)]}'
{"ironic/api/controllers/v1/utils.py":[{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"c00f41429e0fd92fb7b3010b77b629639243f73f","unresolved":false,"context_lines":[{"line_number":1238,"context_line":"        policy.authorize(policy_name, cdict, cdict)"},{"line_number":1239,"context_line":"        raise"},{"line_number":1240,"context_line":""},{"line_number":1241,"context_line":"    rpc_node \u003d objects.Node.get_by_id(context, rpc_port.node_id)"},{"line_number":1242,"context_line":"    target_dict \u003d dict(cdict)"},{"line_number":1243,"context_line":"    target_dict[\u0027node.owner\u0027] \u003d rpc_node[\u0027owner\u0027]"},{"line_number":1244,"context_line":"    policy.authorize(policy_name, target_dict, cdict)"}],"source_content_type":"text/x-python","patch_set":2,"id":"3fa7e38b_0bef2c87","line":1241,"updated":"2019-12-11 19:45:55.000000000","message":"The double db get kind of makes me worry for no real reason.","commit_id":"35fd3775dbd169eec987de8ffa06e7fcf6a8e35a"},{"author":{"_account_id":7386,"name":"Tzu-Mainn Chen","email":"tzumainn@redhat.com","username":"tzumainn"},"change_message_id":"322b40b6fd0834f7d427bb2d090ae8e4407e206f","unresolved":false,"context_lines":[{"line_number":1238,"context_line":"        policy.authorize(policy_name, cdict, cdict)"},{"line_number":1239,"context_line":"        raise"},{"line_number":1240,"context_line":""},{"line_number":1241,"context_line":"    rpc_node \u003d objects.Node.get_by_id(context, rpc_port.node_id)"},{"line_number":1242,"context_line":"    target_dict \u003d dict(cdict)"},{"line_number":1243,"context_line":"    target_dict[\u0027node.owner\u0027] \u003d rpc_node[\u0027owner\u0027]"},{"line_number":1244,"context_line":"    policy.authorize(policy_name, target_dict, cdict)"}],"source_content_type":"text/x-python","patch_set":2,"id":"3fa7e38b_4ea772a9","line":1241,"in_reply_to":"3fa7e38b_0bef2c87","updated":"2019-12-11 20:36:49.000000000","message":"I figured it was okay, since a few of the port API calls - patch, delete - already fetched the node. But let me know if there\u0027s a smoother way to get the node owner info!","commit_id":"35fd3775dbd169eec987de8ffa06e7fcf6a8e35a"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"57ae95de5bf466f948a90cb05893ede3221d53b2","unresolved":false,"context_lines":[{"line_number":1238,"context_line":"        policy.authorize(policy_name, cdict, cdict)"},{"line_number":1239,"context_line":"        raise"},{"line_number":1240,"context_line":""},{"line_number":1241,"context_line":"    rpc_node \u003d objects.Node.get_by_id(context, rpc_port.node_id)"},{"line_number":1242,"context_line":"    target_dict \u003d dict(cdict)"},{"line_number":1243,"context_line":"    target_dict[\u0027node.owner\u0027] \u003d rpc_node[\u0027owner\u0027]"},{"line_number":1244,"context_line":"    policy.authorize(policy_name, target_dict, cdict)"}],"source_content_type":"text/x-python","patch_set":2,"id":"3fa7e38b_099ad4c3","line":1241,"in_reply_to":"3fa7e38b_4ea772a9","updated":"2019-12-11 20:48:58.000000000","message":"Yeah, I think the only way would be to do a dedicated view of the two tables with a selected column list... but I\u0027m not sure the load would justify it tbh.","commit_id":"35fd3775dbd169eec987de8ffa06e7fcf6a8e35a"}],"ironic/tests/unit/api/controllers/v1/test_port.py":[{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"c00f41429e0fd92fb7b3010b77b629639243f73f","unresolved":false,"context_lines":[{"line_number":637,"context_line":"        for id_ in range(3, 5):"},{"line_number":638,"context_line":"            port \u003d obj_utils.create_test_port("},{"line_number":639,"context_line":"                self.context, uuid\u003duuidutils.generate_uuid(),"},{"line_number":640,"context_line":"                address\u003d\u002752:54:00:cf:2d:3%s\u0027 % id_)"},{"line_number":641,"context_line":"        data \u003d self.get_json(\u0027/ports\u0027, headers\u003d{\u0027X-Project-Id\u0027: \u002712345\u0027})"},{"line_number":642,"context_line":"        self.assertEqual(len(ports), len(data[\u0027ports\u0027]))"},{"line_number":643,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"3fa7e38b_aed62652","line":640,"updated":"2019-12-11 19:45:55.000000000","message":"after looking at this, I wish we put more notes in unit tests :)","commit_id":"35fd3775dbd169eec987de8ffa06e7fcf6a8e35a"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"57ae95de5bf466f948a90cb05893ede3221d53b2","unresolved":false,"context_lines":[{"line_number":637,"context_line":"        for id_ in range(3, 5):"},{"line_number":638,"context_line":"            port \u003d obj_utils.create_test_port("},{"line_number":639,"context_line":"                self.context, uuid\u003duuidutils.generate_uuid(),"},{"line_number":640,"context_line":"                address\u003d\u002752:54:00:cf:2d:3%s\u0027 % id_)"},{"line_number":641,"context_line":"        data \u003d self.get_json(\u0027/ports\u0027, headers\u003d{\u0027X-Project-Id\u0027: \u002712345\u0027})"},{"line_number":642,"context_line":"        self.assertEqual(len(ports), len(data[\u0027ports\u0027]))"},{"line_number":643,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"3fa7e38b_49b3ec4e","line":640,"in_reply_to":"3fa7e38b_2edf960c","updated":"2019-12-11 20:48:58.000000000","message":"\u003c3","commit_id":"35fd3775dbd169eec987de8ffa06e7fcf6a8e35a"},{"author":{"_account_id":7386,"name":"Tzu-Mainn Chen","email":"tzumainn@redhat.com","username":"tzumainn"},"change_message_id":"322b40b6fd0834f7d427bb2d090ae8e4407e206f","unresolved":false,"context_lines":[{"line_number":637,"context_line":"        for id_ in range(3, 5):"},{"line_number":638,"context_line":"            port \u003d obj_utils.create_test_port("},{"line_number":639,"context_line":"                self.context, uuid\u003duuidutils.generate_uuid(),"},{"line_number":640,"context_line":"                address\u003d\u002752:54:00:cf:2d:3%s\u0027 % id_)"},{"line_number":641,"context_line":"        data \u003d self.get_json(\u0027/ports\u0027, headers\u003d{\u0027X-Project-Id\u0027: \u002712345\u0027})"},{"line_number":642,"context_line":"        self.assertEqual(len(ports), len(data[\u0027ports\u0027]))"},{"line_number":643,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"3fa7e38b_2edf960c","line":640,"in_reply_to":"3fa7e38b_aed62652","updated":"2019-12-11 20:36:49.000000000","message":"Yeah, I can sympathize - I\u0027ve added some text here!","commit_id":"35fd3775dbd169eec987de8ffa06e7fcf6a8e35a"}],"releasenotes/notes/node-owner-policy-ports-1d3193fd897feaa6.yaml":[{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"c00f41429e0fd92fb7b3010b77b629639243f73f","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    A port\u0027s node\u0027s owner is now exposed to policy checks, giving Ironic"},{"line_number":5,"context_line":"    admins the option of modifying the policy file to allow users specified"},{"line_number":6,"context_line":"    by a node\u0027s owner field to perform API actions on that node\u0027s associated"},{"line_number":7,"context_line":"    ports through the ``is_node_owner`` rule."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"3fa7e38b_2b16a8a8","line":4,"updated":"2019-12-11 19:45:55.000000000","message":"I wonder if there is a better way to re-write this because the double implied ownership feels semi-confusing to me.","commit_id":"35fd3775dbd169eec987de8ffa06e7fcf6a8e35a"},{"author":{"_account_id":7386,"name":"Tzu-Mainn Chen","email":"tzumainn@redhat.com","username":"tzumainn"},"change_message_id":"322b40b6fd0834f7d427bb2d090ae8e4407e206f","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    A port\u0027s node\u0027s owner is now exposed to policy checks, giving Ironic"},{"line_number":5,"context_line":"    admins the option of modifying the policy file to allow users specified"},{"line_number":6,"context_line":"    by a node\u0027s owner field to perform API actions on that node\u0027s associated"},{"line_number":7,"context_line":"    ports through the ``is_node_owner`` rule."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"3fa7e38b_6e24aec3","line":4,"in_reply_to":"3fa7e38b_2b16a8a8","updated":"2019-12-11 20:36:49.000000000","message":"I\u0027ve reworded it - let me know what you think!","commit_id":"35fd3775dbd169eec987de8ffa06e7fcf6a8e35a"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"c00f41429e0fd92fb7b3010b77b629639243f73f","unresolved":false,"context_lines":[{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    A port\u0027s node\u0027s owner is now exposed to policy checks, giving Ironic"},{"line_number":5,"context_line":"    admins the option of modifying the policy file to allow users specified"},{"line_number":6,"context_line":"    by a node\u0027s owner field to perform API actions on that node\u0027s associated"},{"line_number":7,"context_line":"    ports through the ``is_node_owner`` rule."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"3fa7e38b_abd4d8bb","line":5,"range":{"start_line":5,"start_character":4,"end_line":5,"end_character":75},"updated":"2019-12-11 19:45:55.000000000","message":"Is there any reason we\u0027re not just doing this by default?","commit_id":"35fd3775dbd169eec987de8ffa06e7fcf6a8e35a"},{"author":{"_account_id":7386,"name":"Tzu-Mainn Chen","email":"tzumainn@redhat.com","username":"tzumainn"},"change_message_id":"322b40b6fd0834f7d427bb2d090ae8e4407e206f","unresolved":false,"context_lines":[{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    A port\u0027s node\u0027s owner is now exposed to policy checks, giving Ironic"},{"line_number":5,"context_line":"    admins the option of modifying the policy file to allow users specified"},{"line_number":6,"context_line":"    by a node\u0027s owner field to perform API actions on that node\u0027s associated"},{"line_number":7,"context_line":"    ports through the ``is_node_owner`` rule."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"3fa7e38b_ae38663a","line":5,"range":{"start_line":5,"start_character":4,"end_line":5,"end_character":75},"in_reply_to":"3fa7e38b_abd4d8bb","updated":"2019-12-11 20:36:49.000000000","message":"As I understand it, to ensure that someone doesn\u0027t upgrade ironic and accidentally expose APIs to non-admins. I think there was discussion around this point with the node policy patch.","commit_id":"35fd3775dbd169eec987de8ffa06e7fcf6a8e35a"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"57ae95de5bf466f948a90cb05893ede3221d53b2","unresolved":false,"context_lines":[{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    A port\u0027s node\u0027s owner is now exposed to policy checks, giving Ironic"},{"line_number":5,"context_line":"    admins the option of modifying the policy file to allow users specified"},{"line_number":6,"context_line":"    by a node\u0027s owner field to perform API actions on that node\u0027s associated"},{"line_number":7,"context_line":"    ports through the ``is_node_owner`` rule."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"3fa7e38b_89ad64eb","line":5,"range":{"start_line":5,"start_character":4,"end_line":5,"end_character":75},"in_reply_to":"3fa7e38b_ae38663a","updated":"2019-12-11 20:48:58.000000000","message":"Yeah, I guess that makes sense. Direct port access shouldn\u0027t be needed anyway by regular users as long as they use the vif attach/detach functionality on the node.","commit_id":"35fd3775dbd169eec987de8ffa06e7fcf6a8e35a"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"7711c2570c3a2272149c696e4902041da6313306","unresolved":false,"context_lines":[{"line_number":5,"context_line":"    to policy checks, giving Ironic admins the option of modifying the policy"},{"line_number":6,"context_line":"    file to allow users specified by a node\u0027s owner field to perform API"},{"line_number":7,"context_line":"    actions on that node\u0027s associated ports through the ``is_node_owner``"},{"line_number":8,"context_line":"    rule."}],"source_content_type":"text/x-yaml","patch_set":3,"id":"3fa7e38b_8996c493","line":8,"updated":"2019-12-11 20:49:55.000000000","message":"That is much better! Thanks!","commit_id":"3dee658bf4be14712b7051fad4f7ff780ed339a1"}]}