)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"d71dc1df6a9582e7d4f15faa8fa070c35d523043","unresolved":true,"context_lines":[{"line_number":4,"context_line":"Commit:     Pranali Deore \u003cpdeore@redhat.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2021-07-05 14:27:56 +0000"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Implement Secure RBAC for metadef namespaces"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This commit updates the policies for metadef namespaces"},{"line_number":10,"context_line":"to use default roles available from keystone."}],"source_content_type":"text/x-gerrit-commit-message","patch_set":5,"id":"7652981f_5030d095","line":7,"range":{"start_line":7,"start_character":0,"end_line":7,"end_character":44},"updated":"2021-07-05 14:52:03.000000000","message":"Title should be Implement project persona for metadef namespaces\n\nAs this is not implementing both project and system scope of secure RBAC","commit_id":"0e85063b980f20acde50df9495cb0a08a478f86f"}],"glance/api/policy.py":[{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"d71dc1df6a9582e7d4f15faa8fa070c35d523043","unresolved":true,"context_lines":[{"line_number":584,"context_line":""},{"line_number":585,"context_line":"    def get(self, namespace):"},{"line_number":586,"context_line":"        ns \u003d super(MetadefNamespaceRepoProxy, self).get(namespace)"},{"line_number":587,"context_line":"        target \u003d {\u0027project_id\u0027: ns.context.project_id}"},{"line_number":588,"context_line":"        self.policy.enforce(self.context, \u0027get_metadef_namespace\u0027, target)"},{"line_number":589,"context_line":"        return ns"},{"line_number":590,"context_line":""}],"source_content_type":"text/x-python","patch_set":5,"id":"823ed15d_f517f6ed","line":587,"range":{"start_line":587,"start_character":32,"end_line":587,"end_character":53},"updated":"2021-07-05 14:52:03.000000000","message":"why not self.context.projectP_id?","commit_id":"0e85063b980f20acde50df9495cb0a08a478f86f"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"d71dc1df6a9582e7d4f15faa8fa070c35d523043","unresolved":true,"context_lines":[{"line_number":597,"context_line":"        target \u003d {\u0027project_id\u0027: self.context.project_id}"},{"line_number":598,"context_line":"        self.policy.enforce(self.context, \u0027get_metadef_namespaces\u0027, target)"},{"line_number":599,"context_line":"        ns_list \u003d super(MetadefNamespaceRepoProxy, self).list(*args, **kwargs)"},{"line_number":600,"context_line":"        filtered_namespaces \u003d []"},{"line_number":601,"context_line":"        if self.context.project_id and not self.context.is_admin:"},{"line_number":602,"context_line":"            for namespace in ns_list:"},{"line_number":603,"context_line":"                if namespace.owner \u003d\u003d self.context.project_id:"},{"line_number":604,"context_line":"                    filtered_namespaces.append(namespace)"},{"line_number":605,"context_line":"                elif namespace.visibility \u003d\u003d \u0027public\u0027:"},{"line_number":606,"context_line":"                    filtered_namespaces.append(namespace)"},{"line_number":607,"context_line":"        elif self.context.is_admin:"},{"line_number":608,"context_line":"            filtered_namespaces \u003d ns_list"},{"line_number":609,"context_line":"        return filtered_namespaces"},{"line_number":610,"context_line":""},{"line_number":611,"context_line":"    def save(self, namespace):"}],"source_content_type":"text/x-python","patch_set":5,"id":"0491e954_a07c4251","line":608,"range":{"start_line":600,"start_character":8,"end_line":608,"end_character":41},"updated":"2021-07-05 14:52:03.000000000","message":"You should move this logic to API side.","commit_id":"0e85063b980f20acde50df9495cb0a08a478f86f"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"3023a0c20936290a105fcfabc8d66246ef5c1eda","unresolved":true,"context_lines":[{"line_number":180,"context_line":"        # enforcement. If the user passes policy enforcement, append the image"},{"line_number":181,"context_line":"        # to the list of filtered images. If not, the image should be removed"},{"line_number":182,"context_line":"        # from the list of images returned to the user."},{"line_number":183,"context_line":""},{"line_number":184,"context_line":"        target \u003d {\u0027project_id\u0027: self.context.project_id}"},{"line_number":185,"context_line":"        self.policy.enforce(self.context, \u0027get_images\u0027, target)"},{"line_number":186,"context_line":"        return super(ImageRepoProxy, self).list(*args, **kwargs)"}],"source_content_type":"text/x-python","patch_set":6,"id":"c043e857_c56eb88c","line":183,"updated":"2021-07-06 13:46:33.000000000","message":"Unnecessary blank line","commit_id":"d8f7c75d3146f4c92e473023b4ba4af3ab667107"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"3023a0c20936290a105fcfabc8d66246ef5c1eda","unresolved":true,"context_lines":[{"line_number":586,"context_line":"    def get(self, namespace):"},{"line_number":587,"context_line":"        ns \u003d super(MetadefNamespaceRepoProxy, self).get(namespace)"},{"line_number":588,"context_line":"        target \u003d {\u0027project_id\u0027: ns.context.project_id}"},{"line_number":589,"context_line":"        self.policy.enforce(self.context, \u0027get_metadef_namespace\u0027, target)"},{"line_number":590,"context_line":"        return ns"},{"line_number":591,"context_line":""},{"line_number":592,"context_line":"    def list(self, *args, **kwargs):"}],"source_content_type":"text/x-python","patch_set":6,"id":"9cf488a6_a3c4d4b0","line":589,"range":{"start_line":589,"start_character":8,"end_line":589,"end_character":74},"updated":"2021-07-06 13:46:33.000000000","message":"Why are you enforcing policy after get call?","commit_id":"d8f7c75d3146f4c92e473023b4ba4af3ab667107"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"3023a0c20936290a105fcfabc8d66246ef5c1eda","unresolved":true,"context_lines":[{"line_number":598,"context_line":"        target \u003d {\u0027project_id\u0027: self.context.project_id}"},{"line_number":599,"context_line":"        self.policy.enforce(self.context, \u0027get_metadef_namespaces\u0027, target)"},{"line_number":600,"context_line":"        ns_list \u003d super(MetadefNamespaceRepoProxy, self).list(*args, **kwargs)"},{"line_number":601,"context_line":"        filtered_namespaces \u003d []"},{"line_number":602,"context_line":"        if self.context.project_id and not self.context.is_admin:"},{"line_number":603,"context_line":"            for namespace in ns_list:"},{"line_number":604,"context_line":"                if namespace.owner \u003d\u003d self.context.project_id:"},{"line_number":605,"context_line":"                    filtered_namespaces.append(namespace)"},{"line_number":606,"context_line":"                elif namespace.visibility \u003d\u003d \u0027public\u0027:"},{"line_number":607,"context_line":"                    filtered_namespaces.append(namespace)"},{"line_number":608,"context_line":"        elif self.context.is_admin:"},{"line_number":609,"context_line":"            filtered_namespaces \u003d ns_list"},{"line_number":610,"context_line":"        return filtered_namespaces"},{"line_number":611,"context_line":""},{"line_number":612,"context_line":"    def save(self, namespace):"}],"source_content_type":"text/x-python","patch_set":6,"id":"87e10c05_ee58acb1","line":609,"range":{"start_line":601,"start_character":8,"end_line":609,"end_character":41},"updated":"2021-07-06 13:46:33.000000000","message":"As per my previous comment, you need to move this logic to API layer.","commit_id":"d8f7c75d3146f4c92e473023b4ba4af3ab667107"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"c9ea1d518a299fc7c93e31be3e6b7ff14908bb13","unresolved":true,"context_lines":[{"line_number":598,"context_line":"        target \u003d {\u0027project_id\u0027: self.context.project_id}"},{"line_number":599,"context_line":"        self.policy.enforce(self.context, \u0027get_metadef_namespaces\u0027, target)"},{"line_number":600,"context_line":"        ns_list \u003d super(MetadefNamespaceRepoProxy, self).list(*args, **kwargs)"},{"line_number":601,"context_line":"        filtered_namespaces \u003d []"},{"line_number":602,"context_line":"        if self.context.project_id and not self.context.is_admin:"},{"line_number":603,"context_line":"            for namespace in ns_list:"},{"line_number":604,"context_line":"                if namespace.owner \u003d\u003d self.context.project_id:"},{"line_number":605,"context_line":"                    filtered_namespaces.append(namespace)"},{"line_number":606,"context_line":"                elif namespace.visibility \u003d\u003d \u0027public\u0027:"},{"line_number":607,"context_line":"                    filtered_namespaces.append(namespace)"},{"line_number":608,"context_line":"        elif self.context.is_admin:"},{"line_number":609,"context_line":"            filtered_namespaces \u003d ns_list"},{"line_number":610,"context_line":"        return filtered_namespaces"},{"line_number":611,"context_line":""},{"line_number":612,"context_line":"    def save(self, namespace):"}],"source_content_type":"text/x-python","patch_set":6,"id":"138cc903_1ad2ca23","line":609,"range":{"start_line":601,"start_character":8,"end_line":609,"end_character":41},"in_reply_to":"87e10c05_ee58acb1","updated":"2021-07-07 06:39:17.000000000","message":"On second thought, I think if you change the RBAC policy to include visibility check then you don\u0027t need this logic to filter the namespace list.","commit_id":"d8f7c75d3146f4c92e473023b4ba4af3ab667107"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"8fdaec734715d60061640a8f93e4cda18e10f858","unresolved":true,"context_lines":[{"line_number":584,"context_line":""},{"line_number":585,"context_line":"    def get(self, namespace):"},{"line_number":586,"context_line":"        target \u003d {\u0027project_id\u0027: self.context.project_id}"},{"line_number":587,"context_line":"        self.policy.enforce(self.context, \u0027get_metadef_namespace\u0027, target)"},{"line_number":588,"context_line":"        return super(MetadefNamespaceRepoProxy, self).get(namespace)"},{"line_number":589,"context_line":""},{"line_number":590,"context_line":"    def list(self, *args, **kwargs):"}],"source_content_type":"text/x-python","patch_set":7,"id":"b67cb4cb_4d9f55b1","line":587,"range":{"start_line":587,"start_character":8,"end_line":587,"end_character":74},"updated":"2021-07-08 07:21:05.000000000","message":"This policy check is giving us wrong impression. The RBAC check here we are checking is\nrole:admin or (project_reader or visibility_public)\n\nNow when I try to access private namespace of Tenant B using Tenant A\u0027s credential it should fail with forbidden at this line but actually it returns me 404 as this enforcement passes and while getting the namespace from the database at line 588 it checks for visibility at db layer and returns 404 not found to me.\n\nActually this should fail at line 587 and return 403 Forbidden to user in this case.","commit_id":"70ec60bdb12b6e0ad495da6e6a6ef7ffe779eefb"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"c8e8c8f61099b229bb6f883ac5e5a1446c70cf3e","unresolved":true,"context_lines":[{"line_number":591,"context_line":"                             namespace_proxy_kwargs\u003dproxy_kwargs)"},{"line_number":592,"context_line":""},{"line_number":593,"context_line":"    def get(self, namespace):"},{"line_number":594,"context_line":"        # FIXME(pdeore): Currently it is raising HTTP 404 from db layer but"},{"line_number":595,"context_line":"        # ideally it should raise HTTP 403"},{"line_number":596,"context_line":"        ns \u003d super(MetadefNamespaceRepoProxy, self).get(namespace)"},{"line_number":597,"context_line":"        target \u003d _build_namespace_target(ns)"},{"line_number":598,"context_line":"        self.policy.enforce(self.context, \u0027get_metadef_namespace\u0027, target)"}],"source_content_type":"text/x-python","patch_set":9,"id":"3f52af7f_37b388d1","line":595,"range":{"start_line":594,"start_character":8,"end_line":595,"end_character":42},"updated":"2021-07-12 05:44:21.000000000","message":"AFAIK this warning should be like, Currently if you try to access private namespace outside of project scope it is raising HTTP 404 from db layer but ideally it should raise HTTP 403.","commit_id":"b169b6e00556293743ee2e7b303dc737b5e2769a"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"2e5e57ed8c4a4e6567a6894b8d47db5d3db92ab1","unresolved":false,"context_lines":[{"line_number":591,"context_line":"                             namespace_proxy_kwargs\u003dproxy_kwargs)"},{"line_number":592,"context_line":""},{"line_number":593,"context_line":"    def get(self, namespace):"},{"line_number":594,"context_line":"        # FIXME(pdeore): Currently it is raising HTTP 404 from db layer but"},{"line_number":595,"context_line":"        # ideally it should raise HTTP 403"},{"line_number":596,"context_line":"        ns \u003d super(MetadefNamespaceRepoProxy, self).get(namespace)"},{"line_number":597,"context_line":"        target \u003d _build_namespace_target(ns)"},{"line_number":598,"context_line":"        self.policy.enforce(self.context, \u0027get_metadef_namespace\u0027, target)"}],"source_content_type":"text/x-python","patch_set":9,"id":"fffd66b5_869dd3e5","line":595,"range":{"start_line":594,"start_character":8,"end_line":595,"end_character":42},"in_reply_to":"3f52af7f_37b388d1","updated":"2021-07-13 09:06:12.000000000","message":"Done","commit_id":"b169b6e00556293743ee2e7b303dc737b5e2769a"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"b034756dc6c208d3dafc526c1794e8ae6b4ead8c","unresolved":true,"context_lines":[{"line_number":591,"context_line":"                             namespace_proxy_kwargs\u003dproxy_kwargs)"},{"line_number":592,"context_line":""},{"line_number":593,"context_line":"    def get(self, namespace):"},{"line_number":594,"context_line":"        ns \u003d super(MetadefNamespaceRepoProxy, self).get(namespace)"},{"line_number":595,"context_line":"        target \u003d _build_namespace_target(ns)"},{"line_number":596,"context_line":"        self.policy.enforce(self.context, \u0027get_metadef_namespace\u0027, target)"},{"line_number":597,"context_line":"        return ns"}],"source_content_type":"text/x-python","patch_set":21,"id":"89a3d273_975cac26","line":594,"range":{"start_line":594,"start_character":8,"end_line":594,"end_character":66},"updated":"2021-07-23 08:23:53.000000000","message":"You are getting Forbidden here only from the db layer and not at the line #596.","commit_id":"559bc00702310f6a1deb12e354265ab1a8436bdb"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"9499bc454e7331105b29dbdc656cf67e61627bfa","unresolved":true,"context_lines":[{"line_number":591,"context_line":"                             namespace_proxy_kwargs\u003dproxy_kwargs)"},{"line_number":592,"context_line":""},{"line_number":593,"context_line":"    def get(self, namespace):"},{"line_number":594,"context_line":"        ns \u003d super(MetadefNamespaceRepoProxy, self).get(namespace)"},{"line_number":595,"context_line":"        target \u003d _build_namespace_target(ns)"},{"line_number":596,"context_line":"        self.policy.enforce(self.context, \u0027get_metadef_namespace\u0027, target)"},{"line_number":597,"context_line":"        return ns"}],"source_content_type":"text/x-python","patch_set":21,"id":"fb1b7def_dc196219","line":594,"range":{"start_line":594,"start_character":8,"end_line":594,"end_character":66},"in_reply_to":"642faf0a_92c5811c","updated":"2021-07-23 12:19:02.000000000","message":"No it’s not correct.\nYou are making this change so that your policy should get enforced correctly. If this remains same then your policy will never be enforced for negative scenarios.","commit_id":"559bc00702310f6a1deb12e354265ab1a8436bdb"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"25fc5b65aa9902f4a7aa0c287705c200fcd9ea28","unresolved":true,"context_lines":[{"line_number":591,"context_line":"                             namespace_proxy_kwargs\u003dproxy_kwargs)"},{"line_number":592,"context_line":""},{"line_number":593,"context_line":"    def get(self, namespace):"},{"line_number":594,"context_line":"        ns \u003d super(MetadefNamespaceRepoProxy, self).get(namespace)"},{"line_number":595,"context_line":"        target \u003d _build_namespace_target(ns)"},{"line_number":596,"context_line":"        self.policy.enforce(self.context, \u0027get_metadef_namespace\u0027, target)"},{"line_number":597,"context_line":"        return ns"}],"source_content_type":"text/x-python","patch_set":21,"id":"e0cd4c9b_c3d4238e","line":594,"range":{"start_line":594,"start_character":8,"end_line":594,"end_character":66},"in_reply_to":"89a3d273_975cac26","updated":"2021-07-23 09:53:47.000000000","message":"I think initially we were getting NotFound here from db layer, and after this change[1], the visibility of every resource gets checked and if doesn\u0027t match Forbidden is throw. If i\u0027m not wrong same behavior is with get image as well. I\u0027m confused now about what should be the correct exception needs to raise here.\n\n[1]: https://review.opendev.org/c/openstack/glance/+/801373/3/glance/db/__init__.py","commit_id":"559bc00702310f6a1deb12e354265ab1a8436bdb"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"7d967a4fb5c15400731ff61313f4367f20177f4b","unresolved":true,"context_lines":[{"line_number":591,"context_line":"                             namespace_proxy_kwargs\u003dproxy_kwargs)"},{"line_number":592,"context_line":""},{"line_number":593,"context_line":"    def get(self, namespace):"},{"line_number":594,"context_line":"        ns \u003d super(MetadefNamespaceRepoProxy, self).get(namespace)"},{"line_number":595,"context_line":"        target \u003d _build_namespace_target(ns)"},{"line_number":596,"context_line":"        self.policy.enforce(self.context, \u0027get_metadef_namespace\u0027, target)"},{"line_number":597,"context_line":"        return ns"}],"source_content_type":"text/x-python","patch_set":21,"id":"642faf0a_92c5811c","line":594,"range":{"start_line":594,"start_character":8,"end_line":594,"end_character":66},"in_reply_to":"e0cd4c9b_c3d4238e","updated":"2021-07-23 11:38:55.000000000","message":"IMO, Forbidden is correct at this moment even before policy enforcement. Because the same visibility check has been made before policy enforcement for private namespace of other project, which quite a make sense i think.\nPlease correct me if i\u0027m wrong.","commit_id":"559bc00702310f6a1deb12e354265ab1a8436bdb"},{"author":{"_account_id":8122,"name":"Cyril Roelandt","email":"cyril@redhat.com","username":"cyril.roelandt.enovance"},"change_message_id":"a474da3cb270a8fe653204b76c3a91dd802d5d01","unresolved":true,"context_lines":[{"line_number":600,"context_line":"        # FIXME(pdeore):This is effectively a no-op because we\u0027re setting the"},{"line_number":601,"context_line":"        # target project_id to be the context project_id. The database is what"},{"line_number":602,"context_line":"        # actually filters the response to only include namespaces owned by the"},{"line_number":603,"context_line":"        # context.project_id."},{"line_number":604,"context_line":"        target \u003d {\u0027project_id\u0027: self.context.project_id}"},{"line_number":605,"context_line":"        self.policy.enforce(self.context, \u0027get_metadef_namespaces\u0027, target)"},{"line_number":606,"context_line":"        return super(MetadefNamespaceRepoProxy, self).list(*args, **kwargs)"}],"source_content_type":"text/x-python","patch_set":22,"id":"fdc32589_feacd10f","line":603,"range":{"start_line":603,"start_character":0,"end_line":603,"end_character":29},"updated":"2021-07-26 20:57:30.000000000","message":"So, what do we need to fix this?","commit_id":"00e10264d9c3f98698e43478f9f808c7dd6576cc"},{"author":{"_account_id":8122,"name":"Cyril Roelandt","email":"cyril@redhat.com","username":"cyril.roelandt.enovance"},"change_message_id":"0c440a76283bec60aa5a47d1306bf67b7a26605b","unresolved":true,"context_lines":[{"line_number":600,"context_line":"        # FIXME(pdeore):This is effectively a no-op because we\u0027re setting the"},{"line_number":601,"context_line":"        # target project_id to be the context project_id. The database is what"},{"line_number":602,"context_line":"        # actually filters the response to only include namespaces owned by the"},{"line_number":603,"context_line":"        # context.project_id."},{"line_number":604,"context_line":"        target \u003d {\u0027project_id\u0027: self.context.project_id}"},{"line_number":605,"context_line":"        self.policy.enforce(self.context, \u0027get_metadef_namespaces\u0027, target)"},{"line_number":606,"context_line":"        return super(MetadefNamespaceRepoProxy, self).list(*args, **kwargs)"}],"source_content_type":"text/x-python","patch_set":22,"id":"6c217534_9e5ea609","line":603,"range":{"start_line":603,"start_character":0,"end_line":603,"end_character":29},"in_reply_to":"04282c77_acc18764","updated":"2021-07-28 14:02:26.000000000","message":"So I trust this will not change the behaviour to the point of being a backward-compatibility issue for our users?","commit_id":"00e10264d9c3f98698e43478f9f808c7dd6576cc"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"f53b201646f1c7d24cf862b25c8531066eeabf4c","unresolved":true,"context_lines":[{"line_number":600,"context_line":"        # FIXME(pdeore):This is effectively a no-op because we\u0027re setting the"},{"line_number":601,"context_line":"        # target project_id to be the context project_id. The database is what"},{"line_number":602,"context_line":"        # actually filters the response to only include namespaces owned by the"},{"line_number":603,"context_line":"        # context.project_id."},{"line_number":604,"context_line":"        target \u003d {\u0027project_id\u0027: self.context.project_id}"},{"line_number":605,"context_line":"        self.policy.enforce(self.context, \u0027get_metadef_namespaces\u0027, target)"},{"line_number":606,"context_line":"        return super(MetadefNamespaceRepoProxy, self).list(*args, **kwargs)"}],"source_content_type":"text/x-python","patch_set":22,"id":"caa2815b_63647b62","line":603,"range":{"start_line":603,"start_character":0,"end_line":603,"end_character":29},"in_reply_to":"6c217534_9e5ea609","updated":"2021-07-29 11:12:22.000000000","message":"Yes, this strives to maintain backward compatibility.","commit_id":"00e10264d9c3f98698e43478f9f808c7dd6576cc"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"39b44855a6942e37a5b57d37fe441f413835178f","unresolved":true,"context_lines":[{"line_number":600,"context_line":"        # FIXME(pdeore):This is effectively a no-op because we\u0027re setting the"},{"line_number":601,"context_line":"        # target project_id to be the context project_id. The database is what"},{"line_number":602,"context_line":"        # actually filters the response to only include namespaces owned by the"},{"line_number":603,"context_line":"        # context.project_id."},{"line_number":604,"context_line":"        target \u003d {\u0027project_id\u0027: self.context.project_id}"},{"line_number":605,"context_line":"        self.policy.enforce(self.context, \u0027get_metadef_namespaces\u0027, target)"},{"line_number":606,"context_line":"        return super(MetadefNamespaceRepoProxy, self).list(*args, **kwargs)"}],"source_content_type":"text/x-python","patch_set":22,"id":"04282c77_acc18764","line":603,"range":{"start_line":603,"start_character":0,"end_line":603,"end_character":29},"in_reply_to":"fdc32589_feacd10f","updated":"2021-07-27 07:57:06.000000000","message":"May be in future we will work on our db queries and make sure that our policy enforcement actually works as they mean.","commit_id":"00e10264d9c3f98698e43478f9f808c7dd6576cc"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"d50d30a2b44fcfd9df1716e787ced15f204d21c5","unresolved":true,"context_lines":[{"line_number":593,"context_line":"    def get(self, namespace):"},{"line_number":594,"context_line":"        ns \u003d super(MetadefNamespaceRepoProxy, self).get(namespace)"},{"line_number":595,"context_line":"        target \u003d _build_namespace_target(ns)"},{"line_number":596,"context_line":"        self.policy.enforce(self.context, \u0027get_metadef_namespace\u0027, target)"},{"line_number":597,"context_line":"        return ns"},{"line_number":598,"context_line":""},{"line_number":599,"context_line":"    def list(self, *args, **kwargs):"}],"source_content_type":"text/x-python","patch_set":25,"id":"835b97e5_bdd21dd0","line":596,"updated":"2021-07-30 14:19:39.000000000","message":"Similar to my comment on the patch above, this should be a NotFound if the enforce fails, right?","commit_id":"1e7641b0307e98cd5dc688dddca8b148093ff949"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"d914a5723cf366eb0d1a81ee55d437535f7244e7","unresolved":true,"context_lines":[{"line_number":593,"context_line":"    def get(self, namespace):"},{"line_number":594,"context_line":"        ns \u003d super(MetadefNamespaceRepoProxy, self).get(namespace)"},{"line_number":595,"context_line":"        target \u003d _build_namespace_target(ns)"},{"line_number":596,"context_line":"        self.policy.enforce(self.context, \u0027get_metadef_namespace\u0027, target)"},{"line_number":597,"context_line":"        return ns"},{"line_number":598,"context_line":""},{"line_number":599,"context_line":"    def list(self, *args, **kwargs):"}],"source_content_type":"text/x-python","patch_set":25,"id":"23593de2_d62bf881","line":596,"in_reply_to":"835b97e5_bdd21dd0","updated":"2021-07-30 18:07:28.000000000","message":"Yes, right, I will update this in next PS.","commit_id":"1e7641b0307e98cd5dc688dddca8b148093ff949"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"d50d30a2b44fcfd9df1716e787ced15f204d21c5","unresolved":true,"context_lines":[{"line_number":600,"context_line":"        # FIXME(pdeore):This is effectively a no-op because we\u0027re setting the"},{"line_number":601,"context_line":"        # target project_id to be the context project_id. The database is what"},{"line_number":602,"context_line":"        # actually filters the response to only include namespaces owned by the"},{"line_number":603,"context_line":"        # context.project_id."},{"line_number":604,"context_line":"        target \u003d {\u0027project_id\u0027: self.context.project_id}"},{"line_number":605,"context_line":"        self.policy.enforce(self.context, \u0027get_metadef_namespaces\u0027, target)"},{"line_number":606,"context_line":"        return super(MetadefNamespaceRepoProxy, self).list(*args, **kwargs)"}],"source_content_type":"text/x-python","patch_set":25,"id":"8936fb09_860c1145","line":603,"updated":"2021-07-30 14:19:39.000000000","message":"The FIXME is really just that we need to filter the objects that come out of the database by visibility, right? I guess it seems like you\u0027re creating a bug here, because the comment and code here relies on the fact that the database will do the filtering for us. However, you\u0027re also modifying the DB to ignore that check if secure_rbac is enabled. Won\u0027t enabling secure_rbac cause us to see everything out of this API until you filter each through enforce(\u0027get_metadef_namespace\u0027) ?","commit_id":"1e7641b0307e98cd5dc688dddca8b148093ff949"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"d914a5723cf366eb0d1a81ee55d437535f7244e7","unresolved":true,"context_lines":[{"line_number":600,"context_line":"        # FIXME(pdeore):This is effectively a no-op because we\u0027re setting the"},{"line_number":601,"context_line":"        # target project_id to be the context project_id. The database is what"},{"line_number":602,"context_line":"        # actually filters the response to only include namespaces owned by the"},{"line_number":603,"context_line":"        # context.project_id."},{"line_number":604,"context_line":"        target \u003d {\u0027project_id\u0027: self.context.project_id}"},{"line_number":605,"context_line":"        self.policy.enforce(self.context, \u0027get_metadef_namespaces\u0027, target)"},{"line_number":606,"context_line":"        return super(MetadefNamespaceRepoProxy, self).list(*args, **kwargs)"}],"source_content_type":"text/x-python","patch_set":25,"id":"d46b8564_792db983","line":603,"in_reply_to":"8936fb09_860c1145","updated":"2021-07-30 18:07:28.000000000","message":"Yeah totally makes sense... Need to remove this.","commit_id":"1e7641b0307e98cd5dc688dddca8b148093ff949"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"d50d30a2b44fcfd9df1716e787ced15f204d21c5","unresolved":true,"context_lines":[{"line_number":602,"context_line":"        # actually filters the response to only include namespaces owned by the"},{"line_number":603,"context_line":"        # context.project_id."},{"line_number":604,"context_line":"        target \u003d {\u0027project_id\u0027: self.context.project_id}"},{"line_number":605,"context_line":"        self.policy.enforce(self.context, \u0027get_metadef_namespaces\u0027, target)"},{"line_number":606,"context_line":"        return super(MetadefNamespaceRepoProxy, self).list(*args, **kwargs)"},{"line_number":607,"context_line":""},{"line_number":608,"context_line":"    def save(self, namespace):"}],"source_content_type":"text/x-python","patch_set":25,"id":"bab57dfd_f88e647c","line":605,"range":{"start_line":605,"start_character":68,"end_line":605,"end_character":74},"updated":"2021-07-30 14:19:39.000000000","message":"Does it make sense to pass this instead of just an empty dict? If this is an operation with no scope, then a target with a project_id of the caller doesn\u0027t really mean anything, AFAIK. Shouldn\u0027t we just keep the empty dict here?","commit_id":"1e7641b0307e98cd5dc688dddca8b148093ff949"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"d914a5723cf366eb0d1a81ee55d437535f7244e7","unresolved":false,"context_lines":[{"line_number":602,"context_line":"        # actually filters the response to only include namespaces owned by the"},{"line_number":603,"context_line":"        # context.project_id."},{"line_number":604,"context_line":"        target \u003d {\u0027project_id\u0027: self.context.project_id}"},{"line_number":605,"context_line":"        self.policy.enforce(self.context, \u0027get_metadef_namespaces\u0027, target)"},{"line_number":606,"context_line":"        return super(MetadefNamespaceRepoProxy, self).list(*args, **kwargs)"},{"line_number":607,"context_line":""},{"line_number":608,"context_line":"    def save(self, namespace):"}],"source_content_type":"text/x-python","patch_set":25,"id":"eaed7792_55c29150","line":605,"range":{"start_line":605,"start_character":68,"end_line":605,"end_character":74},"in_reply_to":"bab57dfd_f88e647c","updated":"2021-07-30 18:07:28.000000000","message":"Ack","commit_id":"1e7641b0307e98cd5dc688dddca8b148093ff949"}],"glance/db/sqlalchemy/metadef_api/namespace.py":[{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"ce11472eaaf6aa4d9f90d84b30ee7e4eab80a4e5","unresolved":true,"context_lines":[{"line_number":96,"context_line":"    # secure RBAC is not enabled in glance. Once secure RBAC is"},{"line_number":97,"context_line":"    # supported then we can remove this check and solely depend"},{"line_number":98,"context_line":"    # on default rbac policy."},{"line_number":99,"context_line":"    if not CONF.enforce_secure_rbac:"},{"line_number":100,"context_line":"        if not _is_namespace_visible(context, namespace_rec.to_dict()):"},{"line_number":101,"context_line":"            LOG.debug(\"Forbidding request, metadata definition namespace\u003d%s\""},{"line_number":102,"context_line":"                      \" is not visible.\", namespace_rec.namespace)"},{"line_number":103,"context_line":"            emsg \u003d _(\"Forbidding request, metadata definition namespace\u003d%s\""},{"line_number":104,"context_line":"                     \" is not visible.\") % namespace_rec.namespace"},{"line_number":105,"context_line":"            raise exc.MetadefForbidden(emsg)"},{"line_number":106,"context_line":""},{"line_number":107,"context_line":"    return namespace_rec"},{"line_number":108,"context_line":""}],"source_content_type":"text/x-python","patch_set":23,"id":"94a58314_3d88a206","line":105,"range":{"start_line":99,"start_character":4,"end_line":105,"end_character":44},"updated":"2021-07-29 13:57:25.000000000","message":"If respin is required then I guess you can add one more test to cover this change.\nIf not then we can do it in follow up.\n\n\nSorry for not realizing it earlier.","commit_id":"bc401ee5759e4e771ceebe26618e4d69833eca92"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"32298ac920f6605f4e28cc44892a93bc27d15238","unresolved":true,"context_lines":[{"line_number":96,"context_line":"    # secure RBAC is not enabled in glance. Once secure RBAC is"},{"line_number":97,"context_line":"    # supported then we can remove this check and solely depend"},{"line_number":98,"context_line":"    # on default rbac policy."},{"line_number":99,"context_line":"    if not CONF.enforce_secure_rbac:"},{"line_number":100,"context_line":"        if not _is_namespace_visible(context, namespace_rec.to_dict()):"},{"line_number":101,"context_line":"            LOG.debug(\"Forbidding request, metadata definition namespace\u003d%s\""},{"line_number":102,"context_line":"                      \" is not visible.\", namespace_rec.namespace)"},{"line_number":103,"context_line":"            emsg \u003d _(\"Forbidding request, metadata definition namespace\u003d%s\""},{"line_number":104,"context_line":"                     \" is not visible.\") % namespace_rec.namespace"},{"line_number":105,"context_line":"            raise exc.MetadefForbidden(emsg)"},{"line_number":106,"context_line":""},{"line_number":107,"context_line":"    return namespace_rec"},{"line_number":108,"context_line":""}],"source_content_type":"text/x-python","patch_set":23,"id":"d6ba0bc3_ec7cf1be","line":105,"range":{"start_line":99,"start_character":4,"end_line":105,"end_character":44},"in_reply_to":"94a58314_3d88a206","updated":"2021-07-29 16:30:39.000000000","message":"I definitely think we should cover this in the tests, so let\u0027s get it done before merge, IMHO.","commit_id":"bc401ee5759e4e771ceebe26618e4d69833eca92"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"d914a5723cf366eb0d1a81ee55d437535f7244e7","unresolved":false,"context_lines":[{"line_number":96,"context_line":"    # secure RBAC is not enabled in glance. Once secure RBAC is"},{"line_number":97,"context_line":"    # supported then we can remove this check and solely depend"},{"line_number":98,"context_line":"    # on default rbac policy."},{"line_number":99,"context_line":"    if not CONF.enforce_secure_rbac:"},{"line_number":100,"context_line":"        if not _is_namespace_visible(context, namespace_rec.to_dict()):"},{"line_number":101,"context_line":"            LOG.debug(\"Forbidding request, metadata definition namespace\u003d%s\""},{"line_number":102,"context_line":"                      \" is not visible.\", namespace_rec.namespace)"},{"line_number":103,"context_line":"            emsg \u003d _(\"Forbidding request, metadata definition namespace\u003d%s\""},{"line_number":104,"context_line":"                     \" is not visible.\") % namespace_rec.namespace"},{"line_number":105,"context_line":"            raise exc.MetadefForbidden(emsg)"},{"line_number":106,"context_line":""},{"line_number":107,"context_line":"    return namespace_rec"},{"line_number":108,"context_line":""}],"source_content_type":"text/x-python","patch_set":23,"id":"6c1df4e9_85f51353","line":105,"range":{"start_line":99,"start_character":4,"end_line":105,"end_character":44},"in_reply_to":"d6ba0bc3_ec7cf1be","updated":"2021-07-30 18:07:28.000000000","message":"Done","commit_id":"bc401ee5759e4e771ceebe26618e4d69833eca92"}],"glance/policies/base.py":[{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"32298ac920f6605f4e28cc44892a93bc27d15238","unresolved":true,"context_lines":[{"line_number":27,"context_line":"# Check if the visibility of the image supplied in the target matches"},{"line_number":28,"context_line":"# \"community\""},{"line_number":29,"context_line":"COMMUNITY_VISIBILITY_CHECK \u003d \u0027\"community\":%(visibility)s\u0027"},{"line_number":30,"context_line":"# Check if the visibility of the image and namespace supplied in the target"},{"line_number":31,"context_line":"# matches \"public\""},{"line_number":32,"context_line":"PUBLIC_VISIBILITY_CHECK \u003d \u0027\"public\":%(visibility)s\u0027"},{"line_number":33,"context_line":""}],"source_content_type":"text/x-python","patch_set":23,"id":"cad780e5_d8ea57db","line":30,"range":{"start_line":30,"start_character":33,"end_line":30,"end_character":52},"updated":"2021-07-29 16:30:39.000000000","message":"You could just remove this and replace \"image\" with \"thing\" or something :)","commit_id":"bc401ee5759e4e771ceebe26618e4d69833eca92"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"d914a5723cf366eb0d1a81ee55d437535f7244e7","unresolved":false,"context_lines":[{"line_number":27,"context_line":"# Check if the visibility of the image supplied in the target matches"},{"line_number":28,"context_line":"# \"community\""},{"line_number":29,"context_line":"COMMUNITY_VISIBILITY_CHECK \u003d \u0027\"community\":%(visibility)s\u0027"},{"line_number":30,"context_line":"# Check if the visibility of the image and namespace supplied in the target"},{"line_number":31,"context_line":"# matches \"public\""},{"line_number":32,"context_line":"PUBLIC_VISIBILITY_CHECK \u003d \u0027\"public\":%(visibility)s\u0027"},{"line_number":33,"context_line":""}],"source_content_type":"text/x-python","patch_set":23,"id":"edd1cf89_4ccc32b4","line":30,"range":{"start_line":30,"start_character":33,"end_line":30,"end_character":52},"in_reply_to":"cad780e5_d8ea57db","updated":"2021-07-30 18:07:28.000000000","message":"Done","commit_id":"bc401ee5759e4e771ceebe26618e4d69833eca92"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"851e75edc41b36ba15b42553220143231d2abf7d","unresolved":true,"context_lines":[{"line_number":27,"context_line":"# Check if the visibility of the image supplied in the target matches"},{"line_number":28,"context_line":"# \"community\""},{"line_number":29,"context_line":"COMMUNITY_VISIBILITY_CHECK \u003d \u0027\"community\":%(visibility)s\u0027"},{"line_number":30,"context_line":"# Check if the visibility of the image and namespace supplied in the target"},{"line_number":31,"context_line":"# matches \"public\""},{"line_number":32,"context_line":"PUBLIC_VISIBILITY_CHECK \u003d \u0027\"public\":%(visibility)s\u0027"},{"line_number":33,"context_line":""}],"source_content_type":"text/x-python","patch_set":24,"id":"f2269b5c_463b6e97","line":30,"range":{"start_line":30,"start_character":33,"end_line":30,"end_character":52},"updated":"2021-07-30 08:34:10.000000000","message":"As suggested by Dan you can replace image and namespace with \"rsource\" so that in future there is no need to modify this comment if this check is used for checking visibility on any other resource.","commit_id":"71ce920bfad68cfe80be6255960fe90309abdb10"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"d914a5723cf366eb0d1a81ee55d437535f7244e7","unresolved":false,"context_lines":[{"line_number":27,"context_line":"# Check if the visibility of the image supplied in the target matches"},{"line_number":28,"context_line":"# \"community\""},{"line_number":29,"context_line":"COMMUNITY_VISIBILITY_CHECK \u003d \u0027\"community\":%(visibility)s\u0027"},{"line_number":30,"context_line":"# Check if the visibility of the image and namespace supplied in the target"},{"line_number":31,"context_line":"# matches \"public\""},{"line_number":32,"context_line":"PUBLIC_VISIBILITY_CHECK \u003d \u0027\"public\":%(visibility)s\u0027"},{"line_number":33,"context_line":""}],"source_content_type":"text/x-python","patch_set":24,"id":"16e64e1d_88f38b58","line":30,"range":{"start_line":30,"start_character":33,"end_line":30,"end_character":52},"in_reply_to":"f2269b5c_463b6e97","updated":"2021-07-30 18:07:28.000000000","message":"Done","commit_id":"71ce920bfad68cfe80be6255960fe90309abdb10"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"3aa03342505b504574a084743f5a0cf1a2e9b8a8","unresolved":true,"context_lines":[{"line_number":27,"context_line":"# Check if the visibility of the image supplied in the target matches"},{"line_number":28,"context_line":"# \"community\""},{"line_number":29,"context_line":"COMMUNITY_VISIBILITY_CHECK \u003d \u0027\"community\":%(visibility)s\u0027"},{"line_number":30,"context_line":"# Check if the visibility of the resource supplied in the target matches"},{"line_number":31,"context_line":"# \"public\""},{"line_number":32,"context_line":"PUBLIC_VISIBILITY_CHECK \u003d \u0027\"public\":%(visibility)s\u0027"},{"line_number":33,"context_line":"# Check if the visibility of the image supplied in the target matches \"shared\""}],"source_content_type":"text/x-python","patch_set":34,"id":"4cdc5d98_9d3ea8db","line":30,"range":{"start_line":30,"start_character":33,"end_line":30,"end_character":41},"updated":"2021-08-30 16:29:03.000000000","message":"Unrelated change?","commit_id":"81b7942736f52b1b70746dd8aa3de1a59b8ddfed"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"7e66ee3f40039d4faf8da0a8050e3dabbbf0a962","unresolved":false,"context_lines":[{"line_number":27,"context_line":"# Check if the visibility of the image supplied in the target matches"},{"line_number":28,"context_line":"# \"community\""},{"line_number":29,"context_line":"COMMUNITY_VISIBILITY_CHECK \u003d \u0027\"community\":%(visibility)s\u0027"},{"line_number":30,"context_line":"# Check if the visibility of the resource supplied in the target matches"},{"line_number":31,"context_line":"# \"public\""},{"line_number":32,"context_line":"PUBLIC_VISIBILITY_CHECK \u003d \u0027\"public\":%(visibility)s\u0027"},{"line_number":33,"context_line":"# Check if the visibility of the image supplied in the target matches \"shared\""}],"source_content_type":"text/x-python","patch_set":34,"id":"9b0b350a_5d47ecae","line":30,"range":{"start_line":30,"start_character":33,"end_line":30,"end_character":41},"in_reply_to":"3dd5887d_c1ec57be","updated":"2021-08-30 20:46:59.000000000","message":"Nevermind, I was associating this comment to the line above and not the line below. My mistake.","commit_id":"81b7942736f52b1b70746dd8aa3de1a59b8ddfed"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"7a8f1582a0e51d8ed3c4c83da896c205cb15781d","unresolved":true,"context_lines":[{"line_number":27,"context_line":"# Check if the visibility of the image supplied in the target matches"},{"line_number":28,"context_line":"# \"community\""},{"line_number":29,"context_line":"COMMUNITY_VISIBILITY_CHECK \u003d \u0027\"community\":%(visibility)s\u0027"},{"line_number":30,"context_line":"# Check if the visibility of the resource supplied in the target matches"},{"line_number":31,"context_line":"# \"public\""},{"line_number":32,"context_line":"PUBLIC_VISIBILITY_CHECK \u003d \u0027\"public\":%(visibility)s\u0027"},{"line_number":33,"context_line":"# Check if the visibility of the image supplied in the target matches \"shared\""}],"source_content_type":"text/x-python","patch_set":34,"id":"3dd5887d_c1ec57be","line":30,"range":{"start_line":30,"start_character":33,"end_line":30,"end_character":41},"in_reply_to":"4cdc5d98_9d3ea8db","updated":"2021-08-30 16:42:14.000000000","message":"No, now we are using this check for metadef public visibility as well, so just changed it to resource which can be evaluated to image as well as namespace.","commit_id":"81b7942736f52b1b70746dd8aa3de1a59b8ddfed"}],"glance/policies/metadef.py":[{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"d71dc1df6a9582e7d4f15faa8fa070c35d523043","unresolved":true,"context_lines":[{"line_number":20,"context_line":"CONF \u003d cfg.CONF"},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"DEPRECATED_REASON \u003d \"\"\""},{"line_number":23,"context_line":"The metadata API now supports system scope and default roles."},{"line_number":24,"context_line":"\"\"\""},{"line_number":25,"context_line":""},{"line_number":26,"context_line":""}],"source_content_type":"text/x-python","patch_set":5,"id":"b73cf66e_df6ef3b6","line":23,"range":{"start_line":23,"start_character":30,"end_line":23,"end_character":42},"updated":"2021-07-05 14:52:03.000000000","message":"project scope???\nand also it is still experimental in glance.","commit_id":"0e85063b980f20acde50df9495cb0a08a478f86f"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"f5aa1c317793837fcbc78e25c7c0bdd6c1206511","unresolved":true,"context_lines":[{"line_number":39,"context_line":"        deprecated_rule\u003dpolicy.DeprecatedRule("},{"line_number":40,"context_line":"            name\u003d\"get_metadef_namespace\", check_str\u003d\"rule:metadef_default\""},{"line_number":41,"context_line":"        ),"},{"line_number":42,"context_line":"        deprecated_reason\u003dDEPRECATED_REASON,"},{"line_number":43,"context_line":"        deprecated_since\u003dversionutils.deprecated.WALLABY"},{"line_number":44,"context_line":"    ),"},{"line_number":45,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":46,"context_line":"        name\u003d\"get_metadef_namespaces\","}],"source_content_type":"text/x-python","patch_set":5,"id":"fd1697d1_d1639ff0","line":43,"range":{"start_line":42,"start_character":8,"end_line":43,"end_character":56},"updated":"2021-07-05 16:42:33.000000000","message":"As per new format of oslo.policy from 3.7.0 [1] these should be part of policy.DeprecatedRule;\n\nhttps://review.opendev.org/c/openstack/glance/+/799402","commit_id":"0e85063b980f20acde50df9495cb0a08a478f86f"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"3023a0c20936290a105fcfabc8d66246ef5c1eda","unresolved":true,"context_lines":[{"line_number":39,"context_line":"        deprecated_rule\u003dpolicy.DeprecatedRule("},{"line_number":40,"context_line":"            name\u003d\"get_metadef_namespace\", check_str\u003d\"rule:metadef_default\""},{"line_number":41,"context_line":"        ),"},{"line_number":42,"context_line":"        deprecated_reason\u003dDEPRECATED_REASON,"},{"line_number":43,"context_line":"        deprecated_since\u003dversionutils.deprecated.WALLABY"},{"line_number":44,"context_line":"    ),"},{"line_number":45,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":46,"context_line":"        name\u003d\"get_metadef_namespaces\","}],"source_content_type":"text/x-python","patch_set":6,"id":"6810dd0c_e610bc06","line":43,"range":{"start_line":42,"start_character":8,"end_line":43,"end_character":56},"updated":"2021-07-06 13:46:33.000000000","message":"As per my comment on previous patch set, you need to move this to policy.DeprecatedRule at line 39,40","commit_id":"d8f7c75d3146f4c92e473023b4ba4af3ab667107"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"c8e8c8f61099b229bb6f883ac5e5a1446c70cf3e","unresolved":true,"context_lines":[{"line_number":17,"context_line":"from glance.policies import base"},{"line_number":18,"context_line":""},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"CONF \u003d cfg.CONF"},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"DEPRECATED_REASON \u003d \"\"\""},{"line_number":23,"context_line":"The metadata API now supports project scope and default roles."}],"source_content_type":"text/x-python","patch_set":9,"id":"f99ba703_0ec85d68","line":20,"range":{"start_line":20,"start_character":0,"end_line":20,"end_character":15},"updated":"2021-07-12 05:44:21.000000000","message":"Where is this used?","commit_id":"b169b6e00556293743ee2e7b303dc737b5e2769a"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"2e5e57ed8c4a4e6567a6894b8d47db5d3db92ab1","unresolved":true,"context_lines":[{"line_number":17,"context_line":"from glance.policies import base"},{"line_number":18,"context_line":""},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"CONF \u003d cfg.CONF"},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"DEPRECATED_REASON \u003d \"\"\""},{"line_number":23,"context_line":"The metadata API now supports project scope and default roles."}],"source_content_type":"text/x-python","patch_set":9,"id":"766df34f_d923a6cd","line":20,"range":{"start_line":20,"start_character":0,"end_line":20,"end_character":15},"in_reply_to":"f99ba703_0ec85d68","updated":"2021-07-13 09:06:12.000000000","message":"Removed in next patch.","commit_id":"b169b6e00556293743ee2e7b303dc737b5e2769a"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"ca51793dbf4917114c36705c8c17744940818769","unresolved":true,"context_lines":[{"line_number":27,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":28,"context_line":"        name\u003d\"get_metadef_namespace\","},{"line_number":29,"context_line":"        check_str\u003dbase.ADMIN_OR_PROJECT_READER_GET_NAMESPACE,"},{"line_number":30,"context_line":"        scope_types\u003d[\u0027system\u0027, \u0027project\u0027],"},{"line_number":31,"context_line":"        description\u003d\"Get a specific namespace.\","},{"line_number":32,"context_line":"        operations\u003d["},{"line_number":33,"context_line":"            {\u0027path\u0027: \u0027/v2/metadefs/namespaces/{namespace_name}\u0027,"}],"source_content_type":"text/x-python","patch_set":29,"id":"1f71ec09_111a754d","line":30,"range":{"start_line":30,"start_character":22,"end_line":30,"end_character":28},"updated":"2021-08-04 20:25:50.000000000","message":"Just to clarify, this won\u0027t be used until system personas are implemented and glance-api.conf [oslo_policy] enforce_scope \u003d True.","commit_id":"f11a7acc95dac464a555cc3f19bbc2a7c20f90d6"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"049ba2bdf9a36cd3207bbf3db9aa03335f39b66a","unresolved":false,"context_lines":[{"line_number":27,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":28,"context_line":"        name\u003d\"get_metadef_namespace\","},{"line_number":29,"context_line":"        check_str\u003dbase.ADMIN_OR_PROJECT_READER_GET_NAMESPACE,"},{"line_number":30,"context_line":"        scope_types\u003d[\u0027system\u0027, \u0027project\u0027],"},{"line_number":31,"context_line":"        description\u003d\"Get a specific namespace.\","},{"line_number":32,"context_line":"        operations\u003d["},{"line_number":33,"context_line":"            {\u0027path\u0027: \u0027/v2/metadefs/namespaces/{namespace_name}\u0027,"}],"source_content_type":"text/x-python","patch_set":29,"id":"5508f290_500dc539","line":30,"range":{"start_line":30,"start_character":22,"end_line":30,"end_character":28},"in_reply_to":"1f71ec09_111a754d","updated":"2021-08-05 04:52:53.000000000","message":"Ack","commit_id":"f11a7acc95dac464a555cc3f19bbc2a7c20f90d6"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"ca51793dbf4917114c36705c8c17744940818769","unresolved":true,"context_lines":[{"line_number":41,"context_line":"    ),"},{"line_number":42,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":43,"context_line":"        name\u003d\"get_metadef_namespaces\","},{"line_number":44,"context_line":"        check_str\u003d\"rule:metadef_default\","},{"line_number":45,"context_line":"        scope_types\u003d[\u0027system\u0027, \u0027project\u0027],"},{"line_number":46,"context_line":"        description\u003d\"List namespace.\","},{"line_number":47,"context_line":"        operations\u003d["}],"source_content_type":"text/x-python","patch_set":29,"id":"cc171e2b_1329b94e","line":44,"range":{"start_line":44,"start_character":19,"end_line":44,"end_character":39},"updated":"2021-08-04 20:25:50.000000000","message":"This is going to default to open still?","commit_id":"f11a7acc95dac464a555cc3f19bbc2a7c20f90d6"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"89dd63a0a7e0f08b5dec92b38fdd167bacfca014","unresolved":false,"context_lines":[{"line_number":41,"context_line":"    ),"},{"line_number":42,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":43,"context_line":"        name\u003d\"get_metadef_namespaces\","},{"line_number":44,"context_line":"        check_str\u003d\"rule:metadef_default\","},{"line_number":45,"context_line":"        scope_types\u003d[\u0027system\u0027, \u0027project\u0027],"},{"line_number":46,"context_line":"        description\u003d\"List namespace.\","},{"line_number":47,"context_line":"        operations\u003d["}],"source_content_type":"text/x-python","patch_set":29,"id":"042e799f_d3407568","line":44,"range":{"start_line":44,"start_character":19,"end_line":44,"end_character":39},"in_reply_to":"828c9dd6_5ee8ac10","updated":"2021-08-05 20:59:45.000000000","message":"Ack","commit_id":"f11a7acc95dac464a555cc3f19bbc2a7c20f90d6"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"bcc2872c679d7cf18606c4d0b916af4476480785","unresolved":true,"context_lines":[{"line_number":41,"context_line":"    ),"},{"line_number":42,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":43,"context_line":"        name\u003d\"get_metadef_namespaces\","},{"line_number":44,"context_line":"        check_str\u003d\"rule:metadef_default\","},{"line_number":45,"context_line":"        scope_types\u003d[\u0027system\u0027, \u0027project\u0027],"},{"line_number":46,"context_line":"        description\u003d\"List namespace.\","},{"line_number":47,"context_line":"        operations\u003d["}],"source_content_type":"text/x-python","patch_set":29,"id":"828c9dd6_5ee8ac10","line":44,"range":{"start_line":44,"start_character":19,"end_line":44,"end_character":39},"in_reply_to":"cc171e2b_1329b94e","updated":"2021-08-04 20:32:24.000000000","message":"Here I think even though it is open the database query filters the records for us based on visibility and ownership. So adding RBAC rule for this will be just a noop check so we decided to keep it as it is.","commit_id":"f11a7acc95dac464a555cc3f19bbc2a7c20f90d6"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"3aa03342505b504574a084743f5a0cf1a2e9b8a8","unresolved":true,"context_lines":[{"line_number":41,"context_line":"    ),"},{"line_number":42,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":43,"context_line":"        name\u003d\"get_metadef_namespaces\","},{"line_number":44,"context_line":"        check_str\u003d\"rule:metadef_default\","},{"line_number":45,"context_line":"        scope_types\u003d[\u0027system\u0027, \u0027project\u0027],"},{"line_number":46,"context_line":"        description\u003d\"List namespace.\","},{"line_number":47,"context_line":"        operations\u003d["}],"source_content_type":"text/x-python","patch_set":34,"id":"16041764_0b024d81","line":44,"updated":"2021-08-30 16:29:03.000000000","message":"I think we also need to update this to include the policy from line 29, right?","commit_id":"81b7942736f52b1b70746dd8aa3de1a59b8ddfed"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"7a8f1582a0e51d8ed3c4c83da896c205cb15781d","unresolved":true,"context_lines":[{"line_number":41,"context_line":"    ),"},{"line_number":42,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":43,"context_line":"        name\u003d\"get_metadef_namespaces\","},{"line_number":44,"context_line":"        check_str\u003d\"rule:metadef_default\","},{"line_number":45,"context_line":"        scope_types\u003d[\u0027system\u0027, \u0027project\u0027],"},{"line_number":46,"context_line":"        description\u003d\"List namespace.\","},{"line_number":47,"context_line":"        operations\u003d["}],"source_content_type":"text/x-python","patch_set":34,"id":"da3faf30_1db46f32","line":44,"in_reply_to":"16041764_0b024d81","updated":"2021-08-30 16:42:14.000000000","message":"I think reason for reverting this is the db call return us valid result making this policy check as noop.","commit_id":"81b7942736f52b1b70746dd8aa3de1a59b8ddfed"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"89096c0d3f3b649e36edad690bf372b8ad0762ca","unresolved":true,"context_lines":[{"line_number":41,"context_line":"    ),"},{"line_number":42,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":43,"context_line":"        name\u003d\"get_metadef_namespaces\","},{"line_number":44,"context_line":"        check_str\u003d\"rule:metadef_default\","},{"line_number":45,"context_line":"        scope_types\u003d[\u0027system\u0027, \u0027project\u0027],"},{"line_number":46,"context_line":"        description\u003d\"List namespace.\","},{"line_number":47,"context_line":"        operations\u003d["}],"source_content_type":"text/x-python","patch_set":34,"id":"fc5cd0e4_ab188e58","line":44,"in_reply_to":"da3faf30_1db46f32","updated":"2021-08-30 17:06:00.000000000","message":"Yep, change it to\nbase.ADMIN_OR_PROJECT_READER","commit_id":"81b7942736f52b1b70746dd8aa3de1a59b8ddfed"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"02e22c5ec9968be05fef413292565a829a92ab0e","unresolved":false,"context_lines":[{"line_number":41,"context_line":"    ),"},{"line_number":42,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":43,"context_line":"        name\u003d\"get_metadef_namespaces\","},{"line_number":44,"context_line":"        check_str\u003d\"rule:metadef_default\","},{"line_number":45,"context_line":"        scope_types\u003d[\u0027system\u0027, \u0027project\u0027],"},{"line_number":46,"context_line":"        description\u003d\"List namespace.\","},{"line_number":47,"context_line":"        operations\u003d["}],"source_content_type":"text/x-python","patch_set":34,"id":"6211c00c_f216303f","line":44,"in_reply_to":"fc5cd0e4_ab188e58","updated":"2021-08-30 19:52:28.000000000","message":"Ack","commit_id":"81b7942736f52b1b70746dd8aa3de1a59b8ddfed"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"0798bf539be00a27010fda876754621b94329967","unresolved":true,"context_lines":[{"line_number":36,"context_line":"        deprecated_rule\u003dpolicy.DeprecatedRule("},{"line_number":37,"context_line":"            name\u003d\"get_metadef_namespace\", check_str\u003d\"rule:metadef_default\","},{"line_number":38,"context_line":"            deprecated_reason\u003dDEPRECATED_REASON,"},{"line_number":39,"context_line":"            deprecated_since\u003dversionutils.deprecated.WALLABY"},{"line_number":40,"context_line":"        ),"},{"line_number":41,"context_line":"    ),"},{"line_number":42,"context_line":"    policy.DocumentedRuleDefault("}],"source_content_type":"text/x-python","patch_set":35,"id":"37a9f100_7def44e7","line":39,"range":{"start_line":39,"start_character":53,"end_line":39,"end_character":60},"updated":"2021-08-30 20:49:30.000000000","message":"I think this should be Xena.","commit_id":"70f0ddcf0b327d18097334c6dc827f005a5892c7"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"77ac6fd029c56474bd95cd1cfe8f874a64d1244c","unresolved":false,"context_lines":[{"line_number":36,"context_line":"        deprecated_rule\u003dpolicy.DeprecatedRule("},{"line_number":37,"context_line":"            name\u003d\"get_metadef_namespace\", check_str\u003d\"rule:metadef_default\","},{"line_number":38,"context_line":"            deprecated_reason\u003dDEPRECATED_REASON,"},{"line_number":39,"context_line":"            deprecated_since\u003dversionutils.deprecated.WALLABY"},{"line_number":40,"context_line":"        ),"},{"line_number":41,"context_line":"    ),"},{"line_number":42,"context_line":"    policy.DocumentedRuleDefault("}],"source_content_type":"text/x-python","patch_set":35,"id":"c7f09972_b7d24bc6","line":39,"range":{"start_line":39,"start_character":53,"end_line":39,"end_character":60},"in_reply_to":"37a9f100_7def44e7","updated":"2021-08-31 06:08:54.000000000","message":"Done","commit_id":"70f0ddcf0b327d18097334c6dc827f005a5892c7"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"0798bf539be00a27010fda876754621b94329967","unresolved":true,"context_lines":[{"line_number":51,"context_line":"        deprecated_rule\u003dpolicy.DeprecatedRule("},{"line_number":52,"context_line":"            name\u003d\"get_metadef_namespaces\", check_str\u003d\"rule:metadef_default\","},{"line_number":53,"context_line":"            deprecated_reason\u003dDEPRECATED_REASON,"},{"line_number":54,"context_line":"            deprecated_since\u003dversionutils.deprecated.WALLABY"},{"line_number":55,"context_line":"        ),"},{"line_number":56,"context_line":"    ),"},{"line_number":57,"context_line":"    policy.DocumentedRuleDefault("}],"source_content_type":"text/x-python","patch_set":35,"id":"17bf34cb_2fa1cab3","line":54,"range":{"start_line":54,"start_character":53,"end_line":54,"end_character":60},"updated":"2021-08-30 20:49:30.000000000","message":"I think this should be Xena.","commit_id":"70f0ddcf0b327d18097334c6dc827f005a5892c7"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"77ac6fd029c56474bd95cd1cfe8f874a64d1244c","unresolved":false,"context_lines":[{"line_number":51,"context_line":"        deprecated_rule\u003dpolicy.DeprecatedRule("},{"line_number":52,"context_line":"            name\u003d\"get_metadef_namespaces\", check_str\u003d\"rule:metadef_default\","},{"line_number":53,"context_line":"            deprecated_reason\u003dDEPRECATED_REASON,"},{"line_number":54,"context_line":"            deprecated_since\u003dversionutils.deprecated.WALLABY"},{"line_number":55,"context_line":"        ),"},{"line_number":56,"context_line":"    ),"},{"line_number":57,"context_line":"    policy.DocumentedRuleDefault("}],"source_content_type":"text/x-python","patch_set":35,"id":"aa3b2b65_0c41a55f","line":54,"range":{"start_line":54,"start_character":53,"end_line":54,"end_character":60},"in_reply_to":"17bf34cb_2fa1cab3","updated":"2021-08-31 06:08:54.000000000","message":"Done","commit_id":"70f0ddcf0b327d18097334c6dc827f005a5892c7"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"b8ac8c285d0702620092287f687f9debea6ceb54","unresolved":true,"context_lines":[{"line_number":41,"context_line":"    ),"},{"line_number":42,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":43,"context_line":"        name\u003d\"get_metadef_namespaces\","},{"line_number":44,"context_line":"        check_str\u003dbase.ADMIN_OR_PROJECT_READER,"},{"line_number":45,"context_line":"        scope_types\u003d[\u0027system\u0027, \u0027project\u0027],"},{"line_number":46,"context_line":"        description\u003d\"List namespace.\","},{"line_number":47,"context_line":"        operations\u003d["}],"source_content_type":"text/x-python","patch_set":41,"id":"240e0f93_ed9fbd95","line":44,"updated":"2021-09-02 20:16:28.000000000","message":"And just for my own sanity, here we don\u0027t need the ADMIN_OR_PORJECT_READER_GET_NAMESPACE check because we\u0027re filtering based on get_metadef_namespace anyway after we check that the user can list namespaces?\n\nhttps://github.com/openstack/glance/blob/master/glance/api/v2/metadef_namespaces.py#L70-L73","commit_id":"521e8b23618634e0e167f44589bde28214fc82a8"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"ed6ded3a1c49bd2771051d6d6825ba044830f06a","unresolved":true,"context_lines":[{"line_number":41,"context_line":"    ),"},{"line_number":42,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":43,"context_line":"        name\u003d\"get_metadef_namespaces\","},{"line_number":44,"context_line":"        check_str\u003dbase.ADMIN_OR_PROJECT_READER,"},{"line_number":45,"context_line":"        scope_types\u003d[\u0027system\u0027, \u0027project\u0027],"},{"line_number":46,"context_line":"        description\u003d\"List namespace.\","},{"line_number":47,"context_line":"        operations\u003d["}],"source_content_type":"text/x-python","patch_set":41,"id":"c7b0b08b_2102594e","line":44,"in_reply_to":"240e0f93_ed9fbd95","updated":"2021-09-02 20:55:57.000000000","message":"This actually, but yeah:\n\nhttps://github.com/openstack/glance/blob/master/glance/api/v2/metadef_namespaces.py#L90\n\nThis is inline with one of your comments from last cycle about the list permission being just that: can list, not \"can see any specific item\".","commit_id":"521e8b23618634e0e167f44589bde28214fc82a8"}],"glance/tests/functional/v2/test_metadef_namespaces.py":[{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"7a214c67feb358171cbeb5b8deebb16e46b24f2f","unresolved":true,"context_lines":[{"line_number":127,"context_line":"        self.assertEqual(visibility, namespace[\u0027visibility\u0027])"},{"line_number":128,"context_line":"        self.assertTrue(namespace[\u0027protected\u0027])"},{"line_number":129,"context_line":""},{"line_number":130,"context_line":"    def test_namespace_lifecycle(self):"},{"line_number":131,"context_line":"        # Namespace should not exist"},{"line_number":132,"context_line":"        path \u003d self._url(\u0027/v2/metadefs/namespaces/MyNamespace\u0027)"},{"line_number":133,"context_line":"        response \u003d requests.get(path, headers\u003dself._headers())"}],"source_content_type":"text/x-python","patch_set":12,"id":"b14ce8b8_0057142e","line":130,"range":{"start_line":130,"start_character":4,"end_line":130,"end_character":39},"updated":"2021-07-21 04:59:54.000000000","message":"IMO your lifecycle flow should be like this;\n\n1. Create public namespace for tenant 1\n2. Create private namespace for tenant 1\n3. Check tenant 1 can list and view both the namespaces\n4. Create public namespace for tenant 2\n5. Create private namespace for tenant 2\n6. Check tenant 2 can list and view both the namespaces\n7. Check tenant 1 can now see total 3 namespaces (two of his own and 1 public of tenant 2)\n8. Check tenant 2 can now see total 3 namespaces (two of his own and 1 public of tenant 1)\n\nNOTE in between testing above list and show methods you can check that reader and member role can not be permitted to create/update/delete and deletion of protected namespace.","commit_id":"8e52d1d49339114e414e138e300f19ccfd9731b9"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"25da0c1a2bf8a0feb86011a0e507d71008b974f6","unresolved":true,"context_lines":[{"line_number":170,"context_line":"        # Namespace of TENANT1 should not be visible to TENANT2 with"},{"line_number":171,"context_line":"        # non admin role"},{"line_number":172,"context_line":"        response \u003d requests.get("},{"line_number":173,"context_line":"            namespace_loc_header,"},{"line_number":174,"context_line":"            headers\u003dself._headers({\u0027X-Tenant-Id\u0027: TENANT2,"},{"line_number":175,"context_line":"                                   \u0027X-Roles\u0027: \u0027reader\u0027}))"},{"line_number":176,"context_line":"        self.assertEqual(http.NOT_FOUND, response.status_code)"}],"source_content_type":"text/x-python","patch_set":12,"id":"fc49b2aa_c5b3dec8","line":173,"range":{"start_line":173,"start_character":12,"end_line":173,"end_character":32},"updated":"2021-07-19 15:33:22.000000000","message":"You should define what is the format of namespace_loc_header in the comment, so that others can understand that instead of passing/forming full url you are using location of the metadef namespace as API url.","commit_id":"8e52d1d49339114e414e138e300f19ccfd9731b9"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"bc49af06b4c8f0c50c5e707922aa282d55336de1","unresolved":true,"context_lines":[{"line_number":50,"context_line":"    def _create_namespace(self, path, headers, data,"},{"line_number":51,"context_line":"                          namespace_name, visibility, tenant\u003dTENANT1):"},{"line_number":52,"context_line":"        # Update the header if tenant is not default one"},{"line_number":53,"context_line":"        if tenant !\u003d TENANT1:"},{"line_number":54,"context_line":"            headers \u003d self._headers({\u0027content-type\u0027: \u0027application/json\u0027,"},{"line_number":55,"context_line":"                                     \u0027X-Tenant-Id\u0027: tenant})"},{"line_number":56,"context_line":"        response \u003d requests.post(path, headers\u003dheaders, data\u003ddata)"},{"line_number":57,"context_line":"        self.assertEqual(http.CREATED, response.status_code)"},{"line_number":58,"context_line":""}],"source_content_type":"text/x-python","patch_set":14,"id":"2f4224a3_a3c3fbf9","line":55,"range":{"start_line":53,"start_character":8,"end_line":55,"end_character":60},"updated":"2021-07-21 12:31:15.000000000","message":"instead of doing it here, you can pass it as a custom header to _headers method.","commit_id":"232514c9b37491e4087535137d5ed1d8a95f8167"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"38f054b50fb448e4fa9841fc423d330620017bbe","unresolved":false,"context_lines":[{"line_number":50,"context_line":"    def _create_namespace(self, path, headers, data,"},{"line_number":51,"context_line":"                          namespace_name, visibility, tenant\u003dTENANT1):"},{"line_number":52,"context_line":"        # Update the header if tenant is not default one"},{"line_number":53,"context_line":"        if tenant !\u003d TENANT1:"},{"line_number":54,"context_line":"            headers \u003d self._headers({\u0027content-type\u0027: \u0027application/json\u0027,"},{"line_number":55,"context_line":"                                     \u0027X-Tenant-Id\u0027: tenant})"},{"line_number":56,"context_line":"        response \u003d requests.post(path, headers\u003dheaders, data\u003ddata)"},{"line_number":57,"context_line":"        self.assertEqual(http.CREATED, response.status_code)"},{"line_number":58,"context_line":""}],"source_content_type":"text/x-python","patch_set":14,"id":"65178243_bc4617b8","line":55,"range":{"start_line":53,"start_character":8,"end_line":55,"end_character":60},"in_reply_to":"2f4224a3_a3c3fbf9","updated":"2021-07-21 13:28:01.000000000","message":"Ack","commit_id":"232514c9b37491e4087535137d5ed1d8a95f8167"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"bc49af06b4c8f0c50c5e707922aa282d55336de1","unresolved":true,"context_lines":[{"line_number":161,"context_line":"            \"visibility\": \"private\""},{"line_number":162,"context_line":"        })"},{"line_number":163,"context_line":"        response \u003d self._create_namespace("},{"line_number":164,"context_line":"            path, headers, data, private_namespace_A, \u0027private\u0027)"},{"line_number":165,"context_line":"        private_namespace_A_loc_header \u003d response.headers[\u0027Location\u0027]"},{"line_number":166,"context_line":""},{"line_number":167,"context_line":"        # Check TENANT1 can list and view both the namespaces"}],"source_content_type":"text/x-python","patch_set":14,"id":"31367c2e_76a7ef13","line":164,"range":{"start_line":164,"start_character":33,"end_line":164,"end_character":63},"updated":"2021-07-21 12:31:15.000000000","message":"instead of passing it here again in _create_namespace you can access these values from data, right?\n\nIt creates confusion about why we need it in data as well as separately in same function.","commit_id":"232514c9b37491e4087535137d5ed1d8a95f8167"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"38f054b50fb448e4fa9841fc423d330620017bbe","unresolved":false,"context_lines":[{"line_number":161,"context_line":"            \"visibility\": \"private\""},{"line_number":162,"context_line":"        })"},{"line_number":163,"context_line":"        response \u003d self._create_namespace("},{"line_number":164,"context_line":"            path, headers, data, private_namespace_A, \u0027private\u0027)"},{"line_number":165,"context_line":"        private_namespace_A_loc_header \u003d response.headers[\u0027Location\u0027]"},{"line_number":166,"context_line":""},{"line_number":167,"context_line":"        # Check TENANT1 can list and view both the namespaces"}],"source_content_type":"text/x-python","patch_set":14,"id":"71fca9fd_3460d763","line":164,"range":{"start_line":164,"start_character":33,"end_line":164,"end_character":63},"in_reply_to":"31367c2e_76a7ef13","updated":"2021-07-21 13:28:01.000000000","message":"Done","commit_id":"232514c9b37491e4087535137d5ed1d8a95f8167"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"bc49af06b4c8f0c50c5e707922aa282d55336de1","unresolved":true,"context_lines":[{"line_number":164,"context_line":"            path, headers, data, private_namespace_A, \u0027private\u0027)"},{"line_number":165,"context_line":"        private_namespace_A_loc_header \u003d response.headers[\u0027Location\u0027]"},{"line_number":166,"context_line":""},{"line_number":167,"context_line":"        # Check TENANT1 can list and view both the namespaces"},{"line_number":168,"context_line":"        headers \u003d self._headers({\u0027content-type\u0027: \u0027application/json\u0027,"},{"line_number":169,"context_line":"                                 \u0027X-Roles\u0027: \u0027reader,member\u0027})"},{"line_number":170,"context_line":"        response \u003d requests.get(path, headers\u003dheaders)"}],"source_content_type":"text/x-python","patch_set":14,"id":"2ac0f768_07f73495","line":167,"range":{"start_line":167,"start_character":10,"end_line":167,"end_character":23},"updated":"2021-07-21 12:31:15.000000000","message":"Check user having reader role of Tenant1\n\nSimilarly need to change wherever you have used such comments.","commit_id":"232514c9b37491e4087535137d5ed1d8a95f8167"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"38f054b50fb448e4fa9841fc423d330620017bbe","unresolved":false,"context_lines":[{"line_number":164,"context_line":"            path, headers, data, private_namespace_A, \u0027private\u0027)"},{"line_number":165,"context_line":"        private_namespace_A_loc_header \u003d response.headers[\u0027Location\u0027]"},{"line_number":166,"context_line":""},{"line_number":167,"context_line":"        # Check TENANT1 can list and view both the namespaces"},{"line_number":168,"context_line":"        headers \u003d self._headers({\u0027content-type\u0027: \u0027application/json\u0027,"},{"line_number":169,"context_line":"                                 \u0027X-Roles\u0027: \u0027reader,member\u0027})"},{"line_number":170,"context_line":"        response \u003d requests.get(path, headers\u003dheaders)"}],"source_content_type":"text/x-python","patch_set":14,"id":"a3c927e4_44c31d36","line":167,"range":{"start_line":167,"start_character":10,"end_line":167,"end_character":23},"in_reply_to":"2ac0f768_07f73495","updated":"2021-07-21 13:28:01.000000000","message":"Done","commit_id":"232514c9b37491e4087535137d5ed1d8a95f8167"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"bc49af06b4c8f0c50c5e707922aa282d55336de1","unresolved":true,"context_lines":[{"line_number":208,"context_line":"            \u0027private\u0027, tenant\u003dTENANT2)"},{"line_number":209,"context_line":"        private_namespace_B_loc_header \u003d response.headers[\u0027Location\u0027]"},{"line_number":210,"context_line":""},{"line_number":211,"context_line":"        # Check TENANT2 can list and view both the namespaces and public"},{"line_number":212,"context_line":"        # namespace of TENANT1"},{"line_number":213,"context_line":"        headers \u003d self._headers({\u0027content-type\u0027: \u0027application/json\u0027,"},{"line_number":214,"context_line":"                                 \u0027X-Tenant-Id\u0027: TENANT2,"}],"source_content_type":"text/x-python","patch_set":14,"id":"4e15bc20_3cf6913e","line":211,"range":{"start_line":211,"start_character":8,"end_line":211,"end_character":41},"updated":"2021-07-21 12:31:15.000000000","message":"ditto","commit_id":"232514c9b37491e4087535137d5ed1d8a95f8167"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"38f054b50fb448e4fa9841fc423d330620017bbe","unresolved":false,"context_lines":[{"line_number":208,"context_line":"            \u0027private\u0027, tenant\u003dTENANT2)"},{"line_number":209,"context_line":"        private_namespace_B_loc_header \u003d response.headers[\u0027Location\u0027]"},{"line_number":210,"context_line":""},{"line_number":211,"context_line":"        # Check TENANT2 can list and view both the namespaces and public"},{"line_number":212,"context_line":"        # namespace of TENANT1"},{"line_number":213,"context_line":"        headers \u003d self._headers({\u0027content-type\u0027: \u0027application/json\u0027,"},{"line_number":214,"context_line":"                                 \u0027X-Tenant-Id\u0027: TENANT2,"}],"source_content_type":"text/x-python","patch_set":14,"id":"eb1c5e56_4b9e8c21","line":211,"range":{"start_line":211,"start_character":8,"end_line":211,"end_character":41},"in_reply_to":"4e15bc20_3cf6913e","updated":"2021-07-21 13:28:01.000000000","message":"Done","commit_id":"232514c9b37491e4087535137d5ed1d8a95f8167"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"bc49af06b4c8f0c50c5e707922aa282d55336de1","unresolved":true,"context_lines":[{"line_number":243,"context_line":"        response \u003d requests.post(path, headers\u003dheaders, data\u003ddata)"},{"line_number":244,"context_line":"        self.assertEqual(http.FORBIDDEN, response.status_code)"},{"line_number":245,"context_line":""},{"line_number":246,"context_line":"        # Private namespace of TENANT1 should not be visible to TENANT2 with"},{"line_number":247,"context_line":"        # non admin role"},{"line_number":248,"context_line":"        response \u003d requests.get("},{"line_number":249,"context_line":"            private_namespace_A_loc_header,"},{"line_number":250,"context_line":"            headers\u003dself._headers({\u0027X-Tenant-Id\u0027: TENANT2,"},{"line_number":251,"context_line":"                                   \u0027X-Roles\u0027: \u0027reader,member\u0027}))"},{"line_number":252,"context_line":"        self.assertEqual(http.NOT_FOUND, response.status_code)"},{"line_number":253,"context_line":""},{"line_number":254,"context_line":"        # Update namespace of TENANT1 with \u0027admin\u0027 role"},{"line_number":255,"context_line":"        path \u003d self._url(\u0027/v2/metadefs/namespaces/%s\u0027 % private_namespace_A)"}],"source_content_type":"text/x-python","patch_set":14,"id":"d9b6735c_5c63f051","line":252,"range":{"start_line":246,"start_character":8,"end_line":252,"end_character":62},"updated":"2021-07-21 12:31:15.000000000","message":"Same for Tenant2 to Tenant1","commit_id":"232514c9b37491e4087535137d5ed1d8a95f8167"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"38f054b50fb448e4fa9841fc423d330620017bbe","unresolved":false,"context_lines":[{"line_number":243,"context_line":"        response \u003d requests.post(path, headers\u003dheaders, data\u003ddata)"},{"line_number":244,"context_line":"        self.assertEqual(http.FORBIDDEN, response.status_code)"},{"line_number":245,"context_line":""},{"line_number":246,"context_line":"        # Private namespace of TENANT1 should not be visible to TENANT2 with"},{"line_number":247,"context_line":"        # non admin role"},{"line_number":248,"context_line":"        response \u003d requests.get("},{"line_number":249,"context_line":"            private_namespace_A_loc_header,"},{"line_number":250,"context_line":"            headers\u003dself._headers({\u0027X-Tenant-Id\u0027: TENANT2,"},{"line_number":251,"context_line":"                                   \u0027X-Roles\u0027: \u0027reader,member\u0027}))"},{"line_number":252,"context_line":"        self.assertEqual(http.NOT_FOUND, response.status_code)"},{"line_number":253,"context_line":""},{"line_number":254,"context_line":"        # Update namespace of TENANT1 with \u0027admin\u0027 role"},{"line_number":255,"context_line":"        path \u003d self._url(\u0027/v2/metadefs/namespaces/%s\u0027 % private_namespace_A)"}],"source_content_type":"text/x-python","patch_set":14,"id":"74e84e17_5f24adbe","line":252,"range":{"start_line":246,"start_character":8,"end_line":252,"end_character":62},"in_reply_to":"d9b6735c_5c63f051","updated":"2021-07-21 13:28:01.000000000","message":"Done","commit_id":"232514c9b37491e4087535137d5ed1d8a95f8167"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"fd92722eb7e84d8aff88540b8dbe4df7433a5491","unresolved":true,"context_lines":[{"line_number":87,"context_line":"    def _get_namespace(self, ns_loc_header, namespace_name,"},{"line_number":88,"context_line":"                       visibility, tenant\u003dTENANT1, roles\u003d\u0027admin\u0027):"},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"        headers \u003d self._headers({\u0027X-Tenant-Id\u0027: tenant,"},{"line_number":91,"context_line":"                                 \u0027X-Roles\u0027: roles})"},{"line_number":92,"context_line":""},{"line_number":93,"context_line":"        response \u003d requests.get(ns_loc_header, headers\u003dheaders)"},{"line_number":94,"context_line":"        self.assertEqual(http.OK, response.status_code)"}],"source_content_type":"text/x-python","patch_set":15,"id":"c30b7854_1def6ac7","line":91,"range":{"start_line":90,"start_character":8,"end_line":91,"end_character":51},"updated":"2021-07-21 19:30:52.000000000","message":"you can pass these headers from where you are calling this method.","commit_id":"00d47d780a93ea4e95fdc93930fa1df74b8d1a72"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"d03be4c8b6e8364f74a09fe2f72c336dc4b7d4c2","unresolved":true,"context_lines":[{"line_number":87,"context_line":"    def _get_namespace(self, ns_loc_header, namespace_name,"},{"line_number":88,"context_line":"                       visibility, tenant\u003dTENANT1, roles\u003d\u0027admin\u0027):"},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"        headers \u003d self._headers({\u0027X-Tenant-Id\u0027: tenant,"},{"line_number":91,"context_line":"                                 \u0027X-Roles\u0027: roles})"},{"line_number":92,"context_line":""},{"line_number":93,"context_line":"        response \u003d requests.get(ns_loc_header, headers\u003dheaders)"},{"line_number":94,"context_line":"        self.assertEqual(http.OK, response.status_code)"}],"source_content_type":"text/x-python","patch_set":15,"id":"e2911be3_eda1261c","line":91,"range":{"start_line":90,"start_character":8,"end_line":91,"end_character":51},"in_reply_to":"c30b7854_1def6ac7","updated":"2021-07-22 06:23:03.000000000","message":"ack, will fix this in next patch","commit_id":"00d47d780a93ea4e95fdc93930fa1df74b8d1a72"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"fd92722eb7e84d8aff88540b8dbe4df7433a5491","unresolved":true,"context_lines":[{"line_number":99,"context_line":"        self.assertEqual(visibility, namespace[\u0027visibility\u0027])"},{"line_number":100,"context_line":"        self.assertFalse(namespace[\u0027protected\u0027])"},{"line_number":101,"context_line":""},{"line_number":102,"context_line":"    def _update_namespace(self, path, headers, data, namespace_name,"},{"line_number":103,"context_line":"                          visibility):"},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"        # The namespace should be mutable"},{"line_number":106,"context_line":"        response \u003d requests.put(path, headers\u003dheaders, data\u003ddata)"}],"source_content_type":"text/x-python","patch_set":15,"id":"85b0c66b_84563b98","line":103,"range":{"start_line":102,"start_character":4,"end_line":103,"end_character":38},"updated":"2021-07-21 19:30:52.000000000","message":"ditto","commit_id":"00d47d780a93ea4e95fdc93930fa1df74b8d1a72"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"d03be4c8b6e8364f74a09fe2f72c336dc4b7d4c2","unresolved":true,"context_lines":[{"line_number":99,"context_line":"        self.assertEqual(visibility, namespace[\u0027visibility\u0027])"},{"line_number":100,"context_line":"        self.assertFalse(namespace[\u0027protected\u0027])"},{"line_number":101,"context_line":""},{"line_number":102,"context_line":"    def _update_namespace(self, path, headers, data, namespace_name,"},{"line_number":103,"context_line":"                          visibility):"},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"        # The namespace should be mutable"},{"line_number":106,"context_line":"        response \u003d requests.put(path, headers\u003dheaders, data\u003ddata)"}],"source_content_type":"text/x-python","patch_set":15,"id":"93cc4ec4_73965bd7","line":103,"range":{"start_line":102,"start_character":4,"end_line":103,"end_character":38},"in_reply_to":"85b0c66b_84563b98","updated":"2021-07-22 06:23:03.000000000","message":"here I\u0027m already passing the header where it\u0027s getting called.\nSorry but didn\u0027t get your comment.","commit_id":"00d47d780a93ea4e95fdc93930fa1df74b8d1a72"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"a46369fd519e578479a11e5ae7312b3641dd1021","unresolved":true,"context_lines":[{"line_number":99,"context_line":"        self.assertEqual(visibility, namespace[\u0027visibility\u0027])"},{"line_number":100,"context_line":"        self.assertFalse(namespace[\u0027protected\u0027])"},{"line_number":101,"context_line":""},{"line_number":102,"context_line":"    def _update_namespace(self, path, headers, data, namespace_name,"},{"line_number":103,"context_line":"                          visibility):"},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"        # The namespace should be mutable"},{"line_number":106,"context_line":"        response \u003d requests.put(path, headers\u003dheaders, data\u003ddata)"}],"source_content_type":"text/x-python","patch_set":15,"id":"7920a281_72613364","line":103,"range":{"start_line":102,"start_character":4,"end_line":103,"end_character":38},"in_reply_to":"93cc4ec4_73965bd7","updated":"2021-07-22 06:27:53.000000000","message":"Here I am saying is you already have namespace_name and visibility in data, so no need to pass it as separate arguments.","commit_id":"00d47d780a93ea4e95fdc93930fa1df74b8d1a72"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"ea9329b37077157df905f3c0d0ac4a494b3a6137","unresolved":true,"context_lines":[{"line_number":125,"context_line":"        self.assertEqual(visibility, namespace[\u0027visibility\u0027])"},{"line_number":126,"context_line":"        self.assertTrue(namespace[\u0027protected\u0027])"},{"line_number":127,"context_line":""},{"line_number":128,"context_line":"    def test_namespace_lifecycle(self):"},{"line_number":129,"context_line":"        # Namespace should not exist"},{"line_number":130,"context_line":"        path \u003d self._url(\u0027/v2/metadefs/namespaces/MyNamespace\u0027)"},{"line_number":131,"context_line":"        response \u003d requests.get(path, headers\u003dself._headers())"}],"source_content_type":"text/x-python","patch_set":15,"id":"77f1dcb6_a85b7da7","line":128,"range":{"start_line":128,"start_character":8,"end_line":128,"end_character":32},"updated":"2021-07-22 05:52:59.000000000","message":"also you can avoid making changes to existing test by renaming it to;\ntest_admin_namespace_lifecycle\n\nand create your new test like\ntest_common_namespace_lifecycle (or may be something better name)","commit_id":"00d47d780a93ea4e95fdc93930fa1df74b8d1a72"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"d03be4c8b6e8364f74a09fe2f72c336dc4b7d4c2","unresolved":true,"context_lines":[{"line_number":125,"context_line":"        self.assertEqual(visibility, namespace[\u0027visibility\u0027])"},{"line_number":126,"context_line":"        self.assertTrue(namespace[\u0027protected\u0027])"},{"line_number":127,"context_line":""},{"line_number":128,"context_line":"    def test_namespace_lifecycle(self):"},{"line_number":129,"context_line":"        # Namespace should not exist"},{"line_number":130,"context_line":"        path \u003d self._url(\u0027/v2/metadefs/namespaces/MyNamespace\u0027)"},{"line_number":131,"context_line":"        response \u003d requests.get(path, headers\u003dself._headers())"}],"source_content_type":"text/x-python","patch_set":15,"id":"f15f7913_87f8b069","line":128,"range":{"start_line":128,"start_character":8,"end_line":128,"end_character":32},"in_reply_to":"77f1dcb6_a85b7da7","updated":"2021-07-22 06:23:03.000000000","message":"IMO, there would be few repetition happen if we separate these tests, ex. except all get* calls, all other apis are getting called by admin only. So,all these admin checks will be repeated.\nWhat do you think?","commit_id":"00d47d780a93ea4e95fdc93930fa1df74b8d1a72"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"a46369fd519e578479a11e5ae7312b3641dd1021","unresolved":true,"context_lines":[{"line_number":125,"context_line":"        self.assertEqual(visibility, namespace[\u0027visibility\u0027])"},{"line_number":126,"context_line":"        self.assertTrue(namespace[\u0027protected\u0027])"},{"line_number":127,"context_line":""},{"line_number":128,"context_line":"    def test_namespace_lifecycle(self):"},{"line_number":129,"context_line":"        # Namespace should not exist"},{"line_number":130,"context_line":"        path \u003d self._url(\u0027/v2/metadefs/namespaces/MyNamespace\u0027)"},{"line_number":131,"context_line":"        response \u003d requests.get(path, headers\u003dself._headers())"}],"source_content_type":"text/x-python","patch_set":15,"id":"dbad17ac_835e8f4b","line":128,"range":{"start_line":128,"start_character":8,"end_line":128,"end_character":32},"in_reply_to":"f15f7913_87f8b069","updated":"2021-07-22 06:27:53.000000000","message":"Let it be, I don\u0027t want to get existing test changed for two reasons.\n\n1. If you add new test it will be easier to review as comparing diff will be less\n2. Existing behavior will be intact.","commit_id":"00d47d780a93ea4e95fdc93930fa1df74b8d1a72"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"fd92722eb7e84d8aff88540b8dbe4df7433a5491","unresolved":true,"context_lines":[{"line_number":141,"context_line":"            \"description\": \"My description\","},{"line_number":142,"context_line":"            \"visibility\": \"public\""},{"line_number":143,"context_line":"        })"},{"line_number":144,"context_line":"        response \u003d self._create_namespace("},{"line_number":145,"context_line":"            path, headers, data, public_namespace_A,"},{"line_number":146,"context_line":"            jsonutils.loads(data)[\u0027visibility\u0027])"},{"line_number":147,"context_line":""},{"line_number":148,"context_line":"        # The location header contains"},{"line_number":149,"context_line":"        # \"\u003chttp://127.0.0.1:53293/v2/metadefs/namespaces/\u003cnamespace_name\u003e\u0027"}],"source_content_type":"text/x-python","patch_set":15,"id":"427c2280_6627a07a","line":146,"range":{"start_line":144,"start_character":8,"end_line":146,"end_character":48},"updated":"2021-07-21 19:30:52.000000000","message":"This is not what I expected as per my last comment.\nyou should modify _create_namespace method like below;\n\ndata \u003d {\n    \"namespace\": public_namespace_A,\n    \"display_name\": \"My User Friendly Namespace\",\n    \"description\": \"My description\",\n    \"visibility\": \"public\"\n}\ndef _create_namespace(self, path, headers, data, tenant\u003dTENANT1):\n    json_data \u003d jsonutils.dumps(data)\n    and use visibility, namespace etc from data like data[\u0027visibility\u0027] as required.","commit_id":"00d47d780a93ea4e95fdc93930fa1df74b8d1a72"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"d03be4c8b6e8364f74a09fe2f72c336dc4b7d4c2","unresolved":true,"context_lines":[{"line_number":141,"context_line":"            \"description\": \"My description\","},{"line_number":142,"context_line":"            \"visibility\": \"public\""},{"line_number":143,"context_line":"        })"},{"line_number":144,"context_line":"        response \u003d self._create_namespace("},{"line_number":145,"context_line":"            path, headers, data, public_namespace_A,"},{"line_number":146,"context_line":"            jsonutils.loads(data)[\u0027visibility\u0027])"},{"line_number":147,"context_line":""},{"line_number":148,"context_line":"        # The location header contains"},{"line_number":149,"context_line":"        # \"\u003chttp://127.0.0.1:53293/v2/metadefs/namespaces/\u003cnamespace_name\u003e\u0027"}],"source_content_type":"text/x-python","patch_set":15,"id":"fc127e10_bcf94fb9","line":146,"range":{"start_line":144,"start_character":8,"end_line":146,"end_character":48},"in_reply_to":"427c2280_6627a07a","updated":"2021-07-22 06:23:03.000000000","message":"Ohh ok :) will update this.","commit_id":"00d47d780a93ea4e95fdc93930fa1df74b8d1a72"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"a46369fd519e578479a11e5ae7312b3641dd1021","unresolved":true,"context_lines":[{"line_number":141,"context_line":"            \"description\": \"My description\","},{"line_number":142,"context_line":"            \"visibility\": \"public\""},{"line_number":143,"context_line":"        })"},{"line_number":144,"context_line":"        response \u003d self._create_namespace("},{"line_number":145,"context_line":"            path, headers, data, public_namespace_A,"},{"line_number":146,"context_line":"            jsonutils.loads(data)[\u0027visibility\u0027])"},{"line_number":147,"context_line":""},{"line_number":148,"context_line":"        # The location header contains"},{"line_number":149,"context_line":"        # \"\u003chttp://127.0.0.1:53293/v2/metadefs/namespaces/\u003cnamespace_name\u003e\u0027"}],"source_content_type":"text/x-python","patch_set":15,"id":"45b018d3_579e5d2a","line":146,"range":{"start_line":144,"start_character":8,"end_line":146,"end_character":48},"in_reply_to":"fc127e10_bcf94fb9","updated":"2021-07-22 06:27:53.000000000","message":"As I said there is lot of scope for refactoring!!","commit_id":"00d47d780a93ea4e95fdc93930fa1df74b8d1a72"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"f6fe3403cf1af679997f85603fefa31f0ab6e416","unresolved":true,"context_lines":[{"line_number":47,"context_line":"        base_headers.update(custom_headers or {})"},{"line_number":48,"context_line":"        return base_headers"},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"    def _create_namespace(self, path, headers, data, namespace_name,"},{"line_number":51,"context_line":"                          visibility, tenant\u003dTENANT1):"},{"line_number":52,"context_line":"        json_data \u003d jsonutils.dumps(data)"},{"line_number":53,"context_line":"        response \u003d requests.post(path, headers\u003dheaders, data\u003djson_data)"},{"line_number":54,"context_line":"        self.assertEqual(http.CREATED, response.status_code)"}],"source_content_type":"text/x-python","patch_set":17,"id":"b440427c_56032ee2","line":51,"range":{"start_line":50,"start_character":53,"end_line":51,"end_character":37},"updated":"2021-07-22 07:51:40.000000000","message":"I am saying that you have namespace_name, visibility in a dictionary named data already, so there is no need to pass these parameters separately.\n\nSame goes for _update_namespace as well.","commit_id":"3ec8f75414aeb2e105a66708c3b9d71fef826d5e"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"e310e2e084ade98c31b046b18c3cf00751285419","unresolved":true,"context_lines":[{"line_number":306,"context_line":"        for key, value in expected_namespace.items():"},{"line_number":307,"context_line":"            self.assertEqual(namespace[key], value, key)"},{"line_number":308,"context_line":""},{"line_number":309,"context_line":"    def test_namespace_lifecycle_new(self):"},{"line_number":310,"context_line":"        # Create public and private namespaces for tenant1 and tenant2"},{"line_number":311,"context_line":"        path \u003d self._url(\u0027/v2/metadefs/namespaces\u0027)"},{"line_number":312,"context_line":"        headers \u003d self._headers({\u0027content-type\u0027: \u0027application/json\u0027})"}],"source_content_type":"text/x-python","patch_set":18,"id":"bebbdd9a_1d55156a","line":309,"range":{"start_line":309,"start_character":8,"end_line":309,"end_character":36},"updated":"2021-07-22 08:47:25.000000000","message":"Changed this name in new PS","commit_id":"e843328b5999b0ef091a8ee566587fdd8a6466e8"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"8571f3bbdb2f0a03b24f9515fbb3abe35127db26","unresolved":true,"context_lines":[{"line_number":403,"context_line":"                    \u0027X-Roles\u0027: \u0027reader,member\u0027,"},{"line_number":404,"context_line":"                    \u0027X-Tenant-Id\u0027: namespace[\u0027owner\u0027]"},{"line_number":405,"context_line":"                }))"},{"line_number":406,"context_line":"            if namespace[\u0027visibility\u0027] \u003d\u003d \u0027private\u0027:"},{"line_number":407,"context_line":"                # NOTE(abhishekk): Nested policy check on deletion"},{"line_number":408,"context_line":"                # causes suppression of forbidden to not found at"},{"line_number":409,"context_line":"                # db layer, so skipping check of deletion of private"},{"line_number":410,"context_line":"                # namespaces."},{"line_number":411,"context_line":"                continue"},{"line_number":412,"context_line":"            self.assertEqual(http.FORBIDDEN, response.status_code)"},{"line_number":413,"context_line":""},{"line_number":414,"context_line":"        # Unprotect the namespaces before deletion"},{"line_number":415,"context_line":"        for namespace in total_namepsaces:"}],"source_content_type":"text/x-python","patch_set":19,"id":"86fcd239_d5670f94","line":412,"range":{"start_line":406,"start_character":12,"end_line":412,"end_character":66},"updated":"2021-07-22 09:59:56.000000000","message":"May be until we fix db layer suppression issue, we can have the assert like\nself.assertIn(response.status_code, [404, 403])","commit_id":"07054ae3bf0c679dd0dbe9bd68eed2ed99b4f3b1"},{"author":{"_account_id":8122,"name":"Cyril Roelandt","email":"cyril@redhat.com","username":"cyril.roelandt.enovance"},"change_message_id":"567725e0cf88b2979c018311a27b46ada24c5c41","unresolved":true,"context_lines":[{"line_number":258,"context_line":"            u\u0027protected\u0027,"},{"line_number":259,"context_line":"            u\u0027owner\u0027,"},{"line_number":260,"context_line":"            u\u0027created_at\u0027,"},{"line_number":261,"context_line":"            u\u0027updated_at\u0027"},{"line_number":262,"context_line":"        ])"},{"line_number":263,"context_line":"        self.assertEqual(set(namespace.keys()), checked_keys)"},{"line_number":264,"context_line":"        expected_namespace \u003d {"}],"source_content_type":"text/x-python","patch_set":29,"id":"53b6fa19_f9619b5c","line":261,"range":{"start_line":261,"start_character":0,"end_line":261,"end_character":25},"updated":"2021-08-07 01:03:18.000000000","message":"Can we remove the \"u\u0027\" prefix or is it somehow still needed?","commit_id":"f11a7acc95dac464a555cc3f19bbc2a7c20f90d6"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"aa1b902bc16787b1087dddcd59d0d932ee8e3e05","unresolved":true,"context_lines":[{"line_number":258,"context_line":"            u\u0027protected\u0027,"},{"line_number":259,"context_line":"            u\u0027owner\u0027,"},{"line_number":260,"context_line":"            u\u0027created_at\u0027,"},{"line_number":261,"context_line":"            u\u0027updated_at\u0027"},{"line_number":262,"context_line":"        ])"},{"line_number":263,"context_line":"        self.assertEqual(set(namespace.keys()), checked_keys)"},{"line_number":264,"context_line":"        expected_namespace \u003d {"}],"source_content_type":"text/x-python","patch_set":29,"id":"f90a723f_7e3ddf94","line":261,"range":{"start_line":261,"start_character":0,"end_line":261,"end_character":25},"in_reply_to":"53b6fa19_f9619b5c","updated":"2021-08-08 16:40:14.000000000","message":"+1 good point!","commit_id":"f11a7acc95dac464a555cc3f19bbc2a7c20f90d6"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"c3351ec138b5d7a3dde49f2ac90f85ae5a4e048c","unresolved":false,"context_lines":[{"line_number":258,"context_line":"            u\u0027protected\u0027,"},{"line_number":259,"context_line":"            u\u0027owner\u0027,"},{"line_number":260,"context_line":"            u\u0027created_at\u0027,"},{"line_number":261,"context_line":"            u\u0027updated_at\u0027"},{"line_number":262,"context_line":"        ])"},{"line_number":263,"context_line":"        self.assertEqual(set(namespace.keys()), checked_keys)"},{"line_number":264,"context_line":"        expected_namespace \u003d {"}],"source_content_type":"text/x-python","patch_set":29,"id":"1bed046c_dfdac4f3","line":261,"range":{"start_line":261,"start_character":0,"end_line":261,"end_character":25},"in_reply_to":"f90a723f_7e3ddf94","updated":"2021-08-12 07:44:46.000000000","message":"Done","commit_id":"f11a7acc95dac464a555cc3f19bbc2a7c20f90d6"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"ca51793dbf4917114c36705c8c17744940818769","unresolved":true,"context_lines":[{"line_number":341,"context_line":"            for namespace in namespaces:"},{"line_number":342,"context_line":"                path \u003d self._url("},{"line_number":343,"context_line":"                    \u0027/v2/metadefs/namespaces/%s\u0027 % namespace[\u0027namespace\u0027])"},{"line_number":344,"context_line":"                headers \u003d self._headers({\u0027X-Tenant-Id\u0027: tenant,"},{"line_number":345,"context_line":"                                         \u0027X-Roles\u0027: \u0027reader,member\u0027})"},{"line_number":346,"context_line":"                response \u003d requests.get(path, headers\u003dheaders)"},{"line_number":347,"context_line":"                if namespace[\u0027visibility\u0027] \u003d\u003d \u0027public\u0027:"}],"source_content_type":"text/x-python","patch_set":29,"id":"88f3b7ea_00a96f4c","line":344,"range":{"start_line":344,"start_character":44,"end_line":344,"end_character":50},"updated":"2021-08-04 20:25:50.000000000","message":"I think this works for legacy purposes, but is there any reason to not use X-Project-Id instead?","commit_id":"f11a7acc95dac464a555cc3f19bbc2a7c20f90d6"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"bcc2872c679d7cf18606c4d0b916af4476480785","unresolved":true,"context_lines":[{"line_number":341,"context_line":"            for namespace in namespaces:"},{"line_number":342,"context_line":"                path \u003d self._url("},{"line_number":343,"context_line":"                    \u0027/v2/metadefs/namespaces/%s\u0027 % namespace[\u0027namespace\u0027])"},{"line_number":344,"context_line":"                headers \u003d self._headers({\u0027X-Tenant-Id\u0027: tenant,"},{"line_number":345,"context_line":"                                         \u0027X-Roles\u0027: \u0027reader,member\u0027})"},{"line_number":346,"context_line":"                response \u003d requests.get(path, headers\u003dheaders)"},{"line_number":347,"context_line":"                if namespace[\u0027visibility\u0027] \u003d\u003d \u0027public\u0027:"}],"source_content_type":"text/x-python","patch_set":29,"id":"f9ec6eb5_17495822","line":344,"range":{"start_line":344,"start_character":44,"end_line":344,"end_character":50},"in_reply_to":"88f3b7ea_00a96f4c","updated":"2021-08-04 20:32:24.000000000","message":"Good point.\nI think we should use Project here otherwise this will just add some log warnings in our tests.\n\n\nMay be we should scan our test repo and chagne all at once?","commit_id":"f11a7acc95dac464a555cc3f19bbc2a7c20f90d6"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"89dd63a0a7e0f08b5dec92b38fdd167bacfca014","unresolved":false,"context_lines":[{"line_number":341,"context_line":"            for namespace in namespaces:"},{"line_number":342,"context_line":"                path \u003d self._url("},{"line_number":343,"context_line":"                    \u0027/v2/metadefs/namespaces/%s\u0027 % namespace[\u0027namespace\u0027])"},{"line_number":344,"context_line":"                headers \u003d self._headers({\u0027X-Tenant-Id\u0027: tenant,"},{"line_number":345,"context_line":"                                         \u0027X-Roles\u0027: \u0027reader,member\u0027})"},{"line_number":346,"context_line":"                response \u003d requests.get(path, headers\u003dheaders)"},{"line_number":347,"context_line":"                if namespace[\u0027visibility\u0027] \u003d\u003d \u0027public\u0027:"}],"source_content_type":"text/x-python","patch_set":29,"id":"180bf59e_87507f09","line":344,"range":{"start_line":344,"start_character":44,"end_line":344,"end_character":50},"in_reply_to":"b6157e41_a5b2f85a","updated":"2021-08-05 20:59:45.000000000","message":"A follow up makes sense. Thanks!","commit_id":"f11a7acc95dac464a555cc3f19bbc2a7c20f90d6"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"049ba2bdf9a36cd3207bbf3db9aa03335f39b66a","unresolved":true,"context_lines":[{"line_number":341,"context_line":"            for namespace in namespaces:"},{"line_number":342,"context_line":"                path \u003d self._url("},{"line_number":343,"context_line":"                    \u0027/v2/metadefs/namespaces/%s\u0027 % namespace[\u0027namespace\u0027])"},{"line_number":344,"context_line":"                headers \u003d self._headers({\u0027X-Tenant-Id\u0027: tenant,"},{"line_number":345,"context_line":"                                         \u0027X-Roles\u0027: \u0027reader,member\u0027})"},{"line_number":346,"context_line":"                response \u003d requests.get(path, headers\u003dheaders)"},{"line_number":347,"context_line":"                if namespace[\u0027visibility\u0027] \u003d\u003d \u0027public\u0027:"}],"source_content_type":"text/x-python","patch_set":29,"id":"b6157e41_a5b2f85a","line":344,"range":{"start_line":344,"start_character":44,"end_line":344,"end_character":50},"in_reply_to":"f9ec6eb5_17495822","updated":"2021-08-05 04:52:53.000000000","message":"Yeah, we can replace Tenant with Project, how about fixing it in follow up patch, so that we can address this at other existing tests as Abhishek said?","commit_id":"f11a7acc95dac464a555cc3f19bbc2a7c20f90d6"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"ca51793dbf4917114c36705c8c17744940818769","unresolved":true,"context_lines":[{"line_number":402,"context_line":"        for namespace in total_namepsaces:"},{"line_number":403,"context_line":"            path \u003d self._url("},{"line_number":404,"context_line":"                \u0027/v2/metadefs/namespaces/%s\u0027 % namespace[\u0027namespace\u0027])"},{"line_number":405,"context_line":"            headers \u003d self._headers()"},{"line_number":406,"context_line":"            data \u003d {"},{"line_number":407,"context_line":"                \"namespace\": namespace[\u0027namespace\u0027],"},{"line_number":408,"context_line":"                \"protected\": False,"}],"source_content_type":"text/x-python","patch_set":29,"id":"6b72c8da_220373ff","line":405,"range":{"start_line":405,"start_character":12,"end_line":405,"end_character":19},"updated":"2021-08-04 20:25:50.000000000","message":"Just for my own thought process, these headers appear to be for an administrator since they have the admin role on a project, which is why they work for unprotecting and deleting namespaces outside of TENANT1.","commit_id":"f11a7acc95dac464a555cc3f19bbc2a7c20f90d6"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"c3351ec138b5d7a3dde49f2ac90f85ae5a4e048c","unresolved":false,"context_lines":[{"line_number":402,"context_line":"        for namespace in total_namepsaces:"},{"line_number":403,"context_line":"            path \u003d self._url("},{"line_number":404,"context_line":"                \u0027/v2/metadefs/namespaces/%s\u0027 % namespace[\u0027namespace\u0027])"},{"line_number":405,"context_line":"            headers \u003d self._headers()"},{"line_number":406,"context_line":"            data \u003d {"},{"line_number":407,"context_line":"                \"namespace\": namespace[\u0027namespace\u0027],"},{"line_number":408,"context_line":"                \"protected\": False,"}],"source_content_type":"text/x-python","patch_set":29,"id":"28a925f5_503c193f","line":405,"range":{"start_line":405,"start_character":12,"end_line":405,"end_character":19},"in_reply_to":"6b72c8da_220373ff","updated":"2021-08-12 07:44:46.000000000","message":"Ack","commit_id":"f11a7acc95dac464a555cc3f19bbc2a7c20f90d6"},{"author":{"_account_id":8122,"name":"Cyril Roelandt","email":"cyril@redhat.com","username":"cyril.roelandt.enovance"},"change_message_id":"1a77009dc557f359b1d5494326626a0dd5155c86","unresolved":true,"context_lines":[{"line_number":272,"context_line":"            \"schema\": \"/v2/schemas/metadefs/namespace\""},{"line_number":273,"context_line":"        }"},{"line_number":274,"context_line":"        for key, value in expected_namespace.items():"},{"line_number":275,"context_line":"            self.assertEqual(namespace[key], value, key)"},{"line_number":276,"context_line":""},{"line_number":277,"context_line":"        return namespace"},{"line_number":278,"context_line":""}],"source_content_type":"text/x-python","patch_set":31,"id":"c2ae1f07_70cb2194","line":275,"range":{"start_line":275,"start_character":42,"end_line":275,"end_character":43},"updated":"2021-08-16 21:12:59.000000000","message":"Isn\u0027t this just:\n\nnamespace.pop(\u0027created_at\u0027)\nnamespace.pop(\u0027updated_at\u0027)\nself.assertEqual(namespace, expected_namespace)\"?","commit_id":"d53fb2631a6333dca322cd2d211cd14390d92e0a"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"4d7a3c199749dfddedf5fb721f79a6dc300f7a58","unresolved":true,"context_lines":[{"line_number":361,"context_line":"        _check_namespace_access(tenant1_namespaces, TENANT2)"},{"line_number":362,"context_line":""},{"line_number":363,"context_line":"        # Update namespaces with admin and non admin role"},{"line_number":364,"context_line":"        total_namepsaces \u003d tenant1_namespaces + tenant2_namespaces"},{"line_number":365,"context_line":"        for namespace in total_namepsaces:"},{"line_number":366,"context_line":"            data \u003d {"},{"line_number":367,"context_line":"                \"namespace\": namespace[\u0027namespace\u0027],"}],"source_content_type":"text/x-python","patch_set":36,"id":"4c2c970a_7fa41961","line":364,"range":{"start_line":364,"start_character":8,"end_line":364,"end_character":24},"updated":"2021-08-31 14:33:12.000000000","message":"total_namespaces*","commit_id":"1321baaaea3c50a201ddd78c39d6f9cb8720be24"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"eb8d889dbc0b0000ebfdb358859e4bf49bcd2dae","unresolved":false,"context_lines":[{"line_number":361,"context_line":"        _check_namespace_access(tenant1_namespaces, TENANT2)"},{"line_number":362,"context_line":""},{"line_number":363,"context_line":"        # Update namespaces with admin and non admin role"},{"line_number":364,"context_line":"        total_namepsaces \u003d tenant1_namespaces + tenant2_namespaces"},{"line_number":365,"context_line":"        for namespace in total_namepsaces:"},{"line_number":366,"context_line":"            data \u003d {"},{"line_number":367,"context_line":"                \"namespace\": namespace[\u0027namespace\u0027],"}],"source_content_type":"text/x-python","patch_set":36,"id":"1bdcecfa_fddcda6c","line":364,"range":{"start_line":364,"start_character":8,"end_line":364,"end_character":24},"in_reply_to":"4c2c970a_7fa41961","updated":"2021-08-31 19:39:29.000000000","message":"Done","commit_id":"1321baaaea3c50a201ddd78c39d6f9cb8720be24"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"4d7a3c199749dfddedf5fb721f79a6dc300f7a58","unresolved":true,"context_lines":[{"line_number":390,"context_line":"            response \u003d requests.delete(path, headers\u003dheaders)"},{"line_number":391,"context_line":"            self.assertEqual(http.FORBIDDEN, response.status_code)"},{"line_number":392,"context_line":""},{"line_number":393,"context_line":"        # Deletion should not be allowed for non admin roles"},{"line_number":394,"context_line":"        for namespace in total_namepsaces:"},{"line_number":395,"context_line":"            path \u003d self._url("},{"line_number":396,"context_line":"                \u0027/v2/metadefs/namespaces/%s\u0027 % namespace[\u0027namespace\u0027])"}],"source_content_type":"text/x-python","patch_set":36,"id":"6e8a8463_e108cfbc","line":393,"updated":"2021-08-31 14:33:12.000000000","message":"Is this failing because the users isn\u0027t an admin or because the namespaces are protected?","commit_id":"1321baaaea3c50a201ddd78c39d6f9cb8720be24"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"b572b7645dc809d825c4b222642b3f34a9bad726","unresolved":true,"context_lines":[{"line_number":390,"context_line":"            response \u003d requests.delete(path, headers\u003dheaders)"},{"line_number":391,"context_line":"            self.assertEqual(http.FORBIDDEN, response.status_code)"},{"line_number":392,"context_line":""},{"line_number":393,"context_line":"        # Deletion should not be allowed for non admin roles"},{"line_number":394,"context_line":"        for namespace in total_namepsaces:"},{"line_number":395,"context_line":"            path \u003d self._url("},{"line_number":396,"context_line":"                \u0027/v2/metadefs/namespaces/%s\u0027 % namespace[\u0027namespace\u0027])"}],"source_content_type":"text/x-python","patch_set":36,"id":"93bfb71e_0dd170a7","line":393,"in_reply_to":"6e8a8463_e108cfbc","updated":"2021-08-31 14:58:35.000000000","message":"it is because user is not an admin, but I can see what you are suggesting here.\npranali, please unprotect the namespaces before this check.","commit_id":"1321baaaea3c50a201ddd78c39d6f9cb8720be24"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"326a870a8e9b600756b58d1313d4903fbe888199","unresolved":true,"context_lines":[{"line_number":390,"context_line":"            response \u003d requests.delete(path, headers\u003dheaders)"},{"line_number":391,"context_line":"            self.assertEqual(http.FORBIDDEN, response.status_code)"},{"line_number":392,"context_line":""},{"line_number":393,"context_line":"        # Deletion should not be allowed for non admin roles"},{"line_number":394,"context_line":"        for namespace in total_namepsaces:"},{"line_number":395,"context_line":"            path \u003d self._url("},{"line_number":396,"context_line":"                \u0027/v2/metadefs/namespaces/%s\u0027 % namespace[\u0027namespace\u0027])"}],"source_content_type":"text/x-python","patch_set":36,"id":"dce4a6fb_cf281e73","line":393,"in_reply_to":"93bfb71e_0dd170a7","updated":"2021-08-31 15:24:43.000000000","message":"This is because namespace is protected.\nI think we need another check to see we are getting NotFound if non-admin role tries to delete unprotected namespaces.","commit_id":"1321baaaea3c50a201ddd78c39d6f9cb8720be24"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"eb8d889dbc0b0000ebfdb358859e4bf49bcd2dae","unresolved":false,"context_lines":[{"line_number":390,"context_line":"            response \u003d requests.delete(path, headers\u003dheaders)"},{"line_number":391,"context_line":"            self.assertEqual(http.FORBIDDEN, response.status_code)"},{"line_number":392,"context_line":""},{"line_number":393,"context_line":"        # Deletion should not be allowed for non admin roles"},{"line_number":394,"context_line":"        for namespace in total_namepsaces:"},{"line_number":395,"context_line":"            path \u003d self._url("},{"line_number":396,"context_line":"                \u0027/v2/metadefs/namespaces/%s\u0027 % namespace[\u0027namespace\u0027])"}],"source_content_type":"text/x-python","patch_set":36,"id":"aa40d0f0_fb9f49e9","line":393,"in_reply_to":"dce4a6fb_cf281e73","updated":"2021-08-31 19:39:29.000000000","message":"Done","commit_id":"1321baaaea3c50a201ddd78c39d6f9cb8720be24"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"a693cee6fca4ce6ff3483454c11c6f5bc9b470be","unresolved":true,"context_lines":[{"line_number":260,"context_line":"            \u0027created_at\u0027,"},{"line_number":261,"context_line":"            \u0027updated_at\u0027"},{"line_number":262,"context_line":"        ])"},{"line_number":263,"context_line":"        self.assertEqual(set(namespace.keys()), checked_keys)"},{"line_number":264,"context_line":"        expected_namespace \u003d {"},{"line_number":265,"context_line":"            \"namespace\": data[\u0027namespace\u0027],"},{"line_number":266,"context_line":"            \"display_name\": data[\u0027display_name\u0027],"}],"source_content_type":"text/x-python","patch_set":39,"id":"9872a469_a14a8ffd","line":263,"updated":"2021-09-01 15:46:13.000000000","message":"I think this check is not very useful. You\u0027re checking all the key\u003dvalue items below, with the exception of created_at and updated_at. But, you\u0027re only checking here that those exist, and if they don\u0027t, L274,L275 will fail. So I think this doesn\u0027t add anything other than making this longer.","commit_id":"ab0558960cf4d6562ed60cc91a3ebee2692d4fd5"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"d54562abea7b5f69066348e5c75ea87457ff99a3","unresolved":false,"context_lines":[{"line_number":260,"context_line":"            \u0027created_at\u0027,"},{"line_number":261,"context_line":"            \u0027updated_at\u0027"},{"line_number":262,"context_line":"        ])"},{"line_number":263,"context_line":"        self.assertEqual(set(namespace.keys()), checked_keys)"},{"line_number":264,"context_line":"        expected_namespace \u003d {"},{"line_number":265,"context_line":"            \"namespace\": data[\u0027namespace\u0027],"},{"line_number":266,"context_line":"            \"display_name\": data[\u0027display_name\u0027],"}],"source_content_type":"text/x-python","patch_set":39,"id":"c60c1044_e5d719a7","line":263,"in_reply_to":"9872a469_a14a8ffd","updated":"2021-09-02 09:13:53.000000000","message":"Done","commit_id":"ab0558960cf4d6562ed60cc91a3ebee2692d4fd5"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"a693cee6fca4ce6ff3483454c11c6f5bc9b470be","unresolved":true,"context_lines":[{"line_number":338,"context_line":"            response \u003d requests.get(path, headers\u003dheaders)"},{"line_number":339,"context_line":"            self.assertEqual(http.OK, response.status_code)"},{"line_number":340,"context_line":"            namespaces \u003d response.json()[\u0027namespaces\u0027]"},{"line_number":341,"context_line":"            self.assertEqual(3, len(namespaces))"},{"line_number":342,"context_line":""},{"line_number":343,"context_line":"        def _check_namespace_access(namespaces, tenant):"},{"line_number":344,"context_line":"            for namespace in namespaces:"}],"source_content_type":"text/x-python","patch_set":39,"id":"8cbd7d7e_656dec8a","line":341,"updated":"2021-09-01 15:46:13.000000000","message":"It would probably be better to just check that the list of names is what we expect and not just the count.\n\n self.assertEqual(sorted(x[\u0027namespace\u0027] for x in namespaces),\n                  sorted(x[\u0027namespace\u0027] for x in tenant1_namespaces))\n\nThe above will be easier of you make L327-L330 something like:\n\n tenant_namespaces.setdefault(tenant, list())\n tenant_namespaces[tenant].append(namespace)","commit_id":"ab0558960cf4d6562ed60cc91a3ebee2692d4fd5"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"d54562abea7b5f69066348e5c75ea87457ff99a3","unresolved":true,"context_lines":[{"line_number":338,"context_line":"            response \u003d requests.get(path, headers\u003dheaders)"},{"line_number":339,"context_line":"            self.assertEqual(http.OK, response.status_code)"},{"line_number":340,"context_line":"            namespaces \u003d response.json()[\u0027namespaces\u0027]"},{"line_number":341,"context_line":"            self.assertEqual(3, len(namespaces))"},{"line_number":342,"context_line":""},{"line_number":343,"context_line":"        def _check_namespace_access(namespaces, tenant):"},{"line_number":344,"context_line":"            for namespace in namespaces:"}],"source_content_type":"text/x-python","patch_set":39,"id":"472d5d35_dd2b1b05","line":341,"in_reply_to":"8cbd7d7e_656dec8a","updated":"2021-09-02 09:13:53.000000000","message":"This will require further modification than suggested as we need to validate that each tenant can access 3 namespaces public and private from tenant_namespaces[tenant1] and public namespace from  tenant_namespaces[tenant2].\n\nWhere as with current data structure tenant_namespaces[tenant1] will have only own public and private namespace. \n\nDone it with some additional logic","commit_id":"ab0558960cf4d6562ed60cc91a3ebee2692d4fd5"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"a693cee6fca4ce6ff3483454c11c6f5bc9b470be","unresolved":true,"context_lines":[{"line_number":378,"context_line":"            })"},{"line_number":379,"context_line":"            # Should work with admin role"},{"line_number":380,"context_line":"            headers[\u0027X-Roles\u0027] \u003d \"admin\""},{"line_number":381,"context_line":"            self._update_namespace(path, headers, data)"},{"line_number":382,"context_line":""},{"line_number":383,"context_line":"            # Update namespace should fail with non admin role"},{"line_number":384,"context_line":"            headers[\u0027X-Roles\u0027] \u003d \"reader,member\""}],"source_content_type":"text/x-python","patch_set":39,"id":"55524ec5_08f449bf","line":381,"updated":"2021-09-01 15:46:13.000000000","message":"I would put this at the end. If you\u0027ve already updated your namespace to the above values, then the attempts below could be false positives because none of the values are changing or something like that.","commit_id":"ab0558960cf4d6562ed60cc91a3ebee2692d4fd5"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"d54562abea7b5f69066348e5c75ea87457ff99a3","unresolved":false,"context_lines":[{"line_number":378,"context_line":"            })"},{"line_number":379,"context_line":"            # Should work with admin role"},{"line_number":380,"context_line":"            headers[\u0027X-Roles\u0027] \u003d \"admin\""},{"line_number":381,"context_line":"            self._update_namespace(path, headers, data)"},{"line_number":382,"context_line":""},{"line_number":383,"context_line":"            # Update namespace should fail with non admin role"},{"line_number":384,"context_line":"            headers[\u0027X-Roles\u0027] \u003d \"reader,member\""}],"source_content_type":"text/x-python","patch_set":39,"id":"cbcc493d_a804955f","line":381,"in_reply_to":"55524ec5_08f449bf","updated":"2021-09-02 09:13:53.000000000","message":"Done","commit_id":"ab0558960cf4d6562ed60cc91a3ebee2692d4fd5"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"16d24e919027bc7961cde7ba8bdcd826451420cd","unresolved":true,"context_lines":[{"line_number":345,"context_line":"            for namespace in namespaces:"},{"line_number":346,"context_line":"                path \u003d self._url("},{"line_number":347,"context_line":"                    \u0027/v2/metadefs/namespaces/%s\u0027 % namespace[\u0027namespace\u0027])"},{"line_number":348,"context_line":"                headers \u003d self._headers({\u0027X-Tenant-Id\u0027: tenant,"},{"line_number":349,"context_line":"                                         \u0027X-Roles\u0027: \u0027reader,member\u0027})"},{"line_number":350,"context_line":"                response \u003d requests.get(path, headers\u003dheaders)"},{"line_number":351,"context_line":"                if namespace[\u0027visibility\u0027] \u003d\u003d \u0027public\u0027:"},{"line_number":352,"context_line":"                    self.assertEqual(http.OK, response.status_code)"}],"source_content_type":"text/x-python","patch_set":40,"id":"b4c57ac0_404d41fb","line":349,"range":{"start_line":348,"start_character":16,"end_line":349,"end_character":69},"updated":"2021-09-02 09:33:48.000000000","message":"this also can be moved outside for loop at lone #345 to avoid multiple calls with same return values.","commit_id":"80cfad4a677434638fadd65fcab808db70954a50"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"dbc316a517706ba44f94f9673020ff0f70d71aa2","unresolved":false,"context_lines":[{"line_number":345,"context_line":"            for namespace in namespaces:"},{"line_number":346,"context_line":"                path \u003d self._url("},{"line_number":347,"context_line":"                    \u0027/v2/metadefs/namespaces/%s\u0027 % namespace[\u0027namespace\u0027])"},{"line_number":348,"context_line":"                headers \u003d self._headers({\u0027X-Tenant-Id\u0027: tenant,"},{"line_number":349,"context_line":"                                         \u0027X-Roles\u0027: \u0027reader,member\u0027})"},{"line_number":350,"context_line":"                response \u003d requests.get(path, headers\u003dheaders)"},{"line_number":351,"context_line":"                if namespace[\u0027visibility\u0027] \u003d\u003d \u0027public\u0027:"},{"line_number":352,"context_line":"                    self.assertEqual(http.OK, response.status_code)"}],"source_content_type":"text/x-python","patch_set":40,"id":"1940d3da_8e54d14d","line":349,"range":{"start_line":348,"start_character":16,"end_line":349,"end_character":69},"in_reply_to":"b4c57ac0_404d41fb","updated":"2021-09-02 12:17:16.000000000","message":"Done","commit_id":"80cfad4a677434638fadd65fcab808db70954a50"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"16d24e919027bc7961cde7ba8bdcd826451420cd","unresolved":true,"context_lines":[{"line_number":406,"context_line":"        for namespace in total_ns:"},{"line_number":407,"context_line":"            path \u003d self._url("},{"line_number":408,"context_line":"                \u0027/v2/metadefs/namespaces/%s\u0027 % namespace[\u0027namespace\u0027])"},{"line_number":409,"context_line":"            headers \u003d self._headers()"},{"line_number":410,"context_line":"            data \u003d {"},{"line_number":411,"context_line":"                \"namespace\": namespace[\u0027namespace\u0027],"},{"line_number":412,"context_line":"                \"protected\": False,"}],"source_content_type":"text/x-python","patch_set":40,"id":"ee60c128_d89cf164","line":409,"range":{"start_line":409,"start_character":12,"end_line":409,"end_character":37},"updated":"2021-09-02 09:33:48.000000000","message":"ditto","commit_id":"80cfad4a677434638fadd65fcab808db70954a50"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"dbc316a517706ba44f94f9673020ff0f70d71aa2","unresolved":false,"context_lines":[{"line_number":406,"context_line":"        for namespace in total_ns:"},{"line_number":407,"context_line":"            path \u003d self._url("},{"line_number":408,"context_line":"                \u0027/v2/metadefs/namespaces/%s\u0027 % namespace[\u0027namespace\u0027])"},{"line_number":409,"context_line":"            headers \u003d self._headers()"},{"line_number":410,"context_line":"            data \u003d {"},{"line_number":411,"context_line":"                \"namespace\": namespace[\u0027namespace\u0027],"},{"line_number":412,"context_line":"                \"protected\": False,"}],"source_content_type":"text/x-python","patch_set":40,"id":"1bfc5568_e3e7a2aa","line":409,"range":{"start_line":409,"start_character":12,"end_line":409,"end_character":37},"in_reply_to":"ee60c128_d89cf164","updated":"2021-09-02 12:17:16.000000000","message":"Done","commit_id":"80cfad4a677434638fadd65fcab808db70954a50"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"16d24e919027bc7961cde7ba8bdcd826451420cd","unresolved":true,"context_lines":[{"line_number":416,"context_line":""},{"line_number":417,"context_line":"        # Get updated namespace set again"},{"line_number":418,"context_line":"        path \u003d self._url(\u0027/v2/metadefs/namespaces\u0027)"},{"line_number":419,"context_line":"        response \u003d requests.get(path, headers\u003dself._headers())"},{"line_number":420,"context_line":"        self.assertEqual(http.OK, response.status_code)"},{"line_number":421,"context_line":"        self.assertFalse(namespace[\u0027protected\u0027])"},{"line_number":422,"context_line":"        namespaces \u003d response.json()[\u0027namespaces\u0027]"}],"source_content_type":"text/x-python","patch_set":40,"id":"34f0906d_fdea1847","line":419,"range":{"start_line":419,"start_character":47,"end_line":419,"end_character":61},"updated":"2021-09-02 09:33:48.000000000","message":"can use header which we are going to move in above comment than creating new heasaders","commit_id":"80cfad4a677434638fadd65fcab808db70954a50"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"dbc316a517706ba44f94f9673020ff0f70d71aa2","unresolved":false,"context_lines":[{"line_number":416,"context_line":""},{"line_number":417,"context_line":"        # Get updated namespace set again"},{"line_number":418,"context_line":"        path \u003d self._url(\u0027/v2/metadefs/namespaces\u0027)"},{"line_number":419,"context_line":"        response \u003d requests.get(path, headers\u003dself._headers())"},{"line_number":420,"context_line":"        self.assertEqual(http.OK, response.status_code)"},{"line_number":421,"context_line":"        self.assertFalse(namespace[\u0027protected\u0027])"},{"line_number":422,"context_line":"        namespaces \u003d response.json()[\u0027namespaces\u0027]"}],"source_content_type":"text/x-python","patch_set":40,"id":"6843125d_d64c3889","line":419,"range":{"start_line":419,"start_character":47,"end_line":419,"end_character":61},"in_reply_to":"34f0906d_fdea1847","updated":"2021-09-02 12:17:16.000000000","message":"Done","commit_id":"80cfad4a677434638fadd65fcab808db70954a50"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"16d24e919027bc7961cde7ba8bdcd826451420cd","unresolved":true,"context_lines":[{"line_number":437,"context_line":"        for namespace in total_ns:"},{"line_number":438,"context_line":"            path \u003d self._url("},{"line_number":439,"context_line":"                \u0027/v2/metadefs/namespaces/%s\u0027 % namespace[\u0027namespace\u0027])"},{"line_number":440,"context_line":"            response \u003d requests.delete(path, headers\u003dself._headers())"},{"line_number":441,"context_line":"            self.assertEqual(http.NO_CONTENT, response.status_code)"},{"line_number":442,"context_line":""},{"line_number":443,"context_line":"            # Deleted namespace should not be returned"}],"source_content_type":"text/x-python","patch_set":40,"id":"2fa97b8b_f06cc14a","line":440,"range":{"start_line":440,"start_character":46,"end_line":440,"end_character":68},"updated":"2021-09-02 09:33:48.000000000","message":"ditto","commit_id":"80cfad4a677434638fadd65fcab808db70954a50"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"dbc316a517706ba44f94f9673020ff0f70d71aa2","unresolved":false,"context_lines":[{"line_number":437,"context_line":"        for namespace in total_ns:"},{"line_number":438,"context_line":"            path \u003d self._url("},{"line_number":439,"context_line":"                \u0027/v2/metadefs/namespaces/%s\u0027 % namespace[\u0027namespace\u0027])"},{"line_number":440,"context_line":"            response \u003d requests.delete(path, headers\u003dself._headers())"},{"line_number":441,"context_line":"            self.assertEqual(http.NO_CONTENT, response.status_code)"},{"line_number":442,"context_line":""},{"line_number":443,"context_line":"            # Deleted namespace should not be returned"}],"source_content_type":"text/x-python","patch_set":40,"id":"10d13aba_82f3f8b7","line":440,"range":{"start_line":440,"start_character":46,"end_line":440,"end_character":68},"in_reply_to":"2fa97b8b_f06cc14a","updated":"2021-09-02 12:17:16.000000000","message":"Done","commit_id":"80cfad4a677434638fadd65fcab808db70954a50"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"16d24e919027bc7961cde7ba8bdcd826451420cd","unresolved":true,"context_lines":[{"line_number":443,"context_line":"            # Deleted namespace should not be returned"},{"line_number":444,"context_line":"            path \u003d self._url("},{"line_number":445,"context_line":"                \u0027/v2/metadefs/namespaces/%s\u0027 % namespace[\u0027namespace\u0027])"},{"line_number":446,"context_line":"            response \u003d requests.get(path, headers\u003dself._headers())"},{"line_number":447,"context_line":"            self.assertEqual(http.NOT_FOUND, response.status_code)"}],"source_content_type":"text/x-python","patch_set":40,"id":"2126b6d6_d9f3f6a2","line":446,"range":{"start_line":446,"start_character":50,"end_line":446,"end_character":65},"updated":"2021-09-02 09:33:48.000000000","message":"instead of redefining we can use above headers which we are going to move outside loop","commit_id":"80cfad4a677434638fadd65fcab808db70954a50"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"dbc316a517706ba44f94f9673020ff0f70d71aa2","unresolved":false,"context_lines":[{"line_number":443,"context_line":"            # Deleted namespace should not be returned"},{"line_number":444,"context_line":"            path \u003d self._url("},{"line_number":445,"context_line":"                \u0027/v2/metadefs/namespaces/%s\u0027 % namespace[\u0027namespace\u0027])"},{"line_number":446,"context_line":"            response \u003d requests.get(path, headers\u003dself._headers())"},{"line_number":447,"context_line":"            self.assertEqual(http.NOT_FOUND, response.status_code)"}],"source_content_type":"text/x-python","patch_set":40,"id":"aaf50dfc_d57a748e","line":446,"range":{"start_line":446,"start_character":50,"end_line":446,"end_character":65},"in_reply_to":"2126b6d6_d9f3f6a2","updated":"2021-09-02 12:17:16.000000000","message":"Done","commit_id":"80cfad4a677434638fadd65fcab808db70954a50"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"fc462f1ff760369a22d6c0e579fea82cfe6d473a","unresolved":true,"context_lines":[{"line_number":328,"context_line":"                expected_namespaces.append("},{"line_number":329,"context_line":"                    tenant_namespaces[TENANT1][0][\u0027namespace\u0027])"},{"line_number":330,"context_line":""},{"line_number":331,"context_line":"            return expected_namespaces"},{"line_number":332,"context_line":""},{"line_number":333,"context_line":"        for tenant in [TENANT1, TENANT2]:"},{"line_number":334,"context_line":"            path \u003d self._url(\u0027/v2/metadefs/namespaces\u0027)"}],"source_content_type":"text/x-python","patch_set":41,"id":"de1b1282_c847e527","line":331,"updated":"2021-09-02 14:06:16.000000000","message":"Okay, I was trying to get us away from having to make these strict if statements, so something like:\n\n expected \u003d [x[\u0027namespace\u0027] for x in tenant_namespaces.values\n             if x[\u0027visibility\u0027] \u003d\u003d \u0027public or x[\u0027owner\u0027] \u003d\u003d tenant]\n\nBut anyway, not that important so don\u0027t change it now  :)","commit_id":"521e8b23618634e0e167f44589bde28214fc82a8"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"fc462f1ff760369a22d6c0e579fea82cfe6d473a","unresolved":true,"context_lines":[{"line_number":384,"context_line":""},{"line_number":385,"context_line":"            # Should work with admin role"},{"line_number":386,"context_line":"            headers[\u0027X-Roles\u0027] \u003d \"admin\""},{"line_number":387,"context_line":"            namespace \u003d self._update_namespace(path, headers, data)"},{"line_number":388,"context_line":""},{"line_number":389,"context_line":"            # Deletion should fail as namespaces are protected now"},{"line_number":390,"context_line":"            path \u003d self._url("}],"source_content_type":"text/x-python","patch_set":41,"id":"d0d29c49_e45bfecb","line":387,"updated":"2021-09-02 14:06:16.000000000","message":"Can/should this not go down below L404? After this is deleted as admin you\u0027re still trying to delete it as a user on L404, which should be forbidden, but also it\u0027s good to make sure the thing you\u0027re trying to delete is actually there right?","commit_id":"521e8b23618634e0e167f44589bde28214fc82a8"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"438fe6daa5fa48e6f66f3b3c1bd62956d91dfe74","unresolved":true,"context_lines":[{"line_number":384,"context_line":""},{"line_number":385,"context_line":"            # Should work with admin role"},{"line_number":386,"context_line":"            headers[\u0027X-Roles\u0027] \u003d \"admin\""},{"line_number":387,"context_line":"            namespace \u003d self._update_namespace(path, headers, data)"},{"line_number":388,"context_line":""},{"line_number":389,"context_line":"            # Deletion should fail as namespaces are protected now"},{"line_number":390,"context_line":"            path \u003d self._url("}],"source_content_type":"text/x-python","patch_set":41,"id":"5395dda0_60fbdc59","line":387,"in_reply_to":"d0d29c49_e45bfecb","updated":"2021-09-02 14:15:21.000000000","message":"Nevermind this, sorry, I was reading this as a delete attempt (which makes no sense)","commit_id":"521e8b23618634e0e167f44589bde28214fc82a8"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"700886eb0164cd09413b9af73b97f6ddaa530947","unresolved":true,"context_lines":[{"line_number":389,"context_line":"            # Deletion should fail as namespaces are protected now"},{"line_number":390,"context_line":"            path \u003d self._url("},{"line_number":391,"context_line":"                \u0027/v2/metadefs/namespaces/%s\u0027 % namespace[\u0027namespace\u0027])"},{"line_number":392,"context_line":"            headers[\u0027X-Roles\u0027] \u003d \"admin\""},{"line_number":393,"context_line":"            response \u003d requests.delete(path, headers\u003dheaders)"},{"line_number":394,"context_line":"            self.assertEqual(http.FORBIDDEN, response.status_code)"},{"line_number":395,"context_line":""}],"source_content_type":"text/x-python","patch_set":41,"id":"91219334_1a42a670","line":392,"updated":"2021-09-02 20:13:11.000000000","message":"Note, we can expand these roles out to be more realistic with what\u0027s going to happen in the wild with keystone role implication relationships:\n\n  headers[\u0027X-Roles\u0027] \u003d \"admin,member,reader\"\n\nBut, we can clean that all up later.","commit_id":"521e8b23618634e0e167f44589bde28214fc82a8"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"700886eb0164cd09413b9af73b97f6ddaa530947","unresolved":true,"context_lines":[{"line_number":424,"context_line":"        namespaces \u003d response.json()[\u0027namespaces\u0027]"},{"line_number":425,"context_line":""},{"line_number":426,"context_line":"        # Verify that deletion is not allowed for unprotected namespaces with"},{"line_number":427,"context_line":"        # non admin role"},{"line_number":428,"context_line":"        for namespace in namespaces:"},{"line_number":429,"context_line":"            path \u003d self._url("},{"line_number":430,"context_line":"                \u0027/v2/metadefs/namespaces/%s\u0027 % namespace[\u0027namespace\u0027])"}],"source_content_type":"text/x-python","patch_set":41,"id":"97735d0a_0a8ce8fe","line":427,"updated":"2021-09-02 20:13:11.000000000","message":"++ thanks for adding this bit","commit_id":"521e8b23618634e0e167f44589bde28214fc82a8"}],"glance/tests/unit/test_policy.py":[{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"456a42cdbe11f04b375c5b8180eac50ccbf48d91","unresolved":true,"context_lines":[{"line_number":167,"context_line":""},{"line_number":168,"context_line":""},{"line_number":169,"context_line":"class MdNamespaceRepoStub(object):"},{"line_number":170,"context_line":""},{"line_number":171,"context_line":"    def add(self, namespace):"},{"line_number":172,"context_line":"        return \u0027mdns_add\u0027"},{"line_number":173,"context_line":""}],"source_content_type":"text/x-python","patch_set":8,"id":"54600c80_a8cb27b5","line":170,"updated":"2021-07-11 10:48:10.000000000","message":"Unnecessary change","commit_id":"0cd7b72fd44aa72e7bed4db9d22a30b4cabdfbfd"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"456a42cdbe11f04b375c5b8180eac50ccbf48d91","unresolved":true,"context_lines":[{"line_number":863,"context_line":"                 \u0027add_metadef_namespace\u0027: False,"},{"line_number":864,"context_line":"                 \u0027delete_metadef_namespace\u0027: False}"},{"line_number":865,"context_line":"        self.policy.set_rules(rules)"},{"line_number":866,"context_line":"        import pdb;pdb.set_trace()"},{"line_number":867,"context_line":"        mdns_repo \u003d glance.api.policy.MetadefNamespaceRepoProxy("},{"line_number":868,"context_line":"            MdNamespaceRepoStub(), {}, self.policy)"},{"line_number":869,"context_line":"        namespace \u003d glance.api.policy.MetadefNamespaceProxy("}],"source_content_type":"text/x-python","patch_set":8,"id":"daaeccc0_5bfd15af","line":866,"updated":"2021-07-11 10:48:10.000000000","message":"I guess you forget to remove this.","commit_id":"0cd7b72fd44aa72e7bed4db9d22a30b4cabdfbfd"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"456a42cdbe11f04b375c5b8180eac50ccbf48d91","unresolved":true,"context_lines":[{"line_number":878,"context_line":"                              glance.api.policy.MetadefNamespaceProxy)"},{"line_number":879,"context_line":""},{"line_number":880,"context_line":"    def test_md_get_namespace_not_allowed(self):"},{"line_number":881,"context_line":"        self.policy.enforce.side_effect \u003d exception.Forbidden"},{"line_number":882,"context_line":"        rules \u003d {\u0027get_metadef_namespace\u0027: True}"},{"line_number":883,"context_line":"        self.policy.set_rules(rules)"},{"line_number":884,"context_line":"        mdns_repo \u003d glance.api.policy.MetadefNamespaceRepoProxy("}],"source_content_type":"text/x-python","patch_set":8,"id":"973bb5ac_a8d3a8ab","line":881,"updated":"2021-07-11 10:48:10.000000000","message":"I think here you are explicitly raising the forbidden, actually it should be raised by enforce method.","commit_id":"0cd7b72fd44aa72e7bed4db9d22a30b4cabdfbfd"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"c8e8c8f61099b229bb6f883ac5e5a1446c70cf3e","unresolved":true,"context_lines":[{"line_number":167,"context_line":""},{"line_number":168,"context_line":""},{"line_number":169,"context_line":"class MdNamespaceRepoStub(object):"},{"line_number":170,"context_line":""},{"line_number":171,"context_line":"    def add(self, namespace):"},{"line_number":172,"context_line":"        return \u0027mdns_add\u0027"},{"line_number":173,"context_line":""}],"source_content_type":"text/x-python","patch_set":9,"id":"e5ec5d90_667c6f64","line":170,"updated":"2021-07-12 05:44:21.000000000","message":"Unnecessary new line","commit_id":"b169b6e00556293743ee2e7b303dc737b5e2769a"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"2e5e57ed8c4a4e6567a6894b8d47db5d3db92ab1","unresolved":false,"context_lines":[{"line_number":167,"context_line":""},{"line_number":168,"context_line":""},{"line_number":169,"context_line":"class MdNamespaceRepoStub(object):"},{"line_number":170,"context_line":""},{"line_number":171,"context_line":"    def add(self, namespace):"},{"line_number":172,"context_line":"        return \u0027mdns_add\u0027"},{"line_number":173,"context_line":""}],"source_content_type":"text/x-python","patch_set":9,"id":"c415aa27_e4e72a44","line":170,"in_reply_to":"e5ec5d90_667c6f64","updated":"2021-07-13 09:06:12.000000000","message":"Done","commit_id":"b169b6e00556293743ee2e7b303dc737b5e2769a"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"c8e8c8f61099b229bb6f883ac5e5a1446c70cf3e","unresolved":true,"context_lines":[{"line_number":845,"context_line":"        super(TestMetadefPolicy, self).setUp()"},{"line_number":846,"context_line":""},{"line_number":847,"context_line":"    def test_md_namespace_not_allowed(self):"},{"line_number":848,"context_line":"        self.policy.enforce.side_effect \u003d exception.Forbidden"},{"line_number":849,"context_line":"        mdns_repo \u003d glance.api.policy.MetadefNamespaceRepoProxy("},{"line_number":850,"context_line":"            MdNamespaceRepoStub(), {}, self.policy)"},{"line_number":851,"context_line":"        namespace \u003d glance.api.policy.MetadefNamespaceProxy("}],"source_content_type":"text/x-python","patch_set":9,"id":"33c3ecf0_2e9e8cd6","line":848,"range":{"start_line":848,"start_character":8,"end_line":848,"end_character":61},"updated":"2021-07-12 05:44:21.000000000","message":"You are explicitly raising Forbidden here, this should be raised by actual enforce method.","commit_id":"b169b6e00556293743ee2e7b303dc737b5e2769a"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"2e5e57ed8c4a4e6567a6894b8d47db5d3db92ab1","unresolved":false,"context_lines":[{"line_number":845,"context_line":"        super(TestMetadefPolicy, self).setUp()"},{"line_number":846,"context_line":""},{"line_number":847,"context_line":"    def test_md_namespace_not_allowed(self):"},{"line_number":848,"context_line":"        self.policy.enforce.side_effect \u003d exception.Forbidden"},{"line_number":849,"context_line":"        mdns_repo \u003d glance.api.policy.MetadefNamespaceRepoProxy("},{"line_number":850,"context_line":"            MdNamespaceRepoStub(), {}, self.policy)"},{"line_number":851,"context_line":"        namespace \u003d glance.api.policy.MetadefNamespaceProxy("}],"source_content_type":"text/x-python","patch_set":9,"id":"dbf2a671_d0c49ffd","line":848,"range":{"start_line":848,"start_character":8,"end_line":848,"end_character":61},"in_reply_to":"33c3ecf0_2e9e8cd6","updated":"2021-07-13 09:06:12.000000000","message":"Done","commit_id":"b169b6e00556293743ee2e7b303dc737b5e2769a"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"c8e8c8f61099b229bb6f883ac5e5a1446c70cf3e","unresolved":true,"context_lines":[{"line_number":862,"context_line":"        mdns_repo.add(namespace)"},{"line_number":863,"context_line":"        mdns_save \u003d mdns_repo.save(namespace)"},{"line_number":864,"context_line":"        self.assertEqual(\u0027mdns_save\u0027, mdns_save.namespace_input)"},{"line_number":865,"context_line":"        self.assertIsInstance(mdns_save,"},{"line_number":866,"context_line":"                              glance.api.policy.MetadefNamespaceProxy)"},{"line_number":867,"context_line":"        mdns_remove \u003d mdns_repo.remove(namespace)"},{"line_number":868,"context_line":"        self.assertIsInstance(mdns_remove,"},{"line_number":869,"context_line":"                              glance.api.policy.MetadefNamespaceProxy)"},{"line_number":870,"context_line":""},{"line_number":871,"context_line":"    def test_md_get_namespace_not_allowed(self):"},{"line_number":872,"context_line":"        self.policy.enforce.side_effect \u003d exception.Forbidden"}],"source_content_type":"text/x-python","patch_set":9,"id":"40b69e9e_8df6c002","line":869,"range":{"start_line":865,"start_character":8,"end_line":869,"end_character":70},"updated":"2021-07-12 05:44:21.000000000","message":"I don\u0027t understand the use of asserting isInstance here, instead you need to check/assert save and remove methods are called.","commit_id":"b169b6e00556293743ee2e7b303dc737b5e2769a"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"2e5e57ed8c4a4e6567a6894b8d47db5d3db92ab1","unresolved":false,"context_lines":[{"line_number":862,"context_line":"        mdns_repo.add(namespace)"},{"line_number":863,"context_line":"        mdns_save \u003d mdns_repo.save(namespace)"},{"line_number":864,"context_line":"        self.assertEqual(\u0027mdns_save\u0027, mdns_save.namespace_input)"},{"line_number":865,"context_line":"        self.assertIsInstance(mdns_save,"},{"line_number":866,"context_line":"                              glance.api.policy.MetadefNamespaceProxy)"},{"line_number":867,"context_line":"        mdns_remove \u003d mdns_repo.remove(namespace)"},{"line_number":868,"context_line":"        self.assertIsInstance(mdns_remove,"},{"line_number":869,"context_line":"                              glance.api.policy.MetadefNamespaceProxy)"},{"line_number":870,"context_line":""},{"line_number":871,"context_line":"    def test_md_get_namespace_not_allowed(self):"},{"line_number":872,"context_line":"        self.policy.enforce.side_effect \u003d exception.Forbidden"}],"source_content_type":"text/x-python","patch_set":9,"id":"19566522_90a5a527","line":869,"range":{"start_line":865,"start_character":8,"end_line":869,"end_character":70},"in_reply_to":"40b69e9e_8df6c002","updated":"2021-07-13 09:06:12.000000000","message":"Ack","commit_id":"b169b6e00556293743ee2e7b303dc737b5e2769a"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"c8e8c8f61099b229bb6f883ac5e5a1446c70cf3e","unresolved":true,"context_lines":[{"line_number":869,"context_line":"                              glance.api.policy.MetadefNamespaceProxy)"},{"line_number":870,"context_line":""},{"line_number":871,"context_line":"    def test_md_get_namespace_not_allowed(self):"},{"line_number":872,"context_line":"        self.policy.enforce.side_effect \u003d exception.Forbidden"},{"line_number":873,"context_line":"        mdns_repo \u003d glance.api.policy.MetadefNamespaceRepoProxy("},{"line_number":874,"context_line":"            MdNamespaceRepoStub(), self.context, self.policy)"},{"line_number":875,"context_line":"        namespace \u003d glance.api.policy.MetadefNamespaceProxy("}],"source_content_type":"text/x-python","patch_set":9,"id":"3c1f0f32_7ac9549c","line":872,"range":{"start_line":872,"start_character":8,"end_line":872,"end_character":61},"updated":"2021-07-12 05:44:21.000000000","message":"ditto","commit_id":"b169b6e00556293743ee2e7b303dc737b5e2769a"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"2e5e57ed8c4a4e6567a6894b8d47db5d3db92ab1","unresolved":false,"context_lines":[{"line_number":869,"context_line":"                              glance.api.policy.MetadefNamespaceProxy)"},{"line_number":870,"context_line":""},{"line_number":871,"context_line":"    def test_md_get_namespace_not_allowed(self):"},{"line_number":872,"context_line":"        self.policy.enforce.side_effect \u003d exception.Forbidden"},{"line_number":873,"context_line":"        mdns_repo \u003d glance.api.policy.MetadefNamespaceRepoProxy("},{"line_number":874,"context_line":"            MdNamespaceRepoStub(), self.context, self.policy)"},{"line_number":875,"context_line":"        namespace \u003d glance.api.policy.MetadefNamespaceProxy("}],"source_content_type":"text/x-python","patch_set":9,"id":"0d96f22c_78827928","line":872,"range":{"start_line":872,"start_character":8,"end_line":872,"end_character":61},"in_reply_to":"3c1f0f32_7ac9549c","updated":"2021-07-13 09:06:12.000000000","message":"Done","commit_id":"b169b6e00556293743ee2e7b303dc737b5e2769a"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"c8e8c8f61099b229bb6f883ac5e5a1446c70cf3e","unresolved":true,"context_lines":[{"line_number":884,"context_line":"        expected_target \u003d {\u0027project_id\u0027: namespace.owner,"},{"line_number":885,"context_line":"                           \u0027visibility\u0027: namespace.visibility}"},{"line_number":886,"context_line":"        mdns \u003d mdns_repo.get(namespace)"},{"line_number":887,"context_line":"        self.assertIsInstance(mdns,"},{"line_number":888,"context_line":"                              glance.api.policy.MetadefNamespaceProxy)"},{"line_number":889,"context_line":"        self.policy.enforce.assert_called_once_with("},{"line_number":890,"context_line":"            self.context, \"get_metadef_namespace\", expected_target)"},{"line_number":891,"context_line":""}],"source_content_type":"text/x-python","patch_set":9,"id":"b3141d6d_526dfdfc","line":888,"range":{"start_line":887,"start_character":9,"end_line":888,"end_character":70},"updated":"2021-07-12 05:44:21.000000000","message":"No need to test/assert this","commit_id":"b169b6e00556293743ee2e7b303dc737b5e2769a"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"2e5e57ed8c4a4e6567a6894b8d47db5d3db92ab1","unresolved":false,"context_lines":[{"line_number":884,"context_line":"        expected_target \u003d {\u0027project_id\u0027: namespace.owner,"},{"line_number":885,"context_line":"                           \u0027visibility\u0027: namespace.visibility}"},{"line_number":886,"context_line":"        mdns \u003d mdns_repo.get(namespace)"},{"line_number":887,"context_line":"        self.assertIsInstance(mdns,"},{"line_number":888,"context_line":"                              glance.api.policy.MetadefNamespaceProxy)"},{"line_number":889,"context_line":"        self.policy.enforce.assert_called_once_with("},{"line_number":890,"context_line":"            self.context, \"get_metadef_namespace\", expected_target)"},{"line_number":891,"context_line":""}],"source_content_type":"text/x-python","patch_set":9,"id":"c4163e1d_91d1a4c8","line":888,"range":{"start_line":887,"start_character":9,"end_line":888,"end_character":70},"in_reply_to":"b3141d6d_526dfdfc","updated":"2021-07-13 09:06:12.000000000","message":"Done","commit_id":"b169b6e00556293743ee2e7b303dc737b5e2769a"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"c8e8c8f61099b229bb6f883ac5e5a1446c70cf3e","unresolved":true,"context_lines":[{"line_number":890,"context_line":"            self.context, \"get_metadef_namespace\", expected_target)"},{"line_number":891,"context_line":""},{"line_number":892,"context_line":"    def test_md_get_namespaces_not_allowed(self):"},{"line_number":893,"context_line":"        self.policy.enforce.side_effect \u003d exception.Forbidden"},{"line_number":894,"context_line":"        mdns_repo \u003d glance.api.policy.MetadefNamespaceRepoProxy("},{"line_number":895,"context_line":"            MdNamespaceRepoStub(), self.context, self.policy)"},{"line_number":896,"context_line":"        namespace \u003d glance.api.policy.MetadefNamespaceProxy("}],"source_content_type":"text/x-python","patch_set":9,"id":"669efd34_10c80801","line":893,"range":{"start_line":893,"start_character":8,"end_line":893,"end_character":61},"updated":"2021-07-12 05:44:21.000000000","message":"ditto","commit_id":"b169b6e00556293743ee2e7b303dc737b5e2769a"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"2e5e57ed8c4a4e6567a6894b8d47db5d3db92ab1","unresolved":false,"context_lines":[{"line_number":890,"context_line":"            self.context, \"get_metadef_namespace\", expected_target)"},{"line_number":891,"context_line":""},{"line_number":892,"context_line":"    def test_md_get_namespaces_not_allowed(self):"},{"line_number":893,"context_line":"        self.policy.enforce.side_effect \u003d exception.Forbidden"},{"line_number":894,"context_line":"        mdns_repo \u003d glance.api.policy.MetadefNamespaceRepoProxy("},{"line_number":895,"context_line":"            MdNamespaceRepoStub(), self.context, self.policy)"},{"line_number":896,"context_line":"        namespace \u003d glance.api.policy.MetadefNamespaceProxy("}],"source_content_type":"text/x-python","patch_set":9,"id":"3e5ff261_d63bc2e7","line":893,"range":{"start_line":893,"start_character":8,"end_line":893,"end_character":61},"in_reply_to":"669efd34_10c80801","updated":"2021-07-13 09:06:12.000000000","message":"Done","commit_id":"b169b6e00556293743ee2e7b303dc737b5e2769a"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"c8e8c8f61099b229bb6f883ac5e5a1446c70cf3e","unresolved":true,"context_lines":[{"line_number":903,"context_line":"        expected_target \u003d {\u0027project_id\u0027: self.context.project_id}"},{"line_number":904,"context_line":"        namespaces \u003d mdns_repo.list()"},{"line_number":905,"context_line":"        for n, namespace in enumerate(namespaces):"},{"line_number":906,"context_line":"            self.assertIsInstance(namespace,"},{"line_number":907,"context_line":"                                  glance.api.policy.MetadefNamespaceProxy)"},{"line_number":908,"context_line":"            self.policy.enforce.assert_called_once_with("},{"line_number":909,"context_line":"                self.context, \"get_metadef_namespaces\", expected_target)"},{"line_number":910,"context_line":""}],"source_content_type":"text/x-python","patch_set":9,"id":"583a5e50_50a2242d","line":907,"range":{"start_line":906,"start_character":12,"end_line":907,"end_character":74},"updated":"2021-07-12 05:44:21.000000000","message":"No need to assert this","commit_id":"b169b6e00556293743ee2e7b303dc737b5e2769a"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"2e5e57ed8c4a4e6567a6894b8d47db5d3db92ab1","unresolved":false,"context_lines":[{"line_number":903,"context_line":"        expected_target \u003d {\u0027project_id\u0027: self.context.project_id}"},{"line_number":904,"context_line":"        namespaces \u003d mdns_repo.list()"},{"line_number":905,"context_line":"        for n, namespace in enumerate(namespaces):"},{"line_number":906,"context_line":"            self.assertIsInstance(namespace,"},{"line_number":907,"context_line":"                                  glance.api.policy.MetadefNamespaceProxy)"},{"line_number":908,"context_line":"            self.policy.enforce.assert_called_once_with("},{"line_number":909,"context_line":"                self.context, \"get_metadef_namespaces\", expected_target)"},{"line_number":910,"context_line":""}],"source_content_type":"text/x-python","patch_set":9,"id":"17ee9c7d_f20de57c","line":907,"range":{"start_line":906,"start_character":12,"end_line":907,"end_character":74},"in_reply_to":"583a5e50_50a2242d","updated":"2021-07-13 09:06:12.000000000","message":"Done","commit_id":"b169b6e00556293743ee2e7b303dc737b5e2769a"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"c8e8c8f61099b229bb6f883ac5e5a1446c70cf3e","unresolved":true,"context_lines":[{"line_number":905,"context_line":"        for n, namespace in enumerate(namespaces):"},{"line_number":906,"context_line":"            self.assertIsInstance(namespace,"},{"line_number":907,"context_line":"                                  glance.api.policy.MetadefNamespaceProxy)"},{"line_number":908,"context_line":"            self.policy.enforce.assert_called_once_with("},{"line_number":909,"context_line":"                self.context, \"get_metadef_namespaces\", expected_target)"},{"line_number":910,"context_line":""},{"line_number":911,"context_line":"    def test_md_object_not_allowed(self):"},{"line_number":912,"context_line":"        self.policy.enforce.side_effect \u003d exception.Forbidden"}],"source_content_type":"text/x-python","patch_set":9,"id":"d09b32d0_ff2ee985","line":909,"range":{"start_line":908,"start_character":12,"end_line":909,"end_character":72},"updated":"2021-07-12 05:44:21.000000000","message":"AFAIK, this policy should be enforced only once.","commit_id":"b169b6e00556293743ee2e7b303dc737b5e2769a"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"2e5e57ed8c4a4e6567a6894b8d47db5d3db92ab1","unresolved":false,"context_lines":[{"line_number":905,"context_line":"        for n, namespace in enumerate(namespaces):"},{"line_number":906,"context_line":"            self.assertIsInstance(namespace,"},{"line_number":907,"context_line":"                                  glance.api.policy.MetadefNamespaceProxy)"},{"line_number":908,"context_line":"            self.policy.enforce.assert_called_once_with("},{"line_number":909,"context_line":"                self.context, \"get_metadef_namespaces\", expected_target)"},{"line_number":910,"context_line":""},{"line_number":911,"context_line":"    def test_md_object_not_allowed(self):"},{"line_number":912,"context_line":"        self.policy.enforce.side_effect \u003d exception.Forbidden"}],"source_content_type":"text/x-python","patch_set":9,"id":"17e2374c_45becc96","line":909,"range":{"start_line":908,"start_character":12,"end_line":909,"end_character":72},"in_reply_to":"d09b32d0_ff2ee985","updated":"2021-07-13 09:06:12.000000000","message":"Done","commit_id":"b169b6e00556293743ee2e7b303dc737b5e2769a"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"c8e8c8f61099b229bb6f883ac5e5a1446c70cf3e","unresolved":true,"context_lines":[{"line_number":909,"context_line":"                self.context, \"get_metadef_namespaces\", expected_target)"},{"line_number":910,"context_line":""},{"line_number":911,"context_line":"    def test_md_object_not_allowed(self):"},{"line_number":912,"context_line":"        self.policy.enforce.side_effect \u003d exception.Forbidden"},{"line_number":913,"context_line":"        mdobj_repo \u003d glance.api.policy.MetadefObjectRepoProxy("},{"line_number":914,"context_line":"            MdObjectRepoStub(), {}, self.policy)"},{"line_number":915,"context_line":"        self.assertRaises(exception.Forbidden, mdobj_repo.add, self.fakeobj)"}],"source_content_type":"text/x-python","patch_set":9,"id":"01d9c5ef_710f6aea","line":912,"range":{"start_line":912,"start_character":8,"end_line":912,"end_character":61},"updated":"2021-07-12 05:44:21.000000000","message":"ditto","commit_id":"b169b6e00556293743ee2e7b303dc737b5e2769a"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"2e5e57ed8c4a4e6567a6894b8d47db5d3db92ab1","unresolved":false,"context_lines":[{"line_number":909,"context_line":"                self.context, \"get_metadef_namespaces\", expected_target)"},{"line_number":910,"context_line":""},{"line_number":911,"context_line":"    def test_md_object_not_allowed(self):"},{"line_number":912,"context_line":"        self.policy.enforce.side_effect \u003d exception.Forbidden"},{"line_number":913,"context_line":"        mdobj_repo \u003d glance.api.policy.MetadefObjectRepoProxy("},{"line_number":914,"context_line":"            MdObjectRepoStub(), {}, self.policy)"},{"line_number":915,"context_line":"        self.assertRaises(exception.Forbidden, mdobj_repo.add, self.fakeobj)"}],"source_content_type":"text/x-python","patch_set":9,"id":"b4e66b1c_f5b6b6de","line":912,"range":{"start_line":912,"start_character":8,"end_line":912,"end_character":61},"in_reply_to":"01d9c5ef_710f6aea","updated":"2021-07-13 09:06:12.000000000","message":"Done","commit_id":"b169b6e00556293743ee2e7b303dc737b5e2769a"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"c8e8c8f61099b229bb6f883ac5e5a1446c70cf3e","unresolved":true,"context_lines":[{"line_number":933,"context_line":"                         mdobj_repo.remove(self.fakeobj).meta_object)"},{"line_number":934,"context_line":""},{"line_number":935,"context_line":"    def test_md_resource_type_not_allowed(self):"},{"line_number":936,"context_line":"        self.policy.enforce.side_effect \u003d exception.Forbidden"},{"line_number":937,"context_line":"        mdrt_repo \u003d glance.api.policy.MetadefResourceTypeRepoProxy("},{"line_number":938,"context_line":"            MdResourceTypeRepoStub(), {}, self.policy)"},{"line_number":939,"context_line":"        self.assertRaises(exception.Forbidden, mdrt_repo.add, self.fakert)"}],"source_content_type":"text/x-python","patch_set":9,"id":"4501ad10_cee8ac55","line":936,"range":{"start_line":936,"start_character":9,"end_line":936,"end_character":61},"updated":"2021-07-12 05:44:21.000000000","message":"ditto","commit_id":"b169b6e00556293743ee2e7b303dc737b5e2769a"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"2e5e57ed8c4a4e6567a6894b8d47db5d3db92ab1","unresolved":false,"context_lines":[{"line_number":933,"context_line":"                         mdobj_repo.remove(self.fakeobj).meta_object)"},{"line_number":934,"context_line":""},{"line_number":935,"context_line":"    def test_md_resource_type_not_allowed(self):"},{"line_number":936,"context_line":"        self.policy.enforce.side_effect \u003d exception.Forbidden"},{"line_number":937,"context_line":"        mdrt_repo \u003d glance.api.policy.MetadefResourceTypeRepoProxy("},{"line_number":938,"context_line":"            MdResourceTypeRepoStub(), {}, self.policy)"},{"line_number":939,"context_line":"        self.assertRaises(exception.Forbidden, mdrt_repo.add, self.fakert)"}],"source_content_type":"text/x-python","patch_set":9,"id":"151904d4_fb4335fa","line":936,"range":{"start_line":936,"start_character":9,"end_line":936,"end_character":61},"in_reply_to":"4501ad10_cee8ac55","updated":"2021-07-13 09:06:12.000000000","message":"Done","commit_id":"b169b6e00556293743ee2e7b303dc737b5e2769a"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"c8e8c8f61099b229bb6f883ac5e5a1446c70cf3e","unresolved":true,"context_lines":[{"line_number":954,"context_line":"                         mdrt_repo.remove(self.fakert).meta_resource_type)"},{"line_number":955,"context_line":""},{"line_number":956,"context_line":"    def test_md_property_not_allowed(self):"},{"line_number":957,"context_line":"        self.policy.enforce.side_effect \u003d exception.Forbidden"},{"line_number":958,"context_line":"        mdprop_repo \u003d glance.api.policy.MetadefPropertyRepoProxy("},{"line_number":959,"context_line":"            MdPropertyRepoStub(), {}, self.policy)"},{"line_number":960,"context_line":"        self.assertRaises(exception.Forbidden, mdprop_repo.add, self.fakeprop)"}],"source_content_type":"text/x-python","patch_set":9,"id":"15cce934_f03ee58a","line":957,"range":{"start_line":957,"start_character":8,"end_line":957,"end_character":21},"updated":"2021-07-12 05:44:21.000000000","message":"ditto","commit_id":"b169b6e00556293743ee2e7b303dc737b5e2769a"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"2e5e57ed8c4a4e6567a6894b8d47db5d3db92ab1","unresolved":false,"context_lines":[{"line_number":954,"context_line":"                         mdrt_repo.remove(self.fakert).meta_resource_type)"},{"line_number":955,"context_line":""},{"line_number":956,"context_line":"    def test_md_property_not_allowed(self):"},{"line_number":957,"context_line":"        self.policy.enforce.side_effect \u003d exception.Forbidden"},{"line_number":958,"context_line":"        mdprop_repo \u003d glance.api.policy.MetadefPropertyRepoProxy("},{"line_number":959,"context_line":"            MdPropertyRepoStub(), {}, self.policy)"},{"line_number":960,"context_line":"        self.assertRaises(exception.Forbidden, mdprop_repo.add, self.fakeprop)"}],"source_content_type":"text/x-python","patch_set":9,"id":"90c6d320_fa5f23ab","line":957,"range":{"start_line":957,"start_character":8,"end_line":957,"end_character":21},"in_reply_to":"15cce934_f03ee58a","updated":"2021-07-13 09:06:12.000000000","message":"Done","commit_id":"b169b6e00556293743ee2e7b303dc737b5e2769a"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"c8e8c8f61099b229bb6f883ac5e5a1446c70cf3e","unresolved":true,"context_lines":[{"line_number":981,"context_line":"                         mdprop_repo.remove(self.fakeprop).namespace_property)"},{"line_number":982,"context_line":""},{"line_number":983,"context_line":"    def test_md_tag_not_allowed(self):"},{"line_number":984,"context_line":"        self.policy.enforce.side_effect \u003d exception.Forbidden"},{"line_number":985,"context_line":"        mdtag_repo \u003d glance.api.policy.MetadefTagRepoProxy("},{"line_number":986,"context_line":"            MdTagRepoStub(), {}, self.policy)"},{"line_number":987,"context_line":"        mdns_repo \u003d glance.api.policy.MetadefNamespaceRepoProxy("}],"source_content_type":"text/x-python","patch_set":9,"id":"fd962ed6_d5d1aac2","line":984,"range":{"start_line":984,"start_character":8,"end_line":984,"end_character":58},"updated":"2021-07-12 05:44:21.000000000","message":"ditto","commit_id":"b169b6e00556293743ee2e7b303dc737b5e2769a"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"2e5e57ed8c4a4e6567a6894b8d47db5d3db92ab1","unresolved":false,"context_lines":[{"line_number":981,"context_line":"                         mdprop_repo.remove(self.fakeprop).namespace_property)"},{"line_number":982,"context_line":""},{"line_number":983,"context_line":"    def test_md_tag_not_allowed(self):"},{"line_number":984,"context_line":"        self.policy.enforce.side_effect \u003d exception.Forbidden"},{"line_number":985,"context_line":"        mdtag_repo \u003d glance.api.policy.MetadefTagRepoProxy("},{"line_number":986,"context_line":"            MdTagRepoStub(), {}, self.policy)"},{"line_number":987,"context_line":"        mdns_repo \u003d glance.api.policy.MetadefNamespaceRepoProxy("}],"source_content_type":"text/x-python","patch_set":9,"id":"6b5f68c1_759ff36b","line":984,"range":{"start_line":984,"start_character":8,"end_line":984,"end_character":58},"in_reply_to":"fd962ed6_d5d1aac2","updated":"2021-07-13 09:06:12.000000000","message":"Done","commit_id":"b169b6e00556293743ee2e7b303dc737b5e2769a"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"de3d4b88c00b9262f70343a97e9c71928c38bc05","unresolved":true,"context_lines":[{"line_number":858,"context_line":"        self.assertRaises(exception.Forbidden, mdns_repo.remove, namespace)"},{"line_number":859,"context_line":"        self.assertRaises(exception.Forbidden, mdns_repo.save, namespace)"},{"line_number":860,"context_line":""},{"line_number":861,"context_line":"    def test_md_namespace_allowed(self):"},{"line_number":862,"context_line":"        rules \u003d {\u0027modify_metadef_namespace\u0027: True,"},{"line_number":863,"context_line":"                 \u0027add_metadef_namespace\u0027: True,"},{"line_number":864,"context_line":"                 \u0027delete_metadef_namespace\u0027: True}"},{"line_number":865,"context_line":"        self.policy.set_rules(rules)"},{"line_number":866,"context_line":"        mdns_repo \u003d glance.api.policy.MetadefNamespaceRepoProxy("},{"line_number":867,"context_line":"            MdNamespaceRepoStub(), self.context, self.policy)"},{"line_number":868,"context_line":"        namespace \u003d glance.api.policy.MetadefNamespaceProxy("},{"line_number":869,"context_line":"            self.ns_stub, self.context, self.policy)"},{"line_number":870,"context_line":"        self.assertEqual(None, mdns_repo.add(namespace))"},{"line_number":871,"context_line":"        self.assertEqual(\u0027mdns_save\u0027,"},{"line_number":872,"context_line":"                         mdns_repo.save(namespace).namespace_input)"},{"line_number":873,"context_line":"        self.assertEqual(\u0027mdns_remove\u0027,"},{"line_number":874,"context_line":"                         mdns_repo.remove(namespace).namespace_input)"},{"line_number":875,"context_line":""},{"line_number":876,"context_line":"    def test_md_get_namespace_allowed(self):"},{"line_number":877,"context_line":"        self.policy.enforce \u003d mock.Mock()"},{"line_number":878,"context_line":"        mdns_repo \u003d glance.api.policy.MetadefNamespaceRepoProxy("},{"line_number":879,"context_line":"            MdNamespaceRepoStub(), self.context, self.policy)"},{"line_number":880,"context_line":"        expected_target \u003d {\u0027project_id\u0027: self.ns_stub.owner,"},{"line_number":881,"context_line":"                           \u0027visibility\u0027: self.ns_stub.visibility}"},{"line_number":882,"context_line":"        mdns_repo.get(self.ns_stub)"},{"line_number":883,"context_line":"        self.policy.enforce.assert_called_once_with("},{"line_number":884,"context_line":"            self.context, \"get_metadef_namespace\", expected_target)"},{"line_number":885,"context_line":""},{"line_number":886,"context_line":"    def test_md_get_namespaces_allowed(self):"},{"line_number":887,"context_line":"        self.policy.enforce \u003d mock.Mock()"},{"line_number":888,"context_line":"        rules \u003d {\u0027get_metadef_namespaces\u0027: True}"},{"line_number":889,"context_line":"        self.policy.set_rules(rules)"},{"line_number":890,"context_line":"        mdns_repo \u003d glance.api.policy.MetadefNamespaceRepoProxy("},{"line_number":891,"context_line":"            MdNamespaceRepoStub(), self.context, self.policy)"},{"line_number":892,"context_line":"        expected_target \u003d {\u0027project_id\u0027: self.context.project_id}"},{"line_number":893,"context_line":"        mdns_repo.list()"},{"line_number":894,"context_line":"        self.policy.enforce.assert_called_once_with("},{"line_number":895,"context_line":"            self.context, \"get_metadef_namespaces\", expected_target)"},{"line_number":896,"context_line":""},{"line_number":897,"context_line":"    def test_md_object_not_allowed(self):"},{"line_number":898,"context_line":"        rules \u003d {\u0027get_metadef_object\u0027: False,"}],"source_content_type":"text/x-python","patch_set":10,"id":"bab71ced_ba60f3ec","line":895,"range":{"start_line":861,"start_character":4,"end_line":895,"end_character":68},"updated":"2021-07-12 09:29:40.000000000","message":"I think still you can check all these three in one test.","commit_id":"35c482408471a6730c63c45b3f7e778b08d07aac"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"2e5e57ed8c4a4e6567a6894b8d47db5d3db92ab1","unresolved":false,"context_lines":[{"line_number":858,"context_line":"        self.assertRaises(exception.Forbidden, mdns_repo.remove, namespace)"},{"line_number":859,"context_line":"        self.assertRaises(exception.Forbidden, mdns_repo.save, namespace)"},{"line_number":860,"context_line":""},{"line_number":861,"context_line":"    def test_md_namespace_allowed(self):"},{"line_number":862,"context_line":"        rules \u003d {\u0027modify_metadef_namespace\u0027: True,"},{"line_number":863,"context_line":"                 \u0027add_metadef_namespace\u0027: True,"},{"line_number":864,"context_line":"                 \u0027delete_metadef_namespace\u0027: True}"},{"line_number":865,"context_line":"        self.policy.set_rules(rules)"},{"line_number":866,"context_line":"        mdns_repo \u003d glance.api.policy.MetadefNamespaceRepoProxy("},{"line_number":867,"context_line":"            MdNamespaceRepoStub(), self.context, self.policy)"},{"line_number":868,"context_line":"        namespace \u003d glance.api.policy.MetadefNamespaceProxy("},{"line_number":869,"context_line":"            self.ns_stub, self.context, self.policy)"},{"line_number":870,"context_line":"        self.assertEqual(None, mdns_repo.add(namespace))"},{"line_number":871,"context_line":"        self.assertEqual(\u0027mdns_save\u0027,"},{"line_number":872,"context_line":"                         mdns_repo.save(namespace).namespace_input)"},{"line_number":873,"context_line":"        self.assertEqual(\u0027mdns_remove\u0027,"},{"line_number":874,"context_line":"                         mdns_repo.remove(namespace).namespace_input)"},{"line_number":875,"context_line":""},{"line_number":876,"context_line":"    def test_md_get_namespace_allowed(self):"},{"line_number":877,"context_line":"        self.policy.enforce \u003d mock.Mock()"},{"line_number":878,"context_line":"        mdns_repo \u003d glance.api.policy.MetadefNamespaceRepoProxy("},{"line_number":879,"context_line":"            MdNamespaceRepoStub(), self.context, self.policy)"},{"line_number":880,"context_line":"        expected_target \u003d {\u0027project_id\u0027: self.ns_stub.owner,"},{"line_number":881,"context_line":"                           \u0027visibility\u0027: self.ns_stub.visibility}"},{"line_number":882,"context_line":"        mdns_repo.get(self.ns_stub)"},{"line_number":883,"context_line":"        self.policy.enforce.assert_called_once_with("},{"line_number":884,"context_line":"            self.context, \"get_metadef_namespace\", expected_target)"},{"line_number":885,"context_line":""},{"line_number":886,"context_line":"    def test_md_get_namespaces_allowed(self):"},{"line_number":887,"context_line":"        self.policy.enforce \u003d mock.Mock()"},{"line_number":888,"context_line":"        rules \u003d {\u0027get_metadef_namespaces\u0027: True}"},{"line_number":889,"context_line":"        self.policy.set_rules(rules)"},{"line_number":890,"context_line":"        mdns_repo \u003d glance.api.policy.MetadefNamespaceRepoProxy("},{"line_number":891,"context_line":"            MdNamespaceRepoStub(), self.context, self.policy)"},{"line_number":892,"context_line":"        expected_target \u003d {\u0027project_id\u0027: self.context.project_id}"},{"line_number":893,"context_line":"        mdns_repo.list()"},{"line_number":894,"context_line":"        self.policy.enforce.assert_called_once_with("},{"line_number":895,"context_line":"            self.context, \"get_metadef_namespaces\", expected_target)"},{"line_number":896,"context_line":""},{"line_number":897,"context_line":"    def test_md_object_not_allowed(self):"},{"line_number":898,"context_line":"        rules \u003d {\u0027get_metadef_object\u0027: False,"}],"source_content_type":"text/x-python","patch_set":10,"id":"18040579_860f8451","line":895,"range":{"start_line":861,"start_character":4,"end_line":895,"end_character":68},"in_reply_to":"bab71ced_ba60f3ec","updated":"2021-07-13 09:06:12.000000000","message":"Ack","commit_id":"35c482408471a6730c63c45b3f7e778b08d07aac"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"de3d4b88c00b9262f70343a97e9c71928c38bc05","unresolved":true,"context_lines":[{"line_number":904,"context_line":"        mdobj_repo \u003d glance.api.policy.MetadefObjectRepoProxy("},{"line_number":905,"context_line":"            MdObjectRepoStub(), {}, self.policy)"},{"line_number":906,"context_line":"        self.assertRaises(exception.Forbidden, mdobj_repo.add, self.fakeobj)"},{"line_number":907,"context_line":"        self.assertRaises(exception.Forbidden, mdobj_repo.get, self.ns_stub,"},{"line_number":908,"context_line":"                          self.fakeobj)"},{"line_number":909,"context_line":"        self.assertRaises(exception.Forbidden, mdobj_repo.list)"},{"line_number":910,"context_line":"        self.assertRaises(exception.Forbidden, mdobj_repo.remove, self.fakeobj)"}],"source_content_type":"text/x-python","patch_set":10,"id":"7317860a_59e61f67","line":907,"range":{"start_line":907,"start_character":63,"end_line":907,"end_character":75},"updated":"2021-07-12 09:29:40.000000000","message":"how is self.fakens is different from self.ns_stub?","commit_id":"35c482408471a6730c63c45b3f7e778b08d07aac"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"2e5e57ed8c4a4e6567a6894b8d47db5d3db92ab1","unresolved":true,"context_lines":[{"line_number":904,"context_line":"        mdobj_repo \u003d glance.api.policy.MetadefObjectRepoProxy("},{"line_number":905,"context_line":"            MdObjectRepoStub(), {}, self.policy)"},{"line_number":906,"context_line":"        self.assertRaises(exception.Forbidden, mdobj_repo.add, self.fakeobj)"},{"line_number":907,"context_line":"        self.assertRaises(exception.Forbidden, mdobj_repo.get, self.ns_stub,"},{"line_number":908,"context_line":"                          self.fakeobj)"},{"line_number":909,"context_line":"        self.assertRaises(exception.Forbidden, mdobj_repo.list)"},{"line_number":910,"context_line":"        self.assertRaises(exception.Forbidden, mdobj_repo.remove, self.fakeobj)"}],"source_content_type":"text/x-python","patch_set":10,"id":"f702f27b_2b735788","line":907,"range":{"start_line":907,"start_character":63,"end_line":907,"end_character":75},"in_reply_to":"7317860a_59e61f67","updated":"2021-07-13 09:06:12.000000000","message":"Oops! there is no difference, removed it in followup patch.","commit_id":"35c482408471a6730c63c45b3f7e778b08d07aac"}]}