)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"3ee58f0c0b4e561e34d0d101f56e80fadbbac9ce","unresolved":true,"context_lines":[{"line_number":7,"context_line":"Add secure-rbac tests for Orders"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This patch adds basic RBAC tests for the Orders resource for"},{"line_number":10,"context_line":"the reader, member, and admin personas."},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"Change-Id: Ie5b7b6f7df20ec96e916232e70e9f61c7771f9d2"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"58b02383_6040d180","line":10,"updated":"2021-04-01 20:25:08.000000000","message":"NIT: add: for project scope","commit_id":"0e1438e2b3b5b64b5d81b312520143e73c247e7b"}],"barbican_tempest_plugin/tests/rbac/v1/test_orders.py":[{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"9a6ff9514ac0949d97096c490efa87d85b316419","unresolved":true,"context_lines":[{"line_number":99,"context_line":"                                   \u0027mode\u0027: \u0027cbc\u0027,"},{"line_number":100,"context_line":"                               })"},{"line_number":101,"context_line":"        order_id \u003d self.ref_to_uuid(resp[\u0027order_ref\u0027])"},{"line_number":102,"context_line":"        self.do_request(\u0027get_order\u0027, order_id\u003dorder_id)"},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"    def test_delete_order(self):"},{"line_number":105,"context_line":"        resp \u003d self.do_request(\u0027create_order\u0027,"}],"source_content_type":"text/x-python","patch_set":1,"id":"2e0ac368_247873b1","line":102,"updated":"2021-04-01 20:32:36.000000000","message":"Do we need to validate the return?  confirm that the returned data matches the order_ref?","commit_id":"0e1438e2b3b5b64b5d81b312520143e73c247e7b"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"ac063d6c3f44afa9384d2c167f9062849e8a5cdb","unresolved":false,"context_lines":[{"line_number":99,"context_line":"                                   \u0027mode\u0027: \u0027cbc\u0027,"},{"line_number":100,"context_line":"                               })"},{"line_number":101,"context_line":"        order_id \u003d self.ref_to_uuid(resp[\u0027order_ref\u0027])"},{"line_number":102,"context_line":"        self.do_request(\u0027get_order\u0027, order_id\u003dorder_id)"},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"    def test_delete_order(self):"},{"line_number":105,"context_line":"        resp \u003d self.do_request(\u0027create_order\u0027,"}],"source_content_type":"text/x-python","patch_set":1,"id":"c063981d_5dc95297","line":102,"in_reply_to":"2e0ac368_247873b1","updated":"2021-04-01 21:59:26.000000000","message":"I was mainly interested in not getting a Forbidden reply, but we can certainly check the response data.","commit_id":"0e1438e2b3b5b64b5d81b312520143e73c247e7b"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"122e9457ae22c81f2063ca161abc69aac37a3bc7","unresolved":true,"context_lines":[{"line_number":71,"context_line":"        self.do_request(\u0027create_order\u0027, cleanup\u003d\u0027order\u0027,"},{"line_number":72,"context_line":"                        name\u003d\u0027list_orders\u0027, type\u003d\u0027key\u0027,"},{"line_number":73,"context_line":"                        meta\u003d{"},{"line_number":74,"context_line":"                            \u0027name\u0027: \u0027list_orders_s\u0027,"},{"line_number":75,"context_line":"                            \u0027algorithm\u0027: \u0027aes\u0027,"},{"line_number":76,"context_line":"                            \u0027bit_length\u0027: 256,"},{"line_number":77,"context_line":"                            \u0027mode\u0027: \u0027cbc\u0027,"}],"source_content_type":"text/x-python","patch_set":2,"id":"f8246c26_e803346c","line":74,"range":{"start_line":74,"start_character":37,"end_line":74,"end_character":50},"updated":"2021-04-05 18:25:31.000000000","message":"Similar comment here as the container review. What happens if two classes (ProjectMemberTests and ProjectAdminTests) attempt to run this at the same time?\n\nI\u0027m curious if we won\u0027t see transient timing issues because of a 409 Conflict down the road.","commit_id":"1febf40838581d792c695e4f468fe4f0d6c517b8"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"13f13956bf8cc2ed3fec7cc9efb951a94a1f7485","unresolved":false,"context_lines":[{"line_number":71,"context_line":"        self.do_request(\u0027create_order\u0027, cleanup\u003d\u0027order\u0027,"},{"line_number":72,"context_line":"                        name\u003d\u0027list_orders\u0027, type\u003d\u0027key\u0027,"},{"line_number":73,"context_line":"                        meta\u003d{"},{"line_number":74,"context_line":"                            \u0027name\u0027: \u0027list_orders_s\u0027,"},{"line_number":75,"context_line":"                            \u0027algorithm\u0027: \u0027aes\u0027,"},{"line_number":76,"context_line":"                            \u0027bit_length\u0027: 256,"},{"line_number":77,"context_line":"                            \u0027mode\u0027: \u0027cbc\u0027,"}],"source_content_type":"text/x-python","patch_set":2,"id":"4331c1f0_f17917b5","line":74,"range":{"start_line":74,"start_character":37,"end_line":74,"end_character":50},"in_reply_to":"f8246c26_e803346c","updated":"2021-04-06 13:45:13.000000000","message":"Barbican doesn\u0027t enforce unique name constraints.  I think there\u0027s an argument to be made that we probably should, but that\u0027s a topic for another day. 😊","commit_id":"1febf40838581d792c695e4f468fe4f0d6c517b8"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"122e9457ae22c81f2063ca161abc69aac37a3bc7","unresolved":true,"context_lines":[{"line_number":99,"context_line":"                                   \u0027mode\u0027: \u0027cbc\u0027,"},{"line_number":100,"context_line":"                               })"},{"line_number":101,"context_line":"        order_id \u003d self.ref_to_uuid(resp[\u0027order_ref\u0027])"},{"line_number":102,"context_line":"        resp \u003d self.do_request(\u0027get_order\u0027, order_id\u003dorder_id)"},{"line_number":103,"context_line":"        self.assertEqual(order_id, self.ref_to_uuid(resp[\u0027order_ref\u0027]))"},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"    def test_delete_order(self):"}],"source_content_type":"text/x-python","patch_set":2,"id":"4136a7b5_0a3e296b","line":102,"updated":"2021-04-05 18:25:31.000000000","message":"Is a use in one project allowed to view orders for another? I assume orders are scoped to projects (at least based on the last time we talked about this?)\n\nIf so, do we want to add a case here where we create an order owned by a separate project and then make sure the project-member here can\u0027t GET it?","commit_id":"1febf40838581d792c695e4f468fe4f0d6c517b8"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"13f13956bf8cc2ed3fec7cc9efb951a94a1f7485","unresolved":false,"context_lines":[{"line_number":99,"context_line":"                                   \u0027mode\u0027: \u0027cbc\u0027,"},{"line_number":100,"context_line":"                               })"},{"line_number":101,"context_line":"        order_id \u003d self.ref_to_uuid(resp[\u0027order_ref\u0027])"},{"line_number":102,"context_line":"        resp \u003d self.do_request(\u0027get_order\u0027, order_id\u003dorder_id)"},{"line_number":103,"context_line":"        self.assertEqual(order_id, self.ref_to_uuid(resp[\u0027order_ref\u0027]))"},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"    def test_delete_order(self):"}],"source_content_type":"text/x-python","patch_set":2,"id":"ea52fa07_ced13350","line":102,"in_reply_to":"4136a7b5_0a3e296b","updated":"2021-04-06 13:45:13.000000000","message":"Yep, all negative test are going to be in follow-up patches.  Trying to keep these small-ish for easier reviews.","commit_id":"1febf40838581d792c695e4f468fe4f0d6c517b8"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"122e9457ae22c81f2063ca161abc69aac37a3bc7","unresolved":true,"context_lines":[{"line_number":167,"context_line":"        )"},{"line_number":168,"context_line":"        order_id \u003d self.ref_to_uuid(resp[\u0027order_ref\u0027])"},{"line_number":169,"context_line":"        self.do_request(\u0027get_order\u0027, expected_status\u003dexceptions.Forbidden,"},{"line_number":170,"context_line":"                        order_id\u003dorder_id)"},{"line_number":171,"context_line":""},{"line_number":172,"context_line":"    def test_delete_order(self):"},{"line_number":173,"context_line":"        resp \u003d self.do_request("}],"source_content_type":"text/x-python","patch_set":2,"id":"5667abfd_a7de132b","line":170,"updated":"2021-04-05 18:25:31.000000000","message":"A project-reader should able to get order in their project, right? Or are we disallowing that for project-readers because orders are sensitive?","commit_id":"1febf40838581d792c695e4f468fe4f0d6c517b8"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"13f13956bf8cc2ed3fec7cc9efb951a94a1f7485","unresolved":false,"context_lines":[{"line_number":167,"context_line":"        )"},{"line_number":168,"context_line":"        order_id \u003d self.ref_to_uuid(resp[\u0027order_ref\u0027])"},{"line_number":169,"context_line":"        self.do_request(\u0027get_order\u0027, expected_status\u003dexceptions.Forbidden,"},{"line_number":170,"context_line":"                        order_id\u003dorder_id)"},{"line_number":171,"context_line":""},{"line_number":172,"context_line":"    def test_delete_order(self):"},{"line_number":173,"context_line":"        resp \u003d self.do_request("}],"source_content_type":"text/x-python","patch_set":2,"id":"8c65478b_bb258840","line":170,"in_reply_to":"5667abfd_a7de132b","updated":"2021-04-06 13:45:13.000000000","message":"I think we decided to not let readers read. 😜  Going with very few permissions for reader, which does not include orders.","commit_id":"1febf40838581d792c695e4f468fe4f0d6c517b8"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"122e9457ae22c81f2063ca161abc69aac37a3bc7","unresolved":true,"context_lines":[{"line_number":182,"context_line":"                \u0027mode\u0027: \u0027cbc\u0027,"},{"line_number":183,"context_line":"            })"},{"line_number":184,"context_line":"        order_id \u003d self.ref_to_uuid(resp[\u0027order_ref\u0027])"},{"line_number":185,"context_line":"        self.do_request(\u0027delete_order\u0027, expected_status\u003dexceptions.Forbidden,"},{"line_number":186,"context_line":"                        order_id\u003dorder_id)"}],"source_content_type":"text/x-python","patch_set":2,"id":"fca0f5bb_44547080","line":185,"range":{"start_line":185,"start_character":67,"end_line":185,"end_character":76},"updated":"2021-04-05 18:25:31.000000000","message":"We could add another assertion here that project-readers can\u0027t create orders for other project, too.","commit_id":"1febf40838581d792c695e4f468fe4f0d6c517b8"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"13f13956bf8cc2ed3fec7cc9efb951a94a1f7485","unresolved":false,"context_lines":[{"line_number":182,"context_line":"                \u0027mode\u0027: \u0027cbc\u0027,"},{"line_number":183,"context_line":"            })"},{"line_number":184,"context_line":"        order_id \u003d self.ref_to_uuid(resp[\u0027order_ref\u0027])"},{"line_number":185,"context_line":"        self.do_request(\u0027delete_order\u0027, expected_status\u003dexceptions.Forbidden,"},{"line_number":186,"context_line":"                        order_id\u003dorder_id)"}],"source_content_type":"text/x-python","patch_set":2,"id":"8db09335_e3596f13","line":185,"range":{"start_line":185,"start_character":67,"end_line":185,"end_character":76},"in_reply_to":"fca0f5bb_44547080","updated":"2021-04-06 13:45:13.000000000","message":"Ack, yeah, will do negative tests with all three personas.","commit_id":"1febf40838581d792c695e4f468fe4f0d6c517b8"}]}
