)]}'
{"barbican/common/policies/secretmeta.py":[{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"fe79526f830fe3123945260143b2a95a73acc3ec","unresolved":true,"context_lines":[{"line_number":37,"context_line":"    ),"},{"line_number":38,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":39,"context_line":"        name\u003d\u0027secret_meta:post\u0027,"},{"line_number":40,"context_line":"        check_str\u003d\u0027rule:secret_project_admin or \u0027 +"},{"line_number":41,"context_line":"                  \u0027rule:secret_project_creator or \u0027 +"},{"line_number":42,"context_line":"                  f\u0027{_MEMBER}\u0027,"},{"line_number":43,"context_line":"        scope_types\u003d[\u0027project\u0027],"}],"source_content_type":"text/x-python","patch_set":2,"id":"35baa803_21bb7227","line":40,"range":{"start_line":40,"start_character":19,"end_line":40,"end_character":48},"updated":"2021-10-08 16:45:39.000000000","message":"Per Ade, it would be good to allow legacy-\"member\" to add metadata to non-private secrets.","commit_id":"ecd7b8dcbc53bfe94d7e932b1e83b0b488ca6e9a"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"9650f3530865bde9b1fec9c511df5f3306d7455b","unresolved":false,"context_lines":[{"line_number":37,"context_line":"    ),"},{"line_number":38,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":39,"context_line":"        name\u003d\u0027secret_meta:post\u0027,"},{"line_number":40,"context_line":"        check_str\u003d\u0027rule:secret_project_admin or \u0027 +"},{"line_number":41,"context_line":"                  \u0027rule:secret_project_creator or \u0027 +"},{"line_number":42,"context_line":"                  f\u0027{_MEMBER}\u0027,"},{"line_number":43,"context_line":"        scope_types\u003d[\u0027project\u0027],"}],"source_content_type":"text/x-python","patch_set":2,"id":"31dda50b_56d877f4","line":40,"range":{"start_line":40,"start_character":19,"end_line":40,"end_character":48},"in_reply_to":"35baa803_21bb7227","updated":"2021-10-11 17:12:06.000000000","message":"Done","commit_id":"ecd7b8dcbc53bfe94d7e932b1e83b0b488ca6e9a"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"fe79526f830fe3123945260143b2a95a73acc3ec","unresolved":true,"context_lines":[{"line_number":52,"context_line":"    ),"},{"line_number":53,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":54,"context_line":"        name\u003d\u0027secret_meta:put\u0027,"},{"line_number":55,"context_line":"        check_str\u003d\u0027rule:secret_project_admin or \u0027 +"},{"line_number":56,"context_line":"                  \u0027rule:secret_project_creator or \u0027 +"},{"line_number":57,"context_line":"                  f\u0027{_MEMBER}\u0027,"},{"line_number":58,"context_line":"        scope_types\u003d[\u0027project\u0027],"}],"source_content_type":"text/x-python","patch_set":2,"id":"8d24f2de_de5e65a2","line":55,"range":{"start_line":55,"start_character":19,"end_line":55,"end_character":48},"updated":"2021-10-08 16:45:39.000000000","message":"Same as above.","commit_id":"ecd7b8dcbc53bfe94d7e932b1e83b0b488ca6e9a"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"9650f3530865bde9b1fec9c511df5f3306d7455b","unresolved":false,"context_lines":[{"line_number":52,"context_line":"    ),"},{"line_number":53,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":54,"context_line":"        name\u003d\u0027secret_meta:put\u0027,"},{"line_number":55,"context_line":"        check_str\u003d\u0027rule:secret_project_admin or \u0027 +"},{"line_number":56,"context_line":"                  \u0027rule:secret_project_creator or \u0027 +"},{"line_number":57,"context_line":"                  f\u0027{_MEMBER}\u0027,"},{"line_number":58,"context_line":"        scope_types\u003d[\u0027project\u0027],"}],"source_content_type":"text/x-python","patch_set":2,"id":"27273019_359b32c5","line":55,"range":{"start_line":55,"start_character":19,"end_line":55,"end_character":48},"in_reply_to":"8d24f2de_de5e65a2","updated":"2021-10-11 17:12:06.000000000","message":"Done","commit_id":"ecd7b8dcbc53bfe94d7e932b1e83b0b488ca6e9a"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"fe79526f830fe3123945260143b2a95a73acc3ec","unresolved":true,"context_lines":[{"line_number":72,"context_line":"    ),"},{"line_number":73,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":74,"context_line":"        name\u003d\u0027secret_meta:delete\u0027,"},{"line_number":75,"context_line":"        check_str\u003d\u0027rule:secret_project_admin or \u0027 +"},{"line_number":76,"context_line":"                  \u0027rule:secret_project_creator or \u0027 +"},{"line_number":77,"context_line":"                  f\u0027{_MEMBER}\u0027,"},{"line_number":78,"context_line":"        scope_types\u003d[\u0027project\u0027],"}],"source_content_type":"text/x-python","patch_set":2,"id":"5c1c77fd_f8c5b74c","line":75,"range":{"start_line":75,"start_character":19,"end_line":75,"end_character":48},"updated":"2021-10-08 16:45:39.000000000","message":"Same as above.","commit_id":"ecd7b8dcbc53bfe94d7e932b1e83b0b488ca6e9a"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"9650f3530865bde9b1fec9c511df5f3306d7455b","unresolved":false,"context_lines":[{"line_number":72,"context_line":"    ),"},{"line_number":73,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":74,"context_line":"        name\u003d\u0027secret_meta:delete\u0027,"},{"line_number":75,"context_line":"        check_str\u003d\u0027rule:secret_project_admin or \u0027 +"},{"line_number":76,"context_line":"                  \u0027rule:secret_project_creator or \u0027 +"},{"line_number":77,"context_line":"                  f\u0027{_MEMBER}\u0027,"},{"line_number":78,"context_line":"        scope_types\u003d[\u0027project\u0027],"}],"source_content_type":"text/x-python","patch_set":2,"id":"e235946b_14219637","line":75,"range":{"start_line":75,"start_character":19,"end_line":75,"end_character":48},"in_reply_to":"5c1c77fd_f8c5b74c","updated":"2021-10-11 17:12:06.000000000","message":"Done","commit_id":"ecd7b8dcbc53bfe94d7e932b1e83b0b488ca6e9a"},{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"80d4e9bbec543823e82bd506312860e9e8c8c57a","unresolved":true,"context_lines":[{"line_number":39,"context_line":"        name\u003d\u0027secret_meta:post\u0027,"},{"line_number":40,"context_line":"        check_str\u003d\u0027rule:secret_project_admin or \u0027 +"},{"line_number":41,"context_line":"                  \u0027(rule:secret_project_creator_role and \u0027 +"},{"line_number":42,"context_line":"                  f\u0027rule:secret_non_private_read) or {_MEMBER}\u0027,"},{"line_number":43,"context_line":"        scope_types\u003d[\u0027project\u0027],"},{"line_number":44,"context_line":"        description\u003d\u0027Adds a new key/value pair to the secrets user-defined \u0027 +"},{"line_number":45,"context_line":"                    \u0027metadata.\u0027,"}],"source_content_type":"text/x-python","patch_set":3,"id":"0a1da6e3_00fc0d3e","line":42,"updated":"2021-10-11 19:18:11.000000000","message":"don\u0027t you need rule:secret_project_creator too?  That is, if I read this correctly - if someone creates a private secret, then they will not be able to add/modify that secret.\n\nSo, something like:\nrule:secret_project_admin or \u0027 +\nrule:secret_project_creator or \u0027 +\n\u0027(rule:secret_project_creator_role and \u0027 +\nf\u0027rule:secret_non_private_read) or  ...\n\nDo we even test private secrets in our metadata tests?","commit_id":"ed08364dd5b8bdef85ef4a32b6794a794d5a3e91"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"13cd23ca04bf2b43b168b027dd0386fc46f673fb","unresolved":false,"context_lines":[{"line_number":39,"context_line":"        name\u003d\u0027secret_meta:post\u0027,"},{"line_number":40,"context_line":"        check_str\u003d\u0027rule:secret_project_admin or \u0027 +"},{"line_number":41,"context_line":"                  \u0027(rule:secret_project_creator_role and \u0027 +"},{"line_number":42,"context_line":"                  f\u0027rule:secret_non_private_read) or {_MEMBER}\u0027,"},{"line_number":43,"context_line":"        scope_types\u003d[\u0027project\u0027],"},{"line_number":44,"context_line":"        description\u003d\u0027Adds a new key/value pair to the secrets user-defined \u0027 +"},{"line_number":45,"context_line":"                    \u0027metadata.\u0027,"}],"source_content_type":"text/x-python","patch_set":3,"id":"8522ab28_1cef5517","line":42,"in_reply_to":"0a1da6e3_00fc0d3e","updated":"2021-10-11 21:00:34.000000000","message":"Added rule:secret_project_admin back in.  And yeah, our functional tests for private secrets are not very good.  That last patch should\u0027ve failed.","commit_id":"ed08364dd5b8bdef85ef4a32b6794a794d5a3e91"}]}