)]}'
{"doc/source/reference/policy-enforcement.rst":[{"author":{"_account_id":14070,"name":"Eric Fried","email":"openstack@fried.cc","username":"efried"},"change_message_id":"d564ab57b6839375bee35807397bf04b847be72c","unresolved":false,"context_lines":[{"line_number":28,"context_line":""},{"line_number":29,"context_line":"The following is a list of issues with the existing policy enforcement system:"},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"* Default policies lack exhaustive testing"},{"line_number":32,"context_line":"* Mismatch between authoritative scope and resources"},{"line_number":33,"context_line":"* Policies are inconsistently named"},{"line_number":34,"context_line":"* Current defaults do not use default roles provided from keystone"},{"line_number":35,"context_line":"* Policy enforcement is spread across multiple levels and components"},{"line_number":36,"context_line":"* Some policies use hard-coded check strings"},{"line_number":37,"context_line":"* Some APIs do not use granular rules"},{"line_number":38,"context_line":""},{"line_number":39,"context_line":"Addressing the list above helps operators by:"},{"line_number":40,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"5fc1f717_aa87ad61","line":37,"range":{"start_line":31,"start_character":0,"end_line":37,"end_character":37},"updated":"2019-03-19 18:12:41.000000000","message":"These could be links to their respective subsections.","commit_id":"4634a99ebc8f3848ec7a5857a170d5ec6ec8cd66"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"5142ea4373709706ba340425cd219a3c17ec88f4","unresolved":false,"context_lines":[{"line_number":28,"context_line":""},{"line_number":29,"context_line":"The following is a list of issues with the existing policy enforcement system:"},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"* Default policies lack exhaustive testing"},{"line_number":32,"context_line":"* Mismatch between authoritative scope and resources"},{"line_number":33,"context_line":"* Policies are inconsistently named"},{"line_number":34,"context_line":"* Current defaults do not use default roles provided from keystone"},{"line_number":35,"context_line":"* Policy enforcement is spread across multiple levels and components"},{"line_number":36,"context_line":"* Some policies use hard-coded check strings"},{"line_number":37,"context_line":"* Some APIs do not use granular rules"},{"line_number":38,"context_line":""},{"line_number":39,"context_line":"Addressing the list above helps operators by:"},{"line_number":40,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"5fc1f717_6aa2254e","line":37,"range":{"start_line":31,"start_character":0,"end_line":37,"end_character":37},"in_reply_to":"5fc1f717_aa87ad61","updated":"2019-03-19 18:45:35.000000000","message":"Done","commit_id":"4634a99ebc8f3848ec7a5857a170d5ec6ec8cd66"},{"author":{"_account_id":14070,"name":"Eric Fried","email":"openstack@fried.cc","username":"efried"},"change_message_id":"d564ab57b6839375bee35807397bf04b847be72c","unresolved":false,"context_lines":[{"line_number":84,"context_line":"every user from accessing hardware level APIs that would otherwise violate"},{"line_number":85,"context_line":"tenancy requires operators to create a `system-admin` or `super-admin` role,"},{"line_number":86,"context_line":"then rewrite those system-level policies to incorporate that role. This means"},{"line_number":87,"context_line":"users with that special role on a project could access system-level resources,"},{"line_number":88,"context_line":"that aren\u0027t even tracked against projects (e.g., hypervisor information is a"},{"line_number":89,"context_line":"good example.)"},{"line_number":90,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"5fc1f717_4f6bbbf0","line":87,"range":{"start_line":87,"start_character":77,"end_line":87,"end_character":78},"updated":"2019-03-19 18:12:41.000000000","message":"nix comma","commit_id":"4634a99ebc8f3848ec7a5857a170d5ec6ec8cd66"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"5142ea4373709706ba340425cd219a3c17ec88f4","unresolved":false,"context_lines":[{"line_number":84,"context_line":"every user from accessing hardware level APIs that would otherwise violate"},{"line_number":85,"context_line":"tenancy requires operators to create a `system-admin` or `super-admin` role,"},{"line_number":86,"context_line":"then rewrite those system-level policies to incorporate that role. This means"},{"line_number":87,"context_line":"users with that special role on a project could access system-level resources,"},{"line_number":88,"context_line":"that aren\u0027t even tracked against projects (e.g., hypervisor information is a"},{"line_number":89,"context_line":"good example.)"},{"line_number":90,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"5fc1f717_8abc316d","line":87,"range":{"start_line":87,"start_character":77,"end_line":87,"end_character":78},"in_reply_to":"5fc1f717_4f6bbbf0","updated":"2019-03-19 18:45:35.000000000","message":"Done","commit_id":"4634a99ebc8f3848ec7a5857a170d5ec6ec8cd66"},{"author":{"_account_id":14070,"name":"Eric Fried","email":"openstack@fried.cc","username":"efried"},"change_message_id":"d564ab57b6839375bee35807397bf04b847be72c","unresolved":false,"context_lines":[{"line_number":85,"context_line":"tenancy requires operators to create a `system-admin` or `super-admin` role,"},{"line_number":86,"context_line":"then rewrite those system-level policies to incorporate that role. This means"},{"line_number":87,"context_line":"users with that special role on a project could access system-level resources,"},{"line_number":88,"context_line":"that aren\u0027t even tracked against projects (e.g., hypervisor information is a"},{"line_number":89,"context_line":"good example.)"},{"line_number":90,"context_line":""},{"line_number":91,"context_line":"Ultimately, this overloading and extra maintenance is caused from a lack of"}],"source_content_type":"text/x-rst","patch_set":1,"id":"5fc1f717_ef7b87bb","line":88,"range":{"start_line":88,"start_character":43,"end_line":88,"end_character":49},"updated":"2019-03-19 18:12:41.000000000","message":"strike (redundant with \"is a[n] example\")","commit_id":"4634a99ebc8f3848ec7a5857a170d5ec6ec8cd66"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"5142ea4373709706ba340425cd219a3c17ec88f4","unresolved":false,"context_lines":[{"line_number":85,"context_line":"tenancy requires operators to create a `system-admin` or `super-admin` role,"},{"line_number":86,"context_line":"then rewrite those system-level policies to incorporate that role. This means"},{"line_number":87,"context_line":"users with that special role on a project could access system-level resources,"},{"line_number":88,"context_line":"that aren\u0027t even tracked against projects (e.g., hypervisor information is a"},{"line_number":89,"context_line":"good example.)"},{"line_number":90,"context_line":""},{"line_number":91,"context_line":"Ultimately, this overloading and extra maintenance is caused from a lack of"}],"source_content_type":"text/x-rst","patch_set":1,"id":"5fc1f717_0ab0418b","line":88,"range":{"start_line":88,"start_character":43,"end_line":88,"end_character":49},"in_reply_to":"5fc1f717_ef7b87bb","updated":"2019-03-19 18:45:35.000000000","message":"Done","commit_id":"4634a99ebc8f3848ec7a5857a170d5ec6ec8cd66"},{"author":{"_account_id":14070,"name":"Eric Fried","email":"openstack@fried.cc","username":"efried"},"change_message_id":"d564ab57b6839375bee35807397bf04b847be72c","unresolved":false,"context_lines":[{"line_number":88,"context_line":"that aren\u0027t even tracked against projects (e.g., hypervisor information is a"},{"line_number":89,"context_line":"good example.)"},{"line_number":90,"context_line":""},{"line_number":91,"context_line":"Ultimately, this overloading and extra maintenance is caused from a lack of"},{"line_number":92,"context_line":"expressive scope that is not project-scope for nova to consume. As of the"},{"line_number":93,"context_line":"Queens release, keystone supports a scope type dedicated to easing this"},{"line_number":94,"context_line":"problem, called system scope. Consuming system scope across the compute API"},{"line_number":95,"context_line":"results in less overloaded roles, less specialized authorization logic in code,"}],"source_content_type":"text/x-rst","patch_set":1,"id":"5fc1f717_2f5bcf54","line":92,"range":{"start_line":91,"start_character":0,"end_line":92,"end_character":63},"updated":"2019-03-19 18:12:41.000000000","message":"This sentence doesn\u0027t parse for me.","commit_id":"4634a99ebc8f3848ec7a5857a170d5ec6ec8cd66"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"5142ea4373709706ba340425cd219a3c17ec88f4","unresolved":false,"context_lines":[{"line_number":88,"context_line":"that aren\u0027t even tracked against projects (e.g., hypervisor information is a"},{"line_number":89,"context_line":"good example.)"},{"line_number":90,"context_line":""},{"line_number":91,"context_line":"Ultimately, this overloading and extra maintenance is caused from a lack of"},{"line_number":92,"context_line":"expressive scope that is not project-scope for nova to consume. As of the"},{"line_number":93,"context_line":"Queens release, keystone supports a scope type dedicated to easing this"},{"line_number":94,"context_line":"problem, called system scope. Consuming system scope across the compute API"},{"line_number":95,"context_line":"results in less overloaded roles, less specialized authorization logic in code,"}],"source_content_type":"text/x-rst","patch_set":1,"id":"5fc1f717_2a097d30","line":92,"range":{"start_line":91,"start_character":0,"end_line":92,"end_character":63},"in_reply_to":"5fc1f717_2f5bcf54","updated":"2019-03-19 18:45:35.000000000","message":"After re-reading this a few times, I\u0027m unable to come up with a better alternative. Omitting for now since leaving this sentence out doesn\u0027t negatively impact the message between the last paragraph and the new paragraph.","commit_id":"4634a99ebc8f3848ec7a5857a170d5ec6ec8cd66"},{"author":{"_account_id":14070,"name":"Eric Fried","email":"openstack@fried.cc","username":"efried"},"change_message_id":"d564ab57b6839375bee35807397bf04b847be72c","unresolved":false,"context_lines":[{"line_number":92,"context_line":"expressive scope that is not project-scope for nova to consume. As of the"},{"line_number":93,"context_line":"Queens release, keystone supports a scope type dedicated to easing this"},{"line_number":94,"context_line":"problem, called system scope. Consuming system scope across the compute API"},{"line_number":95,"context_line":"results in less overloaded roles, less specialized authorization logic in code,"},{"line_number":96,"context_line":"and simpler policies that expose more functionality to users without violating"},{"line_number":97,"context_line":"tenancy. Please refer to keystone\u0027s `authorization scopes documentation`_ to"},{"line_number":98,"context_line":"learn more about scopes and how to use them effectively."}],"source_content_type":"text/x-rst","patch_set":1,"id":"5fc1f717_6f3eb7db","line":95,"range":{"start_line":95,"start_character":11,"end_line":95,"end_character":15},"updated":"2019-03-19 18:12:41.000000000","message":"fewer","commit_id":"4634a99ebc8f3848ec7a5857a170d5ec6ec8cd66"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"5142ea4373709706ba340425cd219a3c17ec88f4","unresolved":false,"context_lines":[{"line_number":92,"context_line":"expressive scope that is not project-scope for nova to consume. As of the"},{"line_number":93,"context_line":"Queens release, keystone supports a scope type dedicated to easing this"},{"line_number":94,"context_line":"problem, called system scope. Consuming system scope across the compute API"},{"line_number":95,"context_line":"results in less overloaded roles, less specialized authorization logic in code,"},{"line_number":96,"context_line":"and simpler policies that expose more functionality to users without violating"},{"line_number":97,"context_line":"tenancy. Please refer to keystone\u0027s `authorization scopes documentation`_ to"},{"line_number":98,"context_line":"learn more about scopes and how to use them effectively."}],"source_content_type":"text/x-rst","patch_set":1,"id":"5fc1f717_aa66cd28","line":95,"range":{"start_line":95,"start_character":11,"end_line":95,"end_character":15},"in_reply_to":"5fc1f717_6f3eb7db","updated":"2019-03-19 18:45:35.000000000","message":"Done","commit_id":"4634a99ebc8f3848ec7a5857a170d5ec6ec8cd66"},{"author":{"_account_id":14070,"name":"Eric Fried","email":"openstack@fried.cc","username":"efried"},"change_message_id":"d564ab57b6839375bee35807397bf04b847be72c","unresolved":false,"context_lines":[{"line_number":115,"context_line":"Incorporating default roles"},{"line_number":116,"context_line":"---------------------------"},{"line_number":117,"context_line":""},{"line_number":118,"context_line":"Up until the Rocky release, keystone only ensured a single role called `admin`"},{"line_number":119,"context_line":"was available to the deployment upon installation. In Rocky, this support was"},{"line_number":120,"context_line":"expanded to include `member` and `reader` roles as first-class citizens during"},{"line_number":121,"context_line":"keystone\u0027s installation. This allows service developers to rely on these roles"}],"source_content_type":"text/x-rst","patch_set":1,"id":"5fc1f717_ea8cd580","line":118,"range":{"start_line":118,"start_character":71,"end_line":118,"end_character":78},"updated":"2019-03-19 18:12:41.000000000","message":"double backticks please","commit_id":"4634a99ebc8f3848ec7a5857a170d5ec6ec8cd66"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"5142ea4373709706ba340425cd219a3c17ec88f4","unresolved":false,"context_lines":[{"line_number":115,"context_line":"Incorporating default roles"},{"line_number":116,"context_line":"---------------------------"},{"line_number":117,"context_line":""},{"line_number":118,"context_line":"Up until the Rocky release, keystone only ensured a single role called `admin`"},{"line_number":119,"context_line":"was available to the deployment upon installation. In Rocky, this support was"},{"line_number":120,"context_line":"expanded to include `member` and `reader` roles as first-class citizens during"},{"line_number":121,"context_line":"keystone\u0027s installation. This allows service developers to rely on these roles"}],"source_content_type":"text/x-rst","patch_set":1,"id":"5fc1f717_0a75a1cc","line":118,"range":{"start_line":118,"start_character":71,"end_line":118,"end_character":78},"in_reply_to":"5fc1f717_ea8cd580","updated":"2019-03-19 18:45:35.000000000","message":"Done","commit_id":"4634a99ebc8f3848ec7a5857a170d5ec6ec8cd66"},{"author":{"_account_id":14070,"name":"Eric Fried","email":"openstack@fried.cc","username":"efried"},"change_message_id":"d564ab57b6839375bee35807397bf04b847be72c","unresolved":false,"context_lines":[{"line_number":135,"context_line":"Policy logic and processing is inherently sensitive and often complicated. It"},{"line_number":136,"context_line":"is sensitive in that coding mistakes can lead to security vulnerabilities. It"},{"line_number":137,"context_line":"is complicated in the resources and APIs it needs to protect and the vast"},{"line_number":138,"context_line":"amount of use cases it needs to support. These reasons make a case for"},{"line_number":139,"context_line":"isolating policy enforcement and processing into a compartmentalized space, as"},{"line_number":140,"context_line":"opposed to policy logic bleeding through to different layers of nova. Not"},{"line_number":141,"context_line":"having all policy logic in a single place makes evolving the policy enforcement"}],"source_content_type":"text/x-rst","patch_set":1,"id":"5fc1f717_0a112154","line":138,"range":{"start_line":138,"start_character":0,"end_line":138,"end_character":6},"updated":"2019-03-19 18:12:41.000000000","message":"number","commit_id":"4634a99ebc8f3848ec7a5857a170d5ec6ec8cd66"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"5142ea4373709706ba340425cd219a3c17ec88f4","unresolved":false,"context_lines":[{"line_number":135,"context_line":"Policy logic and processing is inherently sensitive and often complicated. It"},{"line_number":136,"context_line":"is sensitive in that coding mistakes can lead to security vulnerabilities. It"},{"line_number":137,"context_line":"is complicated in the resources and APIs it needs to protect and the vast"},{"line_number":138,"context_line":"amount of use cases it needs to support. These reasons make a case for"},{"line_number":139,"context_line":"isolating policy enforcement and processing into a compartmentalized space, as"},{"line_number":140,"context_line":"opposed to policy logic bleeding through to different layers of nova. Not"},{"line_number":141,"context_line":"having all policy logic in a single place makes evolving the policy enforcement"}],"source_content_type":"text/x-rst","patch_set":1,"id":"5fc1f717_ca7eb9ae","line":138,"range":{"start_line":138,"start_character":0,"end_line":138,"end_character":6},"in_reply_to":"5fc1f717_0a112154","updated":"2019-03-19 18:45:35.000000000","message":"Done","commit_id":"4634a99ebc8f3848ec7a5857a170d5ec6ec8cd66"},{"author":{"_account_id":14070,"name":"Eric Fried","email":"openstack@fried.cc","username":"efried"},"change_message_id":"d564ab57b6839375bee35807397bf04b847be72c","unresolved":false,"context_lines":[{"line_number":169,"context_line":"defaults. Using a single policy to protect CRUD for an entire API is"},{"line_number":170,"context_line":"restrictive because it prevents us from using default roles to make delegation"},{"line_number":171,"context_line":"to that API flexible. For example, a policy for `compute:foobar` could be"},{"line_number":172,"context_line":"broken into `compute:foobar:create`, `compute:foobar:update`,"},{"line_number":173,"context_line":"`compute:foobar:list`, `compute:foobar:get`, and `compute:foobar:delete`."},{"line_number":174,"context_line":"Breaking policies down this way allow us to set read-only policies for readable"},{"line_number":175,"context_line":"operations or use another default role for creation and management of `foobar`"}],"source_content_type":"text/x-rst","patch_set":1,"id":"5fc1f717_0a6841b8","line":172,"updated":"2019-03-19 18:12:41.000000000","message":"Suggest using double backticks for the literal-ish things in this paragraph. Stephen would say something about \"default role\".","commit_id":"4634a99ebc8f3848ec7a5857a170d5ec6ec8cd66"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"5142ea4373709706ba340425cd219a3c17ec88f4","unresolved":false,"context_lines":[{"line_number":169,"context_line":"defaults. Using a single policy to protect CRUD for an entire API is"},{"line_number":170,"context_line":"restrictive because it prevents us from using default roles to make delegation"},{"line_number":171,"context_line":"to that API flexible. For example, a policy for `compute:foobar` could be"},{"line_number":172,"context_line":"broken into `compute:foobar:create`, `compute:foobar:update`,"},{"line_number":173,"context_line":"`compute:foobar:list`, `compute:foobar:get`, and `compute:foobar:delete`."},{"line_number":174,"context_line":"Breaking policies down this way allow us to set read-only policies for readable"},{"line_number":175,"context_line":"operations or use another default role for creation and management of `foobar`"}],"source_content_type":"text/x-rst","patch_set":1,"id":"5fc1f717_0a5e0145","line":172,"in_reply_to":"5fc1f717_0a6841b8","updated":"2019-03-19 18:45:35.000000000","message":"Done","commit_id":"4634a99ebc8f3848ec7a5857a170d5ec6ec8cd66"},{"author":{"_account_id":14070,"name":"Eric Fried","email":"openstack@fried.cc","username":"efried"},"change_message_id":"d564ab57b6839375bee35807397bf04b847be72c","unresolved":false,"context_lines":[{"line_number":171,"context_line":"to that API flexible. For example, a policy for `compute:foobar` could be"},{"line_number":172,"context_line":"broken into `compute:foobar:create`, `compute:foobar:update`,"},{"line_number":173,"context_line":"`compute:foobar:list`, `compute:foobar:get`, and `compute:foobar:delete`."},{"line_number":174,"context_line":"Breaking policies down this way allow us to set read-only policies for readable"},{"line_number":175,"context_line":"operations or use another default role for creation and management of `foobar`"},{"line_number":176,"context_line":"resources. The oslo.policy library has `examples`_ that show how to do this"},{"line_number":177,"context_line":"used deprecated policy rules."}],"source_content_type":"text/x-rst","patch_set":1,"id":"5fc1f717_6a5a252b","line":174,"range":{"start_line":174,"start_character":32,"end_line":174,"end_character":37},"updated":"2019-03-19 18:12:41.000000000","message":"allows","commit_id":"4634a99ebc8f3848ec7a5857a170d5ec6ec8cd66"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"5142ea4373709706ba340425cd219a3c17ec88f4","unresolved":false,"context_lines":[{"line_number":171,"context_line":"to that API flexible. For example, a policy for `compute:foobar` could be"},{"line_number":172,"context_line":"broken into `compute:foobar:create`, `compute:foobar:update`,"},{"line_number":173,"context_line":"`compute:foobar:list`, `compute:foobar:get`, and `compute:foobar:delete`."},{"line_number":174,"context_line":"Breaking policies down this way allow us to set read-only policies for readable"},{"line_number":175,"context_line":"operations or use another default role for creation and management of `foobar`"},{"line_number":176,"context_line":"resources. The oslo.policy library has `examples`_ that show how to do this"},{"line_number":177,"context_line":"used deprecated policy rules."}],"source_content_type":"text/x-rst","patch_set":1,"id":"5fc1f717_6a49c589","line":174,"range":{"start_line":174,"start_character":32,"end_line":174,"end_character":37},"in_reply_to":"5fc1f717_6a5a252b","updated":"2019-03-19 18:45:35.000000000","message":"Done","commit_id":"4634a99ebc8f3848ec7a5857a170d5ec6ec8cd66"},{"author":{"_account_id":14070,"name":"Eric Fried","email":"openstack@fried.cc","username":"efried"},"change_message_id":"d564ab57b6839375bee35807397bf04b847be72c","unresolved":false,"context_lines":[{"line_number":174,"context_line":"Breaking policies down this way allow us to set read-only policies for readable"},{"line_number":175,"context_line":"operations or use another default role for creation and management of `foobar`"},{"line_number":176,"context_line":"resources. The oslo.policy library has `examples`_ that show how to do this"},{"line_number":177,"context_line":"used deprecated policy rules."},{"line_number":178,"context_line":""},{"line_number":179,"context_line":".. _examples: https://docs.openstack.org/oslo.policy/latest/reference/api/oslo_policy.policy.html#oslo_policy.policy.DeprecatedRule"}],"source_content_type":"text/x-rst","patch_set":1,"id":"5fc1f717_2a3c1dbe","line":177,"range":{"start_line":177,"start_character":0,"end_line":177,"end_character":4},"updated":"2019-03-19 18:12:41.000000000","message":"?","commit_id":"4634a99ebc8f3848ec7a5857a170d5ec6ec8cd66"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"5142ea4373709706ba340425cd219a3c17ec88f4","unresolved":false,"context_lines":[{"line_number":174,"context_line":"Breaking policies down this way allow us to set read-only policies for readable"},{"line_number":175,"context_line":"operations or use another default role for creation and management of `foobar`"},{"line_number":176,"context_line":"resources. The oslo.policy library has `examples`_ that show how to do this"},{"line_number":177,"context_line":"used deprecated policy rules."},{"line_number":178,"context_line":""},{"line_number":179,"context_line":".. _examples: https://docs.openstack.org/oslo.policy/latest/reference/api/oslo_policy.policy.html#oslo_policy.policy.DeprecatedRule"}],"source_content_type":"text/x-rst","patch_set":1,"id":"5fc1f717_ca579926","line":177,"range":{"start_line":177,"start_character":0,"end_line":177,"end_character":4},"in_reply_to":"5fc1f717_2a3c1dbe","updated":"2019-03-19 18:45:35.000000000","message":"Done","commit_id":"4634a99ebc8f3848ec7a5857a170d5ec6ec8cd66"}]}