)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"03feaa44bd551c2cb5c4c527942fa7d778272d51","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":8,"id":"8d12b80c_4d76d678","updated":"2021-11-12 20:58:00.000000000","message":"remove rule:admin from consumers:post and consumers:delete\n\n","commit_id":"a08d9724c4958f03495a2cfce07f5c3ed47cd233"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"267f2712e36b5c21de9456d291e36d36d0126d0f","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":8,"id":"918392bf_7f3887ed","in_reply_to":"8d12b80c_4d76d678","updated":"2021-11-12 22:04:17.000000000","message":"Done","commit_id":"a08d9724c4958f03495a2cfce07f5c3ed47cd233"},{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"1846b688fb09a7847794021db4e6d5a486fe94cc","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"21739d0e_d9564e93","updated":"2021-12-01 22:12:58.000000000","message":"Looks good in general.","commit_id":"afda93c668ff075034fc784c2e19c81367ba369f"},{"author":{"_account_id":7414,"name":"David Wilde","email":"dwilde@redhat.com","username":"d34dh0r53"},"change_message_id":"297a5ff3c033a77ddc30b62f83c2dce59df88a0d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"50b0db71_0dda8124","updated":"2021-11-18 17:22:33.000000000","message":"Looks good to me","commit_id":"afda93c668ff075034fc784c2e19c81367ba369f"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"8e1a0e3987e358addc1817d22a4516d73ae2a905","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"35765c4c_4f18b1cb","updated":"2021-11-18 00:43:11.000000000","message":"recheck - octavia error","commit_id":"afda93c668ff075034fc784c2e19c81367ba369f"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"75ea82ba587c2c07de7bc0b4617e37e0e48ba707","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"9c7470c0_454ba49d","updated":"2021-11-29 15:57:21.000000000","message":"recheck - octavia fixed","commit_id":"afda93c668ff075034fc784c2e19c81367ba369f"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"4a51a5bce0c7890d07467268fa6dcc042dc4d76b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":12,"id":"188de1a6_f9c04b7a","updated":"2021-12-08 20:05:31.000000000","message":"WIP - removing the hard-coded project_id check","commit_id":"700e7ab0451fbbae82d2abbf29e71ab55f28a855"},{"author":{"_account_id":7414,"name":"David Wilde","email":"dwilde@redhat.com","username":"d34dh0r53"},"change_message_id":"b1d79b86d72c47f92a2fd01ecc7159c99303cc1b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":13,"id":"8fed7b77_aa578d7e","updated":"2022-01-31 17:46:22.000000000","message":"LGTM","commit_id":"0392eec95be003d15dfba857a86b5e3a886f0795"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"b4fd7489e2354f0d74c93e8e9590d701787c1d82","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":14,"id":"3f2e984b_da0ed86b","updated":"2022-02-03 23:24:12.000000000","message":"@afariasa, I\u0027ve reworked the patch to remove the two extra mixin classes and just provide a default implementation in the ACLMixin.","commit_id":"1bf418ce98b47541d8fe422c11a8f13274610ffa"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"871b902f27cb1834bd08de513739ab14a72c18c1","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":14,"id":"fef36018_a18c37d1","updated":"2022-02-04 15:33:09.000000000","message":"recheck - timeout\n","commit_id":"1bf418ce98b47541d8fe422c11a8f13274610ffa"}],"barbican/api/controllers/__init__.py":[{"author":{"_account_id":34120,"name":"Andre Aranha","display_name":"afariasa","email":"afariasa@redhat.com","username":"afariasa"},"change_message_id":"cebfe45cb77566e223c4da143033e5391411e389","unresolved":true,"context_lines":[{"line_number":250,"context_line":""},{"line_number":251,"context_line":"class ContainerACLMixin(ACLMixin):"},{"line_number":252,"context_line":""},{"line_number":253,"context_line":"    def get_acl_tuple(self, req, **kwargs):"},{"line_number":254,"context_line":"        acl \u003d self.get_acl_dict_for_user(req, self.container.container_acls)"},{"line_number":255,"context_line":"        acl[\u0027project_id\u0027] \u003d self.container.project.external_id"},{"line_number":256,"context_line":"        acl[\u0027creator_id\u0027] \u003d self.container.creator_id"}],"source_content_type":"text/x-python","patch_set":13,"id":"cae7d618_9d770436","line":253,"updated":"2022-02-01 14:03:37.000000000","message":"I think we can extract some of this code and implement on the super class, since it\u0027s really similar to SecretACLMixin method.","commit_id":"0392eec95be003d15dfba857a86b5e3a886f0795"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"b4fd7489e2354f0d74c93e8e9590d701787c1d82","unresolved":false,"context_lines":[{"line_number":250,"context_line":""},{"line_number":251,"context_line":"class ContainerACLMixin(ACLMixin):"},{"line_number":252,"context_line":""},{"line_number":253,"context_line":"    def get_acl_tuple(self, req, **kwargs):"},{"line_number":254,"context_line":"        acl \u003d self.get_acl_dict_for_user(req, self.container.container_acls)"},{"line_number":255,"context_line":"        acl[\u0027project_id\u0027] \u003d self.container.project.external_id"},{"line_number":256,"context_line":"        acl[\u0027creator_id\u0027] \u003d self.container.creator_id"}],"source_content_type":"text/x-python","patch_set":13,"id":"e2ecfe58_7c29b98c","line":253,"in_reply_to":"cae7d618_9d770436","updated":"2022-02-03 23:24:12.000000000","message":"Done","commit_id":"0392eec95be003d15dfba857a86b5e3a886f0795"},{"author":{"_account_id":34120,"name":"Andre Aranha","display_name":"afariasa","email":"afariasa@redhat.com","username":"afariasa"},"change_message_id":"cebfe45cb77566e223c4da143033e5391411e389","unresolved":true,"context_lines":[{"line_number":251,"context_line":"class ContainerACLMixin(ACLMixin):"},{"line_number":252,"context_line":""},{"line_number":253,"context_line":"    def get_acl_tuple(self, req, **kwargs):"},{"line_number":254,"context_line":"        acl \u003d self.get_acl_dict_for_user(req, self.container.container_acls)"},{"line_number":255,"context_line":"        acl[\u0027project_id\u0027] \u003d self.container.project.external_id"},{"line_number":256,"context_line":"        acl[\u0027creator_id\u0027] \u003d self.container.creator_id"},{"line_number":257,"context_line":"        return \u0027container\u0027, acl"}],"source_content_type":"text/x-python","patch_set":13,"id":"d3805373_3b130e52","line":254,"updated":"2022-02-01 14:03:37.000000000","message":"`self.container` is declared on the class that\u0027ll implement this.\nFor readability, I suggest to declare it on the constructor (mostly likely the super class constructor)","commit_id":"0392eec95be003d15dfba857a86b5e3a886f0795"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"b4fd7489e2354f0d74c93e8e9590d701787c1d82","unresolved":false,"context_lines":[{"line_number":251,"context_line":"class ContainerACLMixin(ACLMixin):"},{"line_number":252,"context_line":""},{"line_number":253,"context_line":"    def get_acl_tuple(self, req, **kwargs):"},{"line_number":254,"context_line":"        acl \u003d self.get_acl_dict_for_user(req, self.container.container_acls)"},{"line_number":255,"context_line":"        acl[\u0027project_id\u0027] \u003d self.container.project.external_id"},{"line_number":256,"context_line":"        acl[\u0027creator_id\u0027] \u003d self.container.creator_id"},{"line_number":257,"context_line":"        return \u0027container\u0027, acl"}],"source_content_type":"text/x-python","patch_set":13,"id":"43262859_3141e8df","line":254,"in_reply_to":"d3805373_3b130e52","updated":"2022-02-03 23:24:12.000000000","message":"Done","commit_id":"0392eec95be003d15dfba857a86b5e3a886f0795"}],"barbican/common/policies/consumers.py":[{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"821d43082475a89011411c6a2cfc4397f421985f","unresolved":true,"context_lines":[{"line_number":107,"context_line":"        check_str\u003d\u0027rule:secret_non_private_read or \u0027 +"},{"line_number":108,"context_line":"                  \u0027rule:secret_project_creator or \u0027 +"},{"line_number":109,"context_line":"                  \u0027rule:secret_project_admin or rule:secret_acl_read \u0027 +"},{"line_number":110,"context_line":"                  f\" or {_CONTAINER_ACCESS} or {_CONTAINER_ADMIN} or \" +"},{"line_number":111,"context_line":"                  f\"{_SYSTEM_ADMIN}\","},{"line_number":112,"context_line":"        scope_types\u003d[\u0027project\u0027, \u0027system\u0027],"},{"line_number":113,"context_line":"        description\u003d\u0027List a containers consumers.\u0027,"}],"source_content_type":"text/x-python","patch_set":14,"id":"3a4690c0_946088f8","line":110,"range":{"start_line":110,"start_character":16,"end_line":110,"end_character":72},"updated":"2022-02-07 22:05:23.000000000","message":"{_SECRET_ACCESS} or {_SECRET_ADMIN} ??\n\nSo why did this not get caught by the tests?","commit_id":"1bf418ce98b47541d8fe422c11a8f13274610ffa"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"c1eebe2acb03a4d054da2a6973683fa678777425","unresolved":true,"context_lines":[{"line_number":107,"context_line":"        check_str\u003d\u0027rule:secret_non_private_read or \u0027 +"},{"line_number":108,"context_line":"                  \u0027rule:secret_project_creator or \u0027 +"},{"line_number":109,"context_line":"                  \u0027rule:secret_project_admin or rule:secret_acl_read \u0027 +"},{"line_number":110,"context_line":"                  f\" or {_CONTAINER_ACCESS} or {_CONTAINER_ADMIN} or \" +"},{"line_number":111,"context_line":"                  f\"{_SYSTEM_ADMIN}\","},{"line_number":112,"context_line":"        scope_types\u003d[\u0027project\u0027, \u0027system\u0027],"},{"line_number":113,"context_line":"        description\u003d\u0027List a containers consumers.\u0027,"}],"source_content_type":"text/x-python","patch_set":14,"id":"fe80b6ab_454702e6","line":110,"range":{"start_line":110,"start_character":16,"end_line":110,"end_character":72},"in_reply_to":"3a4690c0_946088f8","updated":"2022-02-07 22:14:21.000000000","message":"You\u0027re right, this should be s/SECRET/CONTAINER.\n\nThis did not get caught by the test because there are no tests because this API is not active.  Recall that we reverted all changes made by Moisés where the Secret Consumers API was implemented.\n\nXek is currently working on implementing microversions and eventually re-enabling this API.  After the API is working again we should be able to write tests for it.","commit_id":"1bf418ce98b47541d8fe422c11a8f13274610ffa"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"c33c404a2ecc853cf6873f1ffff052f3d93dc71e","unresolved":false,"context_lines":[{"line_number":107,"context_line":"        check_str\u003d\u0027rule:secret_non_private_read or \u0027 +"},{"line_number":108,"context_line":"                  \u0027rule:secret_project_creator or \u0027 +"},{"line_number":109,"context_line":"                  \u0027rule:secret_project_admin or rule:secret_acl_read \u0027 +"},{"line_number":110,"context_line":"                  f\" or {_CONTAINER_ACCESS} or {_CONTAINER_ADMIN} or \" +"},{"line_number":111,"context_line":"                  f\"{_SYSTEM_ADMIN}\","},{"line_number":112,"context_line":"        scope_types\u003d[\u0027project\u0027, \u0027system\u0027],"},{"line_number":113,"context_line":"        description\u003d\u0027List a containers consumers.\u0027,"}],"source_content_type":"text/x-python","patch_set":14,"id":"e4493931_6e7b74fa","line":110,"range":{"start_line":110,"start_character":16,"end_line":110,"end_character":72},"in_reply_to":"fe80b6ab_454702e6","updated":"2022-02-07 22:21:55.000000000","message":"Done","commit_id":"1bf418ce98b47541d8fe422c11a8f13274610ffa"},{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"821d43082475a89011411c6a2cfc4397f421985f","unresolved":true,"context_lines":[{"line_number":110,"context_line":"                  f\" or {_CONTAINER_ACCESS} or {_CONTAINER_ADMIN} or \" +"},{"line_number":111,"context_line":"                  f\"{_SYSTEM_ADMIN}\","},{"line_number":112,"context_line":"        scope_types\u003d[\u0027project\u0027, \u0027system\u0027],"},{"line_number":113,"context_line":"        description\u003d\u0027List a containers consumers.\u0027,"},{"line_number":114,"context_line":"        operations\u003d["},{"line_number":115,"context_line":"            {"},{"line_number":116,"context_line":"                \u0027path\u0027: \u0027/v1/secrets/{secret-id}/consumers\u0027,"}],"source_content_type":"text/x-python","patch_set":14,"id":"b9d40470_867bbcc0","line":113,"range":{"start_line":113,"start_character":28,"end_line":113,"end_character":39},"updated":"2022-02-07 22:05:23.000000000","message":"secrets","commit_id":"1bf418ce98b47541d8fe422c11a8f13274610ffa"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"c33c404a2ecc853cf6873f1ffff052f3d93dc71e","unresolved":false,"context_lines":[{"line_number":110,"context_line":"                  f\" or {_CONTAINER_ACCESS} or {_CONTAINER_ADMIN} or \" +"},{"line_number":111,"context_line":"                  f\"{_SYSTEM_ADMIN}\","},{"line_number":112,"context_line":"        scope_types\u003d[\u0027project\u0027, \u0027system\u0027],"},{"line_number":113,"context_line":"        description\u003d\u0027List a containers consumers.\u0027,"},{"line_number":114,"context_line":"        operations\u003d["},{"line_number":115,"context_line":"            {"},{"line_number":116,"context_line":"                \u0027path\u0027: \u0027/v1/secrets/{secret-id}/consumers\u0027,"}],"source_content_type":"text/x-python","patch_set":14,"id":"08e77f80_d16950d0","line":113,"range":{"start_line":113,"start_character":28,"end_line":113,"end_character":39},"in_reply_to":"b9d40470_867bbcc0","updated":"2022-02-07 22:21:55.000000000","message":"Done","commit_id":"1bf418ce98b47541d8fe422c11a8f13274610ffa"}],"functionaltests/api/v1/functional/test_acls.py":[{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"03feaa44bd551c2cb5c4c527942fa7d778272d51","unresolved":true,"context_lines":[{"line_number":297,"context_line":"        self.assertEqual(expected_return, resp.status_code)"},{"line_number":298,"context_line":""},{"line_number":299,"context_line":"    @utils.parameterized_dataset(test_data_create_container_consumer_acl_only)"},{"line_number":300,"context_line":"    def gest_container_acl_create_consumer(self, user, expected_return):"},{"line_number":301,"context_line":"        \"\"\"Acl access will not allow you to add a consumer\"\"\""},{"line_number":302,"context_line":"        container_ref \u003d self.store_container(user_name\u003dcreator_a,"},{"line_number":303,"context_line":"                                             admin\u003dadmin_a)"}],"source_content_type":"text/x-python","patch_set":8,"id":"5fa8e742_264965c1","line":300,"range":{"start_line":300,"start_character":8,"end_line":300,"end_character":9},"updated":"2021-11-12 20:58:00.000000000","message":"s/g/t/","commit_id":"a08d9724c4958f03495a2cfce07f5c3ed47cd233"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"267f2712e36b5c21de9456d291e36d36d0126d0f","unresolved":false,"context_lines":[{"line_number":297,"context_line":"        self.assertEqual(expected_return, resp.status_code)"},{"line_number":298,"context_line":""},{"line_number":299,"context_line":"    @utils.parameterized_dataset(test_data_create_container_consumer_acl_only)"},{"line_number":300,"context_line":"    def gest_container_acl_create_consumer(self, user, expected_return):"},{"line_number":301,"context_line":"        \"\"\"Acl access will not allow you to add a consumer\"\"\""},{"line_number":302,"context_line":"        container_ref \u003d self.store_container(user_name\u003dcreator_a,"},{"line_number":303,"context_line":"                                             admin\u003dadmin_a)"}],"source_content_type":"text/x-python","patch_set":8,"id":"3175806e_dcde8270","line":300,"range":{"start_line":300,"start_character":8,"end_line":300,"end_character":9},"in_reply_to":"5fa8e742_264965c1","updated":"2021-11-12 22:04:17.000000000","message":"Done","commit_id":"a08d9724c4958f03495a2cfce07f5c3ed47cd233"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"03feaa44bd551c2cb5c4c527942fa7d778272d51","unresolved":true,"context_lines":[{"line_number":298,"context_line":""},{"line_number":299,"context_line":"    @utils.parameterized_dataset(test_data_create_container_consumer_acl_only)"},{"line_number":300,"context_line":"    def gest_container_acl_create_consumer(self, user, expected_return):"},{"line_number":301,"context_line":"        \"\"\"Acl access will not allow you to add a consumer\"\"\""},{"line_number":302,"context_line":"        container_ref \u003d self.store_container(user_name\u003dcreator_a,"},{"line_number":303,"context_line":"                                             admin\u003dadmin_a)"},{"line_number":304,"context_line":""}],"source_content_type":"text/x-python","patch_set":8,"id":"f7f93bb4_887a28b1","line":301,"range":{"start_line":301,"start_character":7,"end_line":301,"end_character":61},"updated":"2021-11-12 20:58:00.000000000","message":"Delete this.","commit_id":"a08d9724c4958f03495a2cfce07f5c3ed47cd233"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"267f2712e36b5c21de9456d291e36d36d0126d0f","unresolved":false,"context_lines":[{"line_number":298,"context_line":""},{"line_number":299,"context_line":"    @utils.parameterized_dataset(test_data_create_container_consumer_acl_only)"},{"line_number":300,"context_line":"    def gest_container_acl_create_consumer(self, user, expected_return):"},{"line_number":301,"context_line":"        \"\"\"Acl access will not allow you to add a consumer\"\"\""},{"line_number":302,"context_line":"        container_ref \u003d self.store_container(user_name\u003dcreator_a,"},{"line_number":303,"context_line":"                                             admin\u003dadmin_a)"},{"line_number":304,"context_line":""}],"source_content_type":"text/x-python","patch_set":8,"id":"e0df5bcc_0ab865c4","line":301,"range":{"start_line":301,"start_character":7,"end_line":301,"end_character":61},"in_reply_to":"f7f93bb4_887a28b1","updated":"2021-11-12 22:04:17.000000000","message":"Done","commit_id":"a08d9724c4958f03495a2cfce07f5c3ed47cd233"},{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"1846b688fb09a7847794021db4e6d5a486fe94cc","unresolved":true,"context_lines":[{"line_number":141,"context_line":"    \u0027with_auditor_a\u0027: {\u0027user\u0027: auditor_a, \u0027expected_return\u0027: 200},"},{"line_number":142,"context_line":"    # the consumer being deleted is owned by project a, so attempts"},{"line_number":143,"context_line":"    # to remove it with users from project b below should fail"},{"line_number":144,"context_line":"    \u0027with_admin_b\u0027: {\u0027user\u0027: admin_b, \u0027expected_return\u0027: 403},"},{"line_number":145,"context_line":"    \u0027with_observer_b\u0027: {\u0027user\u0027: observer_b, \u0027expected_return\u0027: 403},"},{"line_number":146,"context_line":"}"},{"line_number":147,"context_line":""},{"line_number":148,"context_line":"test_data_create_container_consumer_acl_only \u003d {"}],"source_content_type":"text/x-python","patch_set":11,"id":"7f19d960_abf05d0d","line":145,"range":{"start_line":144,"start_character":4,"end_line":145,"end_character":68},"updated":"2021-12-01 22:12:58.000000000","message":"I don\u0027t understand the difference here.  If I understand the test here correctly, the users from project B have the ability to read the secret due to an acl.  This allows them to create a consumer as below.\n\nThe rule appears to be identical for creating consumers or deleting them -- so why the difference?","commit_id":"afda93c668ff075034fc784c2e19c81367ba369f"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"e7ffab3f30a24953e7556985f89b5e2fd658b397","unresolved":false,"context_lines":[{"line_number":141,"context_line":"    \u0027with_auditor_a\u0027: {\u0027user\u0027: auditor_a, \u0027expected_return\u0027: 200},"},{"line_number":142,"context_line":"    # the consumer being deleted is owned by project a, so attempts"},{"line_number":143,"context_line":"    # to remove it with users from project b below should fail"},{"line_number":144,"context_line":"    \u0027with_admin_b\u0027: {\u0027user\u0027: admin_b, \u0027expected_return\u0027: 403},"},{"line_number":145,"context_line":"    \u0027with_observer_b\u0027: {\u0027user\u0027: observer_b, \u0027expected_return\u0027: 403},"},{"line_number":146,"context_line":"}"},{"line_number":147,"context_line":""},{"line_number":148,"context_line":"test_data_create_container_consumer_acl_only \u003d {"}],"source_content_type":"text/x-python","patch_set":11,"id":"a31ffd6d_f6a452c7","line":145,"range":{"start_line":144,"start_character":4,"end_line":145,"end_character":68},"in_reply_to":"7f19d960_abf05d0d","updated":"2021-12-02 20:26:26.000000000","message":"The difference is that in the POST test (in line 309 below) users in project_b are adding a brand new consumer.  This new consumer that gets created is owned by project_b.\n\nFor the DELETE test (in line 276 below) users in project_b are attempting to delete a consumer that is owned by project_a (see line 292 below).  Because their project does not own the consumer they are not allowed to delete it.\n\nI think the reason this may be confusing is because the check for consumer project owner was hard-coded for some reason, instead of being part of the policy:\n\nhttps://opendev.org/openstack/barbican/src/branch/stable/xena/barbican/api/controllers/consumers.py#L187-L192","commit_id":"afda93c668ff075034fc784c2e19c81367ba369f"}],"releasenotes/notes/fix-story-2009664-042ef282c0dd6b6a.yaml":[{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"1846b688fb09a7847794021db4e6d5a486fe94cc","unresolved":true,"context_lines":[{"line_number":2,"context_line":"fixes:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Fixed Story 2009664 - Fixed the Consumer controller to be able to use the"},{"line_number":5,"context_line":"    associated Container\u0027s ownership information in policy checks."}],"source_content_type":"text/x-yaml","patch_set":11,"id":"a9b339ca_027abdbd","line":5,"updated":"2021-12-01 22:12:58.000000000","message":"You remove some rules (consumers:get) and add some others in their place (secret_consumers:.., container_consumers ...). We should mention this in case someone has overridden these rules in a custom policy","commit_id":"afda93c668ff075034fc784c2e19c81367ba369f"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"e7ffab3f30a24953e7556985f89b5e2fd658b397","unresolved":true,"context_lines":[{"line_number":2,"context_line":"fixes:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Fixed Story 2009664 - Fixed the Consumer controller to be able to use the"},{"line_number":5,"context_line":"    associated Container\u0027s ownership information in policy checks."}],"source_content_type":"text/x-yaml","patch_set":11,"id":"bced17e6_f0e98312","line":5,"in_reply_to":"a9b339ca_027abdbd","updated":"2021-12-02 20:26:26.000000000","message":"Ack, I\u0027ll add a note about this.","commit_id":"afda93c668ff075034fc784c2e19c81367ba369f"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"224c62a372364aa275ca3c9ff9ee50b800446f19","unresolved":false,"context_lines":[{"line_number":2,"context_line":"fixes:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Fixed Story 2009664 - Fixed the Consumer controller to be able to use the"},{"line_number":5,"context_line":"    associated Container\u0027s ownership information in policy checks."}],"source_content_type":"text/x-yaml","patch_set":11,"id":"fa189ad7_7a2c4e3e","line":5,"in_reply_to":"bced17e6_f0e98312","updated":"2021-12-02 20:53:11.000000000","message":"Done","commit_id":"afda93c668ff075034fc784c2e19c81367ba369f"}]}