python-designateclient does not require email on a primary zone create

The help message is correct, as the email is only required if the created zone has type=PRIMARY. for type=SECONDARY, the email parameter is ignored. Actually it should generate an error if the parameter is specified in that case, but that doesn't seem to happen.

So the error or inconsistency lies in the API reference, but I'm not sure how to best describe the constraints.

Maybe part of this could also be added to the help text for the email parameter.

Thank you for your feedback.

So I understand the following:

If zone is primary, email is positional. (we cannot create a primary zone without it)

If zone is secondary, email should not be provided.

I think email should be considered a positional argument, as it is not optional in both cases.

In my humble opinion, we can change the email's Description in the API reference to be the following:
"e-mail for the zone. Required only if zone is PRIMARY, and used in SOA records for the zone".

Regarding the case of providing email to a SECONDARY zone, I see the following behavior:

$ openstack zone create --type SECONDARY --masters example.com. --email <email address hidden> example2.com.
+----------------+--------------------------------------+
| Field | Value |
+----------------+--------------------------------------+
| action | CREATE |
| attributes | |
| created_at | 2024-04-16T16:15:03.000000 |
| description | None |
| email | <email address hidden> | <--------------
| id | 48ed5104-266a-47a1-85a2-c4a185d7cd0f |
| masters | example.com. |
| name | example2.com. |
| pool_id | 794ccc2c-d751-44fe-b57f-8894c9f5c842 |
| project_id | 0179f0a7da3b4e5a8bb5cb32afd660bc |
| serial | 1 |
| shared | False |
| status | PENDING |
| transferred_at | None |
| ttl | 3600 |
| type | SECONDARY |
| updated_at | None |
| version | 1 |
+----------------+--------------------------------------+

Probably due to https://opendev.org/openstack/designate/src/branch/master/designate/api/v2/controllers/zones/__init__.py#L98

So as far as I understand, in case we provide an email when we create a secondary zone, we should return an error.
But what should be the assigned email for that secondary zone?

Thanks again.

This is an interesting one.

Technically the email on the secondary zone will come from the zone SOA that designate will transfer in from the primary server(s) (the same would be true of the TTL IMO).

To me, it would be best to remove confusion if Designate left that field blank for secondary zones. Or for bonus points, leaves it blank until the first zone transfer and then extracts it from the SOA.

However, the current behavior of accepting an email address, then ignoring it and setting a different one from the configuration file is more confusing.

We also need to take into account that people may be "using" this behavior in automated ways, so switching the client to return an error if an email address is specified could be a breaking change.

Thanks for the feedback. So I am opening another bug, which will describe the problem and that potential solution you suggested, and will focus on the designate repository part. This (current) bug mainly focuses on the python-designateclient part.

If we decide to leave python-designateclient as it currently is, should we change the email parameter in the Designate API reference to the following?
"e-mail for the zone. Required only if zone is PRIMARY, and used in SOA records for the zone"

I am attaching again the way it appears today:
https://docs.openstack.org/api-ref/dns/dns-api-v2-index.html#request
"e-mail for the zone. Used in SOA records for the zone"

When I try to leave email blank, it fails because of the following validation check:
https://opendev.org/openstack/designate/src/branch/master/designate/objects/fields.py#L195

May 03 13:07:41 c9s-debug <email address hidden>[362818]: ERROR designate.api.middleware raise ValueError(f'{value} is not an email')
May 03 13:07:41 c9s-debug <email address hidden>[362818]: ERROR designate.api.middleware ValueError: is not an email