)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"8824343d7aa0180d6f0c007e3f2aa0c0f48ebb8d","unresolved":true,"context_lines":[{"line_number":10,"context_line":"enforce scope and new defaults by default. Example Nova:"},{"line_number":11,"context_line":"- https://review.opendev.org/c/openstack/nova/+/866218)"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Until the new defaults enalbing by default is not released we"},{"line_number":14,"context_line":"should keep testing the old defaults in existing jobs and we can"},{"line_number":15,"context_line":"add new jobs testing new defautls. To do that we can provide the"},{"line_number":16,"context_line":"way in devstack to keep scope/new defaults disable by default which"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"83a03508_8087dd8d","line":13,"range":{"start_line":13,"start_character":23,"end_line":13,"end_character":31},"updated":"2023-01-12 20:46:06.000000000","message":"\"enabling\"","commit_id":"69d71cfdf9c24d48fbea366714f4595cbd120723"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"8824343d7aa0180d6f0c007e3f2aa0c0f48ebb8d","unresolved":true,"context_lines":[{"line_number":10,"context_line":"enforce scope and new defaults by default. Example Nova:"},{"line_number":11,"context_line":"- https://review.opendev.org/c/openstack/nova/+/866218)"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Until the new defaults enalbing by default is not released we"},{"line_number":14,"context_line":"should keep testing the old defaults in existing jobs and we can"},{"line_number":15,"context_line":"add new jobs testing new defautls. To do that we can provide the"},{"line_number":16,"context_line":"way in devstack to keep scope/new defaults disable by default which"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"1e7975fb_76329568","line":13,"range":{"start_line":13,"start_character":46,"end_line":13,"end_character":49},"updated":"2023-01-12 20:46:06.000000000","message":"\"not\" ? The negative logic in this sentence is confusing for me, and I even know what you mean already :)","commit_id":"69d71cfdf9c24d48fbea366714f4595cbd120723"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"8824343d7aa0180d6f0c007e3f2aa0c0f48ebb8d","unresolved":true,"context_lines":[{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Until the new defaults enalbing by default is not released we"},{"line_number":14,"context_line":"should keep testing the old defaults in existing jobs and we can"},{"line_number":15,"context_line":"add new jobs testing new defautls. To do that we can provide the"},{"line_number":16,"context_line":"way in devstack to keep scope/new defaults disable by default which"},{"line_number":17,"context_line":"can be enabled by setting enforce_scope variable to true."},{"line_number":18,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"cac0030e_8de49992","line":15,"range":{"start_line":15,"start_character":25,"end_line":15,"end_character":33},"updated":"2023-01-12 20:46:06.000000000","message":"\"defaults\"","commit_id":"69d71cfdf9c24d48fbea366714f4595cbd120723"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"8824343d7aa0180d6f0c007e3f2aa0c0f48ebb8d","unresolved":true,"context_lines":[{"line_number":13,"context_line":"Until the new defaults enalbing by default is not released we"},{"line_number":14,"context_line":"should keep testing the old defaults in existing jobs and we can"},{"line_number":15,"context_line":"add new jobs testing new defautls. To do that we can provide the"},{"line_number":16,"context_line":"way in devstack to keep scope/new defaults disable by default which"},{"line_number":17,"context_line":"can be enabled by setting enforce_scope variable to true."},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"Once any service release the new defaults enabled by default then"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"0aa2669b_98761250","line":16,"range":{"start_line":16,"start_character":54,"end_line":16,"end_character":61},"updated":"2023-01-12 20:46:06.000000000","message":"I think you just mean \"disabled\" right? This really lets us control them on or off, with our jobs, yeah?","commit_id":"69d71cfdf9c24d48fbea366714f4595cbd120723"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"8824343d7aa0180d6f0c007e3f2aa0c0f48ebb8d","unresolved":true,"context_lines":[{"line_number":17,"context_line":"can be enabled by setting enforce_scope variable to true."},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"Once any service release the new defaults enabled by default then"},{"line_number":20,"context_line":"we can switch the bhavior, enable the scope/new defaults by default"},{"line_number":21,"context_line":"and a single job can disbale them to keep testing the old defaults"},{"line_number":22,"context_line":"until service does not remove those."},{"line_number":23,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"7f39fbcb_869a5a3c","line":20,"range":{"start_line":20,"start_character":18,"end_line":20,"end_character":25},"updated":"2023-01-12 20:46:06.000000000","message":"\"behavior\"","commit_id":"69d71cfdf9c24d48fbea366714f4595cbd120723"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":22873,"name":"Martin Kopec","email":"mkopec@redhat.com","username":"mkopec"},"change_message_id":"a7bb8279e19d55bd4e59e32c94c5501a4f11002d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"321ef054_5fdd530e","updated":"2023-01-13 08:24:15.000000000","message":"2 questions to double check, other than that it looks good, giving +2 - in case the questions are not relevant feel free to +w right away","commit_id":"69d71cfdf9c24d48fbea366714f4595cbd120723"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"8824343d7aa0180d6f0c007e3f2aa0c0f48ebb8d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"23b29dba_ac082ebe","updated":"2023-01-12 20:46:06.000000000","message":"I\u0027m a bit confused by the commit message, but I think the gist is \"allow controlling the flags on or off explicitly\". Instead of what is there now, which is \"only enable if the flag is set, but never disable them. Right?\n\nAnyway, wording and grammar nits aside, looks like the right thing to do to me.","commit_id":"69d71cfdf9c24d48fbea366714f4595cbd120723"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"6359f71e5c9bae1020fabff806d9db3e3ae0c0d4","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"b584ce32_46299fc3","updated":"2023-01-11 18:32:08.000000000","message":"recheck ovn-nbctl: unix:/var/run/ovn/ovnnb_db.sock: database connection failure ","commit_id":"69d71cfdf9c24d48fbea366714f4595cbd120723"},{"author":{"_account_id":22873,"name":"Martin Kopec","email":"mkopec@redhat.com","username":"mkopec"},"change_message_id":"0125dc70a0bcdf8415753214b9bab534e759d3a7","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"6ab0e20b_e2cc104f","updated":"2023-01-13 19:23:07.000000000","message":"thanks","commit_id":"69d71cfdf9c24d48fbea366714f4595cbd120723"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"a5b2d1a77a07a200f059aa2fd7448c67fc3f691e","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"45301284_361e1306","in_reply_to":"23b29dba_ac082ebe","updated":"2023-01-12 21:16:15.000000000","message":"yeah, it is to provide the control to on/off the rbac flags. sorry for making commit msg confusing.","commit_id":"69d71cfdf9c24d48fbea366714f4595cbd120723"}],"lib/keystone":[{"author":{"_account_id":22873,"name":"Martin Kopec","email":"mkopec@redhat.com","username":"mkopec"},"change_message_id":"a7bb8279e19d55bd4e59e32c94c5501a4f11002d","unresolved":true,"context_lines":[{"line_number":266,"context_line":"        iniset $KEYSTONE_CONF security_compliance unique_last_password_count $KEYSTONE_UNIQUE_LAST_PASSWORD_COUNT"},{"line_number":267,"context_line":"    fi"},{"line_number":268,"context_line":""},{"line_number":269,"context_line":"    iniset $KEYSTONE_CONF oslo_policy policy_file policy.yaml"},{"line_number":270,"context_line":""},{"line_number":271,"context_line":"    if [[ \"$KEYSTONE_ENFORCE_SCOPE\" \u003d\u003d True || \"$ENFORCE_SCOPE\" \u003d\u003d True ]] ; then"},{"line_number":272,"context_line":"        iniset $KEYSTONE_CONF oslo_policy enforce_scope true"}],"source_content_type":"application/x-shellscript","patch_set":2,"id":"f4cc3a94_e5177dc0","line":269,"range":{"start_line":269,"start_character":4,"end_line":269,"end_character":1},"updated":"2023-01-13 08:24:15.000000000","message":"This was previously set only if ENFORCE_SCOPE was enabled, now it\u0027ll be set every time, is that intended?\n\nI just wanna double check the path to the file, is policy.yaml enough? In lib/neutron I can see that we use a whole path - $NEUTRON_CONF_DIR/policy.json (plus it\u0027s .json not .yaml).","commit_id":"69d71cfdf9c24d48fbea366714f4595cbd120723"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"bef71c91818de8c0270aa970e393e7608515ce9a","unresolved":true,"context_lines":[{"line_number":266,"context_line":"        iniset $KEYSTONE_CONF security_compliance unique_last_password_count $KEYSTONE_UNIQUE_LAST_PASSWORD_COUNT"},{"line_number":267,"context_line":"    fi"},{"line_number":268,"context_line":""},{"line_number":269,"context_line":"    iniset $KEYSTONE_CONF oslo_policy policy_file policy.yaml"},{"line_number":270,"context_line":""},{"line_number":271,"context_line":"    if [[ \"$KEYSTONE_ENFORCE_SCOPE\" \u003d\u003d True || \"$ENFORCE_SCOPE\" \u003d\u003d True ]] ; then"},{"line_number":272,"context_line":"        iniset $KEYSTONE_CONF oslo_policy enforce_scope true"}],"source_content_type":"application/x-shellscript","patch_set":2,"id":"19a3fc32_99778cee","line":269,"range":{"start_line":269,"start_character":4,"end_line":269,"end_character":1},"in_reply_to":"f4cc3a94_e5177dc0","updated":"2023-01-13 15:29:53.000000000","message":"this setting is only for keystone policy. but yes we should make policy file default as policy.yaml which was made default since wallaby. All good to set it here explcitly. or may be we can remove this in future and let it pick default from code.\n\n- https://governance.openstack.org/tc/goals/completed/wallaby/migrate-policy-format-from-json-to-yaml.html\n\n- https://github.com/openstack/keystone/blob/stable/wallaby/keystone/conf/__init__.py#L193","commit_id":"69d71cfdf9c24d48fbea366714f4595cbd120723"}]}