)]}'
{"glance/api/v2/images.py":[{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"824f031156fdd680b3210ed4a47d72e78a082a2d","unresolved":true,"context_lines":[{"line_number":367,"context_line":"            elif not authorization.is_image_mutable(ctxt, image):"},{"line_number":368,"context_line":"                # FIXME(abhishekk): Once policy refactoring is complete we"},{"line_number":369,"context_line":"                # need to remove authorization layer, at that time add image"},{"line_number":370,"context_line":"                # mutability check here"},{"line_number":371,"context_line":"                raise webob.exc.HTTPForbidden("},{"line_number":372,"context_line":"                    explanation\u003d_(\"Operation not permitted\"))"},{"line_number":373,"context_line":""}],"source_content_type":"text/x-python","patch_set":7,"id":"a3469c93_1b6e32a2","line":370,"updated":"2021-08-24 16:15:23.000000000","message":"What does this mean exactly? Add api_pol.modify_image() or something else?","commit_id":"5821db41a009c6098d813bb43735d85548c7a2ae"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"1834af8d048283f861034506e1f4262d16bd900a","unresolved":true,"context_lines":[{"line_number":367,"context_line":"            elif not authorization.is_image_mutable(ctxt, image):"},{"line_number":368,"context_line":"                # FIXME(abhishekk): Once policy refactoring is complete we"},{"line_number":369,"context_line":"                # need to remove authorization layer, at that time add image"},{"line_number":370,"context_line":"                # mutability check here"},{"line_number":371,"context_line":"                raise webob.exc.HTTPForbidden("},{"line_number":372,"context_line":"                    explanation\u003d_(\"Operation not permitted\"))"},{"line_number":373,"context_line":""}],"source_content_type":"text/x-python","patch_set":7,"id":"2158c9a9_64186eb2","line":370,"in_reply_to":"a3469c93_1b6e32a2","updated":"2021-08-24 16:45:36.000000000","message":"I think modify_image will also be good option","commit_id":"5821db41a009c6098d813bb43735d85548c7a2ae"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"56f07582c3204e13e43119713f5b79fe7ec24e51","unresolved":true,"context_lines":[{"line_number":367,"context_line":"            else:"},{"line_number":368,"context_line":"                # NOTE(abhishekk): We need to perform ownership check on image"},{"line_number":369,"context_line":"                # so that non-admin or non-owner can not import data to image"},{"line_number":370,"context_line":"                api_pol.modify_image()"},{"line_number":371,"context_line":""},{"line_number":372,"context_line":"            if \u0027os_glance_import_task\u0027 in image.extra_properties:"},{"line_number":373,"context_line":"                # NOTE(danms): This will raise exception.Conflict if the"}],"source_content_type":"text/x-python","patch_set":8,"id":"5db4dbf8_116e2283","line":370,"updated":"2021-08-24 19:05:32.000000000","message":"++ This will also call the compat routine directly replicating the is_image_mutable check behavior.","commit_id":"6801fa9245cf9eff59e748ecbe87569ab228233f"}],"glance/tests/functional/v2/test_images_api_policy.py":[{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"348fc7553553b74e3fc46a6b7ed32034ccb3d22b","unresolved":true,"context_lines":[{"line_number":323,"context_line":""},{"line_number":324,"context_line":"        # Verify that non-admin can not copy image"},{"line_number":325,"context_line":"        self.set_policy_rules({"},{"line_number":326,"context_line":"            \u0027copy_image\u0027: \u0027rule:admin\u0027,"},{"line_number":327,"context_line":"            \u0027get_image\u0027: \u0027\u0027"},{"line_number":328,"context_line":"        })"},{"line_number":329,"context_line":"        headers \u003d self._headers({\u0027X-Roles\u0027: \u0027member\u0027})"}],"source_content_type":"text/x-python","patch_set":2,"id":"c0eaee11_dd5fa00d","line":326,"range":{"start_line":326,"start_character":27,"end_line":326,"end_character":37},"updated":"2021-08-19 19:43:13.000000000","message":"Should this be `role:admin` to be consistent with the default?","commit_id":"3351fdc2bb5ec9d920402da1c7e9b4b8d8e7e43d"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"bb847be7d465a4f7bf94c39bf8da0bac2c284679","unresolved":false,"context_lines":[{"line_number":323,"context_line":""},{"line_number":324,"context_line":"        # Verify that non-admin can not copy image"},{"line_number":325,"context_line":"        self.set_policy_rules({"},{"line_number":326,"context_line":"            \u0027copy_image\u0027: \u0027rule:admin\u0027,"},{"line_number":327,"context_line":"            \u0027get_image\u0027: \u0027\u0027"},{"line_number":328,"context_line":"        })"},{"line_number":329,"context_line":"        headers \u003d self._headers({\u0027X-Roles\u0027: \u0027member\u0027})"}],"source_content_type":"text/x-python","patch_set":2,"id":"40bb7f1c_9d6e03ce","line":326,"range":{"start_line":326,"start_character":27,"end_line":326,"end_character":37},"in_reply_to":"c0eaee11_dd5fa00d","updated":"2021-08-19 19:54:24.000000000","message":"Done","commit_id":"3351fdc2bb5ec9d920402da1c7e9b4b8d8e7e43d"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"348fc7553553b74e3fc46a6b7ed32034ccb3d22b","unresolved":true,"context_lines":[{"line_number":333,"context_line":""},{"line_number":334,"context_line":"        # Verify that non-owner can not copy image"},{"line_number":335,"context_line":"        self.set_policy_rules({"},{"line_number":336,"context_line":"            \u0027copy_image\u0027: \u0027rule:admin\u0027,"},{"line_number":337,"context_line":"            \u0027get_image\u0027: \u0027\u0027"},{"line_number":338,"context_line":"        })"},{"line_number":339,"context_line":"        headers \u003d self._headers({"}],"source_content_type":"text/x-python","patch_set":2,"id":"7e4c7a10_126405d4","line":336,"range":{"start_line":336,"start_character":27,"end_line":336,"end_character":37},"updated":"2021-08-19 19:43:13.000000000","message":"Ditto.","commit_id":"3351fdc2bb5ec9d920402da1c7e9b4b8d8e7e43d"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"bb847be7d465a4f7bf94c39bf8da0bac2c284679","unresolved":false,"context_lines":[{"line_number":333,"context_line":""},{"line_number":334,"context_line":"        # Verify that non-owner can not copy image"},{"line_number":335,"context_line":"        self.set_policy_rules({"},{"line_number":336,"context_line":"            \u0027copy_image\u0027: \u0027rule:admin\u0027,"},{"line_number":337,"context_line":"            \u0027get_image\u0027: \u0027\u0027"},{"line_number":338,"context_line":"        })"},{"line_number":339,"context_line":"        headers \u003d self._headers({"}],"source_content_type":"text/x-python","patch_set":2,"id":"7d4b5eda_b45320ac","line":336,"range":{"start_line":336,"start_character":27,"end_line":336,"end_character":37},"in_reply_to":"7e4c7a10_126405d4","updated":"2021-08-19 19:54:24.000000000","message":"Done","commit_id":"3351fdc2bb5ec9d920402da1c7e9b4b8d8e7e43d"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"824f031156fdd680b3210ed4a47d72e78a082a2d","unresolved":true,"context_lines":[{"line_number":763,"context_line":""},{"line_number":764,"context_line":"        # Verify that non-owner can not copy image"},{"line_number":765,"context_line":"        self.set_policy_rules({"},{"line_number":766,"context_line":"            \u0027copy_image\u0027: \u0027role:admin\u0027,"},{"line_number":767,"context_line":"            \u0027get_image\u0027: \u0027\u0027"},{"line_number":768,"context_line":"        })"},{"line_number":769,"context_line":"        headers \u003d self._headers({"}],"source_content_type":"text/x-python","patch_set":7,"id":"58c403cf_ad9f550b","line":766,"range":{"start_line":766,"start_character":27,"end_line":766,"end_character":37},"updated":"2021-08-24 16:15:23.000000000","message":"Did you mean role:member here?","commit_id":"5821db41a009c6098d813bb43735d85548c7a2ae"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"1834af8d048283f861034506e1f4262d16bd900a","unresolved":true,"context_lines":[{"line_number":763,"context_line":""},{"line_number":764,"context_line":"        # Verify that non-owner can not copy image"},{"line_number":765,"context_line":"        self.set_policy_rules({"},{"line_number":766,"context_line":"            \u0027copy_image\u0027: \u0027role:admin\u0027,"},{"line_number":767,"context_line":"            \u0027get_image\u0027: \u0027\u0027"},{"line_number":768,"context_line":"        })"},{"line_number":769,"context_line":"        headers \u003d self._headers({"}],"source_content_type":"text/x-python","patch_set":7,"id":"83a8a567_ec681290","line":766,"range":{"start_line":766,"start_character":27,"end_line":766,"end_character":37},"in_reply_to":"58c403cf_ad9f550b","updated":"2021-08-24 16:45:36.000000000","message":"No, I think even though role:admin is the policy rule, we are not passing admin in the Roles at line #769, so this will evaluate as member of fake-project is trying to copy image of different project.","commit_id":"5821db41a009c6098d813bb43735d85548c7a2ae"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"46b432864bfb708769643f88e8c9e150a19248b6","unresolved":true,"context_lines":[{"line_number":763,"context_line":""},{"line_number":764,"context_line":"        # Verify that non-owner can not copy image"},{"line_number":765,"context_line":"        self.set_policy_rules({"},{"line_number":766,"context_line":"            \u0027copy_image\u0027: \u0027role:admin\u0027,"},{"line_number":767,"context_line":"            \u0027get_image\u0027: \u0027\u0027"},{"line_number":768,"context_line":"        })"},{"line_number":769,"context_line":"        headers \u003d self._headers({"}],"source_content_type":"text/x-python","patch_set":7,"id":"2b1ed0de_abd1beae","line":766,"range":{"start_line":766,"start_character":27,"end_line":766,"end_character":37},"in_reply_to":"83a8a567_ec681290","updated":"2021-08-24 17:27:43.000000000","message":"Okay I missed that we were doing the above as member too. I guess I\u0027m not sure why we\u0027d expect owner to not be able to do it, but non-admin other tenant might be able, but fair enough.","commit_id":"5821db41a009c6098d813bb43735d85548c7a2ae"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"824f031156fdd680b3210ed4a47d72e78a082a2d","unresolved":true,"context_lines":[{"line_number":772,"context_line":"        })"},{"line_number":773,"context_line":"        response \u003d self._import_copy(image_id, store_to_copy,"},{"line_number":774,"context_line":"                                     headers\u003dheaders)"},{"line_number":775,"context_line":"        self.assertEqual(403, response.status_code)"},{"line_number":776,"context_line":""},{"line_number":777,"context_line":"    def test_import_glance_direct(self):"},{"line_number":778,"context_line":"        self.start_server()"}],"source_content_type":"text/x-python","patch_set":7,"id":"7d81aa11_40cfc23b","line":775,"updated":"2021-08-24 16:15:23.000000000","message":"Should we have a test case for:\n\n {copy_image: \u0027\u0027, get_image: \u0027!\u0027}\n\nTo make sure we return 404?","commit_id":"5821db41a009c6098d813bb43735d85548c7a2ae"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"1834af8d048283f861034506e1f4262d16bd900a","unresolved":false,"context_lines":[{"line_number":772,"context_line":"        })"},{"line_number":773,"context_line":"        response \u003d self._import_copy(image_id, store_to_copy,"},{"line_number":774,"context_line":"                                     headers\u003dheaders)"},{"line_number":775,"context_line":"        self.assertEqual(403, response.status_code)"},{"line_number":776,"context_line":""},{"line_number":777,"context_line":"    def test_import_glance_direct(self):"},{"line_number":778,"context_line":"        self.start_server()"}],"source_content_type":"text/x-python","patch_set":7,"id":"735fb518_b52fe073","line":775,"in_reply_to":"7d81aa11_40cfc23b","updated":"2021-08-24 16:45:36.000000000","message":"Ack","commit_id":"5821db41a009c6098d813bb43735d85548c7a2ae"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"824f031156fdd680b3210ed4a47d72e78a082a2d","unresolved":true,"context_lines":[{"line_number":802,"context_line":"        self.assertEqual(\u0027success\u0027, self._get_latest_task(image_id)[\u0027status\u0027])"},{"line_number":803,"context_line":""},{"line_number":804,"context_line":"        # Make sure you can not import data to image using non-admin role of"},{"line_number":805,"context_line":"        # different project"},{"line_number":806,"context_line":"        image_id \u003d self._create_and_stage(visibility\u003d\u0027community\u0027)"},{"line_number":807,"context_line":"        headers \u003d self._headers({"},{"line_number":808,"context_line":"            \u0027X-Roles\u0027: \u0027member\u0027,"}],"source_content_type":"text/x-python","patch_set":7,"id":"addf39f3_c233ec89","line":805,"updated":"2021-08-24 16:15:23.000000000","message":"This isn\u0027t checking a policy rule for this though right? Since policy is \u0027\u0027 then we\u0027re just failing the existing mutability check right? I guess I\u0027m confused why we\u0027re not checking at least modify policy or whatever, and then asserting that it enforces here. Presumably we\u0027re missing a more general import_image policy?\n\nThinking about that, we might want to either (a) have separate policies for the different methods or (b) make sure the target has the method in it. I can imagine operators wanting regular users to only be able to import direct, but some people able to import via web-download. That would also mirror the fact that we have copy_image separated out.","commit_id":"5821db41a009c6098d813bb43735d85548c7a2ae"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"1834af8d048283f861034506e1f4262d16bd900a","unresolved":true,"context_lines":[{"line_number":802,"context_line":"        self.assertEqual(\u0027success\u0027, self._get_latest_task(image_id)[\u0027status\u0027])"},{"line_number":803,"context_line":""},{"line_number":804,"context_line":"        # Make sure you can not import data to image using non-admin role of"},{"line_number":805,"context_line":"        # different project"},{"line_number":806,"context_line":"        image_id \u003d self._create_and_stage(visibility\u003d\u0027community\u0027)"},{"line_number":807,"context_line":"        headers \u003d self._headers({"},{"line_number":808,"context_line":"            \u0027X-Roles\u0027: \u0027member\u0027,"}],"source_content_type":"text/x-python","patch_set":7,"id":"e896d119_f88e123a","line":805,"in_reply_to":"addf39f3_c233ec89","updated":"2021-08-24 16:45:36.000000000","message":"Yes this is for checking existing mutability check. I think removing that elif mutability check and replacing it with modify_image will make more sense.","commit_id":"5821db41a009c6098d813bb43735d85548c7a2ae"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"46b432864bfb708769643f88e8c9e150a19248b6","unresolved":true,"context_lines":[{"line_number":802,"context_line":"        self.assertEqual(\u0027success\u0027, self._get_latest_task(image_id)[\u0027status\u0027])"},{"line_number":803,"context_line":""},{"line_number":804,"context_line":"        # Make sure you can not import data to image using non-admin role of"},{"line_number":805,"context_line":"        # different project"},{"line_number":806,"context_line":"        image_id \u003d self._create_and_stage(visibility\u003d\u0027community\u0027)"},{"line_number":807,"context_line":"        headers \u003d self._headers({"},{"line_number":808,"context_line":"            \u0027X-Roles\u0027: \u0027member\u0027,"}],"source_content_type":"text/x-python","patch_set":7,"id":"72a582aa_cb65d925","line":805,"in_reply_to":"e896d119_f88e123a","updated":"2021-08-24 17:27:43.000000000","message":"++","commit_id":"5821db41a009c6098d813bb43735d85548c7a2ae"}],"glance/tests/functional/v2/test_images_import_locking.py":[{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"824f031156fdd680b3210ed4a47d72e78a082a2d","unresolved":true,"context_lines":[{"line_number":48,"context_line":"        # Set up a fake data pipeline that will stall until we are ready"},{"line_number":49,"context_line":"        # to unblock it"},{"line_number":50,"context_line":"        def slow_fake_set_data(data_iter, size\u003dNone, backend\u003dNone,"},{"line_number":51,"context_line":"                               set_active\u003dTrue):"},{"line_number":52,"context_line":"            me \u003d str(uuid.uuid4())"},{"line_number":53,"context_line":"            while state[\u0027want_run\u0027] \u003d\u003d True:"},{"line_number":54,"context_line":"                LOG.info(\u0027fake_set_data running %s\u0027 % me)"}],"source_content_type":"text/x-python","patch_set":7,"id":"d1d51abb_fda5eb58","line":51,"updated":"2021-08-24 16:15:23.000000000","message":"Is this because we\u0027ve stripped off the auth layer and this is always passed as kwarg to the lower layers? Otherwise this seems unrelated...","commit_id":"5821db41a009c6098d813bb43735d85548c7a2ae"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"1834af8d048283f861034506e1f4262d16bd900a","unresolved":true,"context_lines":[{"line_number":48,"context_line":"        # Set up a fake data pipeline that will stall until we are ready"},{"line_number":49,"context_line":"        # to unblock it"},{"line_number":50,"context_line":"        def slow_fake_set_data(data_iter, size\u003dNone, backend\u003dNone,"},{"line_number":51,"context_line":"                               set_active\u003dTrue):"},{"line_number":52,"context_line":"            me \u003d str(uuid.uuid4())"},{"line_number":53,"context_line":"            while state[\u0027want_run\u0027] \u003d\u003d True:"},{"line_number":54,"context_line":"                LOG.info(\u0027fake_set_data running %s\u0027 % me)"}],"source_content_type":"text/x-python","patch_set":7,"id":"8887a2b0_e5c20bdf","line":51,"in_reply_to":"d1d51abb_fda5eb58","updated":"2021-08-24 16:45:36.000000000","message":"Yes","commit_id":"5821db41a009c6098d813bb43735d85548c7a2ae"}]}