)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":5572,"name":"Don Kehn","display_name":"DEKehn","email":"dekehn@gmail.com","username":"dekehn"},"change_message_id":"e840d5ad041bdc6a004a5a9548aa906a703ae5d8","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"3acdff48_da786ca4","updated":"2022-01-12 17:54:56.000000000","message":"There is a only so much I can review here, I\u0027m more of an engineer than an English major, but all looks good.","commit_id":"fa607f8f470e1caefc32bfa37de1e6304f0ea899"}],"doc/source/admin/policy.rst":[{"author":{"_account_id":31933,"name":"Greg Rakauskas","display_name":"Greg Rakauskas","email":"gregraka@redhat.com","username":"gregraka"},"change_message_id":"f9d62cefc759984a76eb8f8a45f1a3179f27602d","unresolved":true,"context_lines":[{"line_number":20,"context_line":"(RBAC) using `oslo policy`_ to define default RBAC policies in the Designate"},{"line_number":21,"context_line":"code. These default policies can be overridden by operators using a yaml policy"},{"line_number":22,"context_line":"file. For a sample policy file, refer to :doc:`samples/policy-yaml`."},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"Currently Designate defaults to the OpenStack legacy \"admin or owner\" scheme,"},{"line_number":25,"context_line":"but Designate also supports a newer RBAC model using `Keystone Default Roles`_"},{"line_number":26,"context_line":"and `Keystone Scoped Tokens`_ via configuration settings."}],"source_content_type":"text/x-rst","patch_set":1,"id":"b8d8809f_1787b378","line":23,"updated":"2021-09-15 17:25:23.000000000","message":"Perhaps combine these two paragraphs to read like this?\n\n\"Currently, Designate defaults to the OpenStack legacy \"admin\" or \"owner\" scheme for user and identity management. However, like most OpenStack services, Designate also supports a newer Role Based Access Control (RBAC) model using Oslo Policy. An OpenStack library providing support for RBAC policy enforcement across all OpenStack services, Oslo Policy contains two main features, `Keystone Default Roles`_ and `Keystone Scoped Tokens`_. Through the Designate configuration file, you define default RBAC policies in the Designate code. Using a yaml policy file, operators can choose to override one or more features of these policies. (For more information, see :doc:`samples/policy-yaml.)\"","commit_id":"b2ab293554006deda679299f59d846612d17fede"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"152fa23a6aa5fbf7b3f3d3c452faf90968e80047","unresolved":true,"context_lines":[{"line_number":20,"context_line":"(RBAC) using `oslo policy`_ to define default RBAC policies in the Designate"},{"line_number":21,"context_line":"code. These default policies can be overridden by operators using a yaml policy"},{"line_number":22,"context_line":"file. For a sample policy file, refer to :doc:`samples/policy-yaml`."},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"Currently Designate defaults to the OpenStack legacy \"admin or owner\" scheme,"},{"line_number":25,"context_line":"but Designate also supports a newer RBAC model using `Keystone Default Roles`_"},{"line_number":26,"context_line":"and `Keystone Scoped Tokens`_ via configuration settings."}],"source_content_type":"text/x-rst","patch_set":1,"id":"4341cd32_3650f739","line":23,"in_reply_to":"b8d8809f_1787b378","updated":"2021-09-16 22:28:37.000000000","message":"The current Designate RBAC is using Oslo Policy. Both the legacy admin/owner and the new \"defaults\" using the keystone features.\nAlso, the default RBAC policies are in the code, and cannot be defined through the designate configuration file.\nI think the current wording is more clear.","commit_id":"b2ab293554006deda679299f59d846612d17fede"},{"author":{"_account_id":31933,"name":"Greg Rakauskas","display_name":"Greg Rakauskas","email":"gregraka@redhat.com","username":"gregraka"},"change_message_id":"f9d62cefc759984a76eb8f8a45f1a3179f27602d","unresolved":true,"context_lines":[{"line_number":28,"context_line":"Enabling Keystone Default Roles and Scoped Tokens"},{"line_number":29,"context_line":"-------------------------------------------------"},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"Starting with the Xena release of Designate, Keystone token scopes and"},{"line_number":32,"context_line":"default roles can be enforced. By default, in the Xena release, `oslo policy`_"},{"line_number":33,"context_line":"will not be enforcing these new roles and scopes. However, at some point in the"},{"line_number":34,"context_line":"future they may become the default. You may want to enable them now to be ready"}],"source_content_type":"text/x-rst","patch_set":1,"id":"f9713816_4ac47625","line":31,"range":{"start_line":31,"start_character":0,"end_line":31,"end_character":8},"updated":"2021-09-15 17:25:23.000000000","message":"This paragraph (1)\"feels\" like it should be a note, and (2) perhaps *follow* the paragraph below.\n\nHere\u0027s a suggested rewrite:\n\n\"NOTE: Starting with the Xena release, Designate enforces Keystone token scopes and default roles, but Olso Policy does not enforce these new scopes and roles by default. However, in the future, it is likely that token scopes and default roles will become the default. For this reason, you might want to enable these configuration settings now to be prepared for the future transition.","commit_id":"b2ab293554006deda679299f59d846612d17fede"},{"author":{"_account_id":31933,"name":"Greg Rakauskas","display_name":"Greg Rakauskas","email":"gregraka@redhat.com","username":"gregraka"},"change_message_id":"f9d62cefc759984a76eb8f8a45f1a3179f27602d","unresolved":true,"context_lines":[{"line_number":34,"context_line":"future they may become the default. You may want to enable them now to be ready"},{"line_number":35,"context_line":"for the later transition. This section will describe those settings."},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"The Oslo Policy project defines two configuration settings, among others, that"},{"line_number":38,"context_line":"can be set in the Designate configuration file to influence how policies are"},{"line_number":39,"context_line":"handled by Designate. Those two settings are `enforce_scope"},{"line_number":40,"context_line":"\u003chttps://docs.openstack.org/oslo.policy/latest/configuration/index.html#oslo_policy.enforce_scope\u003e`_ and `enforce_new_defaults"}],"source_content_type":"text/x-rst","patch_set":1,"id":"b7c3ccce_63275281","line":37,"range":{"start_line":37,"start_character":1,"end_line":37,"end_character":2},"updated":"2021-09-15 17:25:23.000000000","message":"Suggestion: make this the first paragraph in this section.\n\nHere\u0027s a suggested rewrite:\n\n\"This section focuses on two Oslo Policy project configuration settings that control how Designate handles RBAC policies, `enforce_scope \u003chttps://docs.openstack.org/oslo.policy/latest/configuration/index.html#oslo_policy.enforce_scope\u003e`_ and `enforce_new_defaults \u003chttps://docs.openstack.org/oslo.policy/latest/configuration/index.html#oslo_policy.enforce_new_defaults\u003e`_. You enable these two settings in the Designate configuration file.\"","commit_id":"b2ab293554006deda679299f59d846612d17fede"},{"author":{"_account_id":31933,"name":"Greg Rakauskas","display_name":"Greg Rakauskas","email":"gregraka@redhat.com","username":"gregraka"},"change_message_id":"f9d62cefc759984a76eb8f8a45f1a3179f27602d","unresolved":true,"context_lines":[{"line_number":40,"context_line":"\u003chttps://docs.openstack.org/oslo.policy/latest/configuration/index.html#oslo_policy.enforce_scope\u003e`_ and `enforce_new_defaults"},{"line_number":41,"context_line":"\u003chttps://docs.openstack.org/oslo.policy/latest/configuration/index.html#oslo_policy.enforce_new_defaults\u003e`_."},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"With these settings enabled, the Designate policy will honor the following"},{"line_number":44,"context_line":"`Keystone Default Roles`_ in Designate:"},{"line_number":45,"context_line":""},{"line_number":46,"context_line":"* System scoped - Admin"}],"source_content_type":"text/x-rst","patch_set":1,"id":"8f52f518_a047ed69","line":43,"range":{"start_line":43,"start_character":8,"end_line":43,"end_character":10},"updated":"2021-09-15 17:25:23.000000000","message":"Our style guide states:\n\n\"Write in the simple present tense as much as possible. ... Use past or future tense only when you cannot use present tense or it does not make sense to use present tense\" (p.68).\n\nSo, maybe something like?\n\n\"When you enable `Keystone Default Roles`_ and `Keystone Scoped Tokens`_ the Designate policy honors the following roles in Desingate:\"","commit_id":"b2ab293554006deda679299f59d846612d17fede"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"152fa23a6aa5fbf7b3f3d3c452faf90968e80047","unresolved":false,"context_lines":[{"line_number":40,"context_line":"\u003chttps://docs.openstack.org/oslo.policy/latest/configuration/index.html#oslo_policy.enforce_scope\u003e`_ and `enforce_new_defaults"},{"line_number":41,"context_line":"\u003chttps://docs.openstack.org/oslo.policy/latest/configuration/index.html#oslo_policy.enforce_new_defaults\u003e`_."},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"With these settings enabled, the Designate policy will honor the following"},{"line_number":44,"context_line":"`Keystone Default Roles`_ in Designate:"},{"line_number":45,"context_line":""},{"line_number":46,"context_line":"* System scoped - Admin"}],"source_content_type":"text/x-rst","patch_set":1,"id":"644b5049_eb2f1557","line":43,"range":{"start_line":43,"start_character":8,"end_line":43,"end_character":10},"in_reply_to":"8f52f518_a047ed69","updated":"2021-09-16 22:28:37.000000000","message":"Ack","commit_id":"b2ab293554006deda679299f59d846612d17fede"},{"author":{"_account_id":31933,"name":"Greg Rakauskas","display_name":"Greg Rakauskas","email":"gregraka@redhat.com","username":"gregraka"},"change_message_id":"f9d62cefc759984a76eb8f8a45f1a3179f27602d","unresolved":true,"context_lines":[{"line_number":48,"context_line":"* Project scoped - Reader"},{"line_number":49,"context_line":"* Project scoped - Member"},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"[oslo_policy] enforce_scope"},{"line_number":52,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":53,"context_line":""},{"line_number":54,"context_line":"Keystone has introduced the concept of `token scopes"}],"source_content_type":"text/x-rst","patch_set":1,"id":"5bbcb726_4c8f171c","line":51,"range":{"start_line":51,"start_character":0,"end_line":51,"end_character":27},"updated":"2021-09-15 17:25:23.000000000","message":"Suggested rewrite of this section:\n\n\"Keystone has introduced the concept of `token scopes \u003chttps://docs.openstack.org/keystone/latest/admin/tokens-overview.html#authorization-scopes\u003e`_. To ensure backward compatibility, Oslo Policy does not enforce scope validation of tokens by default.\n\nIn the Xena release, Designate supports enforcing Keystone token scopes. To enable Keystone token scoping, add the following to your Designate configuration file::\n\n[oslo_policy]\nenforce_scope \u003d True\n\nThe primary effect of this setting is to allow a system scoped admin token when performing administrative API calls to the Designate API. The Designate API already enforces project scoping in Keystone tokens.\"","commit_id":"b2ab293554006deda679299f59d846612d17fede"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"152fa23a6aa5fbf7b3f3d3c452faf90968e80047","unresolved":false,"context_lines":[{"line_number":48,"context_line":"* Project scoped - Reader"},{"line_number":49,"context_line":"* Project scoped - Member"},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"[oslo_policy] enforce_scope"},{"line_number":52,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":53,"context_line":""},{"line_number":54,"context_line":"Keystone has introduced the concept of `token scopes"}],"source_content_type":"text/x-rst","patch_set":1,"id":"931347a5_7222c09a","line":51,"range":{"start_line":51,"start_character":0,"end_line":51,"end_character":27},"in_reply_to":"5bbcb726_4c8f171c","updated":"2021-09-16 22:28:37.000000000","message":"Yeah, this is better, thanks.","commit_id":"b2ab293554006deda679299f59d846612d17fede"},{"author":{"_account_id":31933,"name":"Greg Rakauskas","display_name":"Greg Rakauskas","email":"gregraka@redhat.com","username":"gregraka"},"change_message_id":"f9d62cefc759984a76eb8f8a45f1a3179f27602d","unresolved":true,"context_lines":[{"line_number":73,"context_line":""},{"line_number":74,"context_line":"The Designate Xena release added support for `Keystone Default Roles`_ in"},{"line_number":75,"context_line":"the default policies."},{"line_number":76,"context_line":"Currently, Oslo Policy defaults to using the deprecated policies that do not"},{"line_number":77,"context_line":"require the new `Keystone Default Roles`_ for backward compatibility."},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"Designate supports requiring these new `Keystone Default Roles`_ as of"},{"line_number":80,"context_line":"the Xena release. If you are ready to start requiring these roles you can"}],"source_content_type":"text/x-rst","patch_set":1,"id":"5de6b0e7_5c417fb9","line":77,"range":{"start_line":76,"start_character":0,"end_line":77,"end_character":69},"updated":"2021-09-15 17:25:23.000000000","message":"Reword this sentence?\n\nPerhaps something like this?\n\n\"To be backwardly compatible, Oslo Policy currently uses deprecated policies that do not require the new `Keystone Default Roles`_ by default.\"","commit_id":"b2ab293554006deda679299f59d846612d17fede"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"152fa23a6aa5fbf7b3f3d3c452faf90968e80047","unresolved":false,"context_lines":[{"line_number":73,"context_line":""},{"line_number":74,"context_line":"The Designate Xena release added support for `Keystone Default Roles`_ in"},{"line_number":75,"context_line":"the default policies."},{"line_number":76,"context_line":"Currently, Oslo Policy defaults to using the deprecated policies that do not"},{"line_number":77,"context_line":"require the new `Keystone Default Roles`_ for backward compatibility."},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"Designate supports requiring these new `Keystone Default Roles`_ as of"},{"line_number":80,"context_line":"the Xena release. If you are ready to start requiring these roles you can"}],"source_content_type":"text/x-rst","patch_set":1,"id":"004b7022_36435a9d","line":77,"range":{"start_line":76,"start_character":0,"end_line":77,"end_character":69},"in_reply_to":"5de6b0e7_5c417fb9","updated":"2021-09-16 22:28:37.000000000","message":"Ack","commit_id":"b2ab293554006deda679299f59d846612d17fede"},{"author":{"_account_id":31933,"name":"Greg Rakauskas","display_name":"Greg Rakauskas","email":"gregraka@redhat.com","username":"gregraka"},"change_message_id":"f9d62cefc759984a76eb8f8a45f1a3179f27602d","unresolved":true,"context_lines":[{"line_number":76,"context_line":"Currently, Oslo Policy defaults to using the deprecated policies that do not"},{"line_number":77,"context_line":"require the new `Keystone Default Roles`_ for backward compatibility."},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"Designate supports requiring these new `Keystone Default Roles`_ as of"},{"line_number":80,"context_line":"the Xena release. If you are ready to start requiring these roles you can"},{"line_number":81,"context_line":"enable the new policies by adding the following setting to your Designate"},{"line_number":82,"context_line":"configuration file::"},{"line_number":83,"context_line":""},{"line_number":84,"context_line":"    [oslo_policy]"},{"line_number":85,"context_line":"    enforce_new_defaults \u003d True"}],"source_content_type":"text/x-rst","patch_set":1,"id":"3bc39e2c_5fabb16f","line":82,"range":{"start_line":79,"start_character":0,"end_line":82,"end_character":20},"updated":"2021-09-15 17:25:23.000000000","message":"Suggest this:\n\n\"To start requiring these roles in Designate, enable the new policies by adding the following setting to your Designate configuration file::\"","commit_id":"b2ab293554006deda679299f59d846612d17fede"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"152fa23a6aa5fbf7b3f3d3c452faf90968e80047","unresolved":false,"context_lines":[{"line_number":76,"context_line":"Currently, Oslo Policy defaults to using the deprecated policies that do not"},{"line_number":77,"context_line":"require the new `Keystone Default Roles`_ for backward compatibility."},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"Designate supports requiring these new `Keystone Default Roles`_ as of"},{"line_number":80,"context_line":"the Xena release. If you are ready to start requiring these roles you can"},{"line_number":81,"context_line":"enable the new policies by adding the following setting to your Designate"},{"line_number":82,"context_line":"configuration file::"},{"line_number":83,"context_line":""},{"line_number":84,"context_line":"    [oslo_policy]"},{"line_number":85,"context_line":"    enforce_new_defaults \u003d True"}],"source_content_type":"text/x-rst","patch_set":1,"id":"9a489410_82fe90a8","line":82,"range":{"start_line":79,"start_character":0,"end_line":82,"end_character":20},"in_reply_to":"3bc39e2c_5fabb16f","updated":"2021-09-16 22:28:37.000000000","message":"Ack","commit_id":"b2ab293554006deda679299f59d846612d17fede"},{"author":{"_account_id":31933,"name":"Greg Rakauskas","display_name":"Greg Rakauskas","email":"gregraka@redhat.com","username":"gregraka"},"change_message_id":"f9d62cefc759984a76eb8f8a45f1a3179f27602d","unresolved":true,"context_lines":[{"line_number":87,"context_line":"Example OpenStack Client Command"},{"line_number":88,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"Once enforce_new_defaults and enforce_scope is enabled, administrative commands"},{"line_number":91,"context_line":"will require a system scoped admin token. An example `OpenStack Client \u003chttps://docs.openstack.org/python-designateclient/latest/cli/index.html\u003e`_ command"},{"line_number":92,"context_line":"to create a `Top Level Domain (TLD) \u003chttps://docs.openstack.org/designate/latest/admin/tlds.html\u003e`_ would look like:"},{"line_number":93,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"85a558c5_14861d83","line":90,"range":{"start_line":90,"start_character":5,"end_line":90,"end_character":79},"updated":"2021-09-15 17:25:23.000000000","message":"Avoid passive voice when possible. Perhaps?\n\n\"After you have enabled enforce_new_defaults and enforce_scope, administrative commands require a system scoped admin token. An example `OpenStack Client \u003chttps://docs.openstack.org/python-designateclient/latest/cli/index.html\u003e`_ command to create a `Top Level Domain (TLD) \u003chttps://docs.openstack.org/designate/latest/admin/tlds.html\u003e`_ would look like:\"","commit_id":"b2ab293554006deda679299f59d846612d17fede"},{"author":{"_account_id":31933,"name":"Greg Rakauskas","display_name":"Greg Rakauskas","email":"gregraka@redhat.com","username":"gregraka"},"change_message_id":"f9d62cefc759984a76eb8f8a45f1a3179f27602d","unresolved":true,"context_lines":[{"line_number":87,"context_line":"Example OpenStack Client Command"},{"line_number":88,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"Once enforce_new_defaults and enforce_scope is enabled, administrative commands"},{"line_number":91,"context_line":"will require a system scoped admin token. An example `OpenStack Client \u003chttps://docs.openstack.org/python-designateclient/latest/cli/index.html\u003e`_ command"},{"line_number":92,"context_line":"to create a `Top Level Domain (TLD) \u003chttps://docs.openstack.org/designate/latest/admin/tlds.html\u003e`_ would look like:"},{"line_number":93,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"8b205444_16cdb98c","line":90,"range":{"start_line":90,"start_character":0,"end_line":90,"end_character":4},"updated":"2021-09-15 17:25:23.000000000","message":"Instead of \"Once,\" use \"After.\"\n\nStyle guide (p.25): \"...use once to mean one time, not to mean after or when.\"","commit_id":"b2ab293554006deda679299f59d846612d17fede"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"152fa23a6aa5fbf7b3f3d3c452faf90968e80047","unresolved":false,"context_lines":[{"line_number":87,"context_line":"Example OpenStack Client Command"},{"line_number":88,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"Once enforce_new_defaults and enforce_scope is enabled, administrative commands"},{"line_number":91,"context_line":"will require a system scoped admin token. An example `OpenStack Client \u003chttps://docs.openstack.org/python-designateclient/latest/cli/index.html\u003e`_ command"},{"line_number":92,"context_line":"to create a `Top Level Domain (TLD) \u003chttps://docs.openstack.org/designate/latest/admin/tlds.html\u003e`_ would look like:"},{"line_number":93,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"48f50f5b_4ac364b0","line":90,"range":{"start_line":90,"start_character":5,"end_line":90,"end_character":79},"in_reply_to":"85a558c5_14861d83","updated":"2021-09-16 22:28:37.000000000","message":"Ack","commit_id":"b2ab293554006deda679299f59d846612d17fede"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"152fa23a6aa5fbf7b3f3d3c452faf90968e80047","unresolved":false,"context_lines":[{"line_number":87,"context_line":"Example OpenStack Client Command"},{"line_number":88,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"Once enforce_new_defaults and enforce_scope is enabled, administrative commands"},{"line_number":91,"context_line":"will require a system scoped admin token. An example `OpenStack Client \u003chttps://docs.openstack.org/python-designateclient/latest/cli/index.html\u003e`_ command"},{"line_number":92,"context_line":"to create a `Top Level Domain (TLD) \u003chttps://docs.openstack.org/designate/latest/admin/tlds.html\u003e`_ would look like:"},{"line_number":93,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"28bad931_ab44455c","line":90,"range":{"start_line":90,"start_character":0,"end_line":90,"end_character":4},"in_reply_to":"8b205444_16cdb98c","updated":"2021-09-16 22:28:37.000000000","message":"Ack","commit_id":"b2ab293554006deda679299f59d846612d17fede"},{"author":{"_account_id":31933,"name":"Greg Rakauskas","display_name":"Greg Rakauskas","email":"gregraka@redhat.com","username":"gregraka"},"change_message_id":"f9d62cefc759984a76eb8f8a45f1a3179f27602d","unresolved":true,"context_lines":[{"line_number":98,"context_line":""},{"line_number":99,"context_line":"Oslo Tools For Policy Management"},{"line_number":100,"context_line":"--------------------------------"},{"line_number":101,"context_line":""},{"line_number":102,"context_line":"Sample File Generation"},{"line_number":103,"context_line":"~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":104,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"32ca7779_95927e21","line":101,"updated":"2021-09-15 17:25:23.000000000","message":"Introduce this section?\n\n\"This section provides examples for how to use the Oslo tools to manage policies.\"","commit_id":"b2ab293554006deda679299f59d846612d17fede"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"152fa23a6aa5fbf7b3f3d3c452faf90968e80047","unresolved":false,"context_lines":[{"line_number":98,"context_line":""},{"line_number":99,"context_line":"Oslo Tools For Policy Management"},{"line_number":100,"context_line":"--------------------------------"},{"line_number":101,"context_line":""},{"line_number":102,"context_line":"Sample File Generation"},{"line_number":103,"context_line":"~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":104,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"629d1bf7_f3ebd0ea","line":101,"in_reply_to":"32ca7779_95927e21","updated":"2021-09-16 22:28:37.000000000","message":"Ack","commit_id":"b2ab293554006deda679299f59d846612d17fede"},{"author":{"_account_id":31933,"name":"Greg Rakauskas","display_name":"Greg Rakauskas","email":"gregraka@redhat.com","username":"gregraka"},"change_message_id":"f9d62cefc759984a76eb8f8a45f1a3179f27602d","unresolved":true,"context_lines":[{"line_number":102,"context_line":"Sample File Generation"},{"line_number":103,"context_line":"~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"To generate a sample policy.yaml file from the Designate defaults, run the"},{"line_number":106,"context_line":"oslo policy generation script::"},{"line_number":107,"context_line":""},{"line_number":108,"context_line":"    oslopolicy-sample-generator"}],"source_content_type":"text/x-rst","patch_set":1,"id":"c63d95c8_1267f315","line":105,"range":{"start_line":105,"start_character":0,"end_line":105,"end_character":1},"updated":"2021-09-15 17:25:23.000000000","message":"Consider making all of these examples parallel.\n\nPerhaps?\n\n\"To generate a sample policy.yaml file from the Designate defaults, run this command::\"","commit_id":"b2ab293554006deda679299f59d846612d17fede"},{"author":{"_account_id":31933,"name":"Greg Rakauskas","display_name":"Greg Rakauskas","email":"gregraka@redhat.com","username":"gregraka"},"change_message_id":"f9d62cefc759984a76eb8f8a45f1a3179f27602d","unresolved":true,"context_lines":[{"line_number":112,"context_line":"Merged File Generation"},{"line_number":113,"context_line":"~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":114,"context_line":""},{"line_number":115,"context_line":"This will output a policy file which includes all registered policy defaults"},{"line_number":116,"context_line":"and all policies configured with a policy file. This file shows the effective"},{"line_number":117,"context_line":"policy in use by the project::"},{"line_number":118,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"37f84787_172820b4","line":115,"range":{"start_line":115,"start_character":0,"end_line":115,"end_character":2},"updated":"2021-09-15 17:25:23.000000000","message":"To be parallel:\n\n\"To generate a policy file which shows the effective policy in use by the project, and includes all registered policy defaults\nand all policies configured with a policy file, run this command::\"","commit_id":"b2ab293554006deda679299f59d846612d17fede"},{"author":{"_account_id":31933,"name":"Greg Rakauskas","display_name":"Greg Rakauskas","email":"gregraka@redhat.com","username":"gregraka"},"change_message_id":"f9d62cefc759984a76eb8f8a45f1a3179f27602d","unresolved":true,"context_lines":[{"line_number":119,"context_line":"    oslopolicy-policy-generator"},{"line_number":120,"context_line":"    --config-file etc/designate/designate-policy-generator.conf"},{"line_number":121,"context_line":""},{"line_number":122,"context_line":"This tool uses the output_file path from the config-file."},{"line_number":123,"context_line":""},{"line_number":124,"context_line":"List Redundant Configurations"},{"line_number":125,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":1,"id":"9199a728_b21f6f71","line":122,"range":{"start_line":122,"start_character":45,"end_line":122,"end_character":57},"updated":"2021-09-15 17:25:23.000000000","message":"Will customers know which config file this is?","commit_id":"b2ab293554006deda679299f59d846612d17fede"},{"author":{"_account_id":31933,"name":"Greg Rakauskas","display_name":"Greg Rakauskas","email":"gregraka@redhat.com","username":"gregraka"},"change_message_id":"f9d62cefc759984a76eb8f8a45f1a3179f27602d","unresolved":true,"context_lines":[{"line_number":124,"context_line":"List Redundant Configurations"},{"line_number":125,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":126,"context_line":""},{"line_number":127,"context_line":"This will output a list of matches for policy rules that are defined in a"},{"line_number":128,"context_line":"configuration file where the rule does not differ from a registered default"},{"line_number":129,"context_line":"rule. These are rules that can be removed from the policy file with no change"},{"line_number":130,"context_line":"in effective policy::"}],"source_content_type":"text/x-rst","patch_set":1,"id":"f8c70f51_b257bc35","line":127,"range":{"start_line":127,"start_character":0,"end_line":127,"end_character":2},"updated":"2021-09-15 17:25:23.000000000","message":"To be parallel:\n\n\"To generate a list of matches for policy rules that are defined in a\nconfiguration file where the rule does not differ from a registered default\nrule, run this command::\"","commit_id":"b2ab293554006deda679299f59d846612d17fede"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"152fa23a6aa5fbf7b3f3d3c452faf90968e80047","unresolved":false,"context_lines":[{"line_number":124,"context_line":"List Redundant Configurations"},{"line_number":125,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":126,"context_line":""},{"line_number":127,"context_line":"This will output a list of matches for policy rules that are defined in a"},{"line_number":128,"context_line":"configuration file where the rule does not differ from a registered default"},{"line_number":129,"context_line":"rule. These are rules that can be removed from the policy file with no change"},{"line_number":130,"context_line":"in effective policy::"}],"source_content_type":"text/x-rst","patch_set":1,"id":"a4771254_d8619b95","line":127,"range":{"start_line":127,"start_character":0,"end_line":127,"end_character":2},"in_reply_to":"f8c70f51_b257bc35","updated":"2021-09-16 22:28:37.000000000","message":"Ack","commit_id":"b2ab293554006deda679299f59d846612d17fede"},{"author":{"_account_id":31933,"name":"Greg Rakauskas","display_name":"Greg Rakauskas","email":"gregraka@redhat.com","username":"gregraka"},"change_message_id":"f9d62cefc759984a76eb8f8a45f1a3179f27602d","unresolved":true,"context_lines":[{"line_number":126,"context_line":""},{"line_number":127,"context_line":"This will output a list of matches for policy rules that are defined in a"},{"line_number":128,"context_line":"configuration file where the rule does not differ from a registered default"},{"line_number":129,"context_line":"rule. These are rules that can be removed from the policy file with no change"},{"line_number":130,"context_line":"in effective policy::"},{"line_number":131,"context_line":""},{"line_number":132,"context_line":"    oslopolicy-list-redundant"},{"line_number":133,"context_line":"    --config-file etc/designate/designate-policy-generator.conf"}],"source_content_type":"text/x-rst","patch_set":1,"id":"f4d2ce9c_0fd2afb4","line":130,"range":{"start_line":129,"start_character":7,"end_line":130,"end_character":19},"updated":"2021-09-15 17:25:23.000000000","message":"Place this sentence AFTER the code snippet?\n\n\"You can remove this list of matched policy rules from the policy file with no change\nin the effective policy.\"","commit_id":"b2ab293554006deda679299f59d846612d17fede"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"152fa23a6aa5fbf7b3f3d3c452faf90968e80047","unresolved":false,"context_lines":[{"line_number":126,"context_line":""},{"line_number":127,"context_line":"This will output a list of matches for policy rules that are defined in a"},{"line_number":128,"context_line":"configuration file where the rule does not differ from a registered default"},{"line_number":129,"context_line":"rule. These are rules that can be removed from the policy file with no change"},{"line_number":130,"context_line":"in effective policy::"},{"line_number":131,"context_line":""},{"line_number":132,"context_line":"    oslopolicy-list-redundant"},{"line_number":133,"context_line":"    --config-file etc/designate/designate-policy-generator.conf"}],"source_content_type":"text/x-rst","patch_set":1,"id":"5f6d6b45_c0c78afe","line":130,"range":{"start_line":129,"start_character":7,"end_line":130,"end_character":19},"in_reply_to":"f4d2ce9c_0fd2afb4","updated":"2021-09-16 22:28:37.000000000","message":"Ack","commit_id":"b2ab293554006deda679299f59d846612d17fede"},{"author":{"_account_id":31933,"name":"Greg Rakauskas","display_name":"Greg Rakauskas","email":"gregraka@redhat.com","username":"gregraka"},"change_message_id":"f9d62cefc759984a76eb8f8a45f1a3179f27602d","unresolved":true,"context_lines":[{"line_number":136,"context_line":"Designate Default Policy Overview"},{"line_number":137,"context_line":"---------------------------------"},{"line_number":138,"context_line":""},{"line_number":139,"context_line":"The following is an overview of all available policies in Designate. For a"},{"line_number":140,"context_line":"sample configuration file, refer to :doc:`samples/policy-yaml`."},{"line_number":141,"context_line":""},{"line_number":142,"context_line":".. show-policy::"}],"source_content_type":"text/x-rst","patch_set":1,"id":"6d7d9253_0cef3755","line":139,"range":{"start_line":139,"start_character":0,"end_line":139,"end_character":7},"updated":"2021-09-15 17:25:23.000000000","message":"To be parallel:\n\n\"To generate an overview of all available policies in Designate, run the following command::\"","commit_id":"b2ab293554006deda679299f59d846612d17fede"},{"author":{"_account_id":31933,"name":"Greg Rakauskas","display_name":"Greg Rakauskas","email":"gregraka@redhat.com","username":"gregraka"},"change_message_id":"f9d62cefc759984a76eb8f8a45f1a3179f27602d","unresolved":true,"context_lines":[{"line_number":137,"context_line":"---------------------------------"},{"line_number":138,"context_line":""},{"line_number":139,"context_line":"The following is an overview of all available policies in Designate. For a"},{"line_number":140,"context_line":"sample configuration file, refer to :doc:`samples/policy-yaml`."},{"line_number":141,"context_line":""},{"line_number":142,"context_line":".. show-policy::"},{"line_number":143,"context_line":"   :config-file: ../../etc/designate/designate-policy-generator.conf"}],"source_content_type":"text/x-rst","patch_set":1,"id":"7f137c21_6286c7f2","line":140,"range":{"start_line":140,"start_character":1,"end_line":140,"end_character":7},"updated":"2021-09-15 17:25:23.000000000","message":"Move this sentence AFTER the code snippet?\n\n\"For a sample configuration file, refer to :doc:`samples/policy-yaml`.\"","commit_id":"b2ab293554006deda679299f59d846612d17fede"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"152fa23a6aa5fbf7b3f3d3c452faf90968e80047","unresolved":true,"context_lines":[{"line_number":137,"context_line":"---------------------------------"},{"line_number":138,"context_line":""},{"line_number":139,"context_line":"The following is an overview of all available policies in Designate. For a"},{"line_number":140,"context_line":"sample configuration file, refer to :doc:`samples/policy-yaml`."},{"line_number":141,"context_line":""},{"line_number":142,"context_line":".. show-policy::"},{"line_number":143,"context_line":"   :config-file: ../../etc/designate/designate-policy-generator.conf"}],"source_content_type":"text/x-rst","patch_set":1,"id":"89edbe15_d612f62b","line":140,"range":{"start_line":140,"start_character":1,"end_line":140,"end_character":7},"in_reply_to":"7f137c21_6286c7f2","updated":"2021-09-16 22:28:37.000000000","message":"This is not a code snippet. This RST extension embeds the policy text into the document.","commit_id":"b2ab293554006deda679299f59d846612d17fede"}]}