)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"1db96bc9bc61cf13281b283d8d58d38e7fa5fc8e","unresolved":false,"context_lines":[{"line_number":5,"context_line":"CommitDate: 2015-04-20 14:32:55 -0700"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Add admin-query-any-keypair.rst"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Change-Id: Idd9b8e97c728127a40fdbefe623d1d8b520f9ed5"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"dac4157f_29822b95","line":8,"updated":"2015-04-20 21:34:42.000000000","message":"Needs the APIImpact tag brotha!\n\nThrow the bp link in here also.","commit_id":"4e5aa2cfa2a28868296ffc85bce9e2f241c2892a"}],"specs/liberty/approved/admin-query-any-keypair.rst":[{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"1db96bc9bc61cf13281b283d8d58d38e7fa5fc8e","unresolved":false,"context_lines":[{"line_number":82,"context_line":""},{"line_number":83,"context_line":"Request:"},{"line_number":84,"context_line":""},{"line_number":85,"context_line":"GET http://127.0.0.1:8774/v2.1/e0c1f4c0b9444fa086fa13881798144f/os-keypairs?user_id\u003dfoo"},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"* There should not be any impacts to policy.json files for this change"},{"line_number":88,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"dac4157f_092d27a7","line":85,"updated":"2015-04-20 21:34:42.000000000","message":"nit: there will be a need for a X-OpenStack-Nova-API-Version header here right?","commit_id":"4e5aa2cfa2a28868296ffc85bce9e2f241c2892a"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"e15725d4b880da1521600d28331fe7acd673f96a","unresolved":false,"context_lines":[{"line_number":82,"context_line":""},{"line_number":83,"context_line":"Request:"},{"line_number":84,"context_line":""},{"line_number":85,"context_line":"GET http://127.0.0.1:8774/v2.1/e0c1f4c0b9444fa086fa13881798144f/os-keypairs?user_id\u003dfoo"},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"* There should not be any impacts to policy.json files for this change"},{"line_number":88,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"dac4157f_f731aeed","line":85,"in_reply_to":"dac4157f_092d27a7","updated":"2015-04-20 22:06:23.000000000","message":"There always is going forward. Is that something we always need to specify here? Should be obvious/implied given that this is a microversion change, right?","commit_id":"4e5aa2cfa2a28868296ffc85bce9e2f241c2892a"},{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"1db96bc9bc61cf13281b283d8d58d38e7fa5fc8e","unresolved":false,"context_lines":[{"line_number":146,"context_line":"Testing"},{"line_number":147,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":148,"context_line":""},{"line_number":149,"context_line":"Unit tests are sufficient for this extremely simple change."},{"line_number":150,"context_line":""},{"line_number":151,"context_line":"Documentation Impact"},{"line_number":152,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":1,"id":"dac4157f_8c0ee532","line":149,"updated":"2015-04-20 21:34:42.000000000","message":"We should have a negative functional test in tree where a non-admin tries to get a keypair for a given user.  Maybe that can fall under a unit test in the API sub-tree though.  sdague has been adding more negative testing in the nova/tests/functional stuff now since we\u0027re not supposed to test negative scenarios in the API samples tests.","commit_id":"4e5aa2cfa2a28868296ffc85bce9e2f241c2892a"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"e15725d4b880da1521600d28331fe7acd673f96a","unresolved":false,"context_lines":[{"line_number":146,"context_line":"Testing"},{"line_number":147,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":148,"context_line":""},{"line_number":149,"context_line":"Unit tests are sufficient for this extremely simple change."},{"line_number":150,"context_line":""},{"line_number":151,"context_line":"Documentation Impact"},{"line_number":152,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":1,"id":"dac4157f_775c7e25","line":149,"in_reply_to":"dac4157f_8c0ee532","updated":"2015-04-20 22:06:23.000000000","message":"This is trivial to do in unit tests I think (see the patch). This is so amazingly simple of a change, that I think spinning up a full functional environment is probably not worth it. But, if others want it, I\u0027ll do it :)","commit_id":"4e5aa2cfa2a28868296ffc85bce9e2f241c2892a"},{"author":{"_account_id":5754,"name":"Alex Xu","email":"hejie.xu@intel.com","username":"xuhj"},"change_message_id":"d56c48cec3dd2d08c8a4dfd1f2dab0eb54f03f90","unresolved":false,"context_lines":[{"line_number":23,"context_line":"----------"},{"line_number":24,"context_line":""},{"line_number":25,"context_line":"As the admin of an openstack cluster I need to see what keypairs a"},{"line_number":26,"context_line":"user has."},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"Project Priority"},{"line_number":29,"context_line":"-----------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"dac4157f_ff0f052c","line":26,"updated":"2015-04-22 08:37:25.000000000","message":"Looks like worth to paste the use-case in the bug report at here.\n\nThis feature is useful for two reasons:\n1. You can attach someone else\u0027s keypair to a VM, allowing them to login.\n2. An administrator can query for keypairs.","commit_id":"cfe55e6533c6aecfe082dd83e93ccc5dbc4739d0"},{"author":{"_account_id":5754,"name":"Alex Xu","email":"hejie.xu@intel.com","username":"xuhj"},"change_message_id":"d56c48cec3dd2d08c8a4dfd1f2dab0eb54f03f90","unresolved":false,"context_lines":[{"line_number":41,"context_line":""},{"line_number":42,"context_line":"After this change, admins would be able to do this:"},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"  GET /os-keypairs/?user_id\u003dfoobar"},{"line_number":45,"context_line":""},{"line_number":46,"context_line":"Alternatives"},{"line_number":47,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"dac4157f_ff3dc5bb","line":44,"updated":"2015-04-22 08:37:25.000000000","message":"nit, there is extra \u0027/\u0027 before query string. I test with the extra \u0027/\u0027 will return 404...","commit_id":"cfe55e6533c6aecfe082dd83e93ccc5dbc4739d0"},{"author":{"_account_id":5754,"name":"Alex Xu","email":"hejie.xu@intel.com","username":"xuhj"},"change_message_id":"d56c48cec3dd2d08c8a4dfd1f2dab0eb54f03f90","unresolved":false,"context_lines":[{"line_number":85,"context_line":""},{"line_number":86,"context_line":"GET http://127.0.0.1:8774/v2.1/e0c1f4c0b9444fa086fa13881798144f/os-keypairs?user_id\u003dfoo"},{"line_number":87,"context_line":""},{"line_number":88,"context_line":"* There should not be any impacts to policy.json files for this change"},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"Security impact"},{"line_number":91,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"dac4157f_d4e1c89b","line":88,"updated":"2015-04-22 08:37:25.000000000","message":"Actually there is plan to clean up hard-code permission for keypair db call, I  work out it today https://review.openstack.org/#/c/176231/\n\nThen we can make this permission is configurable by policy.json.\n\nWe need provide target when policy enforcement at https://github.com/openstack/nova/blob/master/nova/api/openstack/compute/plugins/v3/keypairs.py#L188\n\nThe code will looks like as below:\n\nuser_id \u003d req.params.get(\u0027user_id\u0027)\n\nauthorize(context, action\u003d\u0027index\u0027, target\u003d{\u0027user_id\u0027: user_id if user_id else context.user_id})\n\nThen the default policy rule will be:\n\n\"os_compute_api:keypairs:index\": \"role:admin or user_id:%(user_id)s\"\n\nThe above rule means the user owner or admin can access the keypair index api. That match the goal of this spec, and provide chance to operator config as requirement.","commit_id":"cfe55e6533c6aecfe082dd83e93ccc5dbc4739d0"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"ee1641e00c94511903ed264b62cc6cdae9a7576e","unresolved":false,"context_lines":[{"line_number":85,"context_line":""},{"line_number":86,"context_line":"GET http://127.0.0.1:8774/v2.1/e0c1f4c0b9444fa086fa13881798144f/os-keypairs?user_id\u003dfoo"},{"line_number":87,"context_line":""},{"line_number":88,"context_line":"* There should not be any impacts to policy.json files for this change"},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"Security impact"},{"line_number":91,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"dac4157f_8c18d776","line":88,"in_reply_to":"dac4157f_d4e1c89b","updated":"2015-04-22 13:43:47.000000000","message":"Yeah, the code was originally written by someone else, and before this effort really got underway I think. I\u0027ll change this to be more in line with the current way, thanks.","commit_id":"cfe55e6533c6aecfe082dd83e93ccc5dbc4739d0"},{"author":{"_account_id":5754,"name":"Alex Xu","email":"hejie.xu@intel.com","username":"xuhj"},"change_message_id":"d56c48cec3dd2d08c8a4dfd1f2dab0eb54f03f90","unresolved":false,"context_lines":[{"line_number":147,"context_line":"Testing"},{"line_number":148,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":149,"context_line":""},{"line_number":150,"context_line":"Unit tests are sufficient for this extremely simple change."},{"line_number":151,"context_line":""},{"line_number":152,"context_line":"Documentation Impact"},{"line_number":153,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":3,"id":"dac4157f_dfe8c112","line":150,"updated":"2015-04-22 08:37:25.000000000","message":"Also need api sample tests.","commit_id":"cfe55e6533c6aecfe082dd83e93ccc5dbc4739d0"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"ee1641e00c94511903ed264b62cc6cdae9a7576e","unresolved":false,"context_lines":[{"line_number":147,"context_line":"Testing"},{"line_number":148,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":149,"context_line":""},{"line_number":150,"context_line":"Unit tests are sufficient for this extremely simple change."},{"line_number":151,"context_line":""},{"line_number":152,"context_line":"Documentation Impact"},{"line_number":153,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":3,"id":"dac4157f_ecb19348","line":150,"in_reply_to":"dac4157f_dfe8c112","updated":"2015-04-22 13:43:47.000000000","message":"We do? For a param change like this? The sample tests all just check input and output, which is unchanged by this patch. Are you saying we expect people to have another api sample case for something like this that just verifies the output is still the same?","commit_id":"cfe55e6533c6aecfe082dd83e93ccc5dbc4739d0"},{"author":{"_account_id":6062,"name":"jichenjc","email":"jichenjc@cn.ibm.com","username":"jichenjc"},"change_message_id":"c4d5175a855dc54e60e6856b4785f9fcae853460","unresolved":false,"context_lines":[{"line_number":27,"context_line":""},{"line_number":28,"context_line":"As someone with this permission, I want to be able to create an"},{"line_number":29,"context_line":"instance with someone else\u0027s keypair assigned so that they can log"},{"line_number":30,"context_line":"into it."},{"line_number":31,"context_line":""},{"line_number":32,"context_line":"Project Priority"},{"line_number":33,"context_line":"-----------------"}],"source_content_type":"text/x-rst","patch_set":5,"id":"bab921fb_a8b715d7","line":30,"updated":"2015-04-24 16:39:41.000000000","message":"here","commit_id":"72bd7885c5cb1649e587ccbe3280c65ae9225c97"},{"author":{"_account_id":6062,"name":"jichenjc","email":"jichenjc@cn.ibm.com","username":"jichenjc"},"change_message_id":"5a580580f461906996421a26a9d8c90b79822afc","unresolved":false,"context_lines":[{"line_number":75,"context_line":""},{"line_number":76,"context_line":"    * 403: If the user is not an admin"},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"  * ``/v2.1/ {tenant_id} /os-keypairs?user_id\u003d {user_id}``"},{"line_number":79,"context_line":""},{"line_number":80,"context_line":"  * Parameters which can be passed via the url: The alternate user id"},{"line_number":81,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"bab921fb_8c038973","line":78,"updated":"2015-04-23 17:01:20.000000000","message":"should this also be mentioned ?\n/v2.1/keypairs/​{keypair_name}​","commit_id":"72bd7885c5cb1649e587ccbe3280c65ae9225c97"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"4eb3afbb2c7f86c7d9eda8f771bfd6147318ea23","unresolved":false,"context_lines":[{"line_number":75,"context_line":""},{"line_number":76,"context_line":"    * 403: If the user is not an admin"},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"  * ``/v2.1/ {tenant_id} /os-keypairs?user_id\u003d {user_id}``"},{"line_number":79,"context_line":""},{"line_number":80,"context_line":"  * Parameters which can be passed via the url: The alternate user id"},{"line_number":81,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"bab921fb_8f493b8e","line":78,"in_reply_to":"bab921fb_8c038973","updated":"2015-04-23 17:22:23.000000000","message":"No because that\u0027s not part of the change currently.","commit_id":"72bd7885c5cb1649e587ccbe3280c65ae9225c97"},{"author":{"_account_id":6062,"name":"jichenjc","email":"jichenjc@cn.ibm.com","username":"jichenjc"},"change_message_id":"5a580580f461906996421a26a9d8c90b79822afc","unresolved":false,"context_lines":[{"line_number":91,"context_line":""},{"line_number":92,"context_line":"* This will add a new policy element of"},{"line_number":93,"context_line":"  ``\"os_compute_api:keypairs:index\" : \"role:admin or"},{"line_number":94,"context_line":"  user_id\u003d%(user_id)s\"``"},{"line_number":95,"context_line":"  which will allow assigning this permission."},{"line_number":96,"context_line":""},{"line_number":97,"context_line":"Security impact"}],"source_content_type":"text/x-rst","patch_set":5,"id":"bab921fb_ecd32537","line":94,"updated":"2015-04-23 17:01:20.000000000","message":"how about a \u0027show\u0027 here?","commit_id":"72bd7885c5cb1649e587ccbe3280c65ae9225c97"},{"author":{"_account_id":5754,"name":"Alex Xu","email":"hejie.xu@intel.com","username":"xuhj"},"change_message_id":"118a23b4be67513bcfa45a06cf63591c82d293fd","unresolved":false,"context_lines":[{"line_number":91,"context_line":""},{"line_number":92,"context_line":"* This will add a new policy element of"},{"line_number":93,"context_line":"  ``\"os_compute_api:keypairs:index\" : \"role:admin or"},{"line_number":94,"context_line":"  user_id\u003d%(user_id)s\"``"},{"line_number":95,"context_line":"  which will allow assigning this permission."},{"line_number":96,"context_line":""},{"line_number":97,"context_line":"Security impact"}],"source_content_type":"text/x-rst","patch_set":5,"id":"bab921fb_44915af0","line":94,"updated":"2015-04-25 11:01:23.000000000","message":"nit, this should be my fault, the rule should be \"is_admin:True or user_id:%(user_id)s\"\n\nThere is rule for define what role can be admin: \"context_is_admin\":  \"role:admin\",\n\nso we shouldn\u0027t use \"role:admin\" directly. That make the admin role un-configurable.","commit_id":"72bd7885c5cb1649e587ccbe3280c65ae9225c97"},{"author":{"_account_id":6062,"name":"jichenjc","email":"jichenjc@cn.ibm.com","username":"jichenjc"},"change_message_id":"5a580580f461906996421a26a9d8c90b79822afc","unresolved":false,"context_lines":[{"line_number":143,"context_line":"----------"},{"line_number":144,"context_line":""},{"line_number":145,"context_line":"* Add a new microversion and make os-keypairs honor the user_id query"},{"line_number":146,"context_line":"  parameter"},{"line_number":147,"context_line":""},{"line_number":148,"context_line":""},{"line_number":149,"context_line":"Dependencies"}],"source_content_type":"text/x-rst","patch_set":5,"id":"bab921fb_6cb03544","line":146,"updated":"2015-04-23 17:01:20.000000000","message":"do we need microversion? \nseems this is not backward incompatible","commit_id":"72bd7885c5cb1649e587ccbe3280c65ae9225c97"},{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"31849b3e72d3246f168f7cb41e75355795104bb3","unresolved":false,"context_lines":[{"line_number":143,"context_line":"----------"},{"line_number":144,"context_line":""},{"line_number":145,"context_line":"* Add a new microversion and make os-keypairs honor the user_id query"},{"line_number":146,"context_line":"  parameter"},{"line_number":147,"context_line":""},{"line_number":148,"context_line":""},{"line_number":149,"context_line":"Dependencies"}],"source_content_type":"text/x-rst","patch_set":5,"id":"bab921fb_d79b0871","line":146,"in_reply_to":"bab921fb_06baad23","updated":"2015-04-24 15:39:21.000000000","message":"jichenjc, this might help clarify microversions:\n\nhttp://docs.openstack.org/developer/nova/devref/api_microversions.html\n\nAs for v2 API, in the past you could add new functionality with new extensions and then the main API extension would see if those are loaded and if they are then you can return more data w/o breaking backward compatibility.  But we\u0027re not adding new features to the v2 API like that now, we\u0027re using microversions with v2.1.  Don\u0027t get hung up on the actual \"2.1\" version in v2.1, it\u0027s just loosely used for the v3 code path within nova and how we add microversions.\n\nThe version on this change would actually be something like v2.4 or higher.\n\nSee https://review.openstack.org/#/c/168966/ as an example.","commit_id":"72bd7885c5cb1649e587ccbe3280c65ae9225c97"},{"author":{"_account_id":6062,"name":"jichenjc","email":"jichenjc@cn.ibm.com","username":"jichenjc"},"change_message_id":"5a7c80a43a1f349d48d70e0717ee25f9ebf7d8ea","unresolved":false,"context_lines":[{"line_number":143,"context_line":"----------"},{"line_number":144,"context_line":""},{"line_number":145,"context_line":"* Add a new microversion and make os-keypairs honor the user_id query"},{"line_number":146,"context_line":"  parameter"},{"line_number":147,"context_line":""},{"line_number":148,"context_line":""},{"line_number":149,"context_line":"Dependencies"}],"source_content_type":"text/x-rst","patch_set":5,"id":"bab921fb_06baad23","line":146,"in_reply_to":"bab921fb_0f564b29","updated":"2015-04-23 19:46:32.000000000","message":"ok, I thought v2 we can\u0027t make incompatible change\nbut we can add this kind of options \n\nso after v2.1 if the change is incompatible , we need microversion\n, otherwise we may follow v2 rules","commit_id":"72bd7885c5cb1649e587ccbe3280c65ae9225c97"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"4eb3afbb2c7f86c7d9eda8f771bfd6147318ea23","unresolved":false,"context_lines":[{"line_number":143,"context_line":"----------"},{"line_number":144,"context_line":""},{"line_number":145,"context_line":"* Add a new microversion and make os-keypairs honor the user_id query"},{"line_number":146,"context_line":"  parameter"},{"line_number":147,"context_line":""},{"line_number":148,"context_line":""},{"line_number":149,"context_line":"Dependencies"}],"source_content_type":"text/x-rst","patch_set":5,"id":"bab921fb_0f564b29","line":146,"in_reply_to":"bab921fb_6cb03544","updated":"2015-04-23 17:22:23.000000000","message":"Yes we do, otherwise clients won\u0027t know if they can make the request or not.","commit_id":"72bd7885c5cb1649e587ccbe3280c65ae9225c97"},{"author":{"_account_id":6062,"name":"jichenjc","email":"jichenjc@cn.ibm.com","username":"jichenjc"},"change_message_id":"c4d5175a855dc54e60e6856b4785f9fcae853460","unresolved":false,"context_lines":[{"line_number":143,"context_line":"----------"},{"line_number":144,"context_line":""},{"line_number":145,"context_line":"* Add a new microversion and make os-keypairs honor the user_id query"},{"line_number":146,"context_line":"  parameter"},{"line_number":147,"context_line":""},{"line_number":148,"context_line":""},{"line_number":149,"context_line":"Dependencies"}],"source_content_type":"text/x-rst","patch_set":5,"id":"bab921fb_a8895528","line":146,"in_reply_to":"bab921fb_d79b0871","updated":"2015-04-24 16:39:41.000000000","message":"ok, that make sense , I will change my bp and consider the info here, thanks","commit_id":"72bd7885c5cb1649e587ccbe3280c65ae9225c97"},{"author":{"_account_id":6062,"name":"jichenjc","email":"jichenjc@cn.ibm.com","username":"jichenjc"},"change_message_id":"5a7c80a43a1f349d48d70e0717ee25f9ebf7d8ea","unresolved":false,"context_lines":[{"line_number":144,"context_line":""},{"line_number":145,"context_line":"* Add a new microversion and make os-keypairs honor the user_id query"},{"line_number":146,"context_line":"  parameter"},{"line_number":147,"context_line":""},{"line_number":148,"context_line":""},{"line_number":149,"context_line":"Dependencies"},{"line_number":150,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":5,"id":"bab921fb_833b4feb","line":147,"updated":"2015-04-23 19:46:32.000000000","message":"I doubt whether this will work\n\nlooks like we will filter the key pair with the context\u0027s id\nso the user will be different and we can\u0027t find the key pair\nwithout change the db layer code, maybe this need to be mentioned though it\u0027s a implementation detail\n\n2707 def key_pair_get(context, user_id, name):\n2708     nova.context.authorize_user_context(context, user_id)\n2709     result \u003d model_query(context, models.KeyPair).\\\n2710                      filter_by(user_id\u003duser_id).\\\n2711                      filter_by(name\u003dname).\\\n2712                      first()\n\nalso, seems key name can be duplicate for different user , whether we can use others key name is a problem","commit_id":"72bd7885c5cb1649e587ccbe3280c65ae9225c97"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"edccd38d2fa57047456275f80d9e6efe471bc5bf","unresolved":false,"context_lines":[{"line_number":144,"context_line":""},{"line_number":145,"context_line":"* Add a new microversion and make os-keypairs honor the user_id query"},{"line_number":146,"context_line":"  parameter"},{"line_number":147,"context_line":""},{"line_number":148,"context_line":""},{"line_number":149,"context_line":"Dependencies"},{"line_number":150,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":5,"id":"bab921fb_42428669","line":147,"in_reply_to":"bab921fb_68b1fde0","updated":"2015-04-24 23:54:37.000000000","message":"Hmm, you might be right about that. I added that because Alex mentioned that it would be a handy use of it. At the end of the day, the listing of them from an admin\u0027s perspective is the important part. Sounds like maybe we should just make the show policy honor this flag as well, and maybe just clean up the keypair_get bits to support other userids.","commit_id":"72bd7885c5cb1649e587ccbe3280c65ae9225c97"},{"author":{"_account_id":6062,"name":"jichenjc","email":"jichenjc@cn.ibm.com","username":"jichenjc"},"change_message_id":"c4d5175a855dc54e60e6856b4785f9fcae853460","unresolved":false,"context_lines":[{"line_number":144,"context_line":""},{"line_number":145,"context_line":"* Add a new microversion and make os-keypairs honor the user_id query"},{"line_number":146,"context_line":"  parameter"},{"line_number":147,"context_line":""},{"line_number":148,"context_line":""},{"line_number":149,"context_line":"Dependencies"},{"line_number":150,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":5,"id":"bab921fb_68b1fde0","line":147,"in_reply_to":"bab921fb_77f43cf1","updated":"2015-04-24 16:39:41.000000000","message":"ok, I think I am out of scope here \nbut considering we offer a public key to other user\nI don\u0027t think it will make the deploy successful with the key that created by other user which you described at line 30","commit_id":"72bd7885c5cb1649e587ccbe3280c65ae9225c97"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"cabec44121265eb14fb60379223f213469a83569","unresolved":false,"context_lines":[{"line_number":144,"context_line":""},{"line_number":145,"context_line":"* Add a new microversion and make os-keypairs honor the user_id query"},{"line_number":146,"context_line":"  parameter"},{"line_number":147,"context_line":""},{"line_number":148,"context_line":""},{"line_number":149,"context_line":"Dependencies"},{"line_number":150,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":5,"id":"bab921fb_77f43cf1","line":147,"in_reply_to":"bab921fb_833b4feb","updated":"2015-04-24 15:33:25.000000000","message":"I\u0027m confused about what you\u0027re saying here. We\u0027re not talking about merging the lists, we\u0027re talking about just showing the list for the specified user. That works exactly as it does today.","commit_id":"72bd7885c5cb1649e587ccbe3280c65ae9225c97"},{"author":{"_account_id":5754,"name":"Alex Xu","email":"hejie.xu@intel.com","username":"xuhj"},"change_message_id":"118a23b4be67513bcfa45a06cf63591c82d293fd","unresolved":false,"context_lines":[{"line_number":157,"context_line":"Unit tests are sufficient to verify this functionality, as it is"},{"line_number":158,"context_line":"extremely simple. API samples tests can be added to make sure that the"},{"line_number":159,"context_line":"output of the list call does not differ when a user_id parameter is"},{"line_number":160,"context_line":"passed."},{"line_number":161,"context_line":""},{"line_number":162,"context_line":"Documentation Impact"},{"line_number":163,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":5,"id":"bab921fb_c7068c1b","line":160,"updated":"2015-04-25 11:01:23.000000000","message":"FYI, There is similar case we add sample tests to test some parameter. Although the output is no different. https://github.com/openstack/nova/blob/master/nova/tests/functional/v3/test_quota_sets.py#L55\n\nWe definitely found some bug when we test the whole stack before, which unittest didn\u0027t found out.","commit_id":"72bd7885c5cb1649e587ccbe3280c65ae9225c97"},{"author":{"_account_id":5441,"name":"Andrew Laski","email":"andrew@lascii.com","username":"alaski"},"change_message_id":"ebcb9cee45bea00fa6911f40c7fbfc9e7b12c1e5","unresolved":false,"context_lines":[{"line_number":47,"context_line":"After this change, admins would be able to do this:"},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"  GET /os-keypairs?user_id\u003dfoobar"},{"line_number":50,"context_line":"  GET /os-keypairs/bob?user_id\u003dfoobar"},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"Alternatives"},{"line_number":53,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3acd31a7_f232610f","line":50,"updated":"2015-05-05 21:43:56.000000000","message":"This is a bit awkward.  I would expect to see the user_id in the URL similar to how project_id is there now for server operations.  This would be getting into what\u0027s described in \"Alternatives\".\n\nI\u0027m not overly against this as a current solution and we could add a /keypairs endpoint later if necessary.  Just pointing out that it\u0027s awkward.","commit_id":"63cdf9fe458f9e60d1cf7cb9e6d95616bed0f0ea"},{"author":{"_account_id":5441,"name":"Andrew Laski","email":"andrew@lascii.com","username":"alaski"},"change_message_id":"7808bcc7c4d9f08d95e07afb212d391a500f9243","unresolved":false,"context_lines":[{"line_number":47,"context_line":"After this change, admins would be able to do this:"},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"  GET /os-keypairs?user_id\u003dfoobar"},{"line_number":50,"context_line":"  GET /os-keypairs/bob?user_id\u003dfoobar"},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"Alternatives"},{"line_number":53,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"1aca2d91_cf773c01","line":50,"in_reply_to":"1aca2d91_270cab93","updated":"2015-05-06 21:23:11.000000000","message":"I don\u0027t think it\u0027s worth doing that to get this functionality.  Just that it differs from how we scope elsewhere.\n\nThe admin case is interesting because the way keypairs are looked up now uses an implicit scoping on the user_id with no way to pass that in.  I think addressing that is going to involve modifying the surface or semantics of the boot api, not this one.","commit_id":"63cdf9fe458f9e60d1cf7cb9e6d95616bed0f0ea"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"e3d6a519b6f445c8419092b8b93ae6508de9e607","unresolved":false,"context_lines":[{"line_number":47,"context_line":"After this change, admins would be able to do this:"},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"  GET /os-keypairs?user_id\u003dfoobar"},{"line_number":50,"context_line":"  GET /os-keypairs/bob?user_id\u003dfoobar"},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"Alternatives"},{"line_number":53,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"1aca2d91_270cab93","line":50,"in_reply_to":"3acd31a7_f232610f","updated":"2015-05-06 14:28:53.000000000","message":"This is the mechanism taken by the patch I inherited to do this. As a query parameter, this doesn\u0027t seem that bad, although maybe it would be more consistent to have it in the path.\n\nAre you saying you think that it\u0027s worth doing all that to get this functionality? The comment recently about wanting admins to be able to install keys for users might justify it...","commit_id":"63cdf9fe458f9e60d1cf7cb9e6d95616bed0f0ea"},{"author":{"_account_id":5441,"name":"Andrew Laski","email":"andrew@lascii.com","username":"alaski"},"change_message_id":"ebcb9cee45bea00fa6911f40c7fbfc9e7b12c1e5","unresolved":false,"context_lines":[{"line_number":75,"context_line":""},{"line_number":76,"context_line":"  * Expected error http response code(s)"},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"    * 403: If the user is not an admin"},{"line_number":79,"context_line":""},{"line_number":80,"context_line":"  * ``/v2.1/ {tenant_id} /os-keypairs?user_id\u003d {user_id}``"},{"line_number":81,"context_line":"  * ``/v2.1/ {tenant_id} /os-keypairs/ {keypair_name}?user_id\u003d {user_id}``"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3acd31a7_12e03d95","line":78,"updated":"2015-05-05 21:43:56.000000000","message":"The user wouldn\u0027t necessarily need to be an admin, just pass whatever policy check is in place.  Though it would default to admin.","commit_id":"63cdf9fe458f9e60d1cf7cb9e6d95616bed0f0ea"},{"author":{"_account_id":5441,"name":"Andrew Laski","email":"andrew@lascii.com","username":"alaski"},"change_message_id":"ebcb9cee45bea00fa6911f40c7fbfc9e7b12c1e5","unresolved":false,"context_lines":[{"line_number":78,"context_line":"    * 403: If the user is not an admin"},{"line_number":79,"context_line":""},{"line_number":80,"context_line":"  * ``/v2.1/ {tenant_id} /os-keypairs?user_id\u003d {user_id}``"},{"line_number":81,"context_line":"  * ``/v2.1/ {tenant_id} /os-keypairs/ {keypair_name}?user_id\u003d {user_id}``"},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"  * Parameters which can be passed via the url: The alternate user id"},{"line_number":84,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"3acd31a7_d23765fd","line":81,"range":{"start_line":81,"start_character":38,"end_line":81,"end_character":39},"updated":"2015-05-05 21:43:56.000000000","message":"Any reason for the space?","commit_id":"63cdf9fe458f9e60d1cf7cb9e6d95616bed0f0ea"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"e3d6a519b6f445c8419092b8b93ae6508de9e607","unresolved":false,"context_lines":[{"line_number":78,"context_line":"    * 403: If the user is not an admin"},{"line_number":79,"context_line":""},{"line_number":80,"context_line":"  * ``/v2.1/ {tenant_id} /os-keypairs?user_id\u003d {user_id}``"},{"line_number":81,"context_line":"  * ``/v2.1/ {tenant_id} /os-keypairs/ {keypair_name}?user_id\u003d {user_id}``"},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"  * Parameters which can be passed via the url: The alternate user id"},{"line_number":84,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"1aca2d91_e7d113fd","line":81,"range":{"start_line":81,"start_character":38,"end_line":81,"end_character":39},"in_reply_to":"3acd31a7_d23765fd","updated":"2015-05-06 14:28:53.000000000","message":"I was copying another spec that had them around inline params. I\u0027ll try without.","commit_id":"63cdf9fe458f9e60d1cf7cb9e6d95616bed0f0ea"},{"author":{"_account_id":12175,"name":"Eli Qiao","email":"qiaoliyong@gmail.com","username":"Eli"},"change_message_id":"92376041434f248b1914cfd3a2a7299c3301ea59","unresolved":false,"context_lines":[{"line_number":93,"context_line":"GET http://127.0.0.1:8774/v2.1/e0c1f4c0b9444fa086fa13881798144f/os-keypairs?user_id\u003dfoo"},{"line_number":94,"context_line":""},{"line_number":95,"context_line":"* This will add new policy elements of"},{"line_number":96,"context_line":"  ``\"os_compute_api:keypairs:index\" : \"is_admin:True or user_id\u003d%(user_id)s\"``"},{"line_number":97,"context_line":"  and"},{"line_number":98,"context_line":"  ``\"os_compute_api:keypairs:show\" : \"is_admin:True or user_id\u003d%(user_id)s\"``"},{"line_number":99,"context_line":"  which will allow assigning this permission."}],"source_content_type":"text/x-rst","patch_set":6,"id":"3acd31a7_bbb68f3b","line":96,"updated":"2015-04-30 08:13:15.000000000","message":"Dan,\nI think this is a typo?\ns/keypairs/os-keypairs","commit_id":"63cdf9fe458f9e60d1cf7cb9e6d95616bed0f0ea"},{"author":{"_account_id":5754,"name":"Alex Xu","email":"hejie.xu@intel.com","username":"xuhj"},"change_message_id":"fc8e7dd291c84fd41a85f52aadfe717e7a181d41","unresolved":false,"context_lines":[{"line_number":93,"context_line":"GET http://127.0.0.1:8774/v2.1/e0c1f4c0b9444fa086fa13881798144f/os-keypairs?user_id\u003dfoo"},{"line_number":94,"context_line":""},{"line_number":95,"context_line":"* This will add new policy elements of"},{"line_number":96,"context_line":"  ``\"os_compute_api:keypairs:index\" : \"is_admin:True or user_id\u003d%(user_id)s\"``"},{"line_number":97,"context_line":"  and"},{"line_number":98,"context_line":"  ``\"os_compute_api:keypairs:show\" : \"is_admin:True or user_id\u003d%(user_id)s\"``"},{"line_number":99,"context_line":"  which will allow assigning this permission."}],"source_content_type":"text/x-rst","patch_set":6,"id":"3acd31a7_f68638da","line":96,"in_reply_to":"3acd31a7_84b000f6","updated":"2015-05-01 04:34:15.000000000","message":"yea Eli was right, thanks Eli.\n\nSorry for I didn\u0027t found that...and that start from my comment at patchset 3.\n\nV2.1 use os-keypairs, as at https://github.com/openstack/nova/blob/master/etc/nova/policy.json#L297","commit_id":"63cdf9fe458f9e60d1cf7cb9e6d95616bed0f0ea"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"e6d7f5ae8cc0763bfc6187f339aca1d4d925ac4f","unresolved":false,"context_lines":[{"line_number":93,"context_line":"GET http://127.0.0.1:8774/v2.1/e0c1f4c0b9444fa086fa13881798144f/os-keypairs?user_id\u003dfoo"},{"line_number":94,"context_line":""},{"line_number":95,"context_line":"* This will add new policy elements of"},{"line_number":96,"context_line":"  ``\"os_compute_api:keypairs:index\" : \"is_admin:True or user_id\u003d%(user_id)s\"``"},{"line_number":97,"context_line":"  and"},{"line_number":98,"context_line":"  ``\"os_compute_api:keypairs:show\" : \"is_admin:True or user_id\u003d%(user_id)s\"``"},{"line_number":99,"context_line":"  which will allow assigning this permission."}],"source_content_type":"text/x-rst","patch_set":6,"id":"3acd31a7_84b000f6","line":96,"in_reply_to":"3acd31a7_bbb68f3b","updated":"2015-04-30 16:36:03.000000000","message":"I don\u0027t think so... Alex?","commit_id":"63cdf9fe458f9e60d1cf7cb9e6d95616bed0f0ea"},{"author":{"_account_id":12175,"name":"Eli Qiao","email":"qiaoliyong@gmail.com","username":"Eli"},"change_message_id":"92376041434f248b1914cfd3a2a7299c3301ea59","unresolved":false,"context_lines":[{"line_number":95,"context_line":"* This will add new policy elements of"},{"line_number":96,"context_line":"  ``\"os_compute_api:keypairs:index\" : \"is_admin:True or user_id\u003d%(user_id)s\"``"},{"line_number":97,"context_line":"  and"},{"line_number":98,"context_line":"  ``\"os_compute_api:keypairs:show\" : \"is_admin:True or user_id\u003d%(user_id)s\"``"},{"line_number":99,"context_line":"  which will allow assigning this permission."},{"line_number":100,"context_line":""},{"line_number":101,"context_line":"Security impact"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3acd31a7_9b82b351","line":98,"updated":"2015-04-30 08:13:15.000000000","message":"ditto","commit_id":"63cdf9fe458f9e60d1cf7cb9e6d95616bed0f0ea"},{"author":{"_account_id":5441,"name":"Andrew Laski","email":"andrew@lascii.com","username":"alaski"},"change_message_id":"ebcb9cee45bea00fa6911f40c7fbfc9e7b12c1e5","unresolved":false,"context_lines":[{"line_number":101,"context_line":"Security impact"},{"line_number":102,"context_line":"---------------"},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"Admin users will be able to see the public keys of other"},{"line_number":105,"context_line":"users. However, these are generally regarded as material suitable for"},{"line_number":106,"context_line":"public viewing anyway."},{"line_number":107,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"3acd31a7_d21e456f","line":104,"updated":"2015-05-05 21:43:56.000000000","message":"s/Admin/Users with policy permission/","commit_id":"63cdf9fe458f9e60d1cf7cb9e6d95616bed0f0ea"},{"author":{"_account_id":7730,"name":"Sahid Orentino Ferdjaoui","email":"sahid.ferdjaoui@industrialdiscipline.com","username":"sahid"},"change_message_id":"00fbbb4fb0b17114b7aceacab3ababe3d55e5e5d","unresolved":false,"context_lines":[{"line_number":46,"context_line":""},{"line_number":47,"context_line":"After this change, admins would be able to do this:"},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"  GET /os-keypairs?user_id\u003dfoobar"},{"line_number":50,"context_line":"  GET /os-keypairs/bob?user_id\u003dfoobar"},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"Alternatives"}],"source_content_type":"text/x-rst","patch_set":8,"id":"3acd31a7_78de6b40","line":49,"updated":"2015-05-04 13:34:28.000000000","message":"Can this be extended by tenant_id? Operator can want to list of available keys for a tenant.","commit_id":"a44a1e62cf69aed8b2dbb12c3969103da234d4f1"},{"author":{"_account_id":2271,"name":"Michael Still","email":"mikal@stillhq.com","username":"mikalstill"},"change_message_id":"4f1f91ab3cee37a68b3d49d50c324f3ab70bf797","unresolved":false,"context_lines":[{"line_number":47,"context_line":"After this change, admins would be able to do this:"},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"  GET /os-keypairs?user_id\u003dfoobar"},{"line_number":50,"context_line":"  GET /os-keypairs/bob?user_id\u003dfoobar"},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"Alternatives"},{"line_number":53,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":8,"id":"3acd31a7_a71ced77","line":50,"updated":"2015-05-04 04:13:44.000000000","message":"So here we\u0027re showing the keys for bob yes? Why don\u0027t we need the second user id at all? Isn\u0027t it in the request context?","commit_id":"a44a1e62cf69aed8b2dbb12c3969103da234d4f1"},{"author":{"_account_id":5754,"name":"Alex Xu","email":"hejie.xu@intel.com","username":"xuhj"},"change_message_id":"ef6df181b576551613ee4f85f1a3d209a177813b","unresolved":false,"context_lines":[{"line_number":47,"context_line":"After this change, admins would be able to do this:"},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"  GET /os-keypairs?user_id\u003dfoobar"},{"line_number":50,"context_line":"  GET /os-keypairs/bob?user_id\u003dfoobar"},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"Alternatives"},{"line_number":53,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":8,"id":"3acd31a7_8aa0d844","line":50,"in_reply_to":"3acd31a7_6ae1fcfd","updated":"2015-05-04 05:45:51.000000000","message":"It is limited by db layer filter. https://github.com/openstack/nova/blob/master/nova/db/sqlalchemy/api.py#L2686\n\nCurrently \u0027key_pair_get\u0027 only can return user-owned keypair.\n\nWe need change db call \u0027key_pair_get\u0027 work as getting instance. The getting instance behavior is\n\n1. if the request is user context, then only return project-owned instance\n2. if the request is admin context, return any project\u0027s instance.\n\nAnd after we changed that, we need add upgrade note also.\n\nBecause currently the default rule for show is allowed anyone  \"os_compute_api:os-keypairs:show\": \"\"\n\nAfter upgrade the code, admin allowed for show other user\u0027s keypair whatever the microversion. We need notice operator to update their policy configuration if they didn\u0027t want to enable admin show other user\u0027s keypair.","commit_id":"a44a1e62cf69aed8b2dbb12c3969103da234d4f1"},{"author":{"_account_id":7730,"name":"Sahid Orentino Ferdjaoui","email":"sahid.ferdjaoui@industrialdiscipline.com","username":"sahid"},"change_message_id":"00fbbb4fb0b17114b7aceacab3ababe3d55e5e5d","unresolved":false,"context_lines":[{"line_number":47,"context_line":"After this change, admins would be able to do this:"},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"  GET /os-keypairs?user_id\u003dfoobar"},{"line_number":50,"context_line":"  GET /os-keypairs/bob?user_id\u003dfoobar"},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"Alternatives"},{"line_number":53,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":8,"id":"3acd31a7_98a5c7b6","line":50,"in_reply_to":"3acd31a7_8aa0d844","updated":"2015-05-04 13:34:28.000000000","message":"Perhaps using \u0027bob\u0027 as a key name was not a good example ;)","commit_id":"a44a1e62cf69aed8b2dbb12c3969103da234d4f1"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"38048321daa3e89542cc6d65e08d0f952e695a92","unresolved":false,"context_lines":[{"line_number":47,"context_line":"After this change, admins would be able to do this:"},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"  GET /os-keypairs?user_id\u003dfoobar"},{"line_number":50,"context_line":"  GET /os-keypairs/bob?user_id\u003dfoobar"},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"Alternatives"},{"line_number":53,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":8,"id":"3acd31a7_cce38132","line":50,"in_reply_to":"3acd31a7_98a5c7b6","updated":"2015-05-04 15:11:04.000000000","message":"The name of the key is \"bob\". This does not list the keys owned by bob. This is why the original patch for this didn\u0027t include get, because index is how this would actually be used. I chose the example \"bob\" for the GET because it\u0027s showing that user foobar can list bob\u0027s \"bob\" key.\n\nSo mikal, we do need a change here, everything we need is not in the context. Focus on the index operation and it\u0027s clear.","commit_id":"a44a1e62cf69aed8b2dbb12c3969103da234d4f1"},{"author":{"_account_id":5754,"name":"Alex Xu","email":"hejie.xu@intel.com","username":"xuhj"},"change_message_id":"cf6cf64a070752eaf2fb7269f940846e135485e7","unresolved":false,"context_lines":[{"line_number":47,"context_line":"After this change, admins would be able to do this:"},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"  GET /os-keypairs?user_id\u003dfoobar"},{"line_number":50,"context_line":"  GET /os-keypairs/bob?user_id\u003dfoobar"},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"Alternatives"},{"line_number":53,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":8,"id":"3acd31a7_6ae1fcfd","line":50,"in_reply_to":"3acd31a7_a71ced77","updated":"2015-05-04 04:52:47.000000000","message":"emm...yea, you are right, actually the user_id is already in the keypair object. We just need authroize with returned keypair as target.","commit_id":"a44a1e62cf69aed8b2dbb12c3969103da234d4f1"},{"author":{"_account_id":5441,"name":"Andrew Laski","email":"andrew@lascii.com","username":"alaski"},"change_message_id":"d257fa6a2138e42ab0515a8967732773fcfc99c4","unresolved":false,"context_lines":[{"line_number":47,"context_line":"After this change, admins would be able to do this:"},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"  GET /os-keypairs?user_id\u003dfoobar"},{"line_number":50,"context_line":"  GET /os-keypairs/bob?user_id\u003dfoobar"},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"Alternatives"},{"line_number":53,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":8,"id":"1aca2d91_7487dd61","line":50,"in_reply_to":"3acd31a7_cce38132","updated":"2015-05-06 20:46:25.000000000","message":"Perhaps \"bob\" is confusing as an example because it could be a user.  Using a generic \"\u003ckeypair_name\u003e\" might help.","commit_id":"a44a1e62cf69aed8b2dbb12c3969103da234d4f1"},{"author":{"_account_id":2271,"name":"Michael Still","email":"mikal@stillhq.com","username":"mikalstill"},"change_message_id":"4f1f91ab3cee37a68b3d49d50c324f3ab70bf797","unresolved":false,"context_lines":[{"line_number":104,"context_line":""},{"line_number":105,"context_line":"Admin users will be able to see the public keys of other"},{"line_number":106,"context_line":"users. However, these are generally regarded as material suitable for"},{"line_number":107,"context_line":"public viewing anyway."},{"line_number":108,"context_line":""},{"line_number":109,"context_line":"Notifications impact"},{"line_number":110,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":8,"id":"3acd31a7_2709fd31","line":107,"updated":"2015-05-04 04:13:44.000000000","message":"Ok, so my comment above is a little wrong, but why couldn\u0027t an admin just use GET /keypairs/bob to get bob\u0027s keypairs?","commit_id":"a44a1e62cf69aed8b2dbb12c3969103da234d4f1"},{"author":{"_account_id":12175,"name":"Eli Qiao","email":"qiaoliyong@gmail.com","username":"Eli"},"change_message_id":"847a147e5ba8e8e8350befa813f1247b5b8ce3c0","unresolved":false,"context_lines":[{"line_number":104,"context_line":""},{"line_number":105,"context_line":"Admin users will be able to see the public keys of other"},{"line_number":106,"context_line":"users. However, these are generally regarded as material suitable for"},{"line_number":107,"context_line":"public viewing anyway."},{"line_number":108,"context_line":""},{"line_number":109,"context_line":"Notifications impact"},{"line_number":110,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":8,"id":"3acd31a7_6ad57cb7","line":107,"in_reply_to":"3acd31a7_2709fd31","updated":"2015-05-04 05:35:51.000000000","message":"I think for current logic, we can only use GET /keypairs/key_name\nto show a specify key, but now , we use user_id to query db, so admin user can not get other user\u0027s keypairs.","commit_id":"a44a1e62cf69aed8b2dbb12c3969103da234d4f1"},{"author":{"_account_id":5754,"name":"Alex Xu","email":"hejie.xu@intel.com","username":"xuhj"},"change_message_id":"d41ebec59cc16e2df39495d1e3172feb1b97ee7e","unresolved":false,"context_lines":[{"line_number":104,"context_line":""},{"line_number":105,"context_line":"Admin users will be able to see the public keys of other"},{"line_number":106,"context_line":"users. However, these are generally regarded as material suitable for"},{"line_number":107,"context_line":"public viewing anyway."},{"line_number":108,"context_line":""},{"line_number":109,"context_line":"Notifications impact"},{"line_number":110,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":8,"id":"1aca2d91_6d780f2c","line":107,"in_reply_to":"3acd31a7_2c4d553e","updated":"2015-05-07 15:52:30.000000000","message":"\"Show me key with name bob owned by bob\" sounds make sense to me... I missed that there is the keyname not the id.","commit_id":"a44a1e62cf69aed8b2dbb12c3969103da234d4f1"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"38048321daa3e89542cc6d65e08d0f952e695a92","unresolved":false,"context_lines":[{"line_number":104,"context_line":""},{"line_number":105,"context_line":"Admin users will be able to see the public keys of other"},{"line_number":106,"context_line":"users. However, these are generally regarded as material suitable for"},{"line_number":107,"context_line":"public viewing anyway."},{"line_number":108,"context_line":""},{"line_number":109,"context_line":"Notifications impact"},{"line_number":110,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":8,"id":"3acd31a7_2c4d553e","line":107,"in_reply_to":"3acd31a7_6ad57cb7","updated":"2015-05-04 15:11:04.000000000","message":"Mikal, they keypair name is not global across the deployment, so in the case of show, the request has to scope the user for which they\u0027re interested in finding a key by name. This is why I only had index in this initially because that\u0027s how it\u0027s more useful. \"Show me all the keys owned by bob\".","commit_id":"a44a1e62cf69aed8b2dbb12c3969103da234d4f1"},{"author":{"_account_id":5441,"name":"Andrew Laski","email":"andrew@lascii.com","username":"alaski"},"change_message_id":"5182c09ab83ff438dbc1153946e625a5e4daf487","unresolved":false,"context_lines":[{"line_number":8,"context_line":"Allow admins to query and create keypairs owned by any user"},{"line_number":9,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"https://blueprints.launchpad.net/nova/+spec/admin-query-any-keypair"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"This change allows admin users to query keypairs owned by users"},{"line_number":14,"context_line":"other than themselves, as well as to create/import new keypairs on"}],"source_content_type":"text/x-rst","patch_set":10,"id":"7a016987_f93e3fb7","line":11,"updated":"2015-05-14 19:31:26.000000000","message":"Minor nit, but with this scope change admin-access-any-tenant-keypair, or something along that line would be more correct.  I\u0027m not -1 on this though.","commit_id":"b1522c1a439e76d7d97475ff5f9745a47b33ff0b"},{"author":{"_account_id":5441,"name":"Andrew Laski","email":"andrew@lascii.com","username":"alaski"},"change_message_id":"5182c09ab83ff438dbc1153946e625a5e4daf487","unresolved":false,"context_lines":[{"line_number":31,"context_line":"instance with someone else\u0027s keypair assigned so that they can log"},{"line_number":32,"context_line":"into it."},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"Allowing the administrators to create keypairs on behalf of the users"},{"line_number":35,"context_line":"will allow assign user-specific keypairs and provide access to the instances"},{"line_number":36,"context_line":"directly, without the user having to perform the work on his own."},{"line_number":37,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"7a016987_5f6e53ca","line":34,"updated":"2015-05-14 19:31:26.000000000","message":"This paragraph is a little confusing.  Creating keypairs on behalf of a user doesn\u0027t help if Nova is generating the keys.  Creating a keypair and importing a users existing public key is useful to then boot an instance that the user can access.  It might be useful to explicitly say that creating a keypair and importing a public key on behalf of a user will allow the user to have access to an instance booted with it.","commit_id":"b1522c1a439e76d7d97475ff5f9745a47b33ff0b"},{"author":{"_account_id":8802,"name":"Vladik Romanovsky","email":"vromanso@redhat.com","username":"vladikr"},"change_message_id":"930e7b16ecc4dbcac13dbe9be2f7dc20e9873515","unresolved":false,"context_lines":[{"line_number":31,"context_line":"instance with someone else\u0027s keypair assigned so that they can log"},{"line_number":32,"context_line":"into it."},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"Allowing the administrators to create keypairs on behalf of the users"},{"line_number":35,"context_line":"will allow assign user-specific keypairs and provide access to the instances"},{"line_number":36,"context_line":"directly, without the user having to perform the work on his own."},{"line_number":37,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"7a016987_bc0f6be0","line":34,"in_reply_to":"7a016987_5f6e53ca","updated":"2015-05-15 18:18:42.000000000","message":"Done","commit_id":"b1522c1a439e76d7d97475ff5f9745a47b33ff0b"},{"author":{"_account_id":5441,"name":"Andrew Laski","email":"andrew@lascii.com","username":"alaski"},"change_message_id":"5182c09ab83ff438dbc1153946e625a5e4daf487","unresolved":false,"context_lines":[{"line_number":32,"context_line":"into it."},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"Allowing the administrators to create keypairs on behalf of the users"},{"line_number":35,"context_line":"will allow assign user-specific keypairs and provide access to the instances"},{"line_number":36,"context_line":"directly, without the user having to perform the work on his own."},{"line_number":37,"context_line":""},{"line_number":38,"context_line":"For instances that require additional post-deployment configuration using"}],"source_content_type":"text/x-rst","patch_set":10,"id":"7a016987_597c3372","line":35,"range":{"start_line":35,"start_character":11,"end_line":35,"end_character":17},"updated":"2015-05-14 19:31:26.000000000","message":"assigning","commit_id":"b1522c1a439e76d7d97475ff5f9745a47b33ff0b"},{"author":{"_account_id":8802,"name":"Vladik Romanovsky","email":"vromanso@redhat.com","username":"vladikr"},"change_message_id":"930e7b16ecc4dbcac13dbe9be2f7dc20e9873515","unresolved":false,"context_lines":[{"line_number":32,"context_line":"into it."},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"Allowing the administrators to create keypairs on behalf of the users"},{"line_number":35,"context_line":"will allow assign user-specific keypairs and provide access to the instances"},{"line_number":36,"context_line":"directly, without the user having to perform the work on his own."},{"line_number":37,"context_line":""},{"line_number":38,"context_line":"For instances that require additional post-deployment configuration using"}],"source_content_type":"text/x-rst","patch_set":10,"id":"7a016987_9c126f08","line":35,"in_reply_to":"7a016987_597c3372","updated":"2015-05-15 18:18:42.000000000","message":"Done","commit_id":"b1522c1a439e76d7d97475ff5f9745a47b33ff0b"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"1410e8be8f2f67f7cfe5f667adbfeda9fa7e74b1","unresolved":false,"context_lines":[{"line_number":97,"context_line":""},{"line_number":98,"context_line":"  * Expected error http response code(s)"},{"line_number":99,"context_line":""},{"line_number":100,"context_line":"    * 403: If the user is not an admin"},{"line_number":101,"context_line":""},{"line_number":102,"context_line":"  * ``/v2.1/ {tenant_id} /os-keypairs?user_id\u003d {user_id}``"},{"line_number":103,"context_line":"  * ``/v2.1/ {tenant_id} /os-keypairs/ {keypair_name}?user_id\u003d {user_id}``"}],"source_content_type":"text/x-rst","patch_set":10,"id":"7a016987_f3c77e43","line":100,"range":{"start_line":100,"start_character":23,"end_line":100,"end_character":38},"updated":"2015-05-14 18:02:08.000000000","message":"This should be: \"does not have permissions, per the policy file\" right?","commit_id":"b1522c1a439e76d7d97475ff5f9745a47b33ff0b"},{"author":{"_account_id":8802,"name":"Vladik Romanovsky","email":"vromanso@redhat.com","username":"vladikr"},"change_message_id":"930e7b16ecc4dbcac13dbe9be2f7dc20e9873515","unresolved":false,"context_lines":[{"line_number":97,"context_line":""},{"line_number":98,"context_line":"  * Expected error http response code(s)"},{"line_number":99,"context_line":""},{"line_number":100,"context_line":"    * 403: If the user is not an admin"},{"line_number":101,"context_line":""},{"line_number":102,"context_line":"  * ``/v2.1/ {tenant_id} /os-keypairs?user_id\u003d {user_id}``"},{"line_number":103,"context_line":"  * ``/v2.1/ {tenant_id} /os-keypairs/ {keypair_name}?user_id\u003d {user_id}``"}],"source_content_type":"text/x-rst","patch_set":10,"id":"7a016987_7cfa13bf","line":100,"in_reply_to":"7a016987_f3c77e43","updated":"2015-05-15 18:18:42.000000000","message":"Done","commit_id":"b1522c1a439e76d7d97475ff5f9745a47b33ff0b"},{"author":{"_account_id":5441,"name":"Andrew Laski","email":"andrew@lascii.com","username":"alaski"},"change_message_id":"5182c09ab83ff438dbc1153946e625a5e4daf487","unresolved":false,"context_lines":[{"line_number":100,"context_line":"    * 403: If the user is not an admin"},{"line_number":101,"context_line":""},{"line_number":102,"context_line":"  * ``/v2.1/ {tenant_id} /os-keypairs?user_id\u003d {user_id}``"},{"line_number":103,"context_line":"  * ``/v2.1/ {tenant_id} /os-keypairs/ {keypair_name}?user_id\u003d {user_id}``"},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"  * Parameters which can be passed via the url: The alternate user id"},{"line_number":106,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"7a016987_d96ca39e","line":103,"range":{"start_line":103,"start_character":38,"end_line":103,"end_character":39},"updated":"2015-05-14 19:31:26.000000000","message":"The space is back.  The spaces around {tenant} should be removed as well.","commit_id":"b1522c1a439e76d7d97475ff5f9745a47b33ff0b"},{"author":{"_account_id":8802,"name":"Vladik Romanovsky","email":"vromanso@redhat.com","username":"vladikr"},"change_message_id":"930e7b16ecc4dbcac13dbe9be2f7dc20e9873515","unresolved":false,"context_lines":[{"line_number":100,"context_line":"    * 403: If the user is not an admin"},{"line_number":101,"context_line":""},{"line_number":102,"context_line":"  * ``/v2.1/ {tenant_id} /os-keypairs?user_id\u003d {user_id}``"},{"line_number":103,"context_line":"  * ``/v2.1/ {tenant_id} /os-keypairs/ {keypair_name}?user_id\u003d {user_id}``"},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"  * Parameters which can be passed via the url: The alternate user id"},{"line_number":106,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"7a016987_3c049bbe","line":103,"in_reply_to":"7a016987_d96ca39e","updated":"2015-05-15 18:18:42.000000000","message":"Done","commit_id":"b1522c1a439e76d7d97475ff5f9745a47b33ff0b"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"1410e8be8f2f67f7cfe5f667adbfeda9fa7e74b1","unresolved":false,"context_lines":[{"line_number":126,"context_line":""},{"line_number":127,"context_line":"  * Expected error http response code(s)"},{"line_number":128,"context_line":""},{"line_number":129,"context_line":"    * 403: If the user is not an admin"},{"line_number":130,"context_line":""},{"line_number":131,"context_line":"  * ``/v2.1/ {tenant_id} /os-keypairs``"},{"line_number":132,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"7a016987_b3c10631","line":129,"updated":"2015-05-14 18:02:08.000000000","message":"Here too.","commit_id":"b1522c1a439e76d7d97475ff5f9745a47b33ff0b"},{"author":{"_account_id":8802,"name":"Vladik Romanovsky","email":"vromanso@redhat.com","username":"vladikr"},"change_message_id":"930e7b16ecc4dbcac13dbe9be2f7dc20e9873515","unresolved":false,"context_lines":[{"line_number":126,"context_line":""},{"line_number":127,"context_line":"  * Expected error http response code(s)"},{"line_number":128,"context_line":""},{"line_number":129,"context_line":"    * 403: If the user is not an admin"},{"line_number":130,"context_line":""},{"line_number":131,"context_line":"  * ``/v2.1/ {tenant_id} /os-keypairs``"},{"line_number":132,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"7a016987_1cff9fab","line":129,"in_reply_to":"7a016987_b3c10631","updated":"2015-05-15 18:18:42.000000000","message":"Done","commit_id":"b1522c1a439e76d7d97475ff5f9745a47b33ff0b"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"1410e8be8f2f67f7cfe5f667adbfeda9fa7e74b1","unresolved":false,"context_lines":[{"line_number":142,"context_line":"      \"keypair\": {"},{"line_number":143,"context_line":"          \"name\": \"%(keypair_name)s\","},{"line_number":144,"context_line":"          \"type\": \"%(keypair_type)s\","},{"line_number":145,"context_line":"          \"user_id\": %(user_id)s\""},{"line_number":146,"context_line":"      }"},{"line_number":147,"context_line":"    }"},{"line_number":148,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"7a016987_13d21a01","line":145,"updated":"2015-05-14 18:02:08.000000000","message":"I wonder if this should be changed in the get request too to make it fully RESTy? It would be easy.","commit_id":"b1522c1a439e76d7d97475ff5f9745a47b33ff0b"},{"author":{"_account_id":8802,"name":"Vladik Romanovsky","email":"vromanso@redhat.com","username":"vladikr"},"change_message_id":"930e7b16ecc4dbcac13dbe9be2f7dc20e9873515","unresolved":false,"context_lines":[{"line_number":142,"context_line":"      \"keypair\": {"},{"line_number":143,"context_line":"          \"name\": \"%(keypair_name)s\","},{"line_number":144,"context_line":"          \"type\": \"%(keypair_type)s\","},{"line_number":145,"context_line":"          \"user_id\": %(user_id)s\""},{"line_number":146,"context_line":"      }"},{"line_number":147,"context_line":"    }"},{"line_number":148,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"7a016987_3cf25bd3","line":145,"in_reply_to":"7a016987_13d21a01","updated":"2015-05-15 18:18:42.000000000","message":"GET doesn\u0027t take any data.. or I misunderstood your comment?","commit_id":"b1522c1a439e76d7d97475ff5f9745a47b33ff0b"},{"author":{"_account_id":8802,"name":"Vladik Romanovsky","email":"vromanso@redhat.com","username":"vladikr"},"change_message_id":"d2a32fd14cbdcd9ed74c3d52431dd2ee116d898b","unresolved":false,"context_lines":[{"line_number":142,"context_line":"      \"keypair\": {"},{"line_number":143,"context_line":"          \"name\": \"%(keypair_name)s\","},{"line_number":144,"context_line":"          \"type\": \"%(keypair_type)s\","},{"line_number":145,"context_line":"          \"user_id\": %(user_id)s\""},{"line_number":146,"context_line":"      }"},{"line_number":147,"context_line":"    }"},{"line_number":148,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"7a016987_ff827551","line":145,"in_reply_to":"7a016987_3c825b95","updated":"2015-05-15 18:40:51.000000000","message":"Yeah, it\u0027s there.","commit_id":"b1522c1a439e76d7d97475ff5f9745a47b33ff0b"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"f7d3dd28491526117052d10407e7ee682f54d657","unresolved":false,"context_lines":[{"line_number":142,"context_line":"      \"keypair\": {"},{"line_number":143,"context_line":"          \"name\": \"%(keypair_name)s\","},{"line_number":144,"context_line":"          \"type\": \"%(keypair_type)s\","},{"line_number":145,"context_line":"          \"user_id\": %(user_id)s\""},{"line_number":146,"context_line":"      }"},{"line_number":147,"context_line":"    }"},{"line_number":148,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"7a016987_3c825b95","line":145,"in_reply_to":"7a016987_3cf25bd3","updated":"2015-05-15 18:34:49.000000000","message":"I meant \"user_id\" should be in the GET response. It\u0027s not currently there, correct? If not, we should add it, IMHO.","commit_id":"b1522c1a439e76d7d97475ff5f9745a47b33ff0b"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"526a299e41dba78da987077e2ef47c2a159f6782","unresolved":false,"context_lines":[{"line_number":142,"context_line":"      \"keypair\": {"},{"line_number":143,"context_line":"          \"name\": \"%(keypair_name)s\","},{"line_number":144,"context_line":"          \"type\": \"%(keypair_type)s\","},{"line_number":145,"context_line":"          \"user_id\": %(user_id)s\""},{"line_number":146,"context_line":"      }"},{"line_number":147,"context_line":"    }"},{"line_number":148,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"7a016987_df08d9db","line":145,"in_reply_to":"7a016987_ff827551","updated":"2015-05-15 18:45:58.000000000","message":"Okay, perfect!","commit_id":"b1522c1a439e76d7d97475ff5f9745a47b33ff0b"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"ba5f4bda6ce5cdcf1dd03fc6322e005b4e69b30b","unresolved":false,"context_lines":[{"line_number":31,"context_line":"instance with someone else\u0027s keypair assigned so that they can log"},{"line_number":32,"context_line":"into it."},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"Allowing the administrators to create keypairs and importing public keys on"},{"line_number":35,"context_line":"behalf of the users will allow the users to have access to an instance booted"},{"line_number":36,"context_line":"with it."},{"line_number":37,"context_line":""}],"source_content_type":"text/x-rst","patch_set":11,"id":"7a016987_fc884324","line":34,"range":{"start_line":34,"start_character":51,"end_line":34,"end_character":60},"updated":"2015-05-15 18:22:29.000000000","message":"This should be \"import\" but it\u0027s not that important.","commit_id":"5a8cda8986202931aa970fa30bff9b403e4cceb6"}]}