)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":17669,"name":"Doug Szumski","email":"doug@stackhpc.com","username":"DougSzumski"},"change_message_id":"55fa9378e14f2a6df5347a743c821d441b2372e2","unresolved":false,"context_lines":[{"line_number":9,"context_line":"Glance role can be configured to copy property"},{"line_number":10,"context_line":"protection policy file. Also glance-image-import.conf"},{"line_number":11,"context_line":"is copied when defined to allow configuration of"},{"line_number":12,"context_line":"glance interoperable image import."},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"Change-Id: I5106675da5228a5d7e630871f0882269603e6571"},{"line_number":15,"context_line":"Closes-Bug: #1889272"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":5,"id":"9f560f44_9aeab772","line":12,"updated":"2020-07-30 08:52:51.000000000","message":"Strictly speaking this could be split into two commits, but I won\u0027t block on it.","commit_id":"6b619785c43db45208d9bc7f03de94ef68219079"},{"author":{"_account_id":31806,"name":"Nikolaos Parasyris","email":"nik.parasyr@protonmail.com","username":"nikparasyr"},"change_message_id":"51866acf550a60299b3058867d10805046bedd98","unresolved":false,"context_lines":[{"line_number":9,"context_line":"Glance role can be configured to copy property"},{"line_number":10,"context_line":"protection policy file. Also glance-image-import.conf"},{"line_number":11,"context_line":"is copied when defined to allow configuration of"},{"line_number":12,"context_line":"glance interoperable image import."},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"Change-Id: I5106675da5228a5d7e630871f0882269603e6571"},{"line_number":15,"context_line":"Closes-Bug: #1889272"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":5,"id":"9f560f44_c5945447","line":12,"in_reply_to":"9f560f44_9aeab772","updated":"2020-07-30 09:47:01.000000000","message":"You are right. Since some of the other remarks will require changes, i\u0027ll split it into 2 commits one for the glance-image-import and one for the propert-protection","commit_id":"6b619785c43db45208d9bc7f03de94ef68219079"}],"ansible/roles/glance/tasks/config.yml":[{"author":{"_account_id":17669,"name":"Doug Szumski","email":"doug@stackhpc.com","username":"DougSzumski"},"change_message_id":"13addacac05f5c90f9232add0b15d7955c9ed2e9","unresolved":false,"context_lines":[{"line_number":44,"context_line":""},{"line_number":45,"context_line":"- name: Set glance image import"},{"line_number":46,"context_line":"  set_fact:"},{"line_number":47,"context_line":"    glance_image_import: \"{{ glance_image_import_file.stat.path | basename }}\""},{"line_number":48,"context_line":"  when:"},{"line_number":49,"context_line":"    - glance_image_import_file.stat.exists"},{"line_number":50,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":7,"id":"9f560f44_a001f73a","line":47,"range":{"start_line":47,"start_character":4,"end_line":47,"end_character":23},"updated":"2020-08-05 08:19:51.000000000","message":"nit: Could just be a bool now the contents aren\u0027t used. Same below.","commit_id":"d4f62af98caffc7311f4dd6030db625bcd2f8c73"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"ab5cc1d839f18b09f9b079ac8b2faeddde680727","unresolved":false,"context_lines":[{"line_number":35,"context_line":"  when:"},{"line_number":36,"context_line":"    - glance_policy.results"},{"line_number":37,"context_line":""},{"line_number":38,"context_line":"- name: Check if glance-image-import.conf exists"},{"line_number":39,"context_line":"  stat:"},{"line_number":40,"context_line":"    path: \"{{ node_custom_config }}/glance/glance-image-import.conf\""},{"line_number":41,"context_line":"  delegate_to: localhost"},{"line_number":42,"context_line":"  run_once: True"},{"line_number":43,"context_line":"  register: glance_image_import_file"},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"- name: Set glance image import"},{"line_number":46,"context_line":"  set_fact:"},{"line_number":47,"context_line":"    glance_image_import: \"{{ glance_image_import_file.stat.exists }}\""},{"line_number":48,"context_line":"  when:"},{"line_number":49,"context_line":"    - glance_image_import_file.stat.exists"},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"- name: Check if property-protections-rules.conf exists"},{"line_number":52,"context_line":"  stat:"},{"line_number":53,"context_line":"    path: \"{{ node_custom_config }}/glance/property-protections-rules.conf\""},{"line_number":54,"context_line":"  delegate_to: localhost"},{"line_number":55,"context_line":"  run_once: True"},{"line_number":56,"context_line":"  register: glance_property_protection_file"},{"line_number":57,"context_line":""},{"line_number":58,"context_line":"- name: Set glance property protection"},{"line_number":59,"context_line":"  set_fact:"},{"line_number":60,"context_line":"    glance_property_protection: \"{{ glance_property_protection_file.stat.exists }}\""},{"line_number":61,"context_line":"  when:"},{"line_number":62,"context_line":"    - glance_property_protection_file.stat.exists"},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"- include_tasks: copy-certs.yml"},{"line_number":65,"context_line":"  when:"}],"source_content_type":"text/x-yaml","patch_set":8,"id":"9f560f44_be80ef47","line":62,"range":{"start_line":38,"start_character":0,"end_line":62,"end_character":49},"updated":"2020-08-05 13:52:08.000000000","message":"just allow the user to set it via globals instead of looking for those files on each reconfigure run? performance wise I don\u0027t think the current solution is a good idea.","commit_id":"42738473d2c6a2e4260c8f2730b285fcaee3970a"},{"author":{"_account_id":31806,"name":"Nikolaos Parasyris","email":"nik.parasyr@protonmail.com","username":"nikparasyr"},"change_message_id":"8e023be94877e29ab9ce0fb3ff302feec1fe6b34","unresolved":false,"context_lines":[{"line_number":35,"context_line":"  when:"},{"line_number":36,"context_line":"    - glance_policy.results"},{"line_number":37,"context_line":""},{"line_number":38,"context_line":"- name: Check if glance-image-import.conf exists"},{"line_number":39,"context_line":"  stat:"},{"line_number":40,"context_line":"    path: \"{{ node_custom_config }}/glance/glance-image-import.conf\""},{"line_number":41,"context_line":"  delegate_to: localhost"},{"line_number":42,"context_line":"  run_once: True"},{"line_number":43,"context_line":"  register: glance_image_import_file"},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"- name: Set glance image import"},{"line_number":46,"context_line":"  set_fact:"},{"line_number":47,"context_line":"    glance_image_import: \"{{ glance_image_import_file.stat.exists }}\""},{"line_number":48,"context_line":"  when:"},{"line_number":49,"context_line":"    - glance_image_import_file.stat.exists"},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"- name: Check if property-protections-rules.conf exists"},{"line_number":52,"context_line":"  stat:"},{"line_number":53,"context_line":"    path: \"{{ node_custom_config }}/glance/property-protections-rules.conf\""},{"line_number":54,"context_line":"  delegate_to: localhost"},{"line_number":55,"context_line":"  run_once: True"},{"line_number":56,"context_line":"  register: glance_property_protection_file"},{"line_number":57,"context_line":""},{"line_number":58,"context_line":"- name: Set glance property protection"},{"line_number":59,"context_line":"  set_fact:"},{"line_number":60,"context_line":"    glance_property_protection: \"{{ glance_property_protection_file.stat.exists }}\""},{"line_number":61,"context_line":"  when:"},{"line_number":62,"context_line":"    - glance_property_protection_file.stat.exists"},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"- include_tasks: copy-certs.yml"},{"line_number":65,"context_line":"  when:"}],"source_content_type":"text/x-yaml","patch_set":8,"id":"9f560f44_84f15e6e","line":62,"range":{"start_line":38,"start_character":0,"end_line":62,"end_character":49},"in_reply_to":"9f560f44_be80ef47","updated":"2020-08-05 15:35:44.000000000","message":"Ok. sounds good. I\u0027ll implement it as a simple yes/no flag and expect the \"hardcoded\" file to be there when enabled. This will make all these steps unnecessary. Thanks :)","commit_id":"42738473d2c6a2e4260c8f2730b285fcaee3970a"}],"ansible/roles/glance/templates/glance-api.conf.j2":[{"author":{"_account_id":17669,"name":"Doug Szumski","email":"doug@stackhpc.com","username":"DougSzumski"},"change_message_id":"55fa9378e14f2a6df5347a743c821d441b2372e2","unresolved":false,"context_lines":[{"line_number":22,"context_line":"{% endif %}"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"{% if glance_enable_property_protection | bool %}"},{"line_number":25,"context_line":"property_protection_file\u003d/etc/glance/{{ glance_property_protection_file }}"},{"line_number":26,"context_line":"property_protection_rule_format\u003d{{ glance_property_protection_rule_format }}"},{"line_number":27,"context_line":"{% endif %}"},{"line_number":28,"context_line":""}],"source_content_type":"text/x-jinja2","patch_set":5,"id":"9f560f44_3a2e0bfa","line":25,"range":{"start_line":25,"start_character":25,"end_line":25,"end_character":74},"updated":"2020-07-30 08:52:51.000000000","message":"Could we make this automatic so if a file is found, we set this, and otherwise it defaults to None?","commit_id":"6b619785c43db45208d9bc7f03de94ef68219079"},{"author":{"_account_id":17669,"name":"Doug Szumski","email":"doug@stackhpc.com","username":"DougSzumski"},"change_message_id":"55fa9378e14f2a6df5347a743c821d441b2372e2","unresolved":false,"context_lines":[{"line_number":23,"context_line":""},{"line_number":24,"context_line":"{% if glance_enable_property_protection | bool %}"},{"line_number":25,"context_line":"property_protection_file\u003d/etc/glance/{{ glance_property_protection_file }}"},{"line_number":26,"context_line":"property_protection_rule_format\u003d{{ glance_property_protection_rule_format }}"},{"line_number":27,"context_line":"{% endif %}"},{"line_number":28,"context_line":""},{"line_number":29,"context_line":"cinder_catalog_info \u003d volume:cinder:internalURL"}],"source_content_type":"text/x-jinja2","patch_set":5,"id":"9f560f44_9ae757e5","line":26,"range":{"start_line":26,"start_character":0,"end_line":26,"end_character":76},"updated":"2020-07-30 08:52:51.000000000","message":"Following the Kolla philosophy we could remove this and leave it as the default of \u0027roles\u0027. Then if someone wants to change it to policies, they can do it via a configuration override.","commit_id":"6b619785c43db45208d9bc7f03de94ef68219079"},{"author":{"_account_id":31806,"name":"Nikolaos Parasyris","email":"nik.parasyr@protonmail.com","username":"nikparasyr"},"change_message_id":"51866acf550a60299b3058867d10805046bedd98","unresolved":false,"context_lines":[{"line_number":23,"context_line":""},{"line_number":24,"context_line":"{% if glance_enable_property_protection | bool %}"},{"line_number":25,"context_line":"property_protection_file\u003d/etc/glance/{{ glance_property_protection_file }}"},{"line_number":26,"context_line":"property_protection_rule_format\u003d{{ glance_property_protection_rule_format }}"},{"line_number":27,"context_line":"{% endif %}"},{"line_number":28,"context_line":""},{"line_number":29,"context_line":"cinder_catalog_info \u003d volume:cinder:internalURL"}],"source_content_type":"text/x-jinja2","patch_set":5,"id":"9f560f44_05c64c49","line":26,"range":{"start_line":26,"start_character":0,"end_line":26,"end_character":76},"in_reply_to":"9f560f44_9ae757e5","updated":"2020-07-30 09:47:01.000000000","message":"Good point. This will lower the configuration options as well","commit_id":"6b619785c43db45208d9bc7f03de94ef68219079"},{"author":{"_account_id":17669,"name":"Doug Szumski","email":"doug@stackhpc.com","username":"DougSzumski"},"change_message_id":"13addacac05f5c90f9232add0b15d7955c9ed2e9","unresolved":false,"context_lines":[{"line_number":23,"context_line":""},{"line_number":24,"context_line":"{% if glance_property_protection is defined %}"},{"line_number":25,"context_line":"property_protection_file\u003d/etc/glance/property-protections-rules.conf"},{"line_number":26,"context_line":"property_protection_rule_format\u003droles"},{"line_number":27,"context_line":"{% endif %}"},{"line_number":28,"context_line":""},{"line_number":29,"context_line":"cinder_catalog_info \u003d volume:cinder:internalURL"}],"source_content_type":"text/x-jinja2","patch_set":7,"id":"9f560f44_e0700f0b","line":26,"range":{"start_line":26,"start_character":0,"end_line":26,"end_character":37},"updated":"2020-08-05 08:19:51.000000000","message":"nit: We generally don\u0027t set options to their default so we could just remove this.","commit_id":"d4f62af98caffc7311f4dd6030db625bcd2f8c73"},{"author":{"_account_id":31806,"name":"Nikolaos Parasyris","email":"nik.parasyr@protonmail.com","username":"nikparasyr"},"change_message_id":"a21775c1b7b31e9691d1d2c39453c6178888a8d3","unresolved":false,"context_lines":[{"line_number":23,"context_line":""},{"line_number":24,"context_line":"{% if glance_property_protection is defined %}"},{"line_number":25,"context_line":"property_protection_file\u003d/etc/glance/property-protections-rules.conf"},{"line_number":26,"context_line":"property_protection_rule_format\u003droles"},{"line_number":27,"context_line":"{% endif %}"},{"line_number":28,"context_line":""},{"line_number":29,"context_line":"cinder_catalog_info \u003d volume:cinder:internalURL"}],"source_content_type":"text/x-jinja2","patch_set":7,"id":"9f560f44_95322e0f","line":26,"range":{"start_line":26,"start_character":0,"end_line":26,"end_character":37},"in_reply_to":"9f560f44_e0700f0b","updated":"2020-08-05 12:03:54.000000000","message":"I fixed both remarks in patch set 8. nit but why not :)\nThanks for your remarks","commit_id":"d4f62af98caffc7311f4dd6030db625bcd2f8c73"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"ab5cc1d839f18b09f9b079ac8b2faeddde680727","unresolved":false,"context_lines":[{"line_number":22,"context_line":"{% endif %}"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"{% if glance_property_protection is defined %}"},{"line_number":25,"context_line":"property_protection_file\u003d/etc/glance/property-protections-rules.conf"},{"line_number":26,"context_line":"{% endif %}"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"cinder_catalog_info \u003d volume:cinder:internalURL"}],"source_content_type":"text/x-jinja2","patch_set":8,"id":"9f560f44_3e45ff43","line":25,"range":{"start_line":25,"start_character":24,"end_line":25,"end_character":25},"updated":"2020-08-05 13:52:08.000000000","message":"spaces?","commit_id":"42738473d2c6a2e4260c8f2730b285fcaee3970a"},{"author":{"_account_id":31806,"name":"Nikolaos Parasyris","email":"nik.parasyr@protonmail.com","username":"nikparasyr"},"change_message_id":"8e023be94877e29ab9ce0fb3ff302feec1fe6b34","unresolved":false,"context_lines":[{"line_number":22,"context_line":"{% endif %}"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"{% if glance_property_protection is defined %}"},{"line_number":25,"context_line":"property_protection_file\u003d/etc/glance/property-protections-rules.conf"},{"line_number":26,"context_line":"{% endif %}"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"cinder_catalog_info \u003d volume:cinder:internalURL"}],"source_content_type":"text/x-jinja2","patch_set":8,"id":"9f560f44_c4e7d6ab","line":25,"range":{"start_line":25,"start_character":24,"end_line":25,"end_character":25},"in_reply_to":"9f560f44_3e45ff43","updated":"2020-08-05 15:35:44.000000000","message":"will fix :)","commit_id":"42738473d2c6a2e4260c8f2730b285fcaee3970a"}],"ansible/roles/glance/templates/glance-api.json.j2":[{"author":{"_account_id":17669,"name":"Doug Szumski","email":"doug@stackhpc.com","username":"DougSzumski"},"change_message_id":"55fa9378e14f2a6df5347a743c821d441b2372e2","unresolved":false,"context_lines":[{"line_number":1,"context_line":"{"},{"line_number":2,"context_line":"    {% if glance_image_import is defined %}"},{"line_number":3,"context_line":"    \"command\": \"glance-api --config-dir /etc/glance\","},{"line_number":4,"context_line":"    {% else %}"},{"line_number":5,"context_line":"    \"command\": \"glance-api\","},{"line_number":6,"context_line":"    {% endif %}"}],"source_content_type":"text/x-jinja2","patch_set":5,"id":"9f560f44_fadf73d3","line":3,"updated":"2020-07-30 08:52:51.000000000","message":"It looks like you still need to specify the config directory if glance_image_import is not defined, but property_protection is?\n\nI suppose we could just set it always, or it looks like `\u0027/etc/glance/glance.conf.d/\u0027` might work by default?\n\nhttps://docs.openstack.org/oslo.config/latest/configuration/options.html#DEFAULT.config_dir","commit_id":"6b619785c43db45208d9bc7f03de94ef68219079"},{"author":{"_account_id":31806,"name":"Nikolaos Parasyris","email":"nik.parasyr@protonmail.com","username":"nikparasyr"},"change_message_id":"51866acf550a60299b3058867d10805046bedd98","unresolved":false,"context_lines":[{"line_number":1,"context_line":"{"},{"line_number":2,"context_line":"    {% if glance_image_import is defined %}"},{"line_number":3,"context_line":"    \"command\": \"glance-api --config-dir /etc/glance\","},{"line_number":4,"context_line":"    {% else %}"},{"line_number":5,"context_line":"    \"command\": \"glance-api\","},{"line_number":6,"context_line":"    {% endif %}"}],"source_content_type":"text/x-jinja2","patch_set":5,"id":"9f560f44_a59de058","line":3,"in_reply_to":"9f560f44_fadf73d3","updated":"2020-07-30 09:47:01.000000000","message":"This is due to this issue after discussing it with glance ppl: https://bugs.launchpad.net/glance/+bug/1775782.\n\nfor property_protection it is not required as you define the file location in glace-api.conf and therefore it is picked up. For the glance_image_import that wasn\u0027t the case. I will change to copy it into `/etc/glance/glance.conf.d/` to see if it automatically picks it up without specifying the config_dir. Otherwise I will set it always.","commit_id":"6b619785c43db45208d9bc7f03de94ef68219079"}],"doc/source/reference/shared-services/glance-guide.rst":[{"author":{"_account_id":17669,"name":"Doug Szumski","email":"doug@stackhpc.com","username":"DougSzumski"},"change_message_id":"55fa9378e14f2a6df5347a743c821d441b2372e2","unresolved":false,"context_lines":[{"line_number":156,"context_line":".. code-block:: yaml"},{"line_number":157,"context_line":""},{"line_number":158,"context_line":"   glance_enable_property_protection: \"yes\""},{"line_number":159,"context_line":"   glance_property_protection_file: \"property-protections-roles.conf\""},{"line_number":160,"context_line":"   glance_property_protection_rule_format: \"roles\""},{"line_number":161,"context_line":""},{"line_number":162,"context_line":"The ``glance_property_protection_file`` needs to be defined under"}],"source_content_type":"text/x-rst","patch_set":5,"id":"9f560f44_da5f0f3f","line":159,"updated":"2020-07-30 08:52:51.000000000","message":"I think it would be reasonable to hard code the name of this, and then if it exists we can automatically enable this feature. That way there is less configuration for the user.","commit_id":"6b619785c43db45208d9bc7f03de94ef68219079"},{"author":{"_account_id":31806,"name":"Nikolaos Parasyris","email":"nik.parasyr@protonmail.com","username":"nikparasyr"},"change_message_id":"51866acf550a60299b3058867d10805046bedd98","unresolved":false,"context_lines":[{"line_number":156,"context_line":".. code-block:: yaml"},{"line_number":157,"context_line":""},{"line_number":158,"context_line":"   glance_enable_property_protection: \"yes\""},{"line_number":159,"context_line":"   glance_property_protection_file: \"property-protections-roles.conf\""},{"line_number":160,"context_line":"   glance_property_protection_rule_format: \"roles\""},{"line_number":161,"context_line":""},{"line_number":162,"context_line":"The ``glance_property_protection_file`` needs to be defined under"}],"source_content_type":"text/x-rst","patch_set":5,"id":"9f560f44_e571980e","line":159,"in_reply_to":"9f560f44_da5f0f3f","updated":"2020-07-30 09:47:01.000000000","message":"The reason why i went with this approach (which generates more config options) is that on glance level you specify the filename to use for property_protections, therefore i implemented it in a way to give this option to k-a users.\n\nWe could change that and say that the file is always property-protections.conf. If defined then it will be copied and glance-api.conf configured accordingly. This will remove all configuration options.\n\nI will change it to have this approach. And also work on the other remarks. Thanks :)","commit_id":"6b619785c43db45208d9bc7f03de94ef68219079"}],"releasenotes/notes/bug-1889272-c929d21a94d657fa.yaml":[{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"ce46b9598a9736d821c15aab4342bcc3932bc2d5","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"fixes:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Fixes glance role to add extra config file for image property protection"},{"line_number":5,"context_line":"    and interoperable image import"},{"line_number":6,"context_line":"    `LP#1889272 \u003chttps://launchpad.net/bugs/1889272\u003e`__"}],"source_content_type":"text/x-yaml","patch_set":8,"id":"9f560f44_3e4fbf34","line":4,"range":{"start_line":4,"start_character":4,"end_line":4,"end_character":9},"updated":"2020-08-05 13:54:24.000000000","message":"adds functionality, remember you\u0027re referring to a Wishlist bug - it won\u0027t be back ported most probably.","commit_id":"42738473d2c6a2e4260c8f2730b285fcaee3970a"},{"author":{"_account_id":31806,"name":"Nikolaos Parasyris","email":"nik.parasyr@protonmail.com","username":"nikparasyr"},"change_message_id":"8e023be94877e29ab9ce0fb3ff302feec1fe6b34","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"fixes:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Fixes glance role to add extra config file for image property protection"},{"line_number":5,"context_line":"    and interoperable image import"},{"line_number":6,"context_line":"    `LP#1889272 \u003chttps://launchpad.net/bugs/1889272\u003e`__"}],"source_content_type":"text/x-yaml","patch_set":8,"id":"9f560f44_649b6a17","line":4,"range":{"start_line":4,"start_character":4,"end_line":4,"end_character":9},"in_reply_to":"9f560f44_3e4fbf34","updated":"2020-08-05 15:35:44.000000000","message":"True. This was opened as a bug while probably it should have been a mini blueprint. will add this as well","commit_id":"42738473d2c6a2e4260c8f2730b285fcaee3970a"}]}