)]}'
{"neutron/services/externaldns/drivers/designate/driver.py":[{"author":{"_account_id":16688,"name":"Rodolfo Alonso","email":"ralonsoh@redhat.com","username":"rodolfo-alonso-hernandez"},"change_message_id":"5c028ca08a69472a99e95a9ffe1cadfe5183c527","unresolved":false,"context_lines":[{"line_number":177,"context_line":"        try:"},{"line_number":178,"context_line":"            recordsets \u003d designate_client.recordsets.list("},{"line_number":179,"context_line":"                dns_domain, criterion\u003d{\"name\": \"%s\" % name})"},{"line_number":180,"context_line":"        except (d_exc.NotFound, d_exc.Forbidden):"},{"line_number":181,"context_line":"            raise dns_exc.DNSDomainNotFound(dns_domain\u003ddns_domain)"},{"line_number":182,"context_line":"        ids \u003d [rec[\u0027id\u0027] for rec in recordsets]"},{"line_number":183,"context_line":"        ips \u003d [str(ip) for rec in recordsets for ip in rec[\u0027records\u0027]]"}],"source_content_type":"text/x-python","patch_set":1,"id":"9f560f44_767e851b","line":180,"range":{"start_line":180,"start_character":31,"end_line":180,"end_character":47},"updated":"2020-09-23 13:43:04.000000000","message":"Please, correct me if I\u0027m wrong. This should happen only when this is called from L157-158, but not from L162-163.\n\nAnyway, I agree with this change.","commit_id":"4480fa576410e2303a3be7240072dc917e56b77b"},{"author":{"_account_id":9542,"name":"Pavlo Shchelokovskyy","email":"pshchelokovskyy@mirantis.com","username":"pshchelo"},"change_message_id":"7a3f715e36cf3cc55bc8a487083ae5a54d3b88dc","unresolved":false,"context_lines":[{"line_number":177,"context_line":"        try:"},{"line_number":178,"context_line":"            recordsets \u003d designate_client.recordsets.list("},{"line_number":179,"context_line":"                dns_domain, criterion\u003d{\"name\": \"%s\" % name})"},{"line_number":180,"context_line":"        except (d_exc.NotFound, d_exc.Forbidden):"},{"line_number":181,"context_line":"            raise dns_exc.DNSDomainNotFound(dns_domain\u003ddns_domain)"},{"line_number":182,"context_line":"        ids \u003d [rec[\u0027id\u0027] for rec in recordsets]"},{"line_number":183,"context_line":"        ips \u003d [str(ip) for rec in recordsets for ip in rec[\u0027records\u0027]]"}],"source_content_type":"text/x-python","patch_set":1,"id":"9f560f44_1b8f5623","line":180,"range":{"start_line":180,"start_character":31,"end_line":180,"end_character":47},"in_reply_to":"9f560f44_767e851b","updated":"2020-09-24 11:54:50.000000000","message":"no, the other way around, that happens when the \u0027all-projects\u0027 client is used with a non-admin token (L162).\n\napprox scenario:\n\n- VM is assigned FIP and that has a record in a certain zone in Designate created\n- zone in designate is deleted out of band\n- ordinary user tries to delete such VM that has floating IP assigned\n- L157 tries to find the zone (resolve name to uuid) using ordinary user\u0027s auth and tenant-scoped request\n- L157 raises DNSDomainNotFound\n- L162 tries the same auth, but now with \"all-projects\" request\n- as the ordinary user lacks privileges to make such requests, Designateclient raises Forbidden, which, if uncaught, bubbles up to the 500 from Neutron\n- VM is not deleted and is in ERROR state","commit_id":"4480fa576410e2303a3be7240072dc917e56b77b"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"0e77ed72e2edeb66cf714198ad0a93243594581d","unresolved":true,"context_lines":[{"line_number":159,"context_line":"        except dns_exc.DNSDomainNotFound:"},{"line_number":160,"context_line":"            # Try whether we have admin powers and can see all projects"},{"line_number":161,"context_line":"            client \u003d get_all_projects_client(context)"},{"line_number":162,"context_line":"            ids_to_delete \u003d self._get_ids_ips_to_delete("},{"line_number":163,"context_line":"                dns_domain, \u0027%s.%s\u0027 % (dns_name, dns_domain), records, client)"},{"line_number":164,"context_line":""},{"line_number":165,"context_line":"        for _id in ids_to_delete:"},{"line_number":166,"context_line":"            client.recordsets.delete(dns_domain, _id)"}],"source_content_type":"text/x-python","patch_set":3,"id":"562c9fc6_c276f59a","line":163,"range":{"start_line":162,"start_character":12,"end_line":163,"end_character":78},"updated":"2020-11-24 13:09:01.000000000","message":"Maybe better handle the NotFound exception here? I\u0027m also not sure that the\nDNSDomainNotFound exception would be handled properly here, I guess that would need another try: clause anyway.","commit_id":"71e08b88135419f80b1972b68f6cff3248059969"}]}