)]}'
{".zuul.yaml":[{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"e82bdbc5ba384e3276e0b429e8225ff14e9dd0e5","unresolved":true,"context_lines":[{"line_number":112,"context_line":"            voting: false"},{"line_number":113,"context_line":"        - barbican-tempest-plugin-simple-crypto"},{"line_number":114,"context_line":"        - barbican-tempest-plugin-simple-crypto-secure-rbac:"},{"line_number":115,"context_line":"            voting: false"},{"line_number":116,"context_line":"        - barbican-tempest-plugin-simple-crypto-ipv6-only"},{"line_number":117,"context_line":"        - barbican-tox-functional-fips"},{"line_number":118,"context_line":"        - octavia-v2-dsvm-tls-barbican"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"2b0feae7_b41170d0","line":115,"range":{"start_line":115,"start_character":0,"end_line":115,"end_character":25},"updated":"2023-05-22 18:09:49.000000000","message":"I think we should keep it voting and add it in gate pipeline also. If anything failing, we should fix that.","commit_id":"5c020447534bbc1fdb004c7bc11195548ed8748e"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"a3e6d614177c7c2c243be8f3a929ffdbe272a4a4","unresolved":true,"context_lines":[{"line_number":112,"context_line":"            voting: false"},{"line_number":113,"context_line":"        - barbican-tempest-plugin-simple-crypto"},{"line_number":114,"context_line":"        - barbican-tempest-plugin-simple-crypto-secure-rbac:"},{"line_number":115,"context_line":"            voting: false"},{"line_number":116,"context_line":"        - barbican-tempest-plugin-simple-crypto-ipv6-only"},{"line_number":117,"context_line":"        - barbican-tox-functional-fips"},{"line_number":118,"context_line":"        - octavia-v2-dsvm-tls-barbican"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"bc9d9b19_368412fd","line":115,"range":{"start_line":115,"start_character":0,"end_line":115,"end_character":25},"in_reply_to":"2b0feae7_b41170d0","updated":"2023-05-22 18:34:43.000000000","message":"I set this to non-voting because of the tempest chickend-and-egg problem.  This fails because Tempest is expecting the old policy, not the new one.  The changes to the tempest tests are in this patch:\n\nhttps://review.opendev.org/c/openstack/barbican-tempest-plugin/+/883527\n\nThe tempest plugin patch depends on this one, and then I have a follow-up patch to re-enable the rbac tests that depends on the Tempest test update:\n\nhttps://review.opendev.org/c/openstack/barbican/+/883562","commit_id":"5c020447534bbc1fdb004c7bc11195548ed8748e"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"e5483392539beae1ac97dc2f057f373487d13bce","unresolved":true,"context_lines":[{"line_number":112,"context_line":"            voting: false"},{"line_number":113,"context_line":"        - barbican-tempest-plugin-simple-crypto"},{"line_number":114,"context_line":"        - barbican-tempest-plugin-simple-crypto-secure-rbac:"},{"line_number":115,"context_line":"            voting: false"},{"line_number":116,"context_line":"        - barbican-tempest-plugin-simple-crypto-ipv6-only"},{"line_number":117,"context_line":"        - barbican-tox-functional-fips"},{"line_number":118,"context_line":"        - octavia-v2-dsvm-tls-barbican"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"8316d466_6a69d35c","line":115,"range":{"start_line":115,"start_character":0,"end_line":115,"end_character":25},"in_reply_to":"bc9d9b19_368412fd","updated":"2023-05-22 18:39:48.000000000","message":"I see. ++. Along with tempest tetst, maybe we can add few test here in unit/functional to test system scope users does not have access now.","commit_id":"5c020447534bbc1fdb004c7bc11195548ed8748e"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"a76f5c3b33f629e57600c268dd767f605583ddf4","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"db170359_a21f3b8a","updated":"2023-05-18 19:26:44.000000000","message":"recheck - fips failure","commit_id":"bf9c84177326becbce0d4f0e0f617a4b5eec4084"},{"author":{"_account_id":14250,"name":"Grzegorz Grasza","email":"xek@redhat.com","username":"xek"},"change_message_id":"b45519355d3b7e96f4e44d63d433b98946b9ae97","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"1bf05f90_bafac2a1","updated":"2023-06-07 08:55:18.000000000","message":"recheck","commit_id":"116a9045ebb46f45a4df094fa04cdc5aaa61e60f"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"df6210d9e593924708835c5bb91428e9a8b2f707","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"daa11233_59a3ef0c","updated":"2023-06-05 20:05:24.000000000","message":"recheck - timeout","commit_id":"116a9045ebb46f45a4df094fa04cdc5aaa61e60f"}],"barbican/common/policies/consumers.py":[{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"e82bdbc5ba384e3276e0b429e8225ff14e9dd0e5","unresolved":true,"context_lines":[{"line_number":82,"context_line":"        name\u003d\u0027consumer:get\u0027,"},{"line_number":83,"context_line":"        check_str\u003d("},{"line_number":84,"context_line":"            \u0027True:%(enforce_new_defaults)s and \u0027"},{"line_number":85,"context_line":"            \u0027(rule:container_project_admin or \u0027"},{"line_number":86,"context_line":"            \u0027(rule:container_project_member and rule:container_owner) or \u0027"},{"line_number":87,"context_line":"            \u0027(rule:container_project_member and \u0027"},{"line_number":88,"context_line":"            \u0027 rule:container_is_not_private) or \u0027"}],"source_content_type":"text/x-python","patch_set":3,"id":"9bbf2212_c2fc3f5d","line":85,"range":{"start_line":85,"start_character":19,"end_line":85,"end_character":43},"updated":"2023-05-22 18:09:49.000000000","message":"do we need to restrict it in project admin or just admin so that legacy admin continue working,","commit_id":"5c020447534bbc1fdb004c7bc11195548ed8748e"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"70fe52a4fcf528517e37a9c12375ca4b5e92ac52","unresolved":true,"context_lines":[{"line_number":82,"context_line":"        name\u003d\u0027consumer:get\u0027,"},{"line_number":83,"context_line":"        check_str\u003d("},{"line_number":84,"context_line":"            \u0027True:%(enforce_new_defaults)s and \u0027"},{"line_number":85,"context_line":"            \u0027(rule:container_project_admin or \u0027"},{"line_number":86,"context_line":"            \u0027(rule:container_project_member and rule:container_owner) or \u0027"},{"line_number":87,"context_line":"            \u0027(rule:container_project_member and \u0027"},{"line_number":88,"context_line":"            \u0027 rule:container_is_not_private) or \u0027"}],"source_content_type":"text/x-python","patch_set":3,"id":"330d98c1_a7711fc9","line":85,"range":{"start_line":85,"start_character":19,"end_line":85,"end_character":43},"in_reply_to":"4cf5ed05_6029a0e6","updated":"2023-06-05 19:07:59.000000000","message":"changed to role:admin","commit_id":"5c020447534bbc1fdb004c7bc11195548ed8748e"},{"author":{"_account_id":14250,"name":"Grzegorz Grasza","email":"xek@redhat.com","username":"xek"},"change_message_id":"0ff3958831825d5a8d47c3e1b1a416d0fefc5816","unresolved":true,"context_lines":[{"line_number":82,"context_line":"        name\u003d\u0027consumer:get\u0027,"},{"line_number":83,"context_line":"        check_str\u003d("},{"line_number":84,"context_line":"            \u0027True:%(enforce_new_defaults)s and \u0027"},{"line_number":85,"context_line":"            \u0027(rule:container_project_admin or \u0027"},{"line_number":86,"context_line":"            \u0027(rule:container_project_member and rule:container_owner) or \u0027"},{"line_number":87,"context_line":"            \u0027(rule:container_project_member and \u0027"},{"line_number":88,"context_line":"            \u0027 rule:container_is_not_private) or \u0027"}],"source_content_type":"text/x-python","patch_set":3,"id":"4cf5ed05_6029a0e6","line":85,"range":{"start_line":85,"start_character":19,"end_line":85,"end_character":43},"in_reply_to":"6913b61d_f664aed9","updated":"2023-06-05 13:12:51.000000000","message":"Let\u0027s make the legacy admin continue to work","commit_id":"5c020447534bbc1fdb004c7bc11195548ed8748e"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"f7ab16da27892046ddd4ebdd6f11a4b222a81239","unresolved":true,"context_lines":[{"line_number":82,"context_line":"        name\u003d\u0027consumer:get\u0027,"},{"line_number":83,"context_line":"        check_str\u003d("},{"line_number":84,"context_line":"            \u0027True:%(enforce_new_defaults)s and \u0027"},{"line_number":85,"context_line":"            \u0027(rule:container_project_admin or \u0027"},{"line_number":86,"context_line":"            \u0027(rule:container_project_member and rule:container_owner) or \u0027"},{"line_number":87,"context_line":"            \u0027(rule:container_project_member and \u0027"},{"line_number":88,"context_line":"            \u0027 rule:container_is_not_private) or \u0027"}],"source_content_type":"text/x-python","patch_set":3,"id":"6913b61d_f664aed9","line":85,"range":{"start_line":85,"start_character":19,"end_line":85,"end_character":43},"in_reply_to":"8e187e01_a6900f90","updated":"2023-05-31 22:01:41.000000000","message":"If we see the old defaults, they allowed the legacy admin (admin role in any project) to access it and in SRABC feedback from operator they want to keep the legacy admin behaviour same\n\n- https://review.opendev.org/c/openstack/barbican/+/883526/3/barbican/common/policies/consumers.py#24","commit_id":"5c020447534bbc1fdb004c7bc11195548ed8748e"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"a3e6d614177c7c2c243be8f3a929ffdbe272a4a4","unresolved":true,"context_lines":[{"line_number":82,"context_line":"        name\u003d\u0027consumer:get\u0027,"},{"line_number":83,"context_line":"        check_str\u003d("},{"line_number":84,"context_line":"            \u0027True:%(enforce_new_defaults)s and \u0027"},{"line_number":85,"context_line":"            \u0027(rule:container_project_admin or \u0027"},{"line_number":86,"context_line":"            \u0027(rule:container_project_member and rule:container_owner) or \u0027"},{"line_number":87,"context_line":"            \u0027(rule:container_project_member and \u0027"},{"line_number":88,"context_line":"            \u0027 rule:container_is_not_private) or \u0027"}],"source_content_type":"text/x-python","patch_set":3,"id":"8e187e01_a6900f90","line":85,"range":{"start_line":85,"start_character":19,"end_line":85,"end_character":43},"in_reply_to":"9bbf2212_c2fc3f5d","updated":"2023-05-22 18:34:43.000000000","message":"Yeah, that\u0027s a good point.  I don\u0027t have a strong preference either way, but let\u0027s see what xel and alee think.","commit_id":"5c020447534bbc1fdb004c7bc11195548ed8748e"}],"barbican/common/policies/quotas.py":[{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"e82bdbc5ba384e3276e0b429e8225ff14e9dd0e5","unresolved":true,"context_lines":[{"line_number":57,"context_line":"    ),"},{"line_number":58,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":59,"context_line":"        name\u003d\u0027project_quotas:get\u0027,"},{"line_number":60,"context_line":"        check_str\u003d\u0027True:%(enforce_new_defaults)s and role:admin\u0027,"},{"line_number":61,"context_line":"        scope_types\u003d[\u0027project\u0027],"},{"line_number":62,"context_line":"        description\u003d\u0027List quotas for the specified project.\u0027,"},{"line_number":63,"context_line":"        operations\u003d["}],"source_content_type":"text/x-python","patch_set":3,"id":"aec58531_581cc70e","line":60,"range":{"start_line":60,"start_character":53,"end_line":60,"end_character":64},"updated":"2023-05-22 18:09:49.000000000","message":"+1, this way we will allow legacy admin continue working.","commit_id":"5c020447534bbc1fdb004c7bc11195548ed8748e"}]}