)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"576c796fbebc95267b0a215d1564474aff893a31","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"76486c77_86e303b6","updated":"2023-03-21 16:04:29.000000000","message":"Some rewording suggestions noted inline.  -1 instead of a suggestion because the text needs to be updated to refer to the Bobcat release now.  (Unless this patch is deemed backportable to Antelope, which I personally think would be a good idea.)","commit_id":"3dc0625633e8b6fd71979986793cc41581f2b6b0"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"d02860b39729065fce7647e4ae576acca5c5c65b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"d06f667c_4efe598c","updated":"2023-03-27 06:44:07.000000000","message":"Thank you for inputs Brian, made changes as per your suggestion!","commit_id":"3dc0625633e8b6fd71979986793cc41581f2b6b0"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"82d9445dc2f074699296adb7c61a3a7ef01cd977","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"771dff60_80b3e98f","updated":"2023-01-16 05:40:09.000000000","message":"Thank you for review!","commit_id":"3dc0625633e8b6fd71979986793cc41581f2b6b0"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"676f798c30e9128593f306f30bbe7b1a42dfd8f8","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"f2665841_81926cee","updated":"2022-12-12 09:09:21.000000000","message":"recheck multiattach volume related failure","commit_id":"3dc0625633e8b6fd71979986793cc41581f2b6b0"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"4947ce0eee214f081d0348a079fe09ff44eede9e","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"bdfcbf93_990205c6","updated":"2023-03-28 17:47:13.000000000","message":"Just noticed that there\u0027s a block of text that needs to be moved to make sense.  Otherwise, the revisions LGTM.","commit_id":"2cdee78b822801b46723d5139de10d4f7db084c8"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"144382c91e4aa1b3ccb0ce1f92cc2270f1d6539b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"61c220d3_a7a457dd","updated":"2023-03-28 17:27:22.000000000","message":"Revision LGTM!","commit_id":"2cdee78b822801b46723d5139de10d4f7db084c8"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"e2a5e468e48ca85b2287a99212cfd206ee580f09","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"4e409622_749e2829","updated":"2023-03-28 17:53:12.000000000","message":"Done, Thank you for pointing it!","commit_id":"d0eacc4729065c8e28b64e425cd89bf01b80517f"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"dc7c75eb6d7d5beb5523faf37af600a3836a0ea6","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"816d4bef_f9533e4e","updated":"2023-03-30 14:16:35.000000000","message":"Revisions LGTM!","commit_id":"d0eacc4729065c8e28b64e425cd89bf01b80517f"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"b25cf64f442e0a908e50edc4d6845c8fbd2b3812","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"00ee8cf1_31b92d28","updated":"2023-08-04 05:38:16.000000000","message":"recheck\n\ngrenade job failing with volume not going to is-use state, This is not related or any known failure. should be some slow node/test.\n\ndie 68 \u0027Timed out waiting for volume cinder_grenade_vol3 status to be in-use\u0027\n\ntempest-full-py3 job multiple tests are failing with Identity related error while setting credentials\n\ntempest.lib.exceptions.IdentityError: Got identity error\nDetails: Unexpected status code 500","commit_id":"d0eacc4729065c8e28b64e425cd89bf01b80517f"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"c2680f82490fd0a5d3f4683d68db286c3250e455","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"ae6c5bc1_92f52c09","updated":"2023-08-04 03:37:12.000000000","message":"recheck \n\ngrenade job failing with volume not going to is-use state, This is not related or any known failure. should be some slow node/test.\n\ndie 68 \u0027Timed out waiting for volume cinder_grenade_vol3 status to be in-use\u0027","commit_id":"d0eacc4729065c8e28b64e425cd89bf01b80517f"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"ed4a79b3629876a2f804aa421fbdd231ba01b35f","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"b6a15cb9_a0462aeb","updated":"2023-08-03 17:23:02.000000000","message":"recheck ssh timeout while resizing volumebacked server","commit_id":"d0eacc4729065c8e28b64e425cd89bf01b80517f"}],"doc/source/admin/service-api-protection.rst":[{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"576c796fbebc95267b0a215d1564474aff893a31","unresolved":true,"context_lines":[{"line_number":25,"context_line":"functionality to their team, auditors, customers, and users without maintaining"},{"line_number":26,"context_line":"custom policies."},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"In addition to ``admin``, ``member``, and ``reader`` role, from Antelope"},{"line_number":29,"context_line":"release keystone will provide ``Service`` role by default as well. Operators"},{"line_number":30,"context_line":"can use this role for service to service API calls instead of using ``Admin``"},{"line_number":31,"context_line":"role for the same. The service role will be separate from ``admin``,"}],"source_content_type":"text/x-rst","patch_set":5,"id":"74c15316_1dff41fe","line":28,"range":{"start_line":28,"start_character":64,"end_line":28,"end_character":72},"updated":"2023-03-21 16:04:29.000000000","message":"Is this change backportable (would be nice ...)?  Otherwise, this needs to change to \u00272023.2 (Bobcat)\u0027","commit_id":"3dc0625633e8b6fd71979986793cc41581f2b6b0"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"d02860b39729065fce7647e4ae576acca5c5c65b","unresolved":true,"context_lines":[{"line_number":25,"context_line":"functionality to their team, auditors, customers, and users without maintaining"},{"line_number":26,"context_line":"custom policies."},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"In addition to ``admin``, ``member``, and ``reader`` role, from Antelope"},{"line_number":29,"context_line":"release keystone will provide ``Service`` role by default as well. Operators"},{"line_number":30,"context_line":"can use this role for service to service API calls instead of using ``Admin``"},{"line_number":31,"context_line":"role for the same. The service role will be separate from ``admin``,"}],"source_content_type":"text/x-rst","patch_set":5,"id":"8b789f19_6bc59455","line":28,"range":{"start_line":28,"start_character":64,"end_line":28,"end_character":72},"in_reply_to":"74c15316_1dff41fe","updated":"2023-03-27 06:44:07.000000000","message":"Not sure,as this is associated with bug we can backport it but I will let keystone cores to decide about it.","commit_id":"3dc0625633e8b6fd71979986793cc41581f2b6b0"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"576c796fbebc95267b0a215d1564474aff893a31","unresolved":true,"context_lines":[{"line_number":26,"context_line":"custom policies."},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"In addition to ``admin``, ``member``, and ``reader`` role, from Antelope"},{"line_number":29,"context_line":"release keystone will provide ``Service`` role by default as well. Operators"},{"line_number":30,"context_line":"can use this role for service to service API calls instead of using ``Admin``"},{"line_number":31,"context_line":"role for the same. The service role will be separate from ``admin``,"},{"line_number":32,"context_line":"``member``, ``reader`` and will not implicate any  of these roles."}],"source_content_type":"text/x-rst","patch_set":5,"id":"9ca63587_f60ac152","line":29,"updated":"2023-03-21 16:04:29.000000000","message":"I think this should be lower case (same with Admin in line 30)","commit_id":"3dc0625633e8b6fd71979986793cc41581f2b6b0"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"d02860b39729065fce7647e4ae576acca5c5c65b","unresolved":false,"context_lines":[{"line_number":26,"context_line":"custom policies."},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"In addition to ``admin``, ``member``, and ``reader`` role, from Antelope"},{"line_number":29,"context_line":"release keystone will provide ``Service`` role by default as well. Operators"},{"line_number":30,"context_line":"can use this role for service to service API calls instead of using ``Admin``"},{"line_number":31,"context_line":"role for the same. The service role will be separate from ``admin``,"},{"line_number":32,"context_line":"``member``, ``reader`` and will not implicate any  of these roles."}],"source_content_type":"text/x-rst","patch_set":5,"id":"35081fcd_88ad6bc3","line":29,"in_reply_to":"9ca63587_f60ac152","updated":"2023-03-27 06:44:07.000000000","message":"Done","commit_id":"3dc0625633e8b6fd71979986793cc41581f2b6b0"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"576c796fbebc95267b0a215d1564474aff893a31","unresolved":true,"context_lines":[{"line_number":37,"context_line":"Roles Definitions"},{"line_number":38,"context_line":"-----------------"},{"line_number":39,"context_line":""},{"line_number":40,"context_line":"The default roles provided by keystone, via ``keystone-manage bootstrap``, are"},{"line_number":41,"context_line":"related through role implications. The ``admin`` role implies the ``member``"},{"line_number":42,"context_line":"role, and the ``member`` role implies the ``reader`` role. These implications"},{"line_number":43,"context_line":"mean users with the ``admin`` role automatically have the ``member`` and"},{"line_number":44,"context_line":"``reader`` roles. Additionally, users with the ``member`` role automatically"}],"source_content_type":"text/x-rst","patch_set":5,"id":"6cdcfd8f_e011f467","line":41,"range":{"start_line":40,"start_character":0,"end_line":41,"end_character":34},"updated":"2023-03-21 16:04:29.000000000","message":"I suggest changing to:\n\n  The default roles provided by keystone via ``keystone-manage bootstrap`` (except for the ``service`` role) are related through role implications.","commit_id":"3dc0625633e8b6fd71979986793cc41581f2b6b0"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"d02860b39729065fce7647e4ae576acca5c5c65b","unresolved":false,"context_lines":[{"line_number":37,"context_line":"Roles Definitions"},{"line_number":38,"context_line":"-----------------"},{"line_number":39,"context_line":""},{"line_number":40,"context_line":"The default roles provided by keystone, via ``keystone-manage bootstrap``, are"},{"line_number":41,"context_line":"related through role implications. The ``admin`` role implies the ``member``"},{"line_number":42,"context_line":"role, and the ``member`` role implies the ``reader`` role. These implications"},{"line_number":43,"context_line":"mean users with the ``admin`` role automatically have the ``member`` and"},{"line_number":44,"context_line":"``reader`` roles. Additionally, users with the ``member`` role automatically"}],"source_content_type":"text/x-rst","patch_set":5,"id":"7d78153d_40dc9bf6","line":41,"range":{"start_line":40,"start_character":0,"end_line":41,"end_character":34},"in_reply_to":"6cdcfd8f_e011f467","updated":"2023-03-27 06:44:07.000000000","message":"Done","commit_id":"3dc0625633e8b6fd71979986793cc41581f2b6b0"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"576c796fbebc95267b0a215d1564474aff893a31","unresolved":true,"context_lines":[{"line_number":141,"context_line":"Service"},{"line_number":142,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":143,"context_line":""},{"line_number":144,"context_line":"We reserve the ``service`` role for Service-to-service communication. It is"},{"line_number":145,"context_line":"important to note that we need to keep all the service-to-service APIs"},{"line_number":146,"context_line":"default to ``service`` role only. For example, a policy that requires"},{"line_number":147,"context_line":"``service`` can be expressed as:"},{"line_number":148,"context_line":""},{"line_number":149,"context_line":".. code-block:: yaml"}],"source_content_type":"text/x-rst","patch_set":5,"id":"bbb7b86d_c2d8846f","line":146,"range":{"start_line":144,"start_character":70,"end_line":146,"end_character":33},"updated":"2023-03-21 16:04:29.000000000","message":"I suggest replacing with:\n\n  The aim of a ``service`` role is to allow a service to communicate with another service and possibly be granted elevated privileges by the service receiving the request.  Before the introduction of the ``service`` role, a service had to be granted the ``admin`` role in order to have elevated privileges, which gave a service powers way beyond what was necessary.  With the ``service`` role in place, we can now allow all service-to-service APIs to default to the ``service`` role only.","commit_id":"3dc0625633e8b6fd71979986793cc41581f2b6b0"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"d02860b39729065fce7647e4ae576acca5c5c65b","unresolved":false,"context_lines":[{"line_number":141,"context_line":"Service"},{"line_number":142,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":143,"context_line":""},{"line_number":144,"context_line":"We reserve the ``service`` role for Service-to-service communication. It is"},{"line_number":145,"context_line":"important to note that we need to keep all the service-to-service APIs"},{"line_number":146,"context_line":"default to ``service`` role only. For example, a policy that requires"},{"line_number":147,"context_line":"``service`` can be expressed as:"},{"line_number":148,"context_line":""},{"line_number":149,"context_line":".. code-block:: yaml"}],"source_content_type":"text/x-rst","patch_set":5,"id":"0a4674fa_94288091","line":146,"range":{"start_line":144,"start_character":70,"end_line":146,"end_character":33},"in_reply_to":"bbb7b86d_c2d8846f","updated":"2023-03-27 06:44:07.000000000","message":"Done","commit_id":"3dc0625633e8b6fd71979986793cc41581f2b6b0"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"576c796fbebc95267b0a215d1564474aff893a31","unresolved":true,"context_lines":[{"line_number":158,"context_line":".. code-block:: yaml"},{"line_number":159,"context_line":""},{"line_number":160,"context_line":"    \"identity:create_foo\": \"role:service\" or \"role:admin\""},{"line_number":161,"context_line":""},{"line_number":162,"context_line":"---------------"},{"line_number":163,"context_line":"System Personas"},{"line_number":164,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":5,"id":"1604c8ac_14fe8587","line":161,"updated":"2023-03-21 16:04:29.000000000","message":"Not sure where this should go in this section, but we should add:\n\n  .. note::\n     Unlike the other default roles, the ``service`` role is *not* a member\n     of a role hierarchy.  It is a standalone role.","commit_id":"3dc0625633e8b6fd71979986793cc41581f2b6b0"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"d02860b39729065fce7647e4ae576acca5c5c65b","unresolved":false,"context_lines":[{"line_number":158,"context_line":".. code-block:: yaml"},{"line_number":159,"context_line":""},{"line_number":160,"context_line":"    \"identity:create_foo\": \"role:service\" or \"role:admin\""},{"line_number":161,"context_line":""},{"line_number":162,"context_line":"---------------"},{"line_number":163,"context_line":"System Personas"},{"line_number":164,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":5,"id":"280c769f_7afc92e3","line":161,"in_reply_to":"1604c8ac_14fe8587","updated":"2023-03-27 06:44:07.000000000","message":"Done","commit_id":"3dc0625633e8b6fd71979986793cc41581f2b6b0"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"4947ce0eee214f081d0348a079fe09ff44eede9e","unresolved":true,"context_lines":[{"line_number":134,"context_line":"the tenancy of their role assignment (this doesn\u0027t apply consistently since"},{"line_number":135,"context_line":"services are addressing this individually at their own pace)."},{"line_number":136,"context_line":""},{"line_number":137,"context_line":".. note::"},{"line_number":138,"context_line":""},{"line_number":139,"context_line":"   As of the Train release, keystone applies the following personas"},{"line_number":140,"context_line":"   consistently across its API."},{"line_number":141,"context_line":""},{"line_number":142,"context_line":"Service"},{"line_number":143,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":144,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"27a3efef_52c992c5","line":141,"range":{"start_line":137,"start_character":0,"end_line":141,"end_character":0},"updated":"2023-03-28 17:47:13.000000000","message":"I just noticed that this Note section needs to be located immediately before the section starting at line 172.","commit_id":"2cdee78b822801b46723d5139de10d4f7db084c8"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"e2a5e468e48ca85b2287a99212cfd206ee580f09","unresolved":false,"context_lines":[{"line_number":134,"context_line":"the tenancy of their role assignment (this doesn\u0027t apply consistently since"},{"line_number":135,"context_line":"services are addressing this individually at their own pace)."},{"line_number":136,"context_line":""},{"line_number":137,"context_line":".. note::"},{"line_number":138,"context_line":""},{"line_number":139,"context_line":"   As of the Train release, keystone applies the following personas"},{"line_number":140,"context_line":"   consistently across its API."},{"line_number":141,"context_line":""},{"line_number":142,"context_line":"Service"},{"line_number":143,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":144,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"dab4fcbf_5a88bc67","line":141,"range":{"start_line":137,"start_character":0,"end_line":141,"end_character":0},"in_reply_to":"27a3efef_52c992c5","updated":"2023-03-28 17:53:12.000000000","message":"Done","commit_id":"2cdee78b822801b46723d5139de10d4f7db084c8"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"810a7b19775e15d666304b96f050eb0f0c553472","unresolved":true,"context_lines":[{"line_number":154,"context_line":"There might be exception service-to-service APIs which project think are"},{"line_number":155,"context_line":"useful to be used by admin or non-admin user then they can take the"},{"line_number":156,"context_line":"exceptional decision to default them to user role and ``service`` role.  For"},{"line_number":157,"context_line":"example, a policy that requires ``service`` and ``admin`` can be expressed as:"},{"line_number":158,"context_line":""},{"line_number":159,"context_line":".. code-block:: yaml"},{"line_number":160,"context_line":""}],"source_content_type":"text/x-rst","patch_set":7,"id":"d4b505ca_6101e27e","line":157,"range":{"start_line":157,"start_character":44,"end_line":157,"end_character":47},"updated":"2023-08-04 09:49:11.000000000","message":"Either the \"and\" here means \"or\" or the example below doesn\u0027t match.","commit_id":"d0eacc4729065c8e28b64e425cd89bf01b80517f"}],"doc/source/contributor/services.rst":[{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"576c796fbebc95267b0a215d1564474aff893a31","unresolved":true,"context_lines":[{"line_number":337,"context_line":"   \"service:foobar:update\": \"role:member\""},{"line_number":338,"context_line":"   \"service:foobar:delete\": \"role:admin\""},{"line_number":339,"context_line":""},{"line_number":340,"context_line":"In addition to above roles, from Antelope release"},{"line_number":341,"context_line":"``keystone-manage bootstrap`` will provide `service` role as well. If `service`"},{"line_number":342,"context_line":"role is already present in the deployment then existing role(s) should not be"},{"line_number":343,"context_line":"deleted and recreated so that we don\u0027t break anything relying on the role ID."}],"source_content_type":"text/x-rst","patch_set":5,"id":"1480d5a6_39202611","line":340,"range":{"start_line":340,"start_character":33,"end_line":340,"end_character":41},"updated":"2023-03-21 16:04:29.000000000","message":"2023.2 (Bobcat)","commit_id":"3dc0625633e8b6fd71979986793cc41581f2b6b0"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"d02860b39729065fce7647e4ae576acca5c5c65b","unresolved":false,"context_lines":[{"line_number":337,"context_line":"   \"service:foobar:update\": \"role:member\""},{"line_number":338,"context_line":"   \"service:foobar:delete\": \"role:admin\""},{"line_number":339,"context_line":""},{"line_number":340,"context_line":"In addition to above roles, from Antelope release"},{"line_number":341,"context_line":"``keystone-manage bootstrap`` will provide `service` role as well. If `service`"},{"line_number":342,"context_line":"role is already present in the deployment then existing role(s) should not be"},{"line_number":343,"context_line":"deleted and recreated so that we don\u0027t break anything relying on the role ID."}],"source_content_type":"text/x-rst","patch_set":5,"id":"5426f53d_6fc7eaae","line":340,"range":{"start_line":340,"start_character":33,"end_line":340,"end_character":41},"in_reply_to":"1480d5a6_39202611","updated":"2023-03-27 06:44:07.000000000","message":"Done","commit_id":"3dc0625633e8b6fd71979986793cc41581f2b6b0"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"576c796fbebc95267b0a215d1564474aff893a31","unresolved":true,"context_lines":[{"line_number":338,"context_line":"   \"service:foobar:delete\": \"role:admin\""},{"line_number":339,"context_line":""},{"line_number":340,"context_line":"In addition to above roles, from Antelope release"},{"line_number":341,"context_line":"``keystone-manage bootstrap`` will provide `service` role as well. If `service`"},{"line_number":342,"context_line":"role is already present in the deployment then existing role(s) should not be"},{"line_number":343,"context_line":"deleted and recreated so that we don\u0027t break anything relying on the role ID."},{"line_number":344,"context_line":"Once service role is created, OpenStack service"},{"line_number":345,"context_line":"developers can start integrating it into their default policies as expressed:"},{"line_number":346,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"a6ab145a_bbd152af","line":343,"range":{"start_line":341,"start_character":67,"end_line":343,"end_character":77},"updated":"2023-03-21 16:04:29.000000000","message":"How about:\n\n  If a ``service`` role is already present in the deployment, then a new one\n  is not created.  This way any local scripts relying on the role ID will not\n  be broken.\n  .. note::\n  If you already have a ``service`` role in your deployment, you should\n  review its usage to make sure it is used only for service-to-service\n  communication.","commit_id":"3dc0625633e8b6fd71979986793cc41581f2b6b0"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"576c796fbebc95267b0a215d1564474aff893a31","unresolved":true,"context_lines":[{"line_number":341,"context_line":"``keystone-manage bootstrap`` will provide `service` role as well. If `service`"},{"line_number":342,"context_line":"role is already present in the deployment then existing role(s) should not be"},{"line_number":343,"context_line":"deleted and recreated so that we don\u0027t break anything relying on the role ID."},{"line_number":344,"context_line":"Once service role is created, OpenStack service"},{"line_number":345,"context_line":"developers can start integrating it into their default policies as expressed:"},{"line_number":346,"context_line":""},{"line_number":347,"context_line":".. code-block:: python"}],"source_content_type":"text/x-rst","patch_set":5,"id":"0debd507_bce56df7","line":344,"range":{"start_line":344,"start_character":5,"end_line":344,"end_character":12},"updated":"2023-03-21 16:04:29.000000000","message":"this should be in double-backticks (``) (the second one on this line is fine).\n\nYou should also be using double-backticks on line 341.","commit_id":"3dc0625633e8b6fd71979986793cc41581f2b6b0"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"d02860b39729065fce7647e4ae576acca5c5c65b","unresolved":false,"context_lines":[{"line_number":341,"context_line":"``keystone-manage bootstrap`` will provide `service` role as well. If `service`"},{"line_number":342,"context_line":"role is already present in the deployment then existing role(s) should not be"},{"line_number":343,"context_line":"deleted and recreated so that we don\u0027t break anything relying on the role ID."},{"line_number":344,"context_line":"Once service role is created, OpenStack service"},{"line_number":345,"context_line":"developers can start integrating it into their default policies as expressed:"},{"line_number":346,"context_line":""},{"line_number":347,"context_line":".. code-block:: python"}],"source_content_type":"text/x-rst","patch_set":5,"id":"db9e2f1b_7c8d3f62","line":344,"range":{"start_line":344,"start_character":5,"end_line":344,"end_character":12},"in_reply_to":"0debd507_bce56df7","updated":"2023-03-27 06:44:07.000000000","message":"Done","commit_id":"3dc0625633e8b6fd71979986793cc41581f2b6b0"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"810a7b19775e15d666304b96f050eb0f0c553472","unresolved":true,"context_lines":[{"line_number":346,"context_line":".. note::"},{"line_number":347,"context_line":"    If you already have a ``service`` role in your deployment, you should"},{"line_number":348,"context_line":"    review its usage to make sure it is used only for service-to-service"},{"line_number":349,"context_line":"    communication."},{"line_number":350,"context_line":""},{"line_number":351,"context_line":"Once ``service`` role is created, OpenStack service"},{"line_number":352,"context_line":"developers can start integrating it into their default policies as expressed:"}],"source_content_type":"text/x-rst","patch_set":7,"id":"e283e5c6_22cbfd90","line":349,"updated":"2023-08-04 09:49:11.000000000","message":"IMO this note should also be present in the upgrade reno section.","commit_id":"d0eacc4729065c8e28b64e425cd89bf01b80517f"}],"keystone/cmd/cli.py":[{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"810a7b19775e15d666304b96f050eb0f0c553472","unresolved":true,"context_lines":[{"line_number":112,"context_line":"                            default\u003dTrue,"},{"line_number":113,"context_line":"                            action\u003d\u0027store_true\u0027,"},{"line_number":114,"context_line":"                            help\u003d(\u0027Whether default roles (admin, member, and \u0027"},{"line_number":115,"context_line":"                                  \u0027reader) should be immutable. This is the \u0027"},{"line_number":116,"context_line":"                                  \u0027default.\u0027))"},{"line_number":117,"context_line":"        parser.add_argument(\u0027--no-immutable-roles\u0027,"},{"line_number":118,"context_line":"                            default\u003dFalse,"}],"source_content_type":"text/x-python","patch_set":7,"id":"42be2c25_28d1fa61","line":115,"updated":"2023-08-04 09:49:11.000000000","message":"should this also include the service role?","commit_id":"d0eacc4729065c8e28b64e425cd89bf01b80517f"}],"keystone/tests/unit/test_cli.py":[{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"77f4423162a25cafa6eab3c315e58158ef6e2da6","unresolved":true,"context_lines":[{"line_number":141,"context_line":"                project[\u0027id\u0027]))"},{"line_number":142,"context_line":""},{"line_number":143,"context_line":"        role_list_len \u003d 4"},{"line_number":144,"context_line":"        if bootstrap.bootstrapper.project_name:"},{"line_number":145,"context_line":"            role_list_len \u003d 3"},{"line_number":146,"context_line":""},{"line_number":147,"context_line":"        self.assertIs(role_list_len, len(role_list))"}],"source_content_type":"text/x-python","patch_set":5,"id":"655c953c_92da126b","line":144,"updated":"2023-01-13 15:55:22.000000000","message":"Can you please explain the change here? I\u0027m not entirely understanding this part.","commit_id":"3dc0625633e8b6fd71979986793cc41581f2b6b0"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"82d9445dc2f074699296adb7c61a3a7ef01cd977","unresolved":true,"context_lines":[{"line_number":141,"context_line":"                project[\u0027id\u0027]))"},{"line_number":142,"context_line":""},{"line_number":143,"context_line":"        role_list_len \u003d 4"},{"line_number":144,"context_line":"        if bootstrap.bootstrapper.project_name:"},{"line_number":145,"context_line":"            role_list_len \u003d 3"},{"line_number":146,"context_line":""},{"line_number":147,"context_line":"        self.assertIs(role_list_len, len(role_list))"}],"source_content_type":"text/x-python","patch_set":5,"id":"91329e7b_9e329820","line":144,"in_reply_to":"655c953c_92da126b","updated":"2023-01-16 05:40:09.000000000","message":"Need to understand bootstrap execution for this;\nIf you specify any project name for bootstrap command then there is no need to create service role for that project, it requires only admin, member and reader roles. \n\nAs this method is commonly used in many tests I have opted this way rather than duplicating the entire code to check for service role is created or not.","commit_id":"3dc0625633e8b6fd71979986793cc41581f2b6b0"}],"releasenotes/notes/bug-1951632-11272e49e2fa439d.yaml":[{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"576c796fbebc95267b0a215d1564474aff893a31","unresolved":true,"context_lines":[{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"      [`bug 1951632 \u003chttps://bugs.launchpad.net/keystone/+bug/1951632\u003e`_]"},{"line_number":5,"context_line":"      Support has been added for deploying `service` role during the bootstrap"},{"line_number":6,"context_line":"      process in addition to the `admin`, `member` and `reader` role."},{"line_number":7,"context_line":"upgrades:"},{"line_number":8,"context_line":"  - |"},{"line_number":9,"context_line":"      If the bootstrap process is re-run, and a `service` role already exists,"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"32304e83_271e0519","line":6,"range":{"start_line":5,"start_character":0,"end_line":6,"end_character":69},"updated":"2023-03-21 16:04:29.000000000","message":"These need to be enclosed in double-backticks (``), otherwise they will be rendered as italics instead of in monospace font.  Same in the \u0027upgrade\u0027 section.","commit_id":"3dc0625633e8b6fd71979986793cc41581f2b6b0"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"d02860b39729065fce7647e4ae576acca5c5c65b","unresolved":false,"context_lines":[{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"      [`bug 1951632 \u003chttps://bugs.launchpad.net/keystone/+bug/1951632\u003e`_]"},{"line_number":5,"context_line":"      Support has been added for deploying `service` role during the bootstrap"},{"line_number":6,"context_line":"      process in addition to the `admin`, `member` and `reader` role."},{"line_number":7,"context_line":"upgrades:"},{"line_number":8,"context_line":"  - |"},{"line_number":9,"context_line":"      If the bootstrap process is re-run, and a `service` role already exists,"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"95ff1a35_de4f0961","line":6,"range":{"start_line":5,"start_character":0,"end_line":6,"end_character":69},"in_reply_to":"32304e83_271e0519","updated":"2023-03-27 06:44:07.000000000","message":"Done","commit_id":"3dc0625633e8b6fd71979986793cc41581f2b6b0"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"810a7b19775e15d666304b96f050eb0f0c553472","unresolved":true,"context_lines":[{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"      [`bug 1951632 \u003chttps://bugs.launchpad.net/keystone/+bug/1951632\u003e`_]"},{"line_number":5,"context_line":"      ``Support has been added for deploying `service` role during the bootstrap"},{"line_number":6,"context_line":"      process in addition to the `admin`, `member` and `reader` role.``"},{"line_number":7,"context_line":"upgrades:"},{"line_number":8,"context_line":"  - |"},{"line_number":9,"context_line":"      ``If the bootstrap process is re-run, and a `service` role already exists,"}],"source_content_type":"text/x-yaml","patch_set":7,"id":"8d602bb9_b5311d1b","line":6,"updated":"2023-08-04 09:49:11.000000000","message":"Formatting the whole note as fixed-width command (enclosed in ``) seems wrong.","commit_id":"d0eacc4729065c8e28b64e425cd89bf01b80517f"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"810a7b19775e15d666304b96f050eb0f0c553472","unresolved":true,"context_lines":[{"line_number":4,"context_line":"      [`bug 1951632 \u003chttps://bugs.launchpad.net/keystone/+bug/1951632\u003e`_]"},{"line_number":5,"context_line":"      ``Support has been added for deploying `service` role during the bootstrap"},{"line_number":6,"context_line":"      process in addition to the `admin`, `member` and `reader` role.``"},{"line_number":7,"context_line":"upgrades:"},{"line_number":8,"context_line":"  - |"},{"line_number":9,"context_line":"      ``If the bootstrap process is re-run, and a `service` role already exists,"},{"line_number":10,"context_line":"      it does not recreate the `service` role. See"}],"source_content_type":"text/x-yaml","patch_set":7,"id":"550c211e_90986210","line":7,"updated":"2023-08-04 09:49:11.000000000","message":"this needs to be \"upgrade\", an \"upgrades\" section does not exist","commit_id":"d0eacc4729065c8e28b64e425cd89bf01b80517f"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"810a7b19775e15d666304b96f050eb0f0c553472","unresolved":true,"context_lines":[{"line_number":9,"context_line":"      ``If the bootstrap process is re-run, and a `service` role already exists,"},{"line_number":10,"context_line":"      it does not recreate the `service` role. See"},{"line_number":11,"context_line":"      [`bug 1951632 \u003chttps://bugs.launchpad.net/keystone/+bug/1951632\u003e`_]"},{"line_number":12,"context_line":"      for more details.``"}],"source_content_type":"text/x-yaml","patch_set":7,"id":"e1aa9389_9310fd5f","line":12,"updated":"2023-08-04 09:49:11.000000000","message":"Same note about formatting.\n\nShould also contain the note about checking for usage of existing service role.","commit_id":"d0eacc4729065c8e28b64e425cd89bf01b80517f"}]}