)]}'
{"cinder/api/contrib/volume_type_access.py":[{"author":{"_account_id":20813,"name":"Sofia Enriquez","email":"lsofia.enriquez@gmail.com","username":"enriquetaso"},"change_message_id":"c5a431af9c2fc0fea1da0b2ffac415127ae1de54","unresolved":true,"context_lines":[{"line_number":77,"context_line":"                vol_type \u003d req.cached_resource_by_id(type_id, name\u003d\u0027types\u0027)"},{"line_number":78,"context_line":"                self._extend_vol_type(vol_type_rval, vol_type)"},{"line_number":79,"context_line":""},{"line_number":80,"context_line":"    # TODO: remove this, there is no /types/detail call for this to extend"},{"line_number":81,"context_line":"    @wsgi.extends"},{"line_number":82,"context_line":"    def detail(self, req, resp_obj):"},{"line_number":83,"context_line":"        context \u003d req.environ[\u0027cinder.context\u0027]"}],"source_content_type":"text/x-python","patch_set":11,"id":"81b9efc4_828d512e","line":80,"updated":"2021-09-13 14:39:45.000000000","message":":nit: should I create a launchpad bug to track this?","commit_id":"5fc7df24a549603652171edccd4422d84f9500c1"}],"cinder/policies/volume_access.py":[{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"79bcfb3e3529f279bd0c5a5ece78b5f1434bb9ae","unresolved":true,"context_lines":[{"line_number":38,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":39,"context_line":"        name\u003dTYPE_ACCESS_POLICY,"},{"line_number":40,"context_line":"        # FIXME: We should break this policy into more granular checks,"},{"line_number":41,"context_line":"        # allowing us to isolate access to read APIs versus write APIs."},{"line_number":42,"context_line":"        check_str\u003dbase.LEGACY_ADMIN_OR_PROJECT_MEMBER,"},{"line_number":43,"context_line":"        scope_types\u003d[\u0027system\u0027, \u0027project\u0027],"},{"line_number":44,"context_line":"        description\u003d\"Volume type access related APIs.\","}],"source_content_type":"text/x-python","patch_set":3,"id":"5dac863b_8861055c","line":41,"updated":"2021-02-17 20:03:22.000000000","message":"Proposed this as a follow on patch to this one.","commit_id":"6d29ade8cebe20756adb5bfb9be76f4462b31970"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"8d9442ffc38a227af26b019fd620a409df656651","unresolved":true,"context_lines":[{"line_number":50,"context_line":"            \u0027calls is governed by other policies.\u0027),"},{"line_number":51,"context_line":"        operations\u003d["},{"line_number":52,"context_line":"            {"},{"line_number":53,"context_line":"                \u0027method\u0027: \u0027GET\u0027,"},{"line_number":54,"context_line":"                \u0027path\u0027: \u0027/types\u0027"},{"line_number":55,"context_line":"            },"},{"line_number":56,"context_line":"            {"}],"source_content_type":"text/x-python","patch_set":7,"id":"6f75e9c9_86adb781","line":53,"updated":"2021-09-03 19:29:11.000000000","message":"Should this be broken out too?","commit_id":"5d6bbd21ac312d2e16e9c435552c1e3a481f75b8"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"8d9442ffc38a227af26b019fd620a409df656651","unresolved":true,"context_lines":[{"line_number":54,"context_line":"                \u0027path\u0027: \u0027/types\u0027"},{"line_number":55,"context_line":"            },"},{"line_number":56,"context_line":"            {"},{"line_number":57,"context_line":"                \u0027method\u0027: \u0027GET\u0027,"},{"line_number":58,"context_line":"                \u0027path\u0027: \u0027/types/{type_id}\u0027"},{"line_number":59,"context_line":"            },"},{"line_number":60,"context_line":"            {"}],"source_content_type":"text/x-python","patch_set":7,"id":"b552d6b4_53e741af","line":57,"updated":"2021-09-03 19:29:11.000000000","message":"Same question here.","commit_id":"5d6bbd21ac312d2e16e9c435552c1e3a481f75b8"},{"author":{"_account_id":20813,"name":"Sofia Enriquez","email":"lsofia.enriquez@gmail.com","username":"enriquetaso"},"change_message_id":"c5a431af9c2fc0fea1da0b2ffac415127ae1de54","unresolved":true,"context_lines":[{"line_number":74,"context_line":"                \u0027path\u0027: \u0027/types/{type_id}/action (addProjectAccess)\u0027"},{"line_number":75,"context_line":"            }"},{"line_number":76,"context_line":"        ]),"},{"line_number":77,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":78,"context_line":"        name\u003dREMOVE_PROJECT_POLICY,"},{"line_number":79,"context_line":"        check_str\u003dbase.RULE_ADMIN_API,"},{"line_number":80,"context_line":"        description\u003d\"Remove volume type access for project.\","},{"line_number":81,"context_line":"        operations\u003d["},{"line_number":82,"context_line":"            {"},{"line_number":83,"context_line":"                \u0027method\u0027: \u0027POST\u0027,"},{"line_number":84,"context_line":"                \u0027path\u0027: \u0027/types/{type_id}/action (removeProjectAccess)\u0027"},{"line_number":85,"context_line":"            }"},{"line_number":86,"context_line":"        ]),"},{"line_number":87,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":88,"context_line":"        name\u003dTYPE_ACCESS_WHO_POLICY,"},{"line_number":89,"context_line":"        check_str\u003dbase.RULE_ADMIN_API,"}],"source_content_type":"text/x-python","patch_set":11,"id":"81bd2a90_1f2c1688","line":86,"range":{"start_line":77,"start_character":0,"end_line":86,"end_character":11},"updated":"2021-09-13 14:39:45.000000000","message":":nit: As far as I can see there\u0027s not test for this, maybe we could add test coverage for this in the future.","commit_id":"5fc7df24a549603652171edccd4422d84f9500c1"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"b5f7795e5bf2a23a70e66d6ef501c3b2478c4b46","unresolved":true,"context_lines":[{"line_number":84,"context_line":"                \u0027path\u0027: \u0027/types/{type_id}/action (removeProjectAccess)\u0027"},{"line_number":85,"context_line":"            }"},{"line_number":86,"context_line":"        ]),"},{"line_number":87,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":88,"context_line":"        name\u003dTYPE_ACCESS_WHO_POLICY,"},{"line_number":89,"context_line":"        check_str\u003dbase.RULE_ADMIN_API,"},{"line_number":90,"context_line":"        description\u003d("},{"line_number":91,"context_line":"            \u0027List private volume type access detail, that is, list the \u0027"},{"line_number":92,"context_line":"            \u0027projects that have access to this volume type.\u0027),"},{"line_number":93,"context_line":"        operations\u003d["},{"line_number":94,"context_line":"            {"},{"line_number":95,"context_line":"                \u0027method\u0027: \u0027GET\u0027,"},{"line_number":96,"context_line":"                \u0027path\u0027: \u0027/types/{type_id}/os-volume-type-access\u0027"},{"line_number":97,"context_line":"            }"},{"line_number":98,"context_line":"        ],"},{"line_number":99,"context_line":"        deprecated_rule\u003ddeprecated_type_access_who_policy,"},{"line_number":100,"context_line":"    ),"},{"line_number":101,"context_line":"]"},{"line_number":102,"context_line":""},{"line_number":103,"context_line":""}],"source_content_type":"text/x-python","patch_set":11,"id":"b72b96fe_5a8d7a65","line":100,"range":{"start_line":87,"start_character":0,"end_line":100,"end_character":6},"updated":"2021-09-14 09:43:37.000000000","message":"This looks sensible but i don\u0027t remember discussion regarding this and we are changing policy in this case i.e. from RULE_ADMIN_OR_OWNER to RULE_ADMIN_API which I\u0027m not sure we should do along with this change","commit_id":"5fc7df24a549603652171edccd4422d84f9500c1"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"656e2f1d68afa016ace2d2c1b4d7878130204ca2","unresolved":true,"context_lines":[{"line_number":84,"context_line":"                \u0027path\u0027: \u0027/types/{type_id}/action (removeProjectAccess)\u0027"},{"line_number":85,"context_line":"            }"},{"line_number":86,"context_line":"        ]),"},{"line_number":87,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":88,"context_line":"        name\u003dTYPE_ACCESS_WHO_POLICY,"},{"line_number":89,"context_line":"        check_str\u003dbase.RULE_ADMIN_API,"},{"line_number":90,"context_line":"        description\u003d("},{"line_number":91,"context_line":"            \u0027List private volume type access detail, that is, list the \u0027"},{"line_number":92,"context_line":"            \u0027projects that have access to this volume type.\u0027),"},{"line_number":93,"context_line":"        operations\u003d["},{"line_number":94,"context_line":"            {"},{"line_number":95,"context_line":"                \u0027method\u0027: \u0027GET\u0027,"},{"line_number":96,"context_line":"                \u0027path\u0027: \u0027/types/{type_id}/os-volume-type-access\u0027"},{"line_number":97,"context_line":"            }"},{"line_number":98,"context_line":"        ],"},{"line_number":99,"context_line":"        deprecated_rule\u003ddeprecated_type_access_who_policy,"},{"line_number":100,"context_line":"    ),"},{"line_number":101,"context_line":"]"},{"line_number":102,"context_line":""},{"line_number":103,"context_line":""}],"source_content_type":"text/x-python","patch_set":11,"id":"6b2d4790_ffd7b33d","line":100,"range":{"start_line":87,"start_character":0,"end_line":100,"end_character":6},"in_reply_to":"b72b96fe_5a8d7a65","updated":"2021-09-14 12:23:06.000000000","message":"This was flagged as a new policy with this value on the policy matrix, so I believe everyone has had time to look at it.  The reason why it was separated out was precisely so it could be RULE_ADMIN_API, because otherwise it allows a user to find out what other users have access to a private volume type, which is not their business and leaks project_ids.  So I think it makes sense to introduce it as a new rule with its proper value.","commit_id":"5fc7df24a549603652171edccd4422d84f9500c1"}],"cinder/tests/unit/policies/test_volume_access.py":[{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"b5f7795e5bf2a23a70e66d6ef501c3b2478c4b46","unresolved":true,"context_lines":[{"line_number":83,"context_line":""},{"line_number":84,"context_line":"    @ddt.data(*base.all_users)"},{"line_number":85,"context_line":"    def test_type_access_policy_types_list(self, user_id):"},{"line_number":86,"context_line":"        unauthorized_exceptions \u003d None"},{"line_number":87,"context_line":"        req \u003d FakeRequest(self.create_context(user_id))"},{"line_number":88,"context_line":"        resp \u003d FakeResponse()"},{"line_number":89,"context_line":""}],"source_content_type":"text/x-python","patch_set":11,"id":"c80cf47e_6263fbbe","line":86,"range":{"start_line":86,"start_character":34,"end_line":86,"end_character":38},"updated":"2021-09-14 09:43:37.000000000","message":"nit: better to pass an empty list","commit_id":"5fc7df24a549603652171edccd4422d84f9500c1"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"656e2f1d68afa016ace2d2c1b4d7878130204ca2","unresolved":true,"context_lines":[{"line_number":83,"context_line":""},{"line_number":84,"context_line":"    @ddt.data(*base.all_users)"},{"line_number":85,"context_line":"    def test_type_access_policy_types_list(self, user_id):"},{"line_number":86,"context_line":"        unauthorized_exceptions \u003d None"},{"line_number":87,"context_line":"        req \u003d FakeRequest(self.create_context(user_id))"},{"line_number":88,"context_line":"        resp \u003d FakeResponse()"},{"line_number":89,"context_line":""}],"source_content_type":"text/x-python","patch_set":11,"id":"a6f3a36c_3efe962f","line":86,"range":{"start_line":86,"start_character":34,"end_line":86,"end_character":38},"in_reply_to":"c80cf47e_6263fbbe","updated":"2021-09-14 12:23:06.000000000","message":"agree, I forgot to go back and change this.  None works for the unauthorized_exceptions, but it causes an error with the un/authorized users lists, so it would be good to be consistent.","commit_id":"5fc7df24a549603652171edccd4422d84f9500c1"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"b5f7795e5bf2a23a70e66d6ef501c3b2478c4b46","unresolved":true,"context_lines":[{"line_number":100,"context_line":"        if user_id in self.authorized_users:"},{"line_number":101,"context_line":"            for vol_type in resp.obj[\u0027volume_types\u0027]:"},{"line_number":102,"context_line":"                self.assertIn(IS_PUBLIC_FIELD, vol_type)"},{"line_number":103,"context_line":"        else:"},{"line_number":104,"context_line":"            for vol_type in resp.obj[\u0027volume_types\u0027]:"},{"line_number":105,"context_line":"                self.assertNotIn(IS_PUBLIC_FIELD, vol_type)"},{"line_number":106,"context_line":""},{"line_number":107,"context_line":"    @ddt.data(*base.all_users)"},{"line_number":108,"context_line":"    def test_type_access_policy_type_show(self, user_id):"}],"source_content_type":"text/x-python","patch_set":11,"id":"ff8ecc8d_5f130568","line":105,"range":{"start_line":103,"start_character":0,"end_line":105,"end_character":59},"updated":"2021-09-14 09:43:37.000000000","message":"This confused me initially and a note would help here\nNOTE: This is not executed in case of VolumeTypeAccessFieldPolicyTest since all users are in authorized users and will only be checked in VolumeTypeAccessFieldPolicySecureRbacTest tests","commit_id":"5fc7df24a549603652171edccd4422d84f9500c1"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"656e2f1d68afa016ace2d2c1b4d7878130204ca2","unresolved":true,"context_lines":[{"line_number":100,"context_line":"        if user_id in self.authorized_users:"},{"line_number":101,"context_line":"            for vol_type in resp.obj[\u0027volume_types\u0027]:"},{"line_number":102,"context_line":"                self.assertIn(IS_PUBLIC_FIELD, vol_type)"},{"line_number":103,"context_line":"        else:"},{"line_number":104,"context_line":"            for vol_type in resp.obj[\u0027volume_types\u0027]:"},{"line_number":105,"context_line":"                self.assertNotIn(IS_PUBLIC_FIELD, vol_type)"},{"line_number":106,"context_line":""},{"line_number":107,"context_line":"    @ddt.data(*base.all_users)"},{"line_number":108,"context_line":"    def test_type_access_policy_type_show(self, user_id):"}],"source_content_type":"text/x-python","patch_set":11,"id":"fd53b674_a28a4377","line":105,"range":{"start_line":103,"start_character":0,"end_line":105,"end_character":59},"in_reply_to":"ff8ecc8d_5f130568","updated":"2021-09-14 12:23:06.000000000","message":"Yeah, that was the point of my comment at line 71, but it would be better to say something here where you actually see what\u0027s happening.  Would you be OK with a followup to hit this and your nit at line 86?","commit_id":"5fc7df24a549603652171edccd4422d84f9500c1"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"b5f7795e5bf2a23a70e66d6ef501c3b2478c4b46","unresolved":true,"context_lines":[{"line_number":130,"context_line":"        unauthorized_exceptions \u003d None"},{"line_number":131,"context_line":"        req \u003d FakeRequest(self.create_context(user_id))"},{"line_number":132,"context_line":"        resp \u003d FakeResponse()"},{"line_number":133,"context_line":"        body \u003d None"},{"line_number":134,"context_line":""},{"line_number":135,"context_line":"        self.common_policy_check(user_id,"},{"line_number":136,"context_line":"                                 self.everyone,"}],"source_content_type":"text/x-python","patch_set":11,"id":"2e82fe9d_607b6568","line":133,"range":{"start_line":133,"start_character":8,"end_line":133,"end_character":19},"updated":"2021-09-14 09:43:37.000000000","message":"not related to this test but not sure why we pass the body in the actual create method[1], i don\u0027t see it used anywhere\n\n[1] https://github.com/openstack/cinder/blob/master/cinder/api/contrib/volume_type_access.py#L90","commit_id":"5fc7df24a549603652171edccd4422d84f9500c1"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"656e2f1d68afa016ace2d2c1b4d7878130204ca2","unresolved":true,"context_lines":[{"line_number":130,"context_line":"        unauthorized_exceptions \u003d None"},{"line_number":131,"context_line":"        req \u003d FakeRequest(self.create_context(user_id))"},{"line_number":132,"context_line":"        resp \u003d FakeResponse()"},{"line_number":133,"context_line":"        body \u003d None"},{"line_number":134,"context_line":""},{"line_number":135,"context_line":"        self.common_policy_check(user_id,"},{"line_number":136,"context_line":"                                 self.everyone,"}],"source_content_type":"text/x-python","patch_set":11,"id":"23c9e3c6_2982c569","line":133,"range":{"start_line":133,"start_character":8,"end_line":133,"end_character":19},"in_reply_to":"2e82fe9d_607b6568","updated":"2021-09-14 12:23:06.000000000","message":"It\u0027s part of the method signature for the wsgi controller \u0027create\u0027 action; some methods will use it and some will ignore it, but it has to be there.","commit_id":"5fc7df24a549603652171edccd4422d84f9500c1"}]}