)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":31664,"name":"Omer Schwartz","email":"oschwart@redhat.com","username":"oschwart"},"change_message_id":"96db712e3d361613b664317d04d5af28e54fd774","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"bd45f5c6_f58d46c6","updated":"2026-04-27 15:51:44.000000000","message":"recheck most neutron-tempest-plugin-designate-scenario failures are timeouts, they are not related to the patch as far as I can tell","commit_id":"2e3968287fb3439a8b3a0d2388dbc475b3249f43"},{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"5817671acaf1adaa77c4237e86bdcd6a9ddad1a2","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"787e20ad_92d5ffab","updated":"2026-04-27 15:27:38.000000000","message":"tempest failures look related","commit_id":"2e3968287fb3439a8b3a0d2388dbc475b3249f43"},{"author":{"_account_id":31664,"name":"Omer Schwartz","email":"oschwart@redhat.com","username":"oschwart"},"change_message_id":"346647540d17ee094dd979fba0ad44950f8514f5","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"6aaa0000_a232e252","updated":"2026-04-28 09:51:35.000000000","message":"It might be a good opportunity to mention that I think we should rework lots of stuff regarding the DNS integration, I heard good feedback in the last Designate PTG about other contributors who reworked that neutron driver and got to a scale of million records without issues. We have issues sometimes with 3 PTR records on our u/s CI tests.","commit_id":"64fd0812e751e7f6173b812c51089873180d159a"},{"author":{"_account_id":31664,"name":"Omer Schwartz","email":"oschwart@redhat.com","username":"oschwart"},"change_message_id":"4fbf1d27e064906f4f8a657d7a45e25105c59b5a","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"0e26cc1b_7d27013c","updated":"2026-04-28 11:40:43.000000000","message":"Meanwhile I reverted it to the same changes as PS2","commit_id":"d8aa644d71ee22562e8a77c4e9e28fe52e88b6b5"}],"neutron/services/externaldns/drivers/designate/driver.py":[{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"22d87f40755d3dc3b249ce85a67ed279ac6e2dcd","unresolved":true,"context_lines":[{"line_number":153,"context_line":"            try:"},{"line_number":154,"context_line":"                client.recordsets.delete(dns_domain, _id)"},{"line_number":155,"context_line":"            except d_exc.BadRequest:"},{"line_number":156,"context_line":"                admin_client.recordsets.delete(dns_domain, _id)"},{"line_number":157,"context_line":"        if not CONF.designate.allow_reverse_dns_lookup:"},{"line_number":158,"context_line":"            return"},{"line_number":159,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"aa51cade_8d68001f","line":156,"updated":"2026-04-27 17:46:02.000000000","message":"IMO, we should make a single call with the admin client if we\u0027re going to fall-back to it anyway, as the lookup above with the regular client should have returned only the items we want to delete. Curious what other reviewers think.","commit_id":"a39dce13e8e09235193f326987d9bfa14b073601"},{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"f88882995cc979ea898d5ea848ca98da05dd6299","unresolved":false,"context_lines":[{"line_number":153,"context_line":"            try:"},{"line_number":154,"context_line":"                client.recordsets.delete(dns_domain, _id)"},{"line_number":155,"context_line":"            except d_exc.BadRequest:"},{"line_number":156,"context_line":"                admin_client.recordsets.delete(dns_domain, _id)"},{"line_number":157,"context_line":"        if not CONF.designate.allow_reverse_dns_lookup:"},{"line_number":158,"context_line":"            return"},{"line_number":159,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"8bb4a6d0_64caef43","line":156,"in_reply_to":"2bfaeb7a_9a5e4675","updated":"2026-05-01 22:37:39.000000000","message":"Thanks for the explanation, makes sense.","commit_id":"a39dce13e8e09235193f326987d9bfa14b073601"},{"author":{"_account_id":38651,"name":"Taavi Ansper","display_name":"TafkaMax","email":"taaviansperr@gmail.com","username":"taaviansper"},"change_message_id":"3de60e4e0cfacb6af0109528cf56b00cb7d7c55d","unresolved":true,"context_lines":[{"line_number":153,"context_line":"            try:"},{"line_number":154,"context_line":"                client.recordsets.delete(dns_domain, _id)"},{"line_number":155,"context_line":"            except d_exc.BadRequest:"},{"line_number":156,"context_line":"                admin_client.recordsets.delete(dns_domain, _id)"},{"line_number":157,"context_line":"        if not CONF.designate.allow_reverse_dns_lookup:"},{"line_number":158,"context_line":"            return"},{"line_number":159,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"abed7e25_bcfff18e","line":156,"in_reply_to":"49c6734d_59d55431","updated":"2026-04-28 08:26:21.000000000","message":"I am not familiar with the code as much as you, but do I understand correctly that a normal client and admin client are both spawned no-matter if an regular user or an admin user is the initiating user? Just some commands require admin privileges?\n\nE.g. In horizon an regular user with member role does to release the floating ip he can do it because underneath an admin client is also spawned for these kinds of interactions.","commit_id":"a39dce13e8e09235193f326987d9bfa14b073601"},{"author":{"_account_id":31664,"name":"Omer Schwartz","email":"oschwart@redhat.com","username":"oschwart"},"change_message_id":"3c0c5ce18ba6fe6939b251e19cbba75825c535e0","unresolved":true,"context_lines":[{"line_number":153,"context_line":"            try:"},{"line_number":154,"context_line":"                client.recordsets.delete(dns_domain, _id)"},{"line_number":155,"context_line":"            except d_exc.BadRequest:"},{"line_number":156,"context_line":"                admin_client.recordsets.delete(dns_domain, _id)"},{"line_number":157,"context_line":"        if not CONF.designate.allow_reverse_dns_lookup:"},{"line_number":158,"context_line":"            return"},{"line_number":159,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"49c6734d_59d55431","line":156,"in_reply_to":"aa51cade_8d68001f","updated":"2026-04-27 21:07:26.000000000","message":"Hmm after the last edit, I removed the edit_managed\u003dTrue from the non admin client, which is (using a client without edit_managed\u003dTrue) the reason for the bug from the first place, so it doesn\u0027t make sense that I will use the non-admin client at all. I should just use the admin one.\nThanks","commit_id":"a39dce13e8e09235193f326987d9bfa14b073601"},{"author":{"_account_id":31664,"name":"Omer Schwartz","email":"oschwart@redhat.com","username":"oschwart"},"change_message_id":"346647540d17ee094dd979fba0ad44950f8514f5","unresolved":true,"context_lines":[{"line_number":153,"context_line":"            try:"},{"line_number":154,"context_line":"                client.recordsets.delete(dns_domain, _id)"},{"line_number":155,"context_line":"            except d_exc.BadRequest:"},{"line_number":156,"context_line":"                admin_client.recordsets.delete(dns_domain, _id)"},{"line_number":157,"context_line":"        if not CONF.designate.allow_reverse_dns_lookup:"},{"line_number":158,"context_line":"            return"},{"line_number":159,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"f3d9db67_c93e2555","line":156,"in_reply_to":"abed7e25_bcfff18e","updated":"2026-04-28 09:51:35.000000000","message":"get_clients() always creates both:\n                                                                                                                                                                             \nA regular / normal client using the user\u0027s auth token — it can only see zones owned by that user/project.\n\nAn admin client using admin credentials from Neutron\u0027s config — it has now edit_managed\u003dTrue, but it can only see zones in its own project scope (no all_projects\u003dTrue).                                                                                                                                  \n   \nIn PS3 I tried using only the admin client, but it fails the designate-scenario tempest job because the admin client can\u0027t access zones owned by the user\u0027s project — so recordsets.list() raised NotFound.\n                                                                                                                                                                             \nI am considering a few alternatives:                                                                                                                                           \n   \n1. Add all_projects\u003dTrue to the admin client — it could then see all zones and delete managed records, but I don\u0027t know if we want to go with that approach.\n\n2. Check the managed field on each recordset before choosing which client to use, but that will add complexity and probably will require more changes.                                                                                                                                  \n\n3. Try user client first, fall back to admin on BadRequest (PS2 approach) — respects least privilege, admin credentials are only used when actually needed.\n\nWe saw in PS2 that #3 passed CI, and I think it is the least complicated + privileged approach. But it will cost between 1-2 calls.\n\nI\u0027d be happy to hear your opinions, thanks.","commit_id":"a39dce13e8e09235193f326987d9bfa14b073601"},{"author":{"_account_id":38651,"name":"Taavi Ansper","display_name":"TafkaMax","email":"taaviansperr@gmail.com","username":"taaviansper"},"change_message_id":"14e66041bb823eadc5ab62a97b8e92f0e02d5938","unresolved":true,"context_lines":[{"line_number":153,"context_line":"            try:"},{"line_number":154,"context_line":"                client.recordsets.delete(dns_domain, _id)"},{"line_number":155,"context_line":"            except d_exc.BadRequest:"},{"line_number":156,"context_line":"                admin_client.recordsets.delete(dns_domain, _id)"},{"line_number":157,"context_line":"        if not CONF.designate.allow_reverse_dns_lookup:"},{"line_number":158,"context_line":"            return"},{"line_number":159,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"2bfaeb7a_9a5e4675","line":156,"in_reply_to":"f3d9db67_c93e2555","updated":"2026-04-28 10:32:53.000000000","message":"I trust your take on this, as you are more knowledgable. I think for safety the 3rd approach seems OK with some performance hit. \n\nFor future if there is plan to work the DNS integration it might not be suitable to make the current logic much more complex, e.g. change 2.\n\nAlso regarding point 1. it might take a lot more time to query for information for all records from all projects so the calls in 3. might balance out the performance?","commit_id":"a39dce13e8e09235193f326987d9bfa14b073601"},{"author":{"_account_id":16688,"name":"Rodolfo Alonso","email":"ralonsoh@redhat.com","username":"rodolfo-alonso-hernandez"},"change_message_id":"1e7c22d2a52f04356f71daa4e3042f8807254005","unresolved":true,"context_lines":[{"line_number":152,"context_line":"        for _id in ids_to_delete:"},{"line_number":153,"context_line":"            try:"},{"line_number":154,"context_line":"                client.recordsets.delete(dns_domain, _id)"},{"line_number":155,"context_line":"            except d_exc.BadRequest:"},{"line_number":156,"context_line":"                admin_client.recordsets.delete(dns_domain, _id)"},{"line_number":157,"context_line":"        if not CONF.designate.allow_reverse_dns_lookup:"},{"line_number":158,"context_line":"            return"},{"line_number":159,"context_line":""}],"source_content_type":"text/x-python","patch_set":4,"id":"9d494d6d_628c83bd","line":156,"range":{"start_line":155,"start_character":12,"end_line":156,"end_character":63},"updated":"2026-05-04 08:44:18.000000000","message":"Why not directly using the `admin_client`?","commit_id":"d8aa644d71ee22562e8a77c4e9e28fe52e88b6b5"},{"author":{"_account_id":31664,"name":"Omer Schwartz","email":"oschwart@redhat.com","username":"oschwart"},"change_message_id":"b0424c6a52ffe6fe3c7eb288b7ff6f40dc4c2ff4","unresolved":false,"context_lines":[{"line_number":152,"context_line":"        for _id in ids_to_delete:"},{"line_number":153,"context_line":"            try:"},{"line_number":154,"context_line":"                client.recordsets.delete(dns_domain, _id)"},{"line_number":155,"context_line":"            except d_exc.BadRequest:"},{"line_number":156,"context_line":"                admin_client.recordsets.delete(dns_domain, _id)"},{"line_number":157,"context_line":"        if not CONF.designate.allow_reverse_dns_lookup:"},{"line_number":158,"context_line":"            return"},{"line_number":159,"context_line":""}],"source_content_type":"text/x-python","patch_set":4,"id":"88c0a657_7fffa92d","line":156,"range":{"start_line":155,"start_character":12,"end_line":156,"end_character":63},"in_reply_to":"13bad20c_0eaf527b","updated":"2026-05-07 12:37:31.000000000","message":"Done","commit_id":"d8aa644d71ee22562e8a77c4e9e28fe52e88b6b5"},{"author":{"_account_id":31664,"name":"Omer Schwartz","email":"oschwart@redhat.com","username":"oschwart"},"change_message_id":"d0c402c6308be4db3478921fee21e32ebd0b25f9","unresolved":true,"context_lines":[{"line_number":152,"context_line":"        for _id in ids_to_delete:"},{"line_number":153,"context_line":"            try:"},{"line_number":154,"context_line":"                client.recordsets.delete(dns_domain, _id)"},{"line_number":155,"context_line":"            except d_exc.BadRequest:"},{"line_number":156,"context_line":"                admin_client.recordsets.delete(dns_domain, _id)"},{"line_number":157,"context_line":"        if not CONF.designate.allow_reverse_dns_lookup:"},{"line_number":158,"context_line":"            return"},{"line_number":159,"context_line":""}],"source_content_type":"text/x-python","patch_set":4,"id":"13bad20c_0eaf527b","line":156,"range":{"start_line":155,"start_character":12,"end_line":156,"end_character":63},"in_reply_to":"63a4bc2d_a7d45557","updated":"2026-05-07 09:09:57.000000000","message":"Sounds good to me, I will add that comment, thanks.","commit_id":"d8aa644d71ee22562e8a77c4e9e28fe52e88b6b5"},{"author":{"_account_id":31664,"name":"Omer Schwartz","email":"oschwart@redhat.com","username":"oschwart"},"change_message_id":"4d1ee05bc5d06eb48a2019da2064a49f29ac03dc","unresolved":true,"context_lines":[{"line_number":152,"context_line":"        for _id in ids_to_delete:"},{"line_number":153,"context_line":"            try:"},{"line_number":154,"context_line":"                client.recordsets.delete(dns_domain, _id)"},{"line_number":155,"context_line":"            except d_exc.BadRequest:"},{"line_number":156,"context_line":"                admin_client.recordsets.delete(dns_domain, _id)"},{"line_number":157,"context_line":"        if not CONF.designate.allow_reverse_dns_lookup:"},{"line_number":158,"context_line":"            return"},{"line_number":159,"context_line":""}],"source_content_type":"text/x-python","patch_set":4,"id":"b462ce4d_fa00960c","line":156,"range":{"start_line":155,"start_character":12,"end_line":156,"end_character":63},"in_reply_to":"9d494d6d_628c83bd","updated":"2026-05-04 09:08:19.000000000","message":"Hi Rodolfo, I explained it here https://review.opendev.org/c/openstack/neutron/+/986349/comment/aa51cade_8d68001f/\n\nwith that being said, I am open for any feedback about it.","commit_id":"d8aa644d71ee22562e8a77c4e9e28fe52e88b6b5"},{"author":{"_account_id":16688,"name":"Rodolfo Alonso","email":"ralonsoh@redhat.com","username":"rodolfo-alonso-hernandez"},"change_message_id":"48d1cf2172d43eb0d602e93ef78c75afceb465c7","unresolved":true,"context_lines":[{"line_number":152,"context_line":"        for _id in ids_to_delete:"},{"line_number":153,"context_line":"            try:"},{"line_number":154,"context_line":"                client.recordsets.delete(dns_domain, _id)"},{"line_number":155,"context_line":"            except d_exc.BadRequest:"},{"line_number":156,"context_line":"                admin_client.recordsets.delete(dns_domain, _id)"},{"line_number":157,"context_line":"        if not CONF.designate.allow_reverse_dns_lookup:"},{"line_number":158,"context_line":"            return"},{"line_number":159,"context_line":""}],"source_content_type":"text/x-python","patch_set":4,"id":"63a4bc2d_a7d45557","line":156,"range":{"start_line":155,"start_character":12,"end_line":156,"end_character":63},"in_reply_to":"b462ce4d_fa00960c","updated":"2026-05-06 12:48:46.000000000","message":"Ok, I see. That should be documented inline in order to avoid, in a future, trying to merge both calls in one (admin). Same as you explained in your second comment would be nice.","commit_id":"d8aa644d71ee22562e8a77c4e9e28fe52e88b6b5"}]}