)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"f06f12131f9ee414aa869d1bd10a73be4c321238","unresolved":true,"context_lines":[{"line_number":4,"context_line":"Commit:     Tom Barron \u003ctpb@dyncloud.net\u003e"},{"line_number":5,"context_line":"CommitDate: 2021-06-13 16:20:26 -0400"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Expose ``tenant visible`` extra specs"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"to regular users so they know the abstract back end"},{"line_number":10,"context_line":"independent capabilities and features of volume types."}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"4de9de91_f77102a3","line":7,"range":{"start_line":7,"start_character":9,"end_line":7,"end_character":15},"updated":"2021-06-16 01:48:24.000000000","message":"can we make it project? keystone has removed the usage of tenant and it\u0027s confusing to use it again","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"ef65f4639aa2b6e5357f8d7da4e0001fbbbb9cda","unresolved":true,"context_lines":[{"line_number":4,"context_line":"Commit:     Tom Barron \u003ctpb@dyncloud.net\u003e"},{"line_number":5,"context_line":"CommitDate: 2021-06-13 16:20:26 -0400"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Expose ``tenant visible`` extra specs"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"to regular users so they know the abstract back end"},{"line_number":10,"context_line":"independent capabilities and features of volume types."}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"a03a8943_0cfa7f6c","line":7,"range":{"start_line":7,"start_character":9,"end_line":7,"end_character":15},"in_reply_to":"4de9de91_f77102a3","updated":"2021-06-16 02:17:54.000000000","message":"Well it\u0027s the concept. We could say \"keystone project\" here if that\u0027s the consensus, meaning visible to keystone user and keystone reader as well as to keystone admin of a project.  But I was hoping to just keep it simple -- traditionally cloud tenants are the folks who use the cloud but don\u0027t own or administer it.","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"f163851d9fd8828d8c6f4bef2565914d5c36b3b6","unresolved":false,"context_lines":[{"line_number":4,"context_line":"Commit:     Tom Barron \u003ctpb@dyncloud.net\u003e"},{"line_number":5,"context_line":"CommitDate: 2021-06-13 16:20:26 -0400"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Expose ``tenant visible`` extra specs"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"to regular users so they know the abstract back end"},{"line_number":10,"context_line":"independent capabilities and features of volume types."}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"a1b1035d_9d075aca","line":7,"range":{"start_line":7,"start_character":9,"end_line":7,"end_character":15},"in_reply_to":"a03a8943_0cfa7f6c","updated":"2021-06-17 12:02:44.000000000","message":"It does seem like a good idea to avoid the term \u0027tenant\u0027 given its history of use in keystone as synonymous with \u0027project.\u0027  We aren\u0027t proposing project scoped extra specs, but rather a set of extra specs that are visible to all users, not just to admin role users.  So let\u0027s call the ``user visible`` extra specs.","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"}],"specs/xena/expose-cinder-tenant-visible-extra-specs-spec.rst":[{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"f06f12131f9ee414aa869d1bd10a73be4c321238","unresolved":true,"context_lines":[{"line_number":5,"context_line":" http://creativecommons.org/licenses/by/3.0/legalcode"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":8,"context_line":"Expose tenant-visible extra specs in volume types"},{"line_number":9,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"https://blueprints.launchpad.net/cinder/+spec/expose-tenant-visible-extra-specs"}],"source_content_type":"text/x-rst","patch_set":1,"id":"fe7f546b_95ecc44e","line":8,"range":{"start_line":8,"start_character":7,"end_line":8,"end_character":13},"updated":"2021-06-16 01:48:24.000000000","message":"project\nsee reason in commit msg and change similar occurances","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"f163851d9fd8828d8c6f4bef2565914d5c36b3b6","unresolved":false,"context_lines":[{"line_number":5,"context_line":" http://creativecommons.org/licenses/by/3.0/legalcode"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":8,"context_line":"Expose tenant-visible extra specs in volume types"},{"line_number":9,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"https://blueprints.launchpad.net/cinder/+spec/expose-tenant-visible-extra-specs"}],"source_content_type":"text/x-rst","patch_set":1,"id":"979e2aed_8ca76856","line":8,"range":{"start_line":8,"start_character":7,"end_line":8,"end_character":13},"in_reply_to":"5e08af33_cbc92852","updated":"2021-06-17 12:02:44.000000000","message":"Changed to ``user-visible``.","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"ef65f4639aa2b6e5357f8d7da4e0001fbbbb9cda","unresolved":true,"context_lines":[{"line_number":5,"context_line":" http://creativecommons.org/licenses/by/3.0/legalcode"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":8,"context_line":"Expose tenant-visible extra specs in volume types"},{"line_number":9,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"https://blueprints.launchpad.net/cinder/+spec/expose-tenant-visible-extra-specs"}],"source_content_type":"text/x-rst","patch_set":1,"id":"5e08af33_cbc92852","line":8,"range":{"start_line":8,"start_character":7,"end_line":8,"end_character":13},"in_reply_to":"fe7f546b_95ecc44e","updated":"2021-06-16 02:17:54.000000000","message":"See my reply above.  I\u0027m not dug in on this, can do whatever the Cindr community wants to communicate the difference between cloud administrators and regular users of the cloud.","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"f06f12131f9ee414aa869d1bd10a73be4c321238","unresolved":true,"context_lines":[{"line_number":21,"context_line":"types. This makes sense for specs that control knobs for use by drivers,"},{"line_number":22,"context_line":"that select a particular backend, or that would otherwise reveal backend"},{"line_number":23,"context_line":"specifics. But it is problematic for backend independent extra specs"},{"line_number":24,"context_line":"like ``multiattach_capable`` or ``availability_zones`` – specs that"},{"line_number":25,"context_line":"carry critical information for regular users when they select volume"},{"line_number":26,"context_line":"types to use as they create volumes."},{"line_number":27,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"80a0ea11_e1a36f3f","line":24,"range":{"start_line":24,"start_character":5,"end_line":24,"end_character":54},"updated":"2021-06-16 01:48:24.000000000","message":"we use the right keys here,\n1) multiattach\n2) RESKEY:availability_zones","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"ef65f4639aa2b6e5357f8d7da4e0001fbbbb9cda","unresolved":true,"context_lines":[{"line_number":21,"context_line":"types. This makes sense for specs that control knobs for use by drivers,"},{"line_number":22,"context_line":"that select a particular backend, or that would otherwise reveal backend"},{"line_number":23,"context_line":"specifics. But it is problematic for backend independent extra specs"},{"line_number":24,"context_line":"like ``multiattach_capable`` or ``availability_zones`` – specs that"},{"line_number":25,"context_line":"carry critical information for regular users when they select volume"},{"line_number":26,"context_line":"types to use as they create volumes."},{"line_number":27,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"c3724b21_94446303","line":24,"range":{"start_line":24,"start_character":5,"end_line":24,"end_character":54},"in_reply_to":"80a0ea11_e1a36f3f","updated":"2021-06-16 02:17:54.000000000","message":"Thank you!  We need to enumerate the exact keys used.\n\nIf you can help us identify other backend-independent keys that should be project/tenant visible, that would be great!","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"f163851d9fd8828d8c6f4bef2565914d5c36b3b6","unresolved":false,"context_lines":[{"line_number":21,"context_line":"types. This makes sense for specs that control knobs for use by drivers,"},{"line_number":22,"context_line":"that select a particular backend, or that would otherwise reveal backend"},{"line_number":23,"context_line":"specifics. But it is problematic for backend independent extra specs"},{"line_number":24,"context_line":"like ``multiattach_capable`` or ``availability_zones`` – specs that"},{"line_number":25,"context_line":"carry critical information for regular users when they select volume"},{"line_number":26,"context_line":"types to use as they create volumes."},{"line_number":27,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"4426baba_57076d6b","line":24,"range":{"start_line":24,"start_character":5,"end_line":24,"end_character":54},"in_reply_to":"c3724b21_94446303","updated":"2021-06-17 12:02:44.000000000","message":"Done","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"04b8727d5b7bff7b49fecc5deb57aaf2eb732889","unresolved":true,"context_lines":[{"line_number":46,"context_line":"by containerized applications."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"When provisioning a persistent volume via Cinder CSI with ReadWriteMany"},{"line_number":49,"context_line":"access mode, the persistent volume claimd should specify ``block``"},{"line_number":50,"context_line":"volumeMode (default is ``filesystem``) and reference a Storage Class"},{"line_number":51,"context_line":"corresponding to a Cinder volume type with a ``\"multi_attach\": True``"},{"line_number":52,"context_line":"extra spec."}],"source_content_type":"text/x-rst","patch_set":1,"id":"f7a0a3d7_c8acc074","line":49,"range":{"start_line":49,"start_character":35,"end_line":49,"end_character":41},"updated":"2021-06-14 14:39:38.000000000","message":"typo: \"claim\"","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"8aff474fa00f99de2fcbb5f165bbb1257f071b7e","unresolved":false,"context_lines":[{"line_number":46,"context_line":"by containerized applications."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"When provisioning a persistent volume via Cinder CSI with ReadWriteMany"},{"line_number":49,"context_line":"access mode, the persistent volume claimd should specify ``block``"},{"line_number":50,"context_line":"volumeMode (default is ``filesystem``) and reference a Storage Class"},{"line_number":51,"context_line":"corresponding to a Cinder volume type with a ``\"multi_attach\": True``"},{"line_number":52,"context_line":"extra spec."}],"source_content_type":"text/x-rst","patch_set":1,"id":"95de02a3_9c576a03","line":49,"range":{"start_line":49,"start_character":35,"end_line":49,"end_character":41},"in_reply_to":"f7a0a3d7_c8acc074","updated":"2021-06-15 11:24:45.000000000","message":"Ack","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"f06f12131f9ee414aa869d1bd10a73be4c321238","unresolved":true,"context_lines":[{"line_number":48,"context_line":"When provisioning a persistent volume via Cinder CSI with ReadWriteMany"},{"line_number":49,"context_line":"access mode, the persistent volume claimd should specify ``block``"},{"line_number":50,"context_line":"volumeMode (default is ``filesystem``) and reference a Storage Class"},{"line_number":51,"context_line":"corresponding to a Cinder volume type with a ``\"multi_attach\": True``"},{"line_number":52,"context_line":"extra spec."},{"line_number":53,"context_line":""},{"line_number":54,"context_line":"Because OpenShift administrators and all the software that runs on their"}],"source_content_type":"text/x-rst","patch_set":1,"id":"217916c0_15aa61ec","line":51,"range":{"start_line":51,"start_character":63,"end_line":51,"end_character":67},"updated":"2021-06-16 01:48:24.000000000","message":"\"\u003cis\u003e True\"","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"f06f12131f9ee414aa869d1bd10a73be4c321238","unresolved":true,"context_lines":[{"line_number":48,"context_line":"When provisioning a persistent volume via Cinder CSI with ReadWriteMany"},{"line_number":49,"context_line":"access mode, the persistent volume claimd should specify ``block``"},{"line_number":50,"context_line":"volumeMode (default is ``filesystem``) and reference a Storage Class"},{"line_number":51,"context_line":"corresponding to a Cinder volume type with a ``\"multi_attach\": True``"},{"line_number":52,"context_line":"extra spec."},{"line_number":53,"context_line":""},{"line_number":54,"context_line":"Because OpenShift administrators and all the software that runs on their"}],"source_content_type":"text/x-rst","patch_set":1,"id":"27686493_72cb121a","line":51,"range":{"start_line":51,"start_character":48,"end_line":51,"end_character":60},"updated":"2021-06-16 01:48:24.000000000","message":"multiattach","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"ef65f4639aa2b6e5357f8d7da4e0001fbbbb9cda","unresolved":false,"context_lines":[{"line_number":48,"context_line":"When provisioning a persistent volume via Cinder CSI with ReadWriteMany"},{"line_number":49,"context_line":"access mode, the persistent volume claimd should specify ``block``"},{"line_number":50,"context_line":"volumeMode (default is ``filesystem``) and reference a Storage Class"},{"line_number":51,"context_line":"corresponding to a Cinder volume type with a ``\"multi_attach\": True``"},{"line_number":52,"context_line":"extra spec."},{"line_number":53,"context_line":""},{"line_number":54,"context_line":"Because OpenShift administrators and all the software that runs on their"}],"source_content_type":"text/x-rst","patch_set":1,"id":"efb94d9a_bda0ece8","line":51,"range":{"start_line":51,"start_character":63,"end_line":51,"end_character":67},"in_reply_to":"217916c0_15aa61ec","updated":"2021-06-16 02:17:54.000000000","message":"Ack","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"ef65f4639aa2b6e5357f8d7da4e0001fbbbb9cda","unresolved":false,"context_lines":[{"line_number":48,"context_line":"When provisioning a persistent volume via Cinder CSI with ReadWriteMany"},{"line_number":49,"context_line":"access mode, the persistent volume claimd should specify ``block``"},{"line_number":50,"context_line":"volumeMode (default is ``filesystem``) and reference a Storage Class"},{"line_number":51,"context_line":"corresponding to a Cinder volume type with a ``\"multi_attach\": True``"},{"line_number":52,"context_line":"extra spec."},{"line_number":53,"context_line":""},{"line_number":54,"context_line":"Because OpenShift administrators and all the software that runs on their"}],"source_content_type":"text/x-rst","patch_set":1,"id":"584791e4_9d2ab03d","line":51,"range":{"start_line":51,"start_character":48,"end_line":51,"end_character":60},"in_reply_to":"27686493_72cb121a","updated":"2021-06-16 02:17:54.000000000","message":"Ack","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"f06f12131f9ee414aa869d1bd10a73be4c321238","unresolved":true,"context_lines":[{"line_number":52,"context_line":"extra spec."},{"line_number":53,"context_line":""},{"line_number":54,"context_line":"Because OpenShift administrators and all the software that runs on their"},{"line_number":55,"context_line":"behalf are in the general case just regulare OpenStack tenants rather"},{"line_number":56,"context_line":"than OpenStack administrators, they currently lack the ability to"},{"line_number":57,"context_line":"discover extra specs for volume types corresponding to their Storage"},{"line_number":58,"context_line":"Classes and are hindered in their ability to “do the right thing” for"}],"source_content_type":"text/x-rst","patch_set":1,"id":"913bb06d_e2f31054","line":55,"range":{"start_line":55,"start_character":36,"end_line":55,"end_character":44},"updated":"2021-06-16 01:48:24.000000000","message":"regulate?","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"ef65f4639aa2b6e5357f8d7da4e0001fbbbb9cda","unresolved":true,"context_lines":[{"line_number":52,"context_line":"extra spec."},{"line_number":53,"context_line":""},{"line_number":54,"context_line":"Because OpenShift administrators and all the software that runs on their"},{"line_number":55,"context_line":"behalf are in the general case just regulare OpenStack tenants rather"},{"line_number":56,"context_line":"than OpenStack administrators, they currently lack the ability to"},{"line_number":57,"context_line":"discover extra specs for volume types corresponding to their Storage"},{"line_number":58,"context_line":"Classes and are hindered in their ability to “do the right thing” for"}],"source_content_type":"text/x-rst","patch_set":1,"id":"c65e7448_84a4c63e","line":55,"range":{"start_line":55,"start_character":36,"end_line":55,"end_character":44},"in_reply_to":"913bb06d_e2f31054","updated":"2021-06-16 02:17:54.000000000","message":"I meant \"regular\", i.e. non-admin.","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"f163851d9fd8828d8c6f4bef2565914d5c36b3b6","unresolved":false,"context_lines":[{"line_number":52,"context_line":"extra spec."},{"line_number":53,"context_line":""},{"line_number":54,"context_line":"Because OpenShift administrators and all the software that runs on their"},{"line_number":55,"context_line":"behalf are in the general case just regulare OpenStack tenants rather"},{"line_number":56,"context_line":"than OpenStack administrators, they currently lack the ability to"},{"line_number":57,"context_line":"discover extra specs for volume types corresponding to their Storage"},{"line_number":58,"context_line":"Classes and are hindered in their ability to “do the right thing” for"}],"source_content_type":"text/x-rst","patch_set":1,"id":"0ac9f21c_fdd6989e","line":55,"range":{"start_line":55,"start_character":36,"end_line":55,"end_character":44},"in_reply_to":"c65e7448_84a4c63e","updated":"2021-06-17 12:02:44.000000000","message":"Done","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"f06f12131f9ee414aa869d1bd10a73be4c321238","unresolved":true,"context_lines":[{"line_number":59,"context_line":"OpenShift users."},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"Cinder CSI now has a ``topology`` feature as well where it will likely"},{"line_number":62,"context_line":"make sense to be able to see ``availability_zone`` extra specs when"},{"line_number":63,"context_line":"setting up Storage Classes corresponding to volume types."},{"line_number":64,"context_line":""},{"line_number":65,"context_line":"Proposed change"}],"source_content_type":"text/x-rst","patch_set":1,"id":"11c1b324_6b14f302","line":62,"range":{"start_line":62,"start_character":31,"end_line":62,"end_character":48},"updated":"2021-06-16 01:48:24.000000000","message":"RESKEY:availability_zones","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"ef65f4639aa2b6e5357f8d7da4e0001fbbbb9cda","unresolved":false,"context_lines":[{"line_number":59,"context_line":"OpenShift users."},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"Cinder CSI now has a ``topology`` feature as well where it will likely"},{"line_number":62,"context_line":"make sense to be able to see ``availability_zone`` extra specs when"},{"line_number":63,"context_line":"setting up Storage Classes corresponding to volume types."},{"line_number":64,"context_line":""},{"line_number":65,"context_line":"Proposed change"}],"source_content_type":"text/x-rst","patch_set":1,"id":"46538c5c_eaa6fe14","line":62,"range":{"start_line":62,"start_character":31,"end_line":62,"end_character":48},"in_reply_to":"11c1b324_6b14f302","updated":"2021-06-16 02:17:54.000000000","message":"Ack","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"04b8727d5b7bff7b49fecc5deb57aaf2eb732889","unresolved":true,"context_lines":[{"line_number":65,"context_line":"Proposed change"},{"line_number":66,"context_line":"---------------"},{"line_number":67,"context_line":""},{"line_number":68,"context_line":"Define a set of ``tenant visible`` extra specs in Cinder code and modify"},{"line_number":69,"context_line":"the REST API view for showing extra specs to reveal these in"},{"line_number":70,"context_line":"non-administrative request contexts. All other extra specs will remain"},{"line_number":71,"context_line":"hidden unless the request has an administrator context."}],"source_content_type":"text/x-rst","patch_set":1,"id":"7ef06c0f_55264e68","line":68,"range":{"start_line":68,"start_character":0,"end_line":68,"end_character":46},"updated":"2021-06-14 14:39:38.000000000","message":"I\u0027d like to assert the intention that this is a fixed set, as opposed to the set of visible specs being configurable by an admin. This could also be touched upon in the \"Alternatives\" section. While I suppose we ~could~ make the tenant visible specs configurable, this would add a lot of extra complexity for a tentative/dubious benefit.\n\nTo that end, can we put a stake in the ground and propose an MVP (minimum viable product) set of tenant visible specs now? That will help keep the discussion focused, and avoid getting distracted by discussing whether any random extra spec X should or should not be tenant visible. Obviously the list of tenant visible specs can evolve once an MVP is in place.","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"3cb84e8445a5729fdc06169f2af40f6fcb451e76","unresolved":false,"context_lines":[{"line_number":65,"context_line":"Proposed change"},{"line_number":66,"context_line":"---------------"},{"line_number":67,"context_line":""},{"line_number":68,"context_line":"Define a set of ``tenant visible`` extra specs in Cinder code and modify"},{"line_number":69,"context_line":"the REST API view for showing extra specs to reveal these in"},{"line_number":70,"context_line":"non-administrative request contexts. All other extra specs will remain"},{"line_number":71,"context_line":"hidden unless the request has an administrator context."}],"source_content_type":"text/x-rst","patch_set":1,"id":"5fd3bcaf_4b72e0a2","line":68,"range":{"start_line":68,"start_character":0,"end_line":68,"end_character":46},"in_reply_to":"10ac4eb9_f35e4096","updated":"2021-06-21 19:36:27.000000000","message":"Done","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"f163851d9fd8828d8c6f4bef2565914d5c36b3b6","unresolved":true,"context_lines":[{"line_number":65,"context_line":"Proposed change"},{"line_number":66,"context_line":"---------------"},{"line_number":67,"context_line":""},{"line_number":68,"context_line":"Define a set of ``tenant visible`` extra specs in Cinder code and modify"},{"line_number":69,"context_line":"the REST API view for showing extra specs to reveal these in"},{"line_number":70,"context_line":"non-administrative request contexts. All other extra specs will remain"},{"line_number":71,"context_line":"hidden unless the request has an administrator context."}],"source_content_type":"text/x-rst","patch_set":1,"id":"10ac4eb9_f35e4096","line":68,"range":{"start_line":68,"start_character":0,"end_line":68,"end_character":46},"in_reply_to":"3d9ba57d_9119f32d","updated":"2021-06-17 12:02:44.000000000","message":"Alan and I discussed this yesterday and he is going to push a revision of the spec with the MVP enumeration of user visible extra specs as well as a discussion of some capabilities that might be included in a future iteration after they are properly represented as extra_specs.","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"8aff474fa00f99de2fcbb5f165bbb1257f071b7e","unresolved":true,"context_lines":[{"line_number":65,"context_line":"Proposed change"},{"line_number":66,"context_line":"---------------"},{"line_number":67,"context_line":""},{"line_number":68,"context_line":"Define a set of ``tenant visible`` extra specs in Cinder code and modify"},{"line_number":69,"context_line":"the REST API view for showing extra specs to reveal these in"},{"line_number":70,"context_line":"non-administrative request contexts. All other extra specs will remain"},{"line_number":71,"context_line":"hidden unless the request has an administrator context."}],"source_content_type":"text/x-rst","patch_set":1,"id":"3d9ba57d_9119f32d","line":68,"range":{"start_line":68,"start_character":0,"end_line":68,"end_character":46},"in_reply_to":"7ef06c0f_55264e68","updated":"2021-06-15 11:24:45.000000000","message":"Agree.","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"f06f12131f9ee414aa869d1bd10a73be4c321238","unresolved":true,"context_lines":[{"line_number":86,"context_line":"not clear how to do this without significant changes to the existing"},{"line_number":87,"context_line":"REST API. Nor in our opinion is it desirable. There are clear cut"},{"line_number":88,"context_line":"examples of backend independent capabilities and features that are"},{"line_number":89,"context_line":"properly the business of any user who is authorized to create shares, so"},{"line_number":90,"context_line":"users should have a reasonable expectation that these can be discovered"},{"line_number":91,"context_line":"without burdening the cloud administrator with the task of constructing"},{"line_number":92,"context_line":"policies for them one by one."}],"source_content_type":"text/x-rst","patch_set":1,"id":"db277d7e_f024b8ef","line":89,"range":{"start_line":89,"start_character":62,"end_line":89,"end_character":68},"updated":"2021-06-16 01:48:24.000000000","message":"volumes?","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"f163851d9fd8828d8c6f4bef2565914d5c36b3b6","unresolved":false,"context_lines":[{"line_number":86,"context_line":"not clear how to do this without significant changes to the existing"},{"line_number":87,"context_line":"REST API. Nor in our opinion is it desirable. There are clear cut"},{"line_number":88,"context_line":"examples of backend independent capabilities and features that are"},{"line_number":89,"context_line":"properly the business of any user who is authorized to create shares, so"},{"line_number":90,"context_line":"users should have a reasonable expectation that these can be discovered"},{"line_number":91,"context_line":"without burdening the cloud administrator with the task of constructing"},{"line_number":92,"context_line":"policies for them one by one."}],"source_content_type":"text/x-rst","patch_set":1,"id":"8573e0f5_39752c83","line":89,"range":{"start_line":89,"start_character":62,"end_line":89,"end_character":68},"in_reply_to":"7af0d15e_89dac683","updated":"2021-06-17 12:02:44.000000000","message":"Done","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"ef65f4639aa2b6e5357f8d7da4e0001fbbbb9cda","unresolved":true,"context_lines":[{"line_number":86,"context_line":"not clear how to do this without significant changes to the existing"},{"line_number":87,"context_line":"REST API. Nor in our opinion is it desirable. There are clear cut"},{"line_number":88,"context_line":"examples of backend independent capabilities and features that are"},{"line_number":89,"context_line":"properly the business of any user who is authorized to create shares, so"},{"line_number":90,"context_line":"users should have a reasonable expectation that these can be discovered"},{"line_number":91,"context_line":"without burdening the cloud administrator with the task of constructing"},{"line_number":92,"context_line":"policies for them one by one."}],"source_content_type":"text/x-rst","patch_set":1,"id":"7af0d15e_89dac683","line":89,"range":{"start_line":89,"start_character":62,"end_line":89,"end_character":68},"in_reply_to":"db277d7e_f024b8ef","updated":"2021-06-16 02:17:54.000000000","message":"heh.  I used to work on Cinder but got used to s/volumes/shares/ when I was moved over to Manila.  Thanks!","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"04b8727d5b7bff7b49fecc5deb57aaf2eb732889","unresolved":true,"context_lines":[{"line_number":99,"context_line":"REST API impact"},{"line_number":100,"context_line":"---------------"},{"line_number":101,"context_line":""},{"line_number":102,"context_line":"Microversion bump and new behavior as describe above."},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"Security impact"},{"line_number":105,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"ad96e14a_3449b333","line":102,"range":{"start_line":102,"start_character":38,"end_line":102,"end_character":46},"updated":"2021-06-14 14:39:38.000000000","message":"grammar nit: \"described\"","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"8aff474fa00f99de2fcbb5f165bbb1257f071b7e","unresolved":false,"context_lines":[{"line_number":99,"context_line":"REST API impact"},{"line_number":100,"context_line":"---------------"},{"line_number":101,"context_line":""},{"line_number":102,"context_line":"Microversion bump and new behavior as describe above."},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"Security impact"},{"line_number":105,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"d31ae5d9_bae3cf59","line":102,"range":{"start_line":102,"start_character":38,"end_line":102,"end_character":46},"in_reply_to":"ad96e14a_3449b333","updated":"2021-06-15 11:24:45.000000000","message":"Ack","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"04b8727d5b7bff7b49fecc5deb57aaf2eb732889","unresolved":true,"context_lines":[{"line_number":145,"context_line":"Assignee(s)"},{"line_number":146,"context_line":"~~~~~~~~~~~"},{"line_number":147,"context_line":""},{"line_number":148,"context_line":"Primary assignee: abishop"},{"line_number":149,"context_line":""},{"line_number":150,"context_line":"Work Items"},{"line_number":151,"context_line":"~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":1,"id":"5a5c6576_ddb499c5","line":148,"range":{"start_line":148,"start_character":18,"end_line":148,"end_character":25},"updated":"2021-06-14 14:39:38.000000000","message":"wait, what?\n\n:D","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"3cb84e8445a5729fdc06169f2af40f6fcb451e76","unresolved":false,"context_lines":[{"line_number":145,"context_line":"Assignee(s)"},{"line_number":146,"context_line":"~~~~~~~~~~~"},{"line_number":147,"context_line":""},{"line_number":148,"context_line":"Primary assignee: abishop"},{"line_number":149,"context_line":""},{"line_number":150,"context_line":"Work Items"},{"line_number":151,"context_line":"~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":1,"id":"d73b965c_7268c496","line":148,"range":{"start_line":148,"start_character":18,"end_line":148,"end_character":25},"in_reply_to":"5a5c6576_ddb499c5","updated":"2021-06-21 19:36:27.000000000","message":"Marking this resolved because I\u0027m resolved to doing the work.","commit_id":"137eea2092e67e9d7853da8c70f75159c4d86d4a"}],"specs/xena/expose-cinder-user-visible-extra-specs-spec.rst":[{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"cf77ff63b96d42937767633a0ca415b759f73b96","unresolved":true,"context_lines":[{"line_number":67,"context_line":""},{"line_number":68,"context_line":"Define a set of ``user visible`` extra specs in Cinder code and modify"},{"line_number":69,"context_line":"the REST API view for showing extra specs to reveal these in"},{"line_number":70,"context_line":"non-administrative request contexts. All other extra specs will remain"},{"line_number":71,"context_line":"hidden unless the request has an administrator context."},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"The initial set of ``user visible`` extra specs is sufficient to establish"}],"source_content_type":"text/x-rst","patch_set":3,"id":"7091b483_a3d51ebe","line":70,"updated":"2021-06-19 19:48:35.000000000","message":"We can say that policy will be used to enforce the *view* of extra specs -- administrators will see *all* extra specs whereas other users will see only *user visible* extra specs -- rather than forbidding use of REST APIs that get or list extra specs altogether to non-administrators.","commit_id":"51c25b607382cedb3e592f235d617f903b35e7af"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"3cb84e8445a5729fdc06169f2af40f6fcb451e76","unresolved":false,"context_lines":[{"line_number":67,"context_line":""},{"line_number":68,"context_line":"Define a set of ``user visible`` extra specs in Cinder code and modify"},{"line_number":69,"context_line":"the REST API view for showing extra specs to reveal these in"},{"line_number":70,"context_line":"non-administrative request contexts. All other extra specs will remain"},{"line_number":71,"context_line":"hidden unless the request has an administrator context."},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"The initial set of ``user visible`` extra specs is sufficient to establish"}],"source_content_type":"text/x-rst","patch_set":3,"id":"4d4993a7_1aa6bc50","line":70,"in_reply_to":"7091b483_a3d51ebe","updated":"2021-06-21 19:36:27.000000000","message":"Done","commit_id":"51c25b607382cedb3e592f235d617f903b35e7af"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"ab472f4226026d49faaa543d1c2152793eff4cec","unresolved":true,"context_lines":[{"line_number":79,"context_line":"- ``RESKEY:availability_zones``"},{"line_number":80,"context_line":"- ``replication``"},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"The list can be easily extended to support additional volume characteristics"},{"line_number":83,"context_line":"that can be expressed in an extra spec. For example, it might be useful to"},{"line_number":84,"context_line":"know whether a volume type provides volumes that support online extend, but"},{"line_number":85,"context_line":"there currently is no extra spec associated with that feature."}],"source_content_type":"text/x-rst","patch_set":3,"id":"2be5cc21_8c2980cd","line":82,"range":{"start_line":82,"start_character":9,"end_line":82,"end_character":31},"updated":"2021-06-18 13:50:27.000000000","message":"Are you proposing that this list be an operator config option, or will operators have to file a bug to get a new extra spec key exposed? (In other words, who will do this \"easy extension\", operators themselves or cinder developers?)","commit_id":"51c25b607382cedb3e592f235d617f903b35e7af"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"cf77ff63b96d42937767633a0ca415b759f73b96","unresolved":true,"context_lines":[{"line_number":79,"context_line":"- ``RESKEY:availability_zones``"},{"line_number":80,"context_line":"- ``replication``"},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"The list can be easily extended to support additional volume characteristics"},{"line_number":83,"context_line":"that can be expressed in an extra spec. For example, it might be useful to"},{"line_number":84,"context_line":"know whether a volume type provides volumes that support online extend, but"},{"line_number":85,"context_line":"there currently is no extra spec associated with that feature."}],"source_content_type":"text/x-rst","patch_set":3,"id":"477610a3_f7ba9f2e","line":82,"range":{"start_line":82,"start_character":9,"end_line":82,"end_character":31},"in_reply_to":"2ad3d4cf_8d8f532e","updated":"2021-06-19 19:48:35.000000000","message":"Yes, the \"ease\" (for developers) is that when this spec is implemented, a framework will be in place such that to expose a new abstract capability or feature, one needs only to:\n   1) bump microversion\n   2) if the capability (e.g. online volume extension) doesn\u0027t currently have a corresponding extra_spec, add one; if it does, just go to #3\n   3) add an element to the set defined (in the prototype) at https://review.opendev.org/c/openstack/cinder/+/797170/1/cinder/common/constants.py#33","commit_id":"51c25b607382cedb3e592f235d617f903b35e7af"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"74e0ada54aebcb5c7d631625f0a7d68c1d857364","unresolved":true,"context_lines":[{"line_number":79,"context_line":"- ``RESKEY:availability_zones``"},{"line_number":80,"context_line":"- ``replication``"},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"The list can be easily extended to support additional volume characteristics"},{"line_number":83,"context_line":"that can be expressed in an extra spec. For example, it might be useful to"},{"line_number":84,"context_line":"know whether a volume type provides volumes that support online extend, but"},{"line_number":85,"context_line":"there currently is no extra spec associated with that feature."}],"source_content_type":"text/x-rst","patch_set":3,"id":"2ad3d4cf_8d8f532e","line":82,"range":{"start_line":82,"start_character":9,"end_line":82,"end_character":31},"in_reply_to":"2be5cc21_8c2980cd","updated":"2021-06-18 14:17:18.000000000","message":"The latter (extended by updating the cinder code). I\u0027ll clarify this point in an update.","commit_id":"51c25b607382cedb3e592f235d617f903b35e7af"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"3cb84e8445a5729fdc06169f2af40f6fcb451e76","unresolved":false,"context_lines":[{"line_number":79,"context_line":"- ``RESKEY:availability_zones``"},{"line_number":80,"context_line":"- ``replication``"},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"The list can be easily extended to support additional volume characteristics"},{"line_number":83,"context_line":"that can be expressed in an extra spec. For example, it might be useful to"},{"line_number":84,"context_line":"know whether a volume type provides volumes that support online extend, but"},{"line_number":85,"context_line":"there currently is no extra spec associated with that feature."}],"source_content_type":"text/x-rst","patch_set":3,"id":"b17b64c7_f6cea23a","line":82,"range":{"start_line":82,"start_character":9,"end_line":82,"end_character":31},"in_reply_to":"477610a3_f7ba9f2e","updated":"2021-06-21 19:36:27.000000000","message":"Done","commit_id":"51c25b607382cedb3e592f235d617f903b35e7af"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"ab472f4226026d49faaa543d1c2152793eff4cec","unresolved":true,"context_lines":[{"line_number":113,"context_line":"REST API impact"},{"line_number":114,"context_line":"---------------"},{"line_number":115,"context_line":""},{"line_number":116,"context_line":"Microversion bump and new behavior as described above."},{"line_number":117,"context_line":""},{"line_number":118,"context_line":"Security impact"},{"line_number":119,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"d15205a7_4735da7e","line":116,"updated":"2021-06-18 13:50:27.000000000","message":"Please include a sample JSON repsonse body showing how you intend to display these.  Will they be included as top-level items in the volume-type response, or within an extra_specs object?\n\nAlso, please specify what API calls this will affect.  Since you\u0027ve said that you don\u0027t want this to be controlled by policy, I take it that a non-admin user won\u0027t be able to make these calls:\n\n  GET /v3/{project_id}/types/{volume_type_id}/extra_specs\n  GET /v3/{project_id}/types/{volume_type_id}/extra_specs/{key}","commit_id":"51c25b607382cedb3e592f235d617f903b35e7af"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"3cb84e8445a5729fdc06169f2af40f6fcb451e76","unresolved":false,"context_lines":[{"line_number":113,"context_line":"REST API impact"},{"line_number":114,"context_line":"---------------"},{"line_number":115,"context_line":""},{"line_number":116,"context_line":"Microversion bump and new behavior as described above."},{"line_number":117,"context_line":""},{"line_number":118,"context_line":"Security impact"},{"line_number":119,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"ee33b65a_48f465ee","line":116,"in_reply_to":"2850d577_026d0f51","updated":"2021-06-21 19:36:27.000000000","message":"Done","commit_id":"51c25b607382cedb3e592f235d617f903b35e7af"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"74e0ada54aebcb5c7d631625f0a7d68c1d857364","unresolved":true,"context_lines":[{"line_number":113,"context_line":"REST API impact"},{"line_number":114,"context_line":"---------------"},{"line_number":115,"context_line":""},{"line_number":116,"context_line":"Microversion bump and new behavior as described above."},{"line_number":117,"context_line":""},{"line_number":118,"context_line":"Security impact"},{"line_number":119,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"e8820ac9_450a5c8f","line":116,"in_reply_to":"d15205a7_4735da7e","updated":"2021-06-18 14:17:18.000000000","message":"This will require a little research to generate a full response, but the basic idea is these user visible specs will be included in existing API responses that already report extra specs (that are currently visible to admins).","commit_id":"51c25b607382cedb3e592f235d617f903b35e7af"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"cf77ff63b96d42937767633a0ca415b759f73b96","unresolved":true,"context_lines":[{"line_number":113,"context_line":"REST API impact"},{"line_number":114,"context_line":"---------------"},{"line_number":115,"context_line":""},{"line_number":116,"context_line":"Microversion bump and new behavior as described above."},{"line_number":117,"context_line":""},{"line_number":118,"context_line":"Security impact"},{"line_number":119,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"f798d564_3c8a26a0","line":116,"in_reply_to":"e8820ac9_450a5c8f","updated":"2021-06-19 19:48:35.000000000","message":"I think today the extra specs are only revealed via volume types (cinder client \u0027cinder extra-specs-list\u0027 command actually lists the volume types and there is no \u0027cinder extra-specs-show\u0027 command).  One could reasonably argue for a direct extra specs endpoint but that is more change than needed to get what we need.\n\nI think we need just the two API calls that Brian cites above.  Today the second is Forbidden to non-admin users and the first returns an empty set of extra_specs to non-admin users.  With the implementation of this spec neither will be Forbidden to non-admin users.  Admin users and non-admin users will both get a set of extra specs in the API response but the contents of that set will be restricted (via REST view) to user-visible extra specs for non-admin users.\n\nThe API reference [1] currently shows these response examples:\n\n   GET /v3/{project_id}/types/{volume_type_id}/extra_specs\n  \n     {\n        \"extra_specs\": {\n            \"capabilities\": \"gpu\"\n         }\n     }\n\n   GET /v3/{project_id}/types/{volume_type_id}/extra_specs/{key}\n\n    {\n        \"capabilities\": \"gpu\"\n    }\n\nWe should change these to have Cinder rather than Nova content.  For example, assuming\na volume-type with two extra_specs, the abstract, backend-independent, user-visible ``multiattach`` and the backend revealing ``volume_backend_name``, then for this request\n \n    GET /v3/{project_id}/types/{volume_type_id}/extra_specs\n\nan administrator might see:\n\n    {\n        \"extra_specs\": {\n            \"multiattach\": True,\n            \"volume_backend_name\": \"ExpensiveSecetiveVendor\"\n         }\n     }\n\nwhereas a non-administrator would see:\n\n    {\n        \"extra_specs\": {\n            \"multiattach\": True,\n         }\n     }\n\nFor\n\n   GET /v3/{project_id}/types/{volume_type_id}/extra_specs/multipath\n\nadministrators and non-administrators would both see:\n\n    {\n        \"multiattach\": True\n    }\n\n\nFor \n\n   GET /v3/{project_id}/types/{volume_type_id}/extra_specs/volume_backend_name\n\nan administrator would see:\n\n    {\n        \"volume_backend_name\": \"ExpensiveSecretiveVendor\"\n    }\n\nwhereas non-admins would get a 404 response:\n\n    {\"itemNotFound\": \n      {\"code\": 404, \"message\": \"Volume Type 86107076-d7e4-4c16-8cb3-da3fb910d628 has no extra specs with key volume_backend_name.\"\n      }\n    }\n\n[1] https://docs.openstack.org/api-ref/block-storage/v3/index.html#volume-types-types","commit_id":"51c25b607382cedb3e592f235d617f903b35e7af"},{"author":{"_account_id":9555,"name":"Matthew Booth","email":"mbooth@redhat.com","username":"MatthewBooth"},"change_message_id":"f0b471cb8969a9855a4f39ba2c65dfc80d27f126","unresolved":true,"context_lines":[{"line_number":113,"context_line":"REST API impact"},{"line_number":114,"context_line":"---------------"},{"line_number":115,"context_line":""},{"line_number":116,"context_line":"Microversion bump and new behavior as described above."},{"line_number":117,"context_line":""},{"line_number":118,"context_line":"Security impact"},{"line_number":119,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"867cc7a0_3304c522","line":116,"in_reply_to":"e8820ac9_450a5c8f","updated":"2021-06-18 15:51:27.000000000","message":"It feels inconsistent that we wouldn\u0027t also return the same set of extraspecs via the extraspecs endpoints, but as an end-user I don\u0027t think it would affect me: OpenShift will mostly likely just pull the type and look for multiattach.","commit_id":"51c25b607382cedb3e592f235d617f903b35e7af"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"8a4e4d19599d12cc57e07fb591cf1f0a2ca88ab4","unresolved":true,"context_lines":[{"line_number":113,"context_line":"REST API impact"},{"line_number":114,"context_line":"---------------"},{"line_number":115,"context_line":""},{"line_number":116,"context_line":"Microversion bump and new behavior as described above."},{"line_number":117,"context_line":""},{"line_number":118,"context_line":"Security impact"},{"line_number":119,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"2850d577_026d0f51","line":116,"in_reply_to":"f798d564_3c8a26a0","updated":"2021-06-21 14:29:23.000000000","message":"Three endpoints are affected:\n\n1. /v3/{project_id}/types/{volume_type_id}\n2. /v3/{project_id}/types/{volume_type_id}/extra_specs\n3. /v3/{project_id}/types/{volume_type_id}/extra_specs/{key}\n\nI already had 1. in mind, and now that I\u0027m familiar with 2 and 3 I see they also provide visibility to the same data, so it makes sense to relax the policy to allow users to use those endpoints. The data returned will be consistent with what we\u0027ve discussed: users will see the \u0027user visible\u0027 specs and admins will see all of them.\n\nI will post an update with examples.","commit_id":"51c25b607382cedb3e592f235d617f903b35e7af"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"ab472f4226026d49faaa543d1c2152793eff4cec","unresolved":true,"context_lines":[{"line_number":119,"context_line":"---------------"},{"line_number":120,"context_line":""},{"line_number":121,"context_line":"None. Care will be taken to exclude extra specs that reveal back end"},{"line_number":122,"context_line":"details from the list of user visible extra specs."},{"line_number":123,"context_line":""},{"line_number":124,"context_line":"Active/Active HA impact"},{"line_number":125,"context_line":"-----------------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"74f145c7_15179090","line":122,"updated":"2021-06-18 13:50:27.000000000","message":"I guess this means that this won\u0027t be configurable, or do you mean the default list won\u0027t reveal backend details?","commit_id":"51c25b607382cedb3e592f235d617f903b35e7af"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"3cb84e8445a5729fdc06169f2af40f6fcb451e76","unresolved":false,"context_lines":[{"line_number":119,"context_line":"---------------"},{"line_number":120,"context_line":""},{"line_number":121,"context_line":"None. Care will be taken to exclude extra specs that reveal back end"},{"line_number":122,"context_line":"details from the list of user visible extra specs."},{"line_number":123,"context_line":""},{"line_number":124,"context_line":"Active/Active HA impact"},{"line_number":125,"context_line":"-----------------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"722546fa_2fae1ed3","line":122,"in_reply_to":"04077ef0_ec2ca464","updated":"2021-06-21 19:36:27.000000000","message":"Done","commit_id":"51c25b607382cedb3e592f235d617f903b35e7af"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"74e0ada54aebcb5c7d631625f0a7d68c1d857364","unresolved":true,"context_lines":[{"line_number":119,"context_line":"---------------"},{"line_number":120,"context_line":""},{"line_number":121,"context_line":"None. Care will be taken to exclude extra specs that reveal back end"},{"line_number":122,"context_line":"details from the list of user visible extra specs."},{"line_number":123,"context_line":""},{"line_number":124,"context_line":"Active/Active HA impact"},{"line_number":125,"context_line":"-----------------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"7c6c1351_293453b4","line":122,"in_reply_to":"74f145c7_15179090","updated":"2021-06-18 14:17:18.000000000","message":"The list of user visible specs is codified in the code. The \"care will be taken\" expression means any future changes to the list of user visible specs are required to take this consideration into account.\n\nPerhaps this will be clearer if I update \"care will be taken\" to \"care has been taken.\"","commit_id":"51c25b607382cedb3e592f235d617f903b35e7af"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"cf77ff63b96d42937767633a0ca415b759f73b96","unresolved":true,"context_lines":[{"line_number":119,"context_line":"---------------"},{"line_number":120,"context_line":""},{"line_number":121,"context_line":"None. Care will be taken to exclude extra specs that reveal back end"},{"line_number":122,"context_line":"details from the list of user visible extra specs."},{"line_number":123,"context_line":""},{"line_number":124,"context_line":"Active/Active HA impact"},{"line_number":125,"context_line":"-----------------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"04077ef0_ec2ca464","line":122,"in_reply_to":"7c6c1351_293453b4","updated":"2021-06-19 19:48:35.000000000","message":"How about we say \"The set of user visible extra specs is hard coded and does not include extra specs that reveal back end details.\"","commit_id":"51c25b607382cedb3e592f235d617f903b35e7af"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"cf77ff63b96d42937767633a0ca415b759f73b96","unresolved":true,"context_lines":[{"line_number":191,"context_line":"----------"},{"line_number":192,"context_line":""},{"line_number":193,"context_line":"Prototype of the REST API change: \\*"},{"line_number":194,"context_line":"https://review.opendev.org/c/openstack/cinder/+/796049"}],"source_content_type":"text/x-rst","patch_set":3,"id":"167f7805_1e1fe8b6","line":194,"updated":"2021-06-19 19:48:35.000000000","message":"I\u0027ve updated this prototype to behave as indicated in my comment in the REST API impact section above.","commit_id":"51c25b607382cedb3e592f235d617f903b35e7af"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"3cb84e8445a5729fdc06169f2af40f6fcb451e76","unresolved":false,"context_lines":[{"line_number":191,"context_line":"----------"},{"line_number":192,"context_line":""},{"line_number":193,"context_line":"Prototype of the REST API change: \\*"},{"line_number":194,"context_line":"https://review.opendev.org/c/openstack/cinder/+/796049"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3ad9db7d_4a05b950","line":194,"in_reply_to":"167f7805_1e1fe8b6","updated":"2021-06-21 19:36:27.000000000","message":"Ack","commit_id":"51c25b607382cedb3e592f235d617f903b35e7af"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"b46c111cdfb232d4adfc44e30b6c8c61dc762d16","unresolved":true,"context_lines":[{"line_number":74,"context_line":""},{"line_number":75,"context_line":"- ``multiattach``"},{"line_number":76,"context_line":"- ``RESKEY:availability_zones``"},{"line_number":77,"context_line":"- ``replication``"},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"The set of ``user visible`` extra specs will be a fixed list defined in the"},{"line_number":80,"context_line":"Cinder code, and can be extended but only by enhancing the code. Future"}],"source_content_type":"text/x-rst","patch_set":6,"id":"5647257c_52398a99","line":77,"range":{"start_line":77,"start_character":4,"end_line":77,"end_character":15},"updated":"2021-06-23 08:29:58.000000000","message":"replication_enabled","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"f9018d281893e6f80b9c94d5bbb1bc0f9d5a0338","unresolved":false,"context_lines":[{"line_number":74,"context_line":""},{"line_number":75,"context_line":"- ``multiattach``"},{"line_number":76,"context_line":"- ``RESKEY:availability_zones``"},{"line_number":77,"context_line":"- ``replication``"},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"The set of ``user visible`` extra specs will be a fixed list defined in the"},{"line_number":80,"context_line":"Cinder code, and can be extended but only by enhancing the code. Future"}],"source_content_type":"text/x-rst","patch_set":6,"id":"631cfa82_77a544e2","line":77,"range":{"start_line":77,"start_character":4,"end_line":77,"end_character":15},"in_reply_to":"3b28f590_e92c88ce","updated":"2021-06-23 13:49:33.000000000","message":"Done","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"3e828b97e117220cf9321365a93735a9b32e8dec","unresolved":true,"context_lines":[{"line_number":74,"context_line":""},{"line_number":75,"context_line":"- ``multiattach``"},{"line_number":76,"context_line":"- ``RESKEY:availability_zones``"},{"line_number":77,"context_line":"- ``replication``"},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"The set of ``user visible`` extra specs will be a fixed list defined in the"},{"line_number":80,"context_line":"Cinder code, and can be extended but only by enhancing the code. Future"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3b28f590_e92c88ce","line":77,"range":{"start_line":77,"start_character":4,"end_line":77,"end_character":15},"in_reply_to":"5647257c_52398a99","updated":"2021-06-23 10:35:16.000000000","message":"Thank you.","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"b46c111cdfb232d4adfc44e30b6c8c61dc762d16","unresolved":true,"context_lines":[{"line_number":79,"context_line":"The set of ``user visible`` extra specs will be a fixed list defined in the"},{"line_number":80,"context_line":"Cinder code, and can be extended but only by enhancing the code. Future"},{"line_number":81,"context_line":"updates can support additional volume characteristics that can be expressed with"},{"line_number":82,"context_line":"an extra spec. For example, it might be useful for users to know whether a"},{"line_number":83,"context_line":"volume type provides volumes that support online extend, but there currently"},{"line_number":84,"context_line":"is no extra spec associated with that feature."},{"line_number":85,"context_line":""},{"line_number":86,"context_line":"The REST API behavior will be policy based, and not require a new"},{"line_number":87,"context_line":"microversion. The existing policy for accessing extra specs will remain, and a"}],"source_content_type":"text/x-rst","patch_set":6,"id":"ea802754_d87de3de","line":84,"range":{"start_line":82,"start_character":28,"end_line":84,"end_character":46},"updated":"2021-06-23 08:29:58.000000000","message":"I\u0027m not sure if it is a useful information to users but we can also add an extra spec for encryption. Currently the code queries database for encryption type associated with volume type and whether a volume type supports encryption or not is not directly visible to users. Also the encryption type API is also admin only.","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"f9018d281893e6f80b9c94d5bbb1bc0f9d5a0338","unresolved":true,"context_lines":[{"line_number":79,"context_line":"The set of ``user visible`` extra specs will be a fixed list defined in the"},{"line_number":80,"context_line":"Cinder code, and can be extended but only by enhancing the code. Future"},{"line_number":81,"context_line":"updates can support additional volume characteristics that can be expressed with"},{"line_number":82,"context_line":"an extra spec. For example, it might be useful for users to know whether a"},{"line_number":83,"context_line":"volume type provides volumes that support online extend, but there currently"},{"line_number":84,"context_line":"is no extra spec associated with that feature."},{"line_number":85,"context_line":""},{"line_number":86,"context_line":"The REST API behavior will be policy based, and not require a new"},{"line_number":87,"context_line":"microversion. The existing policy for accessing extra specs will remain, and a"}],"source_content_type":"text/x-rst","patch_set":6,"id":"6ac4a8a0_ed22bb20","line":84,"range":{"start_line":82,"start_character":28,"end_line":84,"end_character":46},"in_reply_to":"ea802754_d87de3de","updated":"2021-06-23 13:49:33.000000000","message":"This example is just meant to highlight the fact that any characteristic that users would like to be \"visible\" need to be represented as an extra spec. Encryption is another example.","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"b46c111cdfb232d4adfc44e30b6c8c61dc762d16","unresolved":true,"context_lines":[{"line_number":109,"context_line":"volume_extension:access_types_extra_specs         any authorized user"},{"line_number":110,"context_line":"volume_extension:types_extra_specs:index          any authorized user"},{"line_number":111,"context_line":"volume_extension:types_extra_specs:show           any authorized user"},{"line_number":112,"context_line":"volume_extension:types_extra_specs:read_sensitive admin-only"},{"line_number":113,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":114,"context_line":""},{"line_number":115,"context_line":"The new ``volume_extension:types_extra_specs:read_sensitive`` policy will"}],"source_content_type":"text/x-rst","patch_set":6,"id":"13cdad6b_7c0441e6","line":112,"range":{"start_line":112,"start_character":0,"end_line":112,"end_character":60},"updated":"2021-06-23 08:29:58.000000000","message":"I\u0027m not sure i completely understand the design here, why do we need a new policy?\nCan\u0027t we just check if a user is admin or not like[1] and replace the extra specs with user visible extra specs like we do with admin_metadata[2]\n\n[1] https://github.com/openstack/cinder/blob/master/cinder/api/v3/views/volumes.py#L54\n[2] https://github.com/openstack/cinder/blob/master/cinder/api/api_utils.py#L78-L95","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"3e828b97e117220cf9321365a93735a9b32e8dec","unresolved":true,"context_lines":[{"line_number":109,"context_line":"volume_extension:access_types_extra_specs         any authorized user"},{"line_number":110,"context_line":"volume_extension:types_extra_specs:index          any authorized user"},{"line_number":111,"context_line":"volume_extension:types_extra_specs:show           any authorized user"},{"line_number":112,"context_line":"volume_extension:types_extra_specs:read_sensitive admin-only"},{"line_number":113,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":114,"context_line":""},{"line_number":115,"context_line":"The new ``volume_extension:types_extra_specs:read_sensitive`` policy will"}],"source_content_type":"text/x-rst","patch_set":6,"id":"193b31b5_a555756d","line":112,"range":{"start_line":112,"start_character":0,"end_line":112,"end_character":60},"in_reply_to":"13cdad6b_7c0441e6","updated":"2021-06-23 10:35:16.000000000","message":"In the prototype I was originally checking context.is_admin as you suggest but as Brian pointed out, with the secure RBAC initiative checks of these type are supposed to be replaced with policies with explicit scope (project, domain, system) so we don\u0027t want to be adding more instances of context.is_admin.","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"f9018d281893e6f80b9c94d5bbb1bc0f9d5a0338","unresolved":true,"context_lines":[{"line_number":109,"context_line":"volume_extension:access_types_extra_specs         any authorized user"},{"line_number":110,"context_line":"volume_extension:types_extra_specs:index          any authorized user"},{"line_number":111,"context_line":"volume_extension:types_extra_specs:show           any authorized user"},{"line_number":112,"context_line":"volume_extension:types_extra_specs:read_sensitive admin-only"},{"line_number":113,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":114,"context_line":""},{"line_number":115,"context_line":"The new ``volume_extension:types_extra_specs:read_sensitive`` policy will"}],"source_content_type":"text/x-rst","patch_set":6,"id":"d7c86df9_32f54326","line":112,"range":{"start_line":112,"start_character":0,"end_line":112,"end_character":60},"in_reply_to":"193b31b5_a555756d","updated":"2021-06-23 13:49:33.000000000","message":"As Tom indicated, the new policy was introduced in response to Brian\u0027s previous comment regarding the use of admin context.","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"6b0da2b277281319a27b3e771bd5c8930e7ded75","unresolved":true,"context_lines":[{"line_number":165,"context_line":"GET /v3/{project_id}/types/{volume_type_id}"},{"line_number":166,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":167,"context_line":""},{"line_number":168,"context_line":"With a non-administrative context, the ``extra_specs`` field is present but"},{"line_number":169,"context_line":"only ``user visible`` entries are present:"},{"line_number":170,"context_line":""},{"line_number":171,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":6,"id":"48740691_d7beeee9","line":168,"range":{"start_line":168,"start_character":0,"end_line":168,"end_character":33},"updated":"2021-06-22 21:42:42.000000000","message":"I know what you mean, but it would be more exact to say something like \"When the requester does not satisfy the ``read_sensitive`` policy, \" (mainly to make it clear that whether the sensitive fields are shown is determined by this policy, not by other characteristics of the requester).","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"f9018d281893e6f80b9c94d5bbb1bc0f9d5a0338","unresolved":false,"context_lines":[{"line_number":165,"context_line":"GET /v3/{project_id}/types/{volume_type_id}"},{"line_number":166,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":167,"context_line":""},{"line_number":168,"context_line":"With a non-administrative context, the ``extra_specs`` field is present but"},{"line_number":169,"context_line":"only ``user visible`` entries are present:"},{"line_number":170,"context_line":""},{"line_number":171,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":6,"id":"e77a0caf_038f473e","line":168,"range":{"start_line":168,"start_character":0,"end_line":168,"end_character":33},"in_reply_to":"48740691_d7beeee9","updated":"2021-06-23 13:49:33.000000000","message":"Ack, I\u0027ll update the text (here and elsewhere) to refer to the read_sensitive policy.","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"6b0da2b277281319a27b3e771bd5c8930e7ded75","unresolved":true,"context_lines":[{"line_number":191,"context_line":"      }"},{"line_number":192,"context_line":"  }"},{"line_number":193,"context_line":""},{"line_number":194,"context_line":"With an administrative context the full list of ``extra_specs`` is returned"},{"line_number":195,"context_line":"(no change)."},{"line_number":196,"context_line":""},{"line_number":197,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":6,"id":"bc544ae7_b0a3da1d","line":194,"range":{"start_line":194,"start_character":0,"end_line":194,"end_character":30},"updated":"2021-06-22 21:42:42.000000000","message":"\"When the ``read_sensitive`` policy is satisfied (by default, this will be the case only for administrators), \"","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"f9018d281893e6f80b9c94d5bbb1bc0f9d5a0338","unresolved":false,"context_lines":[{"line_number":191,"context_line":"      }"},{"line_number":192,"context_line":"  }"},{"line_number":193,"context_line":""},{"line_number":194,"context_line":"With an administrative context the full list of ``extra_specs`` is returned"},{"line_number":195,"context_line":"(no change)."},{"line_number":196,"context_line":""},{"line_number":197,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":6,"id":"d0528e92_c5e318aa","line":194,"range":{"start_line":194,"start_character":0,"end_line":194,"end_character":30},"in_reply_to":"bc544ae7_b0a3da1d","updated":"2021-06-23 13:49:33.000000000","message":"Done","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"6b0da2b277281319a27b3e771bd5c8930e7ded75","unresolved":true,"context_lines":[{"line_number":222,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":223,"context_line":""},{"line_number":224,"context_line":"The policy will be updated to allow non-administrative access to this"},{"line_number":225,"context_line":"API. But, similar to above, for non-administrative requests the list of"},{"line_number":226,"context_line":"``extra_specs`` will be limited to those that are ``user visible``."},{"line_number":227,"context_line":""},{"line_number":228,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":6,"id":"79c26db7_f5d4639f","line":225,"range":{"start_line":225,"start_character":28,"end_line":225,"end_character":59},"updated":"2021-06-22 21:42:42.000000000","message":"(I\u0027ve got no objection to your phrasing here -- my hangup with your saying \"administrative context\" above is that it\u0027s ambiguous because the old way of doing policies recognized a thing called \"the administrative context\", and I want the spec to be clear that we are definitely *not* doing that).","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"2d38144a3d47810688426ad43c8e6c1653a66dc9","unresolved":true,"context_lines":[{"line_number":222,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":223,"context_line":""},{"line_number":224,"context_line":"The policy will be updated to allow non-administrative access to this"},{"line_number":225,"context_line":"API. But, similar to above, for non-administrative requests the list of"},{"line_number":226,"context_line":"``extra_specs`` will be limited to those that are ``user visible``."},{"line_number":227,"context_line":""},{"line_number":228,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":6,"id":"cc1efc88_77bb61cf","line":225,"range":{"start_line":225,"start_character":28,"end_line":225,"end_character":59},"in_reply_to":"79c26db7_f5d4639f","updated":"2021-06-22 23:32:34.000000000","message":"I like the suggestions about satisfaction of the ``read_sensistive`` policy rather than (my original phrasing) \"administrative context\" because the latter suggests that we want to use  the deprecated context.is_admin() method rather than a policy check.","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"f9018d281893e6f80b9c94d5bbb1bc0f9d5a0338","unresolved":false,"context_lines":[{"line_number":222,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":223,"context_line":""},{"line_number":224,"context_line":"The policy will be updated to allow non-administrative access to this"},{"line_number":225,"context_line":"API. But, similar to above, for non-administrative requests the list of"},{"line_number":226,"context_line":"``extra_specs`` will be limited to those that are ``user visible``."},{"line_number":227,"context_line":""},{"line_number":228,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":6,"id":"9885bbd4_a46a5c9b","line":225,"range":{"start_line":225,"start_character":28,"end_line":225,"end_character":59},"in_reply_to":"cc1efc88_77bb61cf","updated":"2021-06-23 13:49:33.000000000","message":"Yeah, I need to globally update the doc to replace references to \"admin context\" with the new \"read_sensitive\" policy.","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"6b0da2b277281319a27b3e771bd5c8930e7ded75","unresolved":true,"context_lines":[{"line_number":240,"context_line":"      }"},{"line_number":241,"context_line":"  }"},{"line_number":242,"context_line":""},{"line_number":243,"context_line":"If there are no ``user_visible`` extra specs then an empty dictionary will be"},{"line_number":244,"context_line":"returned."},{"line_number":245,"context_line":""},{"line_number":246,"context_line":".. code-block:: python"}],"source_content_type":"text/x-rst","patch_set":6,"id":"77706247_6b44f6ed","line":243,"range":{"start_line":243,"start_character":0,"end_line":243,"end_character":44},"updated":"2021-06-22 21:42:42.000000000","message":"\"If there are no ``user_visible`` extra specs defined for the specified volume type, \"","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"f9018d281893e6f80b9c94d5bbb1bc0f9d5a0338","unresolved":false,"context_lines":[{"line_number":240,"context_line":"      }"},{"line_number":241,"context_line":"  }"},{"line_number":242,"context_line":""},{"line_number":243,"context_line":"If there are no ``user_visible`` extra specs then an empty dictionary will be"},{"line_number":244,"context_line":"returned."},{"line_number":245,"context_line":""},{"line_number":246,"context_line":".. code-block:: python"}],"source_content_type":"text/x-rst","patch_set":6,"id":"569c053b_b979d464","line":243,"range":{"start_line":243,"start_character":0,"end_line":243,"end_character":44},"in_reply_to":"77706247_6b44f6ed","updated":"2021-06-23 13:49:33.000000000","message":"Done","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"6b0da2b277281319a27b3e771bd5c8930e7ded75","unresolved":true,"context_lines":[{"line_number":249,"context_line":"      \"extra_specs\": {}"},{"line_number":250,"context_line":"  }"},{"line_number":251,"context_line":""},{"line_number":252,"context_line":"There is no change when the request contains an administrative context."},{"line_number":253,"context_line":""},{"line_number":254,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":255,"context_line":"Policy                                            Context"}],"source_content_type":"text/x-rst","patch_set":6,"id":"4c89b338_f08bfbf8","line":252,"range":{"start_line":252,"start_character":0,"end_line":252,"end_character":71},"updated":"2021-06-22 21:42:42.000000000","message":"Maybe:\n\nWhen made by an administrator, the response will be the complete set of extra specs (no change from current behavior).","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"f9018d281893e6f80b9c94d5bbb1bc0f9d5a0338","unresolved":false,"context_lines":[{"line_number":249,"context_line":"      \"extra_specs\": {}"},{"line_number":250,"context_line":"  }"},{"line_number":251,"context_line":""},{"line_number":252,"context_line":"There is no change when the request contains an administrative context."},{"line_number":253,"context_line":""},{"line_number":254,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":255,"context_line":"Policy                                            Context"}],"source_content_type":"text/x-rst","patch_set":6,"id":"91aba13d_0ab0ade0","line":252,"range":{"start_line":252,"start_character":0,"end_line":252,"end_character":71},"in_reply_to":"4c89b338_f08bfbf8","updated":"2021-06-23 13:49:33.000000000","message":"Done","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"6b0da2b277281319a27b3e771bd5c8930e7ded75","unresolved":true,"context_lines":[{"line_number":271,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":272,"context_line":""},{"line_number":273,"context_line":"The policy will be updated to allow non-administrative access to this"},{"line_number":274,"context_line":"API. But, similar to above, responses will be limited to extra specs that are"},{"line_number":275,"context_line":"``user visible``."},{"line_number":276,"context_line":""},{"line_number":277,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":278,"context_line":"Policy                                            Context"}],"source_content_type":"text/x-rst","patch_set":6,"id":"2f2af5c4_b835e126","line":275,"range":{"start_line":274,"start_character":5,"end_line":275,"end_character":17},"updated":"2021-06-22 21:42:42.000000000","message":"For some reason this confused me (it\u0027s been a long day).  Maybe phrase this as:\n\nWhen the specified extra-specs {key} is in the ``user visible`` set, the value will be returned regardless of whether the requester satisfies the ``read_sensitive`` policy.","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"6b0da2b277281319a27b3e771bd5c8930e7ded75","unresolved":true,"context_lines":[{"line_number":287,"context_line":"      \"multiattach\": \"\u003cis\u003e True\""},{"line_number":288,"context_line":"  }"},{"line_number":289,"context_line":""},{"line_number":290,"context_line":"The response to requests for extra specs that are not ``user visible`` will"},{"line_number":291,"context_line":"depend on the context. If the request contains an administrative context"},{"line_number":292,"context_line":"then the appropriate response is returned."},{"line_number":293,"context_line":""},{"line_number":294,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":295,"context_line":"Policy                                            Context"}],"source_content_type":"text/x-rst","patch_set":6,"id":"87ce6b5a_c700c4c8","line":292,"range":{"start_line":290,"start_character":71,"end_line":292,"end_character":42},"updated":"2021-06-22 21:42:42.000000000","message":"instead, I suggest:\n\n  will depend on whether the requester satisfies the ``read_sensitive`` policy:","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"f9018d281893e6f80b9c94d5bbb1bc0f9d5a0338","unresolved":false,"context_lines":[{"line_number":287,"context_line":"      \"multiattach\": \"\u003cis\u003e True\""},{"line_number":288,"context_line":"  }"},{"line_number":289,"context_line":""},{"line_number":290,"context_line":"The response to requests for extra specs that are not ``user visible`` will"},{"line_number":291,"context_line":"depend on the context. If the request contains an administrative context"},{"line_number":292,"context_line":"then the appropriate response is returned."},{"line_number":293,"context_line":""},{"line_number":294,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":295,"context_line":"Policy                                            Context"}],"source_content_type":"text/x-rst","patch_set":6,"id":"45ca08fc_f27d944a","line":292,"range":{"start_line":290,"start_character":71,"end_line":292,"end_character":42},"in_reply_to":"87ce6b5a_c700c4c8","updated":"2021-06-23 13:49:33.000000000","message":"Done","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"6b0da2b277281319a27b3e771bd5c8930e7ded75","unresolved":true,"context_lines":[{"line_number":304,"context_line":"      \"volume_backend_name\": \"SecretName\""},{"line_number":305,"context_line":"  }"},{"line_number":306,"context_line":""},{"line_number":307,"context_line":"But if the request contains a non-administrative context then the API will"},{"line_number":308,"context_line":"return 404 NOTFOUND."},{"line_number":309,"context_line":""},{"line_number":310,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3ea14f25_2b3d3799","line":307,"range":{"start_line":307,"start_character":11,"end_line":307,"end_character":56},"updated":"2021-06-22 21:42:42.000000000","message":"\"requestor does not satisfy the ``read_sensitive`` policy\"","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"f9018d281893e6f80b9c94d5bbb1bc0f9d5a0338","unresolved":false,"context_lines":[{"line_number":304,"context_line":"      \"volume_backend_name\": \"SecretName\""},{"line_number":305,"context_line":"  }"},{"line_number":306,"context_line":""},{"line_number":307,"context_line":"But if the request contains a non-administrative context then the API will"},{"line_number":308,"context_line":"return 404 NOTFOUND."},{"line_number":309,"context_line":""},{"line_number":310,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":6,"id":"ee4ea60d_b048a183","line":307,"range":{"start_line":307,"start_character":11,"end_line":307,"end_character":56},"in_reply_to":"3ea14f25_2b3d3799","updated":"2021-06-23 13:49:33.000000000","message":"Done","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"6b0da2b277281319a27b3e771bd5c8930e7ded75","unresolved":true,"context_lines":[{"line_number":322,"context_line":"          \"code\": 404"},{"line_number":323,"context_line":"          \"message\": \"Volume Type 6685584b-1eac-4da6-b5c3-555430cf68ff has no extra specs with key volume_backend_name.\""},{"line_number":324,"context_line":"      }"},{"line_number":325,"context_line":"  }"},{"line_number":326,"context_line":""},{"line_number":327,"context_line":"Security impact"},{"line_number":328,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3cfe399a_c3b7db56","line":325,"updated":"2021-06-22 21:42:42.000000000","message":"It might be worth pointing out that returning a 404 here (instead of a 403) prevents leakage of the names of \"sensitive\" extra-specs keys.","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"2d38144a3d47810688426ad43c8e6c1653a66dc9","unresolved":true,"context_lines":[{"line_number":322,"context_line":"          \"code\": 404"},{"line_number":323,"context_line":"          \"message\": \"Volume Type 6685584b-1eac-4da6-b5c3-555430cf68ff has no extra specs with key volume_backend_name.\""},{"line_number":324,"context_line":"      }"},{"line_number":325,"context_line":"  }"},{"line_number":326,"context_line":""},{"line_number":327,"context_line":"Security impact"},{"line_number":328,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"9d9daaeb_cff6af9f","line":325,"in_reply_to":"3cfe399a_c3b7db56","updated":"2021-06-22 23:32:34.000000000","message":"+1  I\u0027ve been *thinking* this after working some bugs about such leakage but neglected to say it.","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"f9018d281893e6f80b9c94d5bbb1bc0f9d5a0338","unresolved":false,"context_lines":[{"line_number":322,"context_line":"          \"code\": 404"},{"line_number":323,"context_line":"          \"message\": \"Volume Type 6685584b-1eac-4da6-b5c3-555430cf68ff has no extra specs with key volume_backend_name.\""},{"line_number":324,"context_line":"      }"},{"line_number":325,"context_line":"  }"},{"line_number":326,"context_line":""},{"line_number":327,"context_line":"Security impact"},{"line_number":328,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"f39496e2_c6f1a138","line":325,"in_reply_to":"9d9daaeb_cff6af9f","updated":"2021-06-23 13:49:33.000000000","message":"Done","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"b46c111cdfb232d4adfc44e30b6c8c61dc762d16","unresolved":true,"context_lines":[{"line_number":374,"context_line":"~~~~~~~~~~"},{"line_number":375,"context_line":""},{"line_number":376,"context_line":"-  Define list of user visible extra specs."},{"line_number":377,"context_line":"-  Make proposed REST API change."},{"line_number":378,"context_line":"-  Modify unit tests to check for exposure of exactly and only the"},{"line_number":379,"context_line":"   user visible extra specs without administrative authorization."},{"line_number":380,"context_line":"-  Tempest tests"}],"source_content_type":"text/x-rst","patch_set":6,"id":"ca9319f7_f3b3b9bd","line":377,"range":{"start_line":377,"start_character":3,"end_line":377,"end_character":33},"updated":"2021-06-23 08:29:58.000000000","message":"IIUC there are no REST API changes, only policy changes right?","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"f9018d281893e6f80b9c94d5bbb1bc0f9d5a0338","unresolved":false,"context_lines":[{"line_number":374,"context_line":"~~~~~~~~~~"},{"line_number":375,"context_line":""},{"line_number":376,"context_line":"-  Define list of user visible extra specs."},{"line_number":377,"context_line":"-  Make proposed REST API change."},{"line_number":378,"context_line":"-  Modify unit tests to check for exposure of exactly and only the"},{"line_number":379,"context_line":"   user visible extra specs without administrative authorization."},{"line_number":380,"context_line":"-  Tempest tests"}],"source_content_type":"text/x-rst","patch_set":6,"id":"c9c55074_ff74506c","line":377,"range":{"start_line":377,"start_character":3,"end_line":377,"end_character":33},"in_reply_to":"2b391b0e_c4b7a47e","updated":"2021-06-23 13:49:33.000000000","message":"Done","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"3e828b97e117220cf9321365a93735a9b32e8dec","unresolved":true,"context_lines":[{"line_number":374,"context_line":"~~~~~~~~~~"},{"line_number":375,"context_line":""},{"line_number":376,"context_line":"-  Define list of user visible extra specs."},{"line_number":377,"context_line":"-  Make proposed REST API change."},{"line_number":378,"context_line":"-  Modify unit tests to check for exposure of exactly and only the"},{"line_number":379,"context_line":"   user visible extra specs without administrative authorization."},{"line_number":380,"context_line":"-  Tempest tests"}],"source_content_type":"text/x-rst","patch_set":6,"id":"2b391b0e_c4b7a47e","line":377,"range":{"start_line":377,"start_character":3,"end_line":377,"end_character":33},"in_reply_to":"ca9319f7_f3b3b9bd","updated":"2021-06-23 10:35:16.000000000","message":"Yeah, this is a leftover we need to clean up.  Thanks.","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"6b0da2b277281319a27b3e771bd5c8930e7ded75","unresolved":true,"context_lines":[{"line_number":391,"context_line":"~~~~~~~~~~~~~~~~~~~~"},{"line_number":392,"context_line":""},{"line_number":393,"context_line":"-  Add section to Cinder Administration that defines and lists user"},{"line_number":394,"context_line":"   visible extra specs."},{"line_number":395,"context_line":"-  Update API reference"},{"line_number":396,"context_line":""},{"line_number":397,"context_line":"References"}],"source_content_type":"text/x-rst","patch_set":6,"id":"5c76d58a_d6160b23","line":394,"range":{"start_line":394,"start_character":22,"end_line":394,"end_character":23},"updated":"2021-06-22 21:42:42.000000000","message":"and also explains the policy settings that will give an operator \"legacy\" behavior.","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"2d38144a3d47810688426ad43c8e6c1653a66dc9","unresolved":true,"context_lines":[{"line_number":391,"context_line":"~~~~~~~~~~~~~~~~~~~~"},{"line_number":392,"context_line":""},{"line_number":393,"context_line":"-  Add section to Cinder Administration that defines and lists user"},{"line_number":394,"context_line":"   visible extra specs."},{"line_number":395,"context_line":"-  Update API reference"},{"line_number":396,"context_line":""},{"line_number":397,"context_line":"References"}],"source_content_type":"text/x-rst","patch_set":6,"id":"fdf8fcab_e81bf62f","line":394,"range":{"start_line":394,"start_character":22,"end_line":394,"end_character":23},"in_reply_to":"5c76d58a_d6160b23","updated":"2021-06-22 23:32:34.000000000","message":"+1","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"f9018d281893e6f80b9c94d5bbb1bc0f9d5a0338","unresolved":false,"context_lines":[{"line_number":391,"context_line":"~~~~~~~~~~~~~~~~~~~~"},{"line_number":392,"context_line":""},{"line_number":393,"context_line":"-  Add section to Cinder Administration that defines and lists user"},{"line_number":394,"context_line":"   visible extra specs."},{"line_number":395,"context_line":"-  Update API reference"},{"line_number":396,"context_line":""},{"line_number":397,"context_line":"References"}],"source_content_type":"text/x-rst","patch_set":6,"id":"562c42b4_a3592c5b","line":394,"range":{"start_line":394,"start_character":22,"end_line":394,"end_character":23},"in_reply_to":"fdf8fcab_e81bf62f","updated":"2021-06-23 13:49:33.000000000","message":"Done","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"b46c111cdfb232d4adfc44e30b6c8c61dc762d16","unresolved":true,"context_lines":[{"line_number":397,"context_line":"References"},{"line_number":398,"context_line":"----------"},{"line_number":399,"context_line":""},{"line_number":400,"context_line":"Prototype of the REST API change: \\*"},{"line_number":401,"context_line":"https://review.opendev.org/c/openstack/cinder/+/796049"}],"source_content_type":"text/x-rst","patch_set":6,"id":"8df1e5ee_544a50d3","line":400,"range":{"start_line":400,"start_character":0,"end_line":400,"end_character":36},"updated":"2021-06-23 08:29:58.000000000","message":"Just to be sure we are not changing existing API request/response parameters, we are just adding a new policy that will start showing extra specs for non-admin users which it didn\u0027t show before which IMO doesn\u0027t come under rest api change.","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"f9018d281893e6f80b9c94d5bbb1bc0f9d5a0338","unresolved":false,"context_lines":[{"line_number":397,"context_line":"References"},{"line_number":398,"context_line":"----------"},{"line_number":399,"context_line":""},{"line_number":400,"context_line":"Prototype of the REST API change: \\*"},{"line_number":401,"context_line":"https://review.opendev.org/c/openstack/cinder/+/796049"}],"source_content_type":"text/x-rst","patch_set":6,"id":"47a934ab_25fee4cc","line":400,"range":{"start_line":400,"start_character":0,"end_line":400,"end_character":36},"in_reply_to":"7fb754a1_db750873","updated":"2021-06-23 13:49:33.000000000","message":"Done","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"3e828b97e117220cf9321365a93735a9b32e8dec","unresolved":true,"context_lines":[{"line_number":397,"context_line":"References"},{"line_number":398,"context_line":"----------"},{"line_number":399,"context_line":""},{"line_number":400,"context_line":"Prototype of the REST API change: \\*"},{"line_number":401,"context_line":"https://review.opendev.org/c/openstack/cinder/+/796049"}],"source_content_type":"text/x-rst","patch_set":6,"id":"7fb754a1_db750873","line":400,"range":{"start_line":400,"start_character":0,"end_line":400,"end_character":36},"in_reply_to":"8df1e5ee_544a50d3","updated":"2021-06-23 10:35:16.000000000","message":"We can just change this to \"Prototype\"  or just drop it.  I put the prototype in place to help get the spec rolliing but don\u0027t knw that we need the reference at this point.","commit_id":"e6fe4c5c6204f88cac34e6b9be5d6835266e5161"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"c24457deec837cb2a73b7d71357768d6a91e3b52","unresolved":true,"context_lines":[{"line_number":193,"context_line":"      }"},{"line_number":194,"context_line":"  }"},{"line_number":195,"context_line":""},{"line_number":196,"context_line":"When the ``read_sensive`` policy is satisfied (by default, this will be the"},{"line_number":197,"context_line":"case only for administrators) the full list of ``extra_specs`` is returned."},{"line_number":198,"context_line":""},{"line_number":199,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":7,"id":"648e3afc_d6405f26","line":196,"range":{"start_line":196,"start_character":9,"end_line":196,"end_character":25},"updated":"2021-06-23 14:12:12.000000000","message":"nit: read_sensitive","commit_id":"f07858538e32b0f830c01e7386ad2e4141156c98"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"c605a6885e054e29244d6c837f3209e23d62ff13","unresolved":false,"context_lines":[{"line_number":193,"context_line":"      }"},{"line_number":194,"context_line":"  }"},{"line_number":195,"context_line":""},{"line_number":196,"context_line":"When the ``read_sensive`` policy is satisfied (by default, this will be the"},{"line_number":197,"context_line":"case only for administrators) the full list of ``extra_specs`` is returned."},{"line_number":198,"context_line":""},{"line_number":199,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":7,"id":"e0a61e33_801541e1","line":196,"range":{"start_line":196,"start_character":9,"end_line":196,"end_character":25},"in_reply_to":"648e3afc_d6405f26","updated":"2021-06-23 14:24:38.000000000","message":"Done","commit_id":"f07858538e32b0f830c01e7386ad2e4141156c98"},{"author":{"_account_id":7198,"name":"Jay Bryant","email":"jungleboyj@electronicjungle.net","username":"jsbryant"},"change_message_id":"a2289827b0561fd1d278565db0fab0d8ff021638","unresolved":true,"context_lines":[{"line_number":309,"context_line":""},{"line_number":310,"context_line":"But if the request does not satisfy the ``read_sensitive`` policy then the"},{"line_number":311,"context_line":"API will return 404 NOTFOUND. Returning 404 (instead of 403) prevents leakage"},{"line_number":312,"context_line":"of the names of ``read_sensible`` extra spec keys."},{"line_number":313,"context_line":""},{"line_number":314,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":315,"context_line":"Policy                                            Context"}],"source_content_type":"text/x-rst","patch_set":8,"id":"8acd5d32_b32317d1","line":312,"range":{"start_line":312,"start_character":18,"end_line":312,"end_character":30},"updated":"2021-06-23 15:20:11.000000000","message":"nit:  read_sensitive","commit_id":"0872da1c80470aa526a40b4df0f555ff31e20aa4"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"05c833ec3faf331f9488565b625644ee1f84b027","unresolved":true,"context_lines":[{"line_number":309,"context_line":""},{"line_number":310,"context_line":"But if the request does not satisfy the ``read_sensitive`` policy then the"},{"line_number":311,"context_line":"API will return 404 NOTFOUND. Returning 404 (instead of 403) prevents leakage"},{"line_number":312,"context_line":"of the names of ``read_sensible`` extra spec keys."},{"line_number":313,"context_line":""},{"line_number":314,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":315,"context_line":"Policy                                            Context"}],"source_content_type":"text/x-rst","patch_set":8,"id":"ebf1d990_7931e910","line":312,"range":{"start_line":312,"start_character":18,"end_line":312,"end_character":30},"in_reply_to":"8acd5d32_b32317d1","updated":"2021-06-23 15:26:15.000000000","message":"lol, thanks!\n\nI\u0027d like to fix these silly typos as long as core reviewers are willing to re-vote.","commit_id":"0872da1c80470aa526a40b4df0f555ff31e20aa4"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"55b4370b8049d53d2dbe506d64e9d0090d823bf6","unresolved":false,"context_lines":[{"line_number":309,"context_line":""},{"line_number":310,"context_line":"But if the request does not satisfy the ``read_sensitive`` policy then the"},{"line_number":311,"context_line":"API will return 404 NOTFOUND. Returning 404 (instead of 403) prevents leakage"},{"line_number":312,"context_line":"of the names of ``read_sensible`` extra spec keys."},{"line_number":313,"context_line":""},{"line_number":314,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":315,"context_line":"Policy                                            Context"}],"source_content_type":"text/x-rst","patch_set":8,"id":"10afdb82_7f28d3f3","line":312,"range":{"start_line":312,"start_character":18,"end_line":312,"end_character":30},"in_reply_to":"ebf1d990_7931e910","updated":"2021-06-23 15:44:48.000000000","message":"Done","commit_id":"0872da1c80470aa526a40b4df0f555ff31e20aa4"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"21f6c58c955a7765a8dc53d16192d1b340294b08","unresolved":true,"context_lines":[{"line_number":155,"context_line":""},{"line_number":156,"context_line":"#. /v3/{project_id}/types/{volume_type_id}"},{"line_number":157,"context_line":"#. /v3/{project_id}/types/{volume_type_id}/extra_specs"},{"line_number":158,"context_line":"#. /v3/{project_id}/types/{volume_type_id}/extra_specs/{key}"},{"line_number":159,"context_line":""},{"line_number":160,"context_line":"The following examples document the behavior for a volume type with two"},{"line_number":161,"context_line":"extra specs:"}],"source_content_type":"text/x-rst","patch_set":9,"id":"e68c5fd1_fb303127","line":158,"updated":"2021-06-23 17:56:40.000000000","message":"also, /v3/{project_id}/types","commit_id":"afb6614b003b99d21913f22a1bbd1b83b3c8fcc7"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"0874c7571c620ec74817d0bf0f244c5298862a1a","unresolved":false,"context_lines":[{"line_number":155,"context_line":""},{"line_number":156,"context_line":"#. /v3/{project_id}/types/{volume_type_id}"},{"line_number":157,"context_line":"#. /v3/{project_id}/types/{volume_type_id}/extra_specs"},{"line_number":158,"context_line":"#. /v3/{project_id}/types/{volume_type_id}/extra_specs/{key}"},{"line_number":159,"context_line":""},{"line_number":160,"context_line":"The following examples document the behavior for a volume type with two"},{"line_number":161,"context_line":"extra specs:"}],"source_content_type":"text/x-rst","patch_set":9,"id":"8051dbf3_9cb0d9eb","line":158,"in_reply_to":"e68c5fd1_fb303127","updated":"2021-06-23 20:56:26.000000000","message":"Ooh, you\u0027re right!","commit_id":"afb6614b003b99d21913f22a1bbd1b83b3c8fcc7"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"21f6c58c955a7765a8dc53d16192d1b340294b08","unresolved":true,"context_lines":[{"line_number":160,"context_line":"The following examples document the behavior for a volume type with two"},{"line_number":161,"context_line":"extra specs:"},{"line_number":162,"context_line":""},{"line_number":163,"context_line":"- ``multiattach`` (which will be  visible to users)"},{"line_number":164,"context_line":"- ``volume_backend_name`` (which will be visible only to administrators)"},{"line_number":165,"context_line":""},{"line_number":166,"context_line":"GET /v3/{project_id}/types/{volume_type_id}"},{"line_number":167,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":9,"id":"48570e47_48f6d76c","line":164,"range":{"start_line":163,"start_character":0,"end_line":164,"end_character":72},"updated":"2021-06-23 17:56:40.000000000","message":"up to you, but you can be more exact here:\n\n- ``multiattach``, which is included in the list of ``user visible`` extra-spec keys\n- ``volume_backend_name``, which is not in the list of ``user visible`` extra-specs","commit_id":"afb6614b003b99d21913f22a1bbd1b83b3c8fcc7"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"0874c7571c620ec74817d0bf0f244c5298862a1a","unresolved":false,"context_lines":[{"line_number":160,"context_line":"The following examples document the behavior for a volume type with two"},{"line_number":161,"context_line":"extra specs:"},{"line_number":162,"context_line":""},{"line_number":163,"context_line":"- ``multiattach`` (which will be  visible to users)"},{"line_number":164,"context_line":"- ``volume_backend_name`` (which will be visible only to administrators)"},{"line_number":165,"context_line":""},{"line_number":166,"context_line":"GET /v3/{project_id}/types/{volume_type_id}"},{"line_number":167,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":9,"id":"b2df38f7_8aefe24e","line":164,"range":{"start_line":163,"start_character":0,"end_line":164,"end_character":72},"in_reply_to":"48570e47_48f6d76c","updated":"2021-06-23 20:56:26.000000000","message":"Done","commit_id":"afb6614b003b99d21913f22a1bbd1b83b3c8fcc7"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"21f6c58c955a7765a8dc53d16192d1b340294b08","unresolved":true,"context_lines":[{"line_number":219,"context_line":"          }"},{"line_number":220,"context_line":"      }"},{"line_number":221,"context_line":"  }"},{"line_number":222,"context_line":""},{"line_number":223,"context_line":"GET /v3/{project_id}/types/{volume_type_id}/extra_specs"},{"line_number":224,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":225,"context_line":""}],"source_content_type":"text/x-rst","patch_set":9,"id":"72829235_7d48c01d","line":222,"updated":"2021-06-23 17:56:40.000000000","message":"I suggest adding \n\n  GET /v3/{project_id}/types/\n  ~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\n  The response consists of a list of anonymous volume_type objects, where each\n  may include extra_specs under the same conditions described for the volume type\n  detail response, above.\n\nI don\u0027t think you need to repeat the policy tables and sample results (unless you think they\u0027re needed for clarity).","commit_id":"afb6614b003b99d21913f22a1bbd1b83b3c8fcc7"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"0874c7571c620ec74817d0bf0f244c5298862a1a","unresolved":false,"context_lines":[{"line_number":219,"context_line":"          }"},{"line_number":220,"context_line":"      }"},{"line_number":221,"context_line":"  }"},{"line_number":222,"context_line":""},{"line_number":223,"context_line":"GET /v3/{project_id}/types/{volume_type_id}/extra_specs"},{"line_number":224,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":225,"context_line":""}],"source_content_type":"text/x-rst","patch_set":9,"id":"fb6ce3e6_241ad360","line":222,"in_reply_to":"72829235_7d48c01d","updated":"2021-06-23 20:56:26.000000000","message":"I chose to fully document the /v3/{project_id}/types API (it will be first in the list of affected API). Then, for /v3/{project_id}/types/{volume_type_id} I will describe its similar behavior but not repeat the policy tables or response data.","commit_id":"afb6614b003b99d21913f22a1bbd1b83b3c8fcc7"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"906e2763dca28d3bb4842f37d4b1b86f2cd324b3","unresolved":true,"context_lines":[{"line_number":84,"context_line":"is no extra spec associated with that feature."},{"line_number":85,"context_line":""},{"line_number":86,"context_line":"The REST API behavior will be policy based, and not require a new"},{"line_number":87,"context_line":"microversion. The existing policy for accessing extra specs will remain, and a"},{"line_number":88,"context_line":"new policy will determine whether access is granted to all extra specs, or"},{"line_number":89,"context_line":"just ``user visible`` extra specs.  The policies will allow users to view"},{"line_number":90,"context_line":"extra specs, but the view will be restricted to the extra specs that are"}],"source_content_type":"text/x-rst","patch_set":10,"id":"ae0947aa_4adcb78b","line":87,"range":{"start_line":87,"start_character":14,"end_line":87,"end_character":71},"updated":"2021-06-24 13:43:39.000000000","message":"To address Rajat\u0027s concern, I suggest changing this to \"The existing policies for accessing extra specs will remain (though with different default values),\"","commit_id":"b5defe68465847085617f23d67c8938d58e23603"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"6c2a3eb70b6a14a6456da9ae2afae04bd89e57a3","unresolved":false,"context_lines":[{"line_number":84,"context_line":"is no extra spec associated with that feature."},{"line_number":85,"context_line":""},{"line_number":86,"context_line":"The REST API behavior will be policy based, and not require a new"},{"line_number":87,"context_line":"microversion. The existing policy for accessing extra specs will remain, and a"},{"line_number":88,"context_line":"new policy will determine whether access is granted to all extra specs, or"},{"line_number":89,"context_line":"just ``user visible`` extra specs.  The policies will allow users to view"},{"line_number":90,"context_line":"extra specs, but the view will be restricted to the extra specs that are"}],"source_content_type":"text/x-rst","patch_set":10,"id":"2b468a1a_92400348","line":87,"range":{"start_line":87,"start_character":14,"end_line":87,"end_character":71},"in_reply_to":"ae0947aa_4adcb78b","updated":"2021-06-24 14:33:10.000000000","message":"Done","commit_id":"b5defe68465847085617f23d67c8938d58e23603"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"bef4c688bdc29bf1abd05dfca8f7db305b63cd25","unresolved":true,"context_lines":[{"line_number":106,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":107,"context_line":"Policy                                            Default"},{"line_number":108,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":109,"context_line":"volume_extension:access_types_extra_specs         any authorized user"},{"line_number":110,"context_line":"volume_extension:types_extra_specs:index          any authorized user"},{"line_number":111,"context_line":"volume_extension:types_extra_specs:show           any authorized user"},{"line_number":112,"context_line":"volume_extension:types_extra_specs:read_sensitive admin-only"},{"line_number":113,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":114,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"29ea4a62_f6879b8e","line":111,"range":{"start_line":109,"start_character":0,"end_line":111,"end_character":69},"updated":"2021-06-24 13:21:03.000000000","message":"Currently all policies bound to extra specs are admin only. IIUC if we want to enable showing user visible extra specs then we will need to change the default policy rule from admin to any authorized user or will this be done in the implementation itself?","commit_id":"b5defe68465847085617f23d67c8938d58e23603"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"6c2a3eb70b6a14a6456da9ae2afae04bd89e57a3","unresolved":false,"context_lines":[{"line_number":106,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":107,"context_line":"Policy                                            Default"},{"line_number":108,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":109,"context_line":"volume_extension:access_types_extra_specs         any authorized user"},{"line_number":110,"context_line":"volume_extension:types_extra_specs:index          any authorized user"},{"line_number":111,"context_line":"volume_extension:types_extra_specs:show           any authorized user"},{"line_number":112,"context_line":"volume_extension:types_extra_specs:read_sensitive admin-only"},{"line_number":113,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":114,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"4f1fd5e0_faa85cad","line":111,"range":{"start_line":109,"start_character":0,"end_line":111,"end_character":69},"in_reply_to":"29ea4a62_f6879b8e","updated":"2021-06-24 14:33:10.000000000","message":"I will clarify the intent is to change the default policy values.","commit_id":"b5defe68465847085617f23d67c8938d58e23603"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"304a6c50de71c3640383b5d1f816d536f2b1cc8d","unresolved":true,"context_lines":[{"line_number":134,"context_line":"without burdening the cloud administrator with the task of constructing"},{"line_number":135,"context_line":"policies for them one by one."},{"line_number":136,"context_line":""},{"line_number":137,"context_line":"The new ``volume_extension:types_extra_specs:read_sensitive`` policy is"},{"line_number":138,"context_line":"introduced, but the existing policies remain defaulting to admin-only. The"},{"line_number":139,"context_line":"downside is this would require cloud administrators to modify the default"},{"line_number":140,"context_line":"policies for the ``user visible`` extra specs to be available to non-"},{"line_number":141,"context_line":"administrative API requests. However, the entire premise is that ``user"}],"source_content_type":"text/x-rst","patch_set":10,"id":"bcbc56d2_b8ad1d2e","line":138,"range":{"start_line":137,"start_character":0,"end_line":138,"end_character":69},"updated":"2021-06-24 13:50:32.000000000","message":"I think you can address Rajat\u0027s point about what if operators don\u0027t want this by adding here \"(which will give operators the legacy behavior)\".","commit_id":"b5defe68465847085617f23d67c8938d58e23603"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"6c2a3eb70b6a14a6456da9ae2afae04bd89e57a3","unresolved":false,"context_lines":[{"line_number":134,"context_line":"without burdening the cloud administrator with the task of constructing"},{"line_number":135,"context_line":"policies for them one by one."},{"line_number":136,"context_line":""},{"line_number":137,"context_line":"The new ``volume_extension:types_extra_specs:read_sensitive`` policy is"},{"line_number":138,"context_line":"introduced, but the existing policies remain defaulting to admin-only. The"},{"line_number":139,"context_line":"downside is this would require cloud administrators to modify the default"},{"line_number":140,"context_line":"policies for the ``user visible`` extra specs to be available to non-"},{"line_number":141,"context_line":"administrative API requests. However, the entire premise is that ``user"}],"source_content_type":"text/x-rst","patch_set":10,"id":"2a6f2b9e_46457e06","line":138,"range":{"start_line":137,"start_character":0,"end_line":138,"end_character":69},"in_reply_to":"bcbc56d2_b8ad1d2e","updated":"2021-06-24 14:33:10.000000000","message":"Done","commit_id":"b5defe68465847085617f23d67c8938d58e23603"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"bef4c688bdc29bf1abd05dfca8f7db305b63cd25","unresolved":true,"context_lines":[{"line_number":153,"context_line":""},{"line_number":154,"context_line":"The REST API affected by this spec are:"},{"line_number":155,"context_line":""},{"line_number":156,"context_line":"#. /v3/{project_id}/types"},{"line_number":157,"context_line":"#. /v3/{project_id}/types/{volume_type_id}"},{"line_number":158,"context_line":"#. /v3/{project_id}/types/{volume_type_id}/extra_specs"},{"line_number":159,"context_line":"#. /v3/{project_id}/types/{volume_type_id}/extra_specs/{key}"}],"source_content_type":"text/x-rst","patch_set":10,"id":"718fa4b8_4cabe3fb","line":156,"range":{"start_line":156,"start_character":3,"end_line":156,"end_character":25},"updated":"2021-06-24 13:21:03.000000000","message":"+1, this doesn\u0027t return extra specs in cinderclient command output but does return extra specs in json format.","commit_id":"b5defe68465847085617f23d67c8938d58e23603"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"6c2a3eb70b6a14a6456da9ae2afae04bd89e57a3","unresolved":false,"context_lines":[{"line_number":153,"context_line":""},{"line_number":154,"context_line":"The REST API affected by this spec are:"},{"line_number":155,"context_line":""},{"line_number":156,"context_line":"#. /v3/{project_id}/types"},{"line_number":157,"context_line":"#. /v3/{project_id}/types/{volume_type_id}"},{"line_number":158,"context_line":"#. /v3/{project_id}/types/{volume_type_id}/extra_specs"},{"line_number":159,"context_line":"#. /v3/{project_id}/types/{volume_type_id}/extra_specs/{key}"}],"source_content_type":"text/x-rst","patch_set":10,"id":"19a12f1f_3e5d0042","line":156,"range":{"start_line":156,"start_character":3,"end_line":156,"end_character":25},"in_reply_to":"718fa4b8_4cabe3fb","updated":"2021-06-24 14:33:10.000000000","message":"Ack","commit_id":"b5defe68465847085617f23d67c8938d58e23603"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"bef4c688bdc29bf1abd05dfca8f7db305b63cd25","unresolved":true,"context_lines":[{"line_number":166,"context_line":"  satisfies the ``read_sensitive`` policy)"},{"line_number":167,"context_line":""},{"line_number":168,"context_line":"GET /v3/{project_id}/types"},{"line_number":169,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":170,"context_line":""},{"line_number":171,"context_line":"This REST API returns a list of volume types, and the following example"},{"line_number":172,"context_line":"shows just a single volume type."}],"source_content_type":"text/x-rst","patch_set":10,"id":"e23f6131_565224cb","line":169,"range":{"start_line":169,"start_character":27,"end_line":169,"end_character":43},"updated":"2021-06-24 13:21:03.000000000","message":"nit: remove this","commit_id":"b5defe68465847085617f23d67c8938d58e23603"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"6c2a3eb70b6a14a6456da9ae2afae04bd89e57a3","unresolved":false,"context_lines":[{"line_number":166,"context_line":"  satisfies the ``read_sensitive`` policy)"},{"line_number":167,"context_line":""},{"line_number":168,"context_line":"GET /v3/{project_id}/types"},{"line_number":169,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":170,"context_line":""},{"line_number":171,"context_line":"This REST API returns a list of volume types, and the following example"},{"line_number":172,"context_line":"shows just a single volume type."}],"source_content_type":"text/x-rst","patch_set":10,"id":"dec8e772_754697b1","line":169,"range":{"start_line":169,"start_character":27,"end_line":169,"end_character":43},"in_reply_to":"e23f6131_565224cb","updated":"2021-06-24 14:33:10.000000000","message":"Done","commit_id":"b5defe68465847085617f23d67c8938d58e23603"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"ca34d2cd3a177d27831e3bf0478646b6aa3f6dcd","unresolved":true,"context_lines":[{"line_number":235,"context_line":"is similar to the to the /v3/{project_id}/types API."},{"line_number":236,"context_line":""},{"line_number":237,"context_line":"- The ``extra_specs`` field will contain any ``user visible`` extra specs."},{"line_number":238,"context_line":"- When the ``read_sensitive`` the full list of ``extra_specs`` is returned."},{"line_number":239,"context_line":""},{"line_number":240,"context_line":"GET /v3/{project_id}/types/{volume_type_id}/extra_specs"},{"line_number":241,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":10,"id":"b4a27b75_15f2015b","line":238,"range":{"start_line":238,"start_character":2,"end_line":238,"end_character":29},"updated":"2021-06-23 22:18:13.000000000","message":"When the ``read_sensitive`` policy is satisfied,","commit_id":"b5defe68465847085617f23d67c8938d58e23603"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"6c2a3eb70b6a14a6456da9ae2afae04bd89e57a3","unresolved":false,"context_lines":[{"line_number":235,"context_line":"is similar to the to the /v3/{project_id}/types API."},{"line_number":236,"context_line":""},{"line_number":237,"context_line":"- The ``extra_specs`` field will contain any ``user visible`` extra specs."},{"line_number":238,"context_line":"- When the ``read_sensitive`` the full list of ``extra_specs`` is returned."},{"line_number":239,"context_line":""},{"line_number":240,"context_line":"GET /v3/{project_id}/types/{volume_type_id}/extra_specs"},{"line_number":241,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":10,"id":"19e1ed32_3c679823","line":238,"range":{"start_line":238,"start_character":2,"end_line":238,"end_character":29},"in_reply_to":"b4a27b75_15f2015b","updated":"2021-06-24 14:33:10.000000000","message":"Done","commit_id":"b5defe68465847085617f23d67c8938d58e23603"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"bef4c688bdc29bf1abd05dfca8f7db305b63cd25","unresolved":true,"context_lines":[{"line_number":290,"context_line":"GET /v3/{project_id}/types/{volume_type_id}/extra_specs/{key}"},{"line_number":291,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":292,"context_line":""},{"line_number":293,"context_line":"When the specified extra-specs {key} is in the ``user visible`` set, the value"},{"line_number":294,"context_line":"will be returned regardless of whether the requester satisfies the"},{"line_number":295,"context_line":"``read_sensitive`` policy."},{"line_number":296,"context_line":""},{"line_number":297,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":298,"context_line":"Policy                                            Context"},{"line_number":299,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":300,"context_line":"volume_extension:types_extra_specs:show           True"},{"line_number":301,"context_line":"volume_extension:types_extra_specs:read_sensitive N/A"},{"line_number":302,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":303,"context_line":""},{"line_number":304,"context_line":".. code-block:: python"},{"line_number":305,"context_line":""},{"line_number":306,"context_line":"  {"},{"line_number":307,"context_line":"      \"multiattach\": \"\u003cis\u003e True\""},{"line_number":308,"context_line":"  }"},{"line_number":309,"context_line":""},{"line_number":310,"context_line":"The response to requests for extra specs that are not ``user visible`` will"},{"line_number":311,"context_line":"depend on the context. If the request satisfies the ``read_sensitive`` policy"},{"line_number":312,"context_line":"then the appropriate response is returned."},{"line_number":313,"context_line":""},{"line_number":314,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":315,"context_line":"Policy                                            Context"},{"line_number":316,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":317,"context_line":"volume_extension:types_extra_specs:show           True"},{"line_number":318,"context_line":"volume_extension:types_extra_specs:read_sensitive True"},{"line_number":319,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":320,"context_line":""},{"line_number":321,"context_line":".. code-block:: python"},{"line_number":322,"context_line":""},{"line_number":323,"context_line":"  {"},{"line_number":324,"context_line":"      \"volume_backend_name\": \"SecretName\""},{"line_number":325,"context_line":"  }"},{"line_number":326,"context_line":""},{"line_number":327,"context_line":"But if the request does not satisfy the ``read_sensitive`` policy then the"},{"line_number":328,"context_line":"API will return 404 NOTFOUND. Returning 404 (instead of 403) prevents leakage"},{"line_number":329,"context_line":"of the names of ``read_sensitive`` extra spec keys."},{"line_number":330,"context_line":""},{"line_number":331,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":332,"context_line":"Policy                                            Context"},{"line_number":333,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":334,"context_line":"volume_extension:types_extra_specs:show           True"},{"line_number":335,"context_line":"volume_extension:types_extra_specs:read_sensitive False"},{"line_number":336,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":337,"context_line":""},{"line_number":338,"context_line":""},{"line_number":339,"context_line":".. code-block:: python"},{"line_number":340,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"10c6bcb0_f06aa39f","line":337,"range":{"start_line":293,"start_character":0,"end_line":337,"end_character":0},"updated":"2021-06-24 13:21:03.000000000","message":"I think this part is written in a complex way and will be easier to understand if we follow the same pattern from above i.e. 1) read_sensitive \u003d True and 2) read_sensitive \u003d False\nFor case 1) read_sensitive \u003d True\nIt doesn\u0027t matter if the key is user visible or not, we just show it\nFor case 2) read_sensitive \u003d False\nwe have two sub cases\n2.a) if key is user visible, show it\n2.b) if key is not user visible, error out with 404","commit_id":"b5defe68465847085617f23d67c8938d58e23603"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"906e2763dca28d3bb4842f37d4b1b86f2cd324b3","unresolved":true,"context_lines":[{"line_number":290,"context_line":"GET /v3/{project_id}/types/{volume_type_id}/extra_specs/{key}"},{"line_number":291,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":292,"context_line":""},{"line_number":293,"context_line":"When the specified extra-specs {key} is in the ``user visible`` set, the value"},{"line_number":294,"context_line":"will be returned regardless of whether the requester satisfies the"},{"line_number":295,"context_line":"``read_sensitive`` policy."},{"line_number":296,"context_line":""},{"line_number":297,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":298,"context_line":"Policy                                            Context"},{"line_number":299,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":300,"context_line":"volume_extension:types_extra_specs:show           True"},{"line_number":301,"context_line":"volume_extension:types_extra_specs:read_sensitive N/A"},{"line_number":302,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":303,"context_line":""},{"line_number":304,"context_line":".. code-block:: python"},{"line_number":305,"context_line":""},{"line_number":306,"context_line":"  {"},{"line_number":307,"context_line":"      \"multiattach\": \"\u003cis\u003e True\""},{"line_number":308,"context_line":"  }"},{"line_number":309,"context_line":""},{"line_number":310,"context_line":"The response to requests for extra specs that are not ``user visible`` will"},{"line_number":311,"context_line":"depend on the context. If the request satisfies the ``read_sensitive`` policy"},{"line_number":312,"context_line":"then the appropriate response is returned."},{"line_number":313,"context_line":""},{"line_number":314,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":315,"context_line":"Policy                                            Context"},{"line_number":316,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":317,"context_line":"volume_extension:types_extra_specs:show           True"},{"line_number":318,"context_line":"volume_extension:types_extra_specs:read_sensitive True"},{"line_number":319,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":320,"context_line":""},{"line_number":321,"context_line":".. code-block:: python"},{"line_number":322,"context_line":""},{"line_number":323,"context_line":"  {"},{"line_number":324,"context_line":"      \"volume_backend_name\": \"SecretName\""},{"line_number":325,"context_line":"  }"},{"line_number":326,"context_line":""},{"line_number":327,"context_line":"But if the request does not satisfy the ``read_sensitive`` policy then the"},{"line_number":328,"context_line":"API will return 404 NOTFOUND. Returning 404 (instead of 403) prevents leakage"},{"line_number":329,"context_line":"of the names of ``read_sensitive`` extra spec keys."},{"line_number":330,"context_line":""},{"line_number":331,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":332,"context_line":"Policy                                            Context"},{"line_number":333,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":334,"context_line":"volume_extension:types_extra_specs:show           True"},{"line_number":335,"context_line":"volume_extension:types_extra_specs:read_sensitive False"},{"line_number":336,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":337,"context_line":""},{"line_number":338,"context_line":""},{"line_number":339,"context_line":".. code-block:: python"},{"line_number":340,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"46a8a0ed_7d065ef9","line":337,"range":{"start_line":293,"start_character":0,"end_line":337,"end_character":0},"in_reply_to":"10c6bcb0_f06aa39f","updated":"2021-06-24 13:43:39.000000000","message":"I actually prefer it the way it\u0027s stated here.  I think it makes the point more clearly that \"regular\" users are never going to see sensitive extra-specs, which has been a concern for many people in the cinder community.","commit_id":"b5defe68465847085617f23d67c8938d58e23603"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"bef4c688bdc29bf1abd05dfca8f7db305b63cd25","unresolved":true,"context_lines":[{"line_number":395,"context_line":"~~~~~~~~~~"},{"line_number":396,"context_line":""},{"line_number":397,"context_line":"-  Define list of user visible extra specs."},{"line_number":398,"context_line":"-  Define the ``read_sensitive`` policy and update the API responses"},{"line_number":399,"context_line":"   per this spec."},{"line_number":400,"context_line":"-  Modify unit tests to check for exposure of exactly and only the"},{"line_number":401,"context_line":"   user visible extra specs without ``read_sensitive`` authorization."},{"line_number":402,"context_line":"-  Tempest tests"}],"source_content_type":"text/x-rst","patch_set":10,"id":"eeb5c9d0_5607d7b4","line":399,"range":{"start_line":398,"start_character":3,"end_line":399,"end_character":17},"updated":"2021-06-24 13:21:03.000000000","message":"Related to my query above, if we are changing the default policy rules for existing policies related to extra specs then we should also mention that here.","commit_id":"b5defe68465847085617f23d67c8938d58e23603"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"6c2a3eb70b6a14a6456da9ae2afae04bd89e57a3","unresolved":false,"context_lines":[{"line_number":395,"context_line":"~~~~~~~~~~"},{"line_number":396,"context_line":""},{"line_number":397,"context_line":"-  Define list of user visible extra specs."},{"line_number":398,"context_line":"-  Define the ``read_sensitive`` policy and update the API responses"},{"line_number":399,"context_line":"   per this spec."},{"line_number":400,"context_line":"-  Modify unit tests to check for exposure of exactly and only the"},{"line_number":401,"context_line":"   user visible extra specs without ``read_sensitive`` authorization."},{"line_number":402,"context_line":"-  Tempest tests"}],"source_content_type":"text/x-rst","patch_set":10,"id":"56857cb0_1fda5f40","line":399,"range":{"start_line":398,"start_character":3,"end_line":399,"end_character":17},"in_reply_to":"dcd38ec1_e7ce4a6d","updated":"2021-06-24 14:33:10.000000000","message":"Done","commit_id":"b5defe68465847085617f23d67c8938d58e23603"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"906e2763dca28d3bb4842f37d4b1b86f2cd324b3","unresolved":true,"context_lines":[{"line_number":395,"context_line":"~~~~~~~~~~"},{"line_number":396,"context_line":""},{"line_number":397,"context_line":"-  Define list of user visible extra specs."},{"line_number":398,"context_line":"-  Define the ``read_sensitive`` policy and update the API responses"},{"line_number":399,"context_line":"   per this spec."},{"line_number":400,"context_line":"-  Modify unit tests to check for exposure of exactly and only the"},{"line_number":401,"context_line":"   user visible extra specs without ``read_sensitive`` authorization."},{"line_number":402,"context_line":"-  Tempest tests"}],"source_content_type":"text/x-rst","patch_set":10,"id":"dcd38ec1_e7ce4a6d","line":399,"range":{"start_line":398,"start_character":3,"end_line":399,"end_character":17},"in_reply_to":"eeb5c9d0_5607d7b4","updated":"2021-06-24 13:43:39.000000000","message":"Good point.","commit_id":"b5defe68465847085617f23d67c8938d58e23603"}]}