| michapma | johnsom, we had a convo ages ago about user modification of their SOA records. Using the zone import API appears to allow setting your own retry and expire values, but refresh is generated and negative TTL is always the config value. | 06:42 |
|---|---|---|
| michapma | johnsom, I don't think either of those are possible using the normal zone create, so would you consider it a) fine, b) bug in zone create or c) bug in zone import? | 06:57 |
| opendevreview | Michael Chapman proposed openstack/designate master: [WIP] Zone import and export documentation https://review.opendev.org/c/openstack/designate/+/798051 | 07:17 |
| johnsom | michapma I think zone import is an interesting case. A common use could be to import a zone from outside Designate and you may need to configure it the same as it was prior to import. | 15:08 |
| michapma | johnsom, in that case maybe the zone minimum should be imported as well. | 15:45 |
| johnsom | michapma Yeah, there is a balance there with allowing settings that can degrade the Designate service. | 15:46 |
| michapma | johnsom, you can set a TTL of 1 and it will accept it, but the refresh will always be within the configured range | 15:47 |
| johnsom | michapma Zone import is non-admin only right? If that is the case we should error on the side of maintaining the operator configured values | 15:47 |
| michapma | johnsom regular users can use import. I haven't tested to see if there's any difference if done with admin creds | 15:48 |
| johnsom | Yeah, since regular users can trigger it. We should probably enforce the rules you would have on zone create. | 15:48 |
| johnsom | Ideally, there would be operator configured values enforced for user actions, with an admin permission level to allow override. But that isn't how zone create is setup today I think. | 15:50 |
| opendevreview | Michael Chapman proposed openstack/designate master: [WIP] Zone import and export documentation https://review.opendev.org/c/openstack/designate/+/798051 | 15:52 |
| michapma | johnsom, ack | 15:52 |
| johnsom | michapma I know it's late for you, let me think about this and we can chat about it on Monday. I'm struggling to context switch back to this at the moment, so I need to go refresh my memory of what we have today. | 15:54 |
| johnsom | Maybe others here will also have input/thoughts on it. | 15:54 |
| opendevreview | Ade Lee proposed openstack/designate master: Replace md5 for fips https://review.opendev.org/c/openstack/designate/+/798157 | 20:15 |
| opendevreview | Ade Lee proposed openstack/designate master: DNM/WIP: Add fips jobs https://review.opendev.org/c/openstack/designate/+/798158 | 20:24 |
| opendevreview | Michael Johnson proposed openstack/designate master: Replace md5 for fips https://review.opendev.org/c/openstack/designate/+/798157 | 23:06 |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!