)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"1cb70283c2d4becf9c934b5e7870f33b62a9f9a8","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"dc0e78fc_d1a02852","updated":"2022-03-29 12:09:20.000000000","message":"I\u0027m fine with such config option as by default it will not change Neutron\u0027s behavior but I think it deserves for the release note","commit_id":"2109065459f741a069336d6b5c4a7d24ee6e8618"},{"author":{"_account_id":16688,"name":"Rodolfo Alonso","email":"ralonsoh@redhat.com","username":"rodolfo-alonso-hernandez"},"change_message_id":"49eb81bcbc59457fe8d593fbac3646c5f08dab8b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"42387fb8_d898b7d5","updated":"2022-03-30 12:56:26.000000000","message":"I\u0027m not particularly in favor of this change. The API allows to, once the SG is created and the default egress rules, remove the created rules.\n\nIf something like this is going to be implemented, I would use a more explicit way: modifying the API and allowing a new parameter, passed via CLI. This parameter (something like \"--no-default-egress-rules\") would be something explicit, defined per SG, not a \"hidden\" configuration parameter applicable to all the deployment.\n\nI know this last idea is more complicated to implement but (1) is flexible (per SG) and (2) is explicit (you specify it in the CLI).","commit_id":"0707a05bef7959799e7d0aace61839d148daca8a"},{"author":{"_account_id":7130,"name":"David Hill","email":"davidchill@hotmail.com","username":"dhill"},"change_message_id":"89c28eeb84f68cf59ce887b33d30c849264b1e39","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"bbdec639_1afa6b78","in_reply_to":"42387fb8_d898b7d5","updated":"2022-03-30 13:11:57.000000000","message":"Yeah well customer wants to drop all traffic by default and force users to add the required flows.   Ideally, it would be better to have a default SG with default rules that we apply to each new created groups which would avoid having this new argument --no-default-egres-rules or the parameter I we just implemented in this patch.   I\u0027ll let you decide over this but I don\u0027t think those 2 ideas are the best ideas as the best idea is still the global default security group idea which was declined many times.","commit_id":"0707a05bef7959799e7d0aace61839d148daca8a"},{"author":{"_account_id":16688,"name":"Rodolfo Alonso","email":"ralonsoh@redhat.com","username":"rodolfo-alonso-hernandez"},"change_message_id":"55c87992c82275b11c657906c054867e723123fa","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"fbc179fc_37adcc95","in_reply_to":"591ab479_80577ee4","updated":"2022-04-04 15:08:23.000000000","message":"The \"default\" security group is something created by default when no SG is created yet in this this project. However, if any admin needs something more specific (for example, no egress rules or no rules at all), a specific SG can be created and used. The API currently allows this operation.\n\nI\u0027m not in favor of adding more config knobs and even less if this is something doable with the current API.","commit_id":"0707a05bef7959799e7d0aace61839d148daca8a"},{"author":{"_account_id":7130,"name":"David Hill","email":"davidchill@hotmail.com","username":"dhill"},"change_message_id":"4fb34bc4f3763e1e0a77d1fa434df17d7e203b20","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"591ab479_80577ee4","in_reply_to":"bbdec639_1afa6b78","updated":"2022-04-04 15:01:34.000000000","message":"Maybe we should allow both approach here ?    There\u0027re cases where users would like to have the same kind of behavior in egress as the ingress flows which is to disable everything by default and punch holes in the FW as flows require.","commit_id":"0707a05bef7959799e7d0aace61839d148daca8a"}],"neutron/conf/common.py":[{"author":{"_account_id":30380,"name":"ZhouHeng","email":"zhouhenglc@inspur.com","username":"zhouhenglc"},"change_message_id":"91fe4234d0859ddd357faf339e56ffaf4d11b5e9","unresolved":true,"context_lines":[{"line_number":23,"context_line":""},{"line_number":24,"context_line":"core_opts \u003d ["},{"line_number":25,"context_line":"    cfg.BoolOpt(\u0027apply_default_egress_rules\u0027, default\u003dTrue,"},{"line_number":26,"context_line":"                help\u003d_(\"Apply default egress rules to new\""},{"line_number":27,"context_line":"                       \"security groups.\")),"},{"line_number":28,"context_line":"    cfg.HostAddressOpt(\u0027bind_host\u0027, default\u003d\u00270.0.0.0\u0027,"},{"line_number":29,"context_line":"                       help\u003d_(\"The host IP to bind to.\")),"}],"source_content_type":"text/x-python","patch_set":2,"id":"51aa3b42_11fcdde3","line":26,"range":{"start_line":26,"start_character":54,"end_line":26,"end_character":57},"updated":"2022-03-30 00:34:49.000000000","message":"“create\" is better?","commit_id":"8e412a1c84e9c0356551d09f6c2c365ffd04a4bb"},{"author":{"_account_id":7130,"name":"David Hill","email":"davidchill@hotmail.com","username":"dhill"},"change_message_id":"89c28eeb84f68cf59ce887b33d30c849264b1e39","unresolved":false,"context_lines":[{"line_number":23,"context_line":""},{"line_number":24,"context_line":"core_opts \u003d ["},{"line_number":25,"context_line":"    cfg.BoolOpt(\u0027apply_default_egress_rules\u0027, default\u003dTrue,"},{"line_number":26,"context_line":"                help\u003d_(\"Apply default egress rules to new\""},{"line_number":27,"context_line":"                       \"security groups.\")),"},{"line_number":28,"context_line":"    cfg.HostAddressOpt(\u0027bind_host\u0027, default\u003d\u00270.0.0.0\u0027,"},{"line_number":29,"context_line":"                       help\u003d_(\"The host IP to bind to.\")),"}],"source_content_type":"text/x-python","patch_set":2,"id":"e243c530_8c372c5b","line":26,"range":{"start_line":26,"start_character":54,"end_line":26,"end_character":57},"in_reply_to":"51aa3b42_11fcdde3","updated":"2022-03-30 13:11:57.000000000","message":"no.   I meant that.   When you create a new security group, you want to apply default egress rules to the database schema.","commit_id":"8e412a1c84e9c0356551d09f6c2c365ffd04a4bb"}],"releasenotes/notes/disable-egress-default-rules-a61d4995e5c7ac1e.yaml":[{"author":{"_account_id":30380,"name":"ZhouHeng","email":"zhouhenglc@inspur.com","username":"zhouhenglc"},"change_message_id":"91fe4234d0859ddd357faf339e56ffaf4d11b5e9","unresolved":true,"context_lines":[{"line_number":6,"context_line":"  - |"},{"line_number":7,"context_line":"    This patch adds apply_default_egress_rules with default set to True to"},{"line_number":8,"context_line":"    keep the behavior the same but operators can set it to False in order to"},{"line_number":9,"context_line":"    drop all egress traffic by default .   When setting this value to False,"},{"line_number":10,"context_line":"    all required flows such as DNS, DHCP, HTTP for metadata, etc will have"},{"line_number":11,"context_line":"    to be allowed by the operator otherwise those flows will fail."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"14cc5e52_1e962f90","line":9,"range":{"start_line":9,"start_character":41,"end_line":9,"end_character":42},"updated":"2022-03-30 00:34:49.000000000","message":"nit: multi-spaces","commit_id":"8e412a1c84e9c0356551d09f6c2c365ffd04a4bb"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"d5fa8e6b2fe7632dfbb4e2b84b5e4eabac9191e2","unresolved":true,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"prelude: \u003e"},{"line_number":3,"context_line":"    By default egress rules allow all traffic by default and there\u0027re no ways"},{"line_number":4,"context_line":"    of customizing those rules in default groups at this time."},{"line_number":5,"context_line":"features:"},{"line_number":6,"context_line":"  - |"},{"line_number":7,"context_line":"    This patch adds apply_default_egress_rules with default set to True to"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"2ea8474e_b007d8a4","line":4,"updated":"2022-04-05 08:56:14.000000000","message":"prelude section is rendered on the top of the page, and should be used for some big things only, like release highlights. So please just use \"features\" section and that will be enough.","commit_id":"0707a05bef7959799e7d0aace61839d148daca8a"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"d5fa8e6b2fe7632dfbb4e2b84b5e4eabac9191e2","unresolved":true,"context_lines":[{"line_number":4,"context_line":"    of customizing those rules in default groups at this time."},{"line_number":5,"context_line":"features:"},{"line_number":6,"context_line":"  - |"},{"line_number":7,"context_line":"    This patch adds apply_default_egress_rules with default set to True to"},{"line_number":8,"context_line":"    keep the behavior the same but operators can set it to False in order to"},{"line_number":9,"context_line":"    drop all egress traffic by default. When setting this value to False,"},{"line_number":10,"context_line":"    all required flows such as DNS, DHCP, HTTP for metadata, etc will have"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"b7c5e854_b05e643f","line":7,"range":{"start_line":7,"start_character":20,"end_line":7,"end_character":46},"updated":"2022-04-05 08:56:14.000000000","message":"You can wrap it into `` `` to highlight it in the rendered html page","commit_id":"0707a05bef7959799e7d0aace61839d148daca8a"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"d5fa8e6b2fe7632dfbb4e2b84b5e4eabac9191e2","unresolved":true,"context_lines":[{"line_number":4,"context_line":"    of customizing those rules in default groups at this time."},{"line_number":5,"context_line":"features:"},{"line_number":6,"context_line":"  - |"},{"line_number":7,"context_line":"    This patch adds apply_default_egress_rules with default set to True to"},{"line_number":8,"context_line":"    keep the behavior the same but operators can set it to False in order to"},{"line_number":9,"context_line":"    drop all egress traffic by default. When setting this value to False,"},{"line_number":10,"context_line":"    all required flows such as DNS, DHCP, HTTP for metadata, etc will have"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"871f45e8_ce27ac1b","line":7,"range":{"start_line":7,"start_character":67,"end_line":7,"end_character":71},"updated":"2022-04-05 08:56:14.000000000","message":"same here","commit_id":"0707a05bef7959799e7d0aace61839d148daca8a"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"d5fa8e6b2fe7632dfbb4e2b84b5e4eabac9191e2","unresolved":true,"context_lines":[{"line_number":5,"context_line":"features:"},{"line_number":6,"context_line":"  - |"},{"line_number":7,"context_line":"    This patch adds apply_default_egress_rules with default set to True to"},{"line_number":8,"context_line":"    keep the behavior the same but operators can set it to False in order to"},{"line_number":9,"context_line":"    drop all egress traffic by default. When setting this value to False,"},{"line_number":10,"context_line":"    all required flows such as DNS, DHCP, HTTP for metadata, etc will have"},{"line_number":11,"context_line":"    to be allowed by the operator otherwise those flows will fail."}],"source_content_type":"text/x-yaml","patch_set":3,"id":"2ebcf2d6_aa997b06","line":8,"range":{"start_line":8,"start_character":59,"end_line":8,"end_character":64},"updated":"2022-04-05 08:56:14.000000000","message":"and here","commit_id":"0707a05bef7959799e7d0aace61839d148daca8a"}]}
