)]}'
{"neutron/conf/policies/rbac.py":[{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"08175f57d903f4ef6c4af38212cfd9046d9947b6","unresolved":true,"context_lines":[{"line_number":29,"context_line":"        name\u003d\u0027restrict_wildcard\u0027,"},{"line_number":30,"context_line":"        check_str\u003dbase.policy_or("},{"line_number":31,"context_line":"            \u0027(not field:rbac_policy:target_tenant\u003d*)\u0027,"},{"line_number":32,"context_line":"            base.RULE_ADMIN_ONLY),"},{"line_number":33,"context_line":"        description\u003d\u0027Definition of a wildcard target_tenant\u0027),"},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"    policy.DocumentedRuleDefault("}],"source_content_type":"text/x-python","patch_set":1,"id":"07a71eda_81844048","line":32,"range":{"start_line":32,"start_character":17,"end_line":32,"end_character":32},"updated":"2021-04-09 15:22:17.000000000","message":"Aha - this was allowing project-admins to open up networks to any tenant.\n\nMaybe we can remove this bit now?","commit_id":"de69a5537830ee685ad8c3c7809d4410c9488903"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"f1c59e549e137ca986b00348f5e249ab59949a3d","unresolved":true,"context_lines":[{"line_number":29,"context_line":"        name\u003d\u0027restrict_wildcard\u0027,"},{"line_number":30,"context_line":"        check_str\u003dbase.policy_or("},{"line_number":31,"context_line":"            \u0027(not field:rbac_policy:target_tenant\u003d*)\u0027,"},{"line_number":32,"context_line":"            base.RULE_ADMIN_ONLY),"},{"line_number":33,"context_line":"        description\u003d\u0027Definition of a wildcard target_tenant\u0027),"},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"    policy.DocumentedRuleDefault("}],"source_content_type":"text/x-python","patch_set":1,"id":"bd98b9c0_d486a75e","line":32,"range":{"start_line":32,"start_character":17,"end_line":32,"end_character":32},"in_reply_to":"07a71eda_81844048","updated":"2021-04-12 11:09:19.000000000","message":"this rule \"restrict_wildcard\" is also used in the old, deprecated rules and there this RULE_ADMIN_ONLY is needed. Maybe we can leave it as it is now and remove that \"restrict_wildcard\" rule later when we will remove deprecated rules at some point. Wdyt?","commit_id":"de69a5537830ee685ad8c3c7809d4410c9488903"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"ae8ff8931cf58154ef190fec130cf012192aa057","unresolved":true,"context_lines":[{"line_number":29,"context_line":"        name\u003d\u0027restrict_wildcard\u0027,"},{"line_number":30,"context_line":"        check_str\u003dbase.policy_or("},{"line_number":31,"context_line":"            \u0027(not field:rbac_policy:target_tenant\u003d*)\u0027,"},{"line_number":32,"context_line":"            base.RULE_ADMIN_ONLY),"},{"line_number":33,"context_line":"        description\u003d\u0027Definition of a wildcard target_tenant\u0027),"},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"    policy.DocumentedRuleDefault("}],"source_content_type":"text/x-python","patch_set":1,"id":"12b8128a_ea8e09e4","line":32,"range":{"start_line":32,"start_character":17,"end_line":32,"end_character":32},"in_reply_to":"bd98b9c0_d486a75e","updated":"2021-04-12 18:52:12.000000000","message":"Yeah - that makes sense. We can remove it later.","commit_id":"de69a5537830ee685ad8c3c7809d4410c9488903"}]}
