)]}'
{".zuul.yaml":[{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"3b34f3d7e75de36e17a9650728378b1fb880d476","unresolved":true,"context_lines":[{"line_number":299,"context_line":"      Glance services."},{"line_number":300,"context_line":"    vars:"},{"line_number":301,"context_line":"      devstack_localrc:"},{"line_number":302,"context_line":"        GLANCE_ENFORCE_SCOPE: true"},{"line_number":303,"context_line":""},{"line_number":304,"context_line":"- project:"},{"line_number":305,"context_line":"    templates:"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"1a9b243b_0e29c6c8","line":302,"range":{"start_line":302,"start_character":8,"end_line":302,"end_character":28},"updated":"2023-02-02 19:29:05.000000000","message":"let\u0027s enable all services (running test in this storage integrated job) new defaults here to test it with them. same way we did in nova\n\n        NOVA_ENFORCE_SCOPE: true\n        CINDER_ENFORCE_SCOPE: true\n        GLANCE_ENFORCE_SCOPE: true\n        \n        \n        https://github.com/openstack/nova/blob/f01a90ccb85ab254236f84009cd432d03ce12ebb/.zuul.yaml#L673","commit_id":"ba03500a0679276535f681e3ac94b51eefc88475"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"8c9ee9d8aef7fbfecfd0bc49fa8d290880cf7d25","unresolved":false,"context_lines":[{"line_number":299,"context_line":"      Glance services."},{"line_number":300,"context_line":"    vars:"},{"line_number":301,"context_line":"      devstack_localrc:"},{"line_number":302,"context_line":"        GLANCE_ENFORCE_SCOPE: true"},{"line_number":303,"context_line":""},{"line_number":304,"context_line":"- project:"},{"line_number":305,"context_line":"    templates:"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"52677e70_c5049a6a","line":302,"range":{"start_line":302,"start_character":8,"end_line":302,"end_character":28},"in_reply_to":"1a9b243b_0e29c6c8","updated":"2023-02-08 08:14:06.000000000","message":"Done","commit_id":"ba03500a0679276535f681e3ac94b51eefc88475"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"3b34f3d7e75de36e17a9650728378b1fb880d476","unresolved":true,"context_lines":[{"line_number":310,"context_line":"      - periodic-stable-jobs"},{"line_number":311,"context_line":"      - publish-openstack-docs-pti"},{"line_number":312,"context_line":"      - release-notes-jobs-python3"},{"line_number":313,"context_line":"    check:"},{"line_number":314,"context_line":"      jobs:"},{"line_number":315,"context_line":"        - openstack-tox-functional-py38-fips"},{"line_number":316,"context_line":"        - openstack-tox-functional-py39"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"8d039310_8ed44818","line":313,"range":{"start_line":313,"start_character":4,"end_line":313,"end_character":9},"updated":"2023-02-02 19:29:05.000000000","message":"you need to add the new job in check as well gate pipeline to run it.","commit_id":"ba03500a0679276535f681e3ac94b51eefc88475"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"8c9ee9d8aef7fbfecfd0bc49fa8d290880cf7d25","unresolved":false,"context_lines":[{"line_number":310,"context_line":"      - periodic-stable-jobs"},{"line_number":311,"context_line":"      - publish-openstack-docs-pti"},{"line_number":312,"context_line":"      - release-notes-jobs-python3"},{"line_number":313,"context_line":"    check:"},{"line_number":314,"context_line":"      jobs:"},{"line_number":315,"context_line":"        - openstack-tox-functional-py38-fips"},{"line_number":316,"context_line":"        - openstack-tox-functional-py39"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"0f088a32_7ad0c81e","line":313,"range":{"start_line":313,"start_character":4,"end_line":313,"end_character":9},"in_reply_to":"8d039310_8ed44818","updated":"2023-02-08 08:14:06.000000000","message":"Done","commit_id":"ba03500a0679276535f681e3ac94b51eefc88475"}],"/COMMIT_MSG":[{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"f8a217c0ba3e86630b23c9213ba504d4618a8f21","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":7,"id":"03fc182d_ee78e3ad","line":12,"updated":"2023-02-16 06:45:36.000000000","message":"I think you should tag the srbac related \"blueprint\" here.","commit_id":"6f54b6ba9f1420ec4ef9119fc381e81973171090"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"69f0893a8b92d863f0a71a3a027c74b67b945a47","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"2ea2a208_8a989d3d","line":12,"in_reply_to":"03fc182d_ee78e3ad","updated":"2023-02-16 11:43:31.000000000","message":"Done","commit_id":"6f54b6ba9f1420ec4ef9119fc381e81973171090"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"3b34f3d7e75de36e17a9650728378b1fb880d476","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"fe4bf497_e076a153","updated":"2023-02-02 19:29:05.000000000","message":"thanks pranali for doing this, +1 on the direction as we discussed in PTG. -1 for the comments added online and also this need upgrade releasenotes. ","commit_id":"ba03500a0679276535f681e3ac94b51eefc88475"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"8c9ee9d8aef7fbfecfd0bc49fa8d290880cf7d25","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"beda74fb_b02c49a1","updated":"2023-02-08 08:14:06.000000000","message":"Thanks gmann for review! \n\n","commit_id":"bb72fc411c5418fbbcb4a548d6a2ca0e3af30cbf"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"4c4903a079f23638c28667ae1df9e0ca06185732","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"ed840962_5af6807b","updated":"2023-02-09 02:47:44.000000000","message":"a few comments on tests otherwise lgtm.","commit_id":"77acc68ce4bb41ec9e193a03be43ba2894ae662c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"08511197370ad3f5b3f05cc035ab189492b2f562","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"99e2dffd_bffdce75","updated":"2023-02-10 00:44:09.000000000","message":"lgtm, please push follow up patch to remove enforce_secure_rbac otherwise we need to call out its default value change in this releasenotes.","commit_id":"77acc68ce4bb41ec9e193a03be43ba2894ae662c"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"a5cc0fa1f2c628592702a2d7f1c79a7482e9c88e","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"8c6e0047_937a833e","updated":"2023-02-10 14:54:36.000000000","message":"I have some comments inline, might be few are unrelated, let me know if you have any questions as well. Thank you!\n","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"c2fc358036e7f73166527f2ac86d5f6faea73b78","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"982233eb_59da8db5","updated":"2023-02-10 15:08:33.000000000","message":"Just a comment about the reno, but looks good to me otherwise. Thanks Pranali!","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"b93b28a439852ba4fca3abf37040baf58f2cba16","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"600df98d_e41eacc5","updated":"2023-02-10 14:08:46.000000000","message":"Thanks gmann for the review.\nI have submitted the follow up patch to remove the \u0027enforce_secure_rbac\u0027 option.","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"d30c35c5f5fc28fbee1dc562bcd8f529e764b596","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"3bf1a4d2_9e143c0c","updated":"2023-02-11 11:57:52.000000000","message":"Thanks Abhishek \u0026 Dan for your review.\nPlease see my inline comments.","commit_id":"d2e13cbdc8e6268b37f8db9cbd790a2803d0bf5e"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"a69a91d03645da1d4c34311531238e224c6f3843","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"5d939765_576fd3dd","updated":"2023-02-12 10:00:31.000000000","message":"recheck","commit_id":"d2e13cbdc8e6268b37f8db9cbd790a2803d0bf5e"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"57fe89dd366b4d2b1d717c321da2447b15d1cfdb","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"dbc11e67_870a6391","updated":"2023-02-13 05:15:19.000000000","message":"recheck","commit_id":"d2e13cbdc8e6268b37f8db9cbd790a2803d0bf5e"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"d961e2602e6cf41e67cac272f27c8d957b4ce053","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"6e0b47cf_730ecbbc","updated":"2023-02-14 02:48:26.000000000","message":"recheck https://review.opendev.org/c/openstack/tempest/+/873300 merged","commit_id":"d2e13cbdc8e6268b37f8db9cbd790a2803d0bf5e"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"9d3c84ab29fb506f6dc83a9cfdccca20f670e8c1","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"4e0deb5c_ab263875","updated":"2023-02-15 05:43:43.000000000","message":"recheck timeout","commit_id":"d2e13cbdc8e6268b37f8db9cbd790a2803d0bf5e"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"81ff4fd3866bebaee2d2be8f41b0e5a2a08f8188","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"35c94fa7_b0088769","updated":"2023-02-11 19:27:01.000000000","message":"recheck unknown failure","commit_id":"d2e13cbdc8e6268b37f8db9cbd790a2803d0bf5e"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"6a5720b1c8bda2a1eee6b05058a73a8cd8fbdc7c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"e2d55747_af8bfbb3","updated":"2023-02-14 05:36:10.000000000","message":"recheck unknown failure","commit_id":"d2e13cbdc8e6268b37f8db9cbd790a2803d0bf5e"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"f8a217c0ba3e86630b23c9213ba504d4618a8f21","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"256dc838_27080919","updated":"2023-02-16 06:45:36.000000000","message":"Some improvements inside but overall I am satisfied now.\nThank you!","commit_id":"6f54b6ba9f1420ec4ef9119fc381e81973171090"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"42f7d7c24d9db61c819c071da9e6b7c1a2609e75","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"caa30759_9c4fad15","updated":"2023-02-16 02:12:17.000000000","message":"recheck test timeout in VolumeMultiattachTests","commit_id":"6f54b6ba9f1420ec4ef9119fc381e81973171090"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"28beb3c433b7cd217230ccc8aa0bdbc323331d84","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":8,"id":"5e9190df_443af8cf","updated":"2023-02-16 14:39:33.000000000","message":"I don\u0027t think we should merge this (and the subsequent removal of the config option) before the admin scoping has been solved. From the very beginning of the rbac work we\u0027ve had the issue that Glance treats any user with admin role (scoped or not) as global admin. Solving this issue was one of the conditions agreed that needs to be solved before we can start defaulting to the new rbac model.\n\nThis specific issue makes it very easy for operator to make a mistake giving user \"project scoped\" admin role which grants that user full access to all images in the cloud regardless who owns them.","commit_id":"8c04d19e8858594fe687f555c9be99ce6b16dc16"},{"author":{"_account_id":8122,"name":"Cyril Roelandt","email":"cyril@redhat.com","username":"cyril.roelandt.enovance"},"change_message_id":"5d3f2ce4ac7d1f21861cb8806220f02925355d97","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":8,"id":"5586b5d6_22ad27bb","updated":"2023-02-20 13:40:43.000000000","message":"I\u0027m gonna trust gmann here and +2 this.","commit_id":"8c04d19e8858594fe687f555c9be99ce6b16dc16"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"fb63cb1e4ed86dcc4f1519eac69c2d0233fa47d8","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":8,"id":"89d2f132_269aa09b","updated":"2023-02-16 13:52:58.000000000","message":"Looks much better now, thank you!","commit_id":"8c04d19e8858594fe687f555c9be99ce6b16dc16"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"7fbaa970934df1c64b9b2db15b93fc1846ef924a","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":8,"id":"2db49803_92064d4a","updated":"2023-02-16 18:27:40.000000000","message":"this still lgtm and important to have project personas as default for operators. ","commit_id":"8c04d19e8858594fe687f555c9be99ce6b16dc16"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"7fbaa970934df1c64b9b2db15b93fc1846ef924a","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":8,"id":"980098ec_b812414e","in_reply_to":"5e9190df_443af8cf","updated":"2023-02-16 18:27:40.000000000","message":"Yes, there was a try to solve the global admin things by system scope where system scoped admin will have access to all the global level resources and project scoped admin will have access to project level resources only.\nBUT we got negative feedback from operators for this and they do not want system scope in policies which break them more than solving their problem. \n\n- https://etherpad.opendev.org/p/rbac-operator-feedback\n\nOperator want legacy admin (admin in any project) to be unchanged otherwise it is a big breaking change for them. And project ready role is one of the key thing they were looking for.\n\nSo we changed the RBAC targets as per operator need which is 1. implement the project personas (project member, reader role) now which is the main ask from operators in our policy default. 2. drop system scope from policy\n\nI am not saying the current admin issue is solved or will not be solved, we can discuss that always and find the best solution. But due to that unsolved problem we should not be holding these project personas release which is useful for operators. Overall we are trying to divide the issue and fix/release one by one as per operators need.\n\nI have added why system scope things are problematic and we have to drop that for now in this doc https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#the-issues-we-are-facing-with-scope-concept","commit_id":"8c04d19e8858594fe687f555c9be99ce6b16dc16"}],"glance/api/policy.py":[{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"3b34f3d7e75de36e17a9650728378b1fb880d476","unresolved":true,"context_lines":[{"line_number":43,"context_line":"    DEFAULT_POLICY_FILE,"},{"line_number":44,"context_line":"    enforce_scope\u003dTrue,"},{"line_number":45,"context_line":"    enforce_new_defaults\u003dTrue,"},{"line_number":46,"context_line":"    enforce_secure_rbac\u003dTrue)"},{"line_number":47,"context_line":""},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"class Enforcer(policy.Enforcer):"}],"source_content_type":"text/x-python","patch_set":1,"id":"395ba1ce_c89ffd39","line":46,"range":{"start_line":46,"start_character":4,"end_line":46,"end_character":23},"updated":"2023-02-02 19:29:05.000000000","message":"this is not oslo_policy register option instead glance only option in glance conf. you need to change its default in glance only\n- https://github.com/openstack/glance/blob/907c56265438da43c13bf1a3369d5459b1267e34/glance/common/config.py#L596\n\nor I think we discussed in PTG that we can remove this option now ? Thast is already marked as deprecated for removal since wallaby https://github.com/openstack/glance/blob/stable/wallaby/glance/common/config.py#L570","commit_id":"ba03500a0679276535f681e3ac94b51eefc88475"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"4c4903a079f23638c28667ae1df9e0ca06185732","unresolved":false,"context_lines":[{"line_number":43,"context_line":"    DEFAULT_POLICY_FILE,"},{"line_number":44,"context_line":"    enforce_scope\u003dTrue,"},{"line_number":45,"context_line":"    enforce_new_defaults\u003dTrue,"},{"line_number":46,"context_line":"    enforce_secure_rbac\u003dTrue)"},{"line_number":47,"context_line":""},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"class Enforcer(policy.Enforcer):"}],"source_content_type":"text/x-python","patch_set":1,"id":"e71adc9b_6c48d163","line":46,"range":{"start_line":46,"start_character":4,"end_line":46,"end_character":23},"in_reply_to":"346185f5_ecaba802","updated":"2023-02-09 02:47:44.000000000","message":"+1","commit_id":"ba03500a0679276535f681e3ac94b51eefc88475"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"8c9ee9d8aef7fbfecfd0bc49fa8d290880cf7d25","unresolved":true,"context_lines":[{"line_number":43,"context_line":"    DEFAULT_POLICY_FILE,"},{"line_number":44,"context_line":"    enforce_scope\u003dTrue,"},{"line_number":45,"context_line":"    enforce_new_defaults\u003dTrue,"},{"line_number":46,"context_line":"    enforce_secure_rbac\u003dTrue)"},{"line_number":47,"context_line":""},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"class Enforcer(policy.Enforcer):"}],"source_content_type":"text/x-python","patch_set":1,"id":"346185f5_ecaba802","line":46,"range":{"start_line":46,"start_character":4,"end_line":46,"end_character":23},"in_reply_to":"395ba1ce_c89ffd39","updated":"2023-02-08 08:14:06.000000000","message":"Yes, I think it would be better to remove that option in separate patch.","commit_id":"ba03500a0679276535f681e3ac94b51eefc88475"}],"glance/common/config.py":[{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"f8a217c0ba3e86630b23c9213ba504d4618a8f21","unresolved":true,"context_lines":[{"line_number":604,"context_line":"                deprecated_since\u003d\u0027Wallaby\u0027,"},{"line_number":605,"context_line":"                help\u003d_(\"\"\""},{"line_number":606,"context_line":"Enforce API access based on common persona definitions used across OpenStack."},{"line_number":607,"context_line":"Enabling this option formalizes project-specific read/write operations, like"},{"line_number":608,"context_line":"creating private images or updating the status of shared image, behind the"},{"line_number":609,"context_line":"`member` role. It also formalizes a read-only variant useful for"},{"line_number":610,"context_line":"project-specific API operations, like listing private images in a project,"}],"source_content_type":"text/x-python","patch_set":7,"id":"a44d44b4_be95899a","line":607,"range":{"start_line":607,"start_character":0,"end_line":607,"end_character":31},"updated":"2023-02-16 06:45:36.000000000","message":"I think this message should change now, right?\n\nIf you disable this option then need to make sure that oslo_policy options needs to be also set to False otherwise glance service will fail to start?","commit_id":"6f54b6ba9f1420ec4ef9119fc381e81973171090"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"69f0893a8b92d863f0a71a3a027c74b67b945a47","unresolved":true,"context_lines":[{"line_number":604,"context_line":"                deprecated_since\u003d\u0027Wallaby\u0027,"},{"line_number":605,"context_line":"                help\u003d_(\"\"\""},{"line_number":606,"context_line":"Enforce API access based on common persona definitions used across OpenStack."},{"line_number":607,"context_line":"Enabling this option formalizes project-specific read/write operations, like"},{"line_number":608,"context_line":"creating private images or updating the status of shared image, behind the"},{"line_number":609,"context_line":"`member` role. It also formalizes a read-only variant useful for"},{"line_number":610,"context_line":"project-specific API operations, like listing private images in a project,"}],"source_content_type":"text/x-python","patch_set":7,"id":"e86b0a87_b722aa23","line":607,"range":{"start_line":607,"start_character":0,"end_line":607,"end_character":31},"in_reply_to":"a44d44b4_be95899a","updated":"2023-02-16 11:43:31.000000000","message":"Since we\u0027re removing this parameter in next patch, I think there is no point in changing this 😊","commit_id":"6f54b6ba9f1420ec4ef9119fc381e81973171090"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"fb63cb1e4ed86dcc4f1519eac69c2d0233fa47d8","unresolved":false,"context_lines":[{"line_number":604,"context_line":"                deprecated_since\u003d\u0027Wallaby\u0027,"},{"line_number":605,"context_line":"                help\u003d_(\"\"\""},{"line_number":606,"context_line":"Enforce API access based on common persona definitions used across OpenStack."},{"line_number":607,"context_line":"Enabling this option formalizes project-specific read/write operations, like"},{"line_number":608,"context_line":"creating private images or updating the status of shared image, behind the"},{"line_number":609,"context_line":"`member` role. It also formalizes a read-only variant useful for"},{"line_number":610,"context_line":"project-specific API operations, like listing private images in a project,"}],"source_content_type":"text/x-python","patch_set":7,"id":"ab568a85_5d7092c4","line":607,"range":{"start_line":607,"start_character":0,"end_line":607,"end_character":31},"in_reply_to":"e86b0a87_b722aa23","updated":"2023-02-16 13:52:58.000000000","message":"Ack","commit_id":"6f54b6ba9f1420ec4ef9119fc381e81973171090"}],"glance/tests/functional/__init__.py":[{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"a5cc0fa1f2c628592702a2d7f1c79a7482e9c88e","unresolved":true,"context_lines":[{"line_number":585,"context_line":"        self.image_location_quota \u003d 2"},{"line_number":586,"context_line":"        self.disable_path \u003d None"},{"line_number":587,"context_line":""},{"line_number":588,"context_line":"        secure_rbac \u003d bool(os.getenv(\u0027OS_GLANCE_TEST_RBAC_DEFAULTS\u0027))"},{"line_number":589,"context_line":"        self.enforce_secure_rbac \u003d secure_rbac"},{"line_number":590,"context_line":"        self.enforce_new_defaults \u003d secure_rbac"},{"line_number":591,"context_line":""}],"source_content_type":"text/x-python","patch_set":4,"id":"305266f0_fcfb2fbf","line":588,"range":{"start_line":588,"start_character":38,"end_line":588,"end_character":66},"updated":"2023-02-10 14:54:36.000000000","message":"Why we are not setting it to True directly here, what happens if this env variable is not set?","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"d30c35c5f5fc28fbee1dc562bcd8f529e764b596","unresolved":true,"context_lines":[{"line_number":585,"context_line":"        self.image_location_quota \u003d 2"},{"line_number":586,"context_line":"        self.disable_path \u003d None"},{"line_number":587,"context_line":""},{"line_number":588,"context_line":"        secure_rbac \u003d bool(os.getenv(\u0027OS_GLANCE_TEST_RBAC_DEFAULTS\u0027))"},{"line_number":589,"context_line":"        self.enforce_secure_rbac \u003d secure_rbac"},{"line_number":590,"context_line":"        self.enforce_new_defaults \u003d secure_rbac"},{"line_number":591,"context_line":""}],"source_content_type":"text/x-python","patch_set":4,"id":"de7fc3da_601db42e","line":588,"range":{"start_line":588,"start_character":38,"end_line":588,"end_character":66},"in_reply_to":"305266f0_fcfb2fbf","updated":"2023-02-11 11:57:52.000000000","message":"Ohh yes correct, this env variable will be set for functional-py39-rbac tests only. We can now set it to True directly for other fuctional tests as well.","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"9d3c84ab29fb506f6dc83a9cfdccca20f670e8c1","unresolved":false,"context_lines":[{"line_number":585,"context_line":"        self.image_location_quota \u003d 2"},{"line_number":586,"context_line":"        self.disable_path \u003d None"},{"line_number":587,"context_line":""},{"line_number":588,"context_line":"        secure_rbac \u003d bool(os.getenv(\u0027OS_GLANCE_TEST_RBAC_DEFAULTS\u0027))"},{"line_number":589,"context_line":"        self.enforce_secure_rbac \u003d secure_rbac"},{"line_number":590,"context_line":"        self.enforce_new_defaults \u003d secure_rbac"},{"line_number":591,"context_line":""}],"source_content_type":"text/x-python","patch_set":4,"id":"5c2de96b_3be7c69c","line":588,"range":{"start_line":588,"start_character":38,"end_line":588,"end_character":66},"in_reply_to":"de7fc3da_601db42e","updated":"2023-02-15 05:43:43.000000000","message":"Done","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"}],"glance/tests/functional/v2/test_images.py":[{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"a5cc0fa1f2c628592702a2d7f1c79a7482e9c88e","unresolved":true,"context_lines":[{"line_number":4536,"context_line":"        # file1 and file2 should be available in discovery response"},{"line_number":4537,"context_line":"        available_stores \u003d [\u0027file1\u0027, \u0027file2\u0027, \u0027file3\u0027]"},{"line_number":4538,"context_line":"        path \u003d self._url(\u0027/v2/info/stores\u0027)"},{"line_number":4539,"context_line":"        headers \u003d self._headers({\u0027X-Roles\u0027: \u0027admin\u0027})"},{"line_number":4540,"context_line":"        response \u003d requests.get(path, headers\u003dheaders)"},{"line_number":4541,"context_line":"        self.assertEqual(http.OK, response.status_code)"},{"line_number":4542,"context_line":"        discovery_calls \u003d jsonutils.loads("}],"source_content_type":"text/x-python","patch_set":4,"id":"ecfbd305_559ec3dc","line":4539,"range":{"start_line":4539,"start_character":8,"end_line":4539,"end_character":53},"updated":"2023-02-10 14:54:36.000000000","message":"I didn\u0027t understand why this change is made, may be a comment here could help others to understand as well.","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"d30c35c5f5fc28fbee1dc562bcd8f529e764b596","unresolved":true,"context_lines":[{"line_number":4536,"context_line":"        # file1 and file2 should be available in discovery response"},{"line_number":4537,"context_line":"        available_stores \u003d [\u0027file1\u0027, \u0027file2\u0027, \u0027file3\u0027]"},{"line_number":4538,"context_line":"        path \u003d self._url(\u0027/v2/info/stores\u0027)"},{"line_number":4539,"context_line":"        headers \u003d self._headers({\u0027X-Roles\u0027: \u0027admin\u0027})"},{"line_number":4540,"context_line":"        response \u003d requests.get(path, headers\u003dheaders)"},{"line_number":4541,"context_line":"        self.assertEqual(http.OK, response.status_code)"},{"line_number":4542,"context_line":"        discovery_calls \u003d jsonutils.loads("}],"source_content_type":"text/x-python","patch_set":4,"id":"3441cb47_d5dc16a9","line":4539,"range":{"start_line":4539,"start_character":8,"end_line":4539,"end_character":53},"in_reply_to":"ecfbd305_559ec3dc","updated":"2023-02-11 11:57:52.000000000","message":"Yes, not needed now. Removed..","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"}],"glance/tests/unit/api/test_cmd.py":[{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"3b34f3d7e75de36e17a9650728378b1fb880d476","unresolved":true,"context_lines":[{"line_number":70,"context_line":"    @mock.patch.object(prefetcher, \u0027Prefetcher\u0027)"},{"line_number":71,"context_line":"    def test_supported_default_store(self, mock_prefetcher, mock_set_model):"},{"line_number":72,"context_line":"        self.config(group\u003d\u0027glance_store\u0027, default_store\u003d\u0027file\u0027)"},{"line_number":73,"context_line":"        self.config(enforce_new_defaults\u003dTrue, group\u003d\u0027oslo_policy\u0027)"},{"line_number":74,"context_line":"        self.config(enforce_secure_rbac\u003dTrue)"},{"line_number":75,"context_line":"        glance.cmd.api.main()"},{"line_number":76,"context_line":"        # Make sure we declared the system threadpool model as eventlet"},{"line_number":77,"context_line":"        mock_set_model.assert_called_once_with(\u0027eventlet\u0027)"}],"source_content_type":"text/x-python","patch_set":1,"id":"c9bca6a0_140c74ff","line":74,"range":{"start_line":73,"start_character":0,"end_line":74,"end_character":45},"updated":"2023-02-02 19:29:05.000000000","message":"they are no default to True do we need to set them explicitly set to True here too?","commit_id":"ba03500a0679276535f681e3ac94b51eefc88475"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"8c9ee9d8aef7fbfecfd0bc49fa8d290880cf7d25","unresolved":true,"context_lines":[{"line_number":70,"context_line":"    @mock.patch.object(prefetcher, \u0027Prefetcher\u0027)"},{"line_number":71,"context_line":"    def test_supported_default_store(self, mock_prefetcher, mock_set_model):"},{"line_number":72,"context_line":"        self.config(group\u003d\u0027glance_store\u0027, default_store\u003d\u0027file\u0027)"},{"line_number":73,"context_line":"        self.config(enforce_new_defaults\u003dTrue, group\u003d\u0027oslo_policy\u0027)"},{"line_number":74,"context_line":"        self.config(enforce_secure_rbac\u003dTrue)"},{"line_number":75,"context_line":"        glance.cmd.api.main()"},{"line_number":76,"context_line":"        # Make sure we declared the system threadpool model as eventlet"},{"line_number":77,"context_line":"        mock_set_model.assert_called_once_with(\u0027eventlet\u0027)"}],"source_content_type":"text/x-python","patch_set":1,"id":"f61cb2af_c585d0aa","line":74,"range":{"start_line":73,"start_character":0,"end_line":74,"end_character":45},"in_reply_to":"c9bca6a0_140c74ff","updated":"2023-02-08 08:14:06.000000000","message":"Not needed, removing now.","commit_id":"ba03500a0679276535f681e3ac94b51eefc88475"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"3b34f3d7e75de36e17a9650728378b1fb880d476","unresolved":true,"context_lines":[{"line_number":79,"context_line":"    @mock.patch.object(prefetcher, \u0027Prefetcher\u0027)"},{"line_number":80,"context_line":"    @mock.patch(\u0027glance.async_.set_threadpool_model\u0027, new\u003dmock.MagicMock())"},{"line_number":81,"context_line":"    def test_worker_creation_failure(self, mock_prefetcher):"},{"line_number":82,"context_line":"        self.config(enforce_new_defaults\u003dTrue, group\u003d\u0027oslo_policy\u0027)"},{"line_number":83,"context_line":"        self.config(enforce_secure_rbac\u003dTrue)"},{"line_number":84,"context_line":"        failure \u003d exc.WorkerCreationFailure(reason\u003d\u0027test\u0027)"},{"line_number":85,"context_line":"        self.mock_object(glance.common.wsgi.Server, \u0027start\u0027,"},{"line_number":86,"context_line":"                         self._raise(failure))"}],"source_content_type":"text/x-python","patch_set":1,"id":"e4ecf93f_1ce02ce8","line":83,"range":{"start_line":82,"start_character":0,"end_line":83,"end_character":45},"updated":"2023-02-02 19:29:05.000000000","message":"ditto","commit_id":"ba03500a0679276535f681e3ac94b51eefc88475"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"8c9ee9d8aef7fbfecfd0bc49fa8d290880cf7d25","unresolved":false,"context_lines":[{"line_number":79,"context_line":"    @mock.patch.object(prefetcher, \u0027Prefetcher\u0027)"},{"line_number":80,"context_line":"    @mock.patch(\u0027glance.async_.set_threadpool_model\u0027, new\u003dmock.MagicMock())"},{"line_number":81,"context_line":"    def test_worker_creation_failure(self, mock_prefetcher):"},{"line_number":82,"context_line":"        self.config(enforce_new_defaults\u003dTrue, group\u003d\u0027oslo_policy\u0027)"},{"line_number":83,"context_line":"        self.config(enforce_secure_rbac\u003dTrue)"},{"line_number":84,"context_line":"        failure \u003d exc.WorkerCreationFailure(reason\u003d\u0027test\u0027)"},{"line_number":85,"context_line":"        self.mock_object(glance.common.wsgi.Server, \u0027start\u0027,"},{"line_number":86,"context_line":"                         self._raise(failure))"}],"source_content_type":"text/x-python","patch_set":1,"id":"a9e1b9c3_703ab41f","line":83,"range":{"start_line":82,"start_character":0,"end_line":83,"end_character":45},"in_reply_to":"e4ecf93f_1ce02ce8","updated":"2023-02-08 08:14:06.000000000","message":"Done","commit_id":"ba03500a0679276535f681e3ac94b51eefc88475"}],"glance/tests/unit/test_cache_middleware.py":[{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"3b34f3d7e75de36e17a9650728378b1fb880d476","unresolved":true,"context_lines":[{"line_number":418,"context_line":"        request \u003d webob.Request.blank(\u0027/v2/images/test1/file\u0027)"},{"line_number":419,"context_line":"        request.context \u003d context.RequestContext(roles\u003d[\u0027_member_\u0027])"},{"line_number":420,"context_line":"        resp \u003d webob.Response(request\u003drequest)"},{"line_number":421,"context_line":"        self.assertRaises(webob.exc.HTTPNotFound,"},{"line_number":422,"context_line":"                          cache_filter.process_response, resp)"},{"line_number":423,"context_line":""},{"line_number":424,"context_line":"    def test_v2_process_response_download_permitted(self):"}],"source_content_type":"text/x-python","patch_set":1,"id":"75a9aced_a8c6939b","line":421,"range":{"start_line":421,"start_character":36,"end_line":421,"end_character":48},"updated":"2023-02-02 19:29:05.000000000","message":"is it new default changing this error code or something wrong in test?","commit_id":"ba03500a0679276535f681e3ac94b51eefc88475"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"8c9ee9d8aef7fbfecfd0bc49fa8d290880cf7d25","unresolved":true,"context_lines":[{"line_number":418,"context_line":"        request \u003d webob.Request.blank(\u0027/v2/images/test1/file\u0027)"},{"line_number":419,"context_line":"        request.context \u003d context.RequestContext(roles\u003d[\u0027_member_\u0027])"},{"line_number":420,"context_line":"        resp \u003d webob.Response(request\u003drequest)"},{"line_number":421,"context_line":"        self.assertRaises(webob.exc.HTTPNotFound,"},{"line_number":422,"context_line":"                          cache_filter.process_response, resp)"},{"line_number":423,"context_line":""},{"line_number":424,"context_line":"    def test_v2_process_response_download_permitted(self):"}],"source_content_type":"text/x-python","patch_set":1,"id":"9f05e4af_544274fb","line":421,"range":{"start_line":421,"start_character":36,"end_line":421,"end_character":48},"in_reply_to":"75a9aced_a8c6939b","updated":"2023-02-08 08:14:06.000000000","message":"Well, it was failing due to missing policy rule.","commit_id":"ba03500a0679276535f681e3ac94b51eefc88475"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"4c4903a079f23638c28667ae1df9e0ca06185732","unresolved":false,"context_lines":[{"line_number":418,"context_line":"        request \u003d webob.Request.blank(\u0027/v2/images/test1/file\u0027)"},{"line_number":419,"context_line":"        request.context \u003d context.RequestContext(roles\u003d[\u0027_member_\u0027])"},{"line_number":420,"context_line":"        resp \u003d webob.Response(request\u003drequest)"},{"line_number":421,"context_line":"        self.assertRaises(webob.exc.HTTPNotFound,"},{"line_number":422,"context_line":"                          cache_filter.process_response, resp)"},{"line_number":423,"context_line":""},{"line_number":424,"context_line":"    def test_v2_process_response_download_permitted(self):"}],"source_content_type":"text/x-python","patch_set":1,"id":"90feab0b_ef6766c5","line":421,"range":{"start_line":421,"start_character":36,"end_line":421,"end_character":48},"in_reply_to":"9f05e4af_544274fb","updated":"2023-02-09 02:47:44.000000000","message":"Ack","commit_id":"ba03500a0679276535f681e3ac94b51eefc88475"}],"glance/tests/unit/test_policy.py":[{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"a5cc0fa1f2c628592702a2d7f1c79a7482e9c88e","unresolved":true,"context_lines":[{"line_number":328,"context_line":""},{"line_number":329,"context_line":"        context \u003d glance.context.RequestContext(roles\u003d[\u0027reader\u0027])"},{"line_number":330,"context_line":"        self.assertEqual(True, enforcer.check("},{"line_number":331,"context_line":"            context, \u0027get_image\u0027, {\u0027project_id\u0027: context.project_id}))"},{"line_number":332,"context_line":""},{"line_number":333,"context_line":"    def test_policy_file_get_image_default_nobody(self):"},{"line_number":334,"context_line":"        rules \u003d {\"default\": \u0027!\u0027}"}],"source_content_type":"text/x-python","patch_set":4,"id":"2bf8558a_252202c1","line":331,"range":{"start_line":331,"start_character":34,"end_line":331,"end_character":70},"updated":"2023-02-10 14:54:36.000000000","message":"ditto, didn\u0027t make sense with the test name anymore as we are not checking project specific user is getting the image.","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"d30c35c5f5fc28fbee1dc562bcd8f529e764b596","unresolved":true,"context_lines":[{"line_number":328,"context_line":""},{"line_number":329,"context_line":"        context \u003d glance.context.RequestContext(roles\u003d[\u0027reader\u0027])"},{"line_number":330,"context_line":"        self.assertEqual(True, enforcer.check("},{"line_number":331,"context_line":"            context, \u0027get_image\u0027, {\u0027project_id\u0027: context.project_id}))"},{"line_number":332,"context_line":""},{"line_number":333,"context_line":"    def test_policy_file_get_image_default_nobody(self):"},{"line_number":334,"context_line":"        rules \u003d {\"default\": \u0027!\u0027}"}],"source_content_type":"text/x-python","patch_set":4,"id":"e9957db1_1dc36588","line":331,"range":{"start_line":331,"start_character":34,"end_line":331,"end_character":70},"in_reply_to":"024a7d15_f57f5c0e","updated":"2023-02-11 11:57:52.000000000","message":"Ohh yes correct, this one needs to enforce the policy rule instead of faking it.","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"c535f82aca77c2a3732b45b896452e55569354e9","unresolved":true,"context_lines":[{"line_number":328,"context_line":""},{"line_number":329,"context_line":"        context \u003d glance.context.RequestContext(roles\u003d[\u0027reader\u0027])"},{"line_number":330,"context_line":"        self.assertEqual(True, enforcer.check("},{"line_number":331,"context_line":"            context, \u0027get_image\u0027, {\u0027project_id\u0027: context.project_id}))"},{"line_number":332,"context_line":""},{"line_number":333,"context_line":"    def test_policy_file_get_image_default_nobody(self):"},{"line_number":334,"context_line":"        rules \u003d {\"default\": \u0027!\u0027}"}],"source_content_type":"text/x-python","patch_set":4,"id":"024a7d15_f57f5c0e","line":331,"range":{"start_line":331,"start_character":34,"end_line":331,"end_character":70},"in_reply_to":"2bf8558a_252202c1","updated":"2023-02-10 14:57:26.000000000","message":"* read not as now in above comment, this is the rectified one\n\nditto, didn\u0027t make sense with the test name anymore as we are now checking project specific user is getting the image.","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"69f0893a8b92d863f0a71a3a027c74b67b945a47","unresolved":false,"context_lines":[{"line_number":328,"context_line":""},{"line_number":329,"context_line":"        context \u003d glance.context.RequestContext(roles\u003d[\u0027reader\u0027])"},{"line_number":330,"context_line":"        self.assertEqual(True, enforcer.check("},{"line_number":331,"context_line":"            context, \u0027get_image\u0027, {\u0027project_id\u0027: context.project_id}))"},{"line_number":332,"context_line":""},{"line_number":333,"context_line":"    def test_policy_file_get_image_default_nobody(self):"},{"line_number":334,"context_line":"        rules \u003d {\"default\": \u0027!\u0027}"}],"source_content_type":"text/x-python","patch_set":4,"id":"d632ac57_7bd099ea","line":331,"range":{"start_line":331,"start_character":34,"end_line":331,"end_character":70},"in_reply_to":"e9957db1_1dc36588","updated":"2023-02-16 11:43:31.000000000","message":"Done","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"}],"glance/tests/unit/v2/test_image_data_resource.py":[{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"a5cc0fa1f2c628592702a2d7f1c79a7482e9c88e","unresolved":true,"context_lines":[{"line_number":135,"context_line":"        self.addCleanup(patcher.stop)"},{"line_number":136,"context_line":""},{"line_number":137,"context_line":"    def test_download(self):"},{"line_number":138,"context_line":"        request \u003d unit_test_utils.get_fake_request(roles\u003d[\u0027admin\u0027, \u0027member\u0027])"},{"line_number":139,"context_line":"        image \u003d FakeImage(\u0027abcd\u0027,"},{"line_number":140,"context_line":"                          locations\u003d[{\u0027url\u0027: \u0027http://example.com/image\u0027,"},{"line_number":141,"context_line":"                                      \u0027metadata\u0027: {}, \u0027status\u0027: \u0027active\u0027}])"}],"source_content_type":"text/x-python","patch_set":4,"id":"2a332363_9dc4bb87","line":138,"range":{"start_line":138,"start_character":51,"end_line":138,"end_character":76},"updated":"2023-02-10 14:54:36.000000000","message":"ditto, why this change?","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"d30c35c5f5fc28fbee1dc562bcd8f529e764b596","unresolved":false,"context_lines":[{"line_number":135,"context_line":"        self.addCleanup(patcher.stop)"},{"line_number":136,"context_line":""},{"line_number":137,"context_line":"    def test_download(self):"},{"line_number":138,"context_line":"        request \u003d unit_test_utils.get_fake_request(roles\u003d[\u0027admin\u0027, \u0027member\u0027])"},{"line_number":139,"context_line":"        image \u003d FakeImage(\u0027abcd\u0027,"},{"line_number":140,"context_line":"                          locations\u003d[{\u0027url\u0027: \u0027http://example.com/image\u0027,"},{"line_number":141,"context_line":"                                      \u0027metadata\u0027: {}, \u0027status\u0027: \u0027active\u0027}])"}],"source_content_type":"text/x-python","patch_set":4,"id":"0ccb0cd2_41eebf76","line":138,"range":{"start_line":138,"start_character":51,"end_line":138,"end_character":76},"in_reply_to":"2a332363_9dc4bb87","updated":"2023-02-11 11:57:52.000000000","message":"Done","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"}],"glance/tests/unit/v2/test_image_members_resource.py":[{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"4c4903a079f23638c28667ae1df9e0ca06185732","unresolved":true,"context_lines":[{"line_number":113,"context_line":""},{"line_number":114,"context_line":"    def _enforcer_from_rules(self, unparsed_rules):"},{"line_number":115,"context_line":"        rules \u003d policy.Rules.from_dict(unparsed_rules)"},{"line_number":116,"context_line":"        enforcer \u003d glance.api.policy.Enforcer("},{"line_number":117,"context_line":"            suppress_deprecation_warnings\u003dTrue)"},{"line_number":118,"context_line":"        enforcer.set_rules(rules, overwrite\u003dTrue)"},{"line_number":119,"context_line":"        return enforcer"},{"line_number":120,"context_line":""}],"source_content_type":"text/x-python","patch_set":3,"id":"e9d69c99_16bdef6e","line":117,"range":{"start_line":116,"start_character":0,"end_line":117,"end_character":47},"updated":"2023-02-09 02:47:44.000000000","message":"you do not need to initialize the policy enforcer everytime, instead you can override the rule value in existing enforcer. below should work:\n\n    def _set_rules(self, unparsed_rules):\n        rules \u003d policy.Rules.from_dict(unparsed_rules)\n        self.controller.policy.set_rules(oslo_policy.Rules.from_dict(rules),\n                                         overwrite\u003doverwrite)","commit_id":"77acc68ce4bb41ec9e193a03be43ba2894ae662c"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"d30c35c5f5fc28fbee1dc562bcd8f529e764b596","unresolved":false,"context_lines":[{"line_number":113,"context_line":""},{"line_number":114,"context_line":"    def _enforcer_from_rules(self, unparsed_rules):"},{"line_number":115,"context_line":"        rules \u003d policy.Rules.from_dict(unparsed_rules)"},{"line_number":116,"context_line":"        enforcer \u003d glance.api.policy.Enforcer("},{"line_number":117,"context_line":"            suppress_deprecation_warnings\u003dTrue)"},{"line_number":118,"context_line":"        enforcer.set_rules(rules, overwrite\u003dTrue)"},{"line_number":119,"context_line":"        return enforcer"},{"line_number":120,"context_line":""}],"source_content_type":"text/x-python","patch_set":3,"id":"09349023_3822d27a","line":117,"range":{"start_line":116,"start_character":0,"end_line":117,"end_character":47},"in_reply_to":"363d85a1_22051039","updated":"2023-02-11 11:57:52.000000000","message":"Done","commit_id":"77acc68ce4bb41ec9e193a03be43ba2894ae662c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"08511197370ad3f5b3f05cc035ab189492b2f562","unresolved":true,"context_lines":[{"line_number":113,"context_line":""},{"line_number":114,"context_line":"    def _enforcer_from_rules(self, unparsed_rules):"},{"line_number":115,"context_line":"        rules \u003d policy.Rules.from_dict(unparsed_rules)"},{"line_number":116,"context_line":"        enforcer \u003d glance.api.policy.Enforcer("},{"line_number":117,"context_line":"            suppress_deprecation_warnings\u003dTrue)"},{"line_number":118,"context_line":"        enforcer.set_rules(rules, overwrite\u003dTrue)"},{"line_number":119,"context_line":"        return enforcer"},{"line_number":120,"context_line":""}],"source_content_type":"text/x-python","patch_set":3,"id":"363d85a1_22051039","line":117,"range":{"start_line":116,"start_character":0,"end_line":117,"end_character":47},"in_reply_to":"3a3028d4_75c54d61","updated":"2023-02-10 00:44:09.000000000","message":"ohk, I see it now at L97. I thought it is used from base tests class which use actual policy.","commit_id":"77acc68ce4bb41ec9e193a03be43ba2894ae662c"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"ca1dcc64d4bf855cfadc566c331ad7f668698346","unresolved":true,"context_lines":[{"line_number":113,"context_line":""},{"line_number":114,"context_line":"    def _enforcer_from_rules(self, unparsed_rules):"},{"line_number":115,"context_line":"        rules \u003d policy.Rules.from_dict(unparsed_rules)"},{"line_number":116,"context_line":"        enforcer \u003d glance.api.policy.Enforcer("},{"line_number":117,"context_line":"            suppress_deprecation_warnings\u003dTrue)"},{"line_number":118,"context_line":"        enforcer.set_rules(rules, overwrite\u003dTrue)"},{"line_number":119,"context_line":"        return enforcer"},{"line_number":120,"context_line":""}],"source_content_type":"text/x-python","patch_set":3,"id":"3a3028d4_75c54d61","line":117,"range":{"start_line":116,"start_character":0,"end_line":117,"end_character":47},"in_reply_to":"e9d69c99_16bdef6e","updated":"2023-02-09 12:45:18.000000000","message":"Well, the fake enforcer has been used here for other existing unit tests. Hence for these few specific test I have to initialized the enforcer separately.","commit_id":"77acc68ce4bb41ec9e193a03be43ba2894ae662c"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"f8a217c0ba3e86630b23c9213ba504d4618a8f21","unresolved":true,"context_lines":[{"line_number":111,"context_line":""},{"line_number":112,"context_line":"        glance_store.create_stores()"},{"line_number":113,"context_line":""},{"line_number":114,"context_line":"    def _enforcer_from_rules(self, unparsed_rules):"},{"line_number":115,"context_line":"        rules \u003d policy.Rules.from_dict(unparsed_rules)"},{"line_number":116,"context_line":"        enforcer \u003d glance.api.policy.Enforcer("},{"line_number":117,"context_line":"            suppress_deprecation_warnings\u003dTrue)"},{"line_number":118,"context_line":"        enforcer.set_rules(rules, overwrite\u003dTrue)"},{"line_number":119,"context_line":"        return enforcer"},{"line_number":120,"context_line":""},{"line_number":121,"context_line":"    def _create_images(self):"},{"line_number":122,"context_line":"        self.images \u003d ["}],"source_content_type":"text/x-python","patch_set":7,"id":"229a8155_07eac9b3","line":119,"range":{"start_line":114,"start_character":4,"end_line":119,"end_character":23},"updated":"2023-02-16 06:45:36.000000000","message":"YOu can move this method to common place rather than defining it in every file.","commit_id":"6f54b6ba9f1420ec4ef9119fc381e81973171090"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"69f0893a8b92d863f0a71a3a027c74b67b945a47","unresolved":false,"context_lines":[{"line_number":111,"context_line":""},{"line_number":112,"context_line":"        glance_store.create_stores()"},{"line_number":113,"context_line":""},{"line_number":114,"context_line":"    def _enforcer_from_rules(self, unparsed_rules):"},{"line_number":115,"context_line":"        rules \u003d policy.Rules.from_dict(unparsed_rules)"},{"line_number":116,"context_line":"        enforcer \u003d glance.api.policy.Enforcer("},{"line_number":117,"context_line":"            suppress_deprecation_warnings\u003dTrue)"},{"line_number":118,"context_line":"        enforcer.set_rules(rules, overwrite\u003dTrue)"},{"line_number":119,"context_line":"        return enforcer"},{"line_number":120,"context_line":""},{"line_number":121,"context_line":"    def _create_images(self):"},{"line_number":122,"context_line":"        self.images \u003d ["}],"source_content_type":"text/x-python","patch_set":7,"id":"36907063_b791723e","line":119,"range":{"start_line":114,"start_character":4,"end_line":119,"end_character":23},"in_reply_to":"229a8155_07eac9b3","updated":"2023-02-16 11:43:31.000000000","message":"Done","commit_id":"6f54b6ba9f1420ec4ef9119fc381e81973171090"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"f8a217c0ba3e86630b23c9213ba504d4618a8f21","unresolved":true,"context_lines":[{"line_number":412,"context_line":"                          request, UUID2, TENANT4)"},{"line_number":413,"context_line":""},{"line_number":414,"context_line":"    def test_delete_forbidden_by_delete_member_policy(self):"},{"line_number":415,"context_line":"        rules \u003d {\"delete_member\": False}"},{"line_number":416,"context_line":"        self.policy.set_rules(rules)"},{"line_number":417,"context_line":"        request \u003d unit_test_utils.get_fake_request(tenant\u003dTENANT1)"},{"line_number":418,"context_line":"        self.assertRaises(webob.exc.HTTPForbidden, self.controller.delete,"},{"line_number":419,"context_line":"                          request, UUID2, TENANT4)"}],"source_content_type":"text/x-python","patch_set":7,"id":"30fbf819_521177bd","line":416,"range":{"start_line":415,"start_character":8,"end_line":416,"end_character":36},"updated":"2023-02-16 06:45:36.000000000","message":"This should be for follow up\n\nBut now we know that some tests are using fake policy enforcer and below test actually enforces correct policy then we should modify all the tests to do so.\n\nMay be in upcoming cycle.","commit_id":"6f54b6ba9f1420ec4ef9119fc381e81973171090"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"69f0893a8b92d863f0a71a3a027c74b67b945a47","unresolved":false,"context_lines":[{"line_number":412,"context_line":"                          request, UUID2, TENANT4)"},{"line_number":413,"context_line":""},{"line_number":414,"context_line":"    def test_delete_forbidden_by_delete_member_policy(self):"},{"line_number":415,"context_line":"        rules \u003d {\"delete_member\": False}"},{"line_number":416,"context_line":"        self.policy.set_rules(rules)"},{"line_number":417,"context_line":"        request \u003d unit_test_utils.get_fake_request(tenant\u003dTENANT1)"},{"line_number":418,"context_line":"        self.assertRaises(webob.exc.HTTPForbidden, self.controller.delete,"},{"line_number":419,"context_line":"                          request, UUID2, TENANT4)"}],"source_content_type":"text/x-python","patch_set":7,"id":"43ded5bf_83baca28","line":416,"range":{"start_line":415,"start_character":8,"end_line":416,"end_character":36},"in_reply_to":"30fbf819_521177bd","updated":"2023-02-16 11:43:31.000000000","message":"Ack","commit_id":"6f54b6ba9f1420ec4ef9119fc381e81973171090"}],"glance/tests/unit/v2/test_images_resource.py":[{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"4c4903a079f23638c28667ae1df9e0ca06185732","unresolved":true,"context_lines":[{"line_number":220,"context_line":"        self.controller._key_manager \u003d fake_keymgr.fake_api()"},{"line_number":221,"context_line":"        store.create_stores()"},{"line_number":222,"context_line":""},{"line_number":223,"context_line":"    def _enforcer_from_rules(self, unparsed_rules):"},{"line_number":224,"context_line":"        rules \u003d policy.Rules.from_dict(unparsed_rules)"},{"line_number":225,"context_line":"        enforcer \u003d glance.api.policy.Enforcer("},{"line_number":226,"context_line":"            suppress_deprecation_warnings\u003dTrue)"},{"line_number":227,"context_line":"        enforcer.set_rules(rules, overwrite\u003dTrue)"},{"line_number":228,"context_line":"        return enforcer"},{"line_number":229,"context_line":""},{"line_number":230,"context_line":"    def _create_images(self):"},{"line_number":231,"context_line":"        self.images \u003d ["}],"source_content_type":"text/x-python","patch_set":3,"id":"18b6f749_b8359b77","line":228,"range":{"start_line":223,"start_character":0,"end_line":228,"end_character":23},"updated":"2023-02-09 02:47:44.000000000","message":"ditto","commit_id":"77acc68ce4bb41ec9e193a03be43ba2894ae662c"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"d30c35c5f5fc28fbee1dc562bcd8f529e764b596","unresolved":false,"context_lines":[{"line_number":220,"context_line":"        self.controller._key_manager \u003d fake_keymgr.fake_api()"},{"line_number":221,"context_line":"        store.create_stores()"},{"line_number":222,"context_line":""},{"line_number":223,"context_line":"    def _enforcer_from_rules(self, unparsed_rules):"},{"line_number":224,"context_line":"        rules \u003d policy.Rules.from_dict(unparsed_rules)"},{"line_number":225,"context_line":"        enforcer \u003d glance.api.policy.Enforcer("},{"line_number":226,"context_line":"            suppress_deprecation_warnings\u003dTrue)"},{"line_number":227,"context_line":"        enforcer.set_rules(rules, overwrite\u003dTrue)"},{"line_number":228,"context_line":"        return enforcer"},{"line_number":229,"context_line":""},{"line_number":230,"context_line":"    def _create_images(self):"},{"line_number":231,"context_line":"        self.images \u003d ["}],"source_content_type":"text/x-python","patch_set":3,"id":"d0828cb7_8a16f291","line":228,"range":{"start_line":223,"start_character":0,"end_line":228,"end_character":23},"in_reply_to":"18b6f749_b8359b77","updated":"2023-02-11 11:57:52.000000000","message":"Done","commit_id":"77acc68ce4bb41ec9e193a03be43ba2894ae662c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"4c4903a079f23638c28667ae1df9e0ca06185732","unresolved":true,"context_lines":[{"line_number":5960,"context_line":"                                                                self.notifier,"},{"line_number":5961,"context_line":"                                                                self.store)"},{"line_number":5962,"context_line":""},{"line_number":5963,"context_line":"    def _enforcer_from_rules(self, unparsed_rules):"},{"line_number":5964,"context_line":"        rules \u003d policy.Rules.from_dict(unparsed_rules)"},{"line_number":5965,"context_line":"        enforcer \u003d glance.api.policy.Enforcer("},{"line_number":5966,"context_line":"            suppress_deprecation_warnings\u003dTrue)"},{"line_number":5967,"context_line":"        enforcer.set_rules(rules, overwrite\u003dTrue)"},{"line_number":5968,"context_line":"        return enforcer"},{"line_number":5969,"context_line":""},{"line_number":5970,"context_line":"    def _create_images(self):"},{"line_number":5971,"context_line":"        self.images \u003d ["}],"source_content_type":"text/x-python","patch_set":3,"id":"365b3f5d_1bfb9cc9","line":5968,"range":{"start_line":5963,"start_character":0,"end_line":5968,"end_character":23},"updated":"2023-02-09 02:47:44.000000000","message":"ditto","commit_id":"77acc68ce4bb41ec9e193a03be43ba2894ae662c"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"d30c35c5f5fc28fbee1dc562bcd8f529e764b596","unresolved":false,"context_lines":[{"line_number":5960,"context_line":"                                                                self.notifier,"},{"line_number":5961,"context_line":"                                                                self.store)"},{"line_number":5962,"context_line":""},{"line_number":5963,"context_line":"    def _enforcer_from_rules(self, unparsed_rules):"},{"line_number":5964,"context_line":"        rules \u003d policy.Rules.from_dict(unparsed_rules)"},{"line_number":5965,"context_line":"        enforcer \u003d glance.api.policy.Enforcer("},{"line_number":5966,"context_line":"            suppress_deprecation_warnings\u003dTrue)"},{"line_number":5967,"context_line":"        enforcer.set_rules(rules, overwrite\u003dTrue)"},{"line_number":5968,"context_line":"        return enforcer"},{"line_number":5969,"context_line":""},{"line_number":5970,"context_line":"    def _create_images(self):"},{"line_number":5971,"context_line":"        self.images \u003d ["}],"source_content_type":"text/x-python","patch_set":3,"id":"fa8f3675_fcac6d07","line":5968,"range":{"start_line":5963,"start_character":0,"end_line":5968,"end_character":23},"in_reply_to":"365b3f5d_1bfb9cc9","updated":"2023-02-11 11:57:52.000000000","message":"Done","commit_id":"77acc68ce4bb41ec9e193a03be43ba2894ae662c"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"a5cc0fa1f2c628592702a2d7f1c79a7482e9c88e","unresolved":true,"context_lines":[{"line_number":1262,"context_line":""},{"line_number":1263,"context_line":"    def test_create_with_owner_non_admin(self):"},{"line_number":1264,"context_line":"        enforcer \u003d self._enforcer_from_rules({"},{"line_number":1265,"context_line":"            \"add_image\": \"role:member,reader\","},{"line_number":1266,"context_line":"        })"},{"line_number":1267,"context_line":"        request \u003d unit_test_utils.get_fake_request()"},{"line_number":1268,"context_line":"        request.context.is_admin \u003d False"}],"source_content_type":"text/x-python","patch_set":4,"id":"da9122e8_dbd6cdb4","line":1265,"range":{"start_line":1265,"start_character":27,"end_line":1265,"end_character":44},"updated":"2023-02-10 14:54:36.000000000","message":"is it allowed to define policy rule like this?\ni think it should be role:member or role:reader, right?","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"9d3c84ab29fb506f6dc83a9cfdccca20f670e8c1","unresolved":false,"context_lines":[{"line_number":1262,"context_line":""},{"line_number":1263,"context_line":"    def test_create_with_owner_non_admin(self):"},{"line_number":1264,"context_line":"        enforcer \u003d self._enforcer_from_rules({"},{"line_number":1265,"context_line":"            \"add_image\": \"role:member,reader\","},{"line_number":1266,"context_line":"        })"},{"line_number":1267,"context_line":"        request \u003d unit_test_utils.get_fake_request()"},{"line_number":1268,"context_line":"        request.context.is_admin \u003d False"}],"source_content_type":"text/x-python","patch_set":4,"id":"48990e36_b1382d17","line":1265,"range":{"start_line":1265,"start_character":27,"end_line":1265,"end_character":44},"in_reply_to":"c752096e_2476c7e9","updated":"2023-02-15 05:43:43.000000000","message":"Ack","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"d30c35c5f5fc28fbee1dc562bcd8f529e764b596","unresolved":true,"context_lines":[{"line_number":1262,"context_line":""},{"line_number":1263,"context_line":"    def test_create_with_owner_non_admin(self):"},{"line_number":1264,"context_line":"        enforcer \u003d self._enforcer_from_rules({"},{"line_number":1265,"context_line":"            \"add_image\": \"role:member,reader\","},{"line_number":1266,"context_line":"        })"},{"line_number":1267,"context_line":"        request \u003d unit_test_utils.get_fake_request()"},{"line_number":1268,"context_line":"        request.context.is_admin \u003d False"}],"source_content_type":"text/x-python","patch_set":4,"id":"c752096e_2476c7e9","line":1265,"range":{"start_line":1265,"start_character":27,"end_line":1265,"end_character":44},"in_reply_to":"da9122e8_dbd6cdb4","updated":"2023-02-11 11:57:52.000000000","message":"It\u0027s working so i think it\u0027s allowed 😊\nrole:member or role:reader doesn\u0027t work.","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"a5cc0fa1f2c628592702a2d7f1c79a7482e9c88e","unresolved":true,"context_lines":[{"line_number":1632,"context_line":"                                                                enforcer,"},{"line_number":1633,"context_line":"                                                                self.notifier,"},{"line_number":1634,"context_line":"                                                                self.store)"},{"line_number":1635,"context_line":"        request \u003d unit_test_utils.get_fake_request(roles\u003d[\u0027spl_role\u0027, \u0027admin\u0027])"},{"line_number":1636,"context_line":"        image \u003d {\u0027name\u0027: \u0027image-1\u0027}"},{"line_number":1637,"context_line":"        extra_props \u003d {\u0027spl_creator_policy\u0027: \u0027bar\u0027}"},{"line_number":1638,"context_line":"        created_image \u003d self.controller.create(request, image\u003dimage,"}],"source_content_type":"text/x-python","patch_set":4,"id":"5cf457e0_cdf55acc","line":1635,"range":{"start_line":1635,"start_character":70,"end_line":1635,"end_character":77},"updated":"2023-02-10 14:54:36.000000000","message":"Why admin is required here?","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"d30c35c5f5fc28fbee1dc562bcd8f529e764b596","unresolved":true,"context_lines":[{"line_number":1632,"context_line":"                                                                enforcer,"},{"line_number":1633,"context_line":"                                                                self.notifier,"},{"line_number":1634,"context_line":"                                                                self.store)"},{"line_number":1635,"context_line":"        request \u003d unit_test_utils.get_fake_request(roles\u003d[\u0027spl_role\u0027, \u0027admin\u0027])"},{"line_number":1636,"context_line":"        image \u003d {\u0027name\u0027: \u0027image-1\u0027}"},{"line_number":1637,"context_line":"        extra_props \u003d {\u0027spl_creator_policy\u0027: \u0027bar\u0027}"},{"line_number":1638,"context_line":"        created_image \u003d self.controller.create(request, image\u003dimage,"}],"source_content_type":"text/x-python","patch_set":4,"id":"afe0b20e_69f87e71","line":1635,"range":{"start_line":1635,"start_character":70,"end_line":1635,"end_character":77},"in_reply_to":"5cf457e0_cdf55acc","updated":"2023-02-11 11:57:52.000000000","message":"Because to create an image either \u0027admin\u0027 or \u0027member\u0027 role is required.","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"69f0893a8b92d863f0a71a3a027c74b67b945a47","unresolved":false,"context_lines":[{"line_number":1632,"context_line":"                                                                enforcer,"},{"line_number":1633,"context_line":"                                                                self.notifier,"},{"line_number":1634,"context_line":"                                                                self.store)"},{"line_number":1635,"context_line":"        request \u003d unit_test_utils.get_fake_request(roles\u003d[\u0027spl_role\u0027, \u0027admin\u0027])"},{"line_number":1636,"context_line":"        image \u003d {\u0027name\u0027: \u0027image-1\u0027}"},{"line_number":1637,"context_line":"        extra_props \u003d {\u0027spl_creator_policy\u0027: \u0027bar\u0027}"},{"line_number":1638,"context_line":"        created_image \u003d self.controller.create(request, image\u003dimage,"}],"source_content_type":"text/x-python","patch_set":4,"id":"fb249c4c_b718c80c","line":1635,"range":{"start_line":1635,"start_character":70,"end_line":1635,"end_character":77},"in_reply_to":"6dfe3cc3_ef3c877c","updated":"2023-02-16 11:43:31.000000000","message":"Ack","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"f8a217c0ba3e86630b23c9213ba504d4618a8f21","unresolved":true,"context_lines":[{"line_number":1632,"context_line":"                                                                enforcer,"},{"line_number":1633,"context_line":"                                                                self.notifier,"},{"line_number":1634,"context_line":"                                                                self.store)"},{"line_number":1635,"context_line":"        request \u003d unit_test_utils.get_fake_request(roles\u003d[\u0027spl_role\u0027, \u0027admin\u0027])"},{"line_number":1636,"context_line":"        image \u003d {\u0027name\u0027: \u0027image-1\u0027}"},{"line_number":1637,"context_line":"        extra_props \u003d {\u0027spl_creator_policy\u0027: \u0027bar\u0027}"},{"line_number":1638,"context_line":"        created_image \u003d self.controller.create(request, image\u003dimage,"}],"source_content_type":"text/x-python","patch_set":4,"id":"6dfe3cc3_ef3c877c","line":1635,"range":{"start_line":1635,"start_character":70,"end_line":1635,"end_character":77},"in_reply_to":"71ba96fa_5a3bacaf","updated":"2023-02-16 06:45:36.000000000","message":"You can remove it in follow up.","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"9d3c84ab29fb506f6dc83a9cfdccca20f670e8c1","unresolved":true,"context_lines":[{"line_number":1632,"context_line":"                                                                enforcer,"},{"line_number":1633,"context_line":"                                                                self.notifier,"},{"line_number":1634,"context_line":"                                                                self.store)"},{"line_number":1635,"context_line":"        request \u003d unit_test_utils.get_fake_request(roles\u003d[\u0027spl_role\u0027, \u0027admin\u0027])"},{"line_number":1636,"context_line":"        image \u003d {\u0027name\u0027: \u0027image-1\u0027}"},{"line_number":1637,"context_line":"        extra_props \u003d {\u0027spl_creator_policy\u0027: \u0027bar\u0027}"},{"line_number":1638,"context_line":"        created_image \u003d self.controller.create(request, image\u003dimage,"}],"source_content_type":"text/x-python","patch_set":4,"id":"71ba96fa_5a3bacaf","line":1635,"range":{"start_line":1635,"start_character":70,"end_line":1635,"end_character":77},"in_reply_to":"afe0b20e_69f87e71","updated":"2023-02-15 05:43:43.000000000","message":"Ack, means you can remove spl_role from here which makes no sense to passing to this request anymore.","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"a5cc0fa1f2c628592702a2d7f1c79a7482e9c88e","unresolved":true,"context_lines":[{"line_number":6074,"context_line":"    def test_delete_from_store_as_non_owner(self):"},{"line_number":6075,"context_line":"        enforcer \u003d self._enforcer_from_rules({"},{"line_number":6076,"context_line":"            \"get_image\": \"\","},{"line_number":6077,"context_line":"            \"delete_image_location\": \"\u0027A-Fake-Tenant-Id\u0027:%(owner)s\","},{"line_number":6078,"context_line":"            \"get_image_location\": \"\""},{"line_number":6079,"context_line":"        })"},{"line_number":6080,"context_line":"        request \u003d unit_test_utils.get_fake_request()"}],"source_content_type":"text/x-python","patch_set":4,"id":"87a9486b_36208e8b","line":6077,"range":{"start_line":6077,"start_character":57,"end_line":6077,"end_character":66},"updated":"2023-02-10 14:54:36.000000000","message":"where is this value defined?","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"9d3c84ab29fb506f6dc83a9cfdccca20f670e8c1","unresolved":false,"context_lines":[{"line_number":6074,"context_line":"    def test_delete_from_store_as_non_owner(self):"},{"line_number":6075,"context_line":"        enforcer \u003d self._enforcer_from_rules({"},{"line_number":6076,"context_line":"            \"get_image\": \"\","},{"line_number":6077,"context_line":"            \"delete_image_location\": \"\u0027A-Fake-Tenant-Id\u0027:%(owner)s\","},{"line_number":6078,"context_line":"            \"get_image_location\": \"\""},{"line_number":6079,"context_line":"        })"},{"line_number":6080,"context_line":"        request \u003d unit_test_utils.get_fake_request()"}],"source_content_type":"text/x-python","patch_set":4,"id":"87592247_a787e1a4","line":6077,"range":{"start_line":6077,"start_character":57,"end_line":6077,"end_character":66},"in_reply_to":"666d40f0_6bca0684","updated":"2023-02-15 05:43:43.000000000","message":"Done","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"d30c35c5f5fc28fbee1dc562bcd8f529e764b596","unresolved":true,"context_lines":[{"line_number":6074,"context_line":"    def test_delete_from_store_as_non_owner(self):"},{"line_number":6075,"context_line":"        enforcer \u003d self._enforcer_from_rules({"},{"line_number":6076,"context_line":"            \"get_image\": \"\","},{"line_number":6077,"context_line":"            \"delete_image_location\": \"\u0027A-Fake-Tenant-Id\u0027:%(owner)s\","},{"line_number":6078,"context_line":"            \"get_image_location\": \"\""},{"line_number":6079,"context_line":"        })"},{"line_number":6080,"context_line":"        request \u003d unit_test_utils.get_fake_request()"}],"source_content_type":"text/x-python","patch_set":4,"id":"666d40f0_6bca0684","line":6077,"range":{"start_line":6077,"start_character":57,"end_line":6077,"end_character":66},"in_reply_to":"87a9486b_36208e8b","updated":"2023-02-11 11:57:52.000000000","message":"Well, there is document on writing the rules[1].\nSo according to this as per my understanding, here for this particular rule, fake tenant id (or any other tenant id can be used) has been used and the owner from the image. since those two values are not equivalent the check will not pass.\n\n\n[1]: https://github.com/openstack/glance/blob/b159aa8b644338360f6e90d34af40a662246fe47/doc/source/policies.rst#writing-rules","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"f8a217c0ba3e86630b23c9213ba504d4618a8f21","unresolved":true,"context_lines":[{"line_number":219,"context_line":"        self.controller.gateway.store_utils \u003d self.store_utils"},{"line_number":220,"context_line":"        self.controller._key_manager \u003d fake_keymgr.fake_api()"},{"line_number":221,"context_line":"        store.create_stores()"},{"line_number":222,"context_line":""},{"line_number":223,"context_line":"    def _enforcer_from_rules(self, unparsed_rules):"},{"line_number":224,"context_line":"        rules \u003d policy.Rules.from_dict(unparsed_rules)"},{"line_number":225,"context_line":"        enforcer \u003d glance.api.policy.Enforcer("},{"line_number":226,"context_line":"            suppress_deprecation_warnings\u003dTrue)"},{"line_number":227,"context_line":"        enforcer.set_rules(rules, overwrite\u003dTrue)"},{"line_number":228,"context_line":"        return enforcer"},{"line_number":229,"context_line":""},{"line_number":230,"context_line":"    def _create_images(self):"},{"line_number":231,"context_line":"        self.images \u003d ["}],"source_content_type":"text/x-python","patch_set":7,"id":"a908c2c7_534f4297","line":228,"range":{"start_line":222,"start_character":0,"end_line":228,"end_character":23},"updated":"2023-02-16 06:45:36.000000000","message":"ditto","commit_id":"6f54b6ba9f1420ec4ef9119fc381e81973171090"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"69f0893a8b92d863f0a71a3a027c74b67b945a47","unresolved":false,"context_lines":[{"line_number":219,"context_line":"        self.controller.gateway.store_utils \u003d self.store_utils"},{"line_number":220,"context_line":"        self.controller._key_manager \u003d fake_keymgr.fake_api()"},{"line_number":221,"context_line":"        store.create_stores()"},{"line_number":222,"context_line":""},{"line_number":223,"context_line":"    def _enforcer_from_rules(self, unparsed_rules):"},{"line_number":224,"context_line":"        rules \u003d policy.Rules.from_dict(unparsed_rules)"},{"line_number":225,"context_line":"        enforcer \u003d glance.api.policy.Enforcer("},{"line_number":226,"context_line":"            suppress_deprecation_warnings\u003dTrue)"},{"line_number":227,"context_line":"        enforcer.set_rules(rules, overwrite\u003dTrue)"},{"line_number":228,"context_line":"        return enforcer"},{"line_number":229,"context_line":""},{"line_number":230,"context_line":"    def _create_images(self):"},{"line_number":231,"context_line":"        self.images \u003d ["}],"source_content_type":"text/x-python","patch_set":7,"id":"7a303967_3f9c0fdb","line":228,"range":{"start_line":222,"start_character":0,"end_line":228,"end_character":23},"in_reply_to":"a908c2c7_534f4297","updated":"2023-02-16 11:43:31.000000000","message":"Done","commit_id":"6f54b6ba9f1420ec4ef9119fc381e81973171090"}],"releasenotes/notes/enable-enforce-scope-and-new-defaults-ef543183e6c2eabb.yaml":[{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"c2fc358036e7f73166527f2ac86d5f6faea73b78","unresolved":true,"context_lines":[{"line_number":7,"context_line":"    to ``True``."},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"    If you want to disable them then modify the below config options value in"},{"line_number":10,"context_line":"    ``glance-api.conf`` file::"},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"      [oslo_policy]"},{"line_number":13,"context_line":"      enforce_new_defaults\u003dFalse"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"7e5b58d7_9991e77c","line":10,"updated":"2023-02-10 15:08:33.000000000","message":"I wonder if we should be saying more here about the plan to move everyone to here, and eventually remove the ability to disable the old one? We could perhaps do that in a prelude section at release time or something. But we definitely want big red flashing lights around this change, and the coming loss of ability to do \"the old way\".","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"fb63cb1e4ed86dcc4f1519eac69c2d0233fa47d8","unresolved":false,"context_lines":[{"line_number":7,"context_line":"    to ``True``."},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"    If you want to disable them then modify the below config options value in"},{"line_number":10,"context_line":"    ``glance-api.conf`` file::"},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"      [oslo_policy]"},{"line_number":13,"context_line":"      enforce_new_defaults\u003dFalse"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"903d4d1a_572a7045","line":10,"in_reply_to":"0e3a2848_767a8be0","updated":"2023-02-16 13:52:58.000000000","message":"Ack","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"81ff4fd3866bebaee2d2be8f41b0e5a2a08f8188","unresolved":true,"context_lines":[{"line_number":7,"context_line":"    to ``True``."},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"    If you want to disable them then modify the below config options value in"},{"line_number":10,"context_line":"    ``glance-api.conf`` file::"},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"      [oslo_policy]"},{"line_number":13,"context_line":"      enforce_new_defaults\u003dFalse"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"0e3a2848_767a8be0","line":10,"in_reply_to":"564ff8fa_de905779","updated":"2023-02-11 19:27:01.000000000","message":"+1","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"d30c35c5f5fc28fbee1dc562bcd8f529e764b596","unresolved":true,"context_lines":[{"line_number":7,"context_line":"    to ``True``."},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"    If you want to disable them then modify the below config options value in"},{"line_number":10,"context_line":"    ``glance-api.conf`` file::"},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"      [oslo_policy]"},{"line_number":13,"context_line":"      enforce_new_defaults\u003dFalse"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"564ff8fa_de905779","line":10,"in_reply_to":"7e5b58d7_9991e77c","updated":"2023-02-11 11:57:52.000000000","message":"Agreed. I will update this in prelude section during release time.","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"}]}