)]}'
{"doc/source/admin/archives/auth.rst":[{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"29cd57f00af28b28d2c419da96242341a387a864","unresolved":true,"context_lines":[{"line_number":92,"context_line":""},{"line_number":93,"context_line":"   .. code-block:: none"},{"line_number":94,"context_line":""},{"line_number":95,"context_line":"      {"},{"line_number":96,"context_line":"       \"admin_or_owner\": \"role:admin\","},{"line_number":97,"context_line":"       \"tenant_id:%(tenant_id)s\","},{"line_number":98,"context_line":"       \"admin_or_network_owner\": \"role:admin\","},{"line_number":99,"context_line":"       \"tenant_id:%(network_tenant_id)s\","},{"line_number":100,"context_line":"       \"admin_only\": \"role:admin\","},{"line_number":101,"context_line":"       \"regular_user\": \"\","},{"line_number":102,"context_line":"       \"shared\":\"field:networks:shared\u003dTrue\","},{"line_number":103,"context_line":"       \"default\":"},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"-  The default policy that is always evaluated if an API operation does"},{"line_number":106,"context_line":"   not match any of the policies in ``policy.yaml``."}],"source_content_type":"text/x-rst","patch_set":11,"id":"47eec93b_30f8e01a","line":103,"range":{"start_line":95,"start_character":0,"end_line":103,"end_character":17},"updated":"2020-12-16 09:48:49.000000000","message":"shouldn\u0027t that example be also changed to yaml syntax?","commit_id":"14eae362f5c86ad74418571ac8ded2a5f60e96f4"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"77eb59c9c9b4c85468d682da75f536cbafc5000a","unresolved":true,"context_lines":[{"line_number":92,"context_line":""},{"line_number":93,"context_line":"   .. code-block:: none"},{"line_number":94,"context_line":""},{"line_number":95,"context_line":"      {"},{"line_number":96,"context_line":"       \"admin_or_owner\": \"role:admin\","},{"line_number":97,"context_line":"       \"tenant_id:%(tenant_id)s\","},{"line_number":98,"context_line":"       \"admin_or_network_owner\": \"role:admin\","},{"line_number":99,"context_line":"       \"tenant_id:%(network_tenant_id)s\","},{"line_number":100,"context_line":"       \"admin_only\": \"role:admin\","},{"line_number":101,"context_line":"       \"regular_user\": \"\","},{"line_number":102,"context_line":"       \"shared\":\"field:networks:shared\u003dTrue\","},{"line_number":103,"context_line":"       \"default\":"},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"-  The default policy that is always evaluated if an API operation does"},{"line_number":106,"context_line":"   not match any of the policies in ``policy.yaml``."}],"source_content_type":"text/x-rst","patch_set":11,"id":"8c84ec28_0c96dcc0","line":103,"range":{"start_line":95,"start_character":0,"end_line":103,"end_character":17},"in_reply_to":"47eec93b_30f8e01a","updated":"2020-12-16 16:07:31.000000000","message":"sure, done","commit_id":"14eae362f5c86ad74418571ac8ded2a5f60e96f4"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"29cd57f00af28b28d2c419da96242341a387a864","unresolved":true,"context_lines":[{"line_number":172,"context_line":"            \"get_port\": \"rule:admin_or_owner\","},{"line_number":173,"context_line":"            \"update_port\": \"rule:admin_only\","},{"line_number":174,"context_line":"            \"delete_port\": \"rule:admin_only\""},{"line_number":175,"context_line":"    }"}],"source_content_type":"text/x-rst","patch_set":11,"id":"889b347d_42c84b86","line":175,"updated":"2020-12-16 09:48:49.000000000","message":"and the same in all those other places as well","commit_id":"14eae362f5c86ad74418571ac8ded2a5f60e96f4"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"77eb59c9c9b4c85468d682da75f536cbafc5000a","unresolved":false,"context_lines":[{"line_number":172,"context_line":"            \"get_port\": \"rule:admin_or_owner\","},{"line_number":173,"context_line":"            \"update_port\": \"rule:admin_only\","},{"line_number":174,"context_line":"            \"delete_port\": \"rule:admin_only\""},{"line_number":175,"context_line":"    }"}],"source_content_type":"text/x-rst","patch_set":11,"id":"157d1fa3_307a7b19","line":175,"in_reply_to":"889b347d_42c84b86","updated":"2020-12-16 16:07:31.000000000","message":"Done","commit_id":"14eae362f5c86ad74418571ac8ded2a5f60e96f4"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"f6ce11ffe2fccac5aaf0b8d96f663caf5649255d","unresolved":true,"context_lines":[{"line_number":97,"context_line":"      \"admin_only\": \"role:admin\","},{"line_number":98,"context_line":"      \"regular_user\": \"\","},{"line_number":99,"context_line":"      \"shared\":\"field:networks:shared\u003dTrue\","},{"line_number":100,"context_line":"      \"default\": \"rule:admin_or_owner\","},{"line_number":101,"context_line":""},{"line_number":102,"context_line":"-  The default policy that is always evaluated if an API operation does"},{"line_number":103,"context_line":"   not match any of the policies in ``policy.yaml``."}],"source_content_type":"text/x-rst","patch_set":12,"id":"e20884ec_1f02336c","line":100,"updated":"2020-12-18 08:55:38.000000000","message":"this still isn\u0027t valid YAML :/\nThere are commas at the end which are causing problems but also this \"or\" in e.g. \u0027role:admin\u0027 OR \u0027tenant:_id:%(tenant_id)s\u0027 are not correct in YAML.","commit_id":"cbb55c504adf94d2b4e6bcff3d6064701e77d976"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"9d4cf058f06b73123b171ee979c0a451e11cdf23","unresolved":true,"context_lines":[{"line_number":97,"context_line":"      \"admin_only\": \"role:admin\","},{"line_number":98,"context_line":"      \"regular_user\": \"\","},{"line_number":99,"context_line":"      \"shared\":\"field:networks:shared\u003dTrue\","},{"line_number":100,"context_line":"      \"default\": \"rule:admin_or_owner\","},{"line_number":101,"context_line":""},{"line_number":102,"context_line":"-  The default policy that is always evaluated if an API operation does"},{"line_number":103,"context_line":"   not match any of the policies in ``policy.yaml``."}],"source_content_type":"text/x-rst","patch_set":12,"id":"8aa464dd_c810d3b0","line":100,"in_reply_to":"e20884ec_1f02336c","updated":"2020-12-20 02:09:55.000000000","message":"done. copied from generated yaml file this time","commit_id":"cbb55c504adf94d2b4e6bcff3d6064701e77d976"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"2455ce0b5998192719c5d18f2948afc4c0084465","unresolved":true,"context_lines":[{"line_number":118,"context_line":"       \"get_network\": \"rule:admin_or_owner or rule:shared\""},{"line_number":119,"context_line":"       \"create_network:shared\": \"rule:admin_only\""},{"line_number":120,"context_line":""},{"line_number":121,"context_line":"-  This policy restricts the ability to manipulate the *shared*"},{"line_number":122,"context_line":"   attribute for a network to administrators only."},{"line_number":123,"context_line":""},{"line_number":124,"context_line":"   .. code-block:: none"},{"line_number":125,"context_line":""}],"source_content_type":"text/x-rst","patch_set":14,"id":"c240c149_b6554867","line":122,"range":{"start_line":121,"start_character":3,"end_line":122,"end_character":50},"updated":"2021-01-08 09:36:04.000000000","message":"This explains L.119 above, so the code block below is not the right one.","commit_id":"fe413fe01dcafea2cf37522e4332b45b293f2dc6"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"bfd5f3cf217a6ff8f4cde2029c8ceb36fdbf903b","unresolved":true,"context_lines":[{"line_number":118,"context_line":"       \"get_network\": \"rule:admin_or_owner or rule:shared\""},{"line_number":119,"context_line":"       \"create_network:shared\": \"rule:admin_only\""},{"line_number":120,"context_line":""},{"line_number":121,"context_line":"-  This policy restricts the ability to manipulate the *shared*"},{"line_number":122,"context_line":"   attribute for a network to administrators only."},{"line_number":123,"context_line":""},{"line_number":124,"context_line":"   .. code-block:: none"},{"line_number":125,"context_line":""}],"source_content_type":"text/x-rst","patch_set":14,"id":"04e90ca1_3edc4767","line":122,"range":{"start_line":121,"start_character":3,"end_line":122,"end_character":50},"in_reply_to":"c240c149_b6554867","updated":"2021-01-08 15:58:26.000000000","message":"yeah i also notices that but did not fix it in this patch to mixup the thing. this doc need some re-factoring to make these policy comments clear.","commit_id":"fe413fe01dcafea2cf37522e4332b45b293f2dc6"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"2455ce0b5998192719c5d18f2948afc4c0084465","unresolved":true,"context_lines":[{"line_number":129,"context_line":"       \"create_port:mac_address\": \"rule:admin_or_network_owner\""},{"line_number":130,"context_line":"       \"create_port:fixed_ips\": \"rule:admin_or_network_owner\""},{"line_number":131,"context_line":""},{"line_number":132,"context_line":"-  This policy restricts the ability to manipulate the *mac_address*"},{"line_number":133,"context_line":"   attribute for a port only to administrators and the owner of the"},{"line_number":134,"context_line":"   network where the port is attached."},{"line_number":135,"context_line":""},{"line_number":136,"context_line":"   .. code-block:: none"},{"line_number":137,"context_line":""}],"source_content_type":"text/x-rst","patch_set":14,"id":"73483431_29cf6ca4","line":134,"range":{"start_line":132,"start_character":3,"end_line":134,"end_character":38},"updated":"2021-01-08 09:36:04.000000000","message":"This is about L.129.","commit_id":"fe413fe01dcafea2cf37522e4332b45b293f2dc6"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"2455ce0b5998192719c5d18f2948afc4c0084465","unresolved":true,"context_lines":[{"line_number":162,"context_line":"            \"create_port\": \"rule:admin_only\""},{"line_number":163,"context_line":"            \"get_port\": \"rule:admin_or_owner\""},{"line_number":164,"context_line":"            \"update_port\": \"rule:admin_only\""},{"line_number":165,"context_line":"            \"delete_port\": \"rule:admin_only\""}],"source_content_type":"text/x-rst","patch_set":14,"id":"7af64f0e_9b1e19c7","line":165,"updated":"2021-01-08 09:36:04.000000000","message":"nit: The indent level looks too deep. Ideally these lines shoud align with \"code-block\" at L.147.","commit_id":"fe413fe01dcafea2cf37522e4332b45b293f2dc6"}],"doc/source/contributor/contribute.rst":[{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"0efaacb8937755f8a539c87e1513cff4d05e4f63","unresolved":true,"context_lines":[{"line_number":615,"context_line":""},{"line_number":616,"context_line":"(These are still TBD.)"},{"line_number":617,"context_line":""},{"line_number":618,"context_line":"* Splitting policy.yaml? **ToDo** Armando will investigate."},{"line_number":619,"context_line":""},{"line_number":620,"context_line":"* Generic instructions (or a template) for installing an out-of-tree plugin or"},{"line_number":621,"context_line":"  driver for Neutron. Possibly something for the networking guide, and/or a"}],"source_content_type":"text/x-rst","patch_set":11,"id":"f7c7dd71_3699e21d","line":618,"updated":"2020-12-16 09:51:04.000000000","message":"no action for this patch needed but I wonder if that is still valid here 😊","commit_id":"14eae362f5c86ad74418571ac8ded2a5f60e96f4"}],"neutron/cmd/upgrade_checks/checks.py":[{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"dd6a313081dac6c335d44226deeb6bcffcefb253","unresolved":true,"context_lines":[{"line_number":99,"context_line":"            (_(\"VLAN allocations valid segmentation ID check\"),"},{"line_number":100,"context_line":"             self.vlan_allocations_segid_check),"},{"line_number":101,"context_line":"            (_(\u0027Policy File JSON to YAML Migration\u0027),"},{"line_number":102,"context_line":"             (common_checks.check_policy_json, {\u0027conf\u0027: cfg.CONF})),"},{"line_number":103,"context_line":"        ]"},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"    @staticmethod"}],"source_content_type":"text/x-python","patch_set":4,"id":"b55a39fb_a1970b47","line":102,"updated":"2020-11-30 10:56:25.000000000","message":"WHen I tested the upgrade check, I hit a couple of unclear things.\n\n(1) common_checks.check_policy_json() expects cfg.CONF.oslo_policy.policy_file is registered, but the code has no explicit logic to register oslo.policy options.\nAfter I debugged which module loads neutron.policy (which registers oslo.policy options) it turned out \"from neutron.db.models import agent as agent_model\" at L.26 above loads neutron.policy\n(The dependency tree is neutron.db.models import agent (L.26 above) -\u003e neutron.agent.common.utils -\u003e neutron.conf.agent.common -\u003e neutron.common.config -\u003e neutron.policy).\nIt is better to register the oslo.policy options explicitly as check_policy_json() directly requires the option.\n\n(2) As observed in (1), the oslo.policy options are registered via neutron.policy and neutron.policy calls opts.set_defaults(cfg.CONF, \u0027policy.yaml\u0027) to change the default value. Thus, I expected cfg.CONF.oslo_policy.policy is \u0027policy.yaml\u0027. Looking at the code of check_policy_json(), it just checks whether a file specified in cfg.CONF.oslo_policy.policy is a JSON file. The upgrade check itself complains the policy file is JSON (perhaps as you expect), but what happens? \ncfg.CONF.oslo_policy.policy is overridden to policy.yaml in neutron.policy, but it looks like check_policy_json() checks policy.json. Hmm???\n\nI printed the value of cfg.CONF.oslo_policy.policy in two places:\n- Inside of get_checks() method above -\u003e cfg.CONF.oslo_policy.policy \u003d policy.yaml\n- Inside of common_checks.check_policy_json() in oslo_upgradecheck -\u003e conf.oslo_policy.policy \u003d /etc/neutron/policy.json\n\nI wonder where the conf value is updated? I am confused.","commit_id":"343e38979ebd4f01e03425701dfa4d99d7ef5e79"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"3db4eb499dd1cd3fb50555a86b6cdb7314ce3566","unresolved":true,"context_lines":[{"line_number":99,"context_line":"            (_(\"VLAN allocations valid segmentation ID check\"),"},{"line_number":100,"context_line":"             self.vlan_allocations_segid_check),"},{"line_number":101,"context_line":"            (_(\u0027Policy File JSON to YAML Migration\u0027),"},{"line_number":102,"context_line":"             (common_checks.check_policy_json, {\u0027conf\u0027: cfg.CONF})),"},{"line_number":103,"context_line":"        ]"},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"    @staticmethod"}],"source_content_type":"text/x-python","patch_set":4,"id":"d24e1577_263f7743","line":102,"in_reply_to":"6fadddf4_be416cc6","updated":"2020-12-02 21:44:55.000000000","message":"updates on 1) oslo_policy.policy is registered as you mentioned via different file import but I agree to register explicitly also. done. \n\nRE on 2) Magic here is cli opt and how config file is loaded for those. All the CLI config option (unlike non cli config options) are registered before config file is parsed so that config file overridden value is available whole executing the CLI. In case of upgrade check tool, config file is parsed like:\n\n1. upgradecheck call __call__ on conf object \n- https://github.com/openstack/oslo.upgradecheck/blob/c70506727800d99fbbe8133f0bf0ccb1e70d690a/oslo_upgradecheck/upgradecheck.py#L227\n\n2. oslo.config __call__  call _parse_cli_opts() which intern load the config via _parse_config_files()\n- https://github.com/openstack/oslo.config/blob/cfb8c1f4a5a35ce94fa0dbc2bcf96bcfc06f231c/oslo_config/cfg.py#L2131\n-https://github.com/openstack/oslo.config/blob/cfb8c1f4a5a35ce94fa0dbc2bcf96bcfc06f231c/oslo_config/cfg.py#L2904\n\n^^ this is the place where neutron.conf is loaded and value \u0027/etc/neutron/policy.json\u0027 is loaded for cfg.CONF.oslo_policy.policy_file. I am sure your env have same value set for [oslo_policy]policy_file in neutron.conf\n\n\n\u003e Inside of get_checks() method above -\u003e cfg.CONF.oslo_policy.policy \u003d policy.yaml\n\nThis is default value where config file is not parsed yet so default value is shown.\n\n\n\u003e Inside of common_checks.check_policy_json() in oslo_upgradecheck -\u003e conf.oslo_policy.policy \u003d /etc/neutron/policy.json\n\nThis is value loaded from neutron.conf file. So upgrade checker CLI loaded the config file value correctly before common_checks.check_policy_json() is executed and it looked for correct file which is going to be use by oslo_policy for loading the rules.\n\nSo at the end this check find \u0027/etc/neutron/policy.json as final value for conf.oslo_policy.policy_file which is correct and failed as this file is JSON formatted.","commit_id":"343e38979ebd4f01e03425701dfa4d99d7ef5e79"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"a7c30928da598e9f9d6e79de8e109d64cc4081b1","unresolved":true,"context_lines":[{"line_number":99,"context_line":"            (_(\"VLAN allocations valid segmentation ID check\"),"},{"line_number":100,"context_line":"             self.vlan_allocations_segid_check),"},{"line_number":101,"context_line":"            (_(\u0027Policy File JSON to YAML Migration\u0027),"},{"line_number":102,"context_line":"             (common_checks.check_policy_json, {\u0027conf\u0027: cfg.CONF})),"},{"line_number":103,"context_line":"        ]"},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"    @staticmethod"}],"source_content_type":"text/x-python","patch_set":4,"id":"6fadddf4_be416cc6","line":102,"in_reply_to":"b55a39fb_a1970b47","updated":"2020-12-01 22:07:21.000000000","message":"Thanks amotoki for review and testing it.\n\nRE on 1). I expect all the neutron config option should be pre-registered for this upgrade check as you can see there are other place in this file other config option are being used like L108.\n\n2. this checks is expected to check if cfg.CONF.oslo_policy.policy is JON formatted file or not which can be default value (now policy.yaml)or overridden by operator.\n\nValue here and in common_checks.check_policy_json() should be same which should be policy.yaml as we are overriding the default now and no overridden value in config file. Let me debug it more if some global vs local object of CONF creating the issue here.","commit_id":"343e38979ebd4f01e03425701dfa4d99d7ef5e79"}],"neutron/common/config.py":[{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"dd6a313081dac6c335d44226deeb6bcffcefb253","unresolved":true,"context_lines":[{"line_number":142,"context_line":"    # TODO(gmann): Remove setting the default value of config policy_file"},{"line_number":143,"context_line":"    # once oslo_policy change the default value to \u0027policy.yaml\u0027."},{"line_number":144,"context_line":"    # https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49"},{"line_number":145,"context_line":"    opts.set_defaults(cfg.CONF, policy.DEFAULT_POLICY_FILE)"},{"line_number":146,"context_line":""},{"line_number":147,"context_line":""},{"line_number":148,"context_line":"def set_cors_middleware_defaults():"}],"source_content_type":"text/x-python","patch_set":4,"id":"ed0e1438_7b6f9afc","line":145,"updated":"2020-11-30 10:56:25.000000000","message":"set_defaults to policy.yaml is called in two places: here and neutron.policy.\nDo we need to do it in two places?","commit_id":"343e38979ebd4f01e03425701dfa4d99d7ef5e79"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"a7c30928da598e9f9d6e79de8e109d64cc4081b1","unresolved":true,"context_lines":[{"line_number":142,"context_line":"    # TODO(gmann): Remove setting the default value of config policy_file"},{"line_number":143,"context_line":"    # once oslo_policy change the default value to \u0027policy.yaml\u0027."},{"line_number":144,"context_line":"    # https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49"},{"line_number":145,"context_line":"    opts.set_defaults(cfg.CONF, policy.DEFAULT_POLICY_FILE)"},{"line_number":146,"context_line":""},{"line_number":147,"context_line":""},{"line_number":148,"context_line":"def set_cors_middleware_defaults():"}],"source_content_type":"text/x-python","patch_set":4,"id":"dcb97233_6da21e26","line":145,"in_reply_to":"ed0e1438_7b6f9afc","updated":"2020-12-01 22:07:21.000000000","message":"yeah this place is just for config sample file generator. TO reflect the overridden default value of other namespace we need to provide this hook for config generator to reflect the overridden default value in sample config file.\n\n- https://review.opendev.org/c/openstack/neutron/+/764401/4/setup.cfg\n\n- https://docs.openstack.org/oslo.config/latest/cli/generator.html#modifying-defaults-from-other-namespaces","commit_id":"343e38979ebd4f01e03425701dfa4d99d7ef5e79"}]}