)]}'
{"nova/policies/server_groups.py":[{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"fd1ee2ede7b219fa3a8904b6fcad1809178fb302","unresolved":false,"context_lines":[{"line_number":24,"context_line":"server_groups_policies \u003d ["},{"line_number":25,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":26,"context_line":"        name\u003dPOLICY_ROOT % \u0027create\u0027,"},{"line_number":27,"context_line":"        check_str\u003dbase.PROJECT_MEMBER_OR_SYSTEM_ADMIN,"},{"line_number":28,"context_line":"        description\u003d\"Create a new server group\","},{"line_number":29,"context_line":"        operations\u003d["},{"line_number":30,"context_line":"            {"}],"source_content_type":"text/x-python","patch_set":1,"id":"df33271e_3fe60746","line":27,"updated":"2020-04-07 08:55:18.000000000","message":"I think this should be just PROJECT_MEMBER","commit_id":"0bd1a210ce27ccdb9c1f3eade47dea938bee7002"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"bf67864eb92e783823b1762f59ca6bb38b97fb7a","unresolved":false,"context_lines":[{"line_number":24,"context_line":"server_groups_policies \u003d ["},{"line_number":25,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":26,"context_line":"        name\u003dPOLICY_ROOT % \u0027create\u0027,"},{"line_number":27,"context_line":"        check_str\u003dbase.PROJECT_MEMBER_OR_SYSTEM_ADMIN,"},{"line_number":28,"context_line":"        description\u003d\"Create a new server group\","},{"line_number":29,"context_line":"        operations\u003d["},{"line_number":30,"context_line":"            {"}],"source_content_type":"text/x-python","patch_set":1,"id":"df33271e_4c687a86","line":27,"in_reply_to":"df33271e_3fe60746","updated":"2020-04-07 15:08:12.000000000","message":"got it. thanks.","commit_id":"0bd1a210ce27ccdb9c1f3eade47dea938bee7002"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"fd1ee2ede7b219fa3a8904b6fcad1809178fb302","unresolved":false,"context_lines":[{"line_number":48,"context_line":"    ),"},{"line_number":49,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":50,"context_line":"        name\u003dPOLICY_ROOT % \u0027index\u0027,"},{"line_number":51,"context_line":"        check_str\u003dbase.PROJECT_READER_OR_SYSTEM_READER,"},{"line_number":52,"context_line":"        description\u003d\"List all server groups\","},{"line_number":53,"context_line":"        operations\u003d["},{"line_number":54,"context_line":"            {"}],"source_content_type":"text/x-python","patch_set":1,"id":"df33271e_1f4fc334","line":51,"updated":"2020-04-07 08:55:18.000000000","message":"I think we are missing a policy, see next patch, for the all_projects parameter... which should terrible, but anyways.","commit_id":"0bd1a210ce27ccdb9c1f3eade47dea938bee7002"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"bf67864eb92e783823b1762f59ca6bb38b97fb7a","unresolved":false,"context_lines":[{"line_number":48,"context_line":"    ),"},{"line_number":49,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":50,"context_line":"        name\u003dPOLICY_ROOT % \u0027index\u0027,"},{"line_number":51,"context_line":"        check_str\u003dbase.PROJECT_READER_OR_SYSTEM_READER,"},{"line_number":52,"context_line":"        description\u003d\"List all server groups\","},{"line_number":53,"context_line":"        operations\u003d["},{"line_number":54,"context_line":"            {"}],"source_content_type":"text/x-python","patch_set":1,"id":"df33271e_ec0eaee3","line":51,"in_reply_to":"df33271e_1f4fc334","updated":"2020-04-07 15:08:12.000000000","message":"yeah, let me add","commit_id":"0bd1a210ce27ccdb9c1f3eade47dea938bee7002"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"5a71f7a0523fd9e8e911caffe0a9d2023f02b7cf","unresolved":false,"context_lines":[{"line_number":33,"context_line":"            }"},{"line_number":34,"context_line":"        ],"},{"line_number":35,"context_line":"        scope_types\u003d[\u0027project\u0027]"},{"line_number":36,"context_line":"    ),"},{"line_number":37,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":38,"context_line":"        name\u003dPOLICY_ROOT % \u0027delete\u0027,"},{"line_number":39,"context_line":"        check_str\u003dbase.PROJECT_MEMBER_OR_SYSTEM_ADMIN,"}],"source_content_type":"text/x-python","patch_set":9,"id":"3f4c43b2_541e700c","line":36,"updated":"2020-04-14 10:40:17.000000000","message":"I don\u0027t fully grok why we\u0027d want to do this. Hoping someone can explain to me","commit_id":"f9cbd1c2abf6fda8138c4290b30dadbeb9d5f3c8"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"fc47da9123c62648b23ed46988aefd5017c2d9d2","unresolved":false,"context_lines":[{"line_number":33,"context_line":"            }"},{"line_number":34,"context_line":"        ],"},{"line_number":35,"context_line":"        scope_types\u003d[\u0027project\u0027]"},{"line_number":36,"context_line":"    ),"},{"line_number":37,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":38,"context_line":"        name\u003dPOLICY_ROOT % \u0027delete\u0027,"},{"line_number":39,"context_line":"        check_str\u003dbase.PROJECT_MEMBER_OR_SYSTEM_ADMIN,"}],"source_content_type":"text/x-python","patch_set":9,"id":"3f4c43b2_1bab7089","line":36,"in_reply_to":"3f4c43b2_405fc740","updated":"2020-04-14 14:33:35.000000000","message":"Okay, that makes sense. Could we get that in the commit message since afaict it\u0027s the first time we\u0027ve seen this done in this large series.","commit_id":"f9cbd1c2abf6fda8138c4290b30dadbeb9d5f3c8"},{"author":{"_account_id":26458,"name":"Brin Zhang","email":"zhangbailin@inspur.com","username":"zhangbailin"},"change_message_id":"960c26ba048273bc5c34d1dbbcaffdd1a3df3431","unresolved":false,"context_lines":[{"line_number":33,"context_line":"            }"},{"line_number":34,"context_line":"        ],"},{"line_number":35,"context_line":"        scope_types\u003d[\u0027project\u0027]"},{"line_number":36,"context_line":"    ),"},{"line_number":37,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":38,"context_line":"        name\u003dPOLICY_ROOT % \u0027delete\u0027,"},{"line_number":39,"context_line":"        check_str\u003dbase.PROJECT_MEMBER_OR_SYSTEM_ADMIN,"}],"source_content_type":"text/x-python","patch_set":9,"id":"3f4c43b2_94ed98f1","line":36,"in_reply_to":"3f4c43b2_541e700c","updated":"2020-04-14 10:43:07.000000000","message":"+1 for why change this create scope?","commit_id":"f9cbd1c2abf6fda8138c4290b30dadbeb9d5f3c8"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"d7ff6126f61598be11af44e8f0462e398e1d67a6","unresolved":false,"context_lines":[{"line_number":33,"context_line":"            }"},{"line_number":34,"context_line":"        ],"},{"line_number":35,"context_line":"        scope_types\u003d[\u0027project\u0027]"},{"line_number":36,"context_line":"    ),"},{"line_number":37,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":38,"context_line":"        name\u003dPOLICY_ROOT % \u0027delete\u0027,"},{"line_number":39,"context_line":"        check_str\u003dbase.PROJECT_MEMBER_OR_SYSTEM_ADMIN,"}],"source_content_type":"text/x-python","patch_set":9,"id":"3f4c43b2_405fc740","line":36,"in_reply_to":"3f4c43b2_541e700c","updated":"2020-04-14 14:09:34.000000000","message":"Actually this is little tricky. POST SG need project_id to create the serve groups (same for POST server). system scope members does not have project id i mean they are not project itself.\n\nIf we allow system scope role also then created SG will have project_id of system role not the one he/she want to create the SG for (nobody can create the SG for other as API does not take project id in request ). So we thought of keeping this scoped to project as project scoped role are the only one who will create SG.","commit_id":"f9cbd1c2abf6fda8138c4290b30dadbeb9d5f3c8"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"c8ac2e2282e4ef118b18caa8bea17f984b0e9139","unresolved":false,"context_lines":[{"line_number":37,"context_line":"        # system scope members do not have project id for which"},{"line_number":38,"context_line":"        # SG needs to be created."},{"line_number":39,"context_line":"        # If we allow system scope role also then created SG will have project_id"},{"line_number":40,"context_line":"        # of system role, not the one he/she wants to create the SG for (nobody can"},{"line_number":41,"context_line":"        # create the SG for other projects because API does not take project id in"},{"line_number":42,"context_line":"        # request ). So keeping this scoped to project only as these roles"},{"line_number":43,"context_line":"        # are the only ones who will be creating SG."},{"line_number":44,"context_line":"        scope_types\u003d[\u0027project\u0027]"},{"line_number":45,"context_line":"    ),"}],"source_content_type":"text/x-python","patch_set":10,"id":"3f4c43b2_36d92183","line":42,"range":{"start_line":40,"start_character":0,"end_line":42,"end_character":74},"updated":"2020-04-14 14:57:49.000000000","message":"pep8 is going to complain about \u003e 80 characters, I suspect?","commit_id":"12d396b0a0e0ffb13008c9a9059b02c5e19e068c"}],"nova/tests/unit/policies/test_server_groups.py":[{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"1b3d9b2301574427844e2956291c5f494fac65e6","unresolved":false,"context_lines":[{"line_number":124,"context_line":"        self.admin_or_owner_authorized_contexts \u003d ["},{"line_number":125,"context_line":"            self.legacy_admin_context, self.system_admin_context,"},{"line_number":126,"context_line":"            self.system_member_context, self.project_admin_context,"},{"line_number":127,"context_line":"            self.project_member_context, self.other_project_member_context]"},{"line_number":128,"context_line":"        # Check that non-system/admin/member is not able to create, delete"},{"line_number":129,"context_line":"        # the server group."},{"line_number":130,"context_line":"        self.admin_or_owner_unauthorized_contexts \u003d ["}],"source_content_type":"text/x-python","patch_set":1,"id":"df33271e_e78c5681","line":127,"range":{"start_line":127,"start_character":41,"end_line":127,"end_character":74},"updated":"2020-04-03 14:05:38.000000000","message":"I think this should be unauthorized, once your follow on patch does the correct thing and specifies the project_id.","commit_id":"0bd1a210ce27ccdb9c1f3eade47dea938bee7002"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"466dc0bafe10957648d09aa3433db51a16f6490a","unresolved":false,"context_lines":[{"line_number":144,"context_line":"        super(ServerGroupNoLegacyPolicyTest, self).setUp()"},{"line_number":145,"context_line":"        # Check that system admin or owner is able to create, delete"},{"line_number":146,"context_line":"        # the server group."},{"line_number":147,"context_line":"        self.admin_or_owner_authorized_contexts \u003d ["},{"line_number":148,"context_line":"            self.legacy_admin_context, self.system_admin_context,"},{"line_number":149,"context_line":"            self.system_member_context, self.project_admin_context,"},{"line_number":150,"context_line":"            self.project_member_context, self.other_project_member_context]"},{"line_number":151,"context_line":"        # Check that non-system/admin/owner is not able to create, delete"},{"line_number":152,"context_line":"        # the server group."},{"line_number":153,"context_line":"        self.admin_or_owner_unauthorized_contexts \u003d ["},{"line_number":154,"context_line":"            self.system_reader_context, self.system_foo_context,"},{"line_number":155,"context_line":"            self.project_reader_context, self.project_foo_context"},{"line_number":156,"context_line":"        ]"},{"line_number":157,"context_line":"        # Check that system rader or owner is able to"},{"line_number":158,"context_line":"        # get the server group."},{"line_number":159,"context_line":"        self.system_reader_or_owner_authorized_contexts \u003d ["},{"line_number":160,"context_line":"            self.legacy_admin_context, self.system_admin_context,"},{"line_number":161,"context_line":"            self.system_member_context, self.system_reader_context,"},{"line_number":162,"context_line":"            self.project_admin_context, self.project_member_context,"},{"line_number":163,"context_line":"            self.project_reader_context, self.other_project_member_context]"},{"line_number":164,"context_line":"        # Check that non-system/reader/owner is not able to"},{"line_number":165,"context_line":"        # get the server group."},{"line_number":166,"context_line":"        self.system_reader_or_owner_unauthorized_contexts \u003d ["},{"line_number":167,"context_line":"            self.system_foo_context, self.project_foo_context"},{"line_number":168,"context_line":"        ]"},{"line_number":169,"context_line":"        # Check if project member can create the server group."},{"line_number":170,"context_line":"        self.project_member_authorized_contexts \u003d ["},{"line_number":171,"context_line":"            self.legacy_admin_context,"},{"line_number":172,"context_line":"            self.project_admin_context, self.project_member_context,"},{"line_number":173,"context_line":"            self.other_project_member_context]"},{"line_number":174,"context_line":"        # Check if non-project member cannot create the server group."},{"line_number":175,"context_line":"        self.project_member_unauthorized_contexts \u003d ["},{"line_number":176,"context_line":"            self.system_admin_context,"},{"line_number":177,"context_line":"            self.system_member_context, self.system_reader_context,"},{"line_number":178,"context_line":"            self.system_foo_context, self.project_reader_context,"},{"line_number":179,"context_line":"            self.project_foo_context"},{"line_number":180,"context_line":"        ]"}],"source_content_type":"text/x-python","patch_set":2,"id":"df33271e_7c7d276d","line":180,"range":{"start_line":147,"start_character":0,"end_line":180,"end_character":9},"updated":"2020-04-07 20:42:29.000000000","message":"all these does not give a clear pic here until we pass the project id for polict check. let me rebase this on top of passing project id patch so that we can see how it will looks like at the end.","commit_id":"a32d64ad15b0a29c3570865b08ff6dce0f87f4f3"}]}