)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"dc8d8fe2b5853ffaca38989b88e95f86646404de","unresolved":true,"context_lines":[{"line_number":18,"context_line":"   different sets of credentials"},{"line_number":19,"context_line":"2. The service_catalog is preserved. It\u0027s unclear if this is really"},{"line_number":20,"context_line":"   needed long-term, but some code still relies on it. Also unclear why"},{"line_number":21,"context_line":"   the oslo context doesn\u0027t include this when parsing headers."},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"Support for multiple domains is included as part of this changeset."},{"line_number":24,"context_line":"Before, it was assumed that all users (admins and project users) were"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":8,"id":"a68ef715_986a6218","line":21,"updated":"2021-11-12 15:35:14.000000000","message":"My memory seems to tell me it got removed by default because it bloated the memory footprint, as its generally the same for all users (give or take the now mostly removed project_id substituion).\n\nIt think nova only caches the services it cares about: https://github.com/openstack/nova/blob/master/nova/context.py#L114","commit_id":"03953d64a7761c625acf0b8e1b646e3fbd6f4105"},{"author":{"_account_id":29100,"name":"Jason Anderson","email":"jasonanderson@uchicago.edu","username":"jasonanderson"},"change_message_id":"f15f2e410633ae1a2166525cb9ff239c9cb16334","unresolved":false,"context_lines":[{"line_number":18,"context_line":"   different sets of credentials"},{"line_number":19,"context_line":"2. The service_catalog is preserved. It\u0027s unclear if this is really"},{"line_number":20,"context_line":"   needed long-term, but some code still relies on it. Also unclear why"},{"line_number":21,"context_line":"   the oslo context doesn\u0027t include this when parsing headers."},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"Support for multiple domains is included as part of this changeset."},{"line_number":24,"context_line":"Before, it was assumed that all users (admins and project users) were"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":8,"id":"8af9e53c_ecbd288b","line":21,"in_reply_to":"a68ef715_986a6218","updated":"2022-02-10 16:22:28.000000000","message":"Ack","commit_id":"03953d64a7761c625acf0b8e1b646e3fbd6f4105"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"dc8d8fe2b5853ffaca38989b88e95f86646404de","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":8,"id":"4b457128_8c467f14","updated":"2021-11-12 15:35:14.000000000","message":"I like this, but I think we should also adopt the standard polcy rule extraction, rather going non-standard with project instead for project_id.","commit_id":"03953d64a7761c625acf0b8e1b646e3fbd6f4105"},{"author":{"_account_id":29100,"name":"Jason Anderson","email":"jasonanderson@uchicago.edu","username":"jasonanderson"},"change_message_id":"b17a266590caddaf9e66ba94d11f9e4a8da86a2c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"c1517677_64de8988","updated":"2021-12-02 17:11:30.000000000","message":"Thanks for the feedback, I misunderstood some of what I had read. Updated to use to_policy_values, which is really what should be passed from context-\u003epolicy enforcement.","commit_id":"54534b35bcef76480df95a98ea06741b2ca5fbf9"},{"author":{"_account_id":15197,"name":"Pierre Riteau","email":"pierre@stackhpc.com","username":"priteau","status":"StackHPC"},"change_message_id":"264b659d6324293d6d51b4b753c49979a9bfe3a0","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":10,"id":"cde293e3_3145249b","updated":"2022-02-23 22:28:35.000000000","message":"Many thanks for this work Jason!","commit_id":"ed238925f912ea1b7ebfa8918b3a29a7bc3f0012"}],"blazar/policies/base.py":[{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"dc8d8fe2b5853ffaca38989b88e95f86646404de","unresolved":true,"context_lines":[{"line_number":23,"context_line":"        description\u003d\"Default rule for most Admin APIs.\"),"},{"line_number":24,"context_line":"    policy.RuleDefault("},{"line_number":25,"context_line":"        name\u003d\"admin_or_owner\","},{"line_number":26,"context_line":"        check_str\u003d\"rule:admin or project:%(project)s\","},{"line_number":27,"context_line":"        description\u003d\"Default rule for most non-Admin APIs.\")"},{"line_number":28,"context_line":"]"},{"line_number":29,"context_line":""}],"source_content_type":"text/x-python","patch_set":8,"id":"3cf27956_6eefa96b","line":26,"updated":"2021-11-12 15:35:14.000000000","message":"Most projects are using project_id here, it would be good to keep that consistent.","commit_id":"03953d64a7761c625acf0b8e1b646e3fbd6f4105"},{"author":{"_account_id":29100,"name":"Jason Anderson","email":"jasonanderson@uchicago.edu","username":"jasonanderson"},"change_message_id":"f15f2e410633ae1a2166525cb9ff239c9cb16334","unresolved":false,"context_lines":[{"line_number":23,"context_line":"        description\u003d\"Default rule for most Admin APIs.\"),"},{"line_number":24,"context_line":"    policy.RuleDefault("},{"line_number":25,"context_line":"        name\u003d\"admin_or_owner\","},{"line_number":26,"context_line":"        check_str\u003d\"rule:admin or project:%(project)s\","},{"line_number":27,"context_line":"        description\u003d\"Default rule for most non-Admin APIs.\")"},{"line_number":28,"context_line":"]"},{"line_number":29,"context_line":""}],"source_content_type":"text/x-python","patch_set":8,"id":"ff4d69d5_3ec4f604","line":26,"in_reply_to":"3cf27956_6eefa96b","updated":"2022-02-10 16:22:28.000000000","message":"Done","commit_id":"03953d64a7761c625acf0b8e1b646e3fbd6f4105"}],"blazar/policy.py":[{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"dc8d8fe2b5853ffaca38989b88e95f86646404de","unresolved":true,"context_lines":[{"line_number":102,"context_line":"    if do_raise:"},{"line_number":103,"context_line":"        extra.update(exc\u003dexceptions.PolicyNotAuthorized, action\u003daction)"},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"    return _ENFORCER.enforce(action, target, credentials, do_raise\u003ddo_raise,"},{"line_number":106,"context_line":"                             **extra)"},{"line_number":107,"context_line":""},{"line_number":108,"context_line":""}],"source_content_type":"text/x-python","patch_set":8,"id":"f2ea342c_f2b45b04","line":105,"updated":"2021-11-12 15:35:14.000000000","message":"Most projects use user_id and project_id, this seems to move away from that, which seems concerning to me.\n\nI believe you can pass a context object directly into the enforce function, and it will use context.to_policy_values() as required, which includes project_id and user_id, as is used in most other projects for policy:\nhttps://opendev.org/openstack/oslo.policy/src/branch/master/oslo_policy/policy.py#L992","commit_id":"03953d64a7761c625acf0b8e1b646e3fbd6f4105"},{"author":{"_account_id":29100,"name":"Jason Anderson","email":"jasonanderson@uchicago.edu","username":"jasonanderson"},"change_message_id":"b17a266590caddaf9e66ba94d11f9e4a8da86a2c","unresolved":false,"context_lines":[{"line_number":102,"context_line":"    if do_raise:"},{"line_number":103,"context_line":"        extra.update(exc\u003dexceptions.PolicyNotAuthorized, action\u003daction)"},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"    return _ENFORCER.enforce(action, target, credentials, do_raise\u003ddo_raise,"},{"line_number":106,"context_line":"                             **extra)"},{"line_number":107,"context_line":""},{"line_number":108,"context_line":""}],"source_content_type":"text/x-python","patch_set":8,"id":"6bc6f904_7de98921","line":105,"in_reply_to":"f2ea342c_f2b45b04","updated":"2021-12-02 17:11:30.000000000","message":"Gotcha -- I misunderstood what _DeprecatedPolicyValues was doing here, I thought it indicated that the keys passed to that ctor were deprecated, but it\u0027s the opposite. https://opendev.org/openstack/oslo.context/src/branch/master/oslo_context/context.py#L318","commit_id":"03953d64a7761c625acf0b8e1b646e3fbd6f4105"}],"blazar/tests/test_context.py":[{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"1033f06e1bc3d4b8520b7cd06ec3b924a6c70e56","unresolved":false,"context_lines":[{"line_number":85,"context_line":"    def test_admin_nested(self):"},{"line_number":86,"context_line":"        \"\"\"Test that admin properties take priority over current context.\"\"\""},{"line_number":87,"context_line":"        request_id \u003d \u0027req-679033b7-1755-4929-bf85-eb3bfaef7e0b\u0027"},{"line_number":88,"context_line":"        service_catalog\u003d[\u0027foo\u0027]"},{"line_number":89,"context_line":"        ctx \u003d context.BlazarContext("},{"line_number":90,"context_line":"            user_name\u003d\u0027fake-user\u0027, user_domain_name\u003d\u0027fake-user-domain\u0027,"},{"line_number":91,"context_line":"            project_name\u003d\u0027fake-project\u0027, project_domain_name\u003d\u0027fake-user-domain\u0027,"}],"source_content_type":"text/x-python","patch_set":1,"id":"ff570b3c_2c099d2b","line":88,"updated":"2020-05-28 18:15:59.000000000","message":"pep8: E225 missing whitespace around operator","commit_id":"7e2ac9b806d0ec33faa239c326b0af2b65a1b6a7"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"1033f06e1bc3d4b8520b7cd06ec3b924a6c70e56","unresolved":false,"context_lines":[{"line_number":88,"context_line":"        service_catalog\u003d[\u0027foo\u0027]"},{"line_number":89,"context_line":"        ctx \u003d context.BlazarContext("},{"line_number":90,"context_line":"            user_name\u003d\u0027fake-user\u0027, user_domain_name\u003d\u0027fake-user-domain\u0027,"},{"line_number":91,"context_line":"            project_name\u003d\u0027fake-project\u0027, project_domain_name\u003d\u0027fake-user-domain\u0027,"},{"line_number":92,"context_line":"            service_catalog\u003dservice_catalog, request_id\u003drequest_id)"},{"line_number":93,"context_line":"        with ctx:"},{"line_number":94,"context_line":"            admin_ctx \u003d context.admin()"}],"source_content_type":"text/x-python","patch_set":1,"id":"ff570b3c_0c0c9939","line":91,"updated":"2020-05-28 18:15:59.000000000","message":"pep8: E501 line too long (80 \u003e 79 characters)","commit_id":"7e2ac9b806d0ec33faa239c326b0af2b65a1b6a7"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"1033f06e1bc3d4b8520b7cd06ec3b924a6c70e56","unresolved":false,"context_lines":[{"line_number":95,"context_line":"            self.assertEqual(admin_ctx.user_name, \u0027fake-admin\u0027)"},{"line_number":96,"context_line":"            self.assertEqual(admin_ctx.user_domain_name, \u0027fake-admin-domain\u0027)"},{"line_number":97,"context_line":"            self.assertEqual(admin_ctx.project_name, \u0027fake-admin-project\u0027)"},{"line_number":98,"context_line":"            self.assertEqual(admin_ctx.project_domain_name, \u0027fake-admin-domain\u0027)"},{"line_number":99,"context_line":"            self.assertEqual(admin_ctx.is_admin, True)"},{"line_number":100,"context_line":"            self.assertEqual(admin_ctx.request_id, request_id)"},{"line_number":101,"context_line":"            self.assertEqual(admin_ctx.service_catalog, service_catalog)"}],"source_content_type":"text/x-python","patch_set":1,"id":"ff570b3c_6c12755a","line":98,"updated":"2020-05-28 18:15:59.000000000","message":"pep8: E501 line too long (80 \u003e 79 characters)","commit_id":"7e2ac9b806d0ec33faa239c326b0af2b65a1b6a7"}]}