)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"1ec7b2b3ba6725e8a9d803b34e7daf1b97334352","unresolved":true,"context_lines":[{"line_number":13,"context_line":"if they were also the same user that originally created, which was"},{"line_number":14,"context_line":"inconsistent with the way that deletes are handled by other OpenStack"},{"line_number":15,"context_line":"projects that integrate with Barbican."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"Story: 2009791"},{"line_number":18,"context_line":"Task: 44324"},{"line_number":19,"context_line":"Change-Id: Ie3e3adc1ee02d770de050f5cfa8110774bb1f661"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":3,"id":"768f6512_da26a8a6","line":16,"updated":"2022-01-20 22:28:59.000000000","message":"Please update to mention the private secret deny","commit_id":"328377cc09832bf129222e6a7773b1fc9d4c833b"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"7668cf246fabb303dc370502bb9a6289297a2ea1","unresolved":false,"context_lines":[{"line_number":13,"context_line":"if they were also the same user that originally created, which was"},{"line_number":14,"context_line":"inconsistent with the way that deletes are handled by other OpenStack"},{"line_number":15,"context_line":"projects that integrate with Barbican."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"Story: 2009791"},{"line_number":18,"context_line":"Task: 44324"},{"line_number":19,"context_line":"Change-Id: Ie3e3adc1ee02d770de050f5cfa8110774bb1f661"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":3,"id":"9b77dc2b_c45f9db9","line":16,"in_reply_to":"768f6512_da26a8a6","updated":"2022-01-21 21:13:38.000000000","message":"Done","commit_id":"328377cc09832bf129222e6a7773b1fc9d4c833b"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"b2396a58bd6bf5709689c479a5bdcc7bcd02e4e8","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"eb3c99c3_7929a78c","updated":"2022-01-27 21:31:28.000000000","message":"Everything looks good so far.  I would also add a note in the acls.rst doc where we talk about project_read and private secrets, and note that marking a secret as private will mean that only the creator or admin will be able to remove it.","commit_id":"1c7cf0551253ec163ad83dd2495e77fac934a6c2"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"9975d616cb0b3d7a45821dd89f2df823e7d9fc09","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"665d62a5_c3f2d242","in_reply_to":"eb3c99c3_7929a78c","updated":"2022-01-31 20:21:43.000000000","message":"Done.","commit_id":"1c7cf0551253ec163ad83dd2495e77fac934a6c2"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"e9cd007ba09b9b743b3d9562a20bba751b2dddbb","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"03ceb10f_8a538aeb","updated":"2022-02-10 20:37:24.000000000","message":"recheck","commit_id":"2620d14c5fae378a5e8d7d550d5ae8efb263d63a"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"9e3e6a3a7fe9e729e38a1b6848c4a7b532644fad","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"c12644ef_d0c1a955","updated":"2022-02-01 13:30:37.000000000","message":"recheck","commit_id":"2620d14c5fae378a5e8d7d550d5ae8efb263d63a"}],"barbican/common/policies/secrets.py":[{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"2528b4ba62a4edb69c90f09026875e1cff9735c7","unresolved":true,"context_lines":[{"line_number":71,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":72,"context_line":"        name\u003d\u0027secret:delete\u0027,"},{"line_number":73,"context_line":"        check_str\u003d\u0027rule:secret_project_admin or \u0027 +"},{"line_number":74,"context_line":"                  \u0027rule:secret_project_creator_role or \u0027 +"},{"line_number":75,"context_line":"                  f\"({_PROJECT_MEMBER} and ({_SECRET_CREATOR} or \" +"},{"line_number":76,"context_line":"                  f\"{_SECRET_IS_NOT_PRIVATE})) or {_PROJECT_ADMIN}\","},{"line_number":77,"context_line":"        scope_types\u003d[\u0027project\u0027],"}],"source_content_type":"text/x-python","patch_set":1,"id":"b2e1a934_6d3d3db3","line":74,"updated":"2022-01-20 21:39:53.000000000","message":"I thought that we were going to allow the creator user to delete a secret only if -\n1. they created the secret to begin with\n2. the secret was non-private\n\nThat will be more consistent with what is coming with member role.","commit_id":"3ab69553ad06fdd8536b0c86bf3223983bdcc57f"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"f4e04f463ff333215ff9ce8b294cf2a196f07414","unresolved":false,"context_lines":[{"line_number":71,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":72,"context_line":"        name\u003d\u0027secret:delete\u0027,"},{"line_number":73,"context_line":"        check_str\u003d\u0027rule:secret_project_admin or \u0027 +"},{"line_number":74,"context_line":"                  \u0027rule:secret_project_creator_role or \u0027 +"},{"line_number":75,"context_line":"                  f\"({_PROJECT_MEMBER} and ({_SECRET_CREATOR} or \" +"},{"line_number":76,"context_line":"                  f\"{_SECRET_IS_NOT_PRIVATE})) or {_PROJECT_ADMIN}\","},{"line_number":77,"context_line":"        scope_types\u003d[\u0027project\u0027],"}],"source_content_type":"text/x-python","patch_set":1,"id":"f0fababc_3ae7fb27","line":74,"in_reply_to":"b2e1a934_6d3d3db3","updated":"2022-01-20 22:05:55.000000000","message":"I\u0027ve added the check to deny delete for private secrets.","commit_id":"3ab69553ad06fdd8536b0c86bf3223983bdcc57f"}],"barbican/tests/api/test_resources_policy.py":[{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"1ec7b2b3ba6725e8a9d803b34e7daf1b97334352","unresolved":true,"context_lines":[{"line_number":666,"context_line":"        self._assert_pass_rbac([\u0027admin\u0027, \u0027creator\u0027], self._invoke_on_delete,"},{"line_number":667,"context_line":"                               user_id\u003dself.user_id,"},{"line_number":668,"context_line":"                               project_id\u003dself.external_project_id)"},{"line_number":669,"context_line":""},{"line_number":670,"context_line":"    def test_should_raise_delete_secret(self):"},{"line_number":671,"context_line":"        \"\"\"A non-admin user cannot delete other user\u0027s secret."},{"line_number":672,"context_line":""}],"source_content_type":"text/x-python","patch_set":3,"id":"4813c078_5fe30fcb","line":669,"updated":"2022-01-20 22:28:59.000000000","message":"can we add a test for a private secret?  ie. should be able to delete one\u0027s own private secret, but not anothers.","commit_id":"328377cc09832bf129222e6a7773b1fc9d4c833b"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"7668cf246fabb303dc370502bb9a6289297a2ea1","unresolved":false,"context_lines":[{"line_number":666,"context_line":"        self._assert_pass_rbac([\u0027admin\u0027, \u0027creator\u0027], self._invoke_on_delete,"},{"line_number":667,"context_line":"                               user_id\u003dself.user_id,"},{"line_number":668,"context_line":"                               project_id\u003dself.external_project_id)"},{"line_number":669,"context_line":""},{"line_number":670,"context_line":"    def test_should_raise_delete_secret(self):"},{"line_number":671,"context_line":"        \"\"\"A non-admin user cannot delete other user\u0027s secret."},{"line_number":672,"context_line":""}],"source_content_type":"text/x-python","patch_set":3,"id":"78146796_e51257a3","line":669,"in_reply_to":"4813c078_5fe30fcb","updated":"2022-01-21 21:13:38.000000000","message":"Done","commit_id":"328377cc09832bf129222e6a7773b1fc9d4c833b"}],"releasenotes/notes/fix-story-2009791-allow-creator-delete-06dd3eb670d0e624.yaml":[{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"1ec7b2b3ba6725e8a9d803b34e7daf1b97334352","unresolved":true,"context_lines":[{"line_number":7,"context_line":"    with the \"creator\" role was only allowed to delete a secret owned by the"},{"line_number":8,"context_line":"    project if they were also the same user that originally created, which"},{"line_number":9,"context_line":"    was inconsistent with the way that deletes are handled by other OpenStack"},{"line_number":10,"context_line":"    projects that integrate with Barbican."}],"source_content_type":"text/x-yaml","patch_set":3,"id":"de7d7e8d_08176a95","line":10,"updated":"2022-01-20 22:28:59.000000000","message":"update to describe private secret deny as well.","commit_id":"328377cc09832bf129222e6a7773b1fc9d4c833b"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"7668cf246fabb303dc370502bb9a6289297a2ea1","unresolved":false,"context_lines":[{"line_number":7,"context_line":"    with the \"creator\" role was only allowed to delete a secret owned by the"},{"line_number":8,"context_line":"    project if they were also the same user that originally created, which"},{"line_number":9,"context_line":"    was inconsistent with the way that deletes are handled by other OpenStack"},{"line_number":10,"context_line":"    projects that integrate with Barbican."}],"source_content_type":"text/x-yaml","patch_set":3,"id":"4aa71e04_6b63dbd4","line":10,"in_reply_to":"de7d7e8d_08176a95","updated":"2022-01-21 21:13:38.000000000","message":"Done","commit_id":"328377cc09832bf129222e6a7773b1fc9d4c833b"}]}