)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"b303477fd0ecd20f0397d213dc83a3e459f81ff5","unresolved":true,"context_lines":[{"line_number":10,"context_line":"switching to new defaults by default hence removing the deprecated"},{"line_number":11,"context_line":"``enforce_secure_rbac`` option which is no longer needed."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"The ``enforce_secure_rbac`` option was introduced EXPERIMENTAL in Wallaby"},{"line_number":14,"context_line":"release for operators to opt into enforcing authorization based on common"},{"line_number":15,"context_line":"RBAC personas."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"Change-Id: I273527c85d30c1c09c086c73c892aaa6d127df6b"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":6,"id":"e8b72a33_98492799","line":15,"range":{"start_line":13,"start_character":0,"end_line":15,"end_character":14},"updated":"2023-02-16 07:20:15.000000000","message":"Also please format the commit message properly.","commit_id":"4bdde0f4823f09ff6b4d3904ce6fad5a74b6fd95"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"f57199dfef6978fbf33ea33e33622ae14267ae7e","unresolved":false,"context_lines":[{"line_number":10,"context_line":"switching to new defaults by default hence removing the deprecated"},{"line_number":11,"context_line":"``enforce_secure_rbac`` option which is no longer needed."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"The ``enforce_secure_rbac`` option was introduced EXPERIMENTAL in Wallaby"},{"line_number":14,"context_line":"release for operators to opt into enforcing authorization based on common"},{"line_number":15,"context_line":"RBAC personas."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"Change-Id: I273527c85d30c1c09c086c73c892aaa6d127df6b"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":6,"id":"39f0174a_c1bee960","line":15,"range":{"start_line":13,"start_character":0,"end_line":15,"end_character":14},"in_reply_to":"e8b72a33_98492799","updated":"2023-02-16 11:44:15.000000000","message":"Done","commit_id":"4bdde0f4823f09ff6b4d3904ce6fad5a74b6fd95"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"9e747827dfb5e09f6f42bce9e8a4f9e0f7f96808","unresolved":true,"context_lines":[{"line_number":13,"context_line":"The ``enforce_secure_rbac`` option was introduced EXPERIMENTAL in Wallaby"},{"line_number":14,"context_line":"release for operators to opt into enforcing authorization based on common"},{"line_number":15,"context_line":"RBAC personas."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"Change-Id: I273527c85d30c1c09c086c73c892aaa6d127df6b"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":6,"id":"729d699d_7bec6210","line":16,"updated":"2023-02-16 07:17:34.000000000","message":"Please mention srbac related \"blueprint\" here","commit_id":"4bdde0f4823f09ff6b4d3904ce6fad5a74b6fd95"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"f57199dfef6978fbf33ea33e33622ae14267ae7e","unresolved":false,"context_lines":[{"line_number":13,"context_line":"The ``enforce_secure_rbac`` option was introduced EXPERIMENTAL in Wallaby"},{"line_number":14,"context_line":"release for operators to opt into enforcing authorization based on common"},{"line_number":15,"context_line":"RBAC personas."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"Change-Id: I273527c85d30c1c09c086c73c892aaa6d127df6b"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":6,"id":"1bce3737_8be94139","line":16,"in_reply_to":"729d699d_7bec6210","updated":"2023-02-16 11:44:15.000000000","message":"Done","commit_id":"4bdde0f4823f09ff6b4d3904ce6fad5a74b6fd95"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"b7a3c0c37b80b39fb64a92478a64222cc55a4e64","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"e99ac8bf_43b99f51","updated":"2023-02-11 19:29:45.000000000","message":"thanks Pranali","commit_id":"3d7c644cd31c43025b099f0d84e35e174561d124"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"2eb0fb0fefbfbaddf9ef4a662332e87ff1a1d130","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"144712a1_8f076f50","updated":"2023-02-15 06:15:37.000000000","message":"I think in this job you need to drop newly added srbac job and enable srbac for all other tempest jobs.","commit_id":"ca488f6ee3c9675c09ee513552eb34ee9b4bcef5"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"771a19e07bcdb4a8677688cc1d79ee009d667893","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"0c2ade3e_8b6e69bb","updated":"2023-02-13 19:26:31.000000000","message":"lgtm, thanks pranali. ","commit_id":"ca488f6ee3c9675c09ee513552eb34ee9b4bcef5"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"cd938c5706680cd1b4ab87d9dcc10c35a0d5bbb2","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"883ec363_19a0a524","updated":"2023-02-14 10:04:08.000000000","message":"recheck https://review.opendev.org/c/openstack/tempest/+/873300 merged","commit_id":"ca488f6ee3c9675c09ee513552eb34ee9b4bcef5"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"8036e24d0afa4bb482102dc2019a5deb5358d9bf","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"8c998d28_68696938","updated":"2023-02-15 15:33:43.000000000","message":"we need to keep the old checks as  old policy are still supported and disabled by default but they can be enabled.","commit_id":"ca488f6ee3c9675c09ee513552eb34ee9b4bcef5"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"8cc8b0920616ddeb705d3fdb287ca4d2783d7198","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"dab69898_dedddc5a","updated":"2023-02-15 18:25:44.000000000","message":"I am still confused but I think the mentioned test is required.","commit_id":"4bdde0f4823f09ff6b4d3904ce6fad5a74b6fd95"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"9e747827dfb5e09f6f42bce9e8a4f9e0f7f96808","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"6f79861d_b60998b7","updated":"2023-02-16 07:17:34.000000000","message":"Overall looks good to me, some comments inline to minimise the changes.","commit_id":"4bdde0f4823f09ff6b4d3904ce6fad5a74b6fd95"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"244fe44600be2c835b059c8b28194807d23f6e8c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"cd6a7b29_0a06db64","updated":"2023-02-15 20:53:43.000000000","message":"Sorry, I overlooked since the comment was not marked as resolved ","commit_id":"4bdde0f4823f09ff6b4d3904ce6fad5a74b6fd95"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"fce8a83da88f3c2f0d05d07d6c936202f41a0bd2","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"e7a5507a_d3af8a90","updated":"2023-02-16 02:10:55.000000000","message":"thanks. lgtm","commit_id":"4bdde0f4823f09ff6b4d3904ce6fad5a74b6fd95"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"e5ae35373e3cbce5f049aa4188172d8032b74a4e","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"62151a15_37402aa2","updated":"2023-02-16 13:56:35.000000000","message":"Looks better now, thank you!","commit_id":"b20cc91e6f5c0a84965b0498c75b2ad40f361361"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"2062893691f43590f312b90fff1aaef85ee5f56b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"9e6edebe_92c20783","updated":"2023-02-20 20:08:30.000000000","message":"recheck nova failure","commit_id":"b20cc91e6f5c0a84965b0498c75b2ad40f361361"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"c5c2e27415cc85e9a4de9f89d58dde1d1c8256be","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"3d3bc838_f5b3a588","updated":"2023-02-16 18:12:37.000000000","message":"recheck nova-ceph-multistore","commit_id":"b20cc91e6f5c0a84965b0498c75b2ad40f361361"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"a21373205ebe318dee4d0fb738dd0741d11dd9d1","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"afa38138_6898fbbf","updated":"2023-02-16 14:10:07.000000000","message":"recheck nova-ceph-multistore timeout","commit_id":"b20cc91e6f5c0a84965b0498c75b2ad40f361361"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"7e6ea396e1c2ca031629504155b98701c5dce380","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"59bf89c6_fa861aee","updated":"2023-02-20 15:43:55.000000000","message":"recheck tempest nova + cinder failure","commit_id":"b20cc91e6f5c0a84965b0498c75b2ad40f361361"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"5c2b1786065f3c5edddd397b27f07edb95c3c210","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"6a4e1d44_a8f16127","updated":"2023-02-16 18:29:19.000000000","message":"thanks again","commit_id":"b20cc91e6f5c0a84965b0498c75b2ad40f361361"}],"glance/api/v2/image_members.py":[{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"4a46e66eecc3d68c818a06af32e287e5c50dac77","unresolved":true,"context_lines":[{"line_number":72,"context_line":"            msg \u003d _(\"You are not authorized to lookup image %s.\") % image_id"},{"line_number":73,"context_line":"            LOG.warning(msg)"},{"line_number":74,"context_line":"            raise webob.exc.HTTPForbidden(explanation\u003dmsg)"},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"    def _check_visibility_and_ownership(self, context, image,"},{"line_number":77,"context_line":"                                        ownership_check\u003dNone):"},{"line_number":78,"context_line":"        if image.visibility !\u003d \u0027shared\u0027:"},{"line_number":79,"context_line":"            message \u003d _(\"Only shared images have members.\")"},{"line_number":80,"context_line":"            raise exception.Forbidden(message)"},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"        # NOTE(abhishekk): Ownership check only needs to performed while"},{"line_number":83,"context_line":"        # adding new members to image"},{"line_number":84,"context_line":"        owner \u003d image.owner"},{"line_number":85,"context_line":"        if not CONF.enforce_secure_rbac and not context.is_admin:"},{"line_number":86,"context_line":"            if ownership_check \u003d\u003d \u0027create\u0027:"},{"line_number":87,"context_line":"                if owner is None or owner !\u003d context.owner:"},{"line_number":88,"context_line":"                    message \u003d _(\"You are not permitted to create image \""},{"line_number":89,"context_line":"                                \"members for the image.\")"},{"line_number":90,"context_line":"                    raise exception.Forbidden(message)"},{"line_number":91,"context_line":"            elif ownership_check \u003d\u003d \u0027update\u0027:"},{"line_number":92,"context_line":"                if context.owner \u003d\u003d owner:"},{"line_number":93,"context_line":"                    message \u003d _(\"You are not permitted to modify \u0027status\u0027 \""},{"line_number":94,"context_line":"                                \"on this image member.\")"},{"line_number":95,"context_line":"                    raise exception.Forbidden(message)"},{"line_number":96,"context_line":"            elif ownership_check \u003d\u003d \u0027delete\u0027:"},{"line_number":97,"context_line":"                if context.owner !\u003d owner:"},{"line_number":98,"context_line":"                    message \u003d _(\"You cannot delete image member.\")"},{"line_number":99,"context_line":"                    raise exception.Forbidden(message)"},{"line_number":100,"context_line":""},{"line_number":101,"context_line":"    def _lookup_member(self, req, image, member_id, member_repo\u003dNone):"},{"line_number":102,"context_line":"        if not member_repo:"}],"source_content_type":"text/x-python","patch_set":5,"id":"53f7b954_6dc132d8","side":"PARENT","line":99,"range":{"start_line":75,"start_character":0,"end_line":99,"end_character":54},"updated":"2023-02-15 05:25:53.000000000","message":"IMO This change is causing failure of tempest test test_image_share_owner_cannot_accept\n\nPreviously we had this check in authorization layer and after removal of it we moved it here. \n\nhttps://github.com/openstack/tempest/blob/master/tempest/api/image/v2/test_images_member_negative.py#L37\n\nAnother way if we want to remove this check then we need to update our policies for add, update and delete member apis.","commit_id":"d2e13cbdc8e6268b37f8db9cbd790a2803d0bf5e"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"e60509d72bac73eb2f7b6b431abfbcd15e882c0c","unresolved":true,"context_lines":[{"line_number":72,"context_line":"            msg \u003d _(\"You are not authorized to lookup image %s.\") % image_id"},{"line_number":73,"context_line":"            LOG.warning(msg)"},{"line_number":74,"context_line":"            raise webob.exc.HTTPForbidden(explanation\u003dmsg)"},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"    def _check_visibility_and_ownership(self, context, image,"},{"line_number":77,"context_line":"                                        ownership_check\u003dNone):"},{"line_number":78,"context_line":"        if image.visibility !\u003d \u0027shared\u0027:"},{"line_number":79,"context_line":"            message \u003d _(\"Only shared images have members.\")"},{"line_number":80,"context_line":"            raise exception.Forbidden(message)"},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"        # NOTE(abhishekk): Ownership check only needs to performed while"},{"line_number":83,"context_line":"        # adding new members to image"},{"line_number":84,"context_line":"        owner \u003d image.owner"},{"line_number":85,"context_line":"        if not CONF.enforce_secure_rbac and not context.is_admin:"},{"line_number":86,"context_line":"            if ownership_check \u003d\u003d \u0027create\u0027:"},{"line_number":87,"context_line":"                if owner is None or owner !\u003d context.owner:"},{"line_number":88,"context_line":"                    message \u003d _(\"You are not permitted to create image \""},{"line_number":89,"context_line":"                                \"members for the image.\")"},{"line_number":90,"context_line":"                    raise exception.Forbidden(message)"},{"line_number":91,"context_line":"            elif ownership_check \u003d\u003d \u0027update\u0027:"},{"line_number":92,"context_line":"                if context.owner \u003d\u003d owner:"},{"line_number":93,"context_line":"                    message \u003d _(\"You are not permitted to modify \u0027status\u0027 \""},{"line_number":94,"context_line":"                                \"on this image member.\")"},{"line_number":95,"context_line":"                    raise exception.Forbidden(message)"},{"line_number":96,"context_line":"            elif ownership_check \u003d\u003d \u0027delete\u0027:"},{"line_number":97,"context_line":"                if context.owner !\u003d owner:"},{"line_number":98,"context_line":"                    message \u003d _(\"You cannot delete image member.\")"},{"line_number":99,"context_line":"                    raise exception.Forbidden(message)"},{"line_number":100,"context_line":""},{"line_number":101,"context_line":"    def _lookup_member(self, req, image, member_id, member_repo\u003dNone):"},{"line_number":102,"context_line":"        if not member_repo:"}],"source_content_type":"text/x-python","patch_set":5,"id":"80ef1a40_60ff2dce","side":"PARENT","line":99,"range":{"start_line":75,"start_character":0,"end_line":99,"end_character":54},"in_reply_to":"53f7b954_6dc132d8","updated":"2023-02-15 15:28:51.000000000","message":"ok so we need this check for old policy then we should check oslo flags here\n\nif not (CONF.enforce_scope or CONF.enforce_new_defaults) and not context.is_admin:\n\nthat way we keep checking this ownership for deployment disabled the new rbac which is nothing but the existing tempest jobs.","commit_id":"d2e13cbdc8e6268b37f8db9cbd790a2803d0bf5e"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"b2160dd50724dc001443e4ca81ea62eefba2d695","unresolved":false,"context_lines":[{"line_number":72,"context_line":"            msg \u003d _(\"You are not authorized to lookup image %s.\") % image_id"},{"line_number":73,"context_line":"            LOG.warning(msg)"},{"line_number":74,"context_line":"            raise webob.exc.HTTPForbidden(explanation\u003dmsg)"},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"    def _check_visibility_and_ownership(self, context, image,"},{"line_number":77,"context_line":"                                        ownership_check\u003dNone):"},{"line_number":78,"context_line":"        if image.visibility !\u003d \u0027shared\u0027:"},{"line_number":79,"context_line":"            message \u003d _(\"Only shared images have members.\")"},{"line_number":80,"context_line":"            raise exception.Forbidden(message)"},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"        # NOTE(abhishekk): Ownership check only needs to performed while"},{"line_number":83,"context_line":"        # adding new members to image"},{"line_number":84,"context_line":"        owner \u003d image.owner"},{"line_number":85,"context_line":"        if not CONF.enforce_secure_rbac and not context.is_admin:"},{"line_number":86,"context_line":"            if ownership_check \u003d\u003d \u0027create\u0027:"},{"line_number":87,"context_line":"                if owner is None or owner !\u003d context.owner:"},{"line_number":88,"context_line":"                    message \u003d _(\"You are not permitted to create image \""},{"line_number":89,"context_line":"                                \"members for the image.\")"},{"line_number":90,"context_line":"                    raise exception.Forbidden(message)"},{"line_number":91,"context_line":"            elif ownership_check \u003d\u003d \u0027update\u0027:"},{"line_number":92,"context_line":"                if context.owner \u003d\u003d owner:"},{"line_number":93,"context_line":"                    message \u003d _(\"You are not permitted to modify \u0027status\u0027 \""},{"line_number":94,"context_line":"                                \"on this image member.\")"},{"line_number":95,"context_line":"                    raise exception.Forbidden(message)"},{"line_number":96,"context_line":"            elif ownership_check \u003d\u003d \u0027delete\u0027:"},{"line_number":97,"context_line":"                if context.owner !\u003d owner:"},{"line_number":98,"context_line":"                    message \u003d _(\"You cannot delete image member.\")"},{"line_number":99,"context_line":"                    raise exception.Forbidden(message)"},{"line_number":100,"context_line":""},{"line_number":101,"context_line":"    def _lookup_member(self, req, image, member_id, member_repo\u003dNone):"},{"line_number":102,"context_line":"        if not member_repo:"}],"source_content_type":"text/x-python","patch_set":5,"id":"e1a38d8a_899f0b91","side":"PARENT","line":99,"range":{"start_line":75,"start_character":0,"end_line":99,"end_character":54},"in_reply_to":"80ef1a40_60ff2dce","updated":"2023-02-15 18:12:28.000000000","message":"Done","commit_id":"d2e13cbdc8e6268b37f8db9cbd790a2803d0bf5e"}],"glance/api/v2/policy.py":[{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"8036e24d0afa4bb482102dc2019a5deb5358d9bf","unresolved":true,"context_lines":[{"line_number":223,"context_line":""},{"line_number":224,"context_line":"    def delete_locations(self):"},{"line_number":225,"context_line":"        self._enforce(\u0027delete_image_location\u0027)"},{"line_number":226,"context_line":"        # TODO(danms): Remove this legacy fallback when secure RBAC"},{"line_number":227,"context_line":"        # replaces the legacy policy."},{"line_number":228,"context_line":"        if not CONF.enforce_secure_rbac:"},{"line_number":229,"context_line":"            check_is_image_mutable(self._context, self._image)"},{"line_number":230,"context_line":""},{"line_number":231,"context_line":"    def get_image_location(self):"},{"line_number":232,"context_line":"        self._enforce(\u0027get_image_location\u0027)"}],"source_content_type":"text/x-python","patch_set":5,"id":"ffa34c41_33b2135f","side":"PARENT","line":229,"range":{"start_line":226,"start_character":0,"end_line":229,"end_character":62},"updated":"2023-02-15 15:33:43.000000000","message":"ditto, legacy rbac is still supported it is just they are disabl;ed by default but can be enabled\n\nif not (CONF.enforce_scope or CONF.enforce_new_defaults)","commit_id":"d2e13cbdc8e6268b37f8db9cbd790a2803d0bf5e"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"b2160dd50724dc001443e4ca81ea62eefba2d695","unresolved":false,"context_lines":[{"line_number":223,"context_line":""},{"line_number":224,"context_line":"    def delete_locations(self):"},{"line_number":225,"context_line":"        self._enforce(\u0027delete_image_location\u0027)"},{"line_number":226,"context_line":"        # TODO(danms): Remove this legacy fallback when secure RBAC"},{"line_number":227,"context_line":"        # replaces the legacy policy."},{"line_number":228,"context_line":"        if not CONF.enforce_secure_rbac:"},{"line_number":229,"context_line":"            check_is_image_mutable(self._context, self._image)"},{"line_number":230,"context_line":""},{"line_number":231,"context_line":"    def get_image_location(self):"},{"line_number":232,"context_line":"        self._enforce(\u0027get_image_location\u0027)"}],"source_content_type":"text/x-python","patch_set":5,"id":"60e2b948_ea6a6e07","side":"PARENT","line":229,"range":{"start_line":226,"start_character":0,"end_line":229,"end_character":62},"in_reply_to":"ffa34c41_33b2135f","updated":"2023-02-15 18:12:28.000000000","message":"Done","commit_id":"d2e13cbdc8e6268b37f8db9cbd790a2803d0bf5e"}],"glance/tests/functional/__init__.py":[{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"9e747827dfb5e09f6f42bce9e8a4f9e0f7f96808","unresolved":true,"context_lines":[{"line_number":409,"context_line":"        self.disable_path \u003d None"},{"line_number":410,"context_line":""},{"line_number":411,"context_line":"        secure_rbac \u003d bool(os.getenv(\u0027OS_GLANCE_TEST_RBAC_DEFAULTS\u0027))"},{"line_number":412,"context_line":"        self.enforce_new_defaults \u003d secure_rbac"},{"line_number":413,"context_line":""},{"line_number":414,"context_line":"        self.needs_database \u003d True"},{"line_number":415,"context_line":"        default_sql_connection \u003d SQLITE_CONN_TEMPLATE % self.test_dir"}],"source_content_type":"text/x-python","patch_set":6,"id":"a4a868ec_5d0c069e","line":412,"range":{"start_line":412,"start_character":8,"end_line":412,"end_character":34},"updated":"2023-02-16 07:17:34.000000000","message":"If you set it True here, then I guess you don\u0027t need to make changes at other places\n\nchanges for reference; https://paste.opendev.org/show/bFGRHC3SJGuOBYlYKLFM/","commit_id":"4bdde0f4823f09ff6b4d3904ce6fad5a74b6fd95"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"f57199dfef6978fbf33ea33e33622ae14267ae7e","unresolved":false,"context_lines":[{"line_number":409,"context_line":"        self.disable_path \u003d None"},{"line_number":410,"context_line":""},{"line_number":411,"context_line":"        secure_rbac \u003d bool(os.getenv(\u0027OS_GLANCE_TEST_RBAC_DEFAULTS\u0027))"},{"line_number":412,"context_line":"        self.enforce_new_defaults \u003d secure_rbac"},{"line_number":413,"context_line":""},{"line_number":414,"context_line":"        self.needs_database \u003d True"},{"line_number":415,"context_line":"        default_sql_connection \u003d SQLITE_CONN_TEMPLATE % self.test_dir"}],"source_content_type":"text/x-python","patch_set":6,"id":"c1bee341_3fb5af71","line":412,"range":{"start_line":412,"start_character":8,"end_line":412,"end_character":34},"in_reply_to":"a4a868ec_5d0c069e","updated":"2023-02-16 11:44:15.000000000","message":"Done","commit_id":"4bdde0f4823f09ff6b4d3904ce6fad5a74b6fd95"}],"glance/tests/functional/v2/test_images.py":[{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"9e747827dfb5e09f6f42bce9e8a4f9e0f7f96808","unresolved":true,"context_lines":[{"line_number":380,"context_line":"    def test_image_lifecycle(self):"},{"line_number":381,"context_line":"        # Image list should be empty"},{"line_number":382,"context_line":"        self.api_server.show_multiple_locations \u003d True"},{"line_number":383,"context_line":"        self.enforce_new_defaults \u003d True"},{"line_number":384,"context_line":"        self.start_servers(**self.__dict__.copy())"},{"line_number":385,"context_line":"        path \u003d self._url(\u0027/v2/images\u0027)"},{"line_number":386,"context_line":"        response \u003d requests.get(path, headers\u003dself._headers())"}],"source_content_type":"text/x-python","patch_set":6,"id":"7122a612_f8801855","line":383,"range":{"start_line":383,"start_character":8,"end_line":383,"end_character":40},"updated":"2023-02-16 07:17:34.000000000","message":"This is not required if you implement my comment in previous file.","commit_id":"4bdde0f4823f09ff6b4d3904ce6fad5a74b6fd95"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"f57199dfef6978fbf33ea33e33622ae14267ae7e","unresolved":false,"context_lines":[{"line_number":380,"context_line":"    def test_image_lifecycle(self):"},{"line_number":381,"context_line":"        # Image list should be empty"},{"line_number":382,"context_line":"        self.api_server.show_multiple_locations \u003d True"},{"line_number":383,"context_line":"        self.enforce_new_defaults \u003d True"},{"line_number":384,"context_line":"        self.start_servers(**self.__dict__.copy())"},{"line_number":385,"context_line":"        path \u003d self._url(\u0027/v2/images\u0027)"},{"line_number":386,"context_line":"        response \u003d requests.get(path, headers\u003dself._headers())"}],"source_content_type":"text/x-python","patch_set":6,"id":"35cee866_cc70e64e","line":383,"range":{"start_line":383,"start_character":8,"end_line":383,"end_character":40},"in_reply_to":"7122a612_f8801855","updated":"2023-02-16 11:44:15.000000000","message":"Done","commit_id":"4bdde0f4823f09ff6b4d3904ce6fad5a74b6fd95"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"9e747827dfb5e09f6f42bce9e8a4f9e0f7f96808","unresolved":true,"context_lines":[{"line_number":2156,"context_line":"        self.assertNotEqual(image_checksum, \u002776522d28cb4418f12704dfa7acd6e7ee\u0027)"},{"line_number":2157,"context_line":""},{"line_number":2158,"context_line":"    def test_permissions(self):"},{"line_number":2159,"context_line":"        self.enforce_new_defaults \u003d True"},{"line_number":2160,"context_line":"        self.start_servers(**self.__dict__.copy())"},{"line_number":2161,"context_line":"        # Create an image that belongs to TENANT1"},{"line_number":2162,"context_line":"        path \u003d self._url(\u0027/v2/images\u0027)"}],"source_content_type":"text/x-python","patch_set":6,"id":"b373a6ae_872c4e81","line":2159,"range":{"start_line":2159,"start_character":38,"end_line":2159,"end_character":39},"updated":"2023-02-16 07:17:34.000000000","message":"ditto","commit_id":"4bdde0f4823f09ff6b4d3904ce6fad5a74b6fd95"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"f57199dfef6978fbf33ea33e33622ae14267ae7e","unresolved":false,"context_lines":[{"line_number":2156,"context_line":"        self.assertNotEqual(image_checksum, \u002776522d28cb4418f12704dfa7acd6e7ee\u0027)"},{"line_number":2157,"context_line":""},{"line_number":2158,"context_line":"    def test_permissions(self):"},{"line_number":2159,"context_line":"        self.enforce_new_defaults \u003d True"},{"line_number":2160,"context_line":"        self.start_servers(**self.__dict__.copy())"},{"line_number":2161,"context_line":"        # Create an image that belongs to TENANT1"},{"line_number":2162,"context_line":"        path \u003d self._url(\u0027/v2/images\u0027)"}],"source_content_type":"text/x-python","patch_set":6,"id":"b848f87a_1be4dbdc","line":2159,"range":{"start_line":2159,"start_character":38,"end_line":2159,"end_character":39},"in_reply_to":"b373a6ae_872c4e81","updated":"2023-02-16 11:44:15.000000000","message":"Done","commit_id":"4bdde0f4823f09ff6b4d3904ce6fad5a74b6fd95"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"9e747827dfb5e09f6f42bce9e8a4f9e0f7f96808","unresolved":true,"context_lines":[{"line_number":4040,"context_line":"        self.cleanup()"},{"line_number":4041,"context_line":"        self.include_scrubber \u003d False"},{"line_number":4042,"context_line":"        self.api_server.deployment_flavor \u003d \u0027fakeauth\u0027"},{"line_number":4043,"context_line":"        self.api_server.enforce_new_defaults \u003d True"},{"line_number":4044,"context_line":"        self.start_servers(**self.__dict__.copy())"},{"line_number":4045,"context_line":""},{"line_number":4046,"context_line":"    def _headers(self, custom_headers\u003dNone):"}],"source_content_type":"text/x-python","patch_set":6,"id":"37d2f9f2_3d5d808d","line":4043,"updated":"2023-02-16 07:17:34.000000000","message":"ditto","commit_id":"4bdde0f4823f09ff6b4d3904ce6fad5a74b6fd95"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"f57199dfef6978fbf33ea33e33622ae14267ae7e","unresolved":false,"context_lines":[{"line_number":4040,"context_line":"        self.cleanup()"},{"line_number":4041,"context_line":"        self.include_scrubber \u003d False"},{"line_number":4042,"context_line":"        self.api_server.deployment_flavor \u003d \u0027fakeauth\u0027"},{"line_number":4043,"context_line":"        self.api_server.enforce_new_defaults \u003d True"},{"line_number":4044,"context_line":"        self.start_servers(**self.__dict__.copy())"},{"line_number":4045,"context_line":""},{"line_number":4046,"context_line":"    def _headers(self, custom_headers\u003dNone):"}],"source_content_type":"text/x-python","patch_set":6,"id":"53e7abf2_e92a1eb5","line":4043,"in_reply_to":"37d2f9f2_3d5d808d","updated":"2023-02-16 11:44:15.000000000","message":"Done","commit_id":"4bdde0f4823f09ff6b4d3904ce6fad5a74b6fd95"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"9e747827dfb5e09f6f42bce9e8a4f9e0f7f96808","unresolved":true,"context_lines":[{"line_number":6364,"context_line":"        return base_headers"},{"line_number":6365,"context_line":""},{"line_number":6366,"context_line":"    def test_image_member_lifecycle_for_multiple_stores(self):"},{"line_number":6367,"context_line":"        self.enforce_new_defaults \u003d True"},{"line_number":6368,"context_line":"        self.start_servers(**self.__dict__.copy())"},{"line_number":6369,"context_line":""},{"line_number":6370,"context_line":"        try:"}],"source_content_type":"text/x-python","patch_set":6,"id":"ea83f094_c2366de3","line":6367,"updated":"2023-02-16 07:17:34.000000000","message":"ditto","commit_id":"4bdde0f4823f09ff6b4d3904ce6fad5a74b6fd95"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"f57199dfef6978fbf33ea33e33622ae14267ae7e","unresolved":false,"context_lines":[{"line_number":6364,"context_line":"        return base_headers"},{"line_number":6365,"context_line":""},{"line_number":6366,"context_line":"    def test_image_member_lifecycle_for_multiple_stores(self):"},{"line_number":6367,"context_line":"        self.enforce_new_defaults \u003d True"},{"line_number":6368,"context_line":"        self.start_servers(**self.__dict__.copy())"},{"line_number":6369,"context_line":""},{"line_number":6370,"context_line":"        try:"}],"source_content_type":"text/x-python","patch_set":6,"id":"7ad2ad4e_fc305e82","line":6367,"in_reply_to":"ea83f094_c2366de3","updated":"2023-02-16 11:44:15.000000000","message":"Done","commit_id":"4bdde0f4823f09ff6b4d3904ce6fad5a74b6fd95"}],"glance/tests/functional/v2/test_images_api_policy.py":[{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"20af83cd20cf11fa3f7d7e93f6d97f257f823805","unresolved":true,"context_lines":[{"line_number":215,"context_line":"        # Now disable add_image and make sure we get 403"},{"line_number":216,"context_line":"        self.set_policy_rules({\u0027add_image\u0027: \u0027!\u0027})"},{"line_number":217,"context_line":""},{"line_number":218,"context_line":"        self.assertEqual(403, self._create().status_code)"},{"line_number":219,"context_line":""},{"line_number":220,"context_line":"    def test_image_create_by_another(self):"},{"line_number":221,"context_line":"        self.start_server()"},{"line_number":222,"context_line":""},{"line_number":223,"context_line":"        # NOTE(danms): There is no policy override in this test,"},{"line_number":224,"context_line":"        # specifically to test that the defaults (for rbac and"},{"line_number":225,"context_line":"        # non-rbac) properly catch the attempt by a non-admin to"},{"line_number":226,"context_line":"        # create an image owned by someone else."},{"line_number":227,"context_line":""},{"line_number":228,"context_line":"        image \u003d {\u0027name\u0027: \u0027foo\u0027,"},{"line_number":229,"context_line":"                 \u0027container_format\u0027: \u0027bare\u0027,"},{"line_number":230,"context_line":"                 \u0027disk_format\u0027: \u0027raw\u0027,"},{"line_number":231,"context_line":"                 \u0027owner\u0027: \u0027someoneelse\u0027}"},{"line_number":232,"context_line":"        resp \u003d self.api_post(\u0027/v2/images\u0027,"},{"line_number":233,"context_line":"                             json\u003dimage,"},{"line_number":234,"context_line":"                             headers\u003d{\u0027X-Roles\u0027: \u0027member\u0027})"},{"line_number":235,"context_line":"        # Make sure we get the expected owner-specific error message"},{"line_number":236,"context_line":"        self.assertIn(\"You are not permitted to create images \""},{"line_number":237,"context_line":"                      \"owned by \u0027someoneelse\u0027\", resp.text)"},{"line_number":238,"context_line":""},{"line_number":239,"context_line":"    def test_image_delete(self):"},{"line_number":240,"context_line":"        self.start_server()"}],"source_content_type":"text/x-python","patch_set":1,"id":"7065f8fd_0d544fdf","side":"PARENT","line":237,"range":{"start_line":218,"start_character":51,"end_line":237,"end_character":58},"updated":"2023-02-10 15:10:01.000000000","message":"Any reason to remove this test or now anyone will be able to create image owned by anyone?","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"1c3f0658b61bde27b61d9a41cf996d9c659f6f9b","unresolved":true,"context_lines":[{"line_number":215,"context_line":"        # Now disable add_image and make sure we get 403"},{"line_number":216,"context_line":"        self.set_policy_rules({\u0027add_image\u0027: \u0027!\u0027})"},{"line_number":217,"context_line":""},{"line_number":218,"context_line":"        self.assertEqual(403, self._create().status_code)"},{"line_number":219,"context_line":""},{"line_number":220,"context_line":"    def test_image_create_by_another(self):"},{"line_number":221,"context_line":"        self.start_server()"},{"line_number":222,"context_line":""},{"line_number":223,"context_line":"        # NOTE(danms): There is no policy override in this test,"},{"line_number":224,"context_line":"        # specifically to test that the defaults (for rbac and"},{"line_number":225,"context_line":"        # non-rbac) properly catch the attempt by a non-admin to"},{"line_number":226,"context_line":"        # create an image owned by someone else."},{"line_number":227,"context_line":""},{"line_number":228,"context_line":"        image \u003d {\u0027name\u0027: \u0027foo\u0027,"},{"line_number":229,"context_line":"                 \u0027container_format\u0027: \u0027bare\u0027,"},{"line_number":230,"context_line":"                 \u0027disk_format\u0027: \u0027raw\u0027,"},{"line_number":231,"context_line":"                 \u0027owner\u0027: \u0027someoneelse\u0027}"},{"line_number":232,"context_line":"        resp \u003d self.api_post(\u0027/v2/images\u0027,"},{"line_number":233,"context_line":"                             json\u003dimage,"},{"line_number":234,"context_line":"                             headers\u003d{\u0027X-Roles\u0027: \u0027member\u0027})"},{"line_number":235,"context_line":"        # Make sure we get the expected owner-specific error message"},{"line_number":236,"context_line":"        self.assertIn(\"You are not permitted to create images \""},{"line_number":237,"context_line":"                      \"owned by \u0027someoneelse\u0027\", resp.text)"},{"line_number":238,"context_line":""},{"line_number":239,"context_line":"    def test_image_delete(self):"},{"line_number":240,"context_line":"        self.start_server()"}],"source_content_type":"text/x-python","patch_set":1,"id":"5aca69fd_7f07b7fe","side":"PARENT","line":237,"range":{"start_line":218,"start_character":51,"end_line":237,"end_character":58},"in_reply_to":"4343a60f_a4cc4aa3","updated":"2023-02-15 18:35:01.000000000","message":"The error message may be different, but I think the test is still legit, no?","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"b00fb232f734e6efd6e26534a5ea81a3a1f20a4b","unresolved":true,"context_lines":[{"line_number":215,"context_line":"        # Now disable add_image and make sure we get 403"},{"line_number":216,"context_line":"        self.set_policy_rules({\u0027add_image\u0027: \u0027!\u0027})"},{"line_number":217,"context_line":""},{"line_number":218,"context_line":"        self.assertEqual(403, self._create().status_code)"},{"line_number":219,"context_line":""},{"line_number":220,"context_line":"    def test_image_create_by_another(self):"},{"line_number":221,"context_line":"        self.start_server()"},{"line_number":222,"context_line":""},{"line_number":223,"context_line":"        # NOTE(danms): There is no policy override in this test,"},{"line_number":224,"context_line":"        # specifically to test that the defaults (for rbac and"},{"line_number":225,"context_line":"        # non-rbac) properly catch the attempt by a non-admin to"},{"line_number":226,"context_line":"        # create an image owned by someone else."},{"line_number":227,"context_line":""},{"line_number":228,"context_line":"        image \u003d {\u0027name\u0027: \u0027foo\u0027,"},{"line_number":229,"context_line":"                 \u0027container_format\u0027: \u0027bare\u0027,"},{"line_number":230,"context_line":"                 \u0027disk_format\u0027: \u0027raw\u0027,"},{"line_number":231,"context_line":"                 \u0027owner\u0027: \u0027someoneelse\u0027}"},{"line_number":232,"context_line":"        resp \u003d self.api_post(\u0027/v2/images\u0027,"},{"line_number":233,"context_line":"                             json\u003dimage,"},{"line_number":234,"context_line":"                             headers\u003d{\u0027X-Roles\u0027: \u0027member\u0027})"},{"line_number":235,"context_line":"        # Make sure we get the expected owner-specific error message"},{"line_number":236,"context_line":"        self.assertIn(\"You are not permitted to create images \""},{"line_number":237,"context_line":"                      \"owned by \u0027someoneelse\u0027\", resp.text)"},{"line_number":238,"context_line":""},{"line_number":239,"context_line":"    def test_image_delete(self):"},{"line_number":240,"context_line":"        self.start_server()"}],"source_content_type":"text/x-python","patch_set":1,"id":"eb3daf13_938d4a71","side":"PARENT","line":237,"range":{"start_line":218,"start_character":51,"end_line":237,"end_character":58},"in_reply_to":"5aca69fd_7f07b7fe","updated":"2023-02-15 18:47:39.000000000","message":"+1, we can assert on 403 (HTTP.Forbidden) here instead of error message.","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"f6beaaacb5a95a9541a5fe077210b9e90eab5890","unresolved":true,"context_lines":[{"line_number":215,"context_line":"        # Now disable add_image and make sure we get 403"},{"line_number":216,"context_line":"        self.set_policy_rules({\u0027add_image\u0027: \u0027!\u0027})"},{"line_number":217,"context_line":""},{"line_number":218,"context_line":"        self.assertEqual(403, self._create().status_code)"},{"line_number":219,"context_line":""},{"line_number":220,"context_line":"    def test_image_create_by_another(self):"},{"line_number":221,"context_line":"        self.start_server()"},{"line_number":222,"context_line":""},{"line_number":223,"context_line":"        # NOTE(danms): There is no policy override in this test,"},{"line_number":224,"context_line":"        # specifically to test that the defaults (for rbac and"},{"line_number":225,"context_line":"        # non-rbac) properly catch the attempt by a non-admin to"},{"line_number":226,"context_line":"        # create an image owned by someone else."},{"line_number":227,"context_line":""},{"line_number":228,"context_line":"        image \u003d {\u0027name\u0027: \u0027foo\u0027,"},{"line_number":229,"context_line":"                 \u0027container_format\u0027: \u0027bare\u0027,"},{"line_number":230,"context_line":"                 \u0027disk_format\u0027: \u0027raw\u0027,"},{"line_number":231,"context_line":"                 \u0027owner\u0027: \u0027someoneelse\u0027}"},{"line_number":232,"context_line":"        resp \u003d self.api_post(\u0027/v2/images\u0027,"},{"line_number":233,"context_line":"                             json\u003dimage,"},{"line_number":234,"context_line":"                             headers\u003d{\u0027X-Roles\u0027: \u0027member\u0027})"},{"line_number":235,"context_line":"        # Make sure we get the expected owner-specific error message"},{"line_number":236,"context_line":"        self.assertIn(\"You are not permitted to create images \""},{"line_number":237,"context_line":"                      \"owned by \u0027someoneelse\u0027\", resp.text)"},{"line_number":238,"context_line":""},{"line_number":239,"context_line":"    def test_image_delete(self):"},{"line_number":240,"context_line":"        self.start_server()"}],"source_content_type":"text/x-python","patch_set":1,"id":"7b0c3926_9cceb497","side":"PARENT","line":237,"range":{"start_line":218,"start_character":51,"end_line":237,"end_character":58},"in_reply_to":"7065f8fd_0d544fdf","updated":"2023-02-11 11:58:08.000000000","message":"I think as per the NOTE added here, there is no policy override here in this test to test the defaults so don\u0027t think required any more. \nAnd it\u0027s just checking the specific error message which doesn\u0027t exists now.","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"8cc8b0920616ddeb705d3fdb287ca4d2783d7198","unresolved":true,"context_lines":[{"line_number":215,"context_line":"        # Now disable add_image and make sure we get 403"},{"line_number":216,"context_line":"        self.set_policy_rules({\u0027add_image\u0027: \u0027!\u0027})"},{"line_number":217,"context_line":""},{"line_number":218,"context_line":"        self.assertEqual(403, self._create().status_code)"},{"line_number":219,"context_line":""},{"line_number":220,"context_line":"    def test_image_create_by_another(self):"},{"line_number":221,"context_line":"        self.start_server()"},{"line_number":222,"context_line":""},{"line_number":223,"context_line":"        # NOTE(danms): There is no policy override in this test,"},{"line_number":224,"context_line":"        # specifically to test that the defaults (for rbac and"},{"line_number":225,"context_line":"        # non-rbac) properly catch the attempt by a non-admin to"},{"line_number":226,"context_line":"        # create an image owned by someone else."},{"line_number":227,"context_line":""},{"line_number":228,"context_line":"        image \u003d {\u0027name\u0027: \u0027foo\u0027,"},{"line_number":229,"context_line":"                 \u0027container_format\u0027: \u0027bare\u0027,"},{"line_number":230,"context_line":"                 \u0027disk_format\u0027: \u0027raw\u0027,"},{"line_number":231,"context_line":"                 \u0027owner\u0027: \u0027someoneelse\u0027}"},{"line_number":232,"context_line":"        resp \u003d self.api_post(\u0027/v2/images\u0027,"},{"line_number":233,"context_line":"                             json\u003dimage,"},{"line_number":234,"context_line":"                             headers\u003d{\u0027X-Roles\u0027: \u0027member\u0027})"},{"line_number":235,"context_line":"        # Make sure we get the expected owner-specific error message"},{"line_number":236,"context_line":"        self.assertIn(\"You are not permitted to create images \""},{"line_number":237,"context_line":"                      \"owned by \u0027someoneelse\u0027\", resp.text)"},{"line_number":238,"context_line":""},{"line_number":239,"context_line":"    def test_image_delete(self):"},{"line_number":240,"context_line":"        self.start_server()"}],"source_content_type":"text/x-python","patch_set":1,"id":"4343a60f_a4cc4aa3","side":"PARENT","line":237,"range":{"start_line":218,"start_character":51,"end_line":237,"end_character":58},"in_reply_to":"7b0c3926_9cceb497","updated":"2023-02-15 18:25:44.000000000","message":"I think this is required now, right?","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"fc4d579004578e696e20c0f66ec550d5d4f68e39","unresolved":true,"context_lines":[{"line_number":215,"context_line":"        # Now disable add_image and make sure we get 403"},{"line_number":216,"context_line":"        self.set_policy_rules({\u0027add_image\u0027: \u0027!\u0027})"},{"line_number":217,"context_line":""},{"line_number":218,"context_line":"        self.assertEqual(403, self._create().status_code)"},{"line_number":219,"context_line":""},{"line_number":220,"context_line":"    def test_image_create_by_another(self):"},{"line_number":221,"context_line":"        self.start_server()"},{"line_number":222,"context_line":""},{"line_number":223,"context_line":"        # NOTE(danms): There is no policy override in this test,"},{"line_number":224,"context_line":"        # specifically to test that the defaults (for rbac and"},{"line_number":225,"context_line":"        # non-rbac) properly catch the attempt by a non-admin to"},{"line_number":226,"context_line":"        # create an image owned by someone else."},{"line_number":227,"context_line":""},{"line_number":228,"context_line":"        image \u003d {\u0027name\u0027: \u0027foo\u0027,"},{"line_number":229,"context_line":"                 \u0027container_format\u0027: \u0027bare\u0027,"},{"line_number":230,"context_line":"                 \u0027disk_format\u0027: \u0027raw\u0027,"},{"line_number":231,"context_line":"                 \u0027owner\u0027: \u0027someoneelse\u0027}"},{"line_number":232,"context_line":"        resp \u003d self.api_post(\u0027/v2/images\u0027,"},{"line_number":233,"context_line":"                             json\u003dimage,"},{"line_number":234,"context_line":"                             headers\u003d{\u0027X-Roles\u0027: \u0027member\u0027})"},{"line_number":235,"context_line":"        # Make sure we get the expected owner-specific error message"},{"line_number":236,"context_line":"        self.assertIn(\"You are not permitted to create images \""},{"line_number":237,"context_line":"                      \"owned by \u0027someoneelse\u0027\", resp.text)"},{"line_number":238,"context_line":""},{"line_number":239,"context_line":"    def test_image_delete(self):"},{"line_number":240,"context_line":"        self.start_server()"}],"source_content_type":"text/x-python","patch_set":1,"id":"3a4d4aca_a1b94dc4","side":"PARENT","line":237,"range":{"start_line":218,"start_character":51,"end_line":237,"end_character":58},"in_reply_to":"afd2c553_814c61bd","updated":"2023-02-15 19:07:10.000000000","message":"ah right. its there. prefect.","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"7b8e41e454a4ffe695e961e6a37ad10434807de7","unresolved":true,"context_lines":[{"line_number":215,"context_line":"        # Now disable add_image and make sure we get 403"},{"line_number":216,"context_line":"        self.set_policy_rules({\u0027add_image\u0027: \u0027!\u0027})"},{"line_number":217,"context_line":""},{"line_number":218,"context_line":"        self.assertEqual(403, self._create().status_code)"},{"line_number":219,"context_line":""},{"line_number":220,"context_line":"    def test_image_create_by_another(self):"},{"line_number":221,"context_line":"        self.start_server()"},{"line_number":222,"context_line":""},{"line_number":223,"context_line":"        # NOTE(danms): There is no policy override in this test,"},{"line_number":224,"context_line":"        # specifically to test that the defaults (for rbac and"},{"line_number":225,"context_line":"        # non-rbac) properly catch the attempt by a non-admin to"},{"line_number":226,"context_line":"        # create an image owned by someone else."},{"line_number":227,"context_line":""},{"line_number":228,"context_line":"        image \u003d {\u0027name\u0027: \u0027foo\u0027,"},{"line_number":229,"context_line":"                 \u0027container_format\u0027: \u0027bare\u0027,"},{"line_number":230,"context_line":"                 \u0027disk_format\u0027: \u0027raw\u0027,"},{"line_number":231,"context_line":"                 \u0027owner\u0027: \u0027someoneelse\u0027}"},{"line_number":232,"context_line":"        resp \u003d self.api_post(\u0027/v2/images\u0027,"},{"line_number":233,"context_line":"                             json\u003dimage,"},{"line_number":234,"context_line":"                             headers\u003d{\u0027X-Roles\u0027: \u0027member\u0027})"},{"line_number":235,"context_line":"        # Make sure we get the expected owner-specific error message"},{"line_number":236,"context_line":"        self.assertIn(\"You are not permitted to create images \""},{"line_number":237,"context_line":"                      \"owned by \u0027someoneelse\u0027\", resp.text)"},{"line_number":238,"context_line":""},{"line_number":239,"context_line":"    def test_image_delete(self):"},{"line_number":240,"context_line":"        self.start_server()"}],"source_content_type":"text/x-python","patch_set":1,"id":"afd2c553_814c61bd","side":"PARENT","line":237,"range":{"start_line":218,"start_character":51,"end_line":237,"end_character":58},"in_reply_to":"eb3daf13_938d4a71","updated":"2023-02-15 19:05:30.000000000","message":"The test I already re added in the PS6 and hence not showing file changed in PS6.\nI hope there is nothing wrong with my gerrit :)","commit_id":"ec9da06797025d8ee8d75fb44dbc12d6abd2e02e"}],"releasenotes/notes/remove-enforce-secure-rbac-ec9a0249870460c2.yaml":[{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"20af83cd20cf11fa3f7d7e93f6d97f257f823805","unresolved":true,"context_lines":[{"line_number":2,"context_line":"upgrade:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    As per the revised SRBAC community goals, glance service is switching to"},{"line_number":5,"context_line":"    new defaults by default in Antelope cycle, hence removing the deprecated "},{"line_number":6,"context_line":"    ``enforce_secure_rbac`` option which is no longer needed."},{"line_number":7,"context_line":"    The ``enforce_secure_rbac`` option was introduced EXPERIMENTAL in Wallaby"},{"line_number":8,"context_line":"    release for operators to opt into enforcing authorization based on common"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"3189bc83_9bcace8e","line":5,"range":{"start_line":5,"start_character":75,"end_line":5,"end_character":77},"updated":"2023-02-10 15:10:01.000000000","message":"remove trailing white space","commit_id":"4e3b7ad4b318f4eced2360b1ef2088c535d2524a"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"f6beaaacb5a95a9541a5fe077210b9e90eab5890","unresolved":false,"context_lines":[{"line_number":2,"context_line":"upgrade:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    As per the revised SRBAC community goals, glance service is switching to"},{"line_number":5,"context_line":"    new defaults by default in Antelope cycle, hence removing the deprecated "},{"line_number":6,"context_line":"    ``enforce_secure_rbac`` option which is no longer needed."},{"line_number":7,"context_line":"    The ``enforce_secure_rbac`` option was introduced EXPERIMENTAL in Wallaby"},{"line_number":8,"context_line":"    release for operators to opt into enforcing authorization based on common"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"e4988c90_58e54e73","line":5,"range":{"start_line":5,"start_character":75,"end_line":5,"end_character":77},"in_reply_to":"3189bc83_9bcace8e","updated":"2023-02-11 11:58:08.000000000","message":"Done","commit_id":"4e3b7ad4b318f4eced2360b1ef2088c535d2524a"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"b7a3c0c37b80b39fb64a92478a64222cc55a4e64","unresolved":true,"context_lines":[{"line_number":6,"context_line":"    ``enforce_secure_rbac`` option which is no longer needed."},{"line_number":7,"context_line":"    The ``enforce_secure_rbac`` option was introduced EXPERIMENTAL in Wallaby"},{"line_number":8,"context_line":"    release for operators to opt into enforcing authorization based on common"},{"line_number":9,"context_line":"    RBAC personas."}],"source_content_type":"text/x-yaml","patch_set":4,"id":"5b5fe5b0_b65bdde2","line":9,"range":{"start_line":9,"start_character":0,"end_line":9,"end_character":18},"updated":"2023-02-11 19:29:45.000000000","message":"it will be helpful to mention about the oslo.policy config option here and operator can control the scope and new defaults flag.","commit_id":"3d7c644cd31c43025b099f0d84e35e174561d124"},{"author":{"_account_id":19138,"name":"Pranali Deore","email":"pdeore@redhat.com","username":"PranaliD"},"change_message_id":"b2efb916bcef20c14d53d585edcf85aee3f3b8dc","unresolved":false,"context_lines":[{"line_number":6,"context_line":"    ``enforce_secure_rbac`` option which is no longer needed."},{"line_number":7,"context_line":"    The ``enforce_secure_rbac`` option was introduced EXPERIMENTAL in Wallaby"},{"line_number":8,"context_line":"    release for operators to opt into enforcing authorization based on common"},{"line_number":9,"context_line":"    RBAC personas."}],"source_content_type":"text/x-yaml","patch_set":4,"id":"254ab187_df147063","line":9,"range":{"start_line":9,"start_character":0,"end_line":9,"end_character":18},"in_reply_to":"5b5fe5b0_b65bdde2","updated":"2023-02-12 10:13:08.000000000","message":"Done","commit_id":"3d7c644cd31c43025b099f0d84e35e174561d124"}]}