)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"86596a6ce5f69dbfd2b899645173d413e23d8646","unresolved":false,"context_lines":[{"line_number":4,"context_line":"Commit:     zhangbailin \u003czhangbailin@inspur.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2020-03-07 06:28:14 +0800"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Add new default roles in os-atttach-inerfaces policies"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This adds new defaults roles in os-attach-interfaces API policies."},{"line_number":10,"context_line":"- GET rules are made granular and default to System or project reader"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":7,"id":"1fa4df85_2abea0b3","line":7,"range":{"start_line":7,"start_character":25,"end_line":7,"end_character":45},"updated":"2020-03-09 10:24:18.000000000","message":"os-attach-interfaces","commit_id":"01948df1a0d9b5ac0e31f14d4050f494e135ce82"}],"nova/policies/attach_interfaces.py":[{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"d75317d3801f71f8c2ad352eeba24bdad23201f9","unresolved":false,"context_lines":[{"line_number":81,"context_line":"                \u0027path\u0027: \u0027/servers/{server_id}/os-interface/{port_id}\u0027"},{"line_number":82,"context_line":"            }"},{"line_number":83,"context_line":"        ],"},{"line_number":84,"context_line":"        scope_types\u003d[\u0027system\u0027, \u0027project\u0027])"},{"line_number":85,"context_line":"]"},{"line_number":86,"context_line":""},{"line_number":87,"context_line":""}],"source_content_type":"text/x-python","patch_set":3,"id":"1fa4df85_a17224e2","line":84,"updated":"2020-03-02 11:09:00.000000000","message":"So my -1 earlier in the series is just asking for us to add deprecated rule in here, just as you have for the above ones.","commit_id":"6bb4766da15954432ee071b5e238a422161744ac"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"9fab6e7fdc70bc7b8837e42a790851954a8139f1","unresolved":false,"context_lines":[{"line_number":81,"context_line":"                \u0027path\u0027: \u0027/servers/{server_id}/os-interface/{port_id}\u0027"},{"line_number":82,"context_line":"            }"},{"line_number":83,"context_line":"        ],"},{"line_number":84,"context_line":"        scope_types\u003d[\u0027system\u0027, \u0027project\u0027])"},{"line_number":85,"context_line":"]"},{"line_number":86,"context_line":""},{"line_number":87,"context_line":""}],"source_content_type":"text/x-python","patch_set":3,"id":"1fa4df85_316bac1e","line":84,"in_reply_to":"1fa4df85_a17224e2","updated":"2020-03-04 19:59:23.000000000","message":"ok, let me add the deprecation in this patch as same rules are being deprecated here.","commit_id":"6bb4766da15954432ee071b5e238a422161744ac"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"9409fabb235afc44b10ca1c40878d3c8cc26ba94","unresolved":false,"context_lines":[{"line_number":34,"context_line":"attach_interfaces_policies \u003d ["},{"line_number":35,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":36,"context_line":"        name\u003dPOLICY_ROOT % \u0027list\u0027,"},{"line_number":37,"context_line":"        check_str\u003dbase.PROJECT_READER_OR_SYSTEM_READER,"},{"line_number":38,"context_line":"        description\u003d\"List port interfaces attached to a server\","},{"line_number":39,"context_line":"        operations\u003d["},{"line_number":40,"context_line":"            {"}],"source_content_type":"text/x-python","patch_set":5,"id":"1fa4df85_c15d8e47","line":37,"updated":"2020-03-06 10:06:50.000000000","message":"We need the new tests for this as well now, sorry :(","commit_id":"64cd16bb409ecf957ec02659c469cd0e92910568"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"725ff20dfe897f73bdb4280871f9094e5c35bb85","unresolved":false,"context_lines":[{"line_number":34,"context_line":"attach_interfaces_policies \u003d ["},{"line_number":35,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":36,"context_line":"        name\u003dPOLICY_ROOT % \u0027list\u0027,"},{"line_number":37,"context_line":"        check_str\u003dbase.PROJECT_READER_OR_SYSTEM_READER,"},{"line_number":38,"context_line":"        description\u003d\"List port interfaces attached to a server\","},{"line_number":39,"context_line":"        operations\u003d["},{"line_number":40,"context_line":"            {"}],"source_content_type":"text/x-python","patch_set":5,"id":"1fa4df85_b0153642","line":37,"in_reply_to":"1fa4df85_c15d8e47","updated":"2020-03-06 14:09:44.000000000","message":"yeah, i need to add deprecation for this rule also in base policy. I am actually waiting to get the base test stuff in to avoid complex rebasing:).","commit_id":"64cd16bb409ecf957ec02659c469cd0e92910568"}],"nova/policies/base.py":[{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"f82c067700920b714b6fd97089824eb2722dfa7a","unresolved":false,"context_lines":[{"line_number":133,"context_line":"        \"Default rule for System+Project read only APIs.\","},{"line_number":134,"context_line":"        deprecated_rule\u003dDEPRECATED_ADMIN_OR_OWNER_POLICY,"},{"line_number":135,"context_line":"        deprecated_reason\u003dDEPRECATED_REASON,"},{"line_number":136,"context_line":"        deprecated_since\u003d\u002721.0.0\u0027)"},{"line_number":137,"context_line":"]"},{"line_number":138,"context_line":""},{"line_number":139,"context_line":""}],"source_content_type":"text/x-python","patch_set":7,"id":"1fa4df85_8f27a6ca","line":136,"updated":"2020-03-09 09:43:58.000000000","message":"oops, good find!","commit_id":"01948df1a0d9b5ac0e31f14d4050f494e135ce82"}],"nova/tests/unit/fake_policy.py":[{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"d75317d3801f71f8c2ad352eeba24bdad23201f9","unresolved":false,"context_lines":[{"line_number":27,"context_line":"    \"os_compute_api:os-admin-password\": \"\","},{"line_number":28,"context_line":"    \"os_compute_api:os-agents\": \"\","},{"line_number":29,"context_line":"    \"os_compute_api:os-attach-interfaces:list\": \"\","},{"line_number":30,"context_line":"    \"os_compute_api:os-attach-interfaces:show\": \"\","},{"line_number":31,"context_line":"    \"os_compute_api:os-baremetal-nodes\": \"\","},{"line_number":32,"context_line":"    \"os_compute_api:os-console-output\": \"\","},{"line_number":33,"context_line":"    \"os_compute_api:os-remote-consoles\": \"\","}],"source_content_type":"text/x-python","patch_set":3,"id":"1fa4df85_c1140051","line":30,"updated":"2020-03-02 11:09:00.000000000","message":"What about the other two?","commit_id":"6bb4766da15954432ee071b5e238a422161744ac"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"9fab6e7fdc70bc7b8837e42a790851954a8139f1","unresolved":false,"context_lines":[{"line_number":27,"context_line":"    \"os_compute_api:os-admin-password\": \"\","},{"line_number":28,"context_line":"    \"os_compute_api:os-agents\": \"\","},{"line_number":29,"context_line":"    \"os_compute_api:os-attach-interfaces:list\": \"\","},{"line_number":30,"context_line":"    \"os_compute_api:os-attach-interfaces:show\": \"\","},{"line_number":31,"context_line":"    \"os_compute_api:os-baremetal-nodes\": \"\","},{"line_number":32,"context_line":"    \"os_compute_api:os-console-output\": \"\","},{"line_number":33,"context_line":"    \"os_compute_api:os-remote-consoles\": \"\","}],"source_content_type":"text/x-python","patch_set":3,"id":"1fa4df85_d1fa5841","line":30,"in_reply_to":"1fa4df85_c1140051","updated":"2020-03-04 19:59:23.000000000","message":"done","commit_id":"6bb4766da15954432ee071b5e238a422161744ac"}],"nova/tests/unit/policies/test_attach_interfaces.py":[{"author":{"_account_id":26458,"name":"Brin Zhang","email":"zhangbailin@inspur.com","username":"zhangbailin"},"change_message_id":"28e2a4d76612dcd9b4e2d07c53a3394cd57bb935","unresolved":false,"context_lines":[{"line_number":62,"context_line":"            self.legacy_admin_context, self.system_admin_context,"},{"line_number":63,"context_line":"            self.project_admin_context, self.system_member_context,"},{"line_number":64,"context_line":"            self.system_reader_context, self.project_reader_context,"},{"line_number":65,"context_line":"            self.project_member_context, self.project_foo_context"},{"line_number":66,"context_line":"        ]"},{"line_number":67,"context_line":""},{"line_number":68,"context_line":"        self.reader_unauthorized_contexts \u003d ["}],"source_content_type":"text/x-python","patch_set":3,"id":"1fa4df85_7f494f89","line":65,"range":{"start_line":65,"start_character":41,"end_line":65,"end_character":65},"updated":"2020-02-27 07:45:11.000000000","message":"Is this belongs to PROJECT_READER_OR_SYSTEM_READER? Is it an unauthorized context?\n\nIt\u0027s user is \"project_foo\", I think it\u0027s should be contained in the project_reader role.\n\n:...\\nova\\tests\\unit\\policies\\base.py\n        self.project_foo_context \u003d nova_context.RequestContext(\n                user_id\u003d\"project_foo\", project_id\u003dself.project_id,\n                roles\u003d[\u0027foo\u0027])","commit_id":"6bb4766da15954432ee071b5e238a422161744ac"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"d75317d3801f71f8c2ad352eeba24bdad23201f9","unresolved":false,"context_lines":[{"line_number":62,"context_line":"            self.legacy_admin_context, self.system_admin_context,"},{"line_number":63,"context_line":"            self.project_admin_context, self.system_member_context,"},{"line_number":64,"context_line":"            self.system_reader_context, self.project_reader_context,"},{"line_number":65,"context_line":"            self.project_member_context, self.project_foo_context"},{"line_number":66,"context_line":"        ]"},{"line_number":67,"context_line":""},{"line_number":68,"context_line":"        self.reader_unauthorized_contexts \u003d ["}],"source_content_type":"text/x-python","patch_set":3,"id":"1fa4df85_a109c431","line":65,"range":{"start_line":65,"start_character":41,"end_line":65,"end_character":65},"in_reply_to":"1fa4df85_7f494f89","updated":"2020-03-02 11:09:00.000000000","message":"yeah, it should be unauthorized.","commit_id":"6bb4766da15954432ee071b5e238a422161744ac"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"9fab6e7fdc70bc7b8837e42a790851954a8139f1","unresolved":false,"context_lines":[{"line_number":62,"context_line":"            self.legacy_admin_context, self.system_admin_context,"},{"line_number":63,"context_line":"            self.project_admin_context, self.system_member_context,"},{"line_number":64,"context_line":"            self.system_reader_context, self.project_reader_context,"},{"line_number":65,"context_line":"            self.project_member_context, self.project_foo_context"},{"line_number":66,"context_line":"        ]"},{"line_number":67,"context_line":""},{"line_number":68,"context_line":"        self.reader_unauthorized_contexts \u003d ["}],"source_content_type":"text/x-python","patch_set":3,"id":"1fa4df85_b19b1c16","line":65,"range":{"start_line":65,"start_character":41,"end_line":65,"end_character":65},"in_reply_to":"1fa4df85_a109c431","updated":"2020-03-04 19:59:23.000000000","message":"done.","commit_id":"6bb4766da15954432ee071b5e238a422161744ac"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"6a79d6aa1e79e75b35aff43cd72354106b007585","unresolved":false,"context_lines":[{"line_number":62,"context_line":"            self.legacy_admin_context, self.system_admin_context,"},{"line_number":63,"context_line":"            self.project_admin_context, self.system_member_context,"},{"line_number":64,"context_line":"            self.system_reader_context, self.project_reader_context,"},{"line_number":65,"context_line":"            self.project_member_context, self.project_foo_context"},{"line_number":66,"context_line":"        ]"},{"line_number":67,"context_line":""},{"line_number":68,"context_line":"        self.reader_unauthorized_contexts \u003d ["}],"source_content_type":"text/x-python","patch_set":3,"id":"1fa4df85_b6154de7","line":65,"range":{"start_line":65,"start_character":41,"end_line":65,"end_character":65},"in_reply_to":"1fa4df85_b19b1c16","updated":"2020-03-04 23:38:01.000000000","message":"After debugging, this is authorized because of deprecated rules. check_str for this rule is \"system_or_project_reader or admin_or_owner\" so project_foo_context pass the owner check_str.","commit_id":"6bb4766da15954432ee071b5e238a422161744ac"},{"author":{"_account_id":26458,"name":"Brin Zhang","email":"zhangbailin@inspur.com","username":"zhangbailin"},"change_message_id":"8df19f13fc8cf204ca1215349d29fe3efc6a74d1","unresolved":false,"context_lines":[{"line_number":62,"context_line":"            self.legacy_admin_context, self.system_admin_context,"},{"line_number":63,"context_line":"            self.project_admin_context, self.system_member_context,"},{"line_number":64,"context_line":"            self.system_reader_context, self.project_reader_context,"},{"line_number":65,"context_line":"            self.project_member_context, self.project_foo_context"},{"line_number":66,"context_line":"        ]"},{"line_number":67,"context_line":""},{"line_number":68,"context_line":"        self.reader_unauthorized_contexts \u003d ["}],"source_content_type":"text/x-python","patch_set":3,"id":"1fa4df85_d63fa922","line":65,"range":{"start_line":65,"start_character":41,"end_line":65,"end_character":65},"in_reply_to":"1fa4df85_b6154de7","updated":"2020-03-05 00:16:23.000000000","message":"\u003cbrinzhang\u003e gmann:Why the os-volume-attachments policy can unauthorized the self.project_foo_context context? that you can review https://review.opendev.org/#/c/710190/3/nova/tests/unit/policies/test_volumes.py@131\n\n\u003cgmann\u003e because of deprecation rules, we do not see the behavior of new defaults when we stop supporting the old one.\n\n\u003cgmann\u003e also we cannot remove the old rules otherwise it break the deployment.","commit_id":"6bb4766da15954432ee071b5e238a422161744ac"}]}