)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"42e74b7afc8c7a9a71ccdba9ab847fe228c48362","unresolved":false,"context_lines":[{"line_number":4,"context_line":"Commit:     Seema S B \u003cseemabee@in.ibm.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2020-04-02 23:15:51 -0400"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Add different RBAC rule for different HTTP REST API"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Make RBAC rules for types API more granular such that"},{"line_number":10,"context_line":"each API namely POST, PUT and DELETE has a different"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":8,"id":"3f4c43b2_9dee6d86","line":7,"updated":"2020-04-13 20:15:45.000000000","message":"Maybe \"Add policy targets to volume-type API\"","commit_id":"a67a00d190377512ec58e55048003bbe55ea2512"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"42e74b7afc8c7a9a71ccdba9ab847fe228c48362","unresolved":false,"context_lines":[{"line_number":11,"context_line":"rule, that can be used to control the roles that have"},{"line_number":12,"context_line":"access to it."},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"Change-Id: I8a6a14893af4f81e8a3fcd3974f2b56b58bc6865"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":8,"id":"3f4c43b2_bd9ec904","line":14,"updated":"2020-04-13 20:15:45.000000000","message":"Add:\n\nCloses-bug: #1841587","commit_id":"a67a00d190377512ec58e55048003bbe55ea2512"}],"cinder/api/contrib/types_manage.py":[{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"c385773b853fa9375fd28d6c3af06b8ff8e3fff7","unresolved":false,"context_lines":[{"line_number":52,"context_line":"        payload \u003d dict(volume_types\u003dvolume_type)"},{"line_number":53,"context_line":"        rpc.get_notifier(\u0027volumeType\u0027).info(context, method, payload)"},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"    def _authorize_policy(self, context, new_policy):"},{"line_number":56,"context_line":"        # TODO(cl566n): In future release, this _authorize_policy function"},{"line_number":57,"context_line":"        # can be removed. The call to it can be replaced by"},{"line_number":58,"context_line":"        # context.authorize(new_policy) once the old"},{"line_number":59,"context_line":"        # policy.MANAGE_POLICY is deprecated."},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"        using_old_action \u003d cinder_policy.verify_deprecated_policy("},{"line_number":62,"context_line":"            policy.MANAGE_POLICY,"},{"line_number":63,"context_line":"            new_policy,"},{"line_number":64,"context_line":"            base.RULE_ADMIN_API,"},{"line_number":65,"context_line":"            context)"},{"line_number":66,"context_line":""},{"line_number":67,"context_line":"        if not using_old_action:"},{"line_number":68,"context_line":"            context.authorize(new_policy)"},{"line_number":69,"context_line":""},{"line_number":70,"context_line":"    @wsgi.action(\"create\")"},{"line_number":71,"context_line":"    @validation.schema(volume_types_schema.create)"}],"source_content_type":"text/x-python","patch_set":4,"id":"1fa4df85_5ee0f5cc","line":68,"range":{"start_line":55,"start_character":0,"end_line":68,"end_character":41},"updated":"2020-03-17 21:09:07.000000000","message":"You don\u0027t need this because of the way you\u0027re using MANAGE_POLICY in the other file.  It\u0027s not being deprecated for removal, it\u0027s being used as a way for an operator to set all 3 policies at once.","commit_id":"60e37fa21213bf79aa1c9a4f9830cb67853fee48"},{"author":{"_account_id":31618,"name":"Seema S B","email":"seemabee@in.ibm.com","username":"seemasb"},"change_message_id":"7b0a9a6ee4f22586674f8b6161d5a44432b13edc","unresolved":false,"context_lines":[{"line_number":52,"context_line":"        payload \u003d dict(volume_types\u003dvolume_type)"},{"line_number":53,"context_line":"        rpc.get_notifier(\u0027volumeType\u0027).info(context, method, payload)"},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"    def _authorize_policy(self, context, new_policy):"},{"line_number":56,"context_line":"        # TODO(cl566n): In future release, this _authorize_policy function"},{"line_number":57,"context_line":"        # can be removed. The call to it can be replaced by"},{"line_number":58,"context_line":"        # context.authorize(new_policy) once the old"},{"line_number":59,"context_line":"        # policy.MANAGE_POLICY is deprecated."},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"        using_old_action \u003d cinder_policy.verify_deprecated_policy("},{"line_number":62,"context_line":"            policy.MANAGE_POLICY,"},{"line_number":63,"context_line":"            new_policy,"},{"line_number":64,"context_line":"            base.RULE_ADMIN_API,"},{"line_number":65,"context_line":"            context)"},{"line_number":66,"context_line":""},{"line_number":67,"context_line":"        if not using_old_action:"},{"line_number":68,"context_line":"            context.authorize(new_policy)"},{"line_number":69,"context_line":""},{"line_number":70,"context_line":"    @wsgi.action(\"create\")"},{"line_number":71,"context_line":"    @validation.schema(volume_types_schema.create)"}],"source_content_type":"text/x-python","patch_set":4,"id":"df33271e_babe60b1","line":68,"range":{"start_line":55,"start_character":0,"end_line":68,"end_character":41},"in_reply_to":"1fa4df85_5ee0f5cc","updated":"2020-05-14 08:10:23.000000000","message":"As you said in your older comments, if someone has configured MANAGE_POLICY and doesn\u0027t care about fine-grained control, they can just set value for MANAGE_POLICY, and if someone want the fine-grained control, they can set values for each of the policies. \nIf I remove the function how will Manage_Policy handled rest 4 MANAGE_POLICY_RULE, MANAGE_POLICY_CREATE, MANAGE_POLICY_UPDATE, MANAGE_POLICY_DELETE are handled in Code","commit_id":"60e37fa21213bf79aa1c9a4f9830cb67853fee48"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"c385773b853fa9375fd28d6c3af06b8ff8e3fff7","unresolved":false,"context_lines":[{"line_number":72,"context_line":"    def _create(self, req, body):"},{"line_number":73,"context_line":"        \"\"\"Creates a new volume type.\"\"\""},{"line_number":74,"context_line":"        context \u003d req.environ[\u0027cinder.context\u0027]"},{"line_number":75,"context_line":"        self._authorize_policy(context, policy.MANAGE_POLICY_CREATE)"},{"line_number":76,"context_line":"        vol_type \u003d body[\u0027volume_type\u0027]"},{"line_number":77,"context_line":"        name \u003d vol_type[\u0027name\u0027]"},{"line_number":78,"context_line":"        description \u003d vol_type.get(\u0027description\u0027)"}],"source_content_type":"text/x-python","patch_set":4,"id":"1fa4df85_decb8547","line":75,"updated":"2020-03-17 21:09:07.000000000","message":"see above -- just use\n\n  context.authorize(policy.MANAGE_POLICY_CREATE)\n\nhere.  Same for UPDATE and DELETE, below.","commit_id":"60e37fa21213bf79aa1c9a4f9830cb67853fee48"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"42e74b7afc8c7a9a71ccdba9ab847fe228c48362","unresolved":false,"context_lines":[{"line_number":52,"context_line":"        payload \u003d dict(volume_types\u003dvolume_type)"},{"line_number":53,"context_line":"        rpc.get_notifier(\u0027volumeType\u0027).info(context, method, payload)"},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"    def _authorize_policy(self, context, new_policy):"},{"line_number":56,"context_line":"        # The call to it can be replaced by"},{"line_number":57,"context_line":"        # context.authorize(new_policy) once the old"},{"line_number":58,"context_line":"        # policy.MANAGE_POLICY is deprecated."},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"        using_old_action \u003d cinder_policy.verify_deprecated_policy("},{"line_number":61,"context_line":"            policy.MANAGE_POLICY,"},{"line_number":62,"context_line":"            new_policy,"},{"line_number":63,"context_line":"            base.RULE_ADMIN_API,"},{"line_number":64,"context_line":"            context)"},{"line_number":65,"context_line":""},{"line_number":66,"context_line":"        if not using_old_action:"},{"line_number":67,"context_line":"            context.authorize(new_policy)"},{"line_number":68,"context_line":""},{"line_number":69,"context_line":"    @wsgi.action(\"create\")"},{"line_number":70,"context_line":"    @validation.schema(volume_types_schema.create)"}],"source_content_type":"text/x-python","patch_set":8,"id":"3f4c43b2_c8567507","line":67,"range":{"start_line":55,"start_character":0,"end_line":67,"end_character":41},"updated":"2020-04-13 20:15:45.000000000","message":"Remove this entire function.  We\u0027re not deprecating MANAGE_POLICY, so you don\u0027t need to do any of this checking.","commit_id":"a67a00d190377512ec58e55048003bbe55ea2512"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"42e74b7afc8c7a9a71ccdba9ab847fe228c48362","unresolved":false,"context_lines":[{"line_number":71,"context_line":"    def _create(self, req, body):"},{"line_number":72,"context_line":"        \"\"\"Creates a new volume type.\"\"\""},{"line_number":73,"context_line":"        context \u003d req.environ[\u0027cinder.context\u0027]"},{"line_number":74,"context_line":"        self._authorize_policy(context, policy.MANAGE_POLICY_CREATE)"},{"line_number":75,"context_line":"        vol_type \u003d body[\u0027volume_type\u0027]"},{"line_number":76,"context_line":"        name \u003d vol_type[\u0027name\u0027]"},{"line_number":77,"context_line":"        description \u003d vol_type.get(\u0027description\u0027)"}],"source_content_type":"text/x-python","patch_set":8,"id":"3f4c43b2_c87dd56f","line":74,"range":{"start_line":74,"start_character":8,"end_line":74,"end_character":68},"updated":"2020-04-13 20:15:45.000000000","message":"After you remove the function at line 55, this should be:\n\n  context.authorize(policy.MANAGE_POLICY_CREATE)\n\nsame thing for update and delete, below.","commit_id":"a67a00d190377512ec58e55048003bbe55ea2512"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"15ac1b5a9c1130642a3941d09e664212abfad12e","unresolved":false,"context_lines":[{"line_number":51,"context_line":"        rpc.get_notifier(\u0027volumeType\u0027).info(context, method, payload)"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":""},{"line_number":54,"context_line":"    @wsgi.action(\"create\")"},{"line_number":55,"context_line":"    @validation.schema(volume_types_schema.create)"},{"line_number":56,"context_line":"    def _create(self, req, body):"},{"line_number":57,"context_line":"        \"\"\"Creates a new volume type.\"\"\""}],"source_content_type":"text/x-python","patch_set":9,"id":"ff570b3c_29a79dbf","line":54,"updated":"2020-05-18 09:49:20.000000000","message":"pep8: E303 too many blank lines (2)","commit_id":"84554504ff78627670165804ee8138861500165c"}],"cinder/policies/volume_type.py":[{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"c385773b853fa9375fd28d6c3af06b8ff8e3fff7","unresolved":false,"context_lines":[{"line_number":18,"context_line":"from cinder.policies import base"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"MANAGE_POLICY \u003d \"volume_extension:types_manage\""},{"line_number":21,"context_line":"BASE_POLICY \u003d \u0027rule:%s\u0027 % MANAGE_POLICY"},{"line_number":22,"context_line":"MANAGE_POLICY_CREATE \u003d \"volume_extension:types_manage:create\""},{"line_number":23,"context_line":"MANAGE_POLICY_UPDATE \u003d \"volume_extension:types_manage:update\""},{"line_number":24,"context_line":"MANAGE_POLICY_DELETE \u003d \"volume_extension:types_manage:delete\""}],"source_content_type":"text/x-python","patch_set":4,"id":"1fa4df85_434ca29d","line":21,"range":{"start_line":21,"start_character":0,"end_line":21,"end_character":11},"updated":"2020-03-17 21:09:07.000000000","message":"I suggest naming this MANAGE_POLICY_RULE","commit_id":"60e37fa21213bf79aa1c9a4f9830cb67853fee48"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"c385773b853fa9375fd28d6c3af06b8ff8e3fff7","unresolved":false,"context_lines":[{"line_number":37,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":38,"context_line":"        name\u003dMANAGE_POLICY,"},{"line_number":39,"context_line":"        check_str\u003dbase.RULE_ADMIN_API,"},{"line_number":40,"context_line":"        description\u003d\"Create, update and delete volume type.\","},{"line_number":41,"context_line":"        operations\u003d["},{"line_number":42,"context_line":"            {"},{"line_number":43,"context_line":"                \u0027method\u0027: \u0027POST\u0027,"}],"source_content_type":"text/x-python","patch_set":4,"id":"1fa4df85_3e8f3924","line":40,"updated":"2020-03-17 21:09:07.000000000","message":"You\u0027ll need to update this to something like \"Base policy for all volume type management operations.  This can be used to set volume type CREATE, PUT, and DELETE in one place, or each of those may be set individually for finer grained control.\"","commit_id":"60e37fa21213bf79aa1c9a4f9830cb67853fee48"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"c385773b853fa9375fd28d6c3af06b8ff8e3fff7","unresolved":false,"context_lines":[{"line_number":38,"context_line":"        name\u003dMANAGE_POLICY,"},{"line_number":39,"context_line":"        check_str\u003dbase.RULE_ADMIN_API,"},{"line_number":40,"context_line":"        description\u003d\"Create, update and delete volume type.\","},{"line_number":41,"context_line":"        operations\u003d["},{"line_number":42,"context_line":"            {"},{"line_number":43,"context_line":"                \u0027method\u0027: \u0027POST\u0027,"},{"line_number":44,"context_line":"                \u0027path\u0027: \u0027/types\u0027"}],"source_content_type":"text/x-python","patch_set":4,"id":"1fa4df85_de9dc557","line":41,"updated":"2020-03-17 21:09:07.000000000","message":"Probably don\u0027t include an \u0027operations\u0027 element for this policy.","commit_id":"60e37fa21213bf79aa1c9a4f9830cb67853fee48"},{"author":{"_account_id":31618,"name":"Seema S B","email":"seemabee@in.ibm.com","username":"seemasb"},"change_message_id":"7b0a9a6ee4f22586674f8b6161d5a44432b13edc","unresolved":false,"context_lines":[{"line_number":38,"context_line":"        name\u003dMANAGE_POLICY,"},{"line_number":39,"context_line":"        check_str\u003dbase.RULE_ADMIN_API,"},{"line_number":40,"context_line":"        description\u003d\"Create, update and delete volume type.\","},{"line_number":41,"context_line":"        operations\u003d["},{"line_number":42,"context_line":"            {"},{"line_number":43,"context_line":"                \u0027method\u0027: \u0027POST\u0027,"},{"line_number":44,"context_line":"                \u0027path\u0027: \u0027/types\u0027"}],"source_content_type":"text/x-python","patch_set":4,"id":"df33271e_5acd9464","line":41,"in_reply_to":"1fa4df85_de9dc557","updated":"2020-05-14 08:10:23.000000000","message":"As you said in your older comments, if someone has configured MANAGE_POLICY and doesn\u0027t care about fine-grained control, they can just set value for MANAGE_POLICY, and if someone want the fine-grained control, they can set values for each of the policies. \nIf I don\u0027t include operations will not become fine-grained.","commit_id":"60e37fa21213bf79aa1c9a4f9830cb67853fee48"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"c385773b853fa9375fd28d6c3af06b8ff8e3fff7","unresolved":false,"context_lines":[{"line_number":54,"context_line":"        ]),"},{"line_number":55,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":56,"context_line":"        name\u003dMANAGE_POLICY_CREATE,"},{"line_number":57,"context_line":"        check_str\u003dBASE_POLICY,"},{"line_number":58,"context_line":"        description\u003d\"Create volume type.\","},{"line_number":59,"context_line":"        operations\u003d["},{"line_number":60,"context_line":"            {"}],"source_content_type":"text/x-python","patch_set":4,"id":"1fa4df85_e3082e2e","line":57,"range":{"start_line":57,"start_character":18,"end_line":57,"end_character":29},"updated":"2020-03-17 21:09:07.000000000","message":"MANAGE_POLICY_RULE","commit_id":"60e37fa21213bf79aa1c9a4f9830cb67853fee48"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"c385773b853fa9375fd28d6c3af06b8ff8e3fff7","unresolved":false,"context_lines":[{"line_number":64,"context_line":"        ]),"},{"line_number":65,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":66,"context_line":"        name\u003dMANAGE_POLICY_UPDATE,"},{"line_number":67,"context_line":"        check_str\u003dBASE_POLICY,"},{"line_number":68,"context_line":"        description\u003d\"Update volume type.\","},{"line_number":69,"context_line":"        operations\u003d["},{"line_number":70,"context_line":"            {"}],"source_content_type":"text/x-python","patch_set":4,"id":"1fa4df85_8307fa1c","line":67,"range":{"start_line":67,"start_character":18,"end_line":67,"end_character":29},"updated":"2020-03-17 21:09:07.000000000","message":"MANAGE_POLICY_RULE","commit_id":"60e37fa21213bf79aa1c9a4f9830cb67853fee48"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"c385773b853fa9375fd28d6c3af06b8ff8e3fff7","unresolved":false,"context_lines":[{"line_number":73,"context_line":"            }"},{"line_number":74,"context_line":"        ]),"},{"line_number":75,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":76,"context_line":"        name\u003dBASE_POLICY,"},{"line_number":77,"context_line":"        check_str\u003dbase.RULE_ADMIN_API,"},{"line_number":78,"context_line":"        description\u003d\"Delete volume type.\","},{"line_number":79,"context_line":"        operations\u003d["}],"source_content_type":"text/x-python","patch_set":4,"id":"1fa4df85_be3b29cf","line":76,"range":{"start_line":76,"start_character":13,"end_line":76,"end_character":24},"updated":"2020-03-17 21:09:07.000000000","message":"I think this should be MANAGE_POLICY_DELETE","commit_id":"60e37fa21213bf79aa1c9a4f9830cb67853fee48"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"c385773b853fa9375fd28d6c3af06b8ff8e3fff7","unresolved":false,"context_lines":[{"line_number":74,"context_line":"        ]),"},{"line_number":75,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":76,"context_line":"        name\u003dBASE_POLICY,"},{"line_number":77,"context_line":"        check_str\u003dbase.RULE_ADMIN_API,"},{"line_number":78,"context_line":"        description\u003d\"Delete volume type.\","},{"line_number":79,"context_line":"        operations\u003d["},{"line_number":80,"context_line":"            {"}],"source_content_type":"text/x-python","patch_set":4,"id":"1fa4df85_7e1cd169","line":77,"range":{"start_line":77,"start_character":18,"end_line":77,"end_character":37},"updated":"2020-03-17 21:09:07.000000000","message":"MANAGE_POLICY_RULE","commit_id":"60e37fa21213bf79aa1c9a4f9830cb67853fee48"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"42e74b7afc8c7a9a71ccdba9ab847fe228c48362","unresolved":false,"context_lines":[{"line_number":38,"context_line":"        name\u003dMANAGE_POLICY,"},{"line_number":39,"context_line":"        check_str\u003dbase.RULE_ADMIN_API,"},{"line_number":40,"context_line":"        description\u003d\"Base policy for all volume type management operations. \""},{"line_number":41,"context_line":"                    \"This can be used to set volume type CREATE, PUT and \""},{"line_number":42,"context_line":"                    \"DELETE individually for finer grained control.\","},{"line_number":43,"context_line":"        operations\u003d["},{"line_number":44,"context_line":"            {"},{"line_number":45,"context_line":"                \u0027method\u0027: \u0027POST\u0027,"}],"source_content_type":"text/x-python","patch_set":8,"id":"3f4c43b2_9d714de4","line":42,"range":{"start_line":41,"start_character":21,"end_line":42,"end_character":68},"updated":"2020-04-13 20:15:45.000000000","message":"This isn\u0027t accurate.  See my suggested text on PS4.","commit_id":"a67a00d190377512ec58e55048003bbe55ea2512"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"42e74b7afc8c7a9a71ccdba9ab847fe228c48362","unresolved":false,"context_lines":[{"line_number":40,"context_line":"        description\u003d\"Base policy for all volume type management operations. \""},{"line_number":41,"context_line":"                    \"This can be used to set volume type CREATE, PUT and \""},{"line_number":42,"context_line":"                    \"DELETE individually for finer grained control.\","},{"line_number":43,"context_line":"        operations\u003d["},{"line_number":44,"context_line":"            {"},{"line_number":45,"context_line":"                \u0027method\u0027: \u0027POST\u0027,"},{"line_number":46,"context_line":"                \u0027path\u0027: \u0027/types\u0027"}],"source_content_type":"text/x-python","patch_set":8,"id":"3f4c43b2_bd3a49e4","line":43,"range":{"start_line":43,"start_character":8,"end_line":43,"end_character":18},"updated":"2020-04-13 20:15:45.000000000","message":"I\u0027m still not convinced that we need an \u0027operations\u0027 element for this policy (since they\u0027re given below for each of the individual policies).","commit_id":"a67a00d190377512ec58e55048003bbe55ea2512"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"a25dc2b5365bc497dbd16e7b0144c4bb68ae3893","unresolved":false,"context_lines":[{"line_number":40,"context_line":"        description\u003d\"Base policy for all volume type management operations. \""},{"line_number":41,"context_line":"                    \"This can be used to set volume type CREATE, PUT and \""},{"line_number":42,"context_line":"                    \"DELETE individually for finer grained control.\","},{"line_number":43,"context_line":"        operations\u003d["},{"line_number":44,"context_line":"            {"},{"line_number":45,"context_line":"                \u0027method\u0027: \u0027POST\u0027,"},{"line_number":46,"context_line":"                \u0027path\u0027: \u0027/types\u0027"}],"source_content_type":"text/x-python","patch_set":8,"id":"3f4c43b2_a4dbf418","line":43,"range":{"start_line":43,"start_character":8,"end_line":43,"end_character":18},"in_reply_to":"3f4c43b2_bd3a49e4","updated":"2020-04-17 21:48:24.000000000","message":"I discovered the hard way that the \u0027operations\u0027 element is required whether I like it or not (and an empty list is not allowed).","commit_id":"a67a00d190377512ec58e55048003bbe55ea2512"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"15ac1b5a9c1130642a3941d09e664212abfad12e","unresolved":false,"context_lines":[{"line_number":41,"context_line":"                    \"This can be used to set volume type CREATE, PUT, and \""},{"line_number":42,"context_line":"                    \"DELETE in one place, or each of those may be set \""},{"line_number":43,"context_line":"                    \"individually for finer grained control.\""},{"line_number":44,"context_line":"        operations\u003d["},{"line_number":45,"context_line":"            {"},{"line_number":46,"context_line":"                \u0027method\u0027: \u0027POST\u0027,"},{"line_number":47,"context_line":"                \u0027path\u0027: \u0027/types\u0027"}],"source_content_type":"text/x-python","patch_set":9,"id":"ff570b3c_49a2d1af","line":44,"updated":"2020-05-18 09:49:20.000000000","message":"pep8: E999 SyntaxError: invalid syntax","commit_id":"84554504ff78627670165804ee8138861500165c"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"91d8ea79f1f39fc2da508c45dafb8c25e3130e5b","unresolved":false,"context_lines":[{"line_number":41,"context_line":"                    \"This can be used to set volume type CREATE, PUT, and \""},{"line_number":42,"context_line":"                    \"DELETE in one place, or each of those may be set \""},{"line_number":43,"context_line":"                    \"individually for finer grained control.\""},{"line_number":44,"context_line":"        operations\u003d["},{"line_number":45,"context_line":"            {"},{"line_number":46,"context_line":"                \u0027method\u0027: \u0027POST\u0027,"},{"line_number":47,"context_line":"                \u0027path\u0027: \u0027/types\u0027"}],"source_content_type":"text/x-python","patch_set":10,"id":"ff570b3c_afaf2d28","line":44,"updated":"2020-05-18 12:11:08.000000000","message":"pep8: E999 SyntaxError: invalid syntax","commit_id":"72b296f03a9a6fc03ab842bdc33b1e52c86a9300"}],"cinder/tests/unit/policies/test_volume_type.py":[{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"15ac1b5a9c1130642a3941d09e664212abfad12e","unresolved":false,"context_lines":[{"line_number":1,"context_line":"#"},{"line_number":2,"context_line":"#    Licensed under the Apache License, Version 2.0 (the \"License\"); you may"},{"line_number":3,"context_line":"#    not use this file except in compliance with the License. You may obtain"},{"line_number":4,"context_line":"#    a copy of the License at"}],"source_content_type":"text/x-python","patch_set":9,"id":"ff570b3c_e9c3e555","line":1,"updated":"2020-05-18 09:49:20.000000000","message":"pep8: E902 IndentationError: unindent does not match any outer indentation level","commit_id":"84554504ff78627670165804ee8138861500165c"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"91d8ea79f1f39fc2da508c45dafb8c25e3130e5b","unresolved":false,"context_lines":[{"line_number":205,"context_line":""},{"line_number":206,"context_line":"    def test_admin_can_delete_volume_type(self):"},{"line_number":207,"context_line":"        admin_context \u003d self.admin_context"},{"line_number":208,"context_line":"        volume_type_id \u003d fake_constants.VOLUME_TYPE_ID"},{"line_number":209,"context_line":"        path \u003d \u0027/v3/%(project_id)s/types\u0027 % {"},{"line_number":210,"context_line":"            \u0027project_id\u0027: admin_context.project_id"},{"line_number":211,"context_line":"        }"}],"source_content_type":"text/x-python","patch_set":10,"id":"ff570b3c_6fba356e","line":208,"updated":"2020-05-18 12:11:08.000000000","message":"pep8: F841 local variable \u0027volume_type_id\u0027 is assigned to but never used","commit_id":"72b296f03a9a6fc03ab842bdc33b1e52c86a9300"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"91d8ea79f1f39fc2da508c45dafb8c25e3130e5b","unresolved":false,"context_lines":[{"line_number":240,"context_line":""},{"line_number":241,"context_line":"    def test_nonadmin_cannot_update_volume_type(self):"},{"line_number":242,"context_line":"        self.assertTrue(self.volume_type.is_public)"},{"line_number":243,"context_line":"        volume_type_id \u003d fake_constants.VOLUME_TYPE_ID"},{"line_number":244,"context_line":"        path \u003d \u0027/v3/%(project_id)s/types\u0027 % {"},{"line_number":245,"context_line":"            \u0027project_id\u0027: self.user_context.project_id"},{"line_number":246,"context_line":"        }"}],"source_content_type":"text/x-python","patch_set":10,"id":"ff570b3c_cfb26194","line":243,"updated":"2020-05-18 12:11:08.000000000","message":"pep8: F841 local variable \u0027volume_type_id\u0027 is assigned to but never used","commit_id":"72b296f03a9a6fc03ab842bdc33b1e52c86a9300"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"fa1960f48cfba90aff50ca730edd64ccdaae2f35","unresolved":false,"context_lines":[{"line_number":117,"context_line":"            \u0027item\u0027: \u0027control_location\u0027"},{"line_number":118,"context_line":"        }"},{"line_number":119,"context_line":"        response \u003d self._get_request_response(self.user_context, path, \u0027GET\u0027)"},{"line_number":120,"context_line":"        print(response)"},{"line_number":121,"context_line":"        self.assertEqual(http.client.FORBIDDEN, response.status_int)"},{"line_number":122,"context_line":""},{"line_number":123,"context_line":"    @mock.patch.object(db, \u0027volume_type_encryption_delete\u0027, return_value\u003dNone)"}],"source_content_type":"text/x-python","patch_set":12,"id":"ff570b3c_cb678a51","line":120,"updated":"2020-05-22 14:56:01.000000000","message":"pep8: C303: print() should not be used. Please use LOG.[info|error|warning|exception|debug]. If print() must be used, use \u0027# noqa\u0027 to skip this check.","commit_id":"3d9cc22c33b780e82c5fa19f51790eb376aa5934"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"fa1960f48cfba90aff50ca730edd64ccdaae2f35","unresolved":false,"context_lines":[{"line_number":141,"context_line":"        }"},{"line_number":142,"context_line":"        response \u003d self._get_request_response(self.user_context, path,"},{"line_number":143,"context_line":"                                              \u0027DELETE\u0027)"},{"line_number":144,"context_line":"        print(response)"},{"line_number":145,"context_line":"        self.assertEqual(http.client.FORBIDDEN, response.status_int)"},{"line_number":146,"context_line":""},{"line_number":147,"context_line":"    @mock.patch.object(db, \u0027volume_type_encryption_update\u0027, return_value\u003dNone)"}],"source_content_type":"text/x-python","patch_set":12,"id":"ff570b3c_2b7566fb","line":144,"updated":"2020-05-22 14:56:01.000000000","message":"pep8: C303: print() should not be used. Please use LOG.[info|error|warning|exception|debug]. If print() must be used, use \u0027# noqa\u0027 to skip this check.","commit_id":"3d9cc22c33b780e82c5fa19f51790eb376aa5934"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"fa1960f48cfba90aff50ca730edd64ccdaae2f35","unresolved":false,"context_lines":[{"line_number":190,"context_line":"                                \"os-volume-type-access:is_public\": True}}"},{"line_number":191,"context_line":"        response \u003d self._get_request_response(admin_context, path, \u0027POST\u0027,"},{"line_number":192,"context_line":"                                              body\u003dbody)"},{"line_number":193,"context_line":"        print(response)"},{"line_number":194,"context_line":"        self.assertEqual(http.client.OK, response.status_int)"},{"line_number":195,"context_line":""},{"line_number":196,"context_line":"    def test_delete_volume_type(self):"}],"source_content_type":"text/x-python","patch_set":12,"id":"ff570b3c_0b722212","line":193,"updated":"2020-05-22 14:56:01.000000000","message":"pep8: C303: print() should not be used. Please use LOG.[info|error|warning|exception|debug]. If print() must be used, use \u0027# noqa\u0027 to skip this check.","commit_id":"3d9cc22c33b780e82c5fa19f51790eb376aa5934"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"fa1960f48cfba90aff50ca730edd64ccdaae2f35","unresolved":false,"context_lines":[{"line_number":197,"context_line":"        admin_context \u003d self.admin_context"},{"line_number":198,"context_line":"        path \u003d \u0027/v2/%(project_id)s/types/%(type_id)s\u0027 % {"},{"line_number":199,"context_line":"            \u0027project_id\u0027: admin_context.project_id,"},{"line_number":200,"context_line":"            \u0027type_id\u0027: self.volume_type.id "},{"line_number":201,"context_line":"        }"},{"line_number":202,"context_line":"        response \u003d self._get_request_response(admin_context, path, \u0027DELETE\u0027)"},{"line_number":203,"context_line":"        print(response)"}],"source_content_type":"text/x-python","patch_set":12,"id":"ff570b3c_6b60fe36","line":200,"updated":"2020-05-22 14:56:01.000000000","message":"pep8: W291 trailing whitespace","commit_id":"3d9cc22c33b780e82c5fa19f51790eb376aa5934"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"fa1960f48cfba90aff50ca730edd64ccdaae2f35","unresolved":false,"context_lines":[{"line_number":200,"context_line":"            \u0027type_id\u0027: self.volume_type.id "},{"line_number":201,"context_line":"        }"},{"line_number":202,"context_line":"        response \u003d self._get_request_response(admin_context, path, \u0027DELETE\u0027)"},{"line_number":203,"context_line":"        print(response)"},{"line_number":204,"context_line":"        self.assertEqual(http.client.ACCEPTED, response.status_int)"},{"line_number":205,"context_line":""},{"line_number":206,"context_line":"    def test_update_volume_type(self):"}],"source_content_type":"text/x-python","patch_set":12,"id":"ff570b3c_4b653a45","line":203,"updated":"2020-05-22 14:56:01.000000000","message":"pep8: C303: print() should not be used. Please use LOG.[info|error|warning|exception|debug]. If print() must be used, use \u0027# noqa\u0027 to skip this check.","commit_id":"3d9cc22c33b780e82c5fa19f51790eb376aa5934"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"fa1960f48cfba90aff50ca730edd64ccdaae2f35","unresolved":false,"context_lines":[{"line_number":212,"context_line":"        body \u003d {\"volume_type\": {\"description\": \"volume type updated\"}}"},{"line_number":213,"context_line":"        response \u003d self._get_request_response(admin_context, path, \u0027PUT\u0027,"},{"line_number":214,"context_line":"                                              body\u003dbody)"},{"line_number":215,"context_line":"        print(response)"},{"line_number":216,"context_line":"        self.assertEqual(http.client.OK, response.status_int)"}],"source_content_type":"text/x-python","patch_set":12,"id":"ff570b3c_ab5a1680","line":215,"updated":"2020-05-22 14:56:01.000000000","message":"pep8: C303: print() should not be used. Please use LOG.[info|error|warning|exception|debug]. If print() must be used, use \u0027# noqa\u0027 to skip this check.","commit_id":"3d9cc22c33b780e82c5fa19f51790eb376aa5934"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"81ff7b558e1521909b26693529dfcb87bf4ff7a8","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":13,"id":"bf51134e_db8ace61","line":212,"updated":"2020-06-29 15:05:57.000000000","message":"These cover the positive cases, that is, you make sure an admin context can perform the actions.  We also need some negative tests, to show that a \"regular\" user context *cannot* perform the actions.  (That\u0027s so that we\u0027ll be able to detect a regression if the default policy rules are changed in the code.  It won\u0027t affect operators who want to change the policy file.)","commit_id":"b72fb3f6755de1a6ea498fc8b9ff758f46ab7281"}],"releasenotes/notes/add_different_RBAC_rule_for_different_http_REST_api.yaml":[{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"42e74b7afc8c7a9a71ccdba9ab847fe228c48362","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"fixes:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Make RBAC rules for types API more granular such that each API namely "}],"source_content_type":"text/x-yaml","patch_set":8,"id":"3f4c43b2_551e79ba","line":1,"updated":"2020-04-13 20:15:45.000000000","message":"Rename this file to the standard reno convention, something like:\n\nvolume-type-api-policy-granularity-a6113353a3d52003.yaml","commit_id":"a67a00d190377512ec58e55048003bbe55ea2512"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"42e74b7afc8c7a9a71ccdba9ab847fe228c48362","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"fixes:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Make RBAC rules for types API more granular such that each API namely "},{"line_number":5,"context_line":"    POST, PUT and DELETE has a different rule, that can be used to control "},{"line_number":6,"context_line":"    the roles that have access to it."},{"line_number":7,"context_line":"    Fixes `bug 1841587 \u003chttps://bugs.launchpad.net/cinder/+bug/1841587\u003e`__."}],"source_content_type":"text/x-yaml","patch_set":8,"id":"3f4c43b2_b5789df8","line":7,"range":{"start_line":2,"start_character":0,"end_line":7,"end_character":75},"updated":"2020-04-13 20:15:45.000000000","message":"Instead of this, you need to have an \u0027upgrade\u0027 section in this release note so that operators know about the new policy targets.\n\nYou can model your release note on the one for the encryption type (I\u0027ll put some comments in that file).","commit_id":"a67a00d190377512ec58e55048003bbe55ea2512"}],"releasenotes/notes/volume-type-encryption-api-policy-granularity-7071e45f4c7894c5.yaml":[{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"42e74b7afc8c7a9a71ccdba9ab847fe228c48362","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"upgrade:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Add granularity to the ``volume_extension:volume_type_encryption``"},{"line_number":5,"context_line":"    policy with the addition of distinct actions for create, get, update,"},{"line_number":6,"context_line":"    and delete:"},{"line_number":7,"context_line":""},{"line_number":8,"context_line":"    - ``volume_extension:volume_type_encryption:create``"},{"line_number":9,"context_line":"    - ``volume_extension:volume_type_encryption:get``"}],"source_content_type":"text/x-yaml","patch_set":8,"id":"3f4c43b2_950ac187","line":6,"range":{"start_line":4,"start_character":0,"end_line":6,"end_character":15},"updated":"2020-04-13 20:15:45.000000000","message":"Instead, say something like:\n\nThis release adds new policy targets for the volume-type API so that the create, update, and delete actions may be governed by different policy rules.  The new policy targets are:","commit_id":"a67a00d190377512ec58e55048003bbe55ea2512"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"42e74b7afc8c7a9a71ccdba9ab847fe228c48362","unresolved":false,"context_lines":[{"line_number":9,"context_line":"    - ``volume_extension:volume_type_encryption:get``"},{"line_number":10,"context_line":"    - ``volume_extension:volume_type_encryption:update``"},{"line_number":11,"context_line":"    - ``volume_extension:volume_type_encryption:delete``"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"    To address backwards compatibility, the new rules added to the"},{"line_number":14,"context_line":"    volume_type.py policy file, default to the existing rule,"},{"line_number":15,"context_line":"    ``volume_extension:volume_type_encryption``, if it is set to a"}],"source_content_type":"text/x-yaml","patch_set":8,"id":"3f4c43b2_f5e6a5e8","line":12,"updated":"2020-04-13 20:15:45.000000000","message":"Add:\n\nThese actions were previously all governed by the same policy target, ``volume_extension:types_manage``.  (The get and get-all volume-type actions were already governed by their own specific policies.)","commit_id":"a67a00d190377512ec58e55048003bbe55ea2512"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"42e74b7afc8c7a9a71ccdba9ab847fe228c48362","unresolved":false,"context_lines":[{"line_number":10,"context_line":"    - ``volume_extension:volume_type_encryption:update``"},{"line_number":11,"context_line":"    - ``volume_extension:volume_type_encryption:delete``"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"    To address backwards compatibility, the new rules added to the"},{"line_number":14,"context_line":"    volume_type.py policy file, default to the existing rule,"},{"line_number":15,"context_line":"    ``volume_extension:volume_type_encryption``, if it is set to a"},{"line_number":16,"context_line":"    non-default value."}],"source_content_type":"text/x-yaml","patch_set":8,"id":"3f4c43b2_75da9517","line":16,"range":{"start_line":13,"start_character":1,"end_line":16,"end_character":22},"updated":"2020-04-13 20:15:45.000000000","message":"Replace with something like:\n\nFor backward compatibility, the default value for each of the new policies is ``rule:volume_extension:types_manage``.  Thus, if you have defined a custom rule for ``volume_extension:types_manage``, it will still apply to each of the create, update, and delete actions.  You now have the option, however, of assigning specific rules to each of these actions.","commit_id":"a67a00d190377512ec58e55048003bbe55ea2512"}]}