Monday, 2020-11-23

-openstackstatus- NOTICE: Our Gerrit upgrade maintenance has concluded successfully; please see the maintenance wrap-up announcement for additional details: http://lists.opendev.org/pipermail/service-announce/2020-November/000014.html		00:53
*** hamalq has joined #openstack-dns		01:32
*** hamalq has quit IRC		01:37
*** hamalq has joined #openstack-dns		03:33
*** hamalq has quit IRC		03:37
*** ircuser-1 has quit IRC		08:02
*** luksky has joined #openstack-dns		08:24
*** hamalq has joined #openstack-dns		09:36
*** hamalq has quit IRC		09:40
*** hamalq has joined #openstack-dns		11:36
*** hamalq has quit IRC		11:41
*** openstackgerrit has joined #openstack-dns		13:15
*** ChanServ sets mode: +v openstackgerrit		13:15
openstackgerrit	Michael Chapman proposed openstack/designate master: WIP Doc intro section https://review.opendev.org/c/openstack/designate/+/763779	13:15
*** klippo has quit IRC		13:17
openstackgerrit	Michael Chapman proposed openstack/designate master: WIP Doc intro section https://review.opendev.org/c/openstack/designate/+/763779	13:18
*** hamalq has joined #openstack-dns		13:37
*** hamalq has quit IRC		13:42
openstackgerrit	Michael Chapman proposed openstack/designate master: WIP Doc intro section https://review.opendev.org/c/openstack/designate/+/763779	14:00
*** hamalq has joined #openstack-dns		15:38
*** hamalq has quit IRC		15:42
*** hamalq has joined #openstack-dns		17:01
*** hamalq has quit IRC		17:43
*** hamalq has joined #openstack-dns		17:43
*** toma4 has quit IRC		19:18
*** toma4 has joined #openstack-dns		19:25
*** lbragstad has joined #openstack-dns		19:37
lbragstad	o/ does designate not have an API for deleting pools?	19:38
lbragstad	https://docs.openstack.org/api-ref/dns/#pools	19:38
lbragstad	i see there are policies for deleting pools, but i don't see the corresponding API	19:38
lbragstad	aha, nevermind	19:42
lbragstad	https://opendev.org/openstack/designate/src/branch/master/designate/api/v2/controllers/pools.py#L133-L135	19:42
eandersson	lbragstad pretty sure they are managed using the designate-manage command	19:52
eandersson	If you remove a pool from pools.yaml and run the manage command with the --delete flag it should remove it afaik	19:53
eandersson	> designate-manage pool update --delete DELETE	19:54
* lbragstad nods		19:54
lbragstad	so - those apis are effectively gone - or shouldn't be used	19:54
-openstackstatus- NOTICE: The Gerrit service on review.opendev.org is being restarted quickly to troubleshoot an unexpected error condition, downtime should be less than 5 minutes		20:00
*** hamalq has quit IRC		20:01
*** openstackgerrit has quit IRC		20:02
*** hamalq has joined #openstack-dns		20:13
*** hamalq has quit IRC		20:19
*** hamalq has joined #openstack-dns		21:01
lbragstad	is anyone familiar with the zone_type logic here?	21:25
lbragstad	https://opendev.org/openstack/designate/src/branch/master/designate/common/policies/base.py#L21-L23	21:25
njohnston	since zone_type can be either PRIMARY or SECONDARY I think the rule is saying 'if Designate is primary for this zone and is_admin' https://opendev.org/openstack/designate/src/branch/master/api-ref/source/parameters.yaml#L901	21:31
njohnston	sorry, should be 'if Designate is primary, then admin or owner; if Designate is secondary then admin only" (had to re-read the policy rule)	21:32
njohnston	lbragstad ^^	21:32
lbragstad	hm - ok	21:33
lbragstad	so - only system administrators should be able to create a recordset if the zone is secondary?	21:33
lbragstad	otherwise - project members should be able to create record sets	21:34
njohnston	lbragstad: I believe that is correct, as the system administrator would know the zones that the other DNS server will be promary for	21:51
lbragstad	ok	21:51
lbragstad	i'm noticing some other policies like https://opendev.org/openstack/designate/src/branch/master/designate/common/policies/tenant.py	21:52
lbragstad	they seem like aliases for the admin API	21:52
lbragstad	since they don't seem to correspond to any particular API	21:52
njohnston	I see the implementation here: https://opendev.org/openstack/designate/src/branch/master/designate/storage/impl_sqlalchemy/__init__.py#L165	21:55
*** hamalq has quit IRC		21:55
*** hamalq has joined #openstack-dns		21:56
*** hamalq has quit IRC		21:59
lbragstad	huh - interesting...	21:59
lbragstad	but it isn't exposed via the API/	21:59
lbragstad	?	21:59
njohnston	lbragstad: I think it's in the RPC API, not the REST API	22:01
lbragstad	aha - interesting	22:01
njohnston	https://opendev.org/openstack/designate/src/branch/master/designate/central/rpcapi.py#L135	22:01
lbragstad	ok	22:01
* njohnston never contemplated policy checks for RPC API transactions		22:02
lbragstad	yeah - me either	22:03
lbragstad	this is a new one for me	22:03
* lbragstad wonders if the context in the RPC api implementation is an oslo.context request context object		22:04
*** luksky has quit IRC		22:05
njohnston	lbragstad: looks like it gets called from the API here https://opendev.org/openstack/designate/src/branch/master/designate/api/admin/controllers/extensions/tenants.py#L35	22:09
njohnston	lbragstad: I am headed out now, but 'll follow up to make sure this is an active API.	22:10
lbragstad	njohnston sounds great - thank you for the help	22:12
lbragstad	njohnston i'm in the middle of butching the policy updates - i should have something for review here soon and we can iterate there	22:13
lbragstad	butchering*	22:13
njohnston	thanks lbragstad!	22:13
lbragstad	njohnston no problem - thank you	22:13
*** luksky has joined #openstack-dns		22:18
*** luksky has quit IRC		23:10
*** ircuser-1 has joined #openstack-dns		23:52

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!