)]}'
{"nova/tests/unit/policies/test_admin_password.py":[{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"68725d65304cbf06e31b9a9cbe15216394c2d157","unresolved":false,"context_lines":[{"line_number":41,"context_line":"                self.project_member_context,"},{"line_number":42,"context_line":"                id\u003d1, uuid\u003duuid, project_id\u003dself.project_id,"},{"line_number":43,"context_line":"                vm_state\u003dvm_states.ACTIVE,"},{"line_number":44,"context_line":"                task_state\u003dNone, launched_at\u003dtimeutils.utcnow())"},{"line_number":45,"context_line":"        self.mock_get.return_value \u003d self.instance"},{"line_number":46,"context_line":"        # Check that admin or and server owner is able to change the password"},{"line_number":47,"context_line":"        self.admin_authorized_contexts \u003d ["}],"source_content_type":"text/x-python","patch_set":2,"id":"3fa7e38b_3fc5495e","line":44,"updated":"2020-01-30 23:39:49.000000000","message":"Shouldn\u0027t we have user_id set in the instance too?\n\nSeems like we\u0027d need to set user_id in order to enforce the ability to allow only the instance\u0027s user to change the admin password:\n\nhttps://review.opendev.org/#/c/701629/2/nova/tests/unit/api/openstack/compute/test_admin_password.py@a210","commit_id":"5f2cf9b6edb381be1fa2e09aeeeac97bab816a24"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"7d3288eb3870b3e8492e441610fcb838fa45a5ed","unresolved":false,"context_lines":[{"line_number":41,"context_line":"                self.project_member_context,"},{"line_number":42,"context_line":"                id\u003d1, uuid\u003duuid, project_id\u003dself.project_id,"},{"line_number":43,"context_line":"                vm_state\u003dvm_states.ACTIVE,"},{"line_number":44,"context_line":"                task_state\u003dNone, launched_at\u003dtimeutils.utcnow())"},{"line_number":45,"context_line":"        self.mock_get.return_value \u003d self.instance"},{"line_number":46,"context_line":"        # Check that admin or and server owner is able to change the password"},{"line_number":47,"context_line":"        self.admin_authorized_contexts \u003d ["}],"source_content_type":"text/x-python","patch_set":2,"id":"3fa7e38b_7f966140","line":44,"in_reply_to":"3fa7e38b_3fc5495e","updated":"2020-01-30 23:44:53.000000000","message":"that is not used for defaults actually and I am removing that from targets in https://review.opendev.org/#/c/701642/.\n\nBut if we decide to support admin password change by users level then we can keep that.","commit_id":"5f2cf9b6edb381be1fa2e09aeeeac97bab816a24"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"3746a025d8aa4ea301cab7b8f15981fb4b3003c0","unresolved":false,"context_lines":[{"line_number":41,"context_line":"                self.project_member_context,"},{"line_number":42,"context_line":"                id\u003d1, uuid\u003duuid, project_id\u003dself.project_id,"},{"line_number":43,"context_line":"                vm_state\u003dvm_states.ACTIVE,"},{"line_number":44,"context_line":"                task_state\u003dNone, launched_at\u003dtimeutils.utcnow())"},{"line_number":45,"context_line":"        self.mock_get.return_value \u003d self.instance"},{"line_number":46,"context_line":"        # Check that admin or and server owner is able to change the password"},{"line_number":47,"context_line":"        self.admin_authorized_contexts \u003d ["}],"source_content_type":"text/x-python","patch_set":2,"id":"3fa7e38b_116cf931","line":44,"in_reply_to":"3fa7e38b_7f43c16c","updated":"2020-01-31 15:30:16.000000000","message":"done. moved the user level enforcement tests also to make sure it keep working as it was.","commit_id":"5f2cf9b6edb381be1fa2e09aeeeac97bab816a24"},{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"201d4e893c711705f9ca7de2dea883bdeb6faa35","unresolved":false,"context_lines":[{"line_number":41,"context_line":"                self.project_member_context,"},{"line_number":42,"context_line":"                id\u003d1, uuid\u003duuid, project_id\u003dself.project_id,"},{"line_number":43,"context_line":"                vm_state\u003dvm_states.ACTIVE,"},{"line_number":44,"context_line":"                task_state\u003dNone, launched_at\u003dtimeutils.utcnow())"},{"line_number":45,"context_line":"        self.mock_get.return_value \u003d self.instance"},{"line_number":46,"context_line":"        # Check that admin or and server owner is able to change the password"},{"line_number":47,"context_line":"        self.admin_authorized_contexts \u003d ["}],"source_content_type":"text/x-python","patch_set":2,"id":"3fa7e38b_7f43c16c","line":44,"in_reply_to":"3fa7e38b_7f966140","updated":"2020-01-31 00:10:05.000000000","message":"gmann and I chatted on IRC about this today and I\u0027ll add a note here for posterity:\n\nAs I understand it, as we apply the enhanced policy support, we must keep the existing policy abilities for now [1]: \"Remove any project or user checks from the policy file defaults, as this is now done in code, without breaking user-id-based-policy-enforcement\"\n\nIt may well be that user-level enforcement is not that useful to operators but I think we\u0027d want to do an ML post and/or ask at the forum whether operators care about user-level enforcement for setting admin password (and any other APIs that support it today). Then, if it\u0027s OK with most, we add some deprecation message to the policies and remove the user-level support after the transition period.\n\n[1] https://specs.openstack.org/openstack/nova-specs/specs/ussuri/approved/policy-defaults-refresh.html#backward-compatibility-and-migration-plan","commit_id":"5f2cf9b6edb381be1fa2e09aeeeac97bab816a24"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"f510ddef4f76bd737c17c8231708cd9177cea94b","unresolved":false,"context_lines":[{"line_number":70,"context_line":"    \"\"\"Test Admin Password APIs policies with system scope enabled."},{"line_number":71,"context_line":"    This class set the nova.conf [oslo_policy] enforce_scope to True"},{"line_number":72,"context_line":"    so that we can switch on the scope checking on oslo policy side."},{"line_number":73,"context_line":"    It defines the set of context with scopped token"},{"line_number":74,"context_line":"    which are allowed and not allowed to pass the policy checks."},{"line_number":75,"context_line":"    With those set of context, it will run the API operation and"},{"line_number":76,"context_line":"    verify the expected behaviour."}],"source_content_type":"text/x-python","patch_set":2,"id":"3fa7e38b_56d0cef4","line":73,"range":{"start_line":73,"start_character":39,"end_line":73,"end_character":46},"updated":"2020-02-07 17:36:46.000000000","message":"scoped","commit_id":"5f2cf9b6edb381be1fa2e09aeeeac97bab816a24"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"abc7ea226ee6edd53e8322c7c21bf86a5bfa5111","unresolved":false,"context_lines":[{"line_number":70,"context_line":"    \"\"\"Test Admin Password APIs policies with system scope enabled."},{"line_number":71,"context_line":"    This class set the nova.conf [oslo_policy] enforce_scope to True"},{"line_number":72,"context_line":"    so that we can switch on the scope checking on oslo policy side."},{"line_number":73,"context_line":"    It defines the set of context with scopped token"},{"line_number":74,"context_line":"    which are allowed and not allowed to pass the policy checks."},{"line_number":75,"context_line":"    With those set of context, it will run the API operation and"},{"line_number":76,"context_line":"    verify the expected behaviour."}],"source_content_type":"text/x-python","patch_set":2,"id":"3fa7e38b_aac3c038","line":73,"range":{"start_line":73,"start_character":39,"end_line":73,"end_character":46},"in_reply_to":"3fa7e38b_56d0cef4","updated":"2020-02-08 16:15:10.000000000","message":"Done","commit_id":"5f2cf9b6edb381be1fa2e09aeeeac97bab816a24"}]}