)]}'
{"keystone/common/policies/project_endpoint.py":[{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"987ce18f7252cd842056f130d44372f745a34bbd","unresolved":false,"context_lines":[{"line_number":41,"context_line":")"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"DEPRECATED_REASON \u003d \"\"\""},{"line_number":44,"context_line":"As of the Train release, the project endpoint API now understands default"},{"line_number":45,"context_line":"roles and system-scoped tokens, making the API more granular by default without"},{"line_number":46,"context_line":"compromising security. The new policy defaults account for these changes"},{"line_number":47,"context_line":"automatically. Be sure to take these new defaults into consideration if you are"},{"line_number":48,"context_line":"relying on overrides in your deployment for the project endpoint API."},{"line_number":49,"context_line":"\"\"\""},{"line_number":50,"context_line":""},{"line_number":51,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"3fa7e38b_f24338ae","line":48,"range":{"start_line":44,"start_character":0,"end_line":48,"end_character":69},"updated":"2019-09-19 14:18:29.000000000","message":"I think Colleen is in the process of consolidating these? Do we want to go ahead and consolidate this one now, too?","commit_id":"bdc8b9a78215831af42dcef982e16b414c41c654"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"6be064fa8b47955e0183b33fdb1f1f49dac3a5ac","unresolved":false,"context_lines":[{"line_number":41,"context_line":")"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"DEPRECATED_REASON \u003d \"\"\""},{"line_number":44,"context_line":"As of the Train release, the project endpoint API now understands default"},{"line_number":45,"context_line":"roles and system-scoped tokens, making the API more granular by default without"},{"line_number":46,"context_line":"compromising security. The new policy defaults account for these changes"},{"line_number":47,"context_line":"automatically. Be sure to take these new defaults into consideration if you are"},{"line_number":48,"context_line":"relying on overrides in your deployment for the project endpoint API."},{"line_number":49,"context_line":"\"\"\""},{"line_number":50,"context_line":""},{"line_number":51,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"3fa7e38b_93a8c3db","line":48,"range":{"start_line":44,"start_character":0,"end_line":48,"end_character":69},"in_reply_to":"3fa7e38b_f24338ae","updated":"2019-09-19 18:25:43.000000000","message":"I can just do another pass later","commit_id":"bdc8b9a78215831af42dcef982e16b414c41c654"}],"keystone/tests/protection/v3/test_project_endpoint.py":[{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"987ce18f7252cd842056f130d44372f745a34bbd","unresolved":false,"context_lines":[{"line_number":378,"context_line":"        self.useFixture(ksfixtures.Policy(self.config_fixture))"},{"line_number":379,"context_line":"        self.config_fixture.config(group\u003d\u0027oslo_policy\u0027, enforce_scope\u003dTrue)"},{"line_number":380,"context_line":""},{"line_number":381,"context_line":"        self.user_id \u003d self.bootstrapper.admin_user_id"},{"line_number":382,"context_line":"        auth \u003d self.build_authentication_request("},{"line_number":383,"context_line":"            user_id\u003dself.user_id,"},{"line_number":384,"context_line":"            password\u003dself.bootstrapper.admin_password,"},{"line_number":385,"context_line":"            project_id\u003dself.bootstrapper.project_id"},{"line_number":386,"context_line":"        )"},{"line_number":387,"context_line":""},{"line_number":388,"context_line":"        # Grab a token using the persona we\u0027re testing and prepare headers"}],"source_content_type":"text/x-python","patch_set":2,"id":"3fa7e38b_327230e5","line":385,"range":{"start_line":381,"start_character":0,"end_line":385,"end_character":51},"updated":"2019-09-19 14:18:29.000000000","message":"This is getting a token for a project administrator, but we\u0027re not overriding the policies from what I can tell. How are these still passing if the base.RULE_ADMIN_REQUIRED policy is getting OR\u0027d with the new policies?","commit_id":"bdc8b9a78215831af42dcef982e16b414c41c654"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"d0656b1225eafdcb09cbf30f32dc06b7960d1c01","unresolved":false,"context_lines":[{"line_number":378,"context_line":"        self.useFixture(ksfixtures.Policy(self.config_fixture))"},{"line_number":379,"context_line":"        self.config_fixture.config(group\u003d\u0027oslo_policy\u0027, enforce_scope\u003dTrue)"},{"line_number":380,"context_line":""},{"line_number":381,"context_line":"        self.user_id \u003d self.bootstrapper.admin_user_id"},{"line_number":382,"context_line":"        auth \u003d self.build_authentication_request("},{"line_number":383,"context_line":"            user_id\u003dself.user_id,"},{"line_number":384,"context_line":"            password\u003dself.bootstrapper.admin_password,"},{"line_number":385,"context_line":"            project_id\u003dself.bootstrapper.project_id"},{"line_number":386,"context_line":"        )"},{"line_number":387,"context_line":""},{"line_number":388,"context_line":"        # Grab a token using the persona we\u0027re testing and prepare headers"}],"source_content_type":"text/x-python","patch_set":2,"id":"3fa7e38b_5246cc7e","line":385,"range":{"start_line":381,"start_character":0,"end_line":385,"end_character":51},"in_reply_to":"3fa7e38b_327230e5","updated":"2019-09-19 14:20:31.000000000","message":"Oh - this is because we\u0027re relying on enforce scope being set to True.","commit_id":"bdc8b9a78215831af42dcef982e16b414c41c654"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"d0656b1225eafdcb09cbf30f32dc06b7960d1c01","unresolved":false,"context_lines":[{"line_number":419,"context_line":"        )[\u0027id\u0027]"},{"line_number":420,"context_line":""},{"line_number":421,"context_line":"        PROVIDERS.assignment_api.create_grant("},{"line_number":422,"context_line":"            self.bootstrapper.member_role_id, user_id\u003dself.user_id,"},{"line_number":423,"context_line":"            project_id\u003dself.project_id"},{"line_number":424,"context_line":"        )"},{"line_number":425,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"3fa7e38b_f2549823","line":422,"range":{"start_line":422,"start_character":30,"end_line":422,"end_character":44},"updated":"2019-09-19 14:20:31.000000000","message":"These tests would fail if we were using admin_role_id because the old policy would be OR\u0027d with the new policy.\n\nI was curious who these were passing without us overriding the policy file with the new defaults.","commit_id":"bdc8b9a78215831af42dcef982e16b414c41c654"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"6be064fa8b47955e0183b33fdb1f1f49dac3a5ac","unresolved":false,"context_lines":[{"line_number":419,"context_line":"        )[\u0027id\u0027]"},{"line_number":420,"context_line":""},{"line_number":421,"context_line":"        PROVIDERS.assignment_api.create_grant("},{"line_number":422,"context_line":"            self.bootstrapper.member_role_id, user_id\u003dself.user_id,"},{"line_number":423,"context_line":"            project_id\u003dself.project_id"},{"line_number":424,"context_line":"        )"},{"line_number":425,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"3fa7e38b_53d80b7e","line":422,"range":{"start_line":422,"start_character":30,"end_line":422,"end_character":44},"in_reply_to":"3fa7e38b_f2549823","updated":"2019-09-19 18:25:43.000000000","message":"Testing with enforce_scope\u003dfalse only makes sense if the admin role is used.","commit_id":"bdc8b9a78215831af42dcef982e16b414c41c654"}]}