)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"714af2f24335e5e149df150671996853fee978ec","unresolved":false,"context_lines":[{"line_number":4,"context_line":"Commit:     Hang Yang \u003changyang@verizonmedia.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2019-06-10 16:50:33 -0700"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Fix Neutron reference policy for port update"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"To allow non-admin to update port in shared network with fixed_ips by"},{"line_number":10,"context_line":"specifying subnet_id, the root rule for update_port should also allow"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"9fb8cfa7_b6a8fa1f","line":7,"range":{"start_line":7,"start_character":0,"end_line":7,"end_character":3},"updated":"2019-06-11 08:35:59.000000000","message":"I do not see where is the actual code to fix the bug, it\u0027s just a new unit test case. IMO, you need to update this file:\nhttps://github.com/openstack/neutron/blob/master/neutron/conf/policies/port.py","commit_id":"311ce0711e401854d3de11b163b6b38a0f9d90bb"},{"author":{"_account_id":28159,"name":"Hang Yang","email":"hangyang@yahooinc.com","username":"hangyang"},"change_message_id":"e8973d4e0247df508ace7e70a9eba1fd55552211","unresolved":false,"context_lines":[{"line_number":4,"context_line":"Commit:     Hang Yang \u003changyang@verizonmedia.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2019-06-10 16:50:33 -0700"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Fix Neutron reference policy for port update"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"To allow non-admin to update port in shared network with fixed_ips by"},{"line_number":10,"context_line":"specifying subnet_id, the root rule for update_port should also allow"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"9fb8cfa7_b44ea06c","line":7,"range":{"start_line":7,"start_character":0,"end_line":7,"end_character":3},"in_reply_to":"9fb8cfa7_b6a8fa1f","updated":"2019-06-12 00:49:22.000000000","message":"Done","commit_id":"311ce0711e401854d3de11b163b6b38a0f9d90bb"}],"neutron/conf/policies/port.py":[{"author":{"_account_id":4187,"name":"Ryan Tidwell","email":"rtidwell@suse.com","username":"ryan-tidwell"},"change_message_id":"70c2b3735f8ab8c7c5e66314c1bc13b99b0b882b","unresolved":false,"context_lines":[{"line_number":200,"context_line":"        \u0027update_port:fixed_ips\u0027,"},{"line_number":201,"context_line":"        base.policy_or(base.RULE_ADVSVC,"},{"line_number":202,"context_line":"                       base.RULE_ADMIN_OR_NET_OWNER,"},{"line_number":203,"context_line":"                       \u0027rule:shared\u0027),"},{"line_number":204,"context_line":"        \u0027Specify ``fixed_ips`` information when updating a port\u0027,"},{"line_number":205,"context_line":"        ACTION_PUT"},{"line_number":206,"context_line":"    ),"}],"source_content_type":"text/x-python","patch_set":3,"id":"9fb8cfa7_337ce181","line":203,"range":{"start_line":203,"start_character":23,"end_line":203,"end_character":36},"updated":"2019-06-13 16:26:04.000000000","message":"Super-tiny-nit: If we re-spin another patch set can we make this a constant in neutron/conf/policies/base.py ?","commit_id":"4f53c6f09db9c5e4ff8e235cb5f26498e6720c36"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"c1702c9c2ee17b13df8a940838dd62fa9300fad3","unresolved":false,"context_lines":[{"line_number":208,"context_line":"        \u0027update_port:fixed_ips:ip_address\u0027,"},{"line_number":209,"context_line":"        base.policy_or(base.RULE_ADVSVC,"},{"line_number":210,"context_line":"                       base.RULE_ADMIN_OR_NET_OWNER,"},{"line_number":211,"context_line":"                       base.RULE_SHARED),"},{"line_number":212,"context_line":"        \u0027Specify IP address in ``fixed_ips`` information when updating a port\u0027,"},{"line_number":213,"context_line":"        ACTION_PUT"},{"line_number":214,"context_line":"    ),"}],"source_content_type":"text/x-python","patch_set":6,"id":"9fb8cfa7_d692ea58","line":211,"updated":"2019-06-17 08:06:07.000000000","message":"why You allow to change IP address on shared network? It isn\u0027t allowed by default on port create so this is kind of inconsistency and with this setting user will be not able to explicitly choose IP address for port created on shared network but will then be able to update his port and choose any IP address he will want to.\nIMO it shouldn\u0027t be like that.","commit_id":"fa32d44b6a7d6f666bc757beed8809ef625e887c"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"f3112dea03af432ac1c6b595c3170d666cf622bd","unresolved":false,"context_lines":[{"line_number":208,"context_line":"        \u0027update_port:fixed_ips:ip_address\u0027,"},{"line_number":209,"context_line":"        base.policy_or(base.RULE_ADVSVC,"},{"line_number":210,"context_line":"                       base.RULE_ADMIN_OR_NET_OWNER,"},{"line_number":211,"context_line":"                       base.RULE_SHARED),"},{"line_number":212,"context_line":"        \u0027Specify IP address in ``fixed_ips`` information when updating a port\u0027,"},{"line_number":213,"context_line":"        ACTION_PUT"},{"line_number":214,"context_line":"    ),"}],"source_content_type":"text/x-python","patch_set":6,"id":"9fb8cfa7_83595636","line":211,"in_reply_to":"9fb8cfa7_43efe3e8","updated":"2019-06-19 23:21:46.000000000","message":"Changing current default behaviour of policy sounds for me like an RFE which should be discussed by drivers team.","commit_id":"fa32d44b6a7d6f666bc757beed8809ef625e887c"},{"author":{"_account_id":28159,"name":"Hang Yang","email":"hangyang@yahooinc.com","username":"hangyang"},"change_message_id":"6f980765f1f6557cb58041e7536aa08d794d7697","unresolved":false,"context_lines":[{"line_number":208,"context_line":"        \u0027update_port:fixed_ips:ip_address\u0027,"},{"line_number":209,"context_line":"        base.policy_or(base.RULE_ADVSVC,"},{"line_number":210,"context_line":"                       base.RULE_ADMIN_OR_NET_OWNER,"},{"line_number":211,"context_line":"                       base.RULE_SHARED),"},{"line_number":212,"context_line":"        \u0027Specify IP address in ``fixed_ips`` information when updating a port\u0027,"},{"line_number":213,"context_line":"        ACTION_PUT"},{"line_number":214,"context_line":"    ),"}],"source_content_type":"text/x-python","patch_set":6,"id":"9fb8cfa7_43efe3e8","line":211,"in_reply_to":"9fb8cfa7_d692ea58","updated":"2019-06-19 19:28:28.000000000","message":"The original intention is to allow user to add additional ip address to the port when the port is already associated with other ips. I\u0027m not sure why we chose to not allow user to create port with specific ip, maybe we can allow that as well to make it consistent? We can address that in a different patch.","commit_id":"fa32d44b6a7d6f666bc757beed8809ef625e887c"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"c1702c9c2ee17b13df8a940838dd62fa9300fad3","unresolved":false,"context_lines":[{"line_number":216,"context_line":"        \u0027update_port:fixed_ips:subnet_id\u0027,"},{"line_number":217,"context_line":"        base.policy_or(base.RULE_ADVSVC,"},{"line_number":218,"context_line":"                       base.RULE_ADMIN_OR_NET_OWNER,"},{"line_number":219,"context_line":"                       \u0027rule:shared\u0027),"},{"line_number":220,"context_line":"        \u0027Specify subnet ID in ``fixed_ips`` information when updating a port\u0027,"},{"line_number":221,"context_line":"        ACTION_PUT"},{"line_number":222,"context_line":"    ),"}],"source_content_type":"text/x-python","patch_set":6,"id":"9fb8cfa7_b6173646","line":219,"range":{"start_line":219,"start_character":23,"end_line":219,"end_character":36},"updated":"2019-06-17 08:06:07.000000000","message":"so if You proposed constant for \"rule:shared\", maybe You can reuse it in other places? But that can be also done in follow up patch if You want","commit_id":"fa32d44b6a7d6f666bc757beed8809ef625e887c"},{"author":{"_account_id":28159,"name":"Hang Yang","email":"hangyang@yahooinc.com","username":"hangyang"},"change_message_id":"6f980765f1f6557cb58041e7536aa08d794d7697","unresolved":false,"context_lines":[{"line_number":216,"context_line":"        \u0027update_port:fixed_ips:subnet_id\u0027,"},{"line_number":217,"context_line":"        base.policy_or(base.RULE_ADVSVC,"},{"line_number":218,"context_line":"                       base.RULE_ADMIN_OR_NET_OWNER,"},{"line_number":219,"context_line":"                       \u0027rule:shared\u0027),"},{"line_number":220,"context_line":"        \u0027Specify subnet ID in ``fixed_ips`` information when updating a port\u0027,"},{"line_number":221,"context_line":"        ACTION_PUT"},{"line_number":222,"context_line":"    ),"}],"source_content_type":"text/x-python","patch_set":6,"id":"9fb8cfa7_63ec67f3","line":219,"range":{"start_line":219,"start_character":23,"end_line":219,"end_character":36},"in_reply_to":"9fb8cfa7_b6173646","updated":"2019-06-19 19:28:28.000000000","message":"Done","commit_id":"fa32d44b6a7d6f666bc757beed8809ef625e887c"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"5b5743fb473d24dd4380ce6bd0114e80d1f2a8ae","unresolved":false,"context_lines":[{"line_number":208,"context_line":"        \u0027update_port:fixed_ips:ip_address\u0027,"},{"line_number":209,"context_line":"        base.policy_or(base.RULE_ADVSVC,"},{"line_number":210,"context_line":"                       base.RULE_ADMIN_OR_NET_OWNER,"},{"line_number":211,"context_line":"                       base.RULE_SHARED),"},{"line_number":212,"context_line":"        \u0027Specify IP address in ``fixed_ips`` information when updating a port\u0027,"},{"line_number":213,"context_line":"        ACTION_PUT"},{"line_number":214,"context_line":"    ),"}],"source_content_type":"text/x-python","patch_set":7,"id":"9fb8cfa7_becb2448","line":211,"updated":"2019-06-22 09:56:13.000000000","message":"but this will allow also to change IP address to any other IP which user wants. So imagine the case:\n\n1. User wants to create port in shared network (he isn\u0027t owner of this network) and choose some specific IP address, this is forbidden by policy now, user can only choose subnet from which IP will be chosen,\n2. So user creates port with any IP address choosen by neutron,\n3. User sends request to update port like:\n\n    neutron port-update \u003cport_id\u003e --fixed_ip subnet\u003d\u003csubnet_id\u003e,ip_address\u003d\u003cIP.WHICH.USER.WANTS\u003e\n\nand his port has got only this new IP address from now.\nI don\u0027t think this is good behaviour.","commit_id":"e5c6ca97619fda055f3ce54f2b002189d49e175e"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"d1ee5d4174b92b644f9ffba4fe3046dd8cc5f069","unresolved":false,"context_lines":[{"line_number":208,"context_line":"        \u0027update_port:fixed_ips:ip_address\u0027,"},{"line_number":209,"context_line":"        base.policy_or(base.RULE_ADVSVC,"},{"line_number":210,"context_line":"                       base.RULE_ADMIN_OR_NET_OWNER,"},{"line_number":211,"context_line":"                       base.RULE_SHARED),"},{"line_number":212,"context_line":"        \u0027Specify IP address in ``fixed_ips`` information when updating a port\u0027,"},{"line_number":213,"context_line":"        ACTION_PUT"},{"line_number":214,"context_line":"    ),"}],"source_content_type":"text/x-python","patch_set":7,"id":"9fb8cfa7_bf7aef20","line":211,"in_reply_to":"9fb8cfa7_becb2448","updated":"2019-06-27 14:49:12.000000000","message":"I\u0027m not sure your main concern here, we have following restriction now?\nNew IP is not in the subnet CIDR, not allowed.\nIP is used by another port, not allowed.\nSo, it\u0027s ok for user to input any IP address, neutron will reject the invalid request.\n\n\nAnd if user wants to remain the old IP of the port, just run like this:\nopenstack port set\n--fixed-ip subnet\u003d\u003csubnet\u003e,ip_address\u003d\u003coriginal_IP_address\u003e --fixed-ip subnet\u003d\u003csubnet\u003e,ip_address\u003d\u003cnew_IP_address\u003e \u003cport\u003e","commit_id":"e5c6ca97619fda055f3ce54f2b002189d49e175e"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"0c1ca96655616455b4bc6388eff64bf14066859b","unresolved":false,"context_lines":[{"line_number":208,"context_line":"        \u0027update_port:fixed_ips:ip_address\u0027,"},{"line_number":209,"context_line":"        base.policy_or(base.RULE_ADVSVC,"},{"line_number":210,"context_line":"                       base.RULE_ADMIN_OR_NET_OWNER,"},{"line_number":211,"context_line":"                       base.RULE_SHARED),"},{"line_number":212,"context_line":"        \u0027Specify IP address in ``fixed_ips`` information when updating a port\u0027,"},{"line_number":213,"context_line":"        ACTION_PUT"},{"line_number":214,"context_line":"    ),"}],"source_content_type":"text/x-python","patch_set":7,"id":"9fb8cfa7_57c94f23","line":211,"in_reply_to":"9fb8cfa7_bf7aef20","updated":"2019-06-28 06:41:57.000000000","message":"My main concern is about changing default behaviour just like that :)\nAnd currently default behaviour is that regular user can\u0027t choose IP address freely from shared network. He can choose subnet but not specify IP address.\nI know that neutron will not allow to pick already used IP but that\u0027s not the problem here.\n\nIMO if we want to change default policy, we should have RFE, discuss it and than change it in separate commit with release note and things like that.","commit_id":"e5c6ca97619fda055f3ce54f2b002189d49e175e"}],"neutron/tests/unit/test_policy.py":[{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"714af2f24335e5e149df150671996853fee978ec","unresolved":false,"context_lines":[{"line_number":391,"context_line":"        with mock.patch.object(directory.get_plugin(),"},{"line_number":392,"context_line":"                               \u0027get_network\u0027, new\u003dfakegetnetwork):"},{"line_number":393,"context_line":"            self._test_nonadmin_action_on_attr("},{"line_number":394,"context_line":"                \u0027update\u0027, \u0027port\u0027,"},{"line_number":395,"context_line":"                \u0027fixed_ips\u0027, [{\u0027subnet_id\u0027: \u0027test-subnet-id\u0027}],"},{"line_number":396,"context_line":"                **kwargs)"},{"line_number":397,"context_line":"            self._test_nonadmin_action_on_attr("}],"source_content_type":"text/x-python","patch_set":2,"id":"9fb8cfa7_56a17e45","line":394,"range":{"start_line":394,"start_character":17,"end_line":394,"end_character":23},"updated":"2019-06-11 08:35:59.000000000","message":"create port first, then update?","commit_id":"311ce0711e401854d3de11b163b6b38a0f9d90bb"},{"author":{"_account_id":28159,"name":"Hang Yang","email":"hangyang@yahooinc.com","username":"hangyang"},"change_message_id":"e8973d4e0247df508ace7e70a9eba1fd55552211","unresolved":false,"context_lines":[{"line_number":391,"context_line":"        with mock.patch.object(directory.get_plugin(),"},{"line_number":392,"context_line":"                               \u0027get_network\u0027, new\u003dfakegetnetwork):"},{"line_number":393,"context_line":"            self._test_nonadmin_action_on_attr("},{"line_number":394,"context_line":"                \u0027update\u0027, \u0027port\u0027,"},{"line_number":395,"context_line":"                \u0027fixed_ips\u0027, [{\u0027subnet_id\u0027: \u0027test-subnet-id\u0027}],"},{"line_number":396,"context_line":"                **kwargs)"},{"line_number":397,"context_line":"            self._test_nonadmin_action_on_attr("}],"source_content_type":"text/x-python","patch_set":2,"id":"9fb8cfa7_f447384b","line":394,"range":{"start_line":394,"start_character":17,"end_line":394,"end_character":23},"in_reply_to":"9fb8cfa7_56a17e45","updated":"2019-06-12 00:49:22.000000000","message":"Since we just check policy here, I don\u0027t think I need actually create a port, please see my updated patch","commit_id":"311ce0711e401854d3de11b163b6b38a0f9d90bb"}],"releasenotes/notes/fix-port-update-policy-5c5123734efa54fc.yaml":[{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"088958b0edea23f4c7495155872031da9ce23bc3","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"fixes:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Updated default policy rules to allow non-admin port owner to update port"},{"line_number":5,"context_line":"    in a shared network with fixed_ips when the port is already associated"},{"line_number":6,"context_line":"    with some ip addresses. For more information see bug"},{"line_number":7,"context_line":"    `1832278 \u003chttps://bugs.launchpad.net/neutron/+bug/1832278\u003e`_."},{"line_number":8,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":5,"id":"9fb8cfa7_f614db45","line":6,"range":{"start_line":4,"start_character":42,"end_line":6,"end_character":26},"updated":"2019-06-15 01:11:36.000000000","message":"s/\n\na non-admin port owner to update the fixed IPs of a port when it is already assigned other fixed IPs.\n\nI think that\u0027s a cleaner way of saying it, unless I\u0027m mis-understanding the bug.","commit_id":"eea8a5e6c1bbf131d4bcea66ca888bb8af2178ea"},{"author":{"_account_id":4694,"name":"Miguel Lavalle","email":"miguel@mlavalle.com","username":"minsel"},"change_message_id":"d32fa88782da7515bd2b7a37bcbb935ad96da321","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"fixes:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Updated default policy rules to allow non-admin port owner to update port"},{"line_number":5,"context_line":"    in a shared network with fixed_ips when the port is already associated"},{"line_number":6,"context_line":"    with some ip addresses. For more information see bug"},{"line_number":7,"context_line":"    `1832278 \u003chttps://bugs.launchpad.net/neutron/+bug/1832278\u003e`_."},{"line_number":8,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":5,"id":"9fb8cfa7_b6a98324","line":6,"range":{"start_line":4,"start_character":42,"end_line":6,"end_character":26},"in_reply_to":"9fb8cfa7_f614db45","updated":"2019-06-15 04:31:28.000000000","message":"mhhh. This suggestion misses the critical point that the port is in a shared network. I re-arranged your suggestion to include that point. Let\u0027s see if you like it","commit_id":"eea8a5e6c1bbf131d4bcea66ca888bb8af2178ea"}]}