)]}'
{"manila/policies/base.py":[{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"4f8786086db789597d5cacf6238688b6ad774620","unresolved":true,"context_lines":[{"line_number":23,"context_line":"DEPRECATED_CONTEXT_IS_ADMIN \u003d policy.DeprecatedRule("},{"line_number":24,"context_line":"    name\u003d\u0027context_is_admin\u0027,"},{"line_number":25,"context_line":"    check_str\u003d\u0027role:admin\u0027,"},{"line_number":26,"context_line":"    deprecated_reason\u003d\"Admin context is reserved for system scope operators\","},{"line_number":27,"context_line":"    deprecated_since\u003dversionutils.deprecated.WALLABY"},{"line_number":28,"context_line":")"},{"line_number":29,"context_line":""}],"source_content_type":"text/x-python","patch_set":3,"id":"a9decf75_1b3cf223","line":26,"range":{"start_line":26,"start_character":22,"end_line":26,"end_character":77},"updated":"2021-03-25 16:38:15.000000000","message":"nit: technically administrator context will still exist, it\u0027s just applied to different scopes to allow for more flexible access to APIs/resources.\n\nPerhaps:\n\n  The `context_is_admin` check is superceded by more specific\n  check strings that consume system and project scope attributes from\n  keystone tokens.","commit_id":"817bf4c3a877957389a95b86be55c2a208539fb2"},{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"b643652643a34dc868e201b5ad3862ae4acdb568","unresolved":false,"context_lines":[{"line_number":23,"context_line":"DEPRECATED_CONTEXT_IS_ADMIN \u003d policy.DeprecatedRule("},{"line_number":24,"context_line":"    name\u003d\u0027context_is_admin\u0027,"},{"line_number":25,"context_line":"    check_str\u003d\u0027role:admin\u0027,"},{"line_number":26,"context_line":"    deprecated_reason\u003d\"Admin context is reserved for system scope operators\","},{"line_number":27,"context_line":"    deprecated_since\u003dversionutils.deprecated.WALLABY"},{"line_number":28,"context_line":")"},{"line_number":29,"context_line":""}],"source_content_type":"text/x-python","patch_set":3,"id":"077c5fbb_9bb14adb","line":26,"range":{"start_line":26,"start_character":22,"end_line":26,"end_character":77},"in_reply_to":"3bb8e5be_b98ddecc","updated":"2021-03-25 18:09:34.000000000","message":"Done","commit_id":"817bf4c3a877957389a95b86be55c2a208539fb2"},{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"2cbb14246df3686af5a427d0769ab3d3e47a1f61","unresolved":true,"context_lines":[{"line_number":23,"context_line":"DEPRECATED_CONTEXT_IS_ADMIN \u003d policy.DeprecatedRule("},{"line_number":24,"context_line":"    name\u003d\u0027context_is_admin\u0027,"},{"line_number":25,"context_line":"    check_str\u003d\u0027role:admin\u0027,"},{"line_number":26,"context_line":"    deprecated_reason\u003d\"Admin context is reserved for system scope operators\","},{"line_number":27,"context_line":"    deprecated_since\u003dversionutils.deprecated.WALLABY"},{"line_number":28,"context_line":")"},{"line_number":29,"context_line":""}],"source_content_type":"text/x-python","patch_set":3,"id":"3bb8e5be_b98ddecc","line":26,"range":{"start_line":26,"start_character":22,"end_line":26,"end_character":77},"in_reply_to":"a9decf75_1b3cf223","updated":"2021-03-25 17:33:39.000000000","message":"ah true, that text sounds better","commit_id":"817bf4c3a877957389a95b86be55c2a208539fb2"}],"manila/policy.py":[{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"4f8786086db789597d5cacf6238688b6ad774620","unresolved":true,"context_lines":[{"line_number":209,"context_line":"        enforce(context, \u0027context_is_admin\u0027, target)"},{"line_number":210,"context_line":"    except exception.PolicyNotAuthorized:"},{"line_number":211,"context_line":"        return False"},{"line_number":212,"context_line":"    return True"},{"line_number":213,"context_line":""},{"line_number":214,"context_line":""},{"line_number":215,"context_line":"def wrap_check_policy(resource):"}],"source_content_type":"text/x-python","patch_set":3,"id":"e878a40c_b3475864","line":212,"updated":"2021-03-25 16:38:15.000000000","message":"We should only hit this case if `manila.conf [oslo_policy] enforce_new_defaults\u003dFalse` and `manila.conf [oslo_policy] enforce_scope\u003dFalse`, right?","commit_id":"817bf4c3a877957389a95b86be55c2a208539fb2"},{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"b643652643a34dc868e201b5ad3862ae4acdb568","unresolved":false,"context_lines":[{"line_number":209,"context_line":"        enforce(context, \u0027context_is_admin\u0027, target)"},{"line_number":210,"context_line":"    except exception.PolicyNotAuthorized:"},{"line_number":211,"context_line":"        return False"},{"line_number":212,"context_line":"    return True"},{"line_number":213,"context_line":""},{"line_number":214,"context_line":""},{"line_number":215,"context_line":"def wrap_check_policy(resource):"}],"source_content_type":"text/x-python","patch_set":3,"id":"fd398737_4fedc7c9","line":212,"in_reply_to":"a7a497c7_3a7b0e4a","updated":"2021-03-25 18:09:34.000000000","message":"Done","commit_id":"817bf4c3a877957389a95b86be55c2a208539fb2"},{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"2cbb14246df3686af5a427d0769ab3d3e47a1f61","unresolved":true,"context_lines":[{"line_number":209,"context_line":"        enforce(context, \u0027context_is_admin\u0027, target)"},{"line_number":210,"context_line":"    except exception.PolicyNotAuthorized:"},{"line_number":211,"context_line":"        return False"},{"line_number":212,"context_line":"    return True"},{"line_number":213,"context_line":""},{"line_number":214,"context_line":""},{"line_number":215,"context_line":"def wrap_check_policy(resource):"}],"source_content_type":"text/x-python","patch_set":3,"id":"a7a497c7_3a7b0e4a","line":212,"in_reply_to":"e878a40c_b3475864","updated":"2021-03-25 17:33:39.000000000","message":"yes, but this code is written generically now - but I broke my own guideline on https://review.opendev.org/c/openstack/manila/+/782904/3/manila/policy.py#72 😞\nWill fix this up","commit_id":"817bf4c3a877957389a95b86be55c2a208539fb2"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"5910422d8e4ac8404695fc9e40c789993cc7739a","unresolved":true,"context_lines":[{"line_number":210,"context_line":"    except Exception:"},{"line_number":211,"context_line":"        # Logging is handled in authorize for unexpected errors."},{"line_number":212,"context_line":"        return False"},{"line_number":213,"context_line":"    return True"},{"line_number":214,"context_line":""},{"line_number":215,"context_line":""},{"line_number":216,"context_line":"def wrap_check_policy(resource):"}],"source_content_type":"text/x-python","patch_set":4,"id":"5df92368_a75c7d7d","line":213,"range":{"start_line":213,"start_character":11,"end_line":213,"end_character":15},"updated":"2021-03-26 12:23:14.000000000","message":"I was wondering why we shouldn\u0027t just store the return value of authorize and use that here. This is always True because local authorize will always use do_raise, right?","commit_id":"9aff51cd8f0ad0521a1244b3dc814f7eff6d4fee"},{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"f93c43dcf30bbd601e96ce6c0afb0f604e30e3ff","unresolved":false,"context_lines":[{"line_number":210,"context_line":"    except Exception:"},{"line_number":211,"context_line":"        # Logging is handled in authorize for unexpected errors."},{"line_number":212,"context_line":"        return False"},{"line_number":213,"context_line":"    return True"},{"line_number":214,"context_line":""},{"line_number":215,"context_line":""},{"line_number":216,"context_line":"def wrap_check_policy(resource):"}],"source_content_type":"text/x-python","patch_set":4,"id":"7618ce2a_44cb5a83","line":213,"range":{"start_line":213,"start_character":11,"end_line":213,"end_character":15},"in_reply_to":"5df92368_a75c7d7d","updated":"2021-03-26 14:00:12.000000000","message":"That\u0027s right. I thought about doing that, and then realized oslo_policy ignores do_raise and gives me exceptions either way (just the InvalidScope one). But perhaps we should just handle that defensively in the authorize method here. Updated, thanks Lance!","commit_id":"9aff51cd8f0ad0521a1244b3dc814f7eff6d4fee"}]}
