)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":14676,"name":"Kairat Kushaev","email":"kkushaev@mirantis.com","username":"kairat_kushaev"},"change_message_id":"b37bd13597e930853407d2574e6ccc1de843b296","unresolved":false,"context_lines":[{"line_number":7,"context_line":"Halt deletion if image is deactivated"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This checks if the image is in a \u0027deactivated\u0027 state and the user is"},{"line_number":10,"context_line":"not an admin. If so the user is not allowed to delete the image."},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"Change-Id: I19b516ffb90cfd6a1cb8f1c43e7a1ccbb7424a18"},{"line_number":13,"context_line":"Closes-Bug: 1522524"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":8,"id":"da0c15f0_abe19400","line":10,"updated":"2016-03-28 14:23:50.000000000","message":"IIUC we don\u0027t check if user is admin anymore, we just check policy file. Could you please clarify that?","commit_id":"19d151284ad20960733ab9dc728cfe6dc7efff81"}],"etc/glance-api.conf":[{"author":{"_account_id":17123,"name":"Tom Cocozzello (tjcocozz)","email":"tjcocozz@us.ibm.com","username":"tcocozzello"},"change_message_id":"fe99fdd4f69555688808a1a0e250484ead12b1d6","unresolved":false,"context_lines":[{"line_number":511,"context_line":"# option. (string value)"},{"line_number":512,"context_line":"#control_exchange \u003d openstack"},{"line_number":513,"context_line":""},{"line_number":514,"context_line":"#If the value is True this will limit the users ability"},{"line_number":515,"context_line":"#to delete an image if in the deactivated state."},{"line_number":516,"context_line":"#Allowing time for image inspection. (boolean value)"},{"line_number":517,"context_line":"#halt_deactivated_image_deletion \u003d true"}],"source_content_type":"text/plain","patch_set":4,"id":"7af24918_9fda5077","line":514,"range":{"start_line":514,"start_character":0,"end_line":514,"end_character":1},"updated":"2016-03-01 22:09:23.000000000","message":"space after \u0027#\u0027","commit_id":"47d68958811771ee86c390d3d6742c3bdf2cbb49"},{"author":{"_account_id":6159,"name":"Flavio Percoco Premoli","display_name":"flaper87","email":"flavio.percoco@flyrlabs.com","username":"flaper87"},"change_message_id":"d5a1cf65079dcfd91deb3c925c5439c474ae8bc1","unresolved":false,"context_lines":[{"line_number":514,"context_line":"# If the value is True this will limit the users ability"},{"line_number":515,"context_line":"# to delete an image if in the deactivated state."},{"line_number":516,"context_line":"# Allowing time for image inspection. (boolean value)"},{"line_number":517,"context_line":"#halt_deactivated_image_deletion \u003d true"},{"line_number":518,"context_line":""},{"line_number":519,"context_line":"[database]"},{"line_number":520,"context_line":""}],"source_content_type":"text/plain","patch_set":5,"id":"7af24918_c6c2d6e8","line":517,"updated":"2016-03-03 11:24:05.000000000","message":"The fact that we need a config option for this is a clear sign that we are changing the way the API works and we should probably discuss this a bit further.\n\nI\u0027d like us to reduce the number of config options we\u0027re adding to glance. I believe we\u0027ve more than enough and certainly some that should be cleaned up.","commit_id":"e4d9821db56fa8389cb59a728a36805264af4e78"}],"etc/policy.json":[{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"af4a263f06c1ecef093724001f75216a71224eac","unresolved":false,"context_lines":[{"line_number":31,"context_line":"    \"modify_task\": \"role:admin\","},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"    \"deactivate\": \"\","},{"line_number":34,"context_line":"    \"delete_deactivated_image\": \"\","},{"line_number":35,"context_line":"    \"reactivate\": \"\","},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"    \"get_metadef_namespace\": \"\","}],"source_content_type":"application/json","patch_set":12,"id":"fad55976_734b725a","line":34,"updated":"2016-07-15 15:10:29.000000000","message":"Is an empty string \u003d\u003d \"@\" (everyone), or does it mean the value configured for the \"default\" rule is used?\n\nIf the latter, we need this to be explicitly \"@\" in order to preserve the current behavior (which is what the spec-lite calls for).","commit_id":"60822efdf62fafb545ed8fb60c7c65b37a83f435"}],"glance/common/config.py":[{"author":{"_account_id":17123,"name":"Tom Cocozzello (tjcocozz)","email":"tjcocozz@us.ibm.com","username":"tcocozzello"},"change_message_id":"fe99fdd4f69555688808a1a0e250484ead12b1d6","unresolved":false,"context_lines":[{"line_number":173,"context_line":"                      \u0027digest-algorithms\" to get the available algorithms \u0027"},{"line_number":174,"context_line":"                      \u0027supported by the version of OpenSSL on the platform.\u0027"},{"line_number":175,"context_line":"                      \u0027 Examples are \"sha1\", \"sha256\", \"sha512\", etc.\u0027)),"},{"line_number":176,"context_line":"    cfg.BoolOpt(\u0027halt_deactivated_image_deletion\u0027, default\u003dTrue,"},{"line_number":177,"context_line":"               help\u003d_(\u0027If the value is True this will limit the users ability \u0027"},{"line_number":178,"context_line":"                      \u0027to delete an image if in the deactivated state. \u0027"},{"line_number":179,"context_line":"                      \u0027Allowing time for image inspection.\u0027)),"}],"source_content_type":"text/x-python","patch_set":4,"id":"7af24918_bfa3cc9d","line":176,"range":{"start_line":176,"start_character":59,"end_line":176,"end_character":63},"updated":"2016-03-01 22:09:23.000000000","message":"shouldn\u0027t we set this to false to keep the previous functionality?","commit_id":"47d68958811771ee86c390d3d6742c3bdf2cbb49"}],"glance/tests/etc/policy.json":[{"author":{"_account_id":14676,"name":"Kairat Kushaev","email":"kkushaev@mirantis.com","username":"kairat_kushaev"},"change_message_id":"31047a358a474f562471ff2340babb2da1f2a125","unresolved":false,"context_lines":[{"line_number":58,"context_line":""},{"line_number":59,"context_line":"    \"deactivate\": \"\","},{"line_number":60,"context_line":"    \"reactivate\": \"\","},{"line_number":61,"context_line":"    \"delete_deactivated_image\": \"\""},{"line_number":62,"context_line":"}"}],"source_content_type":"application/json","patch_set":9,"id":"9a061dce_66e02497","line":61,"updated":"2016-04-06 17:50:25.000000000","message":"I guess there should be deactivated_image_access option that returns(get, list) image info if image is de-activated. So it would be up to deployer to define that users are able to observe de-activated image.","commit_id":"8036540adc74b2c17d58ed52597548e0635aff6e"},{"author":{"_account_id":14676,"name":"Kairat Kushaev","email":"kkushaev@mirantis.com","username":"kairat_kushaev"},"change_message_id":"416415977b7fc5031aaeef2d0003c07030767e9d","unresolved":false,"context_lines":[{"line_number":58,"context_line":""},{"line_number":59,"context_line":"    \"deactivate\": \"\","},{"line_number":60,"context_line":"    \"reactivate\": \"\","},{"line_number":61,"context_line":"    \"delete_deactivated_image\": \"\""},{"line_number":62,"context_line":"}"}],"source_content_type":"application/json","patch_set":9,"id":"9a061dce_cfef6fe7","line":61,"in_reply_to":"9a061dce_49dff168","updated":"2016-04-07 05:09:18.000000000","message":"I am wondering about use case we wanna cover.\nIf we will setup delete_deactivated_image policy for every user then he needs to request image_id to execute actual delete.\nJust imagine the case:\n1. Admin de-activated image\n2. User noticed that image is de-activated\n3. User wanna delete image\nWith current approach user have to save image_id somehow before image is de-activated. I think it would be hard for user. So we need to provide id for de-activated images for users. That\u0027s why I raised the question.","commit_id":"8036540adc74b2c17d58ed52597548e0635aff6e"},{"author":{"_account_id":14676,"name":"Kairat Kushaev","email":"kkushaev@mirantis.com","username":"kairat_kushaev"},"change_message_id":"c88ab9f34a714199ed42a72b2a27ede5ba6c5bb2","unresolved":false,"context_lines":[{"line_number":58,"context_line":""},{"line_number":59,"context_line":"    \"deactivate\": \"\","},{"line_number":60,"context_line":"    \"reactivate\": \"\","},{"line_number":61,"context_line":"    \"delete_deactivated_image\": \"\""},{"line_number":62,"context_line":"}"}],"source_content_type":"application/json","patch_set":9,"id":"9a061dce_610e208d","line":61,"in_reply_to":"9a061dce_52665a51","updated":"2016-04-07 13:07:20.000000000","message":"I am sorry, guys.\nI messed image-list/get with image-download. Right now, image-download is prohibited which is ok, so users can get/list artifacts (but without locations).\nSo I am ok with change.","commit_id":"8036540adc74b2c17d58ed52597548e0635aff6e"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"56f03c855e91190dca298256eb397a0e2d93884b","unresolved":false,"context_lines":[{"line_number":58,"context_line":""},{"line_number":59,"context_line":"    \"deactivate\": \"\","},{"line_number":60,"context_line":"    \"reactivate\": \"\","},{"line_number":61,"context_line":"    \"delete_deactivated_image\": \"\""},{"line_number":62,"context_line":"}"}],"source_content_type":"application/json","patch_set":9,"id":"9a061dce_49dff168","line":61,"in_reply_to":"9a061dce_66e02497","updated":"2016-04-06 17:59:41.000000000","message":"I think that would be too broad, and it really changes the user story for a \u0027deactivated\u0027 image, which wasn\u0027t to make the image completely disappear, but to make the image data inaccessible until the image was either reactivated or deleted.  I think the current behavior for get/list a deactivated image is exactly what we want.","commit_id":"8036540adc74b2c17d58ed52597548e0635aff6e"},{"author":{"_account_id":14676,"name":"Kairat Kushaev","email":"kkushaev@mirantis.com","username":"kairat_kushaev"},"change_message_id":"e2efcdee69c5401176056ae2b9d14138262f2310","unresolved":false,"context_lines":[{"line_number":58,"context_line":""},{"line_number":59,"context_line":"    \"deactivate\": \"\","},{"line_number":60,"context_line":"    \"reactivate\": \"\","},{"line_number":61,"context_line":"    \"delete_deactivated_image\": \"\""},{"line_number":62,"context_line":"}"}],"source_content_type":"application/json","patch_set":9,"id":"9a061dce_ef37d3fc","line":61,"in_reply_to":"9a061dce_cfef6fe7","updated":"2016-04-07 05:30:03.000000000","message":"If we are not going to cover the case below then I am wondering if we need policy, because it would be hard to delete deactivated image for non-admin users in convinient way. So it seems easier just to prohibit this deletion at all to be consistent.","commit_id":"8036540adc74b2c17d58ed52597548e0635aff6e"},{"author":{"_account_id":17116,"name":"Niall Bunting","email":"niall.bunting@hpe.com","username":"NiallBunting"},"change_message_id":"42128b709c1c3157fd29b3662584a1cbf145cdf4","unresolved":false,"context_lines":[{"line_number":58,"context_line":""},{"line_number":59,"context_line":"    \"deactivate\": \"\","},{"line_number":60,"context_line":"    \"reactivate\": \"\","},{"line_number":61,"context_line":"    \"delete_deactivated_image\": \"\""},{"line_number":62,"context_line":"}"}],"source_content_type":"application/json","patch_set":9,"id":"9a061dce_52665a51","line":61,"in_reply_to":"9a061dce_ef37d3fc","updated":"2016-04-07 09:22:04.000000000","message":"I agree with Brian here. At the end of the day the image is the users so we can\u0027t hide it from their list because they should be able to see all their images, they should not have to make a note of image_ids beforehand.\n\nThe purpose of a deactivation is to separate the users from the image bytes. However currently this separation does not happen with delete.\n\nI think in this use case, it becomes:\n\u003e 1. Admin de-activated image\n\u003e 2. User noticed that image is de-activated\n\u003e 3. User wanna delete image\n4. User contacts support and finds out what\u0027s wrong and why they intervened. Where support can alert the user to a potential problem or find out more info from the user.","commit_id":"8036540adc74b2c17d58ed52597548e0635aff6e"}],"glance/tests/unit/v1/test_api.py":[{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"af4a263f06c1ecef093724001f75216a71224eac","unresolved":false,"context_lines":[{"line_number":1538,"context_line":"        self.assertEqual(403, res.status_int)"},{"line_number":1539,"context_line":""},{"line_number":1540,"context_line":"    def test_delete_deactivated_images(self, is_admin\u003dFalse):"},{"line_number":1541,"context_line":"        \"\"\"Tests exception raised trying to download a deactivated image\"\"\""},{"line_number":1542,"context_line":"        rules \u003d {\"delete_deactivated_image\": \"role:admin\", \"delete_image\": \u0027@\u0027}"},{"line_number":1543,"context_line":"        self.set_policy_rules(rules)"},{"line_number":1544,"context_line":""}],"source_content_type":"text/x-python","patch_set":12,"id":"fad55976_5090e4ec","line":1541,"range":{"start_line":1541,"start_character":44,"end_line":1541,"end_character":52},"updated":"2016-07-15 15:10:29.000000000","message":"s/download/delete/","commit_id":"60822efdf62fafb545ed8fb60c7c65b37a83f435"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"af4a263f06c1ecef093724001f75216a71224eac","unresolved":false,"context_lines":[{"line_number":1548,"context_line":"        self.assertEqual(403, res.status_int)"},{"line_number":1549,"context_line":""},{"line_number":1550,"context_line":"    def test_delete_deactivated_images_true(self, is_admin\u003dFalse):"},{"line_number":1551,"context_line":"        \"\"\"Tests exception raised trying to download a deactivated image\"\"\""},{"line_number":1552,"context_line":"        rules \u003d {\"delete_deactivated_image\": \u0027@\u0027, \"delete_image\": \u0027@\u0027}"},{"line_number":1553,"context_line":"        self.set_policy_rules(rules)"},{"line_number":1554,"context_line":"        req \u003d webob.Request.blank(\"/images/%s\" % UUID3)"}],"source_content_type":"text/x-python","patch_set":12,"id":"fad55976_1022ecb9","line":1551,"updated":"2016-07-15 15:10:29.000000000","message":"I think this comment is a bit inaccurate.","commit_id":"60822efdf62fafb545ed8fb60c7c65b37a83f435"}],"glance/tests/unit/v2/test_images_resource.py":[{"author":{"_account_id":17123,"name":"Tom Cocozzello (tjcocozz)","email":"tjcocozz@us.ibm.com","username":"tcocozzello"},"change_message_id":"fe99fdd4f69555688808a1a0e250484ead12b1d6","unresolved":false,"context_lines":[{"line_number":2063,"context_line":"        self.action_controller.deactivate(request, UUID1)"},{"line_number":2064,"context_line":"        with mock.patch.object("},{"line_number":2065,"context_line":"            glance.domain.proxy.Image,"},{"line_number":2066,"context_line":"            \u0027delete\u0027,"},{"line_number":2067,"context_line":"        ):"},{"line_number":2068,"context_line":"            with mock.patch.object("},{"line_number":2069,"context_line":"                glance.domain.proxy.Repo,"}],"source_content_type":"text/x-python","patch_set":4,"id":"7af24918_ff49d4d1","line":2066,"range":{"start_line":2066,"start_character":20,"end_line":2066,"end_character":21},"updated":"2016-03-01 22:09:23.000000000","message":"don\u0027t need the extra comma","commit_id":"47d68958811771ee86c390d3d6742c3bdf2cbb49"},{"author":{"_account_id":17123,"name":"Tom Cocozzello (tjcocozz)","email":"tjcocozz@us.ibm.com","username":"tcocozzello"},"change_message_id":"fe99fdd4f69555688808a1a0e250484ead12b1d6","unresolved":false,"context_lines":[{"line_number":2061,"context_line":"        self.config(halt_deactivated_image_deletion\u003dTrue)"},{"line_number":2062,"context_line":"        request \u003d unit_test_utils.get_fake_request(is_admin\u003dTrue)"},{"line_number":2063,"context_line":"        self.action_controller.deactivate(request, UUID1)"},{"line_number":2064,"context_line":"        with mock.patch.object("},{"line_number":2065,"context_line":"            glance.domain.proxy.Image,"},{"line_number":2066,"context_line":"            \u0027delete\u0027,"},{"line_number":2067,"context_line":"        ):"},{"line_number":2068,"context_line":"            with mock.patch.object("},{"line_number":2069,"context_line":"                glance.domain.proxy.Repo,"},{"line_number":2070,"context_line":"                \u0027remove\u0027"}],"source_content_type":"text/x-python","patch_set":4,"id":"7af24918_22795f94","line":2067,"range":{"start_line":2064,"start_character":8,"end_line":2067,"end_character":10},"updated":"2016-03-01 22:09:23.000000000","message":"can\u0027t this be on 1 line?","commit_id":"47d68958811771ee86c390d3d6742c3bdf2cbb49"},{"author":{"_account_id":17123,"name":"Tom Cocozzello (tjcocozz)","email":"tjcocozz@us.ibm.com","username":"tcocozzello"},"change_message_id":"fe99fdd4f69555688808a1a0e250484ead12b1d6","unresolved":false,"context_lines":[{"line_number":2065,"context_line":"            glance.domain.proxy.Image,"},{"line_number":2066,"context_line":"            \u0027delete\u0027,"},{"line_number":2067,"context_line":"        ):"},{"line_number":2068,"context_line":"            with mock.patch.object("},{"line_number":2069,"context_line":"                glance.domain.proxy.Repo,"},{"line_number":2070,"context_line":"                \u0027remove\u0027"},{"line_number":2071,"context_line":"            ):"},{"line_number":2072,"context_line":"                self.controller.delete(request, UUID1)"},{"line_number":2073,"context_line":""},{"line_number":2074,"context_line":"    def test_delete_from_deactive(self):"}],"source_content_type":"text/x-python","patch_set":4,"id":"7af24918_e248175e","line":2071,"range":{"start_line":2068,"start_character":12,"end_line":2071,"end_character":14},"updated":"2016-03-01 22:09:23.000000000","message":"can\u0027t this be on 1 line?","commit_id":"47d68958811771ee86c390d3d6742c3bdf2cbb49"}],"releasenotes/notes/bug-1522524-8054d22cf6049ea3.yaml":[{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"af4a263f06c1ecef093724001f75216a71224eac","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":12,"id":"fad55976_30dbb0ef","line":6,"updated":"2016-07-15 15:10:29.000000000","message":"How about:\n\nA new policy to govern the deletion of deactivated images, `delete_deactivated_image`, has been introduced.  Previously, the deletion of deactivated images was governed by the regular image deletion policy.  This change allows operators to configure specific roles to determine who can delete deactivated images.  The default value preserves the pre-Newton behavior.","commit_id":"60822efdf62fafb545ed8fb60c7c65b37a83f435"}]}