)]}'
{"specs/wallaby/approved/modernize-os-hypervisors-api.rst":[{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"6ae54271d741106baa3dd6de4dfd46c6a04abac2","unresolved":false,"context_lines":[{"line_number":157,"context_line":"Remove the resource-related fields from the output of the"},{"line_number":158,"context_line":"``/os-hypervisors/detail`` API and remove the ``/os-hypervisors/statistics``"},{"line_number":159,"context_line":"API in its entirety. Modify the policy checks and output of the"},{"line_number":160,"context_line":"``/os-hypervisors`` API to allow users with the ``PROJECT_ADMIN`` role to see"},{"line_number":161,"context_line":"all hypervisors their project is allowed to access, based on aggregate"},{"line_number":162,"context_line":"metadata."},{"line_number":163,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"1f621f24_be61c207","line":160,"range":{"start_line":160,"start_character":0,"end_line":160,"end_character":24},"updated":"2020-11-17 16:53:15.000000000","message":"GET ``/os-hypervisors`` API  being explicitly","commit_id":"356c5acd1c4640c17abb01e625ca7acb98e0e77b"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"6ae54271d741106baa3dd6de4dfd46c6a04abac2","unresolved":false,"context_lines":[{"line_number":157,"context_line":"Remove the resource-related fields from the output of the"},{"line_number":158,"context_line":"``/os-hypervisors/detail`` API and remove the ``/os-hypervisors/statistics``"},{"line_number":159,"context_line":"API in its entirety. Modify the policy checks and output of the"},{"line_number":160,"context_line":"``/os-hypervisors`` API to allow users with the ``PROJECT_ADMIN`` role to see"},{"line_number":161,"context_line":"all hypervisors their project is allowed to access, based on aggregate"},{"line_number":162,"context_line":"metadata."},{"line_number":163,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"1f621f24_de52be34","line":160,"range":{"start_line":160,"start_character":50,"end_line":160,"end_character":63},"updated":"2020-11-17 16:53:15.000000000","message":"SYSTEM_READER_PROJECT_ADMIN","commit_id":"356c5acd1c4640c17abb01e625ca7acb98e0e77b"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"f257241d1a32c3a4a9d3c0e5dcb985bfe9a4af37","unresolved":false,"context_lines":[{"line_number":157,"context_line":"Remove the resource-related fields from the output of the"},{"line_number":158,"context_line":"``/os-hypervisors/detail`` API and remove the ``/os-hypervisors/statistics``"},{"line_number":159,"context_line":"API in its entirety. Modify the policy checks and output of the"},{"line_number":160,"context_line":"``/os-hypervisors`` API to allow users with the ``PROJECT_ADMIN`` role to see"},{"line_number":161,"context_line":"all hypervisors their project is allowed to access, based on aggregate"},{"line_number":162,"context_line":"metadata."},{"line_number":163,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"1f621f24_f9c35436","line":160,"range":{"start_line":160,"start_character":0,"end_line":160,"end_character":24},"in_reply_to":"1f621f24_be61c207","updated":"2020-11-17 17:31:33.000000000","message":"yep just the sumarary endpoint not detail or the soon to be removed stats api. and yes only GET but i dont think this api supports any other http actions","commit_id":"356c5acd1c4640c17abb01e625ca7acb98e0e77b"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"d4a89607a52198e3f97ff4c5be097da5cf9f2fc6","unresolved":false,"context_lines":[{"line_number":157,"context_line":"Remove the resource-related fields from the output of the"},{"line_number":158,"context_line":"``/os-hypervisors/detail`` API and remove the ``/os-hypervisors/statistics``"},{"line_number":159,"context_line":"API in its entirety. Modify the policy checks and output of the"},{"line_number":160,"context_line":"``/os-hypervisors`` API to allow users with the ``PROJECT_ADMIN`` role to see"},{"line_number":161,"context_line":"all hypervisors their project is allowed to access, based on aggregate"},{"line_number":162,"context_line":"metadata."},{"line_number":163,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"fffc6b78_9d4bf685","line":160,"range":{"start_line":160,"start_character":0,"end_line":160,"end_character":24},"in_reply_to":"1f621f24_f9c35436","updated":"2020-11-20 11:52:00.000000000","message":"Done","commit_id":"356c5acd1c4640c17abb01e625ca7acb98e0e77b"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"f257241d1a32c3a4a9d3c0e5dcb985bfe9a4af37","unresolved":false,"context_lines":[{"line_number":155,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":156,"context_line":""},{"line_number":157,"context_line":"Remove the resource-related fields from the output of the"},{"line_number":158,"context_line":"``/os-hypervisors/detail`` API and remove the ``/os-hypervisors/statistics``"},{"line_number":159,"context_line":"API in its entirety. Modify the policy checks and output of the"},{"line_number":160,"context_line":"``/os-hypervisors`` API to allow users with the ``PROJECT_ADMIN`` role to see"},{"line_number":161,"context_line":"all hypervisors their project is allowed to access, based on aggregate"},{"line_number":162,"context_line":"metadata."},{"line_number":163,"context_line":""},{"line_number":164,"context_line":"Alternatives"},{"line_number":165,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"1f621f24_79074419","line":162,"range":{"start_line":158,"start_character":0,"end_line":162,"end_character":9},"updated":"2020-11-17 17:31:33.000000000","message":"note that the proposal is to use the existing aggregate meta data for tenant affinity.\n\nif the project is not affinitiested to a set of host it can list all hosts. if tenant affinity is configure then the list will be filtered to only the host that its valid for them to boot too.\n\nso for exsiting deployment if they were using tenant affintiy they dont need to add any new metadta then just need to give project admins the new role.","commit_id":"356c5acd1c4640c17abb01e625ca7acb98e0e77b"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"6ae54271d741106baa3dd6de4dfd46c6a04abac2","unresolved":false,"context_lines":[{"line_number":158,"context_line":"``/os-hypervisors/detail`` API and remove the ``/os-hypervisors/statistics``"},{"line_number":159,"context_line":"API in its entirety. Modify the policy checks and output of the"},{"line_number":160,"context_line":"``/os-hypervisors`` API to allow users with the ``PROJECT_ADMIN`` role to see"},{"line_number":161,"context_line":"all hypervisors their project is allowed to access, based on aggregate"},{"line_number":162,"context_line":"metadata."},{"line_number":163,"context_line":""},{"line_number":164,"context_line":"Alternatives"},{"line_number":165,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"1f621f24_de275ec6","line":162,"range":{"start_line":161,"start_character":0,"end_line":162,"end_character":9},"updated":"2020-11-17 16:53:15.000000000","message":"to allow system reader to see all hypervoris and projects admin to see only hyperviros they are allowed to access....","commit_id":"356c5acd1c4640c17abb01e625ca7acb98e0e77b"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"cbeb1e48f801a1d9641afa88ec1e98841485200b","unresolved":false,"context_lines":[{"line_number":155,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":156,"context_line":""},{"line_number":157,"context_line":"Remove the resource-related fields from the output of the"},{"line_number":158,"context_line":"``/os-hypervisors/detail`` API and remove the ``/os-hypervisors/statistics``"},{"line_number":159,"context_line":"API in its entirety. Modify the policy checks and output of the"},{"line_number":160,"context_line":"``/os-hypervisors`` API to allow users with the ``PROJECT_ADMIN`` role to see"},{"line_number":161,"context_line":"all hypervisors their project is allowed to access, based on aggregate"},{"line_number":162,"context_line":"metadata."},{"line_number":163,"context_line":""},{"line_number":164,"context_line":"Alternatives"},{"line_number":165,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"1f621f24_9081454e","line":162,"range":{"start_line":158,"start_character":0,"end_line":162,"end_character":9},"in_reply_to":"1f621f24_5c77cc09","updated":"2020-11-18 15:10:12.000000000","message":"I see your point now. yeah, if no limit then empty seems odd. agree to show just list for all host.","commit_id":"356c5acd1c4640c17abb01e625ca7acb98e0e77b"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"60e54b1d30413784da0b866cc168ef7f70d06d6d","unresolved":false,"context_lines":[{"line_number":155,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":156,"context_line":""},{"line_number":157,"context_line":"Remove the resource-related fields from the output of the"},{"line_number":158,"context_line":"``/os-hypervisors/detail`` API and remove the ``/os-hypervisors/statistics``"},{"line_number":159,"context_line":"API in its entirety. Modify the policy checks and output of the"},{"line_number":160,"context_line":"``/os-hypervisors`` API to allow users with the ``PROJECT_ADMIN`` role to see"},{"line_number":161,"context_line":"all hypervisors their project is allowed to access, based on aggregate"},{"line_number":162,"context_line":"metadata."},{"line_number":163,"context_line":""},{"line_number":164,"context_line":"Alternatives"},{"line_number":165,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"1f621f24_947ae720","line":162,"range":{"start_line":158,"start_character":0,"end_line":162,"end_character":9},"in_reply_to":"1f621f24_79074419","updated":"2020-11-17 18:30:50.000000000","message":"\"if the project is not affinitiested to a set of host it can list all hosts.\"\n\nI think we should ist empty instead of listing all hosts in this case.","commit_id":"356c5acd1c4640c17abb01e625ca7acb98e0e77b"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"d4a89607a52198e3f97ff4c5be097da5cf9f2fc6","unresolved":false,"context_lines":[{"line_number":155,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":156,"context_line":""},{"line_number":157,"context_line":"Remove the resource-related fields from the output of the"},{"line_number":158,"context_line":"``/os-hypervisors/detail`` API and remove the ``/os-hypervisors/statistics``"},{"line_number":159,"context_line":"API in its entirety. Modify the policy checks and output of the"},{"line_number":160,"context_line":"``/os-hypervisors`` API to allow users with the ``PROJECT_ADMIN`` role to see"},{"line_number":161,"context_line":"all hypervisors their project is allowed to access, based on aggregate"},{"line_number":162,"context_line":"metadata."},{"line_number":163,"context_line":""},{"line_number":164,"context_line":"Alternatives"},{"line_number":165,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"fffc6b78_3d564a2b","line":162,"range":{"start_line":158,"start_character":0,"end_line":162,"end_character":9},"in_reply_to":"1f621f24_9081454e","updated":"2020-11-20 11:52:00.000000000","message":"Done (I think)","commit_id":"356c5acd1c4640c17abb01e625ca7acb98e0e77b"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"e6b885e4e3c45be0699ff24720c041ceb96508cd","unresolved":false,"context_lines":[{"line_number":155,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":156,"context_line":""},{"line_number":157,"context_line":"Remove the resource-related fields from the output of the"},{"line_number":158,"context_line":"``/os-hypervisors/detail`` API and remove the ``/os-hypervisors/statistics``"},{"line_number":159,"context_line":"API in its entirety. Modify the policy checks and output of the"},{"line_number":160,"context_line":"``/os-hypervisors`` API to allow users with the ``PROJECT_ADMIN`` role to see"},{"line_number":161,"context_line":"all hypervisors their project is allowed to access, based on aggregate"},{"line_number":162,"context_line":"metadata."},{"line_number":163,"context_line":""},{"line_number":164,"context_line":"Alternatives"},{"line_number":165,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"1f621f24_5c77cc09","line":162,"range":{"start_line":158,"start_character":0,"end_line":162,"end_character":9},"in_reply_to":"1f621f24_947ae720","updated":"2020-11-18 11:26:34.000000000","message":"well the sematics we are proposing is that the project admin should be able to list all hosts they can boot too\n\nif you dont limit that that is all host so retruning an empty list would not be consitent with that.","commit_id":"356c5acd1c4640c17abb01e625ca7acb98e0e77b"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"6ae54271d741106baa3dd6de4dfd46c6a04abac2","unresolved":false,"context_lines":[{"line_number":183,"context_line":"In addition, the ``/os-hypervisors/statistics`` API will be removed entirely"},{"line_number":184,"context_line":"and will return a HTTP 410 (Gone)."},{"line_number":185,"context_line":""},{"line_number":186,"context_line":"Finally, a new policy will be introduced allowing users with the"},{"line_number":187,"context_line":"``PROJECT_ADMIN`` role to see all hypervisors their project is allowed access"},{"line_number":188,"context_line":"to via the ``/os-hypervisors`` API."},{"line_number":189,"context_line":""},{"line_number":190,"context_line":"Security impact"},{"line_number":191,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"1f621f24_5e47ce77","line":188,"range":{"start_line":186,"start_character":0,"end_line":188,"end_character":35},"updated":"2020-11-17 16:53:15.000000000","message":"this will be changing the default of the existing policy\nfrom SYSTEM_READER -\u003e SYSTEM_READER_OR_PROJECT_ADMIN\n\n-https://github.com/openstack/nova/blob/master/nova/policies/hypervisors.py#L34\n\nquestion is whether we want to do it for all os-hyperviros or just for GET os-hyperviors  (list, show and details).  I think only GET is enough.","commit_id":"356c5acd1c4640c17abb01e625ca7acb98e0e77b"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"60e54b1d30413784da0b866cc168ef7f70d06d6d","unresolved":false,"context_lines":[{"line_number":183,"context_line":"In addition, the ``/os-hypervisors/statistics`` API will be removed entirely"},{"line_number":184,"context_line":"and will return a HTTP 410 (Gone)."},{"line_number":185,"context_line":""},{"line_number":186,"context_line":"Finally, a new policy will be introduced allowing users with the"},{"line_number":187,"context_line":"``PROJECT_ADMIN`` role to see all hypervisors their project is allowed access"},{"line_number":188,"context_line":"to via the ``/os-hypervisors`` API."},{"line_number":189,"context_line":""},{"line_number":190,"context_line":"Security impact"},{"line_number":191,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"1f621f24_d470df42","line":188,"range":{"start_line":186,"start_character":0,"end_line":188,"end_character":35},"in_reply_to":"1f621f24_39df8c0d","updated":"2020-11-17 18:30:50.000000000","message":"+1 for just list. Show is also not so required which is nothing but subset of details.","commit_id":"356c5acd1c4640c17abb01e625ca7acb98e0e77b"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"f257241d1a32c3a4a9d3c0e5dcb985bfe9a4af37","unresolved":false,"context_lines":[{"line_number":183,"context_line":"In addition, the ``/os-hypervisors/statistics`` API will be removed entirely"},{"line_number":184,"context_line":"and will return a HTTP 410 (Gone)."},{"line_number":185,"context_line":""},{"line_number":186,"context_line":"Finally, a new policy will be introduced allowing users with the"},{"line_number":187,"context_line":"``PROJECT_ADMIN`` role to see all hypervisors their project is allowed access"},{"line_number":188,"context_line":"to via the ``/os-hypervisors`` API."},{"line_number":189,"context_line":""},{"line_number":190,"context_line":"Security impact"},{"line_number":191,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"1f621f24_39df8c0d","line":188,"range":{"start_line":186,"start_character":0,"end_line":188,"end_character":35},"in_reply_to":"1f621f24_5e47ce77","updated":"2020-11-17 17:31:33.000000000","message":"just list and maybe show but not detail by default.","commit_id":"356c5acd1c4640c17abb01e625ca7acb98e0e77b"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"d4a89607a52198e3f97ff4c5be097da5cf9f2fc6","unresolved":false,"context_lines":[{"line_number":183,"context_line":"In addition, the ``/os-hypervisors/statistics`` API will be removed entirely"},{"line_number":184,"context_line":"and will return a HTTP 410 (Gone)."},{"line_number":185,"context_line":""},{"line_number":186,"context_line":"Finally, a new policy will be introduced allowing users with the"},{"line_number":187,"context_line":"``PROJECT_ADMIN`` role to see all hypervisors their project is allowed access"},{"line_number":188,"context_line":"to via the ``/os-hypervisors`` API."},{"line_number":189,"context_line":""},{"line_number":190,"context_line":"Security impact"},{"line_number":191,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"fffc6b78_7d673227","line":188,"range":{"start_line":186,"start_character":0,"end_line":188,"end_character":35},"in_reply_to":"1f621f24_d470df42","updated":"2020-11-20 11:52:00.000000000","message":"Done","commit_id":"356c5acd1c4640c17abb01e625ca7acb98e0e77b"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"9a6c79a1c12557f0989ac09df1332cb4550b257b","unresolved":true,"context_lines":[{"line_number":191,"context_line":""},{"line_number":192,"context_line":"Finally, change the policy used for the ``/os-hypervisors`` API from"},{"line_number":193,"context_line":"``SYSTEM_READER`` to ``SYSTEM_READER_OR_PROJECT_ADMIN``, allowing users with"},{"line_number":194,"context_line":"the ``PROJECT_ADMIN`` role to see all hypervisors their project is allowed"},{"line_number":195,"context_line":"access to. The other hypervisor-related APIs will not have their policies"},{"line_number":196,"context_line":"modified."},{"line_number":197,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"ce0c84a3_5c030446","line":194,"updated":"2020-12-01 10:07:44.000000000","message":"Isn\u0027t this a behavioural change, by adding more possibilities to some users ?","commit_id":"8f1576a6b6bbde6d0d817c8236722be5eddc31e1"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"3d8ae04f16c41a77e3cee9193c10a18bec7cd17e","unresolved":false,"context_lines":[{"line_number":191,"context_line":""},{"line_number":192,"context_line":"Finally, change the policy used for the ``/os-hypervisors`` API from"},{"line_number":193,"context_line":"``SYSTEM_READER`` to ``SYSTEM_READER_OR_PROJECT_ADMIN``, allowing users with"},{"line_number":194,"context_line":"the ``PROJECT_ADMIN`` role to see all hypervisors their project is allowed"},{"line_number":195,"context_line":"access to. The other hypervisor-related APIs will not have their policies"},{"line_number":196,"context_line":"modified."},{"line_number":197,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"7a6d478e_83a6541c","line":194,"in_reply_to":"cd6aecde_562194f0","updated":"2020-12-01 11:05:55.000000000","message":"All good then","commit_id":"8f1576a6b6bbde6d0d817c8236722be5eddc31e1"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"6752af665a9daeb8fbb75bd76877d04577834d2e","unresolved":false,"context_lines":[{"line_number":191,"context_line":""},{"line_number":192,"context_line":"Finally, change the policy used for the ``/os-hypervisors`` API from"},{"line_number":193,"context_line":"``SYSTEM_READER`` to ``SYSTEM_READER_OR_PROJECT_ADMIN``, allowing users with"},{"line_number":194,"context_line":"the ``PROJECT_ADMIN`` role to see all hypervisors their project is allowed"},{"line_number":195,"context_line":"access to. The other hypervisor-related APIs will not have their policies"},{"line_number":196,"context_line":"modified."},{"line_number":197,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"cd6aecde_562194f0","line":194,"in_reply_to":"ce0c84a3_5c030446","updated":"2020-12-01 11:04:37.000000000","message":"Yes, that\u0027s why we\u0027re introducing it as part of a new API microversion 😎","commit_id":"8f1576a6b6bbde6d0d817c8236722be5eddc31e1"}]}