)]}'
{"specs/keystone/ongoing/immutable-roles.rst":[{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"2083f8fb8e0452c6bc2b5465884a739ceb7e69f2","unresolved":false,"context_lines":[{"line_number":13,"context_line":"Keystone is a critical part of a cloud deployment. Administrators should take"},{"line_number":14,"context_line":"special care with configuration changes in keystone to avoid cascading bad"},{"line_number":15,"context_line":"changes to the rest of the cloud deployment, but keystone should also be more"},{"line_number":16,"context_line":"robust against accidentall footgunning."},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"Problem Description"},{"line_number":19,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":1,"id":"3f79a3b5_728e7b26","line":16,"range":{"start_line":16,"start_character":15,"end_line":16,"end_character":26},"updated":"2018-12-12 21:47:56.000000000","message":"accidental*","commit_id":"6d118203607c79eb87b83a8a1627b47a86d10e70"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"2083f8fb8e0452c6bc2b5465884a739ceb7e69f2","unresolved":false,"context_lines":[{"line_number":41,"context_line":"   set it."},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"#. Add a ``keystone-manage doctor`` check to alert operators if they have not"},{"line_number":44,"context_line":"   made the default roles immutable."},{"line_number":45,"context_line":""},{"line_number":46,"context_line":"#. Change the ``keystone-manage bootstrap`` behavior to make roles immutable by"},{"line_number":47,"context_line":"   default and opt-out available with ``--no-immutable-roles``."}],"source_content_type":"text/x-rst","patch_set":1,"id":"3f79a3b5_f2a12b95","line":44,"updated":"2018-12-12 21:47:56.000000000","message":"Oh nice - good call.\n\nAs I was writing my version, I was thinking if this would be useful for things like the identity service or endpoints.","commit_id":"6d118203607c79eb87b83a8a1627b47a86d10e70"},{"author":{"_account_id":2903,"name":"Morgan Fainberg","email":"morgan.fainberg@gmail.com","username":"mdrnstm"},"change_message_id":"97c141a9d34ba07bba9b7731a18db837fecf4d94","unresolved":false,"context_lines":[{"line_number":8,"context_line":"Make Default Roles Immutable by Default"},{"line_number":9,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"`bp immutable-roles \u003chttps://blueprints.launchpad.net/keystone/+spec/immutable-roles\u003e`_"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Keystone is a critical part of a cloud deployment. Administrators should take"},{"line_number":14,"context_line":"special care with configuration changes in keystone to avoid cascading bad"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3f79a3b5_3ceaf9e9","line":11,"range":{"start_line":11,"start_character":0,"end_line":11,"end_character":87},"updated":"2018-12-14 06:09:11.000000000","message":"Blueprints on LP are terrible, suggest using a bug for tracking instead.","commit_id":"557f3578859adf813a04411ad1fb07be3ce72302"},{"author":{"_account_id":2903,"name":"Morgan Fainberg","email":"morgan.fainberg@gmail.com","username":"mdrnstm"},"change_message_id":"edeb20f7fa7053c33fb25eb39be95459eb726aeb","unresolved":false,"context_lines":[{"line_number":8,"context_line":"Make Default Roles Immutable by Default"},{"line_number":9,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"`bp immutable-roles \u003chttps://blueprints.launchpad.net/keystone/+spec/immutable-roles\u003e`_"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Keystone is a critical part of a cloud deployment. Administrators should take"},{"line_number":14,"context_line":"special care with configuration changes in keystone to avoid cascading bad"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3f79a3b5_431b4d84","line":11,"range":{"start_line":11,"start_character":0,"end_line":11,"end_character":87},"in_reply_to":"3f79a3b5_22097229","updated":"2018-12-14 14:54:14.000000000","message":"Blueprints are a trainwreck and do not properly track patches and require manual intervention. Blueprints can also easily get mangled/anyone can edit them and lose all the data\n\nPlease do not use them in LP. \"We always did it this way\" is a TERRIBLE answer if the tool is just bad.\n\nA LP Bug comment is not mutable, so when a patch is proposed/merged you get a unchanging value showing when it happened.\n\nAn RFE bug linked for the spec is perfectly fine and then the spec links to the bug itself so anyone contributing code can see what but to use.\n\nBlueprints should not be used.","commit_id":"557f3578859adf813a04411ad1fb07be3ce72302"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"b489cd5bab02fdd4977b835fe49492f41d218af9","unresolved":false,"context_lines":[{"line_number":8,"context_line":"Make Default Roles Immutable by Default"},{"line_number":9,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"`bp immutable-roles \u003chttps://blueprints.launchpad.net/keystone/+spec/immutable-roles\u003e`_"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Keystone is a critical part of a cloud deployment. Administrators should take"},{"line_number":14,"context_line":"special care with configuration changes in keystone to avoid cascading bad"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3f79a3b5_22097229","line":11,"range":{"start_line":11,"start_character":0,"end_line":11,"end_character":87},"in_reply_to":"3f79a3b5_3ceaf9e9","updated":"2018-12-14 08:42:53.000000000","message":"The blueprint is only being used to link to the spec. This how we\u0027ve always done it. Opening a bug for a spec makes no sense.","commit_id":"557f3578859adf813a04411ad1fb07be3ce72302"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"828f6ec9cc9d4e92fcf8c55cd5c6d0360cabff90","unresolved":false,"context_lines":[{"line_number":8,"context_line":"Make Default Roles Immutable by Default"},{"line_number":9,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"`bp immutable-roles \u003chttps://blueprints.launchpad.net/keystone/+spec/immutable-roles\u003e`_"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Keystone is a critical part of a cloud deployment. Administrators should take"},{"line_number":14,"context_line":"special care with configuration changes in keystone to avoid cascading bad"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3f79a3b5_593c9c8e","line":11,"range":{"start_line":11,"start_character":0,"end_line":11,"end_character":87},"in_reply_to":"3f79a3b5_431b4d84","updated":"2018-12-14 15:52:40.000000000","message":"\u003e Blueprints are a trainwreck and do not properly track patches and\n \u003e require manual intervention. Blueprints can also easily get\n \u003e mangled/anyone can edit them and lose all the data\n\nIs the manual intervention part creating the blueprint, setting priority, and tracking a release? If so, bugs are susceptible to the same things. Also, tracking patches doesn\u0027t really have anything to do with launchpad necessarily, it\u0027s how we\u0027re using it and making sure we\u0027re properly referencing those blueprints from commit messages.\n\n \u003e \n \u003e Please do not use them in LP. \"We always did it this way\" is a\n \u003e TERRIBLE answer if the tool is just bad.\n \u003e \n \u003e A LP Bug comment is not mutable, so when a patch is proposed/merged\n \u003e you get a unchanging value showing when it happened.\n \u003e \n\nAgree that immutability can be nice, with a caveat. Only people who are logged in can modify a blueprints whiteboard.\n\nOn a side note, I did happen to stumble across a case where immutability can be tricky [0]. For example, if a feature goes through reverts, those are written to the whiteboard and would be written to the bug, too. Chasing those links in gerrit is confusing if you\u0027re trying to grasp the entire scope of the change. With blueprints, we at least have the ability to clear that out, correct it, and supply additional context (e.g., changes A, B, and C resulted in significant performance regression and were reverted with A\u0027, B\u0027, and C\u0027 - the feature was reimplemented with X, Y, and Z).\n\nWith bugs, comments are immutable, so a series of proposed changes that get reverted isn\u0027t really easy to consolidate outside of another contextual comment.\n\n[0] https://blueprints.launchpad.net/keystone/+spec/project-tree-deletion\n\n \u003e An RFE bug linked for the spec is perfectly fine and then the spec\n \u003e links to the bug itself so anyone contributing code can see what\n \u003e but to use.\n \u003e \n \u003e Blueprints should not be used.\n\nI can see the advantages and disadvantages of both. I also don\u0027t think we have a right or wrong answer since projects like nova use blueprints effectively while neutron uses RFE bugs effectively.\n\nSome of this probably falls on my shoulders since it\u0027s a PTL\u0027s job to manage this stuff in a clear and concise way.","commit_id":"557f3578859adf813a04411ad1fb07be3ce72302"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"10228a725082aa08dd708a3c825b8a0a28177dc7","unresolved":false,"context_lines":[{"line_number":13,"context_line":"Keystone is a critical part of a cloud deployment. Administrators should take"},{"line_number":14,"context_line":"special care with configuration changes in keystone to avoid cascading bad"},{"line_number":15,"context_line":"changes to the rest of the cloud deployment, but keystone should also be more"},{"line_number":16,"context_line":"robust against accidentall footgunning."},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"Problem Description"},{"line_number":19,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3f79a3b5_442da85c","line":16,"range":{"start_line":16,"start_character":15,"end_line":16,"end_character":26},"updated":"2018-12-13 18:28:27.000000000","message":"accidental","commit_id":"557f3578859adf813a04411ad1fb07be3ce72302"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"b489cd5bab02fdd4977b835fe49492f41d218af9","unresolved":false,"context_lines":[{"line_number":13,"context_line":"Keystone is a critical part of a cloud deployment. Administrators should take"},{"line_number":14,"context_line":"special care with configuration changes in keystone to avoid cascading bad"},{"line_number":15,"context_line":"changes to the rest of the cloud deployment, but keystone should also be more"},{"line_number":16,"context_line":"robust against accidentall footgunning."},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"Problem Description"},{"line_number":19,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3f79a3b5_e2b5ba1b","line":16,"range":{"start_line":16,"start_character":15,"end_line":16,"end_character":26},"in_reply_to":"3f79a3b5_442da85c","updated":"2018-12-14 08:42:53.000000000","message":"Done","commit_id":"557f3578859adf813a04411ad1fb07be3ce72302"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"10228a725082aa08dd708a3c825b8a0a28177dc7","unresolved":false,"context_lines":[{"line_number":24,"context_line":"Many roles are reused across OpenStack and some carry elevated authorization"},{"line_number":25,"context_line":"needed to manage the deployment. In some cases, the accidental removal of a role"},{"line_number":26,"context_line":"can be catastrophic to the deployment, since the deletion of a role triggers the"},{"line_number":27,"context_line":"deletion of all role assignments any user has in any scope for that role.. The"},{"line_number":28,"context_line":"fix in such a case usually requires modifying database entries by hand, which is"},{"line_number":29,"context_line":"a terrible practice in production environments."},{"line_number":30,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"3f79a3b5_243c2c90","line":27,"range":{"start_line":27,"start_character":73,"end_line":27,"end_character":74},"updated":"2018-12-13 18:28:27.000000000","message":"Extra punctuation","commit_id":"557f3578859adf813a04411ad1fb07be3ce72302"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"b489cd5bab02fdd4977b835fe49492f41d218af9","unresolved":false,"context_lines":[{"line_number":24,"context_line":"Many roles are reused across OpenStack and some carry elevated authorization"},{"line_number":25,"context_line":"needed to manage the deployment. In some cases, the accidental removal of a role"},{"line_number":26,"context_line":"can be catastrophic to the deployment, since the deletion of a role triggers the"},{"line_number":27,"context_line":"deletion of all role assignments any user has in any scope for that role.. The"},{"line_number":28,"context_line":"fix in such a case usually requires modifying database entries by hand, which is"},{"line_number":29,"context_line":"a terrible practice in production environments."},{"line_number":30,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"3f79a3b5_02b1d62c","line":27,"range":{"start_line":27,"start_character":73,"end_line":27,"end_character":74},"in_reply_to":"3f79a3b5_243c2c90","updated":"2018-12-14 08:42:53.000000000","message":"Done","commit_id":"557f3578859adf813a04411ad1fb07be3ce72302"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"10228a725082aa08dd708a3c825b8a0a28177dc7","unresolved":false,"context_lines":[{"line_number":66,"context_line":""},{"line_number":67,"context_line":"* Change roles to be soft-deleted. This doesn\u0027t change the fact that role"},{"line_number":68,"context_line":"  assignments are hard-deleted, but could make it easier to recover since the"},{"line_number":69,"context_line":"  role ID still resides in the database."},{"line_number":70,"context_line":""},{"line_number":71,"context_line":"* Change horizon to give a visual alert for potentially destructive actions like"},{"line_number":72,"context_line":"  deleting the admin role. This doesn\u0027t protect against bad scripts."}],"source_content_type":"text/x-rst","patch_set":2,"id":"3f79a3b5_a4603ca0","line":69,"updated":"2018-12-13 18:28:27.000000000","message":"Not that this really needs to be included in this specification, just thinking out loud.\n\nSoft-delete supports feels like an all-or-nothing thing to me. At least with the proposal here, there is a solid use case behind it. I get the impression we\u0027d be sending some mixed signals if we implemented soft-deletes for roles and not everything else in keystone (but I suppose the same could be said for immutability).","commit_id":"557f3578859adf813a04411ad1fb07be3ce72302"},{"author":{"_account_id":2903,"name":"Morgan Fainberg","email":"morgan.fainberg@gmail.com","username":"mdrnstm"},"change_message_id":"99c676532475b57815aaae9447fa2ee4f926a316","unresolved":false,"context_lines":[{"line_number":66,"context_line":""},{"line_number":67,"context_line":"* Change roles to be soft-deleted. This doesn\u0027t change the fact that role"},{"line_number":68,"context_line":"  assignments are hard-deleted, but could make it easier to recover since the"},{"line_number":69,"context_line":"  role ID still resides in the database."},{"line_number":70,"context_line":""},{"line_number":71,"context_line":"* Change horizon to give a visual alert for potentially destructive actions like"},{"line_number":72,"context_line":"  deleting the admin role. This doesn\u0027t protect against bad scripts."}],"source_content_type":"text/x-rst","patch_set":2,"id":"3f79a3b5_3c6519b2","line":69,"in_reply_to":"3f79a3b5_a4603ca0","updated":"2018-12-14 06:07:28.000000000","message":"It seems like we should be considering soft-deletes for everything at this point, but that is not relevant for this spec.","commit_id":"557f3578859adf813a04411ad1fb07be3ce72302"},{"author":{"_account_id":2903,"name":"Morgan Fainberg","email":"morgan.fainberg@gmail.com","username":"mdrnstm"},"change_message_id":"181f4558796722ee6a241b50a548550052b9eca1","unresolved":false,"context_lines":[{"line_number":84,"context_line":"Other End User Impact"},{"line_number":85,"context_line":"---------------------"},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"Administrative users will need to unset the ``immutable`` flag for a role if"},{"line_number":88,"context_line":"they truly want to delete the role. Client changes will be needed to allow the"},{"line_number":89,"context_line":"adminitrator to set a role as immutable or mutable. Non-administrative end users"},{"line_number":90,"context_line":"should see no difference."},{"line_number":91,"context_line":""},{"line_number":92,"context_line":"Performance Impact"},{"line_number":93,"context_line":"------------------"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3f79a3b5_5ee49741","line":90,"range":{"start_line":87,"start_character":0,"end_line":90,"end_character":25},"updated":"2018-12-13 17:03:20.000000000","message":"Immutable should prevent updates as well. Immutable should work similar to chattr +i.","commit_id":"557f3578859adf813a04411ad1fb07be3ce72302"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"b489cd5bab02fdd4977b835fe49492f41d218af9","unresolved":false,"context_lines":[{"line_number":84,"context_line":"Other End User Impact"},{"line_number":85,"context_line":"---------------------"},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"Administrative users will need to unset the ``immutable`` flag for a role if"},{"line_number":88,"context_line":"they truly want to delete the role. Client changes will be needed to allow the"},{"line_number":89,"context_line":"adminitrator to set a role as immutable or mutable. Non-administrative end users"},{"line_number":90,"context_line":"should see no difference."},{"line_number":91,"context_line":""},{"line_number":92,"context_line":"Performance Impact"},{"line_number":93,"context_line":"------------------"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3f79a3b5_c230beb9","line":90,"range":{"start_line":87,"start_character":0,"end_line":90,"end_character":25},"in_reply_to":"3f79a3b5_5ee49741","updated":"2018-12-14 08:42:53.000000000","message":"Done","commit_id":"557f3578859adf813a04411ad1fb07be3ce72302"}],"specs/keystone/train/immutable-resources.rst":[{"author":{"_account_id":2218,"name":"Adam Young","email":"adam@younglogic.com","username":"ayoung"},"change_message_id":"aba09d8a3c7fa23ef1807c4e5c777be92f99e9c2","unresolved":false,"context_lines":[{"line_number":5,"context_line":" http://creativecommons.org/licenses/by/3.0/legalcode"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":8,"context_line":"Immutable Resources"},{"line_number":9,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"`bug #1823258 \u003chttps://bugs.launchpad.net/keystone/+bug/1823258\u003e`_"}],"source_content_type":"text/x-rst","patch_set":6,"id":"ffb9cba7_b6f79159","line":8,"updated":"2019-04-30 16:33:08.000000000","message":"Make this immutable roles or expand the scope of the spec to all resources","commit_id":"1572633af3944b1de746785d26eb1b03e3124d2c"},{"author":{"_account_id":6593,"name":"Dirk Mueller","email":"dirk@dmllr.de","username":"dmllr"},"change_message_id":"9c9323f79930d484dbdd7c1e279dbd80a24980bf","unresolved":false,"context_lines":[{"line_number":24,"context_line":"Many roles are reused across OpenStack and some carry elevated authorization"},{"line_number":25,"context_line":"needed to manage the deployment. In some cases, the accidental removal of a role"},{"line_number":26,"context_line":"can be catastrophic to the deployment, since the deletion of a role triggers the"},{"line_number":27,"context_line":"deletion of all role assignments any user has in any scope for that role. The"},{"line_number":28,"context_line":"fix in such a case usually requires modifying database entries by hand, which is"},{"line_number":29,"context_line":"a terrible practice in production environments."},{"line_number":30,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"dfbec78f_4ff64692","line":27,"updated":"2019-05-04 15:20:00.000000000","message":"I think the specific problem was other openstack service users, so those should be protected in general to not pull the rug under a large part of the installation unintentionally","commit_id":"1572633af3944b1de746785d26eb1b03e3124d2c"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"0364558198aa4f990703a3ce96c091b652ef47e2","unresolved":false,"context_lines":[{"line_number":24,"context_line":"Many roles are reused across OpenStack and some carry elevated authorization"},{"line_number":25,"context_line":"needed to manage the deployment. In some cases, the accidental removal of a role"},{"line_number":26,"context_line":"can be catastrophic to the deployment, since the deletion of a role triggers the"},{"line_number":27,"context_line":"deletion of all role assignments any user has in any scope for that role. The"},{"line_number":28,"context_line":"fix in such a case usually requires modifying database entries by hand, which is"},{"line_number":29,"context_line":"a terrible practice in production environments."},{"line_number":30,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"dfbec78f_5868b7b7","line":27,"in_reply_to":"dfbec78f_4ff64692","updated":"2019-05-14 15:53:10.000000000","message":"I can update to call out service users specifically.","commit_id":"1572633af3944b1de746785d26eb1b03e3124d2c"},{"author":{"_account_id":2218,"name":"Adam Young","email":"adam@younglogic.com","username":"ayoung"},"change_message_id":"aba09d8a3c7fa23ef1807c4e5c777be92f99e9c2","unresolved":false,"context_lines":[{"line_number":37,"context_line":"Proposed Change"},{"line_number":38,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":39,"context_line":""},{"line_number":40,"context_line":"Keystone resources such roles, users, and projects will gain an ``immutable``"},{"line_number":41,"context_line":"flag as a `resource option`_. An immutable resource may not be deleted or"},{"line_number":42,"context_line":"altered except to turn off the immutable flag."},{"line_number":43,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"ffb9cba7_b6a55149","line":40,"updated":"2019-04-30 16:33:08.000000000","message":"assignments and service catalog as well.","commit_id":"1572633af3944b1de746785d26eb1b03e3124d2c"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"7234fecc82e5ed7debe6ec958823e012532e3a67","unresolved":false,"context_lines":[{"line_number":37,"context_line":"Proposed Change"},{"line_number":38,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":39,"context_line":""},{"line_number":40,"context_line":"Keystone resources such roles, users, and projects will gain an ``immutable``"},{"line_number":41,"context_line":"flag as a `resource option`_. An immutable resource may not be deleted or"},{"line_number":42,"context_line":"altered except to turn off the immutable flag."},{"line_number":43,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"ffb9cba7_076bc51d","line":40,"in_reply_to":"ffb9cba7_b6a55149","updated":"2019-05-01 14:15:13.000000000","message":"The spec is meant to address resources that would be catastrophic to delete. Deleting a role assignment is not catastrophic, you can just recreate it. Deleting a role, on the other hand, would be catastrophic because all of the role assignments also disappear.","commit_id":"1572633af3944b1de746785d26eb1b03e3124d2c"},{"author":{"_account_id":2218,"name":"Adam Young","email":"adam@younglogic.com","username":"ayoung"},"change_message_id":"aba09d8a3c7fa23ef1807c4e5c777be92f99e9c2","unresolved":false,"context_lines":[{"line_number":40,"context_line":"Keystone resources such roles, users, and projects will gain an ``immutable``"},{"line_number":41,"context_line":"flag as a `resource option`_. An immutable resource may not be deleted or"},{"line_number":42,"context_line":"altered except to turn off the immutable flag."},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"For most resources, users will opt into locking these resources by setting the"},{"line_number":45,"context_line":"flag. Eventually, the admin role should become immutable by default. However,"},{"line_number":46,"context_line":"hardcoding immutability would be extremely backwards incompatible, so we"}],"source_content_type":"text/x-rst","patch_set":6,"id":"ffb9cba7_d677a5d3","line":43,"updated":"2019-04-30 16:33:08.000000000","message":"\"Identifers for immutable resources will be precacluated based on the using a sha256 hash of the name.\"","commit_id":"1572633af3944b1de746785d26eb1b03e3124d2c"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"7234fecc82e5ed7debe6ec958823e012532e3a67","unresolved":false,"context_lines":[{"line_number":40,"context_line":"Keystone resources such roles, users, and projects will gain an ``immutable``"},{"line_number":41,"context_line":"flag as a `resource option`_. An immutable resource may not be deleted or"},{"line_number":42,"context_line":"altered except to turn off the immutable flag."},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"For most resources, users will opt into locking these resources by setting the"},{"line_number":45,"context_line":"flag. Eventually, the admin role should become immutable by default. However,"},{"line_number":46,"context_line":"hardcoding immutability would be extremely backwards incompatible, so we"}],"source_content_type":"text/x-rst","patch_set":6,"id":"ffb9cba7_278049bf","line":43,"in_reply_to":"ffb9cba7_d677a5d3","updated":"2019-05-01 14:15:13.000000000","message":"This is completely separate from ID generation.","commit_id":"1572633af3944b1de746785d26eb1b03e3124d2c"},{"author":{"_account_id":2218,"name":"Adam Young","email":"adam@younglogic.com","username":"ayoung"},"change_message_id":"aba09d8a3c7fa23ef1807c4e5c777be92f99e9c2","unresolved":false,"context_lines":[{"line_number":49,"context_line":"#. Add an ``immutable`` resource option to the role model. This will be off by"},{"line_number":50,"context_line":"   default, always."},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"#. Add an opt-in flag ``--immutable-roles`` to the ``keystone-manage bootstrap``"},{"line_number":53,"context_line":"   command which sets the ``immutable`` resource option on the default roles"},{"line_number":54,"context_line":"   (``admin``, ``member``, ``reader``) to ``true``. The command should also log"},{"line_number":55,"context_line":"   a warning that this will become default behavior in the future if they do not"}],"source_content_type":"text/x-rst","patch_set":6,"id":"ffb9cba7_36a16147","line":52,"updated":"2019-04-30 16:33:08.000000000","message":"--immutabe\u003droles  --immutable\u003didentity  --immutable\u003dassignemnt  --immutable\u003dresource","commit_id":"1572633af3944b1de746785d26eb1b03e3124d2c"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"7234fecc82e5ed7debe6ec958823e012532e3a67","unresolved":false,"context_lines":[{"line_number":49,"context_line":"#. Add an ``immutable`` resource option to the role model. This will be off by"},{"line_number":50,"context_line":"   default, always."},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"#. Add an opt-in flag ``--immutable-roles`` to the ``keystone-manage bootstrap``"},{"line_number":53,"context_line":"   command which sets the ``immutable`` resource option on the default roles"},{"line_number":54,"context_line":"   (``admin``, ``member``, ``reader``) to ``true``. The command should also log"},{"line_number":55,"context_line":"   a warning that this will become default behavior in the future if they do not"}],"source_content_type":"text/x-rst","patch_set":6,"id":"ffb9cba7_475e9d76","line":52,"in_reply_to":"ffb9cba7_36a16147","updated":"2019-05-01 14:15:13.000000000","message":"This illustrates an upgrade path to make roles immutable by default but I don\u0027t agree that all other resources need to be immutable by default.","commit_id":"1572633af3944b1de746785d26eb1b03e3124d2c"},{"author":{"_account_id":2218,"name":"Adam Young","email":"adam@younglogic.com","username":"ayoung"},"change_message_id":"aba09d8a3c7fa23ef1807c4e5c777be92f99e9c2","unresolved":false,"context_lines":[{"line_number":55,"context_line":"   a warning that this will become default behavior in the future if they do not"},{"line_number":56,"context_line":"   set it."},{"line_number":57,"context_line":""},{"line_number":58,"context_line":"#. Add a ``keystone-manage doctor`` check to alert operators if they have not"},{"line_number":59,"context_line":"   made the default roles immutable."},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"#. Change the ``keystone-manage bootstrap`` behavior to make roles immutable by"}],"source_content_type":"text/x-rst","patch_set":6,"id":"ffb9cba7_96a84d20","line":58,"updated":"2019-04-30 16:33:08.000000000","message":"also add a keystone-manage doctor check that identifies projects where the id does not match the precalcuated id","commit_id":"1572633af3944b1de746785d26eb1b03e3124d2c"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"7234fecc82e5ed7debe6ec958823e012532e3a67","unresolved":false,"context_lines":[{"line_number":55,"context_line":"   a warning that this will become default behavior in the future if they do not"},{"line_number":56,"context_line":"   set it."},{"line_number":57,"context_line":""},{"line_number":58,"context_line":"#. Add a ``keystone-manage doctor`` check to alert operators if they have not"},{"line_number":59,"context_line":"   made the default roles immutable."},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"#. Change the ``keystone-manage bootstrap`` behavior to make roles immutable by"}],"source_content_type":"text/x-rst","patch_set":6,"id":"ffb9cba7_e756b15c","line":58,"in_reply_to":"ffb9cba7_96a84d20","updated":"2019-05-01 14:15:13.000000000","message":"IDs are not related to this spec.","commit_id":"1572633af3944b1de746785d26eb1b03e3124d2c"},{"author":{"_account_id":2903,"name":"Morgan Fainberg","email":"morgan.fainberg@gmail.com","username":"mdrnstm"},"change_message_id":"38521f01bf940045f110a338ad9e5b874c12f7d5","unresolved":false,"context_lines":[{"line_number":55,"context_line":"   a warning that this will become default behavior in the future if they do not"},{"line_number":56,"context_line":"   set it."},{"line_number":57,"context_line":""},{"line_number":58,"context_line":"#. Add a ``keystone-manage doctor`` check to alert operators if they have not"},{"line_number":59,"context_line":"   made the default roles immutable."},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"#. Change the ``keystone-manage bootstrap`` behavior to make roles immutable by"}],"source_content_type":"text/x-rst","patch_set":6,"id":"ffb9cba7_eb2bd491","line":58,"in_reply_to":"ffb9cba7_e756b15c","updated":"2019-05-01 16:51:13.000000000","message":"I agree with Colleen, IDs have zero impact on immutability.","commit_id":"1572633af3944b1de746785d26eb1b03e3124d2c"},{"author":{"_account_id":2218,"name":"Adam Young","email":"adam@younglogic.com","username":"ayoung"},"change_message_id":"aba09d8a3c7fa23ef1807c4e5c777be92f99e9c2","unresolved":false,"context_lines":[{"line_number":59,"context_line":"   made the default roles immutable."},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"#. Change the ``keystone-manage bootstrap`` behavior to make roles immutable by"},{"line_number":62,"context_line":"   default and opt-out available with ``--no-immutable-roles``."},{"line_number":63,"context_line":""},{"line_number":64,"context_line":".. _resource option: https://docs.openstack.org/keystone/latest/admin/resource-options.html"},{"line_number":65,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"ffb9cba7_56bf3560","line":62,"updated":"2019-04-30 16:33:08.000000000","message":"--no-immutable\u003droles","commit_id":"1572633af3944b1de746785d26eb1b03e3124d2c"},{"author":{"_account_id":6593,"name":"Dirk Mueller","email":"dirk@dmllr.de","username":"dmllr"},"change_message_id":"4a3246ae2e843fa7e81c870241e57f6064a13207","unresolved":false,"context_lines":[{"line_number":67,"context_line":"------------"},{"line_number":68,"context_line":""},{"line_number":69,"context_line":"* Make role more like domains, which must be disabled and then deleted. This is"},{"line_number":70,"context_line":"  not backwards compatible."},{"line_number":71,"context_line":""},{"line_number":72,"context_line":"* Change roles to be soft-deleted. This doesn\u0027t change the fact that role"},{"line_number":73,"context_line":"  assignments are hard-deleted, but could make it easier to recover since the"}],"source_content_type":"text/x-rst","patch_set":6,"id":"dfbec78f_a35b632c","line":70,"updated":"2019-05-03 22:27:27.000000000","message":"Is this really a large concern? I mean, how often are people deleting roles? I really like the ideas that we don\u0027t introduce a new protection mechanism for each type of things in keystone. if domains have one way of making destructive operations a two step approach, is there a way to reuse that concept (or use this immutable flag proposal for domains as well going forward)?","commit_id":"1572633af3944b1de746785d26eb1b03e3124d2c"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"0364558198aa4f990703a3ce96c091b652ef47e2","unresolved":false,"context_lines":[{"line_number":67,"context_line":"------------"},{"line_number":68,"context_line":""},{"line_number":69,"context_line":"* Make role more like domains, which must be disabled and then deleted. This is"},{"line_number":70,"context_line":"  not backwards compatible."},{"line_number":71,"context_line":""},{"line_number":72,"context_line":"* Change roles to be soft-deleted. This doesn\u0027t change the fact that role"},{"line_number":73,"context_line":"  assignments are hard-deleted, but could make it easier to recover since the"}],"source_content_type":"text/x-rst","patch_set":6,"id":"dfbec78f_fd04fd19","line":70,"in_reply_to":"dfbec78f_a35b632c","updated":"2019-05-14 15:53:10.000000000","message":"Yes, maintaining the API contract is a top concern and is key to interoperability: http://specs.openstack.org/openstack/api-wg/guidelines/api_interoperability.html","commit_id":"1572633af3944b1de746785d26eb1b03e3124d2c"},{"author":{"_account_id":6593,"name":"Dirk Mueller","email":"dirk@dmllr.de","username":"dmllr"},"change_message_id":"4a3246ae2e843fa7e81c870241e57f6064a13207","unresolved":false,"context_lines":[{"line_number":69,"context_line":"* Make role more like domains, which must be disabled and then deleted. This is"},{"line_number":70,"context_line":"  not backwards compatible."},{"line_number":71,"context_line":""},{"line_number":72,"context_line":"* Change roles to be soft-deleted. This doesn\u0027t change the fact that role"},{"line_number":73,"context_line":"  assignments are hard-deleted, but could make it easier to recover since the"},{"line_number":74,"context_line":"  role ID still resides in the database."},{"line_number":75,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"dfbec78f_e37abb86","line":72,"updated":"2019-05-03 22:27:27.000000000","message":"What about the option of not allowing to delete a role unless all role assignments have been deleted, rather than recursively deleting all assignments as part of the role deletion?\n\nIMHO that would solve the \"damn, this was a fatfingered command!\" kind of moment without causing too much of a problem.","commit_id":"1572633af3944b1de746785d26eb1b03e3124d2c"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"0364558198aa4f990703a3ce96c091b652ef47e2","unresolved":false,"context_lines":[{"line_number":69,"context_line":"* Make role more like domains, which must be disabled and then deleted. This is"},{"line_number":70,"context_line":"  not backwards compatible."},{"line_number":71,"context_line":""},{"line_number":72,"context_line":"* Change roles to be soft-deleted. This doesn\u0027t change the fact that role"},{"line_number":73,"context_line":"  assignments are hard-deleted, but could make it easier to recover since the"},{"line_number":74,"context_line":"  role ID still resides in the database."},{"line_number":75,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"dfbec78f_d87ca784","line":72,"in_reply_to":"dfbec78f_e37abb86","updated":"2019-05-14 15:53:10.000000000","message":"That would be backwards incompatible, and would break the users who really do want create temporary roles and role assignments on-demand and delete them.","commit_id":"1572633af3944b1de746785d26eb1b03e3124d2c"}]}