns_domain), records, client)"},{"line_number":165,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"ff570b3c_7f645c22","line":162,"range":{"start_line":162,"start_character":12,"end_line":162,"end_character":53},"in_reply_to":"ff570b3c_5fc07850","updated":"2020-06-05 12:22:03.000000000","message":"The \"admin\" client in a normal deployment doesn\u0027t actually have admin powers, so it cannot use the \"all-projects\" option. I tried that in an earlier iteration. It is just a unique client used to handle the PTR zones. Maybe we could rename it to something less confusing, but that would be unrelated. And changing the deployment requirements doesn\u0027t seem necessary as the current solution does work fine it seems.\n\nAlso note that we cannot figure out whether the all-projects option is valid during client creation, it will only fail later when an actual zone or recordset operation is performed.","commit_id":"d0f197c9ad6da4f408ca34f0388ac8a7cb3cdf8e"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"00b5bbf9e461c265c33d85e21c5584f12660fc3f","unresolved":false,"context_lines":[{"line_number":159,"context_line":"                dns_domain, \u0027%s.%s\u0027 % (dns_name, dns_domain), records, client)"},{"line_number":160,"context_line":"        except dns_exc.DNSDomainNotFound:"},{"line_number":161,"context_line":"            # Try whether we have admin powers and can see all projects"},{"line_number":162,"context_line":"            client \u003d get_all_projects_client(context)"},{"line_number":163,"context_line":"            ids_to_delete \u003d self._get_ids_ips_to_delete("},{"line_number":164,"context_line":"                dns_domain, \u0027%s.%s\u0027 % (dns_name, dns_domain), records, client)"},{"line_number":165,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"ff570b3c_da1db60f","line":162,"range":{"start_line":162,"start_character":12,"end_line":162,"end_character":53},"in_reply_to":"ff570b3c_7f645c22","updated":"2020-06-05 12:47:18.000000000","message":"I have 2 questions about that:\n\n1. Why do we need first to try to delete it with \"regular\" user? Can\u0027t we just use this \"all_projects_client\" always?\n\n2. I\u0027m not sure if I really understand the problem. From LP I understood that regular user (say \"user_1\") creates server and then dns record is created the zone which belongs to user_1\u0027s tenant. And if then such server will be deleted by admin user (so user who has got privilege to see and delete not own server for example), why it can\u0027t see this zone in Designate?","commit_id":"d0f197c9ad6da4f408ca34f0388ac8a7cb3cdf8e"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"d21c6fcabe4cc327bbd95de816ac4ea83017f4f4","unresolved":false,"context_lines":[{"line_number":159,"context_line":"                dns_domain, \u0027%s.%s\u0027 % (dns_name, dns_domain), records, client)"},{"line_number":160,"context_line":"        except dns_exc.DNSDomainNotFound:"},{"line_number":161,"context_line":"            # Try whether we have admin powers and can see all projects"},{"line_number":162,"context_line":"            client \u003d get_all_projects_client(context)"},{"line_number":163,"context_line":"            ids_to_delete \u003d self._get_ids_ips_to_delete("},{"line_number":164,"context_line":"                dns_domain, \u0027%s.%s\u0027 % (dns_name, dns_domain), records, client)"},{"line_number":165,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"ff570b3c_19c292e9","line":162,"range":{"start_line":162,"start_character":12,"end_line":162,"end_character":53},"in_reply_to":"ff570b3c_da1db60f","updated":"2020-06-06 09:57:25.000000000","message":"\u003e 1. Why do we need first to try to delete it with \"regular\" user?\n \u003e Can\u0027t we just use this \"all_projects_client\" always?\n\nNo, the \"all-projects\" option can only be used by an admin, it fails with an error for a normal client.\n\n \u003e 2. I\u0027m not sure if I really understand the problem. From LP I\n \u003e understood that regular user (say \"user_1\") creates server and then\n \u003e dns record is created the zone which belongs to user_1\u0027s tenant.\n \u003e And if then such server will be deleted by admin user (so user who\n \u003e has got privilege to see and delete not own server for example),\n \u003e why it can\u0027t see this zone in Designate?\n\nIt can see that zone only when adding the \"all-projects\" option to the query. This is similar to a \"server list\"which  will only list servers in the admin project even for an admin, they need to run \"server list --all-projects\" in order to see every server.\n\nThe one thing that I agree is a bit strange in the designate interface is that this is an option on client creation, not for the actual query, which makes handling this rather clumsy. One can successfully create an all_projects_client even for a normal user, but it will fail on the first query executed. Thus my approach here is to only try this once the \"normal\" client has failed.","commit_id":"d0f197c9ad6da4f408ca34f0388ac8a7cb3cdf8e"},{"author":{"_account_id":16688,"name":"Rodolfo Alonso","email":"ralonsoh@redhat.com","username":"rodolfo-alonso-hernandez"},"change_message_id":"28fb1f3e52b0dc5c7d3771b131d111642373d11b","unresolved":false,"context_lines":[{"line_number":157,"context_line":"            ids_to_delete \u003d self._get_ids_ips_to_delete("},{"line_number":158,"context_line":"                dns_domain, \u0027%s.%s\u0027 % (dns_name, dns_domain), records, client)"},{"line_number":159,"context_line":"        except dns_exc.DNSDomainNotFound:"},{"line_number":160,"context_line":"            # Try whether we have admin powers and can see all projects"},{"line_number":161,"context_line":"            client \u003d get_all_projects_client(context)"},{"line_number":162,"context_line":"            ids_to_delete \u003d self._get_ids_ips_to_delete("},{"line_number":163,"context_line":"                dns_domain, \u0027%s.%s\u0027 % (dns_name, dns_domain), records, client)"}],"source_content_type":"text/x-python","patch_set":4,"id":"bf51134e_032a8d2a","line":160,"updated":"2020-07-09 08:46:59.000000000","message":"+1 Thanks for the explanation in IRC","commit_id":"622714b63e08feaba4e81d218541319d2ffada30"}]}