)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":26458,"name":"Brin Zhang","email":"zhangbailin@inspur.com","username":"zhangbailin"},"change_message_id":"8d3e5581ad410d671990842c062c5120e5c0ba71","unresolved":false,"context_lines":[{"line_number":9,"context_line":"This adds new defaults roles in os-services API policies."},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"- GET is default with system reader role"},{"line_number":12,"context_line":"- Rest all APIs are system asmin role"},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"- Backward compatibility:"},{"line_number":15,"context_line":"    Old Rules and Defaults will keep working as it is because they"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":14,"id":"7faddb67_f01d1762","line":12,"range":{"start_line":12,"start_character":27,"end_line":12,"end_character":32},"updated":"2019-08-16 06:29:07.000000000","message":"s/asmin/admin","commit_id":"32341341bfdab0374aa8e8a466dfd71070f0e62f"}],"nova/api/openstack/compute/services.py":[{"author":{"_account_id":26458,"name":"Brin Zhang","email":"zhangbailin@inspur.com","username":"zhangbailin"},"change_message_id":"8d3e5581ad410d671990842c062c5120e5c0ba71","unresolved":false,"context_lines":[{"line_number":321,"context_line":"        to identify the service on which to perform the action. There is no"},{"line_number":322,"context_line":"        service ID passed on the path, just the action, for example"},{"line_number":323,"context_line":"        PUT /os-services/disable."},{"line_number":324,"context_line":"        \"\"\""},{"line_number":325,"context_line":"        if api_version_request.is_supported(req, min_version\u003d\u00272.11\u0027):"},{"line_number":326,"context_line":"            actions \u003d self.actions.copy()"},{"line_number":327,"context_line":"            actions[\"force-down\"] \u003d self._forced_down"}],"source_content_type":"text/x-python","patch_set":14,"id":"7faddb67_507bcb8a","line":324,"updated":"2019-08-16 06:29:07.000000000","message":"In old microversion 2.1-2.52, does need to add \"context.can(services_policies.SERVICE % \u0027update\u0027)\" to check the policies?","commit_id":"32341341bfdab0374aa8e8a466dfd71070f0e62f"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"2a1d04d24fb10f79c34d5d6516342cf83cd04be2","unresolved":false,"context_lines":[{"line_number":321,"context_line":"        to identify the service on which to perform the action. There is no"},{"line_number":322,"context_line":"        service ID passed on the path, just the action, for example"},{"line_number":323,"context_line":"        PUT /os-services/disable."},{"line_number":324,"context_line":"        \"\"\""},{"line_number":325,"context_line":"        if api_version_request.is_supported(req, min_version\u003d\u00272.11\u0027):"},{"line_number":326,"context_line":"            actions \u003d self.actions.copy()"},{"line_number":327,"context_line":"            actions[\"force-down\"] \u003d self._forced_down"}],"source_content_type":"text/x-python","patch_set":14,"id":"7faddb67_3052c113","line":324,"in_reply_to":"7faddb67_507bcb8a","updated":"2019-08-16 18:57:01.000000000","message":"That is not needed. policy check is done at each action method. For example: L182","commit_id":"32341341bfdab0374aa8e8a466dfd71070f0e62f"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"e944c566483f2436f6d27753e20c3ebffb9e21d0","unresolved":false,"context_lines":[{"line_number":338,"context_line":"            actions[\"force-down\"] \u003d self._forced_down"},{"line_number":339,"context_line":"        else:"},{"line_number":340,"context_line":"            actions \u003d self.actions"},{"line_number":341,"context_line":""},{"line_number":342,"context_line":"        return self._perform_action(req, id, body, actions)"},{"line_number":343,"context_line":""},{"line_number":344,"context_line":"    @wsgi.Controller.api_version(UUID_FOR_ID_MIN_VERSION)  # noqa F811"}],"source_content_type":"text/x-python","patch_set":18,"id":"3fa7e38b_1b72367d","line":341,"updated":"2019-11-21 17:44:34.000000000","message":"I think we might want to drop the granularity and just have a single policy that applies as expected across all microversions, i.e. just add this here:\n\n  context.can(services_policies.SERVICE % \u0027update\u0027)","commit_id":"6e05b750b32f0a8d05aaa28744186338f9d60258"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"68f23da151c223fc9f34f21d276f9a7ac0b5839c","unresolved":false,"context_lines":[{"line_number":338,"context_line":"            actions[\"force-down\"] \u003d self._forced_down"},{"line_number":339,"context_line":"        else:"},{"line_number":340,"context_line":"            actions \u003d self.actions"},{"line_number":341,"context_line":""},{"line_number":342,"context_line":"        return self._perform_action(req, id, body, actions)"},{"line_number":343,"context_line":""},{"line_number":344,"context_line":"    @wsgi.Controller.api_version(UUID_FOR_ID_MIN_VERSION)  # noqa F811"}],"source_content_type":"text/x-python","patch_set":18,"id":"3fa7e38b_d9630eaa","line":341,"in_reply_to":"3fa7e38b_1b72367d","updated":"2019-11-25 18:56:22.000000000","message":"yeah, that is much better from latest APIs point of view. Done","commit_id":"6e05b750b32f0a8d05aaa28744186338f9d60258"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"e944c566483f2436f6d27753e20c3ebffb9e21d0","unresolved":false,"context_lines":[{"line_number":410,"context_line":"        # status update."},{"line_number":411,"context_line":"        if \u0027forced_down\u0027 in body:"},{"line_number":412,"context_line":"            service.forced_down \u003d strutils.bool_from_string("},{"line_number":413,"context_line":"                body[\u0027forced_down\u0027], strict\u003dTrue)"},{"line_number":414,"context_line":""},{"line_number":415,"context_line":"        # Check to see if anything was actually updated since the schema does"},{"line_number":416,"context_line":"        # not define any required fields."}],"source_content_type":"text/x-python","patch_set":18,"id":"3fa7e38b_fbf95ac4","line":413,"updated":"2019-11-21 17:44:34.000000000","message":"so if you want the checks in the older microversion, we should probably add the check here for:\n\n   context.can(services_policies.SERVICE % \u0027force-down\u0027)\n\nHowever, I think we just have a single \"update\" check, as I can\u0027t see a use case for only one of these actions right now. It just seems too complicated to document and test correctly.","commit_id":"6e05b750b32f0a8d05aaa28744186338f9d60258"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"68f23da151c223fc9f34f21d276f9a7ac0b5839c","unresolved":false,"context_lines":[{"line_number":410,"context_line":"        # status update."},{"line_number":411,"context_line":"        if \u0027forced_down\u0027 in body:"},{"line_number":412,"context_line":"            service.forced_down \u003d strutils.bool_from_string("},{"line_number":413,"context_line":"                body[\u0027forced_down\u0027], strict\u003dTrue)"},{"line_number":414,"context_line":""},{"line_number":415,"context_line":"        # Check to see if anything was actually updated since the schema does"},{"line_number":416,"context_line":"        # not define any required fields."}],"source_content_type":"text/x-python","patch_set":18,"id":"3fa7e38b_f9f7ead2","line":413,"in_reply_to":"3fa7e38b_fbf95ac4","updated":"2019-11-25 18:56:22.000000000","message":"yeah, check with single rule is better here. Done","commit_id":"6e05b750b32f0a8d05aaa28744186338f9d60258"}],"nova/policies/services.py":[{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"e944c566483f2436f6d27753e20c3ebffb9e21d0","unresolved":false,"context_lines":[{"line_number":46,"context_line":"                \u0027method\u0027: \u0027PUT\u0027,"},{"line_number":47,"context_line":"                \u0027path\u0027: \u0027/os-services/disable-log-reason\u0027"},{"line_number":48,"context_line":"            },"},{"line_number":49,"context_line":"            {"},{"line_number":50,"context_line":"                \u0027method\u0027: \u0027PUT\u0027,"},{"line_number":51,"context_line":"                \u0027path\u0027: \u0027/os-services/force-down\u0027"},{"line_number":52,"context_line":"            },"},{"line_number":53,"context_line":"            {"},{"line_number":54,"context_line":"                # Added in microversion 2.53."},{"line_number":55,"context_line":"                \u0027method\u0027: \u0027PUT\u0027,"}],"source_content_type":"text/x-python","patch_set":18,"id":"3fa7e38b_bb31a2a4","side":"PARENT","line":52,"range":{"start_line":49,"start_character":0,"end_line":52,"end_character":14},"updated":"2019-11-21 17:44:34.000000000","message":"Wasn\u0027t this replaced in microversion 2.53?","commit_id":"cf876aabb1ed17dc73ce3a3d099c9819ada29bd4"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"68f23da151c223fc9f34f21d276f9a7ac0b5839c","unresolved":false,"context_lines":[{"line_number":46,"context_line":"                \u0027method\u0027: \u0027PUT\u0027,"},{"line_number":47,"context_line":"                \u0027path\u0027: \u0027/os-services/disable-log-reason\u0027"},{"line_number":48,"context_line":"            },"},{"line_number":49,"context_line":"            {"},{"line_number":50,"context_line":"                \u0027method\u0027: \u0027PUT\u0027,"},{"line_number":51,"context_line":"                \u0027path\u0027: \u0027/os-services/force-down\u0027"},{"line_number":52,"context_line":"            },"},{"line_number":53,"context_line":"            {"},{"line_number":54,"context_line":"                # Added in microversion 2.53."},{"line_number":55,"context_line":"                \u0027method\u0027: \u0027PUT\u0027,"}],"source_content_type":"text/x-python","patch_set":18,"id":"3fa7e38b_19452615","side":"PARENT","line":52,"range":{"start_line":49,"start_character":0,"end_line":52,"end_character":14},"in_reply_to":"3fa7e38b_bb31a2a4","updated":"2019-11-25 18:56:22.000000000","message":"yeah those are replaced in 2.53. You mean we keep those deprecated API policies as it and modify only current APIs. +1","commit_id":"cf876aabb1ed17dc73ce3a3d099c9819ada29bd4"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"e944c566483f2436f6d27753e20c3ebffb9e21d0","unresolved":false,"context_lines":[{"line_number":19,"context_line":""},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"BASE_POLICY_NAME \u003d \u0027os_compute_api:os-services\u0027"},{"line_number":22,"context_line":"SERVICE \u003d \u0027compute:services:%s\u0027"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"DEPRECATED_SERVICE_POLICY \u003d policy.DeprecatedRule("},{"line_number":25,"context_line":"    BASE_POLICY_NAME,"}],"source_content_type":"text/x-python","patch_set":18,"id":"3fa7e38b_bbd68226","line":22,"range":{"start_line":22,"start_character":19,"end_line":22,"end_character":27},"updated":"2019-11-21 17:44:34.000000000","message":"I am not sure we agreed to rename everything, should we not just go for:\n\n   os_compute_api:os-services:%s\n\nI think os-services is better, as it matches the URL, as much as that seems annoying.\n\nI am not totally against os_compute_api -\u003e compute, I just wasn\u0027t sure we decided on that? I should re-read the spec that merged again. I guess is a way to get the \"or\" of the old and new policy options :/","commit_id":"6e05b750b32f0a8d05aaa28744186338f9d60258"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"68f23da151c223fc9f34f21d276f9a7ac0b5839c","unresolved":false,"context_lines":[{"line_number":19,"context_line":""},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"BASE_POLICY_NAME \u003d \u0027os_compute_api:os-services\u0027"},{"line_number":22,"context_line":"SERVICE \u003d \u0027compute:services:%s\u0027"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"DEPRECATED_SERVICE_POLICY \u003d policy.DeprecatedRule("},{"line_number":25,"context_line":"    BASE_POLICY_NAME,"}],"source_content_type":"text/x-python","patch_set":18,"id":"3fa7e38b_f9c4ca93","line":22,"range":{"start_line":22,"start_character":19,"end_line":22,"end_character":27},"in_reply_to":"3fa7e38b_bbd68226","updated":"2019-11-25 18:56:22.000000000","message":"yeah we decided not to rename the policy. I did these where we have to add the granularity in policy. with granularity, it will be new policy name so naming the new policy with standard naming is ok ?\n\nfor other policy where no granularity needed, name will be same as old. \n\nWhen we introduce the new policy for any new API etc, we do name them with new standard name[1]\n[1] https://docs.openstack.org/oslo.policy/latest/user/usage.html#naming-policies","commit_id":"6e05b750b32f0a8d05aaa28744186338f9d60258"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"e944c566483f2436f6d27753e20c3ebffb9e21d0","unresolved":false,"context_lines":[{"line_number":52,"context_line":"        deprecated_rule\u003dDEPRECATED_SERVICE_POLICY,"},{"line_number":53,"context_line":"        deprecated_reason\u003dDEPRECATED_REASON,"},{"line_number":54,"context_line":"        deprecated_since\u003d\u002720.0.0\u0027),"},{"line_number":55,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":56,"context_line":"        name\u003dSERVICE % \u0027enable\u0027,"},{"line_number":57,"context_line":"        check_str\u003dbase.SYSTEM_ADMIN,"},{"line_number":58,"context_line":"        description\u003d\"Enables scheduling for a Compute service.\","},{"line_number":59,"context_line":"        operations\u003d["},{"line_number":60,"context_line":"            {"},{"line_number":61,"context_line":"                \u0027method\u0027: \u0027PUT\u0027,"},{"line_number":62,"context_line":"                \u0027path\u0027: \u0027/os-services/enable\u0027"},{"line_number":63,"context_line":"            },"},{"line_number":64,"context_line":"        ],"},{"line_number":65,"context_line":"        scope_types\u003d[\u0027system\u0027],"},{"line_number":66,"context_line":"        deprecated_rule\u003dDEPRECATED_SERVICE_POLICY,"},{"line_number":67,"context_line":"        deprecated_reason\u003dDEPRECATED_REASON,"},{"line_number":68,"context_line":"        deprecated_since\u003d\u002720.0.0\u0027),"},{"line_number":69,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":70,"context_line":"        name\u003dSERVICE % \u0027disable\u0027,"},{"line_number":71,"context_line":"        check_str\u003dbase.SYSTEM_ADMIN,"},{"line_number":72,"context_line":"        description\u003d\"Disable scheduling for a Compute service.\","},{"line_number":73,"context_line":"        operations\u003d["},{"line_number":74,"context_line":"            {"},{"line_number":75,"context_line":"                \u0027method\u0027: \u0027PUT\u0027,"},{"line_number":76,"context_line":"                \u0027path\u0027: \u0027/os-services/disable\u0027"},{"line_number":77,"context_line":"            },"},{"line_number":78,"context_line":"        ],"},{"line_number":79,"context_line":"        scope_types\u003d[\u0027system\u0027],"},{"line_number":80,"context_line":"        deprecated_rule\u003dDEPRECATED_SERVICE_POLICY,"},{"line_number":81,"context_line":"        deprecated_reason\u003dDEPRECATED_REASON,"},{"line_number":82,"context_line":"        deprecated_since\u003d\u002720.0.0\u0027),"},{"line_number":83,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":84,"context_line":"        name\u003dSERVICE % \u0027disable-log-reason\u0027,"},{"line_number":85,"context_line":"        check_str\u003dbase.SYSTEM_ADMIN,"},{"line_number":86,"context_line":"        description\u003d\"Logs disabled Compute service information.\","},{"line_number":87,"context_line":"        operations\u003d["},{"line_number":88,"context_line":"            {"},{"line_number":89,"context_line":"                \u0027method\u0027: \u0027PUT\u0027,"},{"line_number":90,"context_line":"                \u0027path\u0027: \u0027/os-services/disable-log-reason\u0027"},{"line_number":91,"context_line":"            },"},{"line_number":92,"context_line":"        ],"},{"line_number":93,"context_line":"        scope_types\u003d[\u0027system\u0027],"},{"line_number":94,"context_line":"        deprecated_rule\u003dDEPRECATED_SERVICE_POLICY,"},{"line_number":95,"context_line":"        deprecated_reason\u003dDEPRECATED_REASON,"},{"line_number":96,"context_line":"        deprecated_since\u003d\u002720.0.0\u0027),"},{"line_number":97,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":98,"context_line":"        name\u003dSERVICE % \u0027force-down\u0027,"},{"line_number":99,"context_line":"        check_str\u003dbase.SYSTEM_ADMIN,"},{"line_number":100,"context_line":"        description\u003d\"Set or unset forced_down flag for the compute service.\","},{"line_number":101,"context_line":"        operations\u003d["},{"line_number":102,"context_line":"            {"},{"line_number":103,"context_line":"                \u0027method\u0027: \u0027PUT\u0027,"},{"line_number":104,"context_line":"                \u0027path\u0027: \u0027/os-services/force-down\u0027"},{"line_number":105,"context_line":"            },"},{"line_number":106,"context_line":"        ],"},{"line_number":107,"context_line":"        scope_types\u003d[\u0027system\u0027],"},{"line_number":108,"context_line":"        deprecated_rule\u003dDEPRECATED_SERVICE_POLICY,"},{"line_number":109,"context_line":"        deprecated_reason\u003dDEPRECATED_REASON,"},{"line_number":110,"context_line":"        deprecated_since\u003d\u002720.0.0\u0027),"},{"line_number":111,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":112,"context_line":"        name\u003dSERVICE % \u0027update\u0027,"},{"line_number":113,"context_line":"        check_str\u003dbase.SYSTEM_ADMIN,"}],"source_content_type":"text/x-python","patch_set":18,"id":"3fa7e38b_7b27aa64","line":110,"range":{"start_line":55,"start_character":0,"end_line":110,"end_character":35},"updated":"2019-11-21 17:44:34.000000000","message":"I am not sure this makes sense, as we have more granular policy for older microversions here.","commit_id":"6e05b750b32f0a8d05aaa28744186338f9d60258"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"68f23da151c223fc9f34f21d276f9a7ac0b5839c","unresolved":false,"context_lines":[{"line_number":52,"context_line":"        deprecated_rule\u003dDEPRECATED_SERVICE_POLICY,"},{"line_number":53,"context_line":"        deprecated_reason\u003dDEPRECATED_REASON,"},{"line_number":54,"context_line":"        deprecated_since\u003d\u002720.0.0\u0027),"},{"line_number":55,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":56,"context_line":"        name\u003dSERVICE % \u0027enable\u0027,"},{"line_number":57,"context_line":"        check_str\u003dbase.SYSTEM_ADMIN,"},{"line_number":58,"context_line":"        description\u003d\"Enables scheduling for a Compute service.\","},{"line_number":59,"context_line":"        operations\u003d["},{"line_number":60,"context_line":"            {"},{"line_number":61,"context_line":"                \u0027method\u0027: \u0027PUT\u0027,"},{"line_number":62,"context_line":"                \u0027path\u0027: \u0027/os-services/enable\u0027"},{"line_number":63,"context_line":"            },"},{"line_number":64,"context_line":"        ],"},{"line_number":65,"context_line":"        scope_types\u003d[\u0027system\u0027],"},{"line_number":66,"context_line":"        deprecated_rule\u003dDEPRECATED_SERVICE_POLICY,"},{"line_number":67,"context_line":"        deprecated_reason\u003dDEPRECATED_REASON,"},{"line_number":68,"context_line":"        deprecated_since\u003d\u002720.0.0\u0027),"},{"line_number":69,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":70,"context_line":"        name\u003dSERVICE % \u0027disable\u0027,"},{"line_number":71,"context_line":"        check_str\u003dbase.SYSTEM_ADMIN,"},{"line_number":72,"context_line":"        description\u003d\"Disable scheduling for a Compute service.\","},{"line_number":73,"context_line":"        operations\u003d["},{"line_number":74,"context_line":"            {"},{"line_number":75,"context_line":"                \u0027method\u0027: \u0027PUT\u0027,"},{"line_number":76,"context_line":"                \u0027path\u0027: \u0027/os-services/disable\u0027"},{"line_number":77,"context_line":"            },"},{"line_number":78,"context_line":"        ],"},{"line_number":79,"context_line":"        scope_types\u003d[\u0027system\u0027],"},{"line_number":80,"context_line":"        deprecated_rule\u003dDEPRECATED_SERVICE_POLICY,"},{"line_number":81,"context_line":"        deprecated_reason\u003dDEPRECATED_REASON,"},{"line_number":82,"context_line":"        deprecated_since\u003d\u002720.0.0\u0027),"},{"line_number":83,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":84,"context_line":"        name\u003dSERVICE % \u0027disable-log-reason\u0027,"},{"line_number":85,"context_line":"        check_str\u003dbase.SYSTEM_ADMIN,"},{"line_number":86,"context_line":"        description\u003d\"Logs disabled Compute service information.\","},{"line_number":87,"context_line":"        operations\u003d["},{"line_number":88,"context_line":"            {"},{"line_number":89,"context_line":"                \u0027method\u0027: \u0027PUT\u0027,"},{"line_number":90,"context_line":"                \u0027path\u0027: \u0027/os-services/disable-log-reason\u0027"},{"line_number":91,"context_line":"            },"},{"line_number":92,"context_line":"        ],"},{"line_number":93,"context_line":"        scope_types\u003d[\u0027system\u0027],"},{"line_number":94,"context_line":"        deprecated_rule\u003dDEPRECATED_SERVICE_POLICY,"},{"line_number":95,"context_line":"        deprecated_reason\u003dDEPRECATED_REASON,"},{"line_number":96,"context_line":"        deprecated_since\u003d\u002720.0.0\u0027),"},{"line_number":97,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":98,"context_line":"        name\u003dSERVICE % \u0027force-down\u0027,"},{"line_number":99,"context_line":"        check_str\u003dbase.SYSTEM_ADMIN,"},{"line_number":100,"context_line":"        description\u003d\"Set or unset forced_down flag for the compute service.\","},{"line_number":101,"context_line":"        operations\u003d["},{"line_number":102,"context_line":"            {"},{"line_number":103,"context_line":"                \u0027method\u0027: \u0027PUT\u0027,"},{"line_number":104,"context_line":"                \u0027path\u0027: \u0027/os-services/force-down\u0027"},{"line_number":105,"context_line":"            },"},{"line_number":106,"context_line":"        ],"},{"line_number":107,"context_line":"        scope_types\u003d[\u0027system\u0027],"},{"line_number":108,"context_line":"        deprecated_rule\u003dDEPRECATED_SERVICE_POLICY,"},{"line_number":109,"context_line":"        deprecated_reason\u003dDEPRECATED_REASON,"},{"line_number":110,"context_line":"        deprecated_since\u003d\u002720.0.0\u0027),"},{"line_number":111,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":112,"context_line":"        name\u003dSERVICE % \u0027update\u0027,"},{"line_number":113,"context_line":"        check_str\u003dbase.SYSTEM_ADMIN,"}],"source_content_type":"text/x-python","patch_set":18,"id":"3fa7e38b_996276ac","line":110,"range":{"start_line":55,"start_character":0,"end_line":110,"end_character":35},"in_reply_to":"3fa7e38b_7b27aa64","updated":"2019-11-25 18:56:22.000000000","message":"ok, I can kepe them same and modify only latest API policy.\n\nOnly granularity needed here is for GET, Delete and Update.","commit_id":"6e05b750b32f0a8d05aaa28744186338f9d60258"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"1ed32fa387edc09484a9b782b8c0ff4611d1a634","unresolved":false,"context_lines":[{"line_number":18,"context_line":"from nova.policies import base"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"BASE_POLICY_NAME \u003d \u0027os_compute_api:os-services\u0027"},{"line_number":22,"context_line":"SERVICE \u003d \u0027compute:services:%s\u0027"},{"line_number":23,"context_line":"DEPRECATED_SERVICE_POLICY \u003d policy.DeprecatedRule("},{"line_number":24,"context_line":"    BASE_POLICY_NAME,"}],"source_content_type":"text/x-python","patch_set":20,"id":"3fa7e38b_27579404","line":21,"range":{"start_line":21,"start_character":0,"end_line":21,"end_character":16},"updated":"2019-11-26 09:43:14.000000000","message":"Nit: should we rename this, if its going away?","commit_id":"0b617bdc82d28a5d13e42a525e87043d9f5715d7"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"5f722e157067279fe606a610d4b2abfbb1556df3","unresolved":false,"context_lines":[{"line_number":18,"context_line":"from nova.policies import base"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"BASE_POLICY_NAME \u003d \u0027os_compute_api:os-services\u0027"},{"line_number":22,"context_line":"SERVICE \u003d \u0027compute:services:%s\u0027"},{"line_number":23,"context_line":"DEPRECATED_SERVICE_POLICY \u003d policy.DeprecatedRule("},{"line_number":24,"context_line":"    BASE_POLICY_NAME,"}],"source_content_type":"text/x-python","patch_set":20,"id":"3fa7e38b_612c91b2","line":21,"range":{"start_line":21,"start_character":0,"end_line":21,"end_character":16},"in_reply_to":"3fa7e38b_27579404","updated":"2019-11-26 18:48:30.000000000","message":"done.","commit_id":"0b617bdc82d28a5d13e42a525e87043d9f5715d7"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"1ed32fa387edc09484a9b782b8c0ff4611d1a634","unresolved":false,"context_lines":[{"line_number":19,"context_line":""},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"BASE_POLICY_NAME \u003d \u0027os_compute_api:os-services\u0027"},{"line_number":22,"context_line":"SERVICE \u003d \u0027compute:services:%s\u0027"},{"line_number":23,"context_line":"DEPRECATED_SERVICE_POLICY \u003d policy.DeprecatedRule("},{"line_number":24,"context_line":"    BASE_POLICY_NAME,"},{"line_number":25,"context_line":"    base.RULE_ADMIN_API,"}],"source_content_type":"text/x-python","patch_set":20,"id":"3fa7e38b_a42622cb","line":22,"range":{"start_line":22,"start_character":11,"end_line":22,"end_character":18},"updated":"2019-11-26 09:43:14.000000000","message":"I am still not convinced by the rename here.\n\nI think we should just move to:\nos_compute_api:os-services:%s\n\nAnd deprecate the base rule:\nos_compute_api:os-services\n\nI am really just thinking about trying to explain to operators why a few of the policy rules have a totally different name to all the others.\n\nI quite like how the url of os-services is in the old policy name too (although I hate we have the os in the URL, but it does make the policy rule easier to understand and find).","commit_id":"0b617bdc82d28a5d13e42a525e87043d9f5715d7"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"5f722e157067279fe606a610d4b2abfbb1556df3","unresolved":false,"context_lines":[{"line_number":19,"context_line":""},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"BASE_POLICY_NAME \u003d \u0027os_compute_api:os-services\u0027"},{"line_number":22,"context_line":"SERVICE \u003d \u0027compute:services:%s\u0027"},{"line_number":23,"context_line":"DEPRECATED_SERVICE_POLICY \u003d policy.DeprecatedRule("},{"line_number":24,"context_line":"    BASE_POLICY_NAME,"},{"line_number":25,"context_line":"    base.RULE_ADMIN_API,"}],"source_content_type":"text/x-python","patch_set":20,"id":"3fa7e38b_01583d55","line":22,"range":{"start_line":22,"start_character":11,"end_line":22,"end_character":18},"in_reply_to":"3fa7e38b_a42622cb","updated":"2019-11-26 18:48:30.000000000","message":"ok. after re-thinking i agree from operator point of view. doing all together is good way otherwise keep the consistency. \ndone.","commit_id":"0b617bdc82d28a5d13e42a525e87043d9f5715d7"},{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"3a6504b38a3fe697f735e253d818d02ab993d42d","unresolved":false,"context_lines":[{"line_number":24,"context_line":"    base.RULE_ADMIN_API,"},{"line_number":25,"context_line":")"},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"DEPRECATED_REASON \u003d \"\"\""},{"line_number":28,"context_line":"Since Ussuri release, nova API policies are introducing new default roles"},{"line_number":29,"context_line":"with scope_type capabilities. These new changes improve the security level"},{"line_number":30,"context_line":"and manageability. New policies are more rich in term of handling access"}],"source_content_type":"text/x-python","patch_set":23,"id":"3fa7e38b_25b5e8ed","line":27,"updated":"2019-12-20 22:39:25.000000000","message":"This gets dumped to the console log on unit test runs which is probably something we should be squashing so we don\u0027t blow up the stestr buffer:\n\nhttps://zuul.opendev.org/t/openstack/build/3a837b550b2344aca69eaf747dc5a0c2/log/job-output.txt#20581","commit_id":"972218e6ae0af4de565b8b1e41a20c4db13b9e7d"}],"nova/tests/unit/fake_policy.py":[{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"e944c566483f2436f6d27753e20c3ebffb9e21d0","unresolved":false,"context_lines":[{"line_number":83,"context_line":"    \"os_compute_api:os-server-groups:index\": \"\","},{"line_number":84,"context_line":"    \"os_compute_api:os-server-groups:create\": \"\","},{"line_number":85,"context_line":"    \"os_compute_api:os-server-groups:delete\": \"\","},{"line_number":86,"context_line":"    \"compute:services:list\": \"\","},{"line_number":87,"context_line":"    \"compute:services:enable\": \"\","},{"line_number":88,"context_line":"    \"compute:services:disable\": \"\","},{"line_number":89,"context_line":"    \"compute:services:disable-log-reason\": \"\","}],"source_content_type":"text/x-python","patch_set":18,"id":"3fa7e38b_7bb56aec","line":86,"updated":"2019-11-21 17:44:34.000000000","message":"Could we just remove it from this policy file now? I presume it would just fall back to the default policy?","commit_id":"6e05b750b32f0a8d05aaa28744186338f9d60258"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"5f722e157067279fe606a610d4b2abfbb1556df3","unresolved":false,"context_lines":[{"line_number":83,"context_line":"    \"os_compute_api:os-server-groups:index\": \"\","},{"line_number":84,"context_line":"    \"os_compute_api:os-server-groups:create\": \"\","},{"line_number":85,"context_line":"    \"os_compute_api:os-server-groups:delete\": \"\","},{"line_number":86,"context_line":"    \"compute:services:list\": \"\","},{"line_number":87,"context_line":"    \"compute:services:enable\": \"\","},{"line_number":88,"context_line":"    \"compute:services:disable\": \"\","},{"line_number":89,"context_line":"    \"compute:services:disable-log-reason\": \"\","}],"source_content_type":"text/x-python","patch_set":18,"id":"3fa7e38b_01659d49","line":86,"in_reply_to":"3fa7e38b_442c0eb2","updated":"2019-11-26 18:48:30.000000000","message":"yeah. \u0027no policy\u0027 fixture sounds better once we have test coverage for all policy then running everything else with no policy enforcement is safe.","commit_id":"6e05b750b32f0a8d05aaa28744186338f9d60258"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"6947205f81e1e21a8533e5493166a59f8f8bd733","unresolved":false,"context_lines":[{"line_number":83,"context_line":"    \"os_compute_api:os-server-groups:index\": \"\","},{"line_number":84,"context_line":"    \"os_compute_api:os-server-groups:create\": \"\","},{"line_number":85,"context_line":"    \"os_compute_api:os-server-groups:delete\": \"\","},{"line_number":86,"context_line":"    \"compute:services:list\": \"\","},{"line_number":87,"context_line":"    \"compute:services:enable\": \"\","},{"line_number":88,"context_line":"    \"compute:services:disable\": \"\","},{"line_number":89,"context_line":"    \"compute:services:disable-log-reason\": \"\","}],"source_content_type":"text/x-python","patch_set":18,"id":"3fa7e38b_d9bf8ec7","line":86,"in_reply_to":"3fa7e38b_7bb56aec","updated":"2019-11-25 18:59:38.000000000","message":"not sure we can remove this as most of the tests (non-policy) rely on this via fixture.","commit_id":"6e05b750b32f0a8d05aaa28744186338f9d60258"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"674f01a2054115548162cd4b73ca06c05c37d8b7","unresolved":false,"context_lines":[{"line_number":83,"context_line":"    \"os_compute_api:os-server-groups:index\": \"\","},{"line_number":84,"context_line":"    \"os_compute_api:os-server-groups:create\": \"\","},{"line_number":85,"context_line":"    \"os_compute_api:os-server-groups:delete\": \"\","},{"line_number":86,"context_line":"    \"compute:services:list\": \"\","},{"line_number":87,"context_line":"    \"compute:services:enable\": \"\","},{"line_number":88,"context_line":"    \"compute:services:disable\": \"\","},{"line_number":89,"context_line":"    \"compute:services:disable-log-reason\": \"\","}],"source_content_type":"text/x-python","patch_set":18,"id":"3fa7e38b_442c0eb2","line":86,"in_reply_to":"3fa7e38b_d9bf8ec7","updated":"2019-11-26 09:27:46.000000000","message":"Ah, OK.\n\nI guess at some point we want to move those over to the real policy file, or just have \"no policy\" fixture, where we loop through all registered rules and make them anyone.\n\nBut that is another change!","commit_id":"6e05b750b32f0a8d05aaa28744186338f9d60258"}],"nova/tests/unit/policies/base.py":[{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"e944c566483f2436f6d27753e20c3ebffb9e21d0","unresolved":false,"context_lines":[{"line_number":40,"context_line":""},{"line_number":41,"context_line":"        self.system_reader_context \u003d nova_context.RequestContext("},{"line_number":42,"context_line":"                user_id\u003d\"reader\", project_id\u003dself.reader_project_id,"},{"line_number":43,"context_line":"                roles\u003d[\u0027reader\u0027], system_scope\u003d\u0027all\u0027)"},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"        self.project_member_context \u003d nova_context.RequestContext("},{"line_number":46,"context_line":"                user_id\u003d\"project_member\", project_id\u003dself.project_id,"}],"source_content_type":"text/x-python","patch_set":18,"id":"3fa7e38b_dbc33e57","line":43,"updated":"2019-11-21 17:44:34.000000000","message":"What about system_foo_context? with the role \"foo\", it should just fail everything, but its good to check.","commit_id":"6e05b750b32f0a8d05aaa28744186338f9d60258"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"6947205f81e1e21a8533e5493166a59f8f8bd733","unresolved":false,"context_lines":[{"line_number":40,"context_line":""},{"line_number":41,"context_line":"        self.system_reader_context \u003d nova_context.RequestContext("},{"line_number":42,"context_line":"                user_id\u003d\"reader\", project_id\u003dself.reader_project_id,"},{"line_number":43,"context_line":"                roles\u003d[\u0027reader\u0027], system_scope\u003d\u0027all\u0027)"},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"        self.project_member_context \u003d nova_context.RequestContext("},{"line_number":46,"context_line":"                user_id\u003d\"project_member\", project_id\u003dself.project_id,"}],"source_content_type":"text/x-python","patch_set":18,"id":"3fa7e38b_d911cef9","line":43,"in_reply_to":"3fa7e38b_dbc33e57","updated":"2019-11-25 18:59:38.000000000","message":"done in base patch","commit_id":"6e05b750b32f0a8d05aaa28744186338f9d60258"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"e944c566483f2436f6d27753e20c3ebffb9e21d0","unresolved":false,"context_lines":[{"line_number":48,"context_line":""},{"line_number":49,"context_line":"        self.project_reader_context \u003d nova_context.RequestContext("},{"line_number":50,"context_line":"                user_id\u003d\"project_reader\", project_id\u003dself.project_id,"},{"line_number":51,"context_line":"                roles\u003d[\u0027reader\u0027])"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"        self.other_project_member_context \u003d nova_context.RequestContext("},{"line_number":54,"context_line":"                user_id\u003d\"other_project_member\","}],"source_content_type":"text/x-python","patch_set":18,"id":"3fa7e38b_bba442ba","line":51,"updated":"2019-11-21 17:44:34.000000000","message":"as above, what about project_foo_context as well, it should just fail everything (eventually).","commit_id":"6e05b750b32f0a8d05aaa28744186338f9d60258"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"6947205f81e1e21a8533e5493166a59f8f8bd733","unresolved":false,"context_lines":[{"line_number":48,"context_line":""},{"line_number":49,"context_line":"        self.project_reader_context \u003d nova_context.RequestContext("},{"line_number":50,"context_line":"                user_id\u003d\"project_reader\", project_id\u003dself.project_id,"},{"line_number":51,"context_line":"                roles\u003d[\u0027reader\u0027])"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"        self.other_project_member_context \u003d nova_context.RequestContext("},{"line_number":54,"context_line":"                user_id\u003d\"other_project_member\","}],"source_content_type":"text/x-python","patch_set":18,"id":"3fa7e38b_79d21a36","line":51,"in_reply_to":"3fa7e38b_bba442ba","updated":"2019-11-25 18:59:38.000000000","message":"done in base patch","commit_id":"6e05b750b32f0a8d05aaa28744186338f9d60258"}],"nova/tests/unit/policies/test_services.py":[{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0527cd7bd5b31d2bca4d03f7950d162333f9dd74","unresolved":false,"context_lines":[{"line_number":207,"context_line":"        self.old_update_fail_contexts \u003d [self.system_reader_context]"},{"line_number":208,"context_line":"        self.update_success_contexts \u003d []"},{"line_number":209,"context_line":"        self.update_fail_contexts \u003d [self.system_reader_context]"},{"line_number":210,"context_line":"#"},{"line_number":211,"context_line":"#"},{"line_number":212,"context_line":"#class ServicesDeprecatedPolicyTest(base.BasePolicyTest):"},{"line_number":213,"context_line":"#    \"\"\"Test os-services APIs Deprecated policies."},{"line_number":214,"context_line":"#"},{"line_number":215,"context_line":"#    This class checks if deprecated policy rules are"},{"line_number":216,"context_line":"#    overridden then, those are checked and warning is"},{"line_number":217,"context_line":"#    logged."},{"line_number":218,"context_line":"#    \"\"\""},{"line_number":219,"context_line":"#"},{"line_number":220,"context_line":"#    def setUp(self):"},{"line_number":221,"context_line":"#        super(ServicesDeprecatedPolicyTest, self).setUp()"},{"line_number":222,"context_line":"#        self.controller \u003d services_v21.ServiceController()"}],"source_content_type":"text/x-python","patch_set":13,"id":"7faddb67_24bce0da","line":219,"range":{"start_line":210,"start_character":0,"end_line":219,"end_character":1},"updated":"2019-08-15 10:49:35.000000000","message":"need to work out more on deprecated policies tests. Facing few issue right now from warning logging side.","commit_id":"3d581f288ff17cdd784c0b7910748d068b244c72"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"e944c566483f2436f6d27753e20c3ebffb9e21d0","unresolved":false,"context_lines":[{"line_number":38,"context_line":"        # Verify new defaults are working fine:"},{"line_number":39,"context_line":"        #   - Check that system admin is able to delete the service"},{"line_number":40,"context_line":"        self.delete_success_contexts \u003d [self.legacy_admin_context,"},{"line_number":41,"context_line":"                                        self.system_admin_context]"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"        # Check that project member(non admin) is not able to delete"},{"line_number":44,"context_line":"        # the service"}],"source_content_type":"text/x-python","patch_set":18,"id":"3fa7e38b_db981e77","line":41,"updated":"2019-11-21 17:44:34.000000000","message":"So I think this needs to be added in the first set of patches, before we do this change to the policy, so we can prove the tests still pass before and after this change.","commit_id":"6e05b750b32f0a8d05aaa28744186338f9d60258"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"6947205f81e1e21a8533e5493166a59f8f8bd733","unresolved":false,"context_lines":[{"line_number":38,"context_line":"        # Verify new defaults are working fine:"},{"line_number":39,"context_line":"        #   - Check that system admin is able to delete the service"},{"line_number":40,"context_line":"        self.delete_success_contexts \u003d [self.legacy_admin_context,"},{"line_number":41,"context_line":"                                        self.system_admin_context]"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"        # Check that project member(non admin) is not able to delete"},{"line_number":44,"context_line":"        # the service"}],"source_content_type":"text/x-python","patch_set":18,"id":"3fa7e38b_f9e5aa0a","line":41,"in_reply_to":"3fa7e38b_db981e77","updated":"2019-11-25 18:59:38.000000000","message":"yeah. done","commit_id":"6e05b750b32f0a8d05aaa28744186338f9d60258"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"e944c566483f2436f6d27753e20c3ebffb9e21d0","unresolved":false,"context_lines":[{"line_number":42,"context_line":""},{"line_number":43,"context_line":"        # Check that project member(non admin) is not able to delete"},{"line_number":44,"context_line":"        # the service"},{"line_number":45,"context_line":"        self.delete_fail_contexts \u003d [self.project_member_context]"},{"line_number":46,"context_line":"        # Verify old defaults are working fine with deprecated rule logic:"},{"line_number":47,"context_line":"        #   - Check that legacy admin is able to list the services"},{"line_number":48,"context_line":"        # Verify new defaults are working fine:"}],"source_content_type":"text/x-python","patch_set":18,"id":"3fa7e38b_5b7e6e1b","line":45,"updated":"2019-11-21 17:44:34.000000000","message":"Hang on, where are all the system_reader things, etc. I think we need to go through all the options in here.","commit_id":"6e05b750b32f0a8d05aaa28744186338f9d60258"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"6947205f81e1e21a8533e5493166a59f8f8bd733","unresolved":false,"context_lines":[{"line_number":42,"context_line":""},{"line_number":43,"context_line":"        # Check that project member(non admin) is not able to delete"},{"line_number":44,"context_line":"        # the service"},{"line_number":45,"context_line":"        self.delete_fail_contexts \u003d [self.project_member_context]"},{"line_number":46,"context_line":"        # Verify old defaults are working fine with deprecated rule logic:"},{"line_number":47,"context_line":"        #   - Check that legacy admin is able to list the services"},{"line_number":48,"context_line":"        # Verify new defaults are working fine:"}],"source_content_type":"text/x-python","patch_set":18,"id":"3fa7e38b_b9ebb2da","line":45,"in_reply_to":"3fa7e38b_5b7e6e1b","updated":"2019-11-25 18:59:38.000000000","message":"done","commit_id":"6e05b750b32f0a8d05aaa28744186338f9d60258"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"e944c566483f2436f6d27753e20c3ebffb9e21d0","unresolved":false,"context_lines":[{"line_number":133,"context_line":"                                     self.update_fail_contexts,"},{"line_number":134,"context_line":"                                     rule_name, self.controller.update,"},{"line_number":135,"context_line":"                                     req, service.uuid,"},{"line_number":136,"context_line":"                                     body\u003d{\u0027status\u0027: \u0027enabled\u0027})"},{"line_number":137,"context_line":""},{"line_number":138,"context_line":""},{"line_number":139,"context_line":"class ServicesScopeTypePolicyTest(ServicesPolicyTest):"}],"source_content_type":"text/x-python","patch_set":18,"id":"3fa7e38b_fb6e3a62","line":136,"updated":"2019-11-21 17:44:34.000000000","message":"This is going to really confuse people, why does\u0027t it check compute:services:enable here? Really I think we should just change everything to use the simpler \"compute:services:update\" for old and new microversions.\n\nThat is granular enough to add the reader role, and we have enough to do already.","commit_id":"6e05b750b32f0a8d05aaa28744186338f9d60258"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"6947205f81e1e21a8533e5493166a59f8f8bd733","unresolved":false,"context_lines":[{"line_number":133,"context_line":"                                     self.update_fail_contexts,"},{"line_number":134,"context_line":"                                     rule_name, self.controller.update,"},{"line_number":135,"context_line":"                                     req, service.uuid,"},{"line_number":136,"context_line":"                                     body\u003d{\u0027status\u0027: \u0027enabled\u0027})"},{"line_number":137,"context_line":""},{"line_number":138,"context_line":""},{"line_number":139,"context_line":"class ServicesScopeTypePolicyTest(ServicesPolicyTest):"}],"source_content_type":"text/x-python","patch_set":18,"id":"3fa7e38b_39b10202","line":136,"in_reply_to":"3fa7e38b_fb6e3a62","updated":"2019-11-25 18:59:38.000000000","message":"done","commit_id":"6e05b750b32f0a8d05aaa28744186338f9d60258"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"e944c566483f2436f6d27753e20c3ebffb9e21d0","unresolved":false,"context_lines":[{"line_number":147,"context_line":"    verify the expected behaviour."},{"line_number":148,"context_line":"    \"\"\""},{"line_number":149,"context_line":""},{"line_number":150,"context_line":"    def setUp(self):"},{"line_number":151,"context_line":"        super(ServicesScopeTypePolicyTest, self).setUp()"},{"line_number":152,"context_line":"        self.controller \u003d services_v21.ServiceController()"},{"line_number":153,"context_line":"        self.flags(enforce_scope\u003dTrue, group\u003d\"oslo_policy\")"},{"line_number":154,"context_line":"        self.req \u003d fakes.HTTPRequest.blank(\u0027/services\u0027)"},{"line_number":155,"context_line":"        # Check that System admin (token with system scope) is able"},{"line_number":156,"context_line":"        # to delete the service"},{"line_number":157,"context_line":"        self.delete_success_contexts \u003d [self.system_admin_context]"},{"line_number":158,"context_line":"        # Check that non-system scopped token (project scopped and legacy"},{"line_number":159,"context_line":"        # admin) is not able to delete the service"},{"line_number":160,"context_line":"        self.delete_fail_contexts \u003d [self.legacy_admin_context,"},{"line_number":161,"context_line":"                                     self.project_member_context]"},{"line_number":162,"context_line":"        # Check that System admin (token with system scope) is able"},{"line_number":163,"context_line":"        # to list the service"},{"line_number":164,"context_line":"        self.index_success_contexts \u003d [self.system_admin_context]"},{"line_number":165,"context_line":"        # Check that non-system scopped token (project scopped and legacy"},{"line_number":166,"context_line":"        # admin) is not able to list the service"},{"line_number":167,"context_line":"        self.index_fail_contexts \u003d [self.legacy_admin_context,"},{"line_number":168,"context_line":"                                    self.project_member_context]"},{"line_number":169,"context_line":"        # Check that System admin (token with system scope) is able"},{"line_number":170,"context_line":"        # to update the service"},{"line_number":171,"context_line":"        self.old_update_success_contexts \u003d [self.system_admin_context]"},{"line_number":172,"context_line":"        # Check that non-system scopped token (project scopped and legacy"},{"line_number":173,"context_line":"        # admin) is not able to update the service"},{"line_number":174,"context_line":"        self.old_update_fail_contexts \u003d [self.legacy_admin_context,"},{"line_number":175,"context_line":"                                         self.project_member_context]"},{"line_number":176,"context_line":"        # Check that System admin (token with system scope) is able"},{"line_number":177,"context_line":"        # to update the service"},{"line_number":178,"context_line":"        self.update_success_contexts \u003d [self.system_admin_context]"},{"line_number":179,"context_line":"        # Check that non-system scopped token (project scopped and legacy"},{"line_number":180,"context_line":"        # admin) is not able to update the service"},{"line_number":181,"context_line":"        self.update_fail_contexts \u003d [self.legacy_admin_context,"},{"line_number":182,"context_line":"                                     self.project_member_context]"},{"line_number":183,"context_line":""},{"line_number":184,"context_line":""},{"line_number":185,"context_line":"class ServicesSystemReaderPolicyTest(ServicesPolicyTest):"}],"source_content_type":"text/x-python","patch_set":18,"id":"3fa7e38b_3b9e1254","line":182,"range":{"start_line":150,"start_character":0,"end_line":182,"end_character":65},"updated":"2019-11-21 17:44:34.000000000","message":"I was expecting to see all the different roles added into this test, so we can see what has changed.\n\nAgain, this should all be added to the previous patches, before we change the policy defaults.","commit_id":"6e05b750b32f0a8d05aaa28744186338f9d60258"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"6947205f81e1e21a8533e5493166a59f8f8bd733","unresolved":false,"context_lines":[{"line_number":147,"context_line":"    verify the expected behaviour."},{"line_number":148,"context_line":"    \"\"\""},{"line_number":149,"context_line":""},{"line_number":150,"context_line":"    def setUp(self):"},{"line_number":151,"context_line":"        super(ServicesScopeTypePolicyTest, self).setUp()"},{"line_number":152,"context_line":"        self.controller \u003d services_v21.ServiceController()"},{"line_number":153,"context_line":"        self.flags(enforce_scope\u003dTrue, group\u003d\"oslo_policy\")"},{"line_number":154,"context_line":"        self.req \u003d fakes.HTTPRequest.blank(\u0027/services\u0027)"},{"line_number":155,"context_line":"        # Check that System admin (token with system scope) is able"},{"line_number":156,"context_line":"        # to delete the service"},{"line_number":157,"context_line":"        self.delete_success_contexts \u003d [self.system_admin_context]"},{"line_number":158,"context_line":"        # Check that non-system scopped token (project scopped and legacy"},{"line_number":159,"context_line":"        # admin) is not able to delete the service"},{"line_number":160,"context_line":"        self.delete_fail_contexts \u003d [self.legacy_admin_context,"},{"line_number":161,"context_line":"                                     self.project_member_context]"},{"line_number":162,"context_line":"        # Check that System admin (token with system scope) is able"},{"line_number":163,"context_line":"        # to list the service"},{"line_number":164,"context_line":"        self.index_success_contexts \u003d [self.system_admin_context]"},{"line_number":165,"context_line":"        # Check that non-system scopped token (project scopped and legacy"},{"line_number":166,"context_line":"        # admin) is not able to list the service"},{"line_number":167,"context_line":"        self.index_fail_contexts \u003d [self.legacy_admin_context,"},{"line_number":168,"context_line":"                                    self.project_member_context]"},{"line_number":169,"context_line":"        # Check that System admin (token with system scope) is able"},{"line_number":170,"context_line":"        # to update the service"},{"line_number":171,"context_line":"        self.old_update_success_contexts \u003d [self.system_admin_context]"},{"line_number":172,"context_line":"        # Check that non-system scopped token (project scopped and legacy"},{"line_number":173,"context_line":"        # admin) is not able to update the service"},{"line_number":174,"context_line":"        self.old_update_fail_contexts \u003d [self.legacy_admin_context,"},{"line_number":175,"context_line":"                                         self.project_member_context]"},{"line_number":176,"context_line":"        # Check that System admin (token with system scope) is able"},{"line_number":177,"context_line":"        # to update the service"},{"line_number":178,"context_line":"        self.update_success_contexts \u003d [self.system_admin_context]"},{"line_number":179,"context_line":"        # Check that non-system scopped token (project scopped and legacy"},{"line_number":180,"context_line":"        # admin) is not able to update the service"},{"line_number":181,"context_line":"        self.update_fail_contexts \u003d [self.legacy_admin_context,"},{"line_number":182,"context_line":"                                     self.project_member_context]"},{"line_number":183,"context_line":""},{"line_number":184,"context_line":""},{"line_number":185,"context_line":"class ServicesSystemReaderPolicyTest(ServicesPolicyTest):"}],"source_content_type":"text/x-python","patch_set":18,"id":"3fa7e38b_19ca066d","line":182,"range":{"start_line":150,"start_character":0,"end_line":182,"end_character":65},"in_reply_to":"3fa7e38b_3b9e1254","updated":"2019-11-25 18:59:38.000000000","message":"done","commit_id":"6e05b750b32f0a8d05aaa28744186338f9d60258"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"1ed32fa387edc09484a9b782b8c0ff4611d1a634","unresolved":false,"context_lines":[{"line_number":60,"context_line":"            self.common_policy_check(self.admin_authorized_contexts,"},{"line_number":61,"context_line":"                                     self.admin_unauthorized_contexts,"},{"line_number":62,"context_line":"                                     rule_name, self.controller.index,"},{"line_number":63,"context_line":"                                     self.req)"},{"line_number":64,"context_line":""},{"line_number":65,"context_line":"    def test_old_update_service_policy(self):"},{"line_number":66,"context_line":"        rule_name \u003d \"compute:services:update\""}],"source_content_type":"text/x-python","patch_set":20,"id":"3fa7e38b_e733bcf6","line":63,"updated":"2019-11-26 09:43:14.000000000","message":"Is this failing?","commit_id":"0b617bdc82d28a5d13e42a525e87043d9f5715d7"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"5f722e157067279fe606a610d4b2abfbb1556df3","unresolved":false,"context_lines":[{"line_number":60,"context_line":"            self.common_policy_check(self.admin_authorized_contexts,"},{"line_number":61,"context_line":"                                     self.admin_unauthorized_contexts,"},{"line_number":62,"context_line":"                                     rule_name, self.controller.index,"},{"line_number":63,"context_line":"                                     self.req)"},{"line_number":64,"context_line":""},{"line_number":65,"context_line":"    def test_old_update_service_policy(self):"},{"line_number":66,"context_line":"        rule_name \u003d \"compute:services:update\""}],"source_content_type":"text/x-python","patch_set":20,"id":"3fa7e38b_8428bb85","line":63,"in_reply_to":"3fa7e38b_e733bcf6","updated":"2019-11-26 18:48:30.000000000","message":"actually I added an error message check in base class- https://review.opendev.org/#/c/669181/12/nova/tests/unit/policies/base.py@99\n\nfor that we need to rename the changed rule name under granularity. Because of oslo will return the checked rule name not deprecated one.\n\nI can remove that error message check to avoid any change in these tests - What you say ?","commit_id":"0b617bdc82d28a5d13e42a525e87043d9f5715d7"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"5048283ecd59fd5f349a74257b0bd83fe33a7637","unresolved":false,"context_lines":[{"line_number":166,"context_line":"        self.deprecated_policy \u003d \"os_compute_api:os-services\""},{"line_number":167,"context_line":"        # Overridde rule with different checks than defaults so that we can"},{"line_number":168,"context_line":"        # verify the rule overridden case."},{"line_number":169,"context_line":"        override_rules \u003d {self.deprecated_policy: base_policy.PROJECT_MEMBER}"},{"line_number":170,"context_line":"        # NOTE(gmann): Only override the deprecated rule in policy file so"},{"line_number":171,"context_line":"        # that"},{"line_number":172,"context_line":"        # we can verify if overridden checks are considered by oslo.policy."}],"source_content_type":"text/x-python","patch_set":23,"id":"3fa7e38b_3f86fb66","line":169,"updated":"2019-12-10 13:54:39.000000000","message":"Actually, this is a bad example I think... as noted in follow on patch, but let\u0027s ignore that for now.","commit_id":"972218e6ae0af4de565b8b1e41a20c4db13b9e7d"}]}