)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"d2f90fca79231952b7763257b3eed5cc25355b71","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"ab47374d_f5a96e3b","updated":"2026-02-11 22:50:06.000000000","message":"A couple of high level comments.\n1. We still have a rule in for IP protocol 51, that should probably be removed as we never used AH authentication with VRRP. That could be tech debt and postponed if we update it to use the remote group as well.\n2. I see that the VRRP IP protocol (112) is still open. Does neutron support remote_groups for IP level protocol rules as well?","commit_id":"9da00b96650b1c660406183c8b38a23a6892cd95"},{"author":{"_account_id":29244,"name":"Gregory Thiemonge","email":"gthiemon@redhat.com","username":"gthiemonge"},"change_message_id":"c29b6398eec08eb3483c04a5d06a75731ae7e6d6","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"85f0fe81_094b41f6","updated":"2026-01-28 09:27:26.000000000","message":"Can you also add a release note? (reno new topic)","commit_id":"9da00b96650b1c660406183c8b38a23a6892cd95"},{"author":{"_account_id":38562,"name":"Richard Cruise","email":"rcruise@redhat.com","username":"rcruise"},"change_message_id":"f0ee1705ad11b390b8adca0395a6d2651a1c7a5d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"226f8753_e201d343","in_reply_to":"ab47374d_f5a96e3b","updated":"2026-03-04 13:30:25.000000000","message":"These should be resolved now","commit_id":"9da00b96650b1c660406183c8b38a23a6892cd95"},{"author":{"_account_id":38562,"name":"Richard Cruise","email":"rcruise@redhat.com","username":"rcruise"},"change_message_id":"ca957fc318629b920dc138cde8611eebe8a54e2b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":8,"id":"f2c614ee_97a651e1","updated":"2026-03-19 11:11:28.000000000","message":"recheck intermittent failure on CI jobs","commit_id":"6688e5e6676089fc9ac826890ea70be520a53b50"},{"author":{"_account_id":38562,"name":"Richard Cruise","email":"rcruise@redhat.com","username":"rcruise"},"change_message_id":"0e728e53af9b2f8c676ba202e4e6a1ddf4a4fd9c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"e61f40b4_4e0cd1fd","updated":"2026-06-17 13:41:47.000000000","message":"Fixed some review comments","commit_id":"743230caa235084e6734eb465a023b08f029789f"}],"octavia/network/drivers/neutron/allowed_address_pairs.py":[{"author":{"_account_id":29244,"name":"Gregory Thiemonge","email":"gthiemon@redhat.com","username":"gthiemonge"},"change_message_id":"c28a92aaf7cc07a7da3ca5584cabbe517c627c29","unresolved":true,"context_lines":[{"line_number":199,"context_line":"        for peer_port in listener_peer_ports:"},{"line_number":200,"context_line":"            # This is a strange check, we need to check the first 3 elements"},{"line_number":201,"context_line":"            # aren\u0027t in the updated ports list"},{"line_number":202,"context_line":"            # We don\u0027t actually care about the remote_group_id at thus point"},{"line_number":203,"context_line":"            updated_ports_filter \u003d [(p[0], p[1], p[2]) for p in updated_ports]"},{"line_number":204,"context_line":"            if (peer_port, tcp_lower, \"0.0.0.0/0\") not in updated_ports_filter:"},{"line_number":205,"context_line":"                updated_ports.append((peer_port, tcp_lower, None, sec_grp_id))"}],"source_content_type":"text/x-python","patch_set":1,"id":"002b2a87_4b15af36","line":202,"range":{"start_line":202,"start_character":14,"end_line":202,"end_character":36},"updated":"2025-12-18 12:26:04.000000000","message":"shouldn\u0027t we care?\nif the remote_group_id is different, it means that the rule must be updated (aka deleted/created in this code), right?","commit_id":"405b264292e796d909a3ae64c44aaa355b8abd10"},{"author":{"_account_id":38562,"name":"Richard Cruise","email":"rcruise@redhat.com","username":"rcruise"},"change_message_id":"c552373334394316fe6bf4912e857edc9fc19e9d","unresolved":true,"context_lines":[{"line_number":199,"context_line":"        for peer_port in listener_peer_ports:"},{"line_number":200,"context_line":"            # This is a strange check, we need to check the first 3 elements"},{"line_number":201,"context_line":"            # aren\u0027t in the updated ports list"},{"line_number":202,"context_line":"            # We don\u0027t actually care about the remote_group_id at thus point"},{"line_number":203,"context_line":"            updated_ports_filter \u003d [(p[0], p[1], p[2]) for p in updated_ports]"},{"line_number":204,"context_line":"            if (peer_port, tcp_lower, \"0.0.0.0/0\") not in updated_ports_filter:"},{"line_number":205,"context_line":"                updated_ports.append((peer_port, tcp_lower, None, sec_grp_id))"}],"source_content_type":"text/x-python","patch_set":1,"id":"0f4d9902_42ca93ba","line":202,"range":{"start_line":202,"start_character":14,"end_line":202,"end_character":36},"in_reply_to":"002b2a87_4b15af36","updated":"2025-12-18 13:00:13.000000000","message":"This is a very strange one and it\u0027s running around my head since yesterday. So the remote group can be 1 of 3 values (None, the listener security group ID or another security group ID)\n\nFor peer ports we want it to be the listener security group ID in all cases after the changes are run, so we only actually care about the first 3 fields because we\u0027re going to set the 4th to the same value no matter what\n\nNow that I\u0027m thinking about it, I\u0027m not sure how it\u0027ll handle the case where the remote group is some other value. We may end up with duplicated rules, so this is something I\u0027ll have to test","commit_id":"405b264292e796d909a3ae64c44aaa355b8abd10"},{"author":{"_account_id":38562,"name":"Richard Cruise","email":"rcruise@redhat.com","username":"rcruise"},"change_message_id":"803878357658354bf9ad1608dc1cbda8c5bb12d0","unresolved":true,"context_lines":[{"line_number":199,"context_line":"        for peer_port in listener_peer_ports:"},{"line_number":200,"context_line":"            # This is a strange check, we need to check the first 3 elements"},{"line_number":201,"context_line":"            # aren\u0027t in the updated ports list"},{"line_number":202,"context_line":"            # We don\u0027t actually care about the remote_group_id at thus point"},{"line_number":203,"context_line":"            updated_ports_filter \u003d [(p[0], p[1], p[2]) for p in updated_ports]"},{"line_number":204,"context_line":"            if (peer_port, tcp_lower, \"0.0.0.0/0\") not in updated_ports_filter:"},{"line_number":205,"context_line":"                updated_ports.append((peer_port, tcp_lower, None, sec_grp_id))"}],"source_content_type":"text/x-python","patch_set":1,"id":"5c12cb52_6230b2aa","line":202,"range":{"start_line":202,"start_character":14,"end_line":202,"end_character":36},"in_reply_to":"0f4d9902_42ca93ba","updated":"2026-01-13 12:04:34.000000000","message":"I\u0027ve updated the check to be a bit more selective. I checked the behaviour and any extra rules in the LB security group get deleted on a failover. This happens on both master branch and after my change, so it most likely expected behaviour","commit_id":"405b264292e796d909a3ae64c44aaa355b8abd10"},{"author":{"_account_id":29244,"name":"Gregory Thiemonge","email":"gthiemon@redhat.com","username":"gthiemonge"},"change_message_id":"c29b6398eec08eb3483c04a5d06a75731ae7e6d6","unresolved":true,"context_lines":[{"line_number":199,"context_line":"        for peer_port in listener_peer_ports:"},{"line_number":200,"context_line":"            # This is a strange check, we need to check the first 3 elements"},{"line_number":201,"context_line":"            # aren\u0027t in the updated ports list"},{"line_number":202,"context_line":"            # We don\u0027t actually care about the remote_group_id at thus point"},{"line_number":203,"context_line":"            updated_ports_filter \u003d [(p[0], p[1], p[2]) for p in updated_ports]"},{"line_number":204,"context_line":"            if (peer_port, tcp_lower, \"0.0.0.0/0\") not in updated_ports_filter:"},{"line_number":205,"context_line":"                updated_ports.append((peer_port, tcp_lower, None, sec_grp_id))"}],"source_content_type":"text/x-python","patch_set":1,"id":"850e7a15_db4661c4","line":202,"range":{"start_line":202,"start_character":14,"end_line":202,"end_character":36},"in_reply_to":"3ced4535_f94ac888","updated":"2026-01-28 09:27:26.000000000","message":"Can\u0027t we just do\n\n```\nfor peer_port in listener_peer_ports:\n    if (peer_port, tcp_lower, None, sec_grp_id) not in updated_ports:\n        updated_ports.append((peer_port, tcp_lower, None, sec_grp_id))\n```\n?","commit_id":"405b264292e796d909a3ae64c44aaa355b8abd10"},{"author":{"_account_id":38360,"name":"Zachary Mark Raines","display_name":"Zachary Raines","email":"zachary.raines@canonical.com","username":"raineszm","status":"Sustaining Engineer @ Canonical"},"change_message_id":"f539838e0df8e7bafea970b83babaa5c37532456","unresolved":true,"context_lines":[{"line_number":199,"context_line":"        for peer_port in listener_peer_ports:"},{"line_number":200,"context_line":"            # This is a strange check, we need to check the first 3 elements"},{"line_number":201,"context_line":"            # aren\u0027t in the updated ports list"},{"line_number":202,"context_line":"            # We don\u0027t actually care about the remote_group_id at thus point"},{"line_number":203,"context_line":"            updated_ports_filter \u003d [(p[0], p[1], p[2]) for p in updated_ports]"},{"line_number":204,"context_line":"            if (peer_port, tcp_lower, \"0.0.0.0/0\") not in updated_ports_filter:"},{"line_number":205,"context_line":"                updated_ports.append((peer_port, tcp_lower, None, sec_grp_id))"}],"source_content_type":"text/x-python","patch_set":1,"id":"3ced4535_f94ac888","line":202,"range":{"start_line":202,"start_character":14,"end_line":202,"end_character":36},"in_reply_to":"5c12cb52_6230b2aa","updated":"2026-01-14 22:19:40.000000000","message":"I\u0027m not sure this filter does anything. updated_ports is completely populated by the loop above where p[3] is always None. So updated_ports_filter\u003dupdated_ports, no?","commit_id":"405b264292e796d909a3ae64c44aaa355b8abd10"},{"author":{"_account_id":38562,"name":"Richard Cruise","email":"rcruise@redhat.com","username":"rcruise"},"change_message_id":"f0ee1705ad11b390b8adca0395a6d2651a1c7a5d","unresolved":true,"context_lines":[{"line_number":199,"context_line":"        for peer_port in listener_peer_ports:"},{"line_number":200,"context_line":"            # This is a strange check, we need to check the first 3 elements"},{"line_number":201,"context_line":"            # aren\u0027t in the updated ports list"},{"line_number":202,"context_line":"            # We don\u0027t actually care about the remote_group_id at thus point"},{"line_number":203,"context_line":"            updated_ports_filter \u003d [(p[0], p[1], p[2]) for p in updated_ports]"},{"line_number":204,"context_line":"            if (peer_port, tcp_lower, \"0.0.0.0/0\") not in updated_ports_filter:"},{"line_number":205,"context_line":"                updated_ports.append((peer_port, tcp_lower, None, sec_grp_id))"}],"source_content_type":"text/x-python","patch_set":1,"id":"af37545a_06c773e0","line":202,"range":{"start_line":202,"start_character":14,"end_line":202,"end_character":36},"in_reply_to":"850e7a15_db4661c4","updated":"2026-03-04 13:30:25.000000000","message":"I tried simplifying the check, but unfortunately we end up with duplicated security group rules because existing ones have None for the remote group. After some consulting with my AI minions, I did rewrite the check so it isn\u0027t as dense to read anymore","commit_id":"405b264292e796d909a3ae64c44aaa355b8abd10"},{"author":{"_account_id":29244,"name":"Gregory Thiemonge","email":"gthiemon@redhat.com","username":"gthiemonge"},"change_message_id":"c29b6398eec08eb3483c04a5d06a75731ae7e6d6","unresolved":true,"context_lines":[{"line_number":210,"context_line":"        # responsible for creating these rules"},{"line_number":211,"context_line":"        old_ports \u003d []"},{"line_number":212,"context_line":"        for rule in rules:"},{"line_number":213,"context_line":"            # Don\u0027t remove egress rules and don\u0027t confuse other protocols with"},{"line_number":214,"context_line":"            # None ports with the egress rules.  VRRP uses protocol 51 and 112"},{"line_number":215,"context_line":"            if (rule.get(\u0027direction\u0027) \u003d\u003d \u0027egress\u0027 or"},{"line_number":216,"context_line":"                    rule.get(\u0027protocol\u0027) is None or"},{"line_number":217,"context_line":"                    rule[\u0027protocol\u0027].upper() not in"}],"source_content_type":"text/x-python","patch_set":3,"id":"1a84368d_ecb594a7","line":214,"range":{"start_line":213,"start_character":14,"end_line":214,"end_character":78},"updated":"2026-01-28 09:27:26.000000000","message":"I\u0027m wondering if we should remove the old rules for VRRP/AUTH_HEADER if they don\u0027t include the sec_grp_id (when a LB/lisetner is updated after updating to a new octavia release)","commit_id":"9da00b96650b1c660406183c8b38a23a6892cd95"},{"author":{"_account_id":38562,"name":"Richard Cruise","email":"rcruise@redhat.com","username":"rcruise"},"change_message_id":"f0ee1705ad11b390b8adca0395a6d2651a1c7a5d","unresolved":true,"context_lines":[{"line_number":210,"context_line":"        # responsible for creating these rules"},{"line_number":211,"context_line":"        old_ports \u003d []"},{"line_number":212,"context_line":"        for rule in rules:"},{"line_number":213,"context_line":"            # Don\u0027t remove egress rules and don\u0027t confuse other protocols with"},{"line_number":214,"context_line":"            # None ports with the egress rules.  VRRP uses protocol 51 and 112"},{"line_number":215,"context_line":"            if (rule.get(\u0027direction\u0027) \u003d\u003d \u0027egress\u0027 or"},{"line_number":216,"context_line":"                    rule.get(\u0027protocol\u0027) is None or"},{"line_number":217,"context_line":"                    rule[\u0027protocol\u0027].upper() not in"}],"source_content_type":"text/x-python","patch_set":3,"id":"bc8c2ed0_999a1e2a","line":214,"range":{"start_line":213,"start_character":14,"end_line":214,"end_character":78},"in_reply_to":"1a84368d_ecb594a7","updated":"2026-03-04 13:30:25.000000000","message":"That should be done now","commit_id":"9da00b96650b1c660406183c8b38a23a6892cd95"},{"author":{"_account_id":38562,"name":"Richard Cruise","email":"rcruise@redhat.com","username":"rcruise"},"change_message_id":"0e728e53af9b2f8c676ba202e4e6a1ddf4a4fd9c","unresolved":false,"context_lines":[{"line_number":210,"context_line":"        # responsible for creating these rules"},{"line_number":211,"context_line":"        old_ports \u003d []"},{"line_number":212,"context_line":"        for rule in rules:"},{"line_number":213,"context_line":"            # Don\u0027t remove egress rules and don\u0027t confuse other protocols with"},{"line_number":214,"context_line":"            # None ports with the egress rules.  VRRP uses protocol 51 and 112"},{"line_number":215,"context_line":"            if (rule.get(\u0027direction\u0027) \u003d\u003d \u0027egress\u0027 or"},{"line_number":216,"context_line":"                    rule.get(\u0027protocol\u0027) is None or"},{"line_number":217,"context_line":"                    rule[\u0027protocol\u0027].upper() not in"}],"source_content_type":"text/x-python","patch_set":3,"id":"93eac6f6_483d13aa","line":214,"range":{"start_line":213,"start_character":14,"end_line":214,"end_character":78},"in_reply_to":"bc8c2ed0_999a1e2a","updated":"2026-06-17 13:41:47.000000000","message":"Done","commit_id":"9da00b96650b1c660406183c8b38a23a6892cd95"},{"author":{"_account_id":38360,"name":"Zachary Mark Raines","display_name":"Zachary Raines","email":"zachary.raines@canonical.com","username":"raineszm","status":"Sustaining Engineer @ Canonical"},"change_message_id":"295749d027de82f7d1bbd5f1f17a384799abacfb","unresolved":true,"context_lines":[{"line_number":281,"context_line":"        # Check the protocol is allowed for Active/Standby LB"},{"line_number":282,"context_line":"        if protocol not in [constants.VRRP_PROTOCOL_NUM,"},{"line_number":283,"context_line":"                            constants.AUTH_HEADER_PROTOCOL_NUMBER]:"},{"line_number":284,"context_line":"            raise base.PlugVIPException("},{"line_number":285,"context_line":"                f\"Invalid protocol number {protocol} for \""},{"line_number":286,"context_line":"                f\"Active/Standby LB\")"},{"line_number":287,"context_line":""}],"source_content_type":"text/x-python","patch_set":5,"id":"705d57a3_3f3f10a3","line":284,"range":{"start_line":284,"start_character":0,"end_line":284,"end_character":2},"updated":"2026-03-07 00:52:43.000000000","message":"Probably an ArgumentError is fine here.","commit_id":"7de9c29d6f6b2f29dce1a1b37d57b3715832250b"},{"author":{"_account_id":38562,"name":"Richard Cruise","email":"rcruise@redhat.com","username":"rcruise"},"change_message_id":"e6382468c1abe0440f4c8d636293be8226178850","unresolved":true,"context_lines":[{"line_number":281,"context_line":"        # Check the protocol is allowed for Active/Standby LB"},{"line_number":282,"context_line":"        if protocol not in [constants.VRRP_PROTOCOL_NUM,"},{"line_number":283,"context_line":"                            constants.AUTH_HEADER_PROTOCOL_NUMBER]:"},{"line_number":284,"context_line":"            raise base.PlugVIPException("},{"line_number":285,"context_line":"                f\"Invalid protocol number {protocol} for \""},{"line_number":286,"context_line":"                f\"Active/Standby LB\")"},{"line_number":287,"context_line":""}],"source_content_type":"text/x-python","patch_set":5,"id":"f6fe2ebf_1e712ab5","line":284,"range":{"start_line":284,"start_character":0,"end_line":284,"end_character":2},"in_reply_to":"705d57a3_3f3f10a3","updated":"2026-03-09 11:18:34.000000000","message":"Good point, I\u0027ll change that now","commit_id":"7de9c29d6f6b2f29dce1a1b37d57b3715832250b"},{"author":{"_account_id":38562,"name":"Richard Cruise","email":"rcruise@redhat.com","username":"rcruise"},"change_message_id":"30a11ff8937750789c1bf1f488df1788d28db879","unresolved":false,"context_lines":[{"line_number":281,"context_line":"        # Check the protocol is allowed for Active/Standby LB"},{"line_number":282,"context_line":"        if protocol not in [constants.VRRP_PROTOCOL_NUM,"},{"line_number":283,"context_line":"                            constants.AUTH_HEADER_PROTOCOL_NUMBER]:"},{"line_number":284,"context_line":"            raise base.PlugVIPException("},{"line_number":285,"context_line":"                f\"Invalid protocol number {protocol} for \""},{"line_number":286,"context_line":"                f\"Active/Standby LB\")"},{"line_number":287,"context_line":""}],"source_content_type":"text/x-python","patch_set":5,"id":"4a829f81_94cf1dab","line":284,"range":{"start_line":284,"start_character":0,"end_line":284,"end_character":2},"in_reply_to":"f6fe2ebf_1e712ab5","updated":"2026-03-09 11:38:34.000000000","message":"Done","commit_id":"7de9c29d6f6b2f29dce1a1b37d57b3715832250b"},{"author":{"_account_id":38360,"name":"Zachary Mark Raines","display_name":"Zachary Raines","email":"zachary.raines@canonical.com","username":"raineszm","status":"Sustaining Engineer @ Canonical"},"change_message_id":"295749d027de82f7d1bbd5f1f17a384799abacfb","unresolved":true,"context_lines":[{"line_number":290,"context_line":"                 \"delete\", protocol)"},{"line_number":291,"context_line":"        existing_rule \u003d None"},{"line_number":292,"context_line":"        for rule in rules:"},{"line_number":293,"context_line":"            if (rule.get(\u0027protocol\u0027, \u0027255\u0027) \u003d\u003d str(protocol) and"},{"line_number":294,"context_line":"                    rule.get(\u0027direction\u0027, \u0027\u0027) \u003d\u003d \u0027ingress\u0027 and"},{"line_number":295,"context_line":"                    rule.get(\u0027remote_group_id\u0027) is None):"},{"line_number":296,"context_line":"                existing_rule \u003d rule.get(\u0027id\u0027)"},{"line_number":297,"context_line":"                LOG.warning(\"Found security rule to delete: %s\","},{"line_number":298,"context_line":"                            existing_rule)"}],"source_content_type":"text/x-python","patch_set":5,"id":"2bc9eeb8_5f2e55f7","line":295,"range":{"start_line":293,"start_character":12,"end_line":295,"end_character":57},"updated":"2026-03-07 00:52:43.000000000","message":"what if more than one rule hits this branch. We\u0027ll only wind up deleting the last one found?","commit_id":"7de9c29d6f6b2f29dce1a1b37d57b3715832250b"},{"author":{"_account_id":38360,"name":"Zachary Mark Raines","display_name":"Zachary Raines","email":"zachary.raines@canonical.com","username":"raineszm","status":"Sustaining Engineer @ Canonical"},"change_message_id":"e4cb83603e6def438c85649cdb70d9e8d4d6f3e2","unresolved":true,"context_lines":[{"line_number":290,"context_line":"                 \"delete\", protocol)"},{"line_number":291,"context_line":"        existing_rule \u003d None"},{"line_number":292,"context_line":"        for rule in rules:"},{"line_number":293,"context_line":"            if (rule.get(\u0027protocol\u0027, \u0027255\u0027) \u003d\u003d str(protocol) and"},{"line_number":294,"context_line":"                    rule.get(\u0027direction\u0027, \u0027\u0027) \u003d\u003d \u0027ingress\u0027 and"},{"line_number":295,"context_line":"                    rule.get(\u0027remote_group_id\u0027) is None):"},{"line_number":296,"context_line":"                existing_rule \u003d rule.get(\u0027id\u0027)"},{"line_number":297,"context_line":"                LOG.warning(\"Found security rule to delete: %s\","},{"line_number":298,"context_line":"                            existing_rule)"}],"source_content_type":"text/x-python","patch_set":5,"id":"53f91d94_1dd2d5d7","line":295,"range":{"start_line":293,"start_character":12,"end_line":295,"end_character":57},"in_reply_to":"2a1ded17_87784542","updated":"2026-06-18 20:44:23.000000000","message":"Maybe then we should just break when we find it?","commit_id":"7de9c29d6f6b2f29dce1a1b37d57b3715832250b"},{"author":{"_account_id":38562,"name":"Richard Cruise","email":"rcruise@redhat.com","username":"rcruise"},"change_message_id":"e6382468c1abe0440f4c8d636293be8226178850","unresolved":true,"context_lines":[{"line_number":290,"context_line":"                 \"delete\", protocol)"},{"line_number":291,"context_line":"        existing_rule \u003d None"},{"line_number":292,"context_line":"        for rule in rules:"},{"line_number":293,"context_line":"            if (rule.get(\u0027protocol\u0027, \u0027255\u0027) \u003d\u003d str(protocol) and"},{"line_number":294,"context_line":"                    rule.get(\u0027direction\u0027, \u0027\u0027) \u003d\u003d \u0027ingress\u0027 and"},{"line_number":295,"context_line":"                    rule.get(\u0027remote_group_id\u0027) is None):"},{"line_number":296,"context_line":"                existing_rule \u003d rule.get(\u0027id\u0027)"},{"line_number":297,"context_line":"                LOG.warning(\"Found security rule to delete: %s\","},{"line_number":298,"context_line":"                            existing_rule)"}],"source_content_type":"text/x-python","patch_set":5,"id":"2a1ded17_87784542","line":295,"range":{"start_line":293,"start_character":12,"end_line":295,"end_character":57},"in_reply_to":"2bc9eeb8_5f2e55f7","updated":"2026-03-09 11:18:34.000000000","message":"There\u0027s only ever 1 of these rulese per LB","commit_id":"7de9c29d6f6b2f29dce1a1b37d57b3715832250b"},{"author":{"_account_id":29244,"name":"Gregory Thiemonge","email":"gthiemon@redhat.com","username":"gthiemonge"},"change_message_id":"c690e0c29343d15014515f2c0ca65890dc6cecf5","unresolved":true,"context_lines":[{"line_number":286,"context_line":"                f\"Active/Standby LB\")"},{"line_number":287,"context_line":""},{"line_number":288,"context_line":"        # Check if rule without remote group ID needs deletion"},{"line_number":289,"context_line":"        LOG.info(\"Scanning for old protocol %s security group rules to \""},{"line_number":290,"context_line":"                 \"delete\", protocol)"},{"line_number":291,"context_line":"        existing_rule \u003d None"},{"line_number":292,"context_line":"        for rule in rules:"}],"source_content_type":"text/x-python","patch_set":8,"id":"8e75c7c6_8e31e1db","line":289,"range":{"start_line":289,"start_character":12,"end_line":289,"end_character":16},"updated":"2026-03-24 08:41:11.000000000","message":"I think it would be better in LOG.debug level","commit_id":"6688e5e6676089fc9ac826890ea70be520a53b50"},{"author":{"_account_id":38562,"name":"Richard Cruise","email":"rcruise@redhat.com","username":"rcruise"},"change_message_id":"0e728e53af9b2f8c676ba202e4e6a1ddf4a4fd9c","unresolved":false,"context_lines":[{"line_number":286,"context_line":"                f\"Active/Standby LB\")"},{"line_number":287,"context_line":""},{"line_number":288,"context_line":"        # Check if rule without remote group ID needs deletion"},{"line_number":289,"context_line":"        LOG.info(\"Scanning for old protocol %s security group rules to \""},{"line_number":290,"context_line":"                 \"delete\", protocol)"},{"line_number":291,"context_line":"        existing_rule \u003d None"},{"line_number":292,"context_line":"        for rule in rules:"}],"source_content_type":"text/x-python","patch_set":8,"id":"5c479dad_25d46a3d","line":289,"range":{"start_line":289,"start_character":12,"end_line":289,"end_character":16},"in_reply_to":"8e75c7c6_8e31e1db","updated":"2026-06-17 13:41:47.000000000","message":"Done","commit_id":"6688e5e6676089fc9ac826890ea70be520a53b50"}],"octavia/network/drivers/neutron/base.py":[{"author":{"_account_id":38360,"name":"Zachary Mark Raines","display_name":"Zachary Raines","email":"zachary.raines@canonical.com","username":"raineszm","status":"Sustaining Engineer @ Canonical"},"change_message_id":"295749d027de82f7d1bbd5f1f17a384799abacfb","unresolved":true,"context_lines":[{"line_number":169,"context_line":""},{"line_number":170,"context_line":"        self.network_proxy.create_security_group_rule(**rule)"},{"line_number":171,"context_line":""},{"line_number":172,"context_line":"    def _delete_security_group_rule("},{"line_number":173,"context_line":"            self, sec_grp_rule_id, ignore_missing\u003dFalse):"},{"line_number":174,"context_line":"        self.network_proxy.delete_security_group_rule("},{"line_number":175,"context_line":"            sec_grp_rule_id, ignore_missing\u003dignore_missing)"},{"line_number":176,"context_line":""},{"line_number":177,"context_line":"    def apply_qos_on_port(self, qos_id, port_id):"},{"line_number":178,"context_line":"        try:"}],"source_content_type":"text/x-python","patch_set":5,"id":"5454c078_70bcea75","line":175,"range":{"start_line":172,"start_character":3,"end_line":175,"end_character":59},"updated":"2026-03-07 00:52:43.000000000","message":"what is the benefit of defining this? It seem like just at trivial reoganization of the function call.","commit_id":"7de9c29d6f6b2f29dce1a1b37d57b3715832250b"},{"author":{"_account_id":38360,"name":"Zachary Mark Raines","display_name":"Zachary Raines","email":"zachary.raines@canonical.com","username":"raineszm","status":"Sustaining Engineer @ Canonical"},"change_message_id":"e4cb83603e6def438c85649cdb70d9e8d4d6f3e2","unresolved":true,"context_lines":[{"line_number":169,"context_line":""},{"line_number":170,"context_line":"        self.network_proxy.create_security_group_rule(**rule)"},{"line_number":171,"context_line":""},{"line_number":172,"context_line":"    def _delete_security_group_rule("},{"line_number":173,"context_line":"            self, sec_grp_rule_id, ignore_missing\u003dFalse):"},{"line_number":174,"context_line":"        self.network_proxy.delete_security_group_rule("},{"line_number":175,"context_line":"            sec_grp_rule_id, ignore_missing\u003dignore_missing)"},{"line_number":176,"context_line":""},{"line_number":177,"context_line":"    def apply_qos_on_port(self, qos_id, port_id):"},{"line_number":178,"context_line":"        try:"}],"source_content_type":"text/x-python","patch_set":5,"id":"22fddd14_260e82bf","line":175,"range":{"start_line":172,"start_character":3,"end_line":175,"end_character":59},"in_reply_to":"201aed0e_08325d65","updated":"2026-06-18 20:44:23.000000000","message":"I think having a wrapper for create_security_group_rule makes sense since there\u0027s a lot of options we want to specialize for our use case, but delete_security_group_rule only has three possible arguments and we\u0027re passing two straight through and leaving the other default. Obviously a nit, but seems like less code is better.","commit_id":"7de9c29d6f6b2f29dce1a1b37d57b3715832250b"},{"author":{"_account_id":38562,"name":"Richard Cruise","email":"rcruise@redhat.com","username":"rcruise"},"change_message_id":"e6382468c1abe0440f4c8d636293be8226178850","unresolved":true,"context_lines":[{"line_number":169,"context_line":""},{"line_number":170,"context_line":"        self.network_proxy.create_security_group_rule(**rule)"},{"line_number":171,"context_line":""},{"line_number":172,"context_line":"    def _delete_security_group_rule("},{"line_number":173,"context_line":"            self, sec_grp_rule_id, ignore_missing\u003dFalse):"},{"line_number":174,"context_line":"        self.network_proxy.delete_security_group_rule("},{"line_number":175,"context_line":"            sec_grp_rule_id, ignore_missing\u003dignore_missing)"},{"line_number":176,"context_line":""},{"line_number":177,"context_line":"    def apply_qos_on_port(self, qos_id, port_id):"},{"line_number":178,"context_line":"        try:"}],"source_content_type":"text/x-python","patch_set":5,"id":"201aed0e_08325d65","line":175,"range":{"start_line":172,"start_character":3,"end_line":175,"end_character":59},"in_reply_to":"5454c078_70bcea75","updated":"2026-03-09 11:18:34.000000000","message":"I could call the proxy directly but I figured it would be better to keep in theme with the _create_security_group_rule method above","commit_id":"7de9c29d6f6b2f29dce1a1b37d57b3715832250b"}],"octavia/tests/unit/network/drivers/neutron/test_base.py":[{"author":{"_account_id":38360,"name":"Zachary Mark Raines","display_name":"Zachary Raines","email":"zachary.raines@canonical.com","username":"raineszm","status":"Sustaining Engineer @ Canonical"},"change_message_id":"e4cb83603e6def438c85649cdb70d9e8d4d6f3e2","unresolved":true,"context_lines":[{"line_number":151,"context_line":"        self.driver.network_proxy.create_security_group_rule.assert_has_calls("},{"line_number":152,"context_line":"            [mock.call(**expected_sec_grp_rule_dict)])"},{"line_number":153,"context_line":""},{"line_number":154,"context_line":"    def test__delete_security_group_rule(self):"},{"line_number":155,"context_line":"        \"\"\"Test _delete_security_group_rule delegates to proxy\"\"\""},{"line_number":156,"context_line":"        rule_id \u003d \u0027rule-123\u0027"},{"line_number":157,"context_line":""}],"source_content_type":"text/x-python","patch_set":8,"id":"2c5d7491_c4db7a95","line":154,"updated":"2026-06-18 20:44:23.000000000","message":"Related to my comments on _delete_security_group I don\u0027t think we need these tests.","commit_id":"6688e5e6676089fc9ac826890ea70be520a53b50"}],"releasenotes/notes/fix-peer-port-security-issue-a4654dbadb942225.yaml":[{"author":{"_account_id":38360,"name":"Zachary Mark Raines","display_name":"Zachary Raines","email":"zachary.raines@canonical.com","username":"raineszm","status":"Sustaining Engineer @ Canonical"},"change_message_id":"295749d027de82f7d1bbd5f1f17a384799abacfb","unresolved":true,"context_lines":[{"line_number":3,"context_line":"fixes:"},{"line_number":4,"context_line":"  - |"},{"line_number":5,"context_line":"    Fixed Bug 2133752 \u003chttps://bugs.launchpad.net/octavia/+bug/2133752\u003e"},{"line_number":6,"context_line":"    Added remotre group to the peer ports with the same security group ID"},{"line_number":7,"context_line":"    as the LB security group. This should ensure traffic is limited to"},{"line_number":8,"context_line":"    within the LB. Old rules without remote groups will be updated on failover"},{"line_number":9,"context_line":"    of an existing LB."}],"source_content_type":"text/x-yaml","patch_set":5,"id":"82653fa7_06fe42c0","line":6,"range":{"start_line":6,"start_character":10,"end_line":6,"end_character":17},"updated":"2026-03-07 00:52:43.000000000","message":"typo: remote\n```suggestion\n    Added remote group to the peer ports with the same security group ID\n```","commit_id":"7de9c29d6f6b2f29dce1a1b37d57b3715832250b"},{"author":{"_account_id":38562,"name":"Richard Cruise","email":"rcruise@redhat.com","username":"rcruise"},"change_message_id":"e6382468c1abe0440f4c8d636293be8226178850","unresolved":false,"context_lines":[{"line_number":3,"context_line":"fixes:"},{"line_number":4,"context_line":"  - |"},{"line_number":5,"context_line":"    Fixed Bug 2133752 \u003chttps://bugs.launchpad.net/octavia/+bug/2133752\u003e"},{"line_number":6,"context_line":"    Added remotre group to the peer ports with the same security group ID"},{"line_number":7,"context_line":"    as the LB security group. This should ensure traffic is limited to"},{"line_number":8,"context_line":"    within the LB. Old rules without remote groups will be updated on failover"},{"line_number":9,"context_line":"    of an existing LB."}],"source_content_type":"text/x-yaml","patch_set":5,"id":"75491851_0fe27698","line":6,"range":{"start_line":6,"start_character":10,"end_line":6,"end_character":17},"in_reply_to":"82653fa7_06fe42c0","updated":"2026-03-09 11:18:34.000000000","message":"Fix applied.","commit_id":"7de9c29d6f6b2f29dce1a1b37d57b3715832250b"},{"author":{"_account_id":29244,"name":"Gregory Thiemonge","email":"gthiemon@redhat.com","username":"gthiemonge"},"change_message_id":"c690e0c29343d15014515f2c0ca65890dc6cecf5","unresolved":true,"context_lines":[{"line_number":3,"context_line":"fixes:"},{"line_number":4,"context_line":"  - |"},{"line_number":5,"context_line":"    Fixed Bug 2133752 \u003chttps://bugs.launchpad.net/octavia/+bug/2133752\u003e"},{"line_number":6,"context_line":"    Added remotre group to the peer ports with the same security group ID"},{"line_number":7,"context_line":"    as the LB security group. This should ensure traffic is limited to"},{"line_number":8,"context_line":"    within the LB. Old rules without remote groups will be updated on failover"},{"line_number":9,"context_line":"    of an existing LB."}],"source_content_type":"text/x-yaml","patch_set":8,"id":"a05bf38f_1a3cf688","line":6,"range":{"start_line":6,"start_character":10,"end_line":6,"end_character":17},"updated":"2026-03-24 08:41:11.000000000","message":"typo","commit_id":"6688e5e6676089fc9ac826890ea70be520a53b50"},{"author":{"_account_id":38562,"name":"Richard Cruise","email":"rcruise@redhat.com","username":"rcruise"},"change_message_id":"0e728e53af9b2f8c676ba202e4e6a1ddf4a4fd9c","unresolved":false,"context_lines":[{"line_number":3,"context_line":"fixes:"},{"line_number":4,"context_line":"  - |"},{"line_number":5,"context_line":"    Fixed Bug 2133752 \u003chttps://bugs.launchpad.net/octavia/+bug/2133752\u003e"},{"line_number":6,"context_line":"    Added remotre group to the peer ports with the same security group ID"},{"line_number":7,"context_line":"    as the LB security group. This should ensure traffic is limited to"},{"line_number":8,"context_line":"    within the LB. Old rules without remote groups will be updated on failover"},{"line_number":9,"context_line":"    of an existing LB."}],"source_content_type":"text/x-yaml","patch_set":8,"id":"eca302af_1c99984b","line":6,"range":{"start_line":6,"start_character":10,"end_line":6,"end_character":17},"in_reply_to":"a05bf38f_1a3cf688","updated":"2026-06-17 13:41:47.000000000","message":"Done","commit_id":"6688e5e6676089fc9ac826890ea70be520a53b50"}]}