)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":8866,"name":"Raildo Mascena de Sousa Filho","email":"rmascena@redhat.com","username":"raildo"},"change_message_id":"b8b77915b33c938d55cbd85ae91e7ac6dda1536f","unresolved":true,"context_lines":[{"line_number":4,"context_line":"Commit:     Nayara \u003cnayarasps10@gmail.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2020-10-14 15:34:06 -0300"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"[WIP]Barbican new default roles"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"As part of the Cross project effort on OpenStack"},{"line_number":10,"context_line":"we\u0027re defining the new default roles admin, member and reader"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":5,"id":"b26d568c_e97d40f1","line":7,"updated":"2020-12-08 13:26:21.000000000","message":"I believe that you can remove the [WIP] tag on the next patch set.","commit_id":"ab9690c1aebe37163daf9b9d3773224a086a5e8c"}],"barbican/common/policies/base.py":[{"author":{"_account_id":8866,"name":"Raildo Mascena de Sousa Filho","email":"rmascena@redhat.com","username":"raildo"},"change_message_id":"84cc20858c57d84c051a5a83d1145a292f22df42","unresolved":false,"context_lines":[{"line_number":11,"context_line":"#  under the License."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"from oslo_policy import policy"},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"PROJECT_READER_OR_SYSTEM_READER \u003d \u0027rule:system_or_project_reader\u0027"},{"line_number":16,"context_line":"PROJECT_ADMIN_OR_SYSTEM_ADMIN \u003d \u0027rule:system_or_project_admin\u0027"},{"line_number":17,"context_line":"SYSTEM_ADMIN \u003d \u0027rule:system_admin_api\u0027"}],"source_content_type":"text/x-python","patch_set":2,"id":"9f560f44_8b557421","line":14,"updated":"2020-09-30 20:48:58.000000000","message":"I believe that you can split these changes on policies/base.py in a single commit so the other APIs changes can be depending on these new roles creation","commit_id":"c686ab1c204a96b16a98eaa93d4ad1aa06520b36"},{"author":{"_account_id":8866,"name":"Raildo Mascena de Sousa Filho","email":"rmascena@redhat.com","username":"raildo"},"change_message_id":"84cc20858c57d84c051a5a83d1145a292f22df42","unresolved":false,"context_lines":[{"line_number":12,"context_line":""},{"line_number":13,"context_line":"from oslo_policy import policy"},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"PROJECT_READER_OR_SYSTEM_READER \u003d \u0027rule:system_or_project_reader\u0027"},{"line_number":16,"context_line":"PROJECT_ADMIN_OR_SYSTEM_ADMIN \u003d \u0027rule:system_or_project_admin\u0027"},{"line_number":17,"context_line":"SYSTEM_ADMIN \u003d \u0027rule:system_admin_api\u0027"},{"line_number":18,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"9f560f44_e66d4704","line":15,"updated":"2020-09-30 20:48:58.000000000","message":"I like this kind of","commit_id":"c686ab1c204a96b16a98eaa93d4ad1aa06520b36"},{"author":{"_account_id":8866,"name":"Raildo Mascena de Sousa Filho","email":"rmascena@redhat.com","username":"raildo"},"change_message_id":"629060d38bdcae31d28b0752d2aa816fbcf435f4","unresolved":false,"context_lines":[{"line_number":41,"context_line":"        description\u003d\u0027Default role for member.\u0027),"},{"line_number":42,"context_line":"    # Rules Reader"},{"line_number":43,"context_line":"    policy.RuleDefault("},{"line_number":44,"context_line":"        name\u003d\u0027project_reader_api\u0027,"},{"line_number":45,"context_line":"        check_str\u003d\u0027rule:reader and rule:member and \u0027 +"},{"line_number":46,"context_line":"                  \u0027rule:admin and project_id:%(target.secret.project_id)s\u0027,"},{"line_number":47,"context_line":"        description\u003d\u0027Default rule for Project level read only APIs.\u0027),"}],"source_content_type":"text/x-python","patch_set":3,"id":"9f560f44_04561706","line":44,"updated":"2020-10-07 18:51:51.000000000","message":"same comment as below","commit_id":"04563d15235a8b7dc6aee3fb901f1b2143bae78c"},{"author":{"_account_id":8866,"name":"Raildo Mascena de Sousa Filho","email":"rmascena@redhat.com","username":"raildo"},"change_message_id":"629060d38bdcae31d28b0752d2aa816fbcf435f4","unresolved":false,"context_lines":[{"line_number":47,"context_line":"        description\u003d\u0027Default rule for Project level read only APIs.\u0027),"},{"line_number":48,"context_line":"    policy.RuleDefault("},{"line_number":49,"context_line":"        name\u003d\u0027system_reader_api\u0027,"},{"line_number":50,"context_line":"        check_str\u003d\u0027rule:reader and rule:member and \u0027 +"},{"line_number":51,"context_line":"                  \u0027rule:admin and system_scope:all\u0027,"},{"line_number":52,"context_line":"        description\u003d\u0027Default rule for System level read only APIs.\u0027),"},{"line_number":53,"context_line":"    policy.RuleDefault("}],"source_content_type":"text/x-python","patch_set":3,"id":"9f560f44_a42f6b87","line":50,"updated":"2020-10-07 18:51:51.000000000","message":"This rule name sounds a bit odd to me. When I read system reader API, I would guess that would be a user with a reader role using system scope, but the rule definition has also and member and admin roles included.","commit_id":"04563d15235a8b7dc6aee3fb901f1b2143bae78c"},{"author":{"_account_id":8866,"name":"Raildo Mascena de Sousa Filho","email":"rmascena@redhat.com","username":"raildo"},"change_message_id":"629060d38bdcae31d28b0752d2aa816fbcf435f4","unresolved":false,"context_lines":[{"line_number":56,"context_line":"        description\u003d\u0027Default rule for System and Project read only APIs.\u0027),"},{"line_number":57,"context_line":"    # Rules Member"},{"line_number":58,"context_line":"    policy.RuleDefault("},{"line_number":59,"context_line":"        name\u003d\u0027project_member_api\u0027,"},{"line_number":60,"context_line":"        check_str\u003d\u0027rule:member and \u0027 +"},{"line_number":61,"context_line":"                  \u0027rule:admin and project_id:%(target.secret.project_id)s\u0027,"},{"line_number":62,"context_line":"        description\u003d\u0027Default rule for Project level Member APIs.\u0027),"}],"source_content_type":"text/x-python","patch_set":3,"id":"9f560f44_246a3bb4","line":59,"updated":"2020-10-07 18:51:51.000000000","message":"I think that we need to better split this rule definition between the roles to not create misunderstanding between rules and the roles used inside of it.","commit_id":"04563d15235a8b7dc6aee3fb901f1b2143bae78c"},{"author":{"_account_id":8866,"name":"Raildo Mascena de Sousa Filho","email":"rmascena@redhat.com","username":"raildo"},"change_message_id":"b8b77915b33c938d55cbd85ae91e7ac6dda1536f","unresolved":true,"context_lines":[{"line_number":26,"context_line":"SYSTEM_READER_OR_PROJECT_READER \u003d \u0027rule:system_or_project_reader\u0027"},{"line_number":27,"context_line":"SYSTEM_READER_OR_PROJECT_MEMBER \u003d \u0027rule:system_or_project_member\u0027"},{"line_number":28,"context_line":"SYSTEM_ADMIN_OR_PROJECT_ADMIN \u003d \u0027rule:system_or_project_admin\u0027"},{"line_number":29,"context_line":"SYSTEM_OR_PROJECT_ALL_RULES \u003d \u0027system_or_project_all_rules\u0027"},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"rules \u003d ["},{"line_number":32,"context_line":"    # New Rules and Roles"}],"source_content_type":"text/x-python","patch_set":5,"id":"45f6e77f_95190a0b","line":29,"updated":"2020-12-08 13:26:21.000000000","message":"shouldn\u0027t this be \u0027rule:system_or_project_all_rules\u0027?","commit_id":"ab9690c1aebe37163daf9b9d3773224a086a5e8c"},{"author":{"_account_id":8866,"name":"Raildo Mascena de Sousa Filho","email":"rmascena@redhat.com","username":"raildo"},"change_message_id":"4da5bbc6169be06d4a459b292740e34576a6cd26","unresolved":false,"context_lines":[{"line_number":26,"context_line":"SYSTEM_READER_OR_PROJECT_READER \u003d \u0027rule:system_or_project_reader\u0027"},{"line_number":27,"context_line":"SYSTEM_READER_OR_PROJECT_MEMBER \u003d \u0027rule:system_or_project_member\u0027"},{"line_number":28,"context_line":"SYSTEM_ADMIN_OR_PROJECT_ADMIN \u003d \u0027rule:system_or_project_admin\u0027"},{"line_number":29,"context_line":"SYSTEM_OR_PROJECT_ALL_RULES \u003d \u0027system_or_project_all_rules\u0027"},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"rules \u003d ["},{"line_number":32,"context_line":"    # New Rules and Roles"}],"source_content_type":"text/x-python","patch_set":5,"id":"57d9df0f_6b78bc5c","line":29,"in_reply_to":"45f6e77f_95190a0b","updated":"2021-01-18 14:48:13.000000000","message":"Done","commit_id":"ab9690c1aebe37163daf9b9d3773224a086a5e8c"},{"author":{"_account_id":8866,"name":"Raildo Mascena de Sousa Filho","email":"rmascena@redhat.com","username":"raildo"},"change_message_id":"a374a7dc956988a3ddc4b411cce9b74f36b1022e","unresolved":false,"context_lines":[{"line_number":48,"context_line":"        description\u003d\u0027Default role for admin or member\u0027),"},{"line_number":49,"context_line":"    policy.RuleDefault("},{"line_number":50,"context_line":"        name\u003d\u0027all_roles\u0027,"},{"line_number":51,"context_line":"        check_str\u003d\u0027rule:admin or rule:reader or rule:member\u0027,"},{"line_number":52,"context_line":"        description\u003d\u0027Default rule for all roles.\u0027),"},{"line_number":53,"context_line":"    # Rules with secret project id check"},{"line_number":54,"context_line":"    policy.RuleDefault("}],"source_content_type":"text/x-python","patch_set":10,"id":"1f621f24_3434ee49","line":51,"updated":"2020-11-12 13:09:02.000000000","message":"I\u0027m not sure if we want to drop the support for the observer and creator roles already. So we may want to include these roles on the all_roles checks. (check line 112 on this file) @dmendiza any thoughts on this?","commit_id":"8fe33344648c2400ecda55d331c0225fe89854b2"},{"author":{"_account_id":8866,"name":"Raildo Mascena de Sousa Filho","email":"rmascena@redhat.com","username":"raildo"},"change_message_id":"9a908f0bfdf329d857292b72a6d8a8ef8f88d9c3","unresolved":true,"context_lines":[{"line_number":13,"context_line":"from oslo_policy import policy"},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"rules \u003d ["},{"line_number":16,"context_line":"    # New Rules"},{"line_number":17,"context_line":"    policy.RuleDefault("},{"line_number":18,"context_line":"        name\u003d\u0027admin\u0027,"},{"line_number":19,"context_line":"        check_str\u003d\u0027role:admin\u0027),"}],"source_content_type":"text/x-python","patch_set":18,"id":"9b5917b1_c72f0646","line":16,"updated":"2021-01-28 21:32:41.000000000","message":"I don\u0027t think this right, we should be creating here something like https://github.com/openstack/cinder/blob/master/cinder/policies/base.py#L21-L26","commit_id":"ada2d56d224fced47beb17f5e4525b77dc6257cb"},{"author":{"_account_id":8866,"name":"Raildo Mascena de Sousa Filho","email":"rmascena@redhat.com","username":"raildo"},"change_message_id":"4cce9a19a310a5c65547dc011e7bb28c6c05ce45","unresolved":true,"context_lines":[{"line_number":13,"context_line":"from oslo_policy import policy"},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"rules \u003d ["},{"line_number":16,"context_line":"    # New Rules"},{"line_number":17,"context_line":"    policy.RuleDefault("},{"line_number":18,"context_line":"        name\u003d\u0027admin\u0027,"},{"line_number":19,"context_line":"        check_str\u003d\u0027role:admin\u0027),"}],"source_content_type":"text/x-python","patch_set":18,"id":"e412670e_e2ce41b7","line":16,"in_reply_to":"9b5917b1_c72f0646","updated":"2021-01-28 21:33:37.000000000","message":"Creating the System_Member, System_admin, Project_member and Project_admin personas","commit_id":"ada2d56d224fced47beb17f5e4525b77dc6257cb"}],"barbican/common/policies/transportkeys.py":[{"author":{"_account_id":8866,"name":"Raildo Mascena de Sousa Filho","email":"rmascena@redhat.com","username":"raildo"},"change_message_id":"84cc20858c57d84c051a5a83d1145a292f22df42","unresolved":false,"context_lines":[{"line_number":11,"context_line":"#  under the License."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"from barbican.common.policies import base"},{"line_number":14,"context_line":"from oslo_policy import policy"},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"rules \u003d ["},{"line_number":17,"context_line":"    policy.DocumentedRuleDefault("}],"source_content_type":"text/x-python","patch_set":2,"id":"9f560f44_2b1d4877","line":14,"updated":"2020-09-30 20:48:58.000000000","message":"Move this file for a new commit depending on this one, so we can merge the basic roles first and having multiple APIs policy changes depending on it","commit_id":"c686ab1c204a96b16a98eaa93d4ad1aa06520b36"}],"releasenotes/source/locale/en_GB/LC_MESSAGES/releasenotes.po":[{"author":{"_account_id":8866,"name":"Raildo Mascena de Sousa Filho","email":"rmascena@redhat.com","username":"raildo"},"change_message_id":"629060d38bdcae31d28b0752d2aa816fbcf435f4","unresolved":false,"context_lines":[{"line_number":31,"context_line":""},{"line_number":32,"context_line":"msgid \"10.0.0\""},{"line_number":33,"context_line":"msgstr \"10.0.0\""},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"msgid \"11.0.0.0rc1\""},{"line_number":36,"context_line":"msgstr \"11.0.0.0rc1\""},{"line_number":37,"context_line":""}],"source_content_type":"application/octet-stream","patch_set":3,"id":"9f560f44_440daf33","line":34,"updated":"2020-10-07 18:51:51.000000000","message":"Unrelated changes on this file?","commit_id":"04563d15235a8b7dc6aee3fb901f1b2143bae78c"}]}