)]}'
{"ironic/tests/unit/api/test_rbac_project_scoped.yaml":[{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"bbf89f0120113059a3efe76f0a52a369fc12c7b4","unresolved":true,"context_lines":[{"line_number":4,"context_line":"# it doesn\u0027t make sense to explicitly check if admin or member *CAN*"},{"line_number":5,"context_line":"# read an endpoint. The reader check should validate that they can"},{"line_number":6,"context_line":"# unless there is a specific somehow restricted endpoint. In those"},{"line_number":7,"context_line":"# cases, explicit tests should be added, but we\u0027re not really aware"},{"line_number":8,"context_line":"# of any at this time. The approach is otherwise a bit of a shotgun"},{"line_number":9,"context_line":"# approach. We\u0027re attempting to test owner, lessee, and a third party"},{"line_number":10,"context_line":"# project scoped admin token in an attempt to try and cover all of our"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"2a96f14e_0637568a","line":7,"updated":"2021-02-26 16:30:51.000000000","message":"I wonder if we should have at least one test, just to validate the cascade doesn\u0027t get busted.","commit_id":"df69b7d147dc9d69d36c392c5df89760ec4897e3"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"ed1498b3b7b6d732e28d19bba06a3c7371863840","unresolved":true,"context_lines":[{"line_number":4,"context_line":"# it doesn\u0027t make sense to explicitly check if admin or member *CAN*"},{"line_number":5,"context_line":"# read an endpoint. The reader check should validate that they can"},{"line_number":6,"context_line":"# unless there is a specific somehow restricted endpoint. In those"},{"line_number":7,"context_line":"# cases, explicit tests should be added, but we\u0027re not really aware"},{"line_number":8,"context_line":"# of any at this time. The approach is otherwise a bit of a shotgun"},{"line_number":9,"context_line":"# approach. We\u0027re attempting to test owner, lessee, and a third party"},{"line_number":10,"context_line":"# project scoped admin token in an attempt to try and cover all of our"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"57dda967_51b15f2c","line":7,"in_reply_to":"2a96f14e_0637568a","updated":"2021-03-03 13:41:58.000000000","message":"The system scoped ones mostly have that full checking. The project scope tests it is kind of sprinkled through since the cascade breaking will ripple.","commit_id":"df69b7d147dc9d69d36c392c5df89760ec4897e3"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"bbf89f0120113059a3efe76f0a52a369fc12c7b4","unresolved":true,"context_lines":[{"line_number":19,"context_line":"# One note regarding return codes. Third party admin, should mainly get"},{"line_number":20,"context_line":"# 404 return codes as opposed to 403. Because their view is filtered,"},{"line_number":21,"context_line":"# They can\u0027t find the resources to attempt to edit. This is a huge"},{"line_number":22,"context_line":"# distinction because we alsod on\u0027t want to leak that something exists"},{"line_number":23,"context_line":"# from a security point of view. If we don\u0027t return 404, and they get 403,"},{"line_number":24,"context_line":"# they can determine that something is special, something is different,"},{"line_number":25,"context_line":"# and from there try to determine *what* it is. The key in their case"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"4ed73452_a5adfd65","line":22,"updated":"2021-02-26 16:30:51.000000000","message":"nit: also don\u0027t","commit_id":"df69b7d147dc9d69d36c392c5df89760ec4897e3"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"bbf89f0120113059a3efe76f0a52a369fc12c7b4","unresolved":true,"context_lines":[{"line_number":1782,"context_line":"  assert_status: 403"},{"line_number":1783,"context_line":"  skip_reason: policy not implemented"},{"line_number":1784,"context_line":""},{"line_number":1785,"context_line":"# TODO(TheJulia): Huge question hitting me... will these 404 or 403 for 3rd party admin. Likely we should return 404 if they do not have rights to the node itself. A slight delineation between the two."},{"line_number":1786,"context_line":""},{"line_number":1787,"context_line":""},{"line_number":1788,"context_line":"# Volume(s) - https://docs.openstack.org/api-ref/baremetal/#volume-volume"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"66f414e5_f933ad66","line":1785,"updated":"2021-02-26 16:30:51.000000000","message":"I\u0027m not sure what this TODO refers to? Is it still valid?","commit_id":"df69b7d147dc9d69d36c392c5df89760ec4897e3"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"ed1498b3b7b6d732e28d19bba06a3c7371863840","unresolved":true,"context_lines":[{"line_number":1782,"context_line":"  assert_status: 403"},{"line_number":1783,"context_line":"  skip_reason: policy not implemented"},{"line_number":1784,"context_line":""},{"line_number":1785,"context_line":"# TODO(TheJulia): Huge question hitting me... will these 404 or 403 for 3rd party admin. Likely we should return 404 if they do not have rights to the node itself. A slight delineation between the two."},{"line_number":1786,"context_line":""},{"line_number":1787,"context_line":""},{"line_number":1788,"context_line":"# Volume(s) - https://docs.openstack.org/api-ref/baremetal/#volume-volume"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"26e64820_a37ee453","line":1785,"in_reply_to":"66f414e5_f933ad66","updated":"2021-03-03 13:41:58.000000000","message":"No longer valid.","commit_id":"df69b7d147dc9d69d36c392c5df89760ec4897e3"}]}
