)]}'
{"keystone/common/policies/user.py":[{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"335a9a3b3173dfdcd52ca315411484f966d41dae","unresolved":true,"context_lines":[{"line_number":91,"context_line":"        description\u003d(\u0027List all projects a user has access to via role \u0027"},{"line_number":92,"context_line":"                     \u0027assignments.\u0027),"},{"line_number":93,"context_line":"        operations\u003d[{\u0027path\u0027: \u0027 /v3/auth/projects\u0027,"},{"line_number":94,"context_line":"                     \u0027method\u0027: \u0027GET\u0027}]),"},{"line_number":95,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":96,"context_line":"        name\u003dbase.IDENTITY % \u0027list_domains_for_user\u0027,"},{"line_number":97,"context_line":"        check_str\u003d\u0027\u0027,"}],"source_content_type":"text/x-python","patch_set":1,"id":"2ab0eccf_56807b1b","side":"PARENT","line":94,"updated":"2021-01-06 14:12:01.000000000","message":"Operators who are overriding policies won\u0027t know we\u0027ve removed these upstream unless they review the code or read a release note if we include one.\n\nWe should deprecate these and allow a release or two for operators to adjust their policies if they\u0027re overriding them.\n\nhttps://docs.openstack.org/oslo.policy/latest/reference/api/oslo_policy.html#oslo_policy.policy.DeprecatedRule\n\nYou should be able to do something like:\n\n  policy.DocumentedRuleDefault(\n      name\u003dbase.IDENTITY % \u0027list_projects_for_user\u0027,\n      check_str\u003d\u0027\u0027,\n      description\u003d(\u0027List all projects a user has access to via role \u0027\n                   \u0027assignments.\u0027),\n      operations\u003d[{\u0027path\u0027: \u0027 /v3/auth/projects\u0027,\n                   \u0027method\u0027: \u0027GET\u0027}],\n      deprecated_for_removal\u003dTrue\n  )","commit_id":"a98f006f854be02e5682390012d8bb917f4f3940"}]}