)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":16688,"name":"Rodolfo Alonso","email":"ralonsoh@redhat.com","username":"rodolfo-alonso-hernandez"},"change_message_id":"b7ec4708190a573aab95144dad15527f30bf9db8","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"25dec91f_c39bcf9c","updated":"2023-02-22 10:29:39.000000000","message":"-1 for visibility","commit_id":"8f271e477c5a42af3e4c00556fa7529183025b75"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"0e235e95e68e910f4bb82ee7d4ac2d87a8c8aa25","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"b18eb902_b2f96ea9","updated":"2023-03-01 07:24:09.000000000","message":"thanks","commit_id":"948c9e02e369b47587f6abadc19f241838f79619"}],"releasenotes/notes/secure-rbac-policies-fully-supported-e95271a3ab175dca.yaml":[{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"cb11fcbe2587220f4493d7606789331a33dd9851","unresolved":true,"context_lines":[{"line_number":6,"context_line":"    Role ``admin`` is working in the same way as with old policies."},{"line_number":7,"context_line":"upgrade:"},{"line_number":8,"context_line":"  - |"},{"line_number":9,"context_line":"    New default API policies aren\u0027t enabled by default. Cloud operator can"},{"line_number":10,"context_line":"    enable them by setting ``oslo_policy/enforce_new_defaults`` to ``true`` in"},{"line_number":11,"context_line":"    the Neutron\u0027s config file."},{"line_number":12,"context_line":"    There is also possibility to switch ``oslo_policy/enforce_scope`` config"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"e58410ac_e4925eb5","line":9,"range":{"start_line":9,"start_character":56,"end_line":9,"end_character":61},"updated":"2023-02-22 17:21:18.000000000","message":"s/A cloud","commit_id":"8f271e477c5a42af3e4c00556fa7529183025b75"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"6eed34490af1018d64750ae952775a6060c43deb","unresolved":false,"context_lines":[{"line_number":6,"context_line":"    Role ``admin`` is working in the same way as with old policies."},{"line_number":7,"context_line":"upgrade:"},{"line_number":8,"context_line":"  - |"},{"line_number":9,"context_line":"    New default API policies aren\u0027t enabled by default. Cloud operator can"},{"line_number":10,"context_line":"    enable them by setting ``oslo_policy/enforce_new_defaults`` to ``true`` in"},{"line_number":11,"context_line":"    the Neutron\u0027s config file."},{"line_number":12,"context_line":"    There is also possibility to switch ``oslo_policy/enforce_scope`` config"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"8e54f3de_698e8993","line":9,"range":{"start_line":9,"start_character":56,"end_line":9,"end_character":61},"in_reply_to":"e58410ac_e4925eb5","updated":"2023-02-28 12:28:20.000000000","message":"Done","commit_id":"8f271e477c5a42af3e4c00556fa7529183025b75"},{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"cb11fcbe2587220f4493d7606789331a33dd9851","unresolved":true,"context_lines":[{"line_number":8,"context_line":"  - |"},{"line_number":9,"context_line":"    New default API policies aren\u0027t enabled by default. Cloud operator can"},{"line_number":10,"context_line":"    enable them by setting ``oslo_policy/enforce_new_defaults`` to ``true`` in"},{"line_number":11,"context_line":"    the Neutron\u0027s config file."},{"line_number":12,"context_line":"    There is also possibility to switch ``oslo_policy/enforce_scope`` config"},{"line_number":13,"context_line":"    option to ``true`` but currently Neutron don\u0027t supports any system scope"},{"line_number":14,"context_line":"    APIs."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"0a9898c7_251a7533","line":11,"range":{"start_line":11,"start_character":8,"end_line":11,"end_character":17},"updated":"2023-02-22 17:21:18.000000000","message":"s/Neutron\n\nor drop the \u0027the\u0027","commit_id":"8f271e477c5a42af3e4c00556fa7529183025b75"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"6eed34490af1018d64750ae952775a6060c43deb","unresolved":false,"context_lines":[{"line_number":8,"context_line":"  - |"},{"line_number":9,"context_line":"    New default API policies aren\u0027t enabled by default. Cloud operator can"},{"line_number":10,"context_line":"    enable them by setting ``oslo_policy/enforce_new_defaults`` to ``true`` in"},{"line_number":11,"context_line":"    the Neutron\u0027s config file."},{"line_number":12,"context_line":"    There is also possibility to switch ``oslo_policy/enforce_scope`` config"},{"line_number":13,"context_line":"    option to ``true`` but currently Neutron don\u0027t supports any system scope"},{"line_number":14,"context_line":"    APIs."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"f68d554d_85cfeca6","line":11,"range":{"start_line":11,"start_character":8,"end_line":11,"end_character":17},"in_reply_to":"0a9898c7_251a7533","updated":"2023-02-28 12:28:20.000000000","message":"Done","commit_id":"8f271e477c5a42af3e4c00556fa7529183025b75"},{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"cb11fcbe2587220f4493d7606789331a33dd9851","unresolved":true,"context_lines":[{"line_number":9,"context_line":"    New default API policies aren\u0027t enabled by default. Cloud operator can"},{"line_number":10,"context_line":"    enable them by setting ``oslo_policy/enforce_new_defaults`` to ``true`` in"},{"line_number":11,"context_line":"    the Neutron\u0027s config file."},{"line_number":12,"context_line":"    There is also possibility to switch ``oslo_policy/enforce_scope`` config"},{"line_number":13,"context_line":"    option to ``true`` but currently Neutron don\u0027t supports any system scope"},{"line_number":14,"context_line":"    APIs."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"d8aabb6d_d9ce8911","line":12,"range":{"start_line":12,"start_character":4,"end_line":12,"end_character":39},"updated":"2023-02-22 17:21:18.000000000","message":"s/It is also possible to switch the","commit_id":"8f271e477c5a42af3e4c00556fa7529183025b75"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"6eed34490af1018d64750ae952775a6060c43deb","unresolved":false,"context_lines":[{"line_number":9,"context_line":"    New default API policies aren\u0027t enabled by default. Cloud operator can"},{"line_number":10,"context_line":"    enable them by setting ``oslo_policy/enforce_new_defaults`` to ``true`` in"},{"line_number":11,"context_line":"    the Neutron\u0027s config file."},{"line_number":12,"context_line":"    There is also possibility to switch ``oslo_policy/enforce_scope`` config"},{"line_number":13,"context_line":"    option to ``true`` but currently Neutron don\u0027t supports any system scope"},{"line_number":14,"context_line":"    APIs."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"ab028195_81de8811","line":12,"range":{"start_line":12,"start_character":4,"end_line":12,"end_character":39},"in_reply_to":"d8aabb6d_d9ce8911","updated":"2023-02-28 12:28:20.000000000","message":"Done","commit_id":"8f271e477c5a42af3e4c00556fa7529183025b75"},{"author":{"_account_id":16688,"name":"Rodolfo Alonso","email":"ralonsoh@redhat.com","username":"rodolfo-alonso-hernandez"},"change_message_id":"b7ec4708190a573aab95144dad15527f30bf9db8","unresolved":true,"context_lines":[{"line_number":10,"context_line":"    enable them by setting ``oslo_policy/enforce_new_defaults`` to ``true`` in"},{"line_number":11,"context_line":"    the Neutron\u0027s config file."},{"line_number":12,"context_line":"    There is also possibility to switch ``oslo_policy/enforce_scope`` config"},{"line_number":13,"context_line":"    option to ``true`` but currently Neutron don\u0027t supports any system scope"},{"line_number":14,"context_line":"    APIs."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"ddbac756_95934fe4","line":13,"range":{"start_line":13,"start_character":45,"end_line":13,"end_character":59},"updated":"2023-02-22 10:29:39.000000000","message":"doesn\u0027t support\n\nIn any case, I don\u0027t understand this sentence: we do support it now, don\u0027t we?","commit_id":"8f271e477c5a42af3e4c00556fa7529183025b75"},{"author":{"_account_id":16688,"name":"Rodolfo Alonso","email":"ralonsoh@redhat.com","username":"rodolfo-alonso-hernandez"},"change_message_id":"237763c77b15d3ce85e24b032cc0c71af6e3a07a","unresolved":true,"context_lines":[{"line_number":10,"context_line":"    enable them by setting ``oslo_policy/enforce_new_defaults`` to ``true`` in"},{"line_number":11,"context_line":"    the Neutron\u0027s config file."},{"line_number":12,"context_line":"    There is also possibility to switch ``oslo_policy/enforce_scope`` config"},{"line_number":13,"context_line":"    option to ``true`` but currently Neutron don\u0027t supports any system scope"},{"line_number":14,"context_line":"    APIs."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"45a787e8_ff033ca7","line":13,"range":{"start_line":13,"start_character":45,"end_line":13,"end_character":59},"in_reply_to":"27c8ce87_0341c6e4","updated":"2023-02-23 09:19:24.000000000","message":"This topic is complex (at least for me). I you can add this explanation here? Thanks in advance!","commit_id":"8f271e477c5a42af3e4c00556fa7529183025b75"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"0e235e95e68e910f4bb82ee7d4ac2d87a8c8aa25","unresolved":true,"context_lines":[{"line_number":10,"context_line":"    enable them by setting ``oslo_policy/enforce_new_defaults`` to ``true`` in"},{"line_number":11,"context_line":"    the Neutron\u0027s config file."},{"line_number":12,"context_line":"    There is also possibility to switch ``oslo_policy/enforce_scope`` config"},{"line_number":13,"context_line":"    option to ``true`` but currently Neutron don\u0027t supports any system scope"},{"line_number":14,"context_line":"    APIs."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"17eccd75_1f23f602","line":13,"range":{"start_line":13,"start_character":45,"end_line":13,"end_character":59},"in_reply_to":"3add244e_c98643c9","updated":"2023-03-01 07:24:09.000000000","message":":-)","commit_id":"8f271e477c5a42af3e4c00556fa7529183025b75"},{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"ec52c72413db03f444c1dcfa5238f91e43b7ffcb","unresolved":true,"context_lines":[{"line_number":10,"context_line":"    enable them by setting ``oslo_policy/enforce_new_defaults`` to ``true`` in"},{"line_number":11,"context_line":"    the Neutron\u0027s config file."},{"line_number":12,"context_line":"    There is also possibility to switch ``oslo_policy/enforce_scope`` config"},{"line_number":13,"context_line":"    option to ``true`` but currently Neutron don\u0027t supports any system scope"},{"line_number":14,"context_line":"    APIs."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"b53c92b6_83cda38e","line":13,"range":{"start_line":13,"start_character":45,"end_line":13,"end_character":59},"in_reply_to":"45a787e8_ff033ca7","updated":"2023-02-23 17:10:31.000000000","message":"It would be more clear if I just write the paragraphs out. I know us Americans like using words like \"don\u0027t\", but sometimes \"do not\" translates better, that was the point I was trying to make, at least I think the i18n people complained at one point about using the abbreviations 😊\n\n\nfeatures:\n - |\n   Neutron now supports API policies with the new default roles\n   ``project_member`` and ``project_reader``.\n   Role ``admin`` is working in the same way as with old policies.\nupgrade:\n - |\n   New default API policies are not enabled by default. A cloud operator can\n   enable them by setting ``oslo_policy/enforce_new_defaults`` to ``true`` in\n   the Neutron config file.\n   It is also possible to switch the ``oslo_policy/enforce_scope`` config\n   option to ``true``, but currently Neutron does not support any system scope\n   APIs.","commit_id":"8f271e477c5a42af3e4c00556fa7529183025b75"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"6eed34490af1018d64750ae952775a6060c43deb","unresolved":true,"context_lines":[{"line_number":10,"context_line":"    enable them by setting ``oslo_policy/enforce_new_defaults`` to ``true`` in"},{"line_number":11,"context_line":"    the Neutron\u0027s config file."},{"line_number":12,"context_line":"    There is also possibility to switch ``oslo_policy/enforce_scope`` config"},{"line_number":13,"context_line":"    option to ``true`` but currently Neutron don\u0027t supports any system scope"},{"line_number":14,"context_line":"    APIs."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"e6322f67_21819e1e","line":13,"range":{"start_line":13,"start_character":45,"end_line":13,"end_character":59},"in_reply_to":"b53c92b6_83cda38e","updated":"2023-02-28 12:28:20.000000000","message":"Thx.\n\nI also added additional note about system scope tokens and scope enforcement. I hope it will be more clear now :)","commit_id":"8f271e477c5a42af3e4c00556fa7529183025b75"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"364b4eed437c498df8d2ccba01de1823dc08986f","unresolved":true,"context_lines":[{"line_number":10,"context_line":"    enable them by setting ``oslo_policy/enforce_new_defaults`` to ``true`` in"},{"line_number":11,"context_line":"    the Neutron\u0027s config file."},{"line_number":12,"context_line":"    There is also possibility to switch ``oslo_policy/enforce_scope`` config"},{"line_number":13,"context_line":"    option to ``true`` but currently Neutron don\u0027t supports any system scope"},{"line_number":14,"context_line":"    APIs."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"ea9fd7be_1e8fd7cc","line":13,"range":{"start_line":13,"start_character":45,"end_line":13,"end_character":59},"in_reply_to":"ddbac756_95934fe4","updated":"2023-02-22 11:06:22.000000000","message":"Initially we were adding system scope calls but after many rounds of feedback from operators we decided that for now we will be not have any system scope calls really. All APIs now are project scoped, even things like \"agent list\" which is clearly system scope call.\nIt\u0027s like that because we still have only one ADMIN role, not PROJECT_ADMIN and SYSTEM_ADMIN.\nSo You may enable scope enforcing in Neutron now, but then if You make any call with e.g. system scope admin, it will be forbidden.\nSee https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#phase-1 for details","commit_id":"8f271e477c5a42af3e4c00556fa7529183025b75"},{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"44289724c475b951e53368f48b93b5aac0ed6369","unresolved":true,"context_lines":[{"line_number":10,"context_line":"    enable them by setting ``oslo_policy/enforce_new_defaults`` to ``true`` in"},{"line_number":11,"context_line":"    the Neutron\u0027s config file."},{"line_number":12,"context_line":"    There is also possibility to switch ``oslo_policy/enforce_scope`` config"},{"line_number":13,"context_line":"    option to ``true`` but currently Neutron don\u0027t supports any system scope"},{"line_number":14,"context_line":"    APIs."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"3add244e_c98643c9","line":13,"range":{"start_line":13,"start_character":45,"end_line":13,"end_character":59},"in_reply_to":"e6322f67_21819e1e","updated":"2023-02-28 14:48:38.000000000","message":"Tweaked just a little, lgtm now.","commit_id":"8f271e477c5a42af3e4c00556fa7529183025b75"},{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"cb11fcbe2587220f4493d7606789331a33dd9851","unresolved":true,"context_lines":[{"line_number":10,"context_line":"    enable them by setting ``oslo_policy/enforce_new_defaults`` to ``true`` in"},{"line_number":11,"context_line":"    the Neutron\u0027s config file."},{"line_number":12,"context_line":"    There is also possibility to switch ``oslo_policy/enforce_scope`` config"},{"line_number":13,"context_line":"    option to ``true`` but currently Neutron don\u0027t supports any system scope"},{"line_number":14,"context_line":"    APIs."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"27c8ce87_0341c6e4","line":13,"range":{"start_line":13,"start_character":45,"end_line":13,"end_character":59},"in_reply_to":"ea9fd7be_1e8fd7cc","updated":"2023-02-22 17:21:18.000000000","message":"And just a nit, I would use \"does not\" and \"are not\" above just to make it clear, sometimes the abbreviations can be lost in translation :)","commit_id":"8f271e477c5a42af3e4c00556fa7529183025b75"}]}