)]}'
{"cinder/api/contrib/types_extra_specs.py":[{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"5920eecd1d0e5d1ead71de62c5736f3b115fdb81","unresolved":true,"context_lines":[{"line_number":41,"context_line":"        if context.authorize(policy.READ_SENSITIVE_POLICY, fatal\u003dFalse):"},{"line_number":42,"context_line":"            specs_dict \u003d extra_specs"},{"line_number":43,"context_line":"        else:"},{"line_number":44,"context_line":"            specs_dict \u003d {k: v for (k, v) in extra_specs.items()"},{"line_number":45,"context_line":"                          if k in policy.USER_VISIBLE_EXTRA_SPECS}"},{"line_number":46,"context_line":"        return dict(extra_specs\u003dspecs_dict)"},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"    def _check_type(self, context, type_id):"}],"source_content_type":"text/x-python","patch_set":2,"id":"0f53f7a7_bbde0e44","line":45,"range":{"start_line":44,"start_character":0,"end_line":45,"end_character":66},"updated":"2021-09-01 19:58:28.000000000","message":"see comment in views/types.py","commit_id":"cecfb23f6b407adf0d4650ef02787a7cec838519"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"99e69293fb13ea764771a3eaa4b3de60c275df31","unresolved":false,"context_lines":[{"line_number":41,"context_line":"        if context.authorize(policy.READ_SENSITIVE_POLICY, fatal\u003dFalse):"},{"line_number":42,"context_line":"            specs_dict \u003d extra_specs"},{"line_number":43,"context_line":"        else:"},{"line_number":44,"context_line":"            specs_dict \u003d {k: v for (k, v) in extra_specs.items()"},{"line_number":45,"context_line":"                          if k in policy.USER_VISIBLE_EXTRA_SPECS}"},{"line_number":46,"context_line":"        return dict(extra_specs\u003dspecs_dict)"},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"    def _check_type(self, context, type_id):"}],"source_content_type":"text/x-python","patch_set":2,"id":"26906214_16e6989c","line":45,"range":{"start_line":44,"start_character":0,"end_line":45,"end_character":66},"in_reply_to":"0f53f7a7_bbde0e44","updated":"2021-09-02 16:22:27.000000000","message":"Yeah, here I agree with that comment. This code is iterating over every extra spec defined in the DB, which could be significantly more than the number of user visible specs (which is 3). So ack, I\u0027ll change this to the optimized code you describe in the other comment.","commit_id":"cecfb23f6b407adf0d4650ef02787a7cec838519"}],"cinder/api/v3/types.py":[{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"5920eecd1d0e5d1ead71de62c5736f3b115fdb81","unresolved":true,"context_lines":[{"line_number":105,"context_line":"            # Do not allow sensitive extra specs to be used in a filter if"},{"line_number":106,"context_line":"            # the context only allows access to user visible extra specs."},{"line_number":107,"context_line":"            # Removing the filter would yield inaccurate results, so an"},{"line_number":108,"context_line":"            # empty result is returned to essentially filter everything."},{"line_number":109,"context_line":"            if not context.authorize(extra_specs_policy.READ_SENSITIVE_POLICY,"},{"line_number":110,"context_line":"                                     fatal\u003dFalse):"},{"line_number":111,"context_line":"                for k in filters[\u0027extra_specs\u0027].keys():"}],"source_content_type":"text/x-python","patch_set":2,"id":"03e44766_e2a47a1a","line":108,"range":{"start_line":108,"start_character":39,"end_line":108,"end_character":72},"updated":"2021-09-01 19:58:28.000000000","message":"I\u0027m having trouble parsing this, but I can\u0027t think of anything better.  Maybe \"because as far as an unauthorized user goes, the list of volume-types meeting their filtering criteria is empty\".  Feel free to ignore this comment.","commit_id":"cecfb23f6b407adf0d4650ef02787a7cec838519"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"99e69293fb13ea764771a3eaa4b3de60c275df31","unresolved":false,"context_lines":[{"line_number":105,"context_line":"            # Do not allow sensitive extra specs to be used in a filter if"},{"line_number":106,"context_line":"            # the context only allows access to user visible extra specs."},{"line_number":107,"context_line":"            # Removing the filter would yield inaccurate results, so an"},{"line_number":108,"context_line":"            # empty result is returned to essentially filter everything."},{"line_number":109,"context_line":"            if not context.authorize(extra_specs_policy.READ_SENSITIVE_POLICY,"},{"line_number":110,"context_line":"                                     fatal\u003dFalse):"},{"line_number":111,"context_line":"                for k in filters[\u0027extra_specs\u0027].keys():"}],"source_content_type":"text/x-python","patch_set":2,"id":"1a95326f_30e43154","line":108,"range":{"start_line":108,"start_character":39,"end_line":108,"end_character":72},"in_reply_to":"03e44766_e2a47a1a","updated":"2021-09-02 16:22:27.000000000","message":"I also struggled with this, and prefer your wording and will adopt it. Thanks!","commit_id":"cecfb23f6b407adf0d4650ef02787a7cec838519"}],"cinder/api/v3/views/types.py":[{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"5920eecd1d0e5d1ead71de62c5736f3b115fdb81","unresolved":true,"context_lines":[{"line_number":35,"context_line":"                                 fatal\u003dFalse):"},{"line_number":36,"context_line":"                trimmed_specs \u003d extra_specs"},{"line_number":37,"context_line":"            else:"},{"line_number":38,"context_line":"                trimmed_specs \u003d {"},{"line_number":39,"context_line":"                    k: v for (k, v) in extra_specs.items()"},{"line_number":40,"context_line":"                    if k in extra_specs_policy.USER_VISIBLE_EXTRA_SPECS"},{"line_number":41,"context_line":"                }"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"            trimmed[\u0027extra_specs\u0027] \u003d trimmed_specs"},{"line_number":44,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"bff444e0_eafca608","line":41,"range":{"start_line":38,"start_character":0,"end_line":41,"end_character":17},"updated":"2021-09-01 19:58:28.000000000","message":"this could probably be optimized.  Instead of looking at all the keys to see which ones are user-visible, maybe just grab the user-visible ones out of the extra_specs.  Something along the lines of:\n\n    trimmed_specs \u003d {}\n    for k in extra_specs_policy.USER_VISIBLE_EXTRA_SPECS:\n        if k in extra_specs:\n           trimmed_specs[k] \u003d extra_specs[k]\n\n(I think that can handle an extra_spec with a None value.)","commit_id":"cecfb23f6b407adf0d4650ef02787a7cec838519"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"99e69293fb13ea764771a3eaa4b3de60c275df31","unresolved":false,"context_lines":[{"line_number":35,"context_line":"                                 fatal\u003dFalse):"},{"line_number":36,"context_line":"                trimmed_specs \u003d extra_specs"},{"line_number":37,"context_line":"            else:"},{"line_number":38,"context_line":"                trimmed_specs \u003d {"},{"line_number":39,"context_line":"                    k: v for (k, v) in extra_specs.items()"},{"line_number":40,"context_line":"                    if k in extra_specs_policy.USER_VISIBLE_EXTRA_SPECS"},{"line_number":41,"context_line":"                }"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"            trimmed[\u0027extra_specs\u0027] \u003d trimmed_specs"},{"line_number":44,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"cc7ff36d_47d7df09","line":41,"range":{"start_line":38,"start_character":0,"end_line":41,"end_character":17},"in_reply_to":"bff444e0_eafca608","updated":"2021-09-02 16:22:27.000000000","message":"tl;dr I\u0027m adopting this suggestion.\n\nI agree there might be a gain if the number of extra specs associated with the volume type are significantly larger than the number of user visible specs (which is currently 3). Maybe I\u0027m wrong, but I don\u0027t imagine (most?) volume types having a large number of extra specs.\n\nInitially I was going to try and stick with the code as is, and not optimize it. But the same comment you made in the VolumeTypeExtraSpecsController *does* apply, because in that instance the code needs to iterate over every extra spec in the DB, and not just the ones associated with this specific volume type.\n\nBecause I\u0027ll be updating the code in VolumeTypeExtraSpecsController, for consistency I\u0027ll do the same thing here.","commit_id":"cecfb23f6b407adf0d4650ef02787a7cec838519"}],"cinder/policies/type_extra_specs.py":[{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"5920eecd1d0e5d1ead71de62c5736f3b115fdb81","unresolved":true,"context_lines":[{"line_number":65,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":66,"context_line":"        name\u003dREAD_SENSITIVE_POLICY,"},{"line_number":67,"context_line":"        check_str\u003dbase.RULE_ADMIN_API,"},{"line_number":68,"context_line":"        description\u003d\"Show one specified read-sensitive type extra specs.\","},{"line_number":69,"context_line":"        operations\u003d["},{"line_number":70,"context_line":"            {"},{"line_number":71,"context_line":"                \u0027method\u0027: \u0027GET\u0027,"}],"source_content_type":"text/x-python","patch_set":2,"id":"dd73f958_5902f7eb","line":68,"updated":"2021-09-01 19:58:28.000000000","message":"I think the description needs to be more along the lines of:\n\ndescription\u003d\"Include extra_specs fields that may reveal sensitive information about the deployment that should not be exposed to end users in various volume-type responses that show extra_specs.  The ability to make these calls is governed by other policies.\"","commit_id":"cecfb23f6b407adf0d4650ef02787a7cec838519"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"99e69293fb13ea764771a3eaa4b3de60c275df31","unresolved":false,"context_lines":[{"line_number":65,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":66,"context_line":"        name\u003dREAD_SENSITIVE_POLICY,"},{"line_number":67,"context_line":"        check_str\u003dbase.RULE_ADMIN_API,"},{"line_number":68,"context_line":"        description\u003d\"Show one specified read-sensitive type extra specs.\","},{"line_number":69,"context_line":"        operations\u003d["},{"line_number":70,"context_line":"            {"},{"line_number":71,"context_line":"                \u0027method\u0027: \u0027GET\u0027,"}],"source_content_type":"text/x-python","patch_set":2,"id":"46203bf9_461c5aee","line":68,"in_reply_to":"dd73f958_5902f7eb","updated":"2021-09-02 16:22:27.000000000","message":"Ack. I confess I simply borrowed the wording from the other policies, and your suggestion is vastly better.","commit_id":"cecfb23f6b407adf0d4650ef02787a7cec838519"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"5920eecd1d0e5d1ead71de62c5736f3b115fdb81","unresolved":true,"context_lines":[{"line_number":70,"context_line":"            {"},{"line_number":71,"context_line":"                \u0027method\u0027: \u0027GET\u0027,"},{"line_number":72,"context_line":"                \u0027path\u0027: \u0027/types/{type_id}/extra_specs/{extra_spec_key}\u0027"},{"line_number":73,"context_line":"            }"},{"line_number":74,"context_line":"        ]),"},{"line_number":75,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":76,"context_line":"        name\u003dUPDATE_POLICY,"}],"source_content_type":"text/x-python","patch_set":2,"id":"451fb350_63656bd3","line":73,"updated":"2021-09-01 19:58:28.000000000","message":"add:\n\n            {\n                \u0027method\u0027: \u0027GET\u0027,\n                \u0027path\u0027: \u0027/types/{type_id}/extra_specs\u0027\n            },\n            {\n                \u0027method\u0027: \u0027GET\u0027,\n                \u0027path\u0027: \u0027/types/{type_id}\u0027\n            },\n            {\n                \u0027method\u0027: \u0027GET\u0027,\n                \u0027path\u0027: \u0027/types\u0027\n            }","commit_id":"cecfb23f6b407adf0d4650ef02787a7cec838519"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"99e69293fb13ea764771a3eaa4b3de60c275df31","unresolved":false,"context_lines":[{"line_number":70,"context_line":"            {"},{"line_number":71,"context_line":"                \u0027method\u0027: \u0027GET\u0027,"},{"line_number":72,"context_line":"                \u0027path\u0027: \u0027/types/{type_id}/extra_specs/{extra_spec_key}\u0027"},{"line_number":73,"context_line":"            }"},{"line_number":74,"context_line":"        ]),"},{"line_number":75,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":76,"context_line":"        name\u003dUPDATE_POLICY,"}],"source_content_type":"text/x-python","patch_set":2,"id":"3a8aa1a1_9bc6bad3","line":73,"in_reply_to":"451fb350_63656bd3","updated":"2021-09-02 16:22:27.000000000","message":"Done","commit_id":"cecfb23f6b407adf0d4650ef02787a7cec838519"}],"releasenotes/notes/user-visible-extra-specs-6cf7e49c6be57a01.yaml":[{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"d5a03b015aa75ccd9ea475b5665b4793ef3057c2","unresolved":true,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    A small list volume type extra specs are now visible to regular users, and"},{"line_number":5,"context_line":"    not just to cloud administrators. This allows users to see non-senstive"},{"line_number":6,"context_line":"    extra specs, which may help them choose a particular volume type when"},{"line_number":7,"context_line":"    creating volumes. Sensitive extra specs are still only visible to cloud"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"e7e9596b_d220baf3","line":4,"range":{"start_line":4,"start_character":12,"end_line":4,"end_character":28},"updated":"2021-09-02 18:49:54.000000000","message":"\"list of volume type\" (here and below)","commit_id":"084212711672ccc9bc1a6c0baa32a5a3e3112442"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"d5a03b015aa75ccd9ea475b5665b4793ef3057c2","unresolved":true,"context_lines":[{"line_number":5,"context_line":"    not just to cloud administrators. This allows users to see non-senstive"},{"line_number":6,"context_line":"    extra specs, which may help them choose a particular volume type when"},{"line_number":7,"context_line":"    creating volumes. Sensitive extra specs are still only visible to cloud"},{"line_number":8,"context_line":"    administrators. See the ``User visible extra specs`` section in the Cinder"},{"line_number":9,"context_line":"    Administration guide for more information."},{"line_number":10,"context_line":"security:"},{"line_number":11,"context_line":"  - |"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"ee29c78d_7d7e7eef","line":8,"range":{"start_line":8,"start_character":28,"end_line":8,"end_character":56},"updated":"2021-09-02 18:49:54.000000000","message":"Up to you, but the double-backticks give you monospace font.  I suggest either single backticks (for italics) or using actual quotation marks to indicate the section title.  (Same thing below)","commit_id":"084212711672ccc9bc1a6c0baa32a5a3e3112442"}]}