)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"8935576da524779ea6687ca0e953f88db7839bfa","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"0192b69b_0ad0b950","updated":"2024-04-10 15:50:22.000000000","message":"Deploy templates need to remain a separate thing -- they, like automated cleaning, use implicit, priority-based ordering of steps.\n\nThese new templates will be for explicit lists of steps to run, which is:\n- manual cleaning\n- servicing\n- (future?) verify steps\n\nUse traits to ensure that a template is safe to run against a node.","commit_id":"6e45458dbb1c6bd158800b8c586e087d5172c608"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"8f8592b45b251a9c1f8b380fba065dd6defbf389","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"c0514acc_c0a1c956","updated":"2024-04-09 12:31:06.000000000","message":"I don\u0027t really have objections to the idea, but I think it\u0027s not finished. Of the user stories in the motivation part, one can be solved today, the other is not fully solved by this spec.","commit_id":"6e45458dbb1c6bd158800b8c586e087d5172c608"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"3c0ce512872f544bbc3e01810f06ce1a28166af6","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"158b7998_56f786e4","updated":"2024-04-30 00:00:10.000000000","message":"So, the file is in the wrong location\n\nIf memory serves, it should be in the approved folder, and the not-implemented folder reference should be a symlink.","commit_id":"1b34d4182038a7cc96ea46f495bcea0f6a2cee84"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"6c889bae4eb3aeebeca0f770ec2f2760ea1b0eae","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":7,"id":"957e1bfc_7138f965","updated":"2024-05-21 14:58:33.000000000","message":"I\u0027ll try to revise this before I go out of town.","commit_id":"1cad2e03173d29644203366a5657760113f7c4bc"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"f6cc0be6194cde360ad89b6c0d889ae0bec2f808","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"65b1b281_dce958b7","updated":"2024-05-20 17:13:01.000000000","message":"Overall, the idea LGTM and the updated spec sets context, the only concern I really have is the casting of security risk, and how we might want to fine tune that a little bit.","commit_id":"1cad2e03173d29644203366a5657760113f7c4bc"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"024d36ace5c0701a8e9df6acc8ee7e7ccd7cc214","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":10,"id":"bd70aac3_cbdd409d","updated":"2024-05-31 23:44:36.000000000","message":"Update looks good to me, Thanks!","commit_id":"ab2e7258c4f262994bc0a35184413eb6e87cff67"},{"author":{"_account_id":23851,"name":"Riccardo Pittau","email":"elfosardo@gmail.com","username":"elfosardo"},"change_message_id":"419690ee468194ee592de78af3df0fcc09e02bf0","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":10,"id":"443dd657_d5b62430","updated":"2024-06-03 09:16:28.000000000","message":"good for me, thanks!","commit_id":"ab2e7258c4f262994bc0a35184413eb6e87cff67"}],"specs/approved/runbooks.rst":[{"author":{"_account_id":29543,"name":"Scott Solkhon","email":"scott.solkhon@gresearch.co.uk","username":"scott.solkhon"},"change_message_id":"bccffda0c512ec28fefd569870e53fd93478d8fd","unresolved":true,"context_lines":[{"line_number":15,"context_line":"permitting them access to curated runbooks of steps."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"This feature will primarily involve extending creating a new runbook concept"},{"line_number":18,"context_line":"concept, allowing lists of steps to be created, associated with a node via"},{"line_number":19,"context_line":"traits. These runbooks will then be able to used in lieu of a list of steps"},{"line_number":20,"context_line":"when performing manual cleaning or node servicing."},{"line_number":21,"context_line":""}],"source_content_type":"text/x-rst","patch_set":7,"id":"1a286f30_e01352e8","line":18,"range":{"start_line":18,"start_character":0,"end_line":18,"end_character":7},"updated":"2024-05-07 09:03:11.000000000","message":"double concept","commit_id":"1cad2e03173d29644203366a5657760113f7c4bc"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"d8087c9251eef5276ff636c6bb70d0122054be06","unresolved":false,"context_lines":[{"line_number":15,"context_line":"permitting them access to curated runbooks of steps."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"This feature will primarily involve extending creating a new runbook concept"},{"line_number":18,"context_line":"concept, allowing lists of steps to be created, associated with a node via"},{"line_number":19,"context_line":"traits. These runbooks will then be able to used in lieu of a list of steps"},{"line_number":20,"context_line":"when performing manual cleaning or node servicing."},{"line_number":21,"context_line":""}],"source_content_type":"text/x-rst","patch_set":7,"id":"330465e5_fea4cce0","line":18,"range":{"start_line":18,"start_character":0,"end_line":18,"end_character":7},"in_reply_to":"1a286f30_e01352e8","updated":"2024-05-23 21:06:18.000000000","message":"Done","commit_id":"1cad2e03173d29644203366a5657760113f7c4bc"},{"author":{"_account_id":29543,"name":"Scott Solkhon","email":"scott.solkhon@gresearch.co.uk","username":"scott.solkhon"},"change_message_id":"bccffda0c512ec28fefd569870e53fd93478d8fd","unresolved":true,"context_lines":[{"line_number":16,"context_line":""},{"line_number":17,"context_line":"This feature will primarily involve extending creating a new runbook concept"},{"line_number":18,"context_line":"concept, allowing lists of steps to be created, associated with a node via"},{"line_number":19,"context_line":"traits. These runbooks will then be able to used in lieu of a list of steps"},{"line_number":20,"context_line":"when performing manual cleaning or node servicing."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"Problem description"}],"source_content_type":"text/x-rst","patch_set":7,"id":"1d1b5f16_40294365","line":19,"range":{"start_line":19,"start_character":44,"end_line":19,"end_character":48},"updated":"2024-05-07 09:03:11.000000000","message":"be used","commit_id":"1cad2e03173d29644203366a5657760113f7c4bc"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"d8087c9251eef5276ff636c6bb70d0122054be06","unresolved":false,"context_lines":[{"line_number":16,"context_line":""},{"line_number":17,"context_line":"This feature will primarily involve extending creating a new runbook concept"},{"line_number":18,"context_line":"concept, allowing lists of steps to be created, associated with a node via"},{"line_number":19,"context_line":"traits. These runbooks will then be able to used in lieu of a list of steps"},{"line_number":20,"context_line":"when performing manual cleaning or node servicing."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"Problem description"}],"source_content_type":"text/x-rst","patch_set":7,"id":"4496b4eb_1eb10a08","line":19,"range":{"start_line":19,"start_character":44,"end_line":19,"end_character":48},"in_reply_to":"1d1b5f16_40294365","updated":"2024-05-23 21:06:18.000000000","message":"Done","commit_id":"1cad2e03173d29644203366a5657760113f7c4bc"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"f6cc0be6194cde360ad89b6c0d889ae0bec2f808","unresolved":true,"context_lines":[{"line_number":22,"context_line":"Problem description"},{"line_number":23,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":24,"context_line":""},{"line_number":25,"context_line":"Currently, project members have limited ability to self-serve maintenance"},{"line_number":26,"context_line":"items. Ironic operators are given the difficult choice of giving users broad"},{"line_number":27,"context_line":"access to nodes, allowing them to run arbitrary manual cleaning"},{"line_number":28,"context_line":"or service steps with the only alternative being permitting no access to"}],"source_content_type":"text/x-rst","patch_set":7,"id":"cdc16db7_182811e9","line":25,"range":{"start_line":25,"start_character":11,"end_line":25,"end_character":26},"updated":"2024-05-20 17:13:01.000000000","message":"nit: perhaps: \"Currently, users using Ironic via the project scoped RBAC member...\"\n\nI get the intent that it is talking about rights granted through RBAC.","commit_id":"1cad2e03173d29644203366a5657760113f7c4bc"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"d8087c9251eef5276ff636c6bb70d0122054be06","unresolved":false,"context_lines":[{"line_number":22,"context_line":"Problem description"},{"line_number":23,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":24,"context_line":""},{"line_number":25,"context_line":"Currently, project members have limited ability to self-serve maintenance"},{"line_number":26,"context_line":"items. Ironic operators are given the difficult choice of giving users broad"},{"line_number":27,"context_line":"access to nodes, allowing them to run arbitrary manual cleaning"},{"line_number":28,"context_line":"or service steps with the only alternative being permitting no access to"}],"source_content_type":"text/x-rst","patch_set":7,"id":"7f19c104_50a471ee","line":25,"range":{"start_line":25,"start_character":11,"end_line":25,"end_character":26},"in_reply_to":"cdc16db7_182811e9","updated":"2024-05-23 21:06:18.000000000","message":"Done","commit_id":"1cad2e03173d29644203366a5657760113f7c4bc"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"6f95c5111843a0e831e258194111e0d11b07f572","unresolved":true,"context_lines":[{"line_number":71,"context_line":""},{"line_number":72,"context_line":"Create new tables described below::"},{"line_number":73,"context_line":""},{"line_number":74,"context_line":"  ``runbooks`` (same as ``deploy_templates`` except addition of ``owner`` and ``public``)"},{"line_number":75,"context_line":"    - id (int, pkey)"},{"line_number":76,"context_line":"    - uuid"},{"line_number":77,"context_line":"    - name (string 255)"}],"source_content_type":"text/x-rst","patch_set":7,"id":"15fad1b2_674f208a","line":74,"updated":"2024-05-21 12:55:50.000000000","message":"I wonder if we need to add owner and public to deploy templates for symmetry.","commit_id":"1cad2e03173d29644203366a5657760113f7c4bc"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"6c889bae4eb3aeebeca0f770ec2f2760ea1b0eae","unresolved":true,"context_lines":[{"line_number":71,"context_line":""},{"line_number":72,"context_line":"Create new tables described below::"},{"line_number":73,"context_line":""},{"line_number":74,"context_line":"  ``runbooks`` (same as ``deploy_templates`` except addition of ``owner`` and ``public``)"},{"line_number":75,"context_line":"    - id (int, pkey)"},{"line_number":76,"context_line":"    - uuid"},{"line_number":77,"context_line":"    - name (string 255)"}],"source_content_type":"text/x-rst","patch_set":7,"id":"c38ca65b_c4bee861","line":74,"in_reply_to":"15fad1b2_674f208a","updated":"2024-05-21 14:58:33.000000000","message":"If so, I\u0027d prefer we do it as a separate unit of work -- I\u0027d want to ensure there are no issues with RBAC\u0027ing deploy templates, and I want to keep this work an achievable amount.","commit_id":"1cad2e03173d29644203366a5657760113f7c4bc"},{"author":{"_account_id":23851,"name":"Riccardo Pittau","email":"elfosardo@gmail.com","username":"elfosardo"},"change_message_id":"419690ee468194ee592de78af3df0fcc09e02bf0","unresolved":true,"context_lines":[{"line_number":71,"context_line":""},{"line_number":72,"context_line":"Create new tables described below::"},{"line_number":73,"context_line":""},{"line_number":74,"context_line":"  ``runbooks`` (same as ``deploy_templates`` except addition of ``owner`` and ``public``)"},{"line_number":75,"context_line":"    - id (int, pkey)"},{"line_number":76,"context_line":"    - uuid"},{"line_number":77,"context_line":"    - name (string 255)"}],"source_content_type":"text/x-rst","patch_set":7,"id":"e4cb986d_a569520b","line":74,"in_reply_to":"7dfb17ce_82bfcb5d","updated":"2024-06-03 09:16:28.000000000","message":"it probably makes sense to keep that as a separate work","commit_id":"1cad2e03173d29644203366a5657760113f7c4bc"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"024d36ace5c0701a8e9df6acc8ee7e7ccd7cc214","unresolved":true,"context_lines":[{"line_number":71,"context_line":""},{"line_number":72,"context_line":"Create new tables described below::"},{"line_number":73,"context_line":""},{"line_number":74,"context_line":"  ``runbooks`` (same as ``deploy_templates`` except addition of ``owner`` and ``public``)"},{"line_number":75,"context_line":"    - id (int, pkey)"},{"line_number":76,"context_line":"    - uuid"},{"line_number":77,"context_line":"    - name (string 255)"}],"source_content_type":"text/x-rst","patch_set":7,"id":"7dfb17ce_82bfcb5d","line":74,"in_reply_to":"c38ca65b_c4bee861","updated":"2024-05-31 23:44:36.000000000","message":"I would be okay with just RBAC\u0027ing deploy_templates as an RFE, FWIW.\n\nThe key for me will be the policy and enforcement code, as always.","commit_id":"1cad2e03173d29644203366a5657760113f7c4bc"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"6f95c5111843a0e831e258194111e0d11b07f572","unresolved":true,"context_lines":[{"line_number":78,"context_line":"    - public (bool) - When true, template is available for use by any project."},{"line_number":79,"context_line":"    - owner (nullable string, usually a keystone project ID)"},{"line_number":80,"context_line":"    - extra json/string"},{"line_number":81,"context_line":"    - steps list of ids pointing to ``runbook_steps``"},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"  ``runbook_steps``"},{"line_number":84,"context_line":"    - Identical to ``deploy_template_steps`` with names changed as appropriate."}],"source_content_type":"text/x-rst","patch_set":7,"id":"9b6bc3ef_f3f92eb4","line":81,"updated":"2024-05-21 12:55:50.000000000","message":"Do you want to add something that manages if IPA is required 1) initially, 2) at all?","commit_id":"1cad2e03173d29644203366a5657760113f7c4bc"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"6c889bae4eb3aeebeca0f770ec2f2760ea1b0eae","unresolved":true,"context_lines":[{"line_number":78,"context_line":"    - public (bool) - When true, template is available for use by any project."},{"line_number":79,"context_line":"    - owner (nullable string, usually a keystone project ID)"},{"line_number":80,"context_line":"    - extra json/string"},{"line_number":81,"context_line":"    - steps list of ids pointing to ``runbook_steps``"},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"  ``runbook_steps``"},{"line_number":84,"context_line":"    - Identical to ``deploy_template_steps`` with names changed as appropriate."}],"source_content_type":"text/x-rst","patch_set":7,"id":"cebc2af9_a5eb7372","line":81,"in_reply_to":"9b6bc3ef_f3f92eb4","updated":"2024-05-21 14:58:33.000000000","message":"We don\u0027t have that capability today via the API endpoints; and I don\u0027t want to introduce it here. A solution for \"only boot IPA in some cases\" should be something that can be applied to all step-based flows; whether it\u0027s runbooked or not.","commit_id":"1cad2e03173d29644203366a5657760113f7c4bc"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"6f95c5111843a0e831e258194111e0d11b07f572","unresolved":true,"context_lines":[{"line_number":81,"context_line":"    - steps list of ids pointing to ``runbook_steps``"},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"  ``runbook_steps``"},{"line_number":84,"context_line":"    - Identical to ``deploy_template_steps`` with names changed as appropriate."},{"line_number":85,"context_line":""},{"line_number":86,"context_line":"Note: Ensure all queries to ``runbooks`` only pull in ``runbook_steps`` if"},{"line_number":87,"context_line":"needed."}],"source_content_type":"text/x-rst","patch_set":7,"id":"93ec33e4_0c2a35c8","line":84,"updated":"2024-05-21 12:55:50.000000000","message":"Not fully identical - no priorities and fixed ordering? Or will you use an implicit priority?","commit_id":"1cad2e03173d29644203366a5657760113f7c4bc"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"d8087c9251eef5276ff636c6bb70d0122054be06","unresolved":true,"context_lines":[{"line_number":81,"context_line":"    - steps list of ids pointing to ``runbook_steps``"},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"  ``runbook_steps``"},{"line_number":84,"context_line":"    - Identical to ``deploy_template_steps`` with names changed as appropriate."},{"line_number":85,"context_line":""},{"line_number":86,"context_line":"Note: Ensure all queries to ``runbooks`` only pull in ``runbook_steps`` if"},{"line_number":87,"context_line":"needed."}],"source_content_type":"text/x-rst","patch_set":7,"id":"681230fb_09d64ea9","line":84,"in_reply_to":"93ec33e4_0c2a35c8","updated":"2024-05-23 21:06:18.000000000","message":"Thanks for pointing this out, I\u0027ve revised this spec in several places to make it more in line with manual cleaning -- including the issue with explicit ordering you called out here, as well as respecting the disable_ramdisk flag.","commit_id":"1cad2e03173d29644203366a5657760113f7c4bc"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"6f95c5111843a0e831e258194111e0d11b07f572","unresolved":true,"context_lines":[{"line_number":99,"context_line":"CRUD support."},{"line_number":100,"context_line":""},{"line_number":101,"context_line":"The existing ``/v1/nodes/\u003cnode\u003e/states/provision`` API will be changed to"},{"line_number":102,"context_line":"accept a ``runbook`` (name or uuid) in lieu of ``clean_steps`` when being used"},{"line_number":103,"context_line":"for servicing or manual cleaning."},{"line_number":104,"context_line":""},{"line_number":105,"context_line":""}],"source_content_type":"text/x-rst","patch_set":7,"id":"fc1e4dbb_6503846d","line":102,"updated":"2024-05-21 12:55:50.000000000","message":"nit: clean_steps or service_steps?","commit_id":"1cad2e03173d29644203366a5657760113f7c4bc"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"d8087c9251eef5276ff636c6bb70d0122054be06","unresolved":false,"context_lines":[{"line_number":99,"context_line":"CRUD support."},{"line_number":100,"context_line":""},{"line_number":101,"context_line":"The existing ``/v1/nodes/\u003cnode\u003e/states/provision`` API will be changed to"},{"line_number":102,"context_line":"accept a ``runbook`` (name or uuid) in lieu of ``clean_steps`` when being used"},{"line_number":103,"context_line":"for servicing or manual cleaning."},{"line_number":104,"context_line":""},{"line_number":105,"context_line":""}],"source_content_type":"text/x-rst","patch_set":7,"id":"b020545c_6084dc03","line":102,"in_reply_to":"350bd122_1eb67294","updated":"2024-05-23 21:06:18.000000000","message":"Done","commit_id":"1cad2e03173d29644203366a5657760113f7c4bc"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"6c889bae4eb3aeebeca0f770ec2f2760ea1b0eae","unresolved":true,"context_lines":[{"line_number":99,"context_line":"CRUD support."},{"line_number":100,"context_line":""},{"line_number":101,"context_line":"The existing ``/v1/nodes/\u003cnode\u003e/states/provision`` API will be changed to"},{"line_number":102,"context_line":"accept a ``runbook`` (name or uuid) in lieu of ``clean_steps`` when being used"},{"line_number":103,"context_line":"for servicing or manual cleaning."},{"line_number":104,"context_line":""},{"line_number":105,"context_line":""}],"source_content_type":"text/x-rst","patch_set":7,"id":"350bd122_1eb67294","line":102,"in_reply_to":"fc1e4dbb_6503846d","updated":"2024-05-21 14:58:33.000000000","message":"At first, I thought our api-ref mentioned clean_steps for both; now I realize service steps were never added to the API ref. I\u0027ll do that work and update this.","commit_id":"1cad2e03173d29644203366a5657760113f7c4bc"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"6f95c5111843a0e831e258194111e0d11b07f572","unresolved":true,"context_lines":[{"line_number":131,"context_line":"    - Note: Will return an error if ``runbook.public`` is true."},{"line_number":132,"context_line":"  - baremetal node service N --runbook X"},{"line_number":133,"context_line":"  - baremetal node clean N --runbook X"},{"line_number":134,"context_line":"  - baremetal node service N --runbook X --clean-steps {} # NOT PERMITTED"},{"line_number":135,"context_line":"  - baremetal node clean N --runbook X --clean-steps {} # NOT PERMITTED"},{"line_number":136,"context_line":""},{"line_number":137,"context_line":""}],"source_content_type":"text/x-rst","patch_set":7,"id":"a2621f4b_5884972b","line":134,"updated":"2024-05-21 12:55:50.000000000","message":"nit: service_steps","commit_id":"1cad2e03173d29644203366a5657760113f7c4bc"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"d8087c9251eef5276ff636c6bb70d0122054be06","unresolved":false,"context_lines":[{"line_number":131,"context_line":"    - Note: Will return an error if ``runbook.public`` is true."},{"line_number":132,"context_line":"  - baremetal node service N --runbook X"},{"line_number":133,"context_line":"  - baremetal node clean N --runbook X"},{"line_number":134,"context_line":"  - baremetal node service N --runbook X --clean-steps {} # NOT PERMITTED"},{"line_number":135,"context_line":"  - baremetal node clean N --runbook X --clean-steps {} # NOT PERMITTED"},{"line_number":136,"context_line":""},{"line_number":137,"context_line":""}],"source_content_type":"text/x-rst","patch_set":7,"id":"b200fafa_b651c0de","line":134,"in_reply_to":"135aea3d_582ec350","updated":"2024-05-23 21:06:18.000000000","message":"Done","commit_id":"1cad2e03173d29644203366a5657760113f7c4bc"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"6c889bae4eb3aeebeca0f770ec2f2760ea1b0eae","unresolved":true,"context_lines":[{"line_number":131,"context_line":"    - Note: Will return an error if ``runbook.public`` is true."},{"line_number":132,"context_line":"  - baremetal node service N --runbook X"},{"line_number":133,"context_line":"  - baremetal node clean N --runbook X"},{"line_number":134,"context_line":"  - baremetal node service N --runbook X --clean-steps {} # NOT PERMITTED"},{"line_number":135,"context_line":"  - baremetal node clean N --runbook X --clean-steps {} # NOT PERMITTED"},{"line_number":136,"context_line":""},{"line_number":137,"context_line":""}],"source_content_type":"text/x-rst","patch_set":7,"id":"135aea3d_582ec350","line":134,"in_reply_to":"a2621f4b_5884972b","updated":"2024-05-21 14:58:33.000000000","message":"again, above, I thought it was clean_steps throughout because our docs are wrong","commit_id":"1cad2e03173d29644203366a5657760113f7c4bc"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"f6cc0be6194cde360ad89b6c0d889ae0bec2f808","unresolved":true,"context_lines":[{"line_number":161,"context_line":"leverage steps or access which are innocuous on their own, but malicious when"},{"line_number":162,"context_line":"combined."},{"line_number":163,"context_line":""},{"line_number":164,"context_line":"For example, a project member with both access to run a service step runbook"},{"line_number":165,"context_line":"containing in-band steps, and also with access to update a node\u0027s"},{"line_number":166,"context_line":"deploy_ramdisk could combine those two pieces of access to run arbitrary code."},{"line_number":167,"context_line":""},{"line_number":168,"context_line":"Ensure you have reviewed all possible threat models when granting additional"},{"line_number":169,"context_line":"access to less-trusted individuals."}],"source_content_type":"text/x-rst","patch_set":7,"id":"7228c47c_b1fa8e35","line":166,"range":{"start_line":164,"start_character":0,"end_line":166,"end_character":78},"updated":"2024-05-20 17:13:01.000000000","message":"I would stress that this would require functionality which doesn\u0027t exist in stock, but that some folks have implementedon their own, i.e. some sort of abritrarty command action.\n\nI mean, we likely should just do something upstream too, but I think the key here is this sounds super bad off hand without having backend context, so maybe a little more context might be good.","commit_id":"1cad2e03173d29644203366a5657760113f7c4bc"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"6f95c5111843a0e831e258194111e0d11b07f572","unresolved":true,"context_lines":[{"line_number":161,"context_line":"leverage steps or access which are innocuous on their own, but malicious when"},{"line_number":162,"context_line":"combined."},{"line_number":163,"context_line":""},{"line_number":164,"context_line":"For example, a project member with both access to run a service step runbook"},{"line_number":165,"context_line":"containing in-band steps, and also with access to update a node\u0027s"},{"line_number":166,"context_line":"deploy_ramdisk could combine those two pieces of access to run arbitrary code."},{"line_number":167,"context_line":""},{"line_number":168,"context_line":"Ensure you have reviewed all possible threat models when granting additional"},{"line_number":169,"context_line":"access to less-trusted individuals."}],"source_content_type":"text/x-rst","patch_set":7,"id":"70ff9124_58cb0841","line":166,"range":{"start_line":164,"start_character":0,"end_line":166,"end_character":78},"in_reply_to":"4b8a1119_45a2773a","updated":"2024-05-21 12:55:50.000000000","message":"Yeah, you can do so much more if you replace the ramdisk...","commit_id":"1cad2e03173d29644203366a5657760113f7c4bc"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"d8087c9251eef5276ff636c6bb70d0122054be06","unresolved":false,"context_lines":[{"line_number":161,"context_line":"leverage steps or access which are innocuous on their own, but malicious when"},{"line_number":162,"context_line":"combined."},{"line_number":163,"context_line":""},{"line_number":164,"context_line":"For example, a project member with both access to run a service step runbook"},{"line_number":165,"context_line":"containing in-band steps, and also with access to update a node\u0027s"},{"line_number":166,"context_line":"deploy_ramdisk could combine those two pieces of access to run arbitrary code."},{"line_number":167,"context_line":""},{"line_number":168,"context_line":"Ensure you have reviewed all possible threat models when granting additional"},{"line_number":169,"context_line":"access to less-trusted individuals."}],"source_content_type":"text/x-rst","patch_set":7,"id":"597427df_a6503831","line":166,"range":{"start_line":164,"start_character":0,"end_line":166,"end_character":78},"in_reply_to":"70ff9124_58cb0841","updated":"2024-05-23 21:06:18.000000000","message":"Done","commit_id":"1cad2e03173d29644203366a5657760113f7c4bc"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"53a527af362a8486a23a69174b0d88d58af769df","unresolved":true,"context_lines":[{"line_number":161,"context_line":"leverage steps or access which are innocuous on their own, but malicious when"},{"line_number":162,"context_line":"combined."},{"line_number":163,"context_line":""},{"line_number":164,"context_line":"For example, a project member with both access to run a service step runbook"},{"line_number":165,"context_line":"containing in-band steps, and also with access to update a node\u0027s"},{"line_number":166,"context_line":"deploy_ramdisk could combine those two pieces of access to run arbitrary code."},{"line_number":167,"context_line":""},{"line_number":168,"context_line":"Ensure you have reviewed all possible threat models when granting additional"},{"line_number":169,"context_line":"access to less-trusted individuals."}],"source_content_type":"text/x-rst","patch_set":7,"id":"4b8a1119_45a2773a","line":166,"range":{"start_line":164,"start_character":0,"end_line":166,"end_character":78},"in_reply_to":"7228c47c_b1fa8e35","updated":"2024-05-20 17:22:59.000000000","message":"We talked in IRC about how this is potentially a redundant case, as replacing the ramdisk is basically the entire vulnerability here. I may remove this entire paragraph.","commit_id":"1cad2e03173d29644203366a5657760113f7c4bc"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"f6cc0be6194cde360ad89b6c0d889ae0bec2f808","unresolved":true,"context_lines":[{"line_number":170,"context_line":""},{"line_number":171,"context_line":"Things to avoid to ensure secure implementation:"},{"line_number":172,"context_line":""},{"line_number":173,"context_line":"- Do not permit a project-scoped API user to change ``runbook.public``."},{"line_number":174,"context_line":"- Do not permit a project-scoped API user change ``runbook.owner``."},{"line_number":175,"context_line":"- Anything that would *implicitly* mark a runbook as non-public."},{"line_number":176,"context_line":"- Ensure we check if nodes are able to run a given runbook using node traits,"},{"line_number":177,"context_line":"  in a similar method to how we do so with deploy templates."}],"source_content_type":"text/x-rst","patch_set":7,"id":"b105d61f_9e1a57ae","line":174,"range":{"start_line":173,"start_character":0,"end_line":174,"end_character":67},"updated":"2024-05-20 17:13:01.000000000","message":"as an aside, i would sort of expect these to end up being specific RBAC rules for operators to customize should they follow the \"admin is admin everywhere\" ops model.","commit_id":"1cad2e03173d29644203366a5657760113f7c4bc"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"d8087c9251eef5276ff636c6bb70d0122054be06","unresolved":false,"context_lines":[{"line_number":170,"context_line":""},{"line_number":171,"context_line":"Things to avoid to ensure secure implementation:"},{"line_number":172,"context_line":""},{"line_number":173,"context_line":"- Do not permit a project-scoped API user to change ``runbook.public``."},{"line_number":174,"context_line":"- Do not permit a project-scoped API user change ``runbook.owner``."},{"line_number":175,"context_line":"- Anything that would *implicitly* mark a runbook as non-public."},{"line_number":176,"context_line":"- Ensure we check if nodes are able to run a given runbook using node traits,"},{"line_number":177,"context_line":"  in a similar method to how we do so with deploy templates."}],"source_content_type":"text/x-rst","patch_set":7,"id":"77e574a7_d8e9e43a","line":174,"range":{"start_line":173,"start_character":0,"end_line":174,"end_character":67},"in_reply_to":"b105d61f_9e1a57ae","updated":"2024-05-23 21:06:18.000000000","message":"Done","commit_id":"1cad2e03173d29644203366a5657760113f7c4bc"},{"author":{"_account_id":23851,"name":"Riccardo Pittau","email":"elfosardo@gmail.com","username":"elfosardo"},"change_message_id":"419690ee468194ee592de78af3df0fcc09e02bf0","unresolved":true,"context_lines":[{"line_number":33,"context_line":"- As a project member, I can execute runbooks via Node Servicing without"},{"line_number":34,"context_line":"  granting the ability to execute arbitrary steps on a node."},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"- As an system manager, I want to store a list of steps to perform an action"},{"line_number":37,"context_line":"  in an identical manner across many similar nodes."},{"line_number":38,"context_line":""},{"line_number":39,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"a0611e09_e2f3e772","line":36,"range":{"start_line":36,"start_character":5,"end_line":36,"end_character":7},"updated":"2024-06-03 09:16:28.000000000","message":"nit: a","commit_id":"ab2e7258c4f262994bc0a35184413eb6e87cff67"}],"specs/not-implemented/self-service-tempates.rst":[{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"2098e7ccb11e181757243cc95602a16cef77548d","unresolved":true,"context_lines":[{"line_number":16,"context_line":""},{"line_number":17,"context_line":"Currently, project members have limited ability to self-serve maintenance"},{"line_number":18,"context_line":"items. Ironic operators are given the difficult choice of giving project"},{"line_number":19,"context_line":"members broad access to nodes, allowing them to run arbitrary manual cleaning"},{"line_number":20,"context_line":"or service steps with the only alternative being permitting no access to"},{"line_number":21,"context_line":"self-serve these scheduled maintenance items."},{"line_number":22,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"97092e39_08bb3d41","line":19,"range":{"start_line":19,"start_character":0,"end_line":19,"end_character":29},"updated":"2024-01-23 00:22:04.000000000","message":"we should enumerate what this is, likely \"manager\" role in a dedicated project.","commit_id":"4ca517aa0b584a915c68a1c2588749acf733364d"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"c385458b1ba7f42a32804a5cba48395903ab484f","unresolved":false,"context_lines":[{"line_number":16,"context_line":""},{"line_number":17,"context_line":"Currently, project members have limited ability to self-serve maintenance"},{"line_number":18,"context_line":"items. Ironic operators are given the difficult choice of giving project"},{"line_number":19,"context_line":"members broad access to nodes, allowing them to run arbitrary manual cleaning"},{"line_number":20,"context_line":"or service steps with the only alternative being permitting no access to"},{"line_number":21,"context_line":"self-serve these scheduled maintenance items."},{"line_number":22,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"d6119522_efc93232","line":19,"range":{"start_line":19,"start_character":0,"end_line":19,"end_character":29},"in_reply_to":"97092e39_08bb3d41","updated":"2024-01-26 21:31:54.000000000","message":"Done","commit_id":"4ca517aa0b584a915c68a1c2588749acf733364d"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"2098e7ccb11e181757243cc95602a16cef77548d","unresolved":true,"context_lines":[{"line_number":24,"context_line":"mechanism to template other step-based actions, such as service or manual"},{"line_number":25,"context_line":"cleaning."},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"Use cases for this would include:"},{"line_number":28,"context_line":""},{"line_number":29,"context_line":"- A project member with a downtime-sensitive cluster can coordinate upgrades"},{"line_number":30,"context_line":"  on a running cluster, integrating calls to Ironic to upgrade the firmware"}],"source_content_type":"text/x-rst","patch_set":2,"id":"b05c7c6c_909ce1b0","line":27,"updated":"2024-01-23 00:22:04.000000000","message":"So crazy question, frame them as user stories?","commit_id":"4ca517aa0b584a915c68a1c2588749acf733364d"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"c385458b1ba7f42a32804a5cba48395903ab484f","unresolved":false,"context_lines":[{"line_number":24,"context_line":"mechanism to template other step-based actions, such as service or manual"},{"line_number":25,"context_line":"cleaning."},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"Use cases for this would include:"},{"line_number":28,"context_line":""},{"line_number":29,"context_line":"- A project member with a downtime-sensitive cluster can coordinate upgrades"},{"line_number":30,"context_line":"  on a running cluster, integrating calls to Ironic to upgrade the firmware"}],"source_content_type":"text/x-rst","patch_set":2,"id":"c968bf7c_092302a4","line":27,"in_reply_to":"b05c7c6c_909ce1b0","updated":"2024-01-26 21:31:54.000000000","message":"Done","commit_id":"4ca517aa0b584a915c68a1c2588749acf733364d"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"2098e7ccb11e181757243cc95602a16cef77548d","unresolved":true,"context_lines":[{"line_number":31,"context_line":"  with calls to their cluster to \"up\" and \"down\" nodes appropriately."},{"line_number":32,"context_line":"- A lower-privileged operations team can be given templates-as-runbooks to run"},{"line_number":33,"context_line":"  in manual cleaning to resolve issues, without giving them the ability to do"},{"line_number":34,"context_line":"  anything non-prescribed by the cluster admins."},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"Proposed change"},{"line_number":37,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":2,"id":"42991b78_4a75a5f3","line":34,"range":{"start_line":34,"start_character":41,"end_line":34,"end_character":47},"updated":"2024-01-23 00:22:04.000000000","message":"It would help to frame this into what the rbac role would be, \"member\" or \"manager\", I guess.","commit_id":"4ca517aa0b584a915c68a1c2588749acf733364d"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"8935576da524779ea6687ca0e953f88db7839bfa","unresolved":false,"context_lines":[{"line_number":31,"context_line":"  with calls to their cluster to \"up\" and \"down\" nodes appropriately."},{"line_number":32,"context_line":"- A lower-privileged operations team can be given templates-as-runbooks to run"},{"line_number":33,"context_line":"  in manual cleaning to resolve issues, without giving them the ability to do"},{"line_number":34,"context_line":"  anything non-prescribed by the cluster admins."},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"Proposed change"},{"line_number":37,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":2,"id":"0ab7fc3c_d8ecaf2f","line":34,"range":{"start_line":34,"start_character":41,"end_line":34,"end_character":47},"in_reply_to":"42991b78_4a75a5f3","updated":"2024-04-10 15:50:22.000000000","message":"Done","commit_id":"4ca517aa0b584a915c68a1c2588749acf733364d"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"f9831772c196049b5e886de90c3e74e87331197e","unresolved":true,"context_lines":[{"line_number":32,"context_line":"- A lower-privileged operations team can be given templates-as-runbooks to run"},{"line_number":33,"context_line":"  in manual cleaning to resolve issues, without giving them the ability to do"},{"line_number":34,"context_line":"  anything non-prescribed by the cluster admins."},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"Proposed change"},{"line_number":37,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":38,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"a7f650aa_06d65439","line":35,"updated":"2024-01-26 20:28:47.000000000","message":"So, question, who is a higher authority to \"approve\" the templates? \n\nIs it only admins/managers can create them?","commit_id":"4ca517aa0b584a915c68a1c2588749acf733364d"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"8935576da524779ea6687ca0e953f88db7839bfa","unresolved":false,"context_lines":[{"line_number":32,"context_line":"- A lower-privileged operations team can be given templates-as-runbooks to run"},{"line_number":33,"context_line":"  in manual cleaning to resolve issues, without giving them the ability to do"},{"line_number":34,"context_line":"  anything non-prescribed by the cluster admins."},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"Proposed change"},{"line_number":37,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":38,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"e908a0ba_da2713ae","line":35,"in_reply_to":"a7f650aa_06d65439","updated":"2024-04-10 15:50:22.000000000","message":"Done","commit_id":"4ca517aa0b584a915c68a1c2588749acf733364d"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"2098e7ccb11e181757243cc95602a16cef77548d","unresolved":true,"context_lines":[{"line_number":54,"context_line":"Data model impact"},{"line_number":55,"context_line":"-----------------"},{"line_number":56,"context_line":""},{"line_number":57,"context_line":"The existing deploy_templates table will be renamed to templates."},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"Two new fields will be added to it:"},{"line_number":60,"context_line":"  - public (bool)"}],"source_content_type":"text/x-rst","patch_set":2,"id":"d81d3ac4_8ecdfb04","line":57,"range":{"start_line":57,"start_character":44,"end_line":57,"end_character":51},"updated":"2024-01-23 00:22:04.000000000","message":"We can\u0027t *just* directly rename, because we would break a running cluster immediately upon rename.\n\nGiven the relatively small size we expect this table to be, I suggest an upgrade takes the following process:\n\n1) Schema upgrade creates the *new* table\n2) Online data migration step is added to copy/sync the records over\n3) Code pointing to deploy templates queries shift to the new table, and we remove the old table in a later release.","commit_id":"4ca517aa0b584a915c68a1c2588749acf733364d"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"6fe060a5b8e740453cc0d65320bc9505f00124d8","unresolved":true,"context_lines":[{"line_number":54,"context_line":"Data model impact"},{"line_number":55,"context_line":"-----------------"},{"line_number":56,"context_line":""},{"line_number":57,"context_line":"The existing deploy_templates table will be renamed to templates."},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"Two new fields will be added to it:"},{"line_number":60,"context_line":"  - public (bool)"}],"source_content_type":"text/x-rst","patch_set":2,"id":"e7dd4ec8_f868ca35","line":57,"range":{"start_line":57,"start_character":44,"end_line":57,"end_character":51},"in_reply_to":"836cc311_41e26327","updated":"2024-03-28 17:43:31.000000000","message":"I suspect we would just have a nice upgrade status check error and maybe internal shunt the calls or something.","commit_id":"4ca517aa0b584a915c68a1c2588749acf733364d"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"c385458b1ba7f42a32804a5cba48395903ab484f","unresolved":true,"context_lines":[{"line_number":54,"context_line":"Data model impact"},{"line_number":55,"context_line":"-----------------"},{"line_number":56,"context_line":""},{"line_number":57,"context_line":"The existing deploy_templates table will be renamed to templates."},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"Two new fields will be added to it:"},{"line_number":60,"context_line":"  - public (bool)"}],"source_content_type":"text/x-rst","patch_set":2,"id":"836cc311_41e26327","line":57,"range":{"start_line":57,"start_character":44,"end_line":57,"end_character":51},"in_reply_to":"d81d3ac4_8ecdfb04","updated":"2024-01-26 21:31:54.000000000","message":"At some later release we\u0027d also...\n1) migrate any remaining data\n2) delete the old deploy_templates table\n\nmake sure to mention using upgrade check here to properly warn people","commit_id":"4ca517aa0b584a915c68a1c2588749acf733364d"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"2098e7ccb11e181757243cc95602a16cef77548d","unresolved":true,"context_lines":[{"line_number":58,"context_line":""},{"line_number":59,"context_line":"Two new fields will be added to it:"},{"line_number":60,"context_line":"  - public (bool)"},{"line_number":61,"context_line":"  - project (string, usually a keystone project ID)"},{"line_number":62,"context_line":""},{"line_number":63,"context_line":"State Machine Impact"},{"line_number":64,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":2,"id":"94e194dc_7ce4d57a","line":61,"updated":"2024-01-23 00:22:04.000000000","message":"What if someone modifies a step? What if that step being modified is the wrong change but is used by others?\n\nMaybe we need a read-only flag?","commit_id":"4ca517aa0b584a915c68a1c2588749acf733364d"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"c385458b1ba7f42a32804a5cba48395903ab484f","unresolved":false,"context_lines":[{"line_number":58,"context_line":""},{"line_number":59,"context_line":"Two new fields will be added to it:"},{"line_number":60,"context_line":"  - public (bool)"},{"line_number":61,"context_line":"  - project (string, usually a keystone project ID)"},{"line_number":62,"context_line":""},{"line_number":63,"context_line":"State Machine Impact"},{"line_number":64,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":2,"id":"ea695566_8ada0793","line":61,"in_reply_to":"94e194dc_7ce4d57a","updated":"2024-01-26 21:31:54.000000000","message":"Acknowledged","commit_id":"4ca517aa0b584a915c68a1c2588749acf733364d"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"d9eccdc581f06cc95737868f2108003a6ea86989","unresolved":true,"context_lines":[{"line_number":59,"context_line":"Two new fields will be added to it:"},{"line_number":60,"context_line":"  - public (bool)"},{"line_number":61,"context_line":"  - project (string, usually a keystone project ID)"},{"line_number":62,"context_line":""},{"line_number":63,"context_line":"State Machine Impact"},{"line_number":64,"context_line":"--------------------"},{"line_number":65,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"3710b79a_e33090ee","line":62,"updated":"2023-10-23 13:25:27.000000000","message":"\"kind\" (string) to limit the template to only specific steps (e.g. you don\u0027t want to allow certain things to be used in deploy-time)?","commit_id":"4ca517aa0b584a915c68a1c2588749acf733364d"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"2098e7ccb11e181757243cc95602a16cef77548d","unresolved":true,"context_lines":[{"line_number":59,"context_line":"Two new fields will be added to it:"},{"line_number":60,"context_line":"  - public (bool)"},{"line_number":61,"context_line":"  - project (string, usually a keystone project ID)"},{"line_number":62,"context_line":""},{"line_number":63,"context_line":"State Machine Impact"},{"line_number":64,"context_line":"--------------------"},{"line_number":65,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"dda957d0_dc8ce985","line":62,"in_reply_to":"3710b79a_e33090ee","updated":"2024-01-23 00:22:04.000000000","message":"+1, that seems \"kind\" of reasonable. And sort of gives a root beasis. \"deploy\" templates, \"clean\" templates, etc.","commit_id":"4ca517aa0b584a915c68a1c2588749acf733364d"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"c385458b1ba7f42a32804a5cba48395903ab484f","unresolved":true,"context_lines":[{"line_number":59,"context_line":"Two new fields will be added to it:"},{"line_number":60,"context_line":"  - public (bool)"},{"line_number":61,"context_line":"  - project (string, usually a keystone project ID)"},{"line_number":62,"context_line":""},{"line_number":63,"context_line":"State Machine Impact"},{"line_number":64,"context_line":"--------------------"},{"line_number":65,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"2568641c_8149797f","line":62,"in_reply_to":"dda957d0_dc8ce985","updated":"2024-01-26 21:31:54.000000000","message":"If `kind` is required, I would question if we should make this a replacement for existing deploy_templates in general. Basically, I don\u0027t think templates as I invision them, should be boxed into one method of running. For instance: I could have a template that works both in manual cleaning and in service.\n\nJulia and I are looking at this sync right now: the only route that a deploy template takes to be triggered is via a nova flavor, which is defaulted in policy to admin-only or via an explict/direct API call. I\u0027m not sure we need to be this defensive here.\n\nOther cases to think about: what happens if a Nova-mapped flavor:deploy-template combo triggers a template that is not public/authorized for the project the node being deployed is owned/leased by. What about if it\u0027s not allowable by the project the nova user is scoped to? This is going to be microversion-leaky as well -- because we may have more data show up in /v1/deploy_templates based on this support, and even though the API model itself is the same; the data could change under it and cause weird behavior. The easiest path out of this mess might be considering deploy_templates and templates/step_templates/meta_steps/whatever we call it as separate concepts still.","commit_id":"4ca517aa0b584a915c68a1c2588749acf733364d"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"ab9797879615c71af73f893fcc389d6faba6a7a3","unresolved":true,"context_lines":[{"line_number":68,"context_line":""},{"line_number":69,"context_line":"REST API impact"},{"line_number":70,"context_line":"---------------"},{"line_number":71,"context_line":"NOTE(JayF): Is it right to make it keep working on the old URL? Should we"},{"line_number":72,"context_line":"            just force the new name based on advertised API version in request"},{"line_number":73,"context_line":"            header? Seems like keeping both plumbed is easier+kinder to opers."},{"line_number":74,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"fe944d10_04b75611","line":71,"updated":"2023-07-31 22:18:28.000000000","message":"WDYT?","commit_id":"4ca517aa0b584a915c68a1c2588749acf733364d"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"c385458b1ba7f42a32804a5cba48395903ab484f","unresolved":true,"context_lines":[{"line_number":68,"context_line":""},{"line_number":69,"context_line":"REST API impact"},{"line_number":70,"context_line":"---------------"},{"line_number":71,"context_line":"NOTE(JayF): Is it right to make it keep working on the old URL? Should we"},{"line_number":72,"context_line":"            just force the new name based on advertised API version in request"},{"line_number":73,"context_line":"            header? Seems like keeping both plumbed is easier+kinder to opers."},{"line_number":74,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"8663064d_5e3b501e","line":71,"in_reply_to":"4cf8571c_be7a8983","updated":"2024-01-26 21:31:54.000000000","message":"Unsure client behavior on redirects. \n\nAlso this would be weird for mixed-upgrade clusters: what happens when I have one ironic-api on \"N\" and one on N+1? \n\nI think I\u0027d prefer us leave the /v1/deploy_templates API there as an alias to /v1/templates.\n\nThere seems to be minimal value in removing the old endpoint; I don\u0027t think it\u0027s worth implementing a redirect or doing the testing needed to ensure it\u0027d be safe. Microversions will help guard against bad behavior for older clients hitting the older endpoints.","commit_id":"4ca517aa0b584a915c68a1c2588749acf733364d"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"d9eccdc581f06cc95737868f2108003a6ea86989","unresolved":true,"context_lines":[{"line_number":68,"context_line":""},{"line_number":69,"context_line":"REST API impact"},{"line_number":70,"context_line":"---------------"},{"line_number":71,"context_line":"NOTE(JayF): Is it right to make it keep working on the old URL? Should we"},{"line_number":72,"context_line":"            just force the new name based on advertised API version in request"},{"line_number":73,"context_line":"            header? Seems like keeping both plumbed is easier+kinder to opers."},{"line_number":74,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"4cf8571c_be7a8983","line":71,"in_reply_to":"fe944d10_04b75611","updated":"2023-10-23 13:25:27.000000000","message":"An HTTP redirect in newer versions?","commit_id":"4ca517aa0b584a915c68a1c2588749acf733364d"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"2098e7ccb11e181757243cc95602a16cef77548d","unresolved":true,"context_lines":[{"line_number":70,"context_line":"---------------"},{"line_number":71,"context_line":"NOTE(JayF): Is it right to make it keep working on the old URL? Should we"},{"line_number":72,"context_line":"            just force the new name based on advertised API version in request"},{"line_number":73,"context_line":"            header? Seems like keeping both plumbed is easier+kinder to opers."},{"line_number":74,"context_line":""},{"line_number":75,"context_line":"The existing REST API endpoints related to deploy templates will be renamed"},{"line_number":76,"context_line":"from deploy_templates to templates. The endpoints will also continue to be"}],"source_content_type":"text/x-rst","patch_set":2,"id":"e9ad95f1_e0ed97d2","line":73,"range":{"start_line":73,"start_character":20,"end_line":73,"end_character":78},"updated":"2024-01-23 00:22:04.000000000","message":"+1, although likely through migration we should likely drive towards a common table.","commit_id":"4ca517aa0b584a915c68a1c2588749acf733364d"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"c19cf48c26ca091158728dcb965cd0836adac74a","unresolved":true,"context_lines":[{"line_number":77,"context_line":"available under the old names for backwards compatibility."},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"Additionally, we will limit these API endpoints with policy checks, based on"},{"line_number":80,"context_line":"the value of template.public and template.project."},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"Client (CLI) impact"},{"line_number":83,"context_line":"-------------------"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3b3c5b44_7ebb2688","line":80,"updated":"2023-08-01 15:11:26.000000000","message":"REST API for manual cleaning / servicing will change to accept template","commit_id":"4ca517aa0b584a915c68a1c2588749acf733364d"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"c385458b1ba7f42a32804a5cba48395903ab484f","unresolved":true,"context_lines":[{"line_number":77,"context_line":"available under the old names for backwards compatibility."},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"Additionally, we will limit these API endpoints with policy checks, based on"},{"line_number":80,"context_line":"the value of template.public and template.project."},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"Client (CLI) impact"},{"line_number":83,"context_line":"-------------------"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1e80eef7_299a5fd5","line":80,"in_reply_to":"3b3c5b44_7ebb2688","updated":"2024-01-26 21:31:54.000000000","message":"I wonder if the best way to implement this would be by making templates themselves a step. Then on calls we just check:\n\n1) Is the API caller authorized to run these steps/templates (if there are any steps; and they are only authorized to run templates; immediate no)\n2) Are the templates the API caller is referencing (and perhaps templates *those* templates might reference) permissible to use on that node (e.g. is it scoped to public/system? does it belong to this project?)","commit_id":"4ca517aa0b584a915c68a1c2588749acf733364d"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"2098e7ccb11e181757243cc95602a16cef77548d","unresolved":true,"context_lines":[{"line_number":78,"context_line":""},{"line_number":79,"context_line":"Additionally, we will limit these API endpoints with policy checks, based on"},{"line_number":80,"context_line":"the value of template.public and template.project."},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"Client (CLI) impact"},{"line_number":83,"context_line":"-------------------"},{"line_number":84,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"d4ab3d4e_167aa662","line":81,"updated":"2024-01-23 00:22:04.000000000","message":"This new API will also need to haven an appropriate access policy where the public and project fields are consulted.","commit_id":"4ca517aa0b584a915c68a1c2588749acf733364d"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"ab9797879615c71af73f893fcc389d6faba6a7a3","unresolved":true,"context_lines":[{"line_number":92,"context_line":"RPC API impact"},{"line_number":93,"context_line":"--------------"},{"line_number":94,"context_line":""},{"line_number":95,"context_line":"Yes, I think. Unsure exactly what/how yet."},{"line_number":96,"context_line":""},{"line_number":97,"context_line":"Note from julia: the request context won\u0027t be in the task past the initial"},{"line_number":98,"context_line":"request, so we\u0027ll need to save it as a dict (I think this will be in RPC API)"}],"source_content_type":"text/x-rst","patch_set":2,"id":"4acb6fe7_1c31b7e1","line":95,"updated":"2023-07-31 22:18:28.000000000","message":"This is a TODO I have to fulfill; but want to answer the rename question before I get too deep.","commit_id":"4ca517aa0b584a915c68a1c2588749acf733364d"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"2098e7ccb11e181757243cc95602a16cef77548d","unresolved":true,"context_lines":[{"line_number":94,"context_line":""},{"line_number":95,"context_line":"Yes, I think. Unsure exactly what/how yet."},{"line_number":96,"context_line":""},{"line_number":97,"context_line":"Note from julia: the request context won\u0027t be in the task past the initial"},{"line_number":98,"context_line":"request, so we\u0027ll need to save it as a dict (I think this will be in RPC API)"},{"line_number":99,"context_line":""},{"line_number":100,"context_line":"Driver API impact"},{"line_number":101,"context_line":"-----------------"}],"source_content_type":"text/x-rst","patch_set":2,"id":"fbe5ba8f_0b1a1e79","line":98,"range":{"start_line":97,"start_character":0,"end_line":98,"end_character":77},"updated":"2024-01-23 00:22:04.000000000","message":"Do we remember why we felt we needed the request context?","commit_id":"4ca517aa0b584a915c68a1c2588749acf733364d"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"c385458b1ba7f42a32804a5cba48395903ab484f","unresolved":true,"context_lines":[{"line_number":94,"context_line":""},{"line_number":95,"context_line":"Yes, I think. Unsure exactly what/how yet."},{"line_number":96,"context_line":""},{"line_number":97,"context_line":"Note from julia: the request context won\u0027t be in the task past the initial"},{"line_number":98,"context_line":"request, so we\u0027ll need to save it as a dict (I think this will be in RPC API)"},{"line_number":99,"context_line":""},{"line_number":100,"context_line":"Driver API impact"},{"line_number":101,"context_line":"-----------------"}],"source_content_type":"text/x-rst","patch_set":2,"id":"601c4437_5a61e80f","line":98,"range":{"start_line":97,"start_character":0,"end_line":98,"end_character":77},"in_reply_to":"fbe5ba8f_0b1a1e79","updated":"2024-01-26 21:31:54.000000000","message":"We will likely need to pass down access control info (RequestContext) to the conductor in order to make a later access decision.","commit_id":"4ca517aa0b584a915c68a1c2588749acf733364d"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"8f8592b45b251a9c1f8b380fba065dd6defbf389","unresolved":true,"context_lines":[{"line_number":26,"context_line":""},{"line_number":27,"context_line":"Use cases for this would include:"},{"line_number":28,"context_line":""},{"line_number":29,"context_line":"- As a project member with a downtime-sensitive cluster, I can be provided"},{"line_number":30,"context_line":"  an API to run required maintenance on my own schedule, leveraging cluster"},{"line_number":31,"context_line":"  management tooling along with the Ironic API."},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"- As a project member, common node issues can be resolved by running templates"},{"line_number":34,"context_line":"  created by a higher level operations engineer while retaining only limited"}],"source_content_type":"text/x-rst","patch_set":4,"id":"2f2accb2_043b5b7b","line":31,"range":{"start_line":29,"start_character":0,"end_line":31,"end_character":46},"updated":"2024-04-09 12:31:06.000000000","message":"This can be solved without templates","commit_id":"6e45458dbb1c6bd158800b8c586e087d5172c608"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"3c0ce512872f544bbc3e01810f06ce1a28166af6","unresolved":true,"context_lines":[{"line_number":26,"context_line":""},{"line_number":27,"context_line":"Use cases for this would include:"},{"line_number":28,"context_line":""},{"line_number":29,"context_line":"- As a project member with a downtime-sensitive cluster, I can be provided"},{"line_number":30,"context_line":"  an API to run required maintenance on my own schedule, leveraging cluster"},{"line_number":31,"context_line":"  management tooling along with the Ironic API."},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"- As a project member, common node issues can be resolved by running templates"},{"line_number":34,"context_line":"  created by a higher level operations engineer while retaining only limited"}],"source_content_type":"text/x-rst","patch_set":4,"id":"d9443f64_9c69f9f1","line":31,"range":{"start_line":29,"start_character":0,"end_line":31,"end_character":46},"in_reply_to":"2f2accb2_043b5b7b","updated":"2024-04-30 00:00:10.000000000","message":"I think we need to combine the first two items, since the first one is likely added context for the item on line 33, so these should likely be combined.","commit_id":"6e45458dbb1c6bd158800b8c586e087d5172c608"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"8f8592b45b251a9c1f8b380fba065dd6defbf389","unresolved":true,"context_lines":[{"line_number":30,"context_line":"  an API to run required maintenance on my own schedule, leveraging cluster"},{"line_number":31,"context_line":"  management tooling along with the Ironic API."},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"- As a project member, common node issues can be resolved by running templates"},{"line_number":34,"context_line":"  created by a higher level operations engineer while retaining only limited"},{"line_number":35,"context_line":"  access to the Ironic API."},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"- As an Ironic manager, I want to enable my consumers to perform"},{"line_number":38,"context_line":"  basic recurring maintenance items without engaging me interactively."}],"source_content_type":"text/x-rst","patch_set":4,"id":"f7d13a5a_18dedb65","line":35,"range":{"start_line":33,"start_character":0,"end_line":35,"end_character":27},"updated":"2024-04-09 12:31:06.000000000","message":"This is a good call, but this spec does not propose any API to do so except for the existing mechanism of matching traits to deploy templates. Is it intended?","commit_id":"6e45458dbb1c6bd158800b8c586e087d5172c608"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"3c0ce512872f544bbc3e01810f06ce1a28166af6","unresolved":true,"context_lines":[{"line_number":30,"context_line":"  an API to run required maintenance on my own schedule, leveraging cluster"},{"line_number":31,"context_line":"  management tooling along with the Ironic API."},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"- As a project member, common node issues can be resolved by running templates"},{"line_number":34,"context_line":"  created by a higher level operations engineer while retaining only limited"},{"line_number":35,"context_line":"  access to the Ironic API."},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"- As an Ironic manager, I want to enable my consumers to perform"},{"line_number":38,"context_line":"  basic recurring maintenance items without engaging me interactively."}],"source_content_type":"text/x-rst","patch_set":4,"id":"7d7d25a9_9e668355","line":35,"range":{"start_line":33,"start_character":0,"end_line":35,"end_character":27},"in_reply_to":"f7d13a5a_18dedb65","updated":"2024-04-30 00:00:10.000000000","message":"Some sort of \"mechanism\", agreed, we\u0027re definitely missing this.","commit_id":"6e45458dbb1c6bd158800b8c586e087d5172c608"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"8f8592b45b251a9c1f8b380fba065dd6defbf389","unresolved":true,"context_lines":[{"line_number":34,"context_line":"  created by a higher level operations engineer while retaining only limited"},{"line_number":35,"context_line":"  access to the Ironic API."},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"- As an Ironic manager, I want to enable my consumers to perform"},{"line_number":38,"context_line":"  basic recurring maintenance items without engaging me interactively."},{"line_number":39,"context_line":""},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"Proposed change"}],"source_content_type":"text/x-rst","patch_set":4,"id":"c6db1d4e_f29d1971","line":38,"range":{"start_line":37,"start_character":0,"end_line":38,"end_character":70},"updated":"2024-04-09 12:31:06.000000000","message":"Same as story 2.","commit_id":"6e45458dbb1c6bd158800b8c586e087d5172c608"}]}