)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"de141b23f0195e71e734b219a9fee3570abcf43e","unresolved":false,"context_lines":[{"line_number":11,"context_line":"can avoid deprecating the each policy rule during adopting"},{"line_number":12,"context_line":"the new rules as their check_str."},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"admin_api and admin_or_owner are asmrked as deprecated"},{"line_number":15,"context_line":"for removal so that we can remove them once we finish the"},{"line_number":16,"context_line":"policy migration to new rules."},{"line_number":17,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":5,"id":"3fa7e38b_83a6f80c","line":14,"range":{"start_line":14,"start_character":33,"end_line":14,"end_character":40},"updated":"2020-02-07 17:13:23.000000000","message":"marked","commit_id":"d1a933bfa71c049bc57fb0926ffdd8a5efcd686b"}],"nova/policies/base.py":[{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"da6a98d863124f9863f4b7c9ae0eaee16330375b","unresolved":false,"context_lines":[{"line_number":35,"context_line":"``nova.conf [oslo_policy] enforce_scope\u003dTrue`` which is False by default."},{"line_number":36,"context_line":"Old policies are marked as deprecated and silently going to be ignored"},{"line_number":37,"context_line":"in nova 23.0.0 (OpenStack W) release"},{"line_number":38,"context_line":"\"\"\""},{"line_number":39,"context_line":""},{"line_number":40,"context_line":"# TODO(gmann): # Special string ``system_scope:all`` is added for system"},{"line_number":41,"context_line":"# scoped policies for backwards compatibility where ``nova.conf [oslo_policy]"}],"source_content_type":"text/x-python","patch_set":1,"id":"3fa7e38b_d6752598","line":38,"updated":"2020-01-28 22:18:30.000000000","message":"In keystone, we ended up finding that long multi-line messages like this ended up making the logs massive and unusable. This information is better placed in the release notes and documentation, leaving the log warning concise and useful. In addition to shortening the log warning we also hacked the enforcer in keystone to stop repeating these messages in the logs. See https://bugs.launchpad.net/keystone/+bug/1836568 for more info.","commit_id":"a2e0d53e20a1cb46a77566cd27476d6e0712964a"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"76eb6189d3821888024070d428832e07f9a150e0","unresolved":false,"context_lines":[{"line_number":35,"context_line":"``nova.conf [oslo_policy] enforce_scope\u003dTrue`` which is False by default."},{"line_number":36,"context_line":"Old policies are marked as deprecated and silently going to be ignored"},{"line_number":37,"context_line":"in nova 23.0.0 (OpenStack W) release"},{"line_number":38,"context_line":"\"\"\""},{"line_number":39,"context_line":""},{"line_number":40,"context_line":"# TODO(gmann): # Special string ``system_scope:all`` is added for system"},{"line_number":41,"context_line":"# scoped policies for backwards compatibility where ``nova.conf [oslo_policy]"}],"source_content_type":"text/x-python","patch_set":1,"id":"3fa7e38b_56bb470f","line":38,"in_reply_to":"3fa7e38b_3f1789f2","updated":"2020-01-31 14:07:00.000000000","message":"that\u0027s true. we will have reno and spec doc for details updates about \"why\". Let me update it to one line.","commit_id":"a2e0d53e20a1cb46a77566cd27476d6e0712964a"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"ebd4b2462d4bebcc72e8584eebdff8fcecf5460c","unresolved":false,"context_lines":[{"line_number":35,"context_line":"``nova.conf [oslo_policy] enforce_scope\u003dTrue`` which is False by default."},{"line_number":36,"context_line":"Old policies are marked as deprecated and silently going to be ignored"},{"line_number":37,"context_line":"in nova 23.0.0 (OpenStack W) release"},{"line_number":38,"context_line":"\"\"\""},{"line_number":39,"context_line":""},{"line_number":40,"context_line":"# TODO(gmann): # Special string ``system_scope:all`` is added for system"},{"line_number":41,"context_line":"# scoped policies for backwards compatibility where ``nova.conf [oslo_policy]"}],"source_content_type":"text/x-python","patch_set":1,"id":"3fa7e38b_3f1789f2","line":38,"in_reply_to":"3fa7e38b_acce1cb4","updated":"2020-01-30 23:25:05.000000000","message":"I\u0027m not just talking about the unit tests. This is what the logs look like with this deprecation warning:\n\nhttp://paste.openstack.org/show/788989/\n\nThe multi-line warnings are repeated for each deprecated rule. And the warnings are reemitted every time the policy is reloaded. There\u0027s no need for a paragraph of prose to be repeated so often in the logs.","commit_id":"a2e0d53e20a1cb46a77566cd27476d6e0712964a"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"d7e4d542cdf232943c457f8db15dafadb4c7e59b","unresolved":false,"context_lines":[{"line_number":35,"context_line":"``nova.conf [oslo_policy] enforce_scope\u003dTrue`` which is False by default."},{"line_number":36,"context_line":"Old policies are marked as deprecated and silently going to be ignored"},{"line_number":37,"context_line":"in nova 23.0.0 (OpenStack W) release"},{"line_number":38,"context_line":"\"\"\""},{"line_number":39,"context_line":""},{"line_number":40,"context_line":"# TODO(gmann): # Special string ``system_scope:all`` is added for system"},{"line_number":41,"context_line":"# scoped policies for backwards compatibility where ``nova.conf [oslo_policy]"}],"source_content_type":"text/x-python","patch_set":1,"id":"3fa7e38b_acce1cb4","line":38,"in_reply_to":"3fa7e38b_d6752598","updated":"2020-01-29 01:56:37.000000000","message":"yeah we disabled those warning already. faced the failure for that and no more warning for testing side\n- https://review.opendev.org/#/c/676670/","commit_id":"a2e0d53e20a1cb46a77566cd27476d6e0712964a"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"da6a98d863124f9863f4b7c9ae0eaee16330375b","unresolved":false,"context_lines":[{"line_number":88,"context_line":"        \"context_is_admin\","},{"line_number":89,"context_line":"        \"role:admin\","},{"line_number":90,"context_line":"        \"Decides what is required for the \u0027is_admin:True\u0027 check to succeed.\"),"},{"line_number":91,"context_line":"    policy.RuleDefault("},{"line_number":92,"context_line":"        \"admin_or_owner\","},{"line_number":93,"context_line":"        \"is_admin:True or project_id:%(project_id)s\","},{"line_number":94,"context_line":"        \"Default rule for most non-Admin APIs.\"),"},{"line_number":95,"context_line":"    policy.RuleDefault("},{"line_number":96,"context_line":"        \"admin_api\","},{"line_number":97,"context_line":"        \"is_admin:True\","},{"line_number":98,"context_line":"        \"Default rule for most Admin APIs.\"),"},{"line_number":99,"context_line":"    policy.RuleDefault("},{"line_number":100,"context_line":"        name\u003d\"system_admin_api\","},{"line_number":101,"context_line":"        check_str\u003d\u0027role:admin and system_scope:all\u0027,"}],"source_content_type":"text/x-python","patch_set":1,"id":"3fa7e38b_76aa316d","line":98,"range":{"start_line":91,"start_character":4,"end_line":98,"end_character":45},"updated":"2020-01-28 22:18:30.000000000","message":"This is a little confusing, because you are actually deprecating these rules but they are now defined twice, here and in the deprecated_rules below. Instead of modifying the new system_* rules, it would be better to use deprecated_for_removal on these existing rules. Furthermore, it would be best not to deprecate them at all while the nova code itself is still using them since operators can do nothing about it if nova is using it.","commit_id":"a2e0d53e20a1cb46a77566cd27476d6e0712964a"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"6ca310c78c7243fe9370a82a21ee9340d183d7a5","unresolved":false,"context_lines":[{"line_number":88,"context_line":"        \"context_is_admin\","},{"line_number":89,"context_line":"        \"role:admin\","},{"line_number":90,"context_line":"        \"Decides what is required for the \u0027is_admin:True\u0027 check to succeed.\"),"},{"line_number":91,"context_line":"    policy.RuleDefault("},{"line_number":92,"context_line":"        \"admin_or_owner\","},{"line_number":93,"context_line":"        \"is_admin:True or project_id:%(project_id)s\","},{"line_number":94,"context_line":"        \"Default rule for most non-Admin APIs.\"),"},{"line_number":95,"context_line":"    policy.RuleDefault("},{"line_number":96,"context_line":"        \"admin_api\","},{"line_number":97,"context_line":"        \"is_admin:True\","},{"line_number":98,"context_line":"        \"Default rule for most Admin APIs.\"),"},{"line_number":99,"context_line":"    policy.RuleDefault("},{"line_number":100,"context_line":"        name\u003d\"system_admin_api\","},{"line_number":101,"context_line":"        check_str\u003d\u0027role:admin and system_scope:all\u0027,"}],"source_content_type":"text/x-python","patch_set":1,"id":"3fa7e38b_f9a03139","line":98,"range":{"start_line":91,"start_character":4,"end_line":98,"end_character":45},"in_reply_to":"3fa7e38b_39c6c943","updated":"2020-01-30 21:17:20.000000000","message":"replied on 676682. These base rule will be added in the deprecated rule of new rule which are used as check_str in all policy rules. RuleCheck will take care of these deprecated logical OR for each API policy also.\n\nThis is confirmed by test working fine with old context when new rule are changed in default check_str.","commit_id":"a2e0d53e20a1cb46a77566cd27476d6e0712964a"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"4a9cde2e19537ccc694a61b1e8a160e9006e9b33","unresolved":false,"context_lines":[{"line_number":88,"context_line":"        \"context_is_admin\","},{"line_number":89,"context_line":"        \"role:admin\","},{"line_number":90,"context_line":"        \"Decides what is required for the \u0027is_admin:True\u0027 check to succeed.\"),"},{"line_number":91,"context_line":"    policy.RuleDefault("},{"line_number":92,"context_line":"        \"admin_or_owner\","},{"line_number":93,"context_line":"        \"is_admin:True or project_id:%(project_id)s\","},{"line_number":94,"context_line":"        \"Default rule for most non-Admin APIs.\"),"},{"line_number":95,"context_line":"    policy.RuleDefault("},{"line_number":96,"context_line":"        \"admin_api\","},{"line_number":97,"context_line":"        \"is_admin:True\","},{"line_number":98,"context_line":"        \"Default rule for most Admin APIs.\"),"},{"line_number":99,"context_line":"    policy.RuleDefault("},{"line_number":100,"context_line":"        name\u003d\"system_admin_api\","},{"line_number":101,"context_line":"        check_str\u003d\u0027role:admin and system_scope:all\u0027,"}],"source_content_type":"text/x-python","patch_set":1,"id":"3fa7e38b_39c6c943","line":98,"range":{"start_line":91,"start_character":4,"end_line":98,"end_character":45},"in_reply_to":"3fa7e38b_55ceeb2c","updated":"2020-01-30 20:59:39.000000000","message":"After reading the discussion on patchset 4 of https://review.opendev.org/676682 I think I understand what this was going for, but the policies for each API need to be deprecated and changed on their own, they can\u0027t lean on deprecations made here. So I would suggest not worrying about these base rules until after the rest of the policies are addressed.","commit_id":"a2e0d53e20a1cb46a77566cd27476d6e0712964a"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"d7e4d542cdf232943c457f8db15dafadb4c7e59b","unresolved":false,"context_lines":[{"line_number":88,"context_line":"        \"context_is_admin\","},{"line_number":89,"context_line":"        \"role:admin\","},{"line_number":90,"context_line":"        \"Decides what is required for the \u0027is_admin:True\u0027 check to succeed.\"),"},{"line_number":91,"context_line":"    policy.RuleDefault("},{"line_number":92,"context_line":"        \"admin_or_owner\","},{"line_number":93,"context_line":"        \"is_admin:True or project_id:%(project_id)s\","},{"line_number":94,"context_line":"        \"Default rule for most non-Admin APIs.\"),"},{"line_number":95,"context_line":"    policy.RuleDefault("},{"line_number":96,"context_line":"        \"admin_api\","},{"line_number":97,"context_line":"        \"is_admin:True\","},{"line_number":98,"context_line":"        \"Default rule for most Admin APIs.\"),"},{"line_number":99,"context_line":"    policy.RuleDefault("},{"line_number":100,"context_line":"        name\u003d\"system_admin_api\","},{"line_number":101,"context_line":"        check_str\u003d\u0027role:admin and system_scope:all\u0027,"}],"source_content_type":"text/x-python","patch_set":1,"id":"3fa7e38b_8c09e083","line":98,"range":{"start_line":91,"start_character":4,"end_line":98,"end_character":45},"in_reply_to":"3fa7e38b_76aa316d","updated":"2020-01-29 01:56:37.000000000","message":"We need to keep these for the transition period. Once everything is moved to new defaults then we will remove (with deprecated_for_removal)these two rules.","commit_id":"a2e0d53e20a1cb46a77566cd27476d6e0712964a"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"42c7875630daae8a5412f96a19431e32e2ec2a88","unresolved":false,"context_lines":[{"line_number":88,"context_line":"        \"context_is_admin\","},{"line_number":89,"context_line":"        \"role:admin\","},{"line_number":90,"context_line":"        \"Decides what is required for the \u0027is_admin:True\u0027 check to succeed.\"),"},{"line_number":91,"context_line":"    policy.RuleDefault("},{"line_number":92,"context_line":"        \"admin_or_owner\","},{"line_number":93,"context_line":"        \"is_admin:True or project_id:%(project_id)s\","},{"line_number":94,"context_line":"        \"Default rule for most non-Admin APIs.\"),"},{"line_number":95,"context_line":"    policy.RuleDefault("},{"line_number":96,"context_line":"        \"admin_api\","},{"line_number":97,"context_line":"        \"is_admin:True\","},{"line_number":98,"context_line":"        \"Default rule for most Admin APIs.\"),"},{"line_number":99,"context_line":"    policy.RuleDefault("},{"line_number":100,"context_line":"        name\u003d\"system_admin_api\","},{"line_number":101,"context_line":"        check_str\u003d\u0027role:admin and system_scope:all\u0027,"}],"source_content_type":"text/x-python","patch_set":1,"id":"3fa7e38b_f536f750","line":98,"range":{"start_line":91,"start_character":4,"end_line":98,"end_character":45},"in_reply_to":"3fa7e38b_8c09e083","updated":"2020-01-30 17:55:38.000000000","message":"What if you just set them as deprecated for removal now? That option has an attribute you can use to point operators to the new thing they should be using.","commit_id":"a2e0d53e20a1cb46a77566cd27476d6e0712964a"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"3ec074f2a7a3c799ac75004388bfa0953d9a3f80","unresolved":false,"context_lines":[{"line_number":88,"context_line":"        \"context_is_admin\","},{"line_number":89,"context_line":"        \"role:admin\","},{"line_number":90,"context_line":"        \"Decides what is required for the \u0027is_admin:True\u0027 check to succeed.\"),"},{"line_number":91,"context_line":"    policy.RuleDefault("},{"line_number":92,"context_line":"        \"admin_or_owner\","},{"line_number":93,"context_line":"        \"is_admin:True or project_id:%(project_id)s\","},{"line_number":94,"context_line":"        \"Default rule for most non-Admin APIs.\"),"},{"line_number":95,"context_line":"    policy.RuleDefault("},{"line_number":96,"context_line":"        \"admin_api\","},{"line_number":97,"context_line":"        \"is_admin:True\","},{"line_number":98,"context_line":"        \"Default rule for most Admin APIs.\"),"},{"line_number":99,"context_line":"    policy.RuleDefault("},{"line_number":100,"context_line":"        name\u003d\"system_admin_api\","},{"line_number":101,"context_line":"        check_str\u003d\u0027role:admin and system_scope:all\u0027,"}],"source_content_type":"text/x-python","patch_set":1,"id":"3fa7e38b_55ceeb2c","line":98,"range":{"start_line":91,"start_character":4,"end_line":98,"end_character":45},"in_reply_to":"3fa7e38b_f536f750","updated":"2020-01-30 18:13:45.000000000","message":"ok, that can be done now so that we can cleanup this at the same time we move to new things.","commit_id":"a2e0d53e20a1cb46a77566cd27476d6e0712964a"}],"nova/policies/services.py":[{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"de141b23f0195e71e734b219a9fee3570abcf43e","unresolved":false,"context_lines":[{"line_number":44,"context_line":"        scope_types\u003d[\u0027system\u0027],"},{"line_number":45,"context_line":"        deprecated_rule\u003dDEPRECATED_SERVICE_POLICY,"},{"line_number":46,"context_line":"        deprecated_reason\u003dDEPRECATED_REASON,"},{"line_number":47,"context_line":"        deprecated_since\u003d\u002721.0.0\u0027),"},{"line_number":48,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":49,"context_line":"        name\u003dBASE_POLICY_NAME % \u0027update\u0027,"},{"line_number":50,"context_line":"        check_str\u003dbase.SYSTEM_ADMIN,"}],"source_content_type":"text/x-python","patch_set":5,"id":"3fa7e38b_a3e9b418","line":47,"updated":"2020-02-07 17:13:23.000000000","message":"Note that these appear to be correcting a mistake in Ia8537923ebe5ce43f48a6e5efefc0a890e6a087d, which currently only exists on master and not in stable/train (20.0.0)","commit_id":"d1a933bfa71c049bc57fb0926ffdd8a5efcd686b"}]}