)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":6802,"name":"Joel Coffman","email":"jmc7tp@gmail.com","username":"joel-coffman"},"change_message_id":"46428f863e0478dc0e5ded94983a34e0298cb7ab","unresolved":false,"context_lines":[{"line_number":18,"context_line":"Enhance Nova policy to include Nova admin role, so that"},{"line_number":19,"context_line":"administrators with Nova admin role can perform Nova administrative"},{"line_number":20,"context_line":"tasks without having to take on the super \"admin\" role."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"Change-Id: Ie8d653eed2fea244be6fa535ed6fd003ea15c2bb"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"1a6ced46_08b823e4","line":21,"updated":"2015-03-25 14:06:46.000000000","message":"Recommend adding \u0027SecurityImpact\u0027 tag as the OSSG would probably have some opinions about this change.","commit_id":"e2dd95d8072f6cdcec50e08432b5a81bdb38fc34"},{"author":{"_account_id":11333,"name":"David J Hu","email":"david.hu@hpe.com","username":"dhu"},"change_message_id":"b040557791f376cda18109f83cbc0fa7d62051e9","unresolved":false,"context_lines":[{"line_number":18,"context_line":"Enhance Nova policy to include Nova admin role, so that"},{"line_number":19,"context_line":"administrators with Nova admin role can perform Nova administrative"},{"line_number":20,"context_line":"tasks without having to take on the super \"admin\" role."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"Change-Id: Ie8d653eed2fea244be6fa535ed6fd003ea15c2bb"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"1a6ced46_44b3d509","line":21,"in_reply_to":"1a6ced46_08b823e4","updated":"2015-03-25 21:12:20.000000000","message":"Done.","commit_id":"e2dd95d8072f6cdcec50e08432b5a81bdb38fc34"}],"specs/liberty/nova-admin-role.rst":[{"author":{"_account_id":8119,"name":"Eric Brown","email":"eric_wade_brown@yahoo.com","username":"ericwb"},"change_message_id":"7e2aa0025790fb83fb4155cc7eb06673d7005619","unresolved":false,"context_lines":[{"line_number":8,"context_line":"Nova admin role"},{"line_number":9,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"https://blueprints.launchpad.net/nova/+spec/nova-admin-role"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Enhance Nova policy to include Nova admin role, so that"},{"line_number":14,"context_line":"administrators with Nova admin role can perform Nova administrative"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1a6ced46_0263bbb1","line":11,"updated":"2015-03-25 00:44:05.000000000","message":"This link doesn\u0027t appear to work.","commit_id":"e2dd95d8072f6cdcec50e08432b5a81bdb38fc34"},{"author":{"_account_id":6802,"name":"Joel Coffman","email":"jmc7tp@gmail.com","username":"joel-coffman"},"change_message_id":"46428f863e0478dc0e5ded94983a34e0298cb7ab","unresolved":false,"context_lines":[{"line_number":8,"context_line":"Nova admin role"},{"line_number":9,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"https://blueprints.launchpad.net/nova/+spec/nova-admin-role"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Enhance Nova policy to include Nova admin role, so that"},{"line_number":14,"context_line":"administrators with Nova admin role can perform Nova administrative"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1a6ced46_a8b8efc8","line":11,"in_reply_to":"1a6ced46_0263bbb1","updated":"2015-03-25 14:06:46.000000000","message":"Concur. A blueprint should be filed prior to submitting the spec -- see https://wiki.openstack.org/wiki/Blueprints#Spec_.2B_Blueprints_lifecycle","commit_id":"e2dd95d8072f6cdcec50e08432b5a81bdb38fc34"},{"author":{"_account_id":11333,"name":"David J Hu","email":"david.hu@hpe.com","username":"dhu"},"change_message_id":"b040557791f376cda18109f83cbc0fa7d62051e9","unresolved":false,"context_lines":[{"line_number":8,"context_line":"Nova admin role"},{"line_number":9,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"https://blueprints.launchpad.net/nova/+spec/nova-admin-role"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Enhance Nova policy to include Nova admin role, so that"},{"line_number":14,"context_line":"administrators with Nova admin role can perform Nova administrative"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1a6ced46_d9289188","line":11,"in_reply_to":"1a6ced46_a8b8efc8","updated":"2015-03-25 21:12:20.000000000","message":"I am getting one filed.  My apologies for the confusion.","commit_id":"e2dd95d8072f6cdcec50e08432b5a81bdb38fc34"},{"author":{"_account_id":8119,"name":"Eric Brown","email":"eric_wade_brown@yahoo.com","username":"ericwb"},"change_message_id":"7e2aa0025790fb83fb4155cc7eb06673d7005619","unresolved":false,"context_lines":[{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Enhance Nova policy to include Nova admin role, so that"},{"line_number":14,"context_line":"administrators with Nova admin role can perform Nova administrative"},{"line_number":15,"context_line":"tasks without having to take on the super \"admin\" role."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"Problem Description"},{"line_number":18,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1a6ced46_62738f80","line":15,"updated":"2015-03-25 00:44:05.000000000","message":"Deployers already have the ability to customize the policy.json with a new role of their choosing.  I don\u0027t think its necessary to introduce a new role that not every exploiter of OpenStack requires.","commit_id":"e2dd95d8072f6cdcec50e08432b5a81bdb38fc34"},{"author":{"_account_id":6802,"name":"Joel Coffman","email":"jmc7tp@gmail.com","username":"joel-coffman"},"change_message_id":"46428f863e0478dc0e5ded94983a34e0298cb7ab","unresolved":false,"context_lines":[{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Enhance Nova policy to include Nova admin role, so that"},{"line_number":14,"context_line":"administrators with Nova admin role can perform Nova administrative"},{"line_number":15,"context_line":"tasks without having to take on the super \"admin\" role."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"Problem Description"},{"line_number":18,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1a6ced46_c89c4b12","line":15,"in_reply_to":"1a6ced46_62738f80","updated":"2015-03-25 14:06:46.000000000","message":"I agree. While I\u0027m in favor of this change, I\u0027d like to see more details about why it\u0027s appropriate rather than using the existing mechanisms for operators to define custom roles. This information would be helpful to include in the \"Alternatives\" section to evaluate the merits of both approaches.","commit_id":"e2dd95d8072f6cdcec50e08432b5a81bdb38fc34"},{"author":{"_account_id":11333,"name":"David J Hu","email":"david.hu@hpe.com","username":"dhu"},"change_message_id":"b040557791f376cda18109f83cbc0fa7d62051e9","unresolved":false,"context_lines":[{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Enhance Nova policy to include Nova admin role, so that"},{"line_number":14,"context_line":"administrators with Nova admin role can perform Nova administrative"},{"line_number":15,"context_line":"tasks without having to take on the super \"admin\" role."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"Problem Description"},{"line_number":18,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1a6ced46_27689b1c","line":15,"in_reply_to":"1a6ced46_62738f80","updated":"2015-03-25 21:12:20.000000000","message":"I will add an alternative to capture this.\n\nFor existing deployments with Nova admin role defined, the policy.json change wouldn\u0027t be useful since the role had already been defined by the deployer.\n\nFor new deployments, deployers will benefit from this since a role is already created and added to the policy file.  \n\nUnless the role name is changed from the default, the community can benefit from a common role name- nova_admin.","commit_id":"e2dd95d8072f6cdcec50e08432b5a81bdb38fc34"},{"author":{"_account_id":11333,"name":"David J Hu","email":"david.hu@hpe.com","username":"dhu"},"change_message_id":"b040557791f376cda18109f83cbc0fa7d62051e9","unresolved":false,"context_lines":[{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Enhance Nova policy to include Nova admin role, so that"},{"line_number":14,"context_line":"administrators with Nova admin role can perform Nova administrative"},{"line_number":15,"context_line":"tasks without having to take on the super \"admin\" role."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"Problem Description"},{"line_number":18,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1a6ced46_47d037c9","line":15,"in_reply_to":"1a6ced46_c89c4b12","updated":"2015-03-25 21:12:20.000000000","message":"Will add an alternative.","commit_id":"e2dd95d8072f6cdcec50e08432b5a81bdb38fc34"},{"author":{"_account_id":6802,"name":"Joel Coffman","email":"jmc7tp@gmail.com","username":"joel-coffman"},"change_message_id":"46428f863e0478dc0e5ded94983a34e0298cb7ab","unresolved":false,"context_lines":[{"line_number":50,"context_line":""},{"line_number":51,"context_line":"A utility to create Nova admin role in Keystone if Nova admin role is"},{"line_number":52,"context_line":"not already in Keystone.  Second part of this utility adds Nova"},{"line_number":53,"context_line":"admin role to context_is_Admin in policy.json if not already."},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"The proposed role name is ‘nova_admin’."},{"line_number":56,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"1a6ced46_c8c36beb","line":53,"updated":"2015-03-25 14:06:46.000000000","message":"nit: context_is_Admin -\u003e context_is_admin","commit_id":"e2dd95d8072f6cdcec50e08432b5a81bdb38fc34"},{"author":{"_account_id":11333,"name":"David J Hu","email":"david.hu@hpe.com","username":"dhu"},"change_message_id":"b040557791f376cda18109f83cbc0fa7d62051e9","unresolved":false,"context_lines":[{"line_number":50,"context_line":""},{"line_number":51,"context_line":"A utility to create Nova admin role in Keystone if Nova admin role is"},{"line_number":52,"context_line":"not already in Keystone.  Second part of this utility adds Nova"},{"line_number":53,"context_line":"admin role to context_is_Admin in policy.json if not already."},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"The proposed role name is ‘nova_admin’."},{"line_number":56,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"1a6ced46_d9bed164","line":53,"in_reply_to":"1a6ced46_c8c36beb","updated":"2015-03-25 21:12:20.000000000","message":"Done.  Next patch will reflect the change.","commit_id":"e2dd95d8072f6cdcec50e08432b5a81bdb38fc34"},{"author":{"_account_id":8119,"name":"Eric Brown","email":"eric_wade_brown@yahoo.com","username":"ericwb"},"change_message_id":"7e2aa0025790fb83fb4155cc7eb06673d7005619","unresolved":false,"context_lines":[{"line_number":57,"context_line":"Alternatives"},{"line_number":58,"context_line":"------------"},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"Alternative 1:  A super “admin” manually defines ‘nova_admin’ in"},{"line_number":61,"context_line":"                policy.json."},{"line_number":62,"context_line":""},{"line_number":63,"context_line":"Alternative 2:  Make the changes in a sample policy.json."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1a6ced46_c268c389","line":60,"updated":"2015-03-25 00:44:05.000000000","message":"I\u0027d prefer to see tools or enhancements to keystone to allow deployers to more easily define and configure roles, than to introduce this new static role.","commit_id":"e2dd95d8072f6cdcec50e08432b5a81bdb38fc34"},{"author":{"_account_id":6804,"name":"bruce-benjamin","email":"bruce.benjamin@jhuapl.edu","username":"bruce-benjamin"},"change_message_id":"1a47995493dc60b35c932a5461872ba70c2d945f","unresolved":false,"context_lines":[{"line_number":58,"context_line":"------------"},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"Alternative 1:  A super “admin” manually defines ‘nova_admin’ in"},{"line_number":61,"context_line":"                policy.json."},{"line_number":62,"context_line":""},{"line_number":63,"context_line":"Alternative 2:  Make the changes in a sample policy.json."},{"line_number":64,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"1a6ced46_64a9b1de","line":61,"updated":"2015-03-25 20:23:31.000000000","message":"Agreed.  Allowing simplified customization of the roles would facilitate defining appropriate privileges where needed.","commit_id":"e2dd95d8072f6cdcec50e08432b5a81bdb38fc34"},{"author":{"_account_id":11333,"name":"David J Hu","email":"david.hu@hpe.com","username":"dhu"},"change_message_id":"b040557791f376cda18109f83cbc0fa7d62051e9","unresolved":false,"context_lines":[{"line_number":58,"context_line":"------------"},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"Alternative 1:  A super “admin” manually defines ‘nova_admin’ in"},{"line_number":61,"context_line":"                policy.json."},{"line_number":62,"context_line":""},{"line_number":63,"context_line":"Alternative 2:  Make the changes in a sample policy.json."},{"line_number":64,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"1a6ced46_c26095d1","line":61,"in_reply_to":"1a6ced46_64a9b1de","updated":"2015-03-25 21:12:20.000000000","message":"Will capture the feedback that using tools that streamline the process is more preferable then manually creating a role in keystone, then add the role to policy.json.","commit_id":"e2dd95d8072f6cdcec50e08432b5a81bdb38fc34"},{"author":{"_account_id":8119,"name":"Eric Brown","email":"eric_wade_brown@yahoo.com","username":"ericwb"},"change_message_id":"09e4584f1b875fa5760458f3569554a9816ac41e","unresolved":false,"context_lines":[{"line_number":78,"context_line":""},{"line_number":79,"context_line":"Alternative 3:  A utility that creates Nova admin role in Keystone,"},{"line_number":80,"context_line":"                and adds Nova admin role to context_is_admin in"},{"line_number":81,"context_line":"                policy.json. "},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"Alternative 4:  Combination of Alternative 2 and 3."},{"line_number":84,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"da9b358b_f8ca836d","line":81,"updated":"2015-04-01 05:47:48.000000000","message":"Trailing space","commit_id":"1e091e6d6f878b3095ba98813f4efbbea6546143"},{"author":{"_account_id":6804,"name":"bruce-benjamin","email":"bruce.benjamin@jhuapl.edu","username":"bruce-benjamin"},"change_message_id":"8eb87626c495df3a04037bcb4cf8f77efc822fbd","unresolved":false,"context_lines":[{"line_number":79,"context_line":"Alternative 3:  A utility that creates Nova admin role in Keystone,"},{"line_number":80,"context_line":"                and adds Nova admin role to context_is_admin in"},{"line_number":81,"context_line":"                policy.json. "},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"Alternative 4:  Combination of Alternative 2 and 3."},{"line_number":84,"context_line":""},{"line_number":85,"context_line":"Alternative 5:  \u0027compute_admin\u0027 as the default role name."}],"source_content_type":"text/x-rst","patch_set":3,"id":"baa041b7_69adfd30","line":82,"updated":"2015-04-01 14:46:22.000000000","message":"It seems that alternative 3 is essentially the same thing as the second bullet of your proposed change.  The only difference is that this doesn\u0027t call out that it won\u0027t add the roles if they are already present.  I think the difference needs to be clarified, or this should be dropped.","commit_id":"1e091e6d6f878b3095ba98813f4efbbea6546143"},{"author":{"_account_id":8119,"name":"Eric Brown","email":"eric_wade_brown@yahoo.com","username":"ericwb"},"change_message_id":"09e4584f1b875fa5760458f3569554a9816ac41e","unresolved":false,"context_lines":[{"line_number":80,"context_line":"                and adds Nova admin role to context_is_admin in"},{"line_number":81,"context_line":"                policy.json. "},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"Alternative 4:  Combination of Alternative 2 and 3."},{"line_number":84,"context_line":""},{"line_number":85,"context_line":"Alternative 5:  \u0027compute_admin\u0027 as the default role name."},{"line_number":86,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"da9b358b_d8a0dfa1","line":83,"updated":"2015-04-01 05:47:48.000000000","message":"I think 3 is already a superset of 2 no?","commit_id":"1e091e6d6f878b3095ba98813f4efbbea6546143"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"d3d2026a4979b650cbfbd057a64e1384bda7cb66","unresolved":false,"context_lines":[{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Enhance Nova policy to include Nova admin role, so that"},{"line_number":14,"context_line":"administrators with Nova admin role can perform Nova administrative"},{"line_number":15,"context_line":"tasks without having to take on the super \"admin\" role."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"Problem Description"},{"line_number":18,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":4,"id":"7aaa499b_924eb76d","line":15,"updated":"2015-04-15 08:48:55.000000000","message":"I think you are over cooking this spec a little. Too much detail can make life hard getting this merged.\n\nIt seems this is about:\n\nChanging the default policy file to have a nova specific admin role.","commit_id":"15a2abca42c5d2c27370054dfa0a81fc080695a2"},{"author":{"_account_id":8119,"name":"Eric Brown","email":"eric_wade_brown@yahoo.com","username":"ericwb"},"change_message_id":"51756b93c5220dc5071dcf2a145ed03810f96595","unresolved":false,"context_lines":[{"line_number":56,"context_line":"Proposed Change"},{"line_number":57,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"* Add Nova admin role to context_is_admin in policy.json in"},{"line_number":60,"context_line":"  additional to “admin”.  This allows backward compatibility, so that"},{"line_number":61,"context_line":"  the existing “admin” role still works."},{"line_number":62,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"7aaa499b_7be4980c","line":59,"updated":"2015-04-10 22:03:16.000000000","message":"Add the nova_admin role to....","commit_id":"15a2abca42c5d2c27370054dfa0a81fc080695a2"},{"author":{"_account_id":8119,"name":"Eric Brown","email":"eric_wade_brown@yahoo.com","username":"ericwb"},"change_message_id":"51756b93c5220dc5071dcf2a145ed03810f96595","unresolved":false,"context_lines":[{"line_number":57,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"* Add Nova admin role to context_is_admin in policy.json in"},{"line_number":60,"context_line":"  additional to “admin”.  This allows backward compatibility, so that"},{"line_number":61,"context_line":"  the existing “admin” role still works."},{"line_number":62,"context_line":""},{"line_number":63,"context_line":"* A utility to create Nova admin role in Keystone if Nova admin role"}],"source_content_type":"text/x-rst","patch_set":4,"id":"7aaa499b_bbe10001","line":60,"updated":"2015-04-10 22:03:16.000000000","message":"...in addition to....","commit_id":"15a2abca42c5d2c27370054dfa0a81fc080695a2"},{"author":{"_account_id":8119,"name":"Eric Brown","email":"eric_wade_brown@yahoo.com","username":"ericwb"},"change_message_id":"51756b93c5220dc5071dcf2a145ed03810f96595","unresolved":false,"context_lines":[{"line_number":60,"context_line":"  additional to “admin”.  This allows backward compatibility, so that"},{"line_number":61,"context_line":"  the existing “admin” role still works."},{"line_number":62,"context_line":""},{"line_number":63,"context_line":"* A utility to create Nova admin role in Keystone if Nova admin role"},{"line_number":64,"context_line":"  is not already in Keystone.  This utility also adds Nova admin role"},{"line_number":65,"context_line":"  to context_is_admin in policy.json if not already."},{"line_number":66,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"7aaa499b_fbbe68d3","line":63,"updated":"2015-04-10 22:03:16.000000000","message":"I don\u0027t feel a utility is needed.  Most deployers manually edit the policy.json.  And any new utility should likely come from keystone since it already has a policy API and notion of a centralized policy repository.","commit_id":"15a2abca42c5d2c27370054dfa0a81fc080695a2"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"d3d2026a4979b650cbfbd057a64e1384bda7cb66","unresolved":false,"context_lines":[{"line_number":64,"context_line":"  is not already in Keystone.  This utility also adds Nova admin role"},{"line_number":65,"context_line":"  to context_is_admin in policy.json if not already."},{"line_number":66,"context_line":""},{"line_number":67,"context_line":"* The proposed default role name is ‘nova_admin’."},{"line_number":68,"context_line":""},{"line_number":69,"context_line":"Alternatives"},{"line_number":70,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":4,"id":"7aaa499b_7278cb8f","line":67,"updated":"2015-04-15 08:48:55.000000000","message":"I think the only thing you need to say here is:\n\nRenaming the default nova admin role to \u0027nova_admin\u0027.","commit_id":"15a2abca42c5d2c27370054dfa0a81fc080695a2"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"d3d2026a4979b650cbfbd057a64e1384bda7cb66","unresolved":false,"context_lines":[{"line_number":68,"context_line":""},{"line_number":69,"context_line":"Alternatives"},{"line_number":70,"context_line":"------------"},{"line_number":71,"context_line":""},{"line_number":72,"context_line":"Alternative 1:  A super “admin” manually creates a Nova admin role in"},{"line_number":73,"context_line":"                Keystone and manually adds this Nova admin role to"},{"line_number":74,"context_line":"                context_is_admin in policy.json."}],"source_content_type":"text/x-rst","patch_set":4,"id":"7aaa499b_72868b66","line":71,"updated":"2015-04-15 08:48:55.000000000","message":"Please don\u0027t spend too much time on this section here.\n\nThe alternative is doing nothing and making users go through lots of pain to create specific nova_admin roles.\n\nThis is likely to lead to every distribution of Nova having a different name for that role, so choosing a sensible default in nova makes sense.","commit_id":"15a2abca42c5d2c27370054dfa0a81fc080695a2"},{"author":{"_account_id":6804,"name":"bruce-benjamin","email":"bruce.benjamin@jhuapl.edu","username":"bruce-benjamin"},"change_message_id":"bd5a700d7e5905c2b68e94037ee3933f55b276bf","unresolved":false,"context_lines":[{"line_number":78,"context_line":""},{"line_number":79,"context_line":"Alternative 3:  A utility that creates Nova admin role in Keystone,"},{"line_number":80,"context_line":"                and adds Nova admin role to context_is_admin in"},{"line_number":81,"context_line":"                policy.json."},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"Alternative 4:  Combination of Alternative 2 and 3."},{"line_number":84,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"9aa53dc9_0a46ba4e","line":81,"updated":"2015-04-09 22:07:34.000000000","message":"So is your point in alternative 3 to not have backward compatibility so the existing \"admin\" role won\u0027t work, and not to name the default role as \u0027nova_admin\u0027?  I think this alternative needs a bit more clarification.","commit_id":"15a2abca42c5d2c27370054dfa0a81fc080695a2"},{"author":{"_account_id":11333,"name":"David J Hu","email":"david.hu@hpe.com","username":"dhu"},"change_message_id":"1822bcd5d5b3b85ea889a44fdc6ba31531f4afb3","unresolved":false,"context_lines":[{"line_number":78,"context_line":""},{"line_number":79,"context_line":"Alternative 3:  A utility that creates Nova admin role in Keystone,"},{"line_number":80,"context_line":"                and adds Nova admin role to context_is_admin in"},{"line_number":81,"context_line":"                policy.json."},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"Alternative 4:  Combination of Alternative 2 and 3."},{"line_number":84,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"7aaa499b_88f5d884","line":81,"in_reply_to":"9aa53dc9_0a46ba4e","updated":"2015-04-10 21:21:43.000000000","message":"No.  None of the alternatives is not asking for the removal of existing \"admin\" role nor any other roles already in Nova policy.json.  I can add a clarification in the next patch.","commit_id":"15a2abca42c5d2c27370054dfa0a81fc080695a2"},{"author":{"_account_id":6804,"name":"bruce-benjamin","email":"bruce.benjamin@jhuapl.edu","username":"bruce-benjamin"},"change_message_id":"0345cee0fcc4764a5a073fecf9981037b126f1d8","unresolved":false,"context_lines":[{"line_number":79,"context_line":"Alternative 3:  A utility that creates Nova admin role in Keystone,"},{"line_number":80,"context_line":"                and adds Nova admin role to context_is_admin in"},{"line_number":81,"context_line":"                policy.json."},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"Alternative 4:  Combination of Alternative 2 and 3."},{"line_number":84,"context_line":""},{"line_number":85,"context_line":"Alternative 5:  \u0027compute_admin\u0027 as the default role name."}],"source_content_type":"text/x-rst","patch_set":4,"id":"7aaa499b_bbf7c0f4","line":82,"updated":"2015-04-10 21:52:22.000000000","message":"How exactly does alternative 3 differ from the proposed change?  I can\u0027t tell any difference, given your last comment.  Please include the difference more explicitly.  Thanks.","commit_id":"15a2abca42c5d2c27370054dfa0a81fc080695a2"},{"author":{"_account_id":6802,"name":"Joel Coffman","email":"jmc7tp@gmail.com","username":"joel-coffman"},"change_message_id":"19f960188e3e34a15a4a585e731f2d808df30f7e","unresolved":false,"context_lines":[{"line_number":83,"context_line":"Alternative 4:  Combination of Alternative 2 and 3."},{"line_number":84,"context_line":""},{"line_number":85,"context_line":"Alternative 5:  \u0027compute_admin\u0027 as the default role name."},{"line_number":86,"context_line":""},{"line_number":87,"context_line":""},{"line_number":88,"context_line":"Data model impact"},{"line_number":89,"context_line":"-----------------"}],"source_content_type":"text/x-rst","patch_set":4,"id":"9aa53dc9_4700b034","line":86,"updated":"2015-04-07 15:04:34.000000000","message":"It would be helpful to identify in this section why these alternatives are not as desirable as the proposed approach.","commit_id":"15a2abca42c5d2c27370054dfa0a81fc080695a2"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"d3d2026a4979b650cbfbd057a64e1384bda7cb66","unresolved":false,"context_lines":[{"line_number":139,"context_line":"Other deployer impact"},{"line_number":140,"context_line":"---------------------"},{"line_number":141,"context_line":""},{"line_number":142,"context_line":"None"},{"line_number":143,"context_line":""},{"line_number":144,"context_line":"Other deployer impact"},{"line_number":145,"context_line":"---------------------"}],"source_content_type":"text/x-rst","patch_set":4,"id":"7aaa499b_72620baf","line":142,"updated":"2015-04-15 08:48:55.000000000","message":"You have missed a bit downside of this spec.\n\nExisting users, when they upgrade, will need to add the new role to all their nova users, (or modify the default policy to revert back the the old role)\n\nEither way, this impact should be discussed.","commit_id":"15a2abca42c5d2c27370054dfa0a81fc080695a2"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"d3d2026a4979b650cbfbd057a64e1384bda7cb66","unresolved":false,"context_lines":[{"line_number":141,"context_line":""},{"line_number":142,"context_line":"None"},{"line_number":143,"context_line":""},{"line_number":144,"context_line":"Other deployer impact"},{"line_number":145,"context_line":"---------------------"},{"line_number":146,"context_line":""},{"line_number":147,"context_line":"None"}],"source_content_type":"text/x-rst","patch_set":4,"id":"7aaa499b_d2e8bf12","line":144,"updated":"2015-04-15 08:48:55.000000000","message":"duplicate section, please remove.","commit_id":"15a2abca42c5d2c27370054dfa0a81fc080695a2"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"d3d2026a4979b650cbfbd057a64e1384bda7cb66","unresolved":false,"context_lines":[{"line_number":162,"context_line":"---------------"},{"line_number":163,"context_line":""},{"line_number":164,"context_line":"* Add role:nova_admin to context_as_admin in policy.json"},{"line_number":165,"context_line":"* A script that creates Nova admin role in Keystone, and to"},{"line_number":166,"context_line":"  context_is_admin in policy.json."},{"line_number":167,"context_line":""},{"line_number":168,"context_line":"Dependencies"}],"source_content_type":"text/x-rst","patch_set":4,"id":"7aaa499b_d291df9a","line":165,"updated":"2015-04-15 08:48:55.000000000","message":"Even if we need this, I am not convinced it wants to live in side the Nova code base.\n\nBut, it does sounds like you will need to update devstack, more than anything else?","commit_id":"15a2abca42c5d2c27370054dfa0a81fc080695a2"}]}