)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":5754,"name":"Alex Xu","email":"hejie.xu@intel.com","username":"xuhj"},"change_message_id":"a7bc2c0b7fee94b922d75f17c5cf38185a25e6e0","unresolved":false,"context_lines":[{"line_number":14,"context_line":""},{"line_number":15,"context_line":"This is because API does not pass the server project_id in policy target[2]"},{"line_number":16,"context_line":"and if no target is passed then, policy.py add the default targets which is"},{"line_number":17,"context_line":"nothing but context.project_id (allow for everyone who try to access)[3]"},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"This commit fix this policy by passing the server\u0027s project_id in policy"},{"line_number":20,"context_line":"target."}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"3fa7e38b_6d9b98c7","line":17,"range":{"start_line":17,"start_character":31,"end_line":17,"end_character":72},"updated":"2020-02-10 11:17:10.000000000","message":"actually, the DB query is project-only, it will stop this. But yes, if we want to remove that limit in the db query, we should fix this.","commit_id":"1780dc6e0c0d24583a30f7baa444fd12a2927fa4"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"bf0da972675c53c319319b47c60bdd8fc9a50be6","unresolved":false,"context_lines":[{"line_number":14,"context_line":""},{"line_number":15,"context_line":"This is because API does not pass the server project_id in policy target[2]"},{"line_number":16,"context_line":"and if no target is passed then, policy.py add the default targets which is"},{"line_number":17,"context_line":"nothing but context.project_id (allow for everyone who try to access)[3]"},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"This commit fix this policy by passing the server\u0027s project_id in policy"},{"line_number":20,"context_line":"target."}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"3fa7e38b_e19a2f5e","line":17,"range":{"start_line":17,"start_character":31,"end_line":17,"end_character":72},"in_reply_to":"3fa7e38b_6d9b98c7","updated":"2020-02-10 14:41:28.000000000","message":"Cleaning DB things is planned after this BP. but console output is get from guest. new test validating \"the other-project fail to get console output\" does not pass means anyone can get console of instance.\n\n-  https://zuul.opendev.org/t/openstack/build/4ba93bd504644ed0882cf9c52d1533c3","commit_id":"1780dc6e0c0d24583a30f7baa444fd12a2927fa4"},{"author":{"_account_id":5754,"name":"Alex Xu","email":"hejie.xu@intel.com","username":"xuhj"},"change_message_id":"dab554ee6a675ec9b0a4dd287e0c6e661801745d","unresolved":false,"context_lines":[{"line_number":14,"context_line":""},{"line_number":15,"context_line":"This is because API does not pass the server project_id in policy target[2]"},{"line_number":16,"context_line":"and if no target is passed then, policy.py add the default targets which is"},{"line_number":17,"context_line":"nothing but context.project_id (allow for everyone who try to access)[3]"},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"This commit fix this policy by passing the server\u0027s project_id in policy"},{"line_number":20,"context_line":"target."}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"3fa7e38b_ad4bc183","line":17,"range":{"start_line":17,"start_character":31,"end_line":17,"end_character":72},"in_reply_to":"3fa7e38b_e19a2f5e","updated":"2020-02-11 00:20:15.000000000","message":"emm...I think that because you fake the db query.","commit_id":"1780dc6e0c0d24583a30f7baa444fd12a2927fa4"}]}