)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"6bce0771df7ef7433ccffa849032cb4d0966d868","unresolved":true,"context_lines":[{"line_number":12,"context_line":"oslo.policy requirement is updated. oslo.policy 3.2.0 is chosen"},{"line_number":13,"context_line":"just because it is the first release in Victoria cycle."},{"line_number":14,"context_line":"requirements.txt and lower-constraints.txt are updated accordingly"},{"line_number":15,"context_line":"including oslo.policy dependencies."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"Change-Id: If5059d03f6bd7e94796065aa1b51c0c23ac85f5e"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":6,"id":"9e36e679_332da133","line":15,"updated":"2021-02-01 20:36:50.000000000","message":"Several other projects are working on functionality for better RBAC and we\u0027re tracking it using the secure-rbac topic.\n\nDo you mind if I update the topic of this patch so that we can track it as part of the overall effort?\n\nhttps://review.opendev.org/q/topic:secure-rbac","commit_id":"b7bb76eb204ef1cbd6df9f416437263a67371ba5"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"8087c3a5234cd7d4b463f25815234d63aeac15a4","unresolved":true,"context_lines":[{"line_number":12,"context_line":"oslo.policy requirement is updated. oslo.policy 3.2.0 is chosen"},{"line_number":13,"context_line":"just because it is the first release in Victoria cycle."},{"line_number":14,"context_line":"requirements.txt and lower-constraints.txt are updated accordingly"},{"line_number":15,"context_line":"including oslo.policy dependencies."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"Change-Id: If5059d03f6bd7e94796065aa1b51c0c23ac85f5e"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":6,"id":"184a270b_a52a2aa0","line":15,"in_reply_to":"9e36e679_332da133","updated":"2021-02-02 08:20:58.000000000","message":"\u003e Several other projects are working on functionality for better RBAC and we\u0027re tracking it using the secure-rbac topic.\n\u003e \n\u003e Do you mind if I update the topic of this patch so that we can track it as part of the overall effort?\n\u003e \n\u003e https://review.opendev.org/q/topic:secure-rbac\n\nSure. There is no specific reason I used the old topic.\n\nNote that this commit allows horizon to handle policy-in-code and deprecated rules.\nWe still need an effort to apply the system-scoped token, but this commit would be a good step.","commit_id":"b7bb76eb204ef1cbd6df9f416437263a67371ba5"}],"doc/source/configuration/settings.rst":[{"author":{"_account_id":29313,"name":"Vishal Manchanda","email":"manchandavishal143@gmail.com","username":"vishalmanchanda"},"change_message_id":"15b6be1dd24b7fd9cdaa5b7a3913cf3bfa5aa56b","unresolved":false,"context_lines":[{"line_number":139,"context_line":"DEFAULT_POLICY_FILES"},{"line_number":140,"context_line":"--------------------"},{"line_number":141,"context_line":""},{"line_number":142,"context_line":".. versionadded:: 18.5.0(Victoria)"},{"line_number":143,"context_line":""},{"line_number":144,"context_line":"Default:"},{"line_number":145,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f621f24_07d4f8e7","line":142,"range":{"start_line":142,"start_character":18,"end_line":142,"end_character":34},"updated":"2020-12-03 10:33:24.000000000","message":"Now It needs to be updated.","commit_id":"48f5365da8f92a4c1362a37a1cb310bd9e02bd84"},{"author":{"_account_id":29313,"name":"Vishal Manchanda","email":"manchandavishal143@gmail.com","username":"vishalmanchanda"},"change_message_id":"15b6be1dd24b7fd9cdaa5b7a3913cf3bfa5aa56b","unresolved":false,"context_lines":[{"line_number":813,"context_line":""},{"line_number":814,"context_line":".. versionadded:: 2013.2(Havana)"},{"line_number":815,"context_line":""},{"line_number":816,"context_line":".. versionchanged:: 18.5.0(Victoria)"},{"line_number":817,"context_line":""},{"line_number":818,"context_line":"   The default files are changed to YAML format."},{"line_number":819,"context_line":"   JSON format still continues to be supported."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f621f24_a7fee467","line":816,"range":{"start_line":816,"start_character":20,"end_line":816,"end_character":36},"updated":"2020-12-03 10:33:24.000000000","message":"ditto.","commit_id":"48f5365da8f92a4c1362a37a1cb310bd9e02bd84"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"f597e42d50ef01eb852cf2def125e8d2816f4081","unresolved":false,"context_lines":[{"line_number":814,"context_line":".. versionadded:: 2013.2(Havana)"},{"line_number":815,"context_line":""},{"line_number":816,"context_line":".. versionchanged:: 18.5.0(Victoria)"},{"line_number":817,"context_line":""},{"line_number":818,"context_line":"   The default files are changed to YAML format."},{"line_number":819,"context_line":"   JSON format still continues to be supported."},{"line_number":820,"context_line":""},{"line_number":821,"context_line":"Default:"},{"line_number":822,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"3f65232a_3072b812","line":819,"range":{"start_line":817,"start_character":0,"end_line":819,"end_character":47},"updated":"2020-10-26 22:47:09.000000000","message":"+1 on moving to YAML.","commit_id":"48f5365da8f92a4c1362a37a1cb310bd9e02bd84"},{"author":{"_account_id":29313,"name":"Vishal Manchanda","email":"manchandavishal143@gmail.com","username":"vishalmanchanda"},"change_message_id":"60bcf5223aee2b12b760dcec7d1a3c2438d562e9","unresolved":true,"context_lines":[{"line_number":139,"context_line":"DEFAULT_POLICY_FILES"},{"line_number":140,"context_line":"--------------------"},{"line_number":141,"context_line":""},{"line_number":142,"context_line":".. versionadded:: 19.1.0(Victoria)"},{"line_number":143,"context_line":""},{"line_number":144,"context_line":"Default:"},{"line_number":145,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"acd2f383_f10d9bd9","line":142,"range":{"start_line":142,"start_character":25,"end_line":142,"end_character":33},"updated":"2021-01-27 13:52:27.000000000","message":"I wonder why you used Victoria here.\nIt needs to be Wallaby or am I wrong?","commit_id":"9beeddd6c0421833c4cd7cb9b1f2375cebe8e24a"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"aa484746d2f6406ef6d64824c2118083d2c91d14","unresolved":true,"context_lines":[{"line_number":139,"context_line":"DEFAULT_POLICY_FILES"},{"line_number":140,"context_line":"--------------------"},{"line_number":141,"context_line":""},{"line_number":142,"context_line":".. versionadded:: 19.1.0(Victoria)"},{"line_number":143,"context_line":""},{"line_number":144,"context_line":"Default:"},{"line_number":145,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"24776d78_de3406e0","line":142,"range":{"start_line":142,"start_character":25,"end_line":142,"end_character":33},"in_reply_to":"acd2f383_f10d9bd9","updated":"2021-01-27 14:01:03.000000000","message":"Just forgot to update the release name. I just updated the version number :p","commit_id":"9beeddd6c0421833c4cd7cb9b1f2375cebe8e24a"},{"author":{"_account_id":29313,"name":"Vishal Manchanda","email":"manchandavishal143@gmail.com","username":"vishalmanchanda"},"change_message_id":"60bcf5223aee2b12b760dcec7d1a3c2438d562e9","unresolved":true,"context_lines":[{"line_number":816,"context_line":""},{"line_number":817,"context_line":".. versionadded:: 2013.2(Havana)"},{"line_number":818,"context_line":""},{"line_number":819,"context_line":".. versionchanged:: 19.1.0(Victoria)"},{"line_number":820,"context_line":""},{"line_number":821,"context_line":"   The default files are changed to YAML format."},{"line_number":822,"context_line":"   JSON format still continues to be supported."}],"source_content_type":"text/x-rst","patch_set":5,"id":"61645cb3_2b9046eb","line":819,"range":{"start_line":819,"start_character":27,"end_line":819,"end_character":35},"updated":"2021-01-27 13:52:27.000000000","message":"ditto","commit_id":"9beeddd6c0421833c4cd7cb9b1f2375cebe8e24a"},{"author":{"_account_id":29313,"name":"Vishal Manchanda","email":"manchandavishal143@gmail.com","username":"vishalmanchanda"},"change_message_id":"47ed548a797e6230fd46b45128258f1f83c9eeb3","unresolved":true,"context_lines":[{"line_number":139,"context_line":"DEFAULT_POLICY_FILES"},{"line_number":140,"context_line":"--------------------"},{"line_number":141,"context_line":""},{"line_number":142,"context_line":".. versionadded:: 19.1.0(Wallaby)"},{"line_number":143,"context_line":""},{"line_number":144,"context_line":"Default:"},{"line_number":145,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"01accc5d_cc033fd6","line":142,"range":{"start_line":142,"start_character":18,"end_line":142,"end_character":24},"updated":"2021-01-28 06:45:58.000000000","message":"I hope you know that we have not cut any release for \u002719.1.0\u0027 version yet.","commit_id":"b7bb76eb204ef1cbd6df9f416437263a67371ba5"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"e84647520bcdec512bb40e00864fc7c0281aab14","unresolved":true,"context_lines":[{"line_number":139,"context_line":"DEFAULT_POLICY_FILES"},{"line_number":140,"context_line":"--------------------"},{"line_number":141,"context_line":""},{"line_number":142,"context_line":".. versionadded:: 19.1.0(Wallaby)"},{"line_number":143,"context_line":""},{"line_number":144,"context_line":"Default:"},{"line_number":145,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"0afb113f_fb3075c2","line":142,"range":{"start_line":142,"start_character":18,"end_line":142,"end_character":24},"in_reply_to":"01accc5d_cc033fd6","updated":"2021-01-31 11:53:39.000000000","message":"I am a bit surprised with this comment. Patches like this cannot specify a version already released and submitters always need to estimate the next version. It is just as usual.","commit_id":"b7bb76eb204ef1cbd6df9f416437263a67371ba5"}],"doc/source/contributor/topics/policy.rst":[{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"38289059af3ad426e138ee38e90584cc0236b523","unresolved":false,"context_lines":[{"line_number":168,"context_line":"renaming rule definitions (\"check_str\") and renaming rule names."},{"line_number":169,"context_line":"They are defined as part of python codes in back-end services."},{"line_number":170,"context_line":"horizon cannot import python codes of back-end services, so we need a way"},{"line_number":171,"context_line":"to restore policies defined by \"policy-in-code\" including deprecated rules."},{"line_number":172,"context_line":""},{"line_number":173,"context_line":"To address the above issue, horizon adopts the following two-step approach:"},{"line_number":174,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"3f65232a_304bd8b0","line":171,"range":{"start_line":171,"start_character":48,"end_line":171,"end_character":75},"updated":"2020-10-26 22:49:33.000000000","message":"and if i understand correctly, horizon need deprecated rules to support the old token to keep working? \nBut that can be done if you do not pass the policy_file at all? or is it to avoid any break if project started to remove the deprecated rules and Horizon need time to switch to new policy?","commit_id":"48f5365da8f92a4c1362a37a1cb310bd9e02bd84"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"3516c1fe22d6954da79d2ab211eb14836ab61804","unresolved":false,"context_lines":[{"line_number":168,"context_line":"renaming rule definitions (\"check_str\") and renaming rule names."},{"line_number":169,"context_line":"They are defined as part of python codes in back-end services."},{"line_number":170,"context_line":"horizon cannot import python codes of back-end services, so we need a way"},{"line_number":171,"context_line":"to restore policies defined by \"policy-in-code\" including deprecated rules."},{"line_number":172,"context_line":""},{"line_number":173,"context_line":"To address the above issue, horizon adopts the following two-step approach:"},{"line_number":174,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"b004e4eb_8c01ec57","line":171,"range":{"start_line":171,"start_character":48,"end_line":171,"end_character":75},"in_reply_to":"1f621f24_056974bd","updated":"2020-12-16 19:42:32.000000000","message":"\u003e \u003e and if i understand correctly, horizon need deprecated rules to support the old token to keep working? \n\u003e \n\u003e Yes, deprecated rules in keystone and nova policies are required to make horizon work well. Horizon does not support system-scoped token yet and it depends on project/domain-scoped token at the moment.\n\u003e \n\u003e Even after horizon supports system-scoped token, I think it is still useful because operators potentially use deprecated rules and have not migrated to new rules.\n\u003e \n\u003e \u003e But that can be done if you do not pass the policy_file at all? or is it to avoid any break if project started to remove the deprecated rules and Horizon need time to switch to new policy?\n\u003e \n\u003e The reason that horizon load policies from dumped policy files is because it is too much to import service project python codes like nova, keystone and so on. Is there any way to load default policies without importing nova and so on?\n\nNot that I\u0027m aware of. Even if we had an easy way to import the default policies registered in code, we\u0027d likely still need the policy file to support overridden policies.","commit_id":"48f5365da8f92a4c1362a37a1cb310bd9e02bd84"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"3c831b8fca773502c0d7facce658c87f06360861","unresolved":false,"context_lines":[{"line_number":168,"context_line":"renaming rule definitions (\"check_str\") and renaming rule names."},{"line_number":169,"context_line":"They are defined as part of python codes in back-end services."},{"line_number":170,"context_line":"horizon cannot import python codes of back-end services, so we need a way"},{"line_number":171,"context_line":"to restore policies defined by \"policy-in-code\" including deprecated rules."},{"line_number":172,"context_line":""},{"line_number":173,"context_line":"To address the above issue, horizon adopts the following two-step approach:"},{"line_number":174,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f621f24_056974bd","line":171,"range":{"start_line":171,"start_character":48,"end_line":171,"end_character":75},"in_reply_to":"3f65232a_304bd8b0","updated":"2020-10-29 00:08:20.000000000","message":"\u003e and if i understand correctly, horizon need deprecated rules to support the old token to keep working? \n\nYes, deprecated rules in keystone and nova policies are required to make horizon work well. Horizon does not support system-scoped token yet and it depends on project/domain-scoped token at the moment.\n\nEven after horizon supports system-scoped token, I think it is still useful because operators potentially use deprecated rules and have not migrated to new rules.\n\n\u003e But that can be done if you do not pass the policy_file at all? or is it to avoid any break if project started to remove the deprecated rules and Horizon need time to switch to new policy?\n\nThe reason that horizon load policies from dumped policy files is because it is too much to import service project python codes like nova, keystone and so on. Is there any way to load default policies without importing nova and so on?","commit_id":"48f5365da8f92a4c1362a37a1cb310bd9e02bd84"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"aa484746d2f6406ef6d64824c2118083d2c91d14","unresolved":false,"context_lines":[{"line_number":168,"context_line":"renaming rule definitions (\"check_str\") and renaming rule names."},{"line_number":169,"context_line":"They are defined as part of python codes in back-end services."},{"line_number":170,"context_line":"horizon cannot import python codes of back-end services, so we need a way"},{"line_number":171,"context_line":"to restore policies defined by \"policy-in-code\" including deprecated rules."},{"line_number":172,"context_line":""},{"line_number":173,"context_line":"To address the above issue, horizon adopts the following two-step approach:"},{"line_number":174,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"a61038d4_0b2973cb","line":171,"range":{"start_line":171,"start_character":48,"end_line":171,"end_character":75},"in_reply_to":"b004e4eb_8c01ec57","updated":"2021-01-27 14:01:03.000000000","message":"\u003e Even if we had an easy way to import the default policies registered in code, we\u0027d likely still need the policy file to support overridden policies.\n\nThis implement introduces two types of policy files.\nThe one is \"default rules\" specified in DEFAULT_POLICY_FILES. They are mirrors of registered rules in back-end services.\nThe other is \"policy files\" specified in POLICY_FILES. They correspond to /etc/\u003cxxxx\u003e/policy.yaml and operators should modify these when overriding registered default rules.\n\n\"an easy way to import the default policies registered in code\" just helps the first one. Users can define overridden policies with the latter.","commit_id":"48f5365da8f92a4c1362a37a1cb310bd9e02bd84"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"f597e42d50ef01eb852cf2def125e8d2816f4081","unresolved":false,"context_lines":[{"line_number":180,"context_line":""},{"line_number":181,"context_line":"  Note that `oslopolicy-sample-generator` does not output deprecated rules"},{"line_number":182,"context_line":"  in a structured way, so we prepare a dedicated script for this purpose"},{"line_number":183,"context_line":"  in the horizon repo."},{"line_number":184,"context_line":""},{"line_number":185,"context_line":"* The horizon policy implementation loads the above YAML file into a list of"},{"line_number":186,"context_line":"  RuleDefault and registers the list as the default rules to the policy"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3f65232a_70655045","line":183,"range":{"start_line":183,"start_character":20,"end_line":183,"end_character":22},"updated":"2020-10-26 22:47:09.000000000","message":"or extend the oslo tool too to generate the deprecated rule too?","commit_id":"48f5365da8f92a4c1362a37a1cb310bd9e02bd84"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"3c831b8fca773502c0d7facce658c87f06360861","unresolved":false,"context_lines":[{"line_number":180,"context_line":""},{"line_number":181,"context_line":"  Note that `oslopolicy-sample-generator` does not output deprecated rules"},{"line_number":182,"context_line":"  in a structured way, so we prepare a dedicated script for this purpose"},{"line_number":183,"context_line":"  in the horizon repo."},{"line_number":184,"context_line":""},{"line_number":185,"context_line":"* The horizon policy implementation loads the above YAML file into a list of"},{"line_number":186,"context_line":"  RuleDefault and registers the list as the default rules to the policy"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f621f24_c5f2dc06","line":183,"range":{"start_line":183,"start_character":20,"end_line":183,"end_character":22},"in_reply_to":"3f65232a_70655045","updated":"2020-10-29 00:08:20.000000000","message":"It can and I am okay with either direction, but I am not sure whether there is such need outside of horizon.\nHorizon needs the relationship between deprecated rules and new rules. The current oslo tool outputs deprecated information as comments but I am not sure the proposed format like [1] is useful for others.\n\n[1] https://review.opendev.org/#/c/750134/2/openstack_dashboard/conf/default_policies/nova.yaml","commit_id":"48f5365da8f92a4c1362a37a1cb310bd9e02bd84"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"3516c1fe22d6954da79d2ab211eb14836ab61804","unresolved":true,"context_lines":[{"line_number":241,"context_line":"     We now use YAML format for sample policy files now."},{"line_number":242,"context_line":"     \"oslo.policy\" can accept both YAML and JSON files."},{"line_number":243,"context_line":"     We now support default policies so there is no need to define all"},{"line_number":244,"context_line":"     policies using JSON files. YAML files allows us to use comments,"},{"line_number":245,"context_line":"     so it would be more useful and OpenStack is now switching to"},{"line_number":246,"context_line":"     YAML policy files by default (as of Victoria cycle)."},{"line_number":247,"context_line":""},{"line_number":248,"context_line":"  .. note::"},{"line_number":249,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"df919665_cea189e5","line":246,"range":{"start_line":244,"start_character":32,"end_line":246,"end_character":57},"updated":"2020-12-16 19:42:32.000000000","message":"++\n\nIn addition to these points, Ghanshyam highlighted the importance of switching to YAML in his proposal for a community-wide goal [0].\n\n[0] https://review.opendev.org/c/openstack/governance/+/759881/3/goals/proposed/migrate-policy-format-from-json-to-yaml.rst","commit_id":"48f5365da8f92a4c1362a37a1cb310bd9e02bd84"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"aa484746d2f6406ef6d64824c2118083d2c91d14","unresolved":true,"context_lines":[{"line_number":241,"context_line":"     We now use YAML format for sample policy files now."},{"line_number":242,"context_line":"     \"oslo.policy\" can accept both YAML and JSON files."},{"line_number":243,"context_line":"     We now support default policies so there is no need to define all"},{"line_number":244,"context_line":"     policies using JSON files. YAML files allows us to use comments,"},{"line_number":245,"context_line":"     so it would be more useful and OpenStack is now switching to"},{"line_number":246,"context_line":"     YAML policy files by default (as of Victoria cycle)."},{"line_number":247,"context_line":""},{"line_number":248,"context_line":"  .. note::"},{"line_number":249,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"ff0d2c32_cf4f4e5e","line":246,"range":{"start_line":244,"start_character":32,"end_line":246,"end_character":57},"in_reply_to":"df919665_cea189e5","updated":"2021-01-27 14:01:03.000000000","message":"I do not cover all of the backgrounds here. I added a link to the community goal here.","commit_id":"48f5365da8f92a4c1362a37a1cb310bd9e02bd84"}],"openstack_auth/policy.py":[{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"3516c1fe22d6954da79d2ab211eb14836ab61804","unresolved":true,"context_lines":[{"line_number":75,"context_line":"    )"},{"line_number":76,"context_line":""},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"def _load_default_rules(service, enforcer):"},{"line_number":79,"context_line":"    policy_files \u003d settings.DEFAULT_POLICY_FILES"},{"line_number":80,"context_line":"    try:"},{"line_number":81,"context_line":"        policy_file \u003d os.path.join(_BASE_PATH, policy_files[service])"}],"source_content_type":"text/x-python","patch_set":2,"id":"95a98098_4b9b124f","line":78,"range":{"start_line":78,"start_character":4,"end_line":78,"end_character":23},"updated":"2020-12-16 19:42:32.000000000","message":"To clarify, you\u0027re requiring this method to load and register policy rules from the generated sample policy files because we don\u0027t have instances of registered defaults from the service, correct?","commit_id":"48f5365da8f92a4c1362a37a1cb310bd9e02bd84"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"aa484746d2f6406ef6d64824c2118083d2c91d14","unresolved":true,"context_lines":[{"line_number":75,"context_line":"    )"},{"line_number":76,"context_line":""},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"def _load_default_rules(service, enforcer):"},{"line_number":79,"context_line":"    policy_files \u003d settings.DEFAULT_POLICY_FILES"},{"line_number":80,"context_line":"    try:"},{"line_number":81,"context_line":"        policy_file \u003d os.path.join(_BASE_PATH, policy_files[service])"}],"source_content_type":"text/x-python","patch_set":2,"id":"b6af6bc9_52f3c0a0","line":78,"range":{"start_line":78,"start_character":4,"end_line":78,"end_character":23},"in_reply_to":"95a98098_4b9b124f","updated":"2021-01-27 14:01:03.000000000","message":"Yes, this is to get enforcer instances with registered defaults. We cannot import registered rules from services , so instead this method loads registered rules from YAML file. Precisely speaking, sa you may know, YAML files used here have a bit different formats from \"generated sample policy files\" by oslopolicy-sample-generator.","commit_id":"48f5365da8f92a4c1362a37a1cb310bd9e02bd84"}],"openstack_dashboard/conf/default_policies/cinder.yaml":[{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"3516c1fe22d6954da79d2ab211eb14836ab61804","unresolved":true,"context_lines":[{"line_number":19,"context_line":"  operations:"},{"line_number":20,"context_line":"  - method: POST"},{"line_number":21,"context_line":"    path: /attachments"},{"line_number":22,"context_line":"  scope_types: null"},{"line_number":23,"context_line":"- check_str: rule:admin_or_owner"},{"line_number":24,"context_line":"  description: Update attachment."},{"line_number":25,"context_line":"  name: volume:attachment_update"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"5efff0e6_6124b226","line":22,"range":{"start_line":22,"start_character":15,"end_line":22,"end_character":19},"updated":"2020-12-16 19:42:32.000000000","message":"Will these populate automatically when cinder merges support for secure RBAC and scope_types?\n\nhttps://review.opendev.org/q/owner:self+status:open+project:openstack/cinder+topic:secure-rbac","commit_id":"48f5365da8f92a4c1362a37a1cb310bd9e02bd84"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"aa484746d2f6406ef6d64824c2118083d2c91d14","unresolved":true,"context_lines":[{"line_number":19,"context_line":"  operations:"},{"line_number":20,"context_line":"  - method: POST"},{"line_number":21,"context_line":"    path: /attachments"},{"line_number":22,"context_line":"  scope_types: null"},{"line_number":23,"context_line":"- check_str: rule:admin_or_owner"},{"line_number":24,"context_line":"  description: Update attachment."},{"line_number":25,"context_line":"  name: volume:attachment_update"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"34f14c8c_070520bf","line":22,"range":{"start_line":22,"start_character":15,"end_line":22,"end_character":19},"in_reply_to":"5efff0e6_6124b226","updated":"2021-01-27 14:01:03.000000000","message":"Yes, we need to sync this file with the cinder repo.\nopenstack_dashboard/management/commands/dump_default_policies.py generates this file based on the cinder repo.\nAt the moment, this is a manual process, but it can be done by a periodic job in future.","commit_id":"48f5365da8f92a4c1362a37a1cb310bd9e02bd84"}],"openstack_dashboard/conf/default_policies/keystone.yaml":[{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"3516c1fe22d6954da79d2ab211eb14836ab61804","unresolved":true,"context_lines":[{"line_number":46,"context_line":"    path: /v3/users/{user_id}/access_rules/{access_rule_id}"},{"line_number":47,"context_line":"  - method: HEAD"},{"line_number":48,"context_line":"    path: /v3/users/{user_id}/access_rules/{access_rule_id}"},{"line_number":49,"context_line":"  scope_types:"},{"line_number":50,"context_line":"  - system"},{"line_number":51,"context_line":"  - project"},{"line_number":52,"context_line":"- check_str: (role:reader and system_scope:all) or user_id:%(target.user.id)s"},{"line_number":53,"context_line":"  description: List access rules for a user."},{"line_number":54,"context_line":"  name: identity:list_access_rules"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"33668f8c_eb0be1cd","line":51,"range":{"start_line":49,"start_character":0,"end_line":51,"end_character":11},"updated":"2020-12-16 19:42:32.000000000","message":"It looks like it.","commit_id":"48f5365da8f92a4c1362a37a1cb310bd9e02bd84"}]}