)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"1d1ba76cda5a59b4f8bb644648718eb34ae82d45","unresolved":true,"context_lines":[{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This commit updates the policies for Task APIs to explicitly set role:admin."},{"line_number":10,"context_line":"These defaults may change in the future under two conditions. One, when glance"},{"line_number":11,"context_line":"supports system-scope. Two, when/if we decide to expose the tasks API directly"},{"line_number":12,"context_line":"to end users."},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"Implements: blueprint secure-rbac"},{"line_number":15,"context_line":"Change-Id: I70a58acd78053b54187dba8e35273366f14c47a4"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":5,"id":"713fe523_8f9cde27","line":12,"range":{"start_line":11,"start_character":23,"end_line":12,"end_character":13},"updated":"2021-03-02 14:10:42.000000000","message":"This is less likely to happen.","commit_id":"774897d5973ff465dbefa9490f48b39feaaad35b"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"d7cc389ea092e1b0f90bf7677077ef99f3a6ac93","unresolved":true,"context_lines":[{"line_number":18,"context_line":"authorization behaviors that aren\u0027t obvious, due to nested authorization"},{"line_number":19,"context_line":"checks."},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"Implements: blueprint secure-rbac"},{"line_number":22,"context_line":"Change-Id: I70a58acd78053b54187dba8e35273366f14c47a4"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":31,"id":"dac875f6_815f8d4f","line":21,"range":{"start_line":21,"start_character":0,"end_line":21,"end_character":10},"updated":"2021-03-08 08:15:13.000000000","message":"nit: Related","commit_id":"605d653435481a84443035d439daebffc07006f0"}],"glance/api/policy.py":[{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"2dd98e640e330920714580c0079deb7bb9c9e338","unresolved":true,"context_lines":[{"line_number":457,"context_line":"        # to end-users, but that might not be for a while since users can query"},{"line_number":458,"context_line":"        # tasks through the image API (e.g., GET /v2/images/tasks)."},{"line_number":459,"context_line":"        #"},{"line_number":460,"context_line":"        # This comment applies to add() and save(), too."},{"line_number":461,"context_line":"        self.policy.enforce(self.context, \u0027get_task\u0027, {})"},{"line_number":462,"context_line":"        return super(TaskRepoProxy, self).get(task_id)"},{"line_number":463,"context_line":""}],"source_content_type":"text/x-python","patch_set":14,"id":"ac5e144a_07cf85a7","line":460,"updated":"2021-03-03 15:27:03.000000000","message":"NIT: The tasks API used to be available, got deprecated and as we couldn\u0027t remove it we defaulted it as Admin only. Very unlikely that we will be exposing this deprecated api by default ever.","commit_id":"bb31306ed91370be20cceed2c264f487978a7c26"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"4a0b6e1a6ed3f1cd45f88f257e7cd4f73cc70dad","unresolved":true,"context_lines":[{"line_number":457,"context_line":"        # to end-users, but that might not be for a while since users can query"},{"line_number":458,"context_line":"        # tasks through the image API (e.g., GET /v2/images/tasks)."},{"line_number":459,"context_line":"        #"},{"line_number":460,"context_line":"        # This comment applies to add() and save(), too."},{"line_number":461,"context_line":"        self.policy.enforce(self.context, \u0027get_task\u0027, {})"},{"line_number":462,"context_line":"        return super(TaskRepoProxy, self).get(task_id)"},{"line_number":463,"context_line":""}],"source_content_type":"text/x-python","patch_set":14,"id":"86e04cd6_875c9209","line":460,"in_reply_to":"ac5e144a_07cf85a7","updated":"2021-03-04 04:18:30.000000000","message":"Ack - good to know. Thanks for the context!","commit_id":"bb31306ed91370be20cceed2c264f487978a7c26"}],"glance/policies/tasks.py":[{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"44f67465d9a062775d8ed6610300c7c6bb861d5d","unresolved":true,"context_lines":[{"line_number":47,"context_line":"task_policies \u003d ["},{"line_number":48,"context_line":"    policy.RuleDefault("},{"line_number":49,"context_line":"        name\u003d\"get_task\","},{"line_number":50,"context_line":"        check_str\u003d\"role:admin and system_scope:all\","},{"line_number":51,"context_line":"        scope_types\u003d[\u0027system\u0027],"},{"line_number":52,"context_line":"        deprecated_rule\u003ddeprecated_get_task,"},{"line_number":53,"context_line":"        deprecated_reason\u003dDEPRECATED_REASON,"}],"source_content_type":"text/x-python","patch_set":1,"id":"9f23bf9e_87238110","line":50,"range":{"start_line":50,"start_character":18,"end_line":50,"end_character":51},"updated":"2020-11-24 14:58:38.000000000","message":"We could update this to use the `reader` role by default.\n\n  check_str\u003d\"role:reader and system_scope:all\"\n\nThis will be consistent with other read operations implemented across OpenStack.\n\nAlso, since we\u0027re likely going to be reusing this check string all over the place, we could put it in base.py.\n\nThoughts?","commit_id":"213dd43c06783458e6f07397df21a9b65832ba03"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"07580d73bcd0b47d6a41a5ff1213a31adae7c841","unresolved":true,"context_lines":[{"line_number":47,"context_line":"task_policies \u003d ["},{"line_number":48,"context_line":"    policy.RuleDefault("},{"line_number":49,"context_line":"        name\u003d\"get_task\","},{"line_number":50,"context_line":"        check_str\u003d\"role:admin and system_scope:all\","},{"line_number":51,"context_line":"        scope_types\u003d[\u0027system\u0027],"},{"line_number":52,"context_line":"        deprecated_rule\u003ddeprecated_get_task,"},{"line_number":53,"context_line":"        deprecated_reason\u003dDEPRECATED_REASON,"}],"source_content_type":"text/x-python","patch_set":1,"id":"c0563fe2_61068bd8","line":50,"range":{"start_line":50,"start_character":18,"end_line":50,"end_character":51},"in_reply_to":"9f23bf9e_87238110","updated":"2020-11-24 15:43:24.000000000","message":"This is just WIP patch, once roles or policy scope is finalized I will do the proper refactoring","commit_id":"213dd43c06783458e6f07397df21a9b65832ba03"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"44f67465d9a062775d8ed6610300c7c6bb861d5d","unresolved":true,"context_lines":[{"line_number":48,"context_line":"    policy.RuleDefault("},{"line_number":49,"context_line":"        name\u003d\"get_task\","},{"line_number":50,"context_line":"        check_str\u003d\"role:admin and system_scope:all\","},{"line_number":51,"context_line":"        scope_types\u003d[\u0027system\u0027],"},{"line_number":52,"context_line":"        deprecated_rule\u003ddeprecated_get_task,"},{"line_number":53,"context_line":"        deprecated_reason\u003dDEPRECATED_REASON,"},{"line_number":54,"context_line":"        deprecated_since\u003dversionutils.deprecated.WALLABY"}],"source_content_type":"text/x-python","patch_set":1,"id":"a79bba01_2ed8af66","line":51,"updated":"2020-11-24 14:58:38.000000000","message":"Would anyone be opposed to adding the operations to these (either in this patch or another patch)?","commit_id":"213dd43c06783458e6f07397df21a9b65832ba03"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"07580d73bcd0b47d6a41a5ff1213a31adae7c841","unresolved":true,"context_lines":[{"line_number":48,"context_line":"    policy.RuleDefault("},{"line_number":49,"context_line":"        name\u003d\"get_task\","},{"line_number":50,"context_line":"        check_str\u003d\"role:admin and system_scope:all\","},{"line_number":51,"context_line":"        scope_types\u003d[\u0027system\u0027],"},{"line_number":52,"context_line":"        deprecated_rule\u003ddeprecated_get_task,"},{"line_number":53,"context_line":"        deprecated_reason\u003dDEPRECATED_REASON,"},{"line_number":54,"context_line":"        deprecated_since\u003dversionutils.deprecated.WALLABY"}],"source_content_type":"text/x-python","patch_set":1,"id":"e00d0c41_a662bbf6","line":51,"in_reply_to":"a79bba01_2ed8af66","updated":"2020-11-24 15:43:24.000000000","message":"I don\u0027t think so there will be any problem for adding these operations in same patch unless there are advantages to break it into two.","commit_id":"213dd43c06783458e6f07397df21a9b65832ba03"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"44f67465d9a062775d8ed6610300c7c6bb861d5d","unresolved":true,"context_lines":[{"line_number":55,"context_line":"    ),"},{"line_number":56,"context_line":"    policy.RuleDefault("},{"line_number":57,"context_line":"        name\u003d\"get_tasks\","},{"line_number":58,"context_line":"        check_str\u003d\"role:admin and system_scope:all\","},{"line_number":59,"context_line":"        scope_types\u003d[\u0027system\u0027],"},{"line_number":60,"context_line":"        deprecated_rule\u003ddeprecated_get_tasks,"},{"line_number":61,"context_line":"        deprecated_reason\u003dDEPRECATED_REASON,"}],"source_content_type":"text/x-python","patch_set":1,"id":"69677511_2da2faf3","line":58,"range":{"start_line":58,"start_character":19,"end_line":58,"end_character":50},"updated":"2020-11-24 14:58:38.000000000","message":"Same comment as above about using `role:reader`.","commit_id":"213dd43c06783458e6f07397df21a9b65832ba03"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"07580d73bcd0b47d6a41a5ff1213a31adae7c841","unresolved":true,"context_lines":[{"line_number":55,"context_line":"    ),"},{"line_number":56,"context_line":"    policy.RuleDefault("},{"line_number":57,"context_line":"        name\u003d\"get_tasks\","},{"line_number":58,"context_line":"        check_str\u003d\"role:admin and system_scope:all\","},{"line_number":59,"context_line":"        scope_types\u003d[\u0027system\u0027],"},{"line_number":60,"context_line":"        deprecated_rule\u003ddeprecated_get_tasks,"},{"line_number":61,"context_line":"        deprecated_reason\u003dDEPRECATED_REASON,"}],"source_content_type":"text/x-python","patch_set":1,"id":"83a7ffae_02f748bc","line":58,"range":{"start_line":58,"start_character":19,"end_line":58,"end_character":50},"in_reply_to":"69677511_2da2faf3","updated":"2020-11-24 15:43:24.000000000","message":"ditto","commit_id":"213dd43c06783458e6f07397df21a9b65832ba03"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"44f67465d9a062775d8ed6610300c7c6bb861d5d","unresolved":true,"context_lines":[{"line_number":78,"context_line":"        deprecated_since\u003dversionutils.deprecated.WALLABY"},{"line_number":79,"context_line":"    ),"},{"line_number":80,"context_line":"    policy.RuleDefault("},{"line_number":81,"context_line":"        name\u003d\"tasks_api_access\","},{"line_number":82,"context_line":"        check_str\u003d\"role:admin and system_scope:all\","},{"line_number":83,"context_line":"        scope_types\u003d[\u0027system\u0027],"},{"line_number":84,"context_line":"        deprecated_rule\u003ddeprecated_tasks_api_access,"}],"source_content_type":"text/x-python","patch_set":1,"id":"438b54cd_ec0d8081","line":81,"range":{"start_line":81,"start_character":14,"end_line":81,"end_character":30},"updated":"2020-11-24 14:58:38.000000000","message":"It looks like this is used to protect a few different API endpoints?\n\nhttps://opendev.org/openstack/glance/src/branch/master/glance/api/v2/tasks.py#L121\nhttps://opendev.org/openstack/glance/src/branch/master/glance/api/v2/tasks.py#L142\nhttps://opendev.org/openstack/glance/src/branch/master/glance/api/v2/tasks.py#L216\nhttps://opendev.org/openstack/glance/src/branch/master/glance/api/v2/tasks.py#L233\n\n\nI\u0027m wondering if tasks_api_access is redundant with the policies above? I\u0027m also wondering if we should consider breaking the tasks_api_access into more specific and granular policies so that we can allow read access, since it looks like it protects read and write endpoints.","commit_id":"213dd43c06783458e6f07397df21a9b65832ba03"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"07580d73bcd0b47d6a41a5ff1213a31adae7c841","unresolved":true,"context_lines":[{"line_number":78,"context_line":"        deprecated_since\u003dversionutils.deprecated.WALLABY"},{"line_number":79,"context_line":"    ),"},{"line_number":80,"context_line":"    policy.RuleDefault("},{"line_number":81,"context_line":"        name\u003d\"tasks_api_access\","},{"line_number":82,"context_line":"        check_str\u003d\"role:admin and system_scope:all\","},{"line_number":83,"context_line":"        scope_types\u003d[\u0027system\u0027],"},{"line_number":84,"context_line":"        deprecated_rule\u003ddeprecated_tasks_api_access,"}],"source_content_type":"text/x-python","patch_set":1,"id":"38d9ebe8_ab24475e","line":81,"range":{"start_line":81,"start_character":14,"end_line":81,"end_character":30},"in_reply_to":"438b54cd_ec0d8081","updated":"2020-11-24 15:43:24.000000000","message":"Need Brian or Erno to address this, IMO it is redundant but not aware what is the purpose of adding this in first place.","commit_id":"213dd43c06783458e6f07397df21a9b65832ba03"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"1d1ba76cda5a59b4f8bb644648718eb34ae82d45","unresolved":true,"context_lines":[{"line_number":25,"context_line":"\"\"\""},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"TASK_ACCESS_DESCRIPTION \u003d \"\"\""},{"line_number":28,"context_line":"This is a generic policy for protecting all task APIs. It is it not granular"},{"line_number":29,"context_line":"and will not allow you to separate writable and readable task operations into"},{"line_number":30,"context_line":"different roles."},{"line_number":31,"context_line":"\"\"\""}],"source_content_type":"text/x-python","patch_set":9,"id":"28a0268d_d6f30e95","line":28,"range":{"start_line":28,"start_character":55,"end_line":28,"end_character":63},"updated":"2021-03-02 14:10:42.000000000","message":"s/It is it/ It is","commit_id":"5629320df5b896318b0c6806032ee036fe24f890"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"a80ddabe241cad2a0cc378bd7190f770ff51e967","unresolved":false,"context_lines":[{"line_number":25,"context_line":"\"\"\""},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"TASK_ACCESS_DESCRIPTION \u003d \"\"\""},{"line_number":28,"context_line":"This is a generic policy for protecting all task APIs. It is it not granular"},{"line_number":29,"context_line":"and will not allow you to separate writable and readable task operations into"},{"line_number":30,"context_line":"different roles."},{"line_number":31,"context_line":"\"\"\""}],"source_content_type":"text/x-python","patch_set":9,"id":"42510091_342376b5","line":28,"range":{"start_line":28,"start_character":55,"end_line":28,"end_character":63},"in_reply_to":"28a0268d_d6f30e95","updated":"2021-03-02 22:44:03.000000000","message":"Done","commit_id":"5629320df5b896318b0c6806032ee036fe24f890"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"4eec054be94de17ff0e26617f27b8b5b79655f11","unresolved":true,"context_lines":[{"line_number":65,"context_line":"    ),"},{"line_number":66,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":67,"context_line":"        name\u003d\"add_task\","},{"line_number":68,"context_line":"        check_str\u003d\"role:admin\","},{"line_number":69,"context_line":"        scope_types\u003d[\u0027system\u0027, \u0027project\u0027],"},{"line_number":70,"context_line":"        description\u003d\u0027List tasks for all images.\u0027,"},{"line_number":71,"context_line":"        operations\u003d["}],"source_content_type":"text/x-python","patch_set":14,"id":"5872b700_bd5ee3d5","line":68,"updated":"2021-03-04 21:27:44.000000000","message":"This is required for regular users to create tasks as part of import, apparently. I\u0027m not sure why all the import tasks are not failing because of this, but it does cause the nova-ceph-multistore job, with new defaults, to fail to cross this boundary in the process of doing things it is otherwise allowed to do.\n\nThis was rule:default before, so I think it probably needs to remain that way, along with the rest of the CRUD operations here I expect. the task_api_access being admin-only (before and after this change) should keep the actual API hidden I think?","commit_id":"bb31306ed91370be20cceed2c264f487978a7c26"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"0fa73cbcfa3edd50cb517a7a6d52cf18a2fbb4f6","unresolved":false,"context_lines":[{"line_number":65,"context_line":"    ),"},{"line_number":66,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":67,"context_line":"        name\u003d\"add_task\","},{"line_number":68,"context_line":"        check_str\u003d\"role:admin\","},{"line_number":69,"context_line":"        scope_types\u003d[\u0027system\u0027, \u0027project\u0027],"},{"line_number":70,"context_line":"        description\u003d\u0027List tasks for all images.\u0027,"},{"line_number":71,"context_line":"        operations\u003d["}],"source_content_type":"text/x-python","patch_set":14,"id":"15754652_43f6d07b","line":68,"in_reply_to":"5872b700_bd5ee3d5","updated":"2021-03-04 23:13:25.000000000","message":"Yeah - I think that makes sense.\n\nI misunderstood all this when I proposed the original reviews and I couldn\u0027t really figure out why the CRUD policies existed because they weren\u0027t invoked from the controller layer.\n\nThis is starting to make more sense now.","commit_id":"bb31306ed91370be20cceed2c264f487978a7c26"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"d6d65ca54998bd7712ce8deb9deed7a828c17242","unresolved":true,"context_lines":[{"line_number":18,"context_line":"This policy is only used internally within glance, after enforcement is checked"},{"line_number":19,"context_line":"via another policy. Exposing this policy and adjusting it with overrides only"},{"line_number":20,"context_line":"opens up a deployment to experience odd authorization failures. This policy"},{"line_number":21,"context_line":"will be removed in a future release."},{"line_number":22,"context_line":"\"\"\""},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"TASK_DESCRIPTION \u003d \"\"\""}],"source_content_type":"text/x-python","patch_set":31,"id":"c9d3bac6_49e36fe3","line":21,"updated":"2021-03-08 15:26:19.000000000","message":"I think Lance was describing this as the future thing we\u0027re removing, but I think this is not accurate currently.\n\nI think this should be something like \"This is a granular access policy which must be left open in order for things like import to work. Access to the task API should be controlled by \u0027tasks_api_access\u0027. Changing this is probably not what you want.\"\n\nAnd then later, when we have moved it to _just_ control the tasks api granular CRUD operation, we can update the description.\n\nMake sense?","commit_id":"605d653435481a84443035d439daebffc07006f0"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"3e81873c38282925fbe0a2f6e26d09924f714cdb","unresolved":true,"context_lines":[{"line_number":18,"context_line":"This policy is only used internally within glance, after enforcement is checked"},{"line_number":19,"context_line":"via another policy. Exposing this policy and adjusting it with overrides only"},{"line_number":20,"context_line":"opens up a deployment to experience odd authorization failures. This policy"},{"line_number":21,"context_line":"will be removed in a future release."},{"line_number":22,"context_line":"\"\"\""},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"TASK_DESCRIPTION \u003d \"\"\""}],"source_content_type":"text/x-python","patch_set":31,"id":"033f0273_23009c38","line":21,"in_reply_to":"c9d3bac6_49e36fe3","updated":"2021-03-08 15:38:49.000000000","message":"Correct","commit_id":"605d653435481a84443035d439daebffc07006f0"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"d6d65ca54998bd7712ce8deb9deed7a828c17242","unresolved":true,"context_lines":[{"line_number":25,"context_line":"This policy endpoint does not control access to the tasks API. It solely exists"},{"line_number":26,"context_line":"to be called internally within glance during other operations, like creating"},{"line_number":27,"context_line":"tasks for copying images. Changing this default policy may have adverse"},{"line_number":28,"context_line":"side-effects in broader workflows with other OpenStack services."},{"line_number":29,"context_line":"\"\"\""},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"MODIFY_TASK_DESCRIPTION \u003d \"\"\""}],"source_content_type":"text/x-python","patch_set":31,"id":"a18066fc_6c575d9a","line":28,"updated":"2021-03-08 15:26:19.000000000","message":"This also is not right, as I think if you enable tasks-api-access for someone, you have to also grant them this (or leave it open).","commit_id":"605d653435481a84443035d439daebffc07006f0"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"3e81873c38282925fbe0a2f6e26d09924f714cdb","unresolved":true,"context_lines":[{"line_number":25,"context_line":"This policy endpoint does not control access to the tasks API. It solely exists"},{"line_number":26,"context_line":"to be called internally within glance during other operations, like creating"},{"line_number":27,"context_line":"tasks for copying images. Changing this default policy may have adverse"},{"line_number":28,"context_line":"side-effects in broader workflows with other OpenStack services."},{"line_number":29,"context_line":"\"\"\""},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"MODIFY_TASK_DESCRIPTION \u003d \"\"\""}],"source_content_type":"text/x-python","patch_set":31,"id":"e7ba0b90_cf899eba","line":28,"in_reply_to":"a18066fc_6c575d9a","updated":"2021-03-08 15:38:49.000000000","message":"I think he has written this on the basis of current default task policies.\ncurrent tasks-api-access is default to admin only and other task policies are open to all (i.e. default_rule \u003d \"\")","commit_id":"605d653435481a84443035d439daebffc07006f0"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"d6d65ca54998bd7712ce8deb9deed7a828c17242","unresolved":true,"context_lines":[{"line_number":30,"context_line":""},{"line_number":31,"context_line":"MODIFY_TASK_DESCRIPTION \u003d \"\"\""},{"line_number":32,"context_line":"This policy isn\u0027t actually used anywhere in glance\u0027s task API. Tasks are"},{"line_number":33,"context_line":"automatically deleted based on expired_at properties."},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"This policy endpoint does not control access to the tasks API. It solely exists"},{"line_number":36,"context_line":"to be called internally within glance during other operations, like creating"}],"source_content_type":"text/x-python","patch_set":31,"id":"3cd9608d_eead601c","line":33,"updated":"2021-03-08 15:26:19.000000000","message":"This does not seem to be referenced anywhere. We could either continue the deprecation for this, or change this comment to say \"this is not currently checked but may be in the future.\"\n\nI was thinking there was some PUT you could do on a task, but I don\u0027t really know.","commit_id":"605d653435481a84443035d439daebffc07006f0"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"3e81873c38282925fbe0a2f6e26d09924f714cdb","unresolved":true,"context_lines":[{"line_number":30,"context_line":""},{"line_number":31,"context_line":"MODIFY_TASK_DESCRIPTION \u003d \"\"\""},{"line_number":32,"context_line":"This policy isn\u0027t actually used anywhere in glance\u0027s task API. Tasks are"},{"line_number":33,"context_line":"automatically deleted based on expired_at properties."},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"This policy endpoint does not control access to the tasks API. It solely exists"},{"line_number":36,"context_line":"to be called internally within glance during other operations, like creating"}],"source_content_type":"text/x-python","patch_set":31,"id":"fb1cb02e_4ed6c627","line":33,"in_reply_to":"3cd9608d_eead601c","updated":"2021-03-08 15:38:49.000000000","message":"No I don\u0027t think we have some api to update the task","commit_id":"605d653435481a84443035d439daebffc07006f0"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"90903893e0e46abdab682410a8ee97896e5e8d35","unresolved":true,"context_lines":[{"line_number":77,"context_line":"        name\u003d\"add_task\","},{"line_number":78,"context_line":"        check_str\u003d\u0027rule:default\u0027,"},{"line_number":79,"context_line":"        scope_types\u003d[\u0027system\u0027, \u0027project\u0027],"},{"line_number":80,"context_line":"        description\u003d\u0027List tasks for all images.\\n\u0027 + TASK_DESCRIPTION,"},{"line_number":81,"context_line":"        operations\u003d["},{"line_number":82,"context_line":"            {\u0027path\u0027: \u0027/v2/tasks\u0027,"},{"line_number":83,"context_line":"             \u0027method\u0027: \u0027POST\u0027}"}],"source_content_type":"text/x-python","patch_set":31,"id":"4d43d846_a163f894","line":80,"range":{"start_line":80,"start_character":21,"end_line":80,"end_character":25},"updated":"2021-03-08 15:19:39.000000000","message":"This is wrong.","commit_id":"605d653435481a84443035d439daebffc07006f0"}]}