)]}'
{"nova/api/openstack/compute/server_groups.py":[{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"9c28587b3f5557e63c3c9291ad02e0655d92040d","unresolved":false,"context_lines":[{"line_number":44,"context_line":""},{"line_number":45,"context_line":"def _authorize_context(req, action):"},{"line_number":46,"context_line":"    context \u003d req.environ[\u0027nova.context\u0027]"},{"line_number":47,"context_line":"    context.can(sg_policies.POLICY_ROOT % action, target\u003d{})"},{"line_number":48,"context_line":"    return context"},{"line_number":49,"context_line":""},{"line_number":50,"context_line":""}],"source_content_type":"text/x-python","patch_set":1,"id":"df33271e_07b7ba3c","line":47,"updated":"2020-04-03 14:04:10.000000000","message":"Sever groups are owned by the project, I think we should have the project_id here.","commit_id":"f4245eeedf9f753be7c1341a43efd661ed251a59"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"76ce888427a8ccfb06732819149f6619fd07dcba","unresolved":false,"context_lines":[{"line_number":44,"context_line":""},{"line_number":45,"context_line":"def _authorize_context(req, action):"},{"line_number":46,"context_line":"    context \u003d req.environ[\u0027nova.context\u0027]"},{"line_number":47,"context_line":"    context.can(sg_policies.POLICY_ROOT % action, target\u003d{})"},{"line_number":48,"context_line":"    return context"},{"line_number":49,"context_line":""},{"line_number":50,"context_line":""}],"source_content_type":"text/x-python","patch_set":1,"id":"df33271e_1946f650","line":47,"in_reply_to":"df33271e_07b7ba3c","updated":"2020-04-03 21:52:49.000000000","message":"yeah, at least other than GET we can pass seems. Not sure if it is ok for cerate to verify against the request projct id.\n\nlet me try and see how it looks","commit_id":"f4245eeedf9f753be7c1341a43efd661ed251a59"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"38ec346e51e052dfc7fb0fc2620e90abc9442ed4","unresolved":false,"context_lines":[{"line_number":128,"context_line":"        context.can(sg_policies.POLICY_ROOT % \u0027show\u0027,"},{"line_number":129,"context_line":"                    target\u003d{\u0027project_id\u0027: context.project_id})"},{"line_number":130,"context_line":"        try:"},{"line_number":131,"context_line":"            sg \u003d objects.InstanceGroup.get_by_uuid(context, id)"},{"line_number":132,"context_line":"        except nova.exception.InstanceGroupNotFound as e:"},{"line_number":133,"context_line":"            raise webob.exc.HTTPNotFound(explanation\u003de.format_message())"},{"line_number":134,"context_line":"        return {\u0027server_group\u0027: self._format_server_group(context, sg, req)}"}],"source_content_type":"text/x-python","patch_set":2,"id":"df33271e_7f752f98","line":131,"updated":"2020-04-07 08:50:21.000000000","message":"Do we not have sg.project_id?","commit_id":"c9dd53227a519e0442d41ddf92bc1e7c0aa0a449"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"c47202c2c3ebbd8065d55bf532f4ab561cc86090","unresolved":false,"context_lines":[{"line_number":128,"context_line":"        context.can(sg_policies.POLICY_ROOT % \u0027show\u0027,"},{"line_number":129,"context_line":"                    target\u003d{\u0027project_id\u0027: context.project_id})"},{"line_number":130,"context_line":"        try:"},{"line_number":131,"context_line":"            sg \u003d objects.InstanceGroup.get_by_uuid(context, id)"},{"line_number":132,"context_line":"        except nova.exception.InstanceGroupNotFound as e:"},{"line_number":133,"context_line":"            raise webob.exc.HTTPNotFound(explanation\u003de.format_message())"},{"line_number":134,"context_line":"        return {\u0027server_group\u0027: self._format_server_group(context, sg, req)}"}],"source_content_type":"text/x-python","patch_set":2,"id":"df33271e_67111805","line":131,"in_reply_to":"df33271e_51293799","updated":"2020-04-07 16:07:34.000000000","message":"I think we can make this the same as delete really. This matches what we do for server actions too.\n\nI am tempted to talk about only checking the instance mapping to validate the server uuid, and use its project_id, but I don\u0027t think its worth all that nonsense.","commit_id":"c9dd53227a519e0442d41ddf92bc1e7c0aa0a449"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"ae17437aa89d6dc1615851957534ac5dc7e42717","unresolved":false,"context_lines":[{"line_number":128,"context_line":"        context.can(sg_policies.POLICY_ROOT % \u0027show\u0027,"},{"line_number":129,"context_line":"                    target\u003d{\u0027project_id\u0027: context.project_id})"},{"line_number":130,"context_line":"        try:"},{"line_number":131,"context_line":"            sg \u003d objects.InstanceGroup.get_by_uuid(context, id)"},{"line_number":132,"context_line":"        except nova.exception.InstanceGroupNotFound as e:"},{"line_number":133,"context_line":"            raise webob.exc.HTTPNotFound(explanation\u003de.format_message())"},{"line_number":134,"context_line":"        return {\u0027server_group\u0027: self._format_server_group(context, sg, req)}"}],"source_content_type":"text/x-python","patch_set":2,"id":"df33271e_51293799","line":131,"in_reply_to":"df33271e_7f752f98","updated":"2020-04-07 15:08:16.000000000","message":"we have but this is call for get sg only so doing policy check later is ok ? \n\nI was thinking on this again and again whether we go get sg and then check policy to have proper error or allow policy and let DB to take care the rest ? \n\nI think doing policy check after sg is ok ?","commit_id":"c9dd53227a519e0442d41ddf92bc1e7c0aa0a449"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"38ec346e51e052dfc7fb0fc2620e90abc9442ed4","unresolved":false,"context_lines":[{"line_number":161,"context_line":"        # it does not fail if user requesting operation on for their"},{"line_number":162,"context_line":"        # own server group."},{"line_number":163,"context_line":"        context.can(sg_policies.POLICY_ROOT % \u0027index\u0027,"},{"line_number":164,"context_line":"                    target\u003d{\u0027project_id\u0027: project_id})"},{"line_number":165,"context_line":"        if \u0027all_projects\u0027 in req.GET and context.is_admin:"},{"line_number":166,"context_line":"            sgs \u003d objects.InstanceGroupList.get_all(context)"},{"line_number":167,"context_line":"        else:"}],"source_content_type":"text/x-python","patch_set":2,"id":"df33271e_bf6fb7c3","line":164,"updated":"2020-04-07 08:50:21.000000000","message":"I think this is correct, same as list servers I presume.","commit_id":"c9dd53227a519e0442d41ddf92bc1e7c0aa0a449"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"38ec346e51e052dfc7fb0fc2620e90abc9442ed4","unresolved":false,"context_lines":[{"line_number":162,"context_line":"        # own server group."},{"line_number":163,"context_line":"        context.can(sg_policies.POLICY_ROOT % \u0027index\u0027,"},{"line_number":164,"context_line":"                    target\u003d{\u0027project_id\u0027: project_id})"},{"line_number":165,"context_line":"        if \u0027all_projects\u0027 in req.GET and context.is_admin:"},{"line_number":166,"context_line":"            sgs \u003d objects.InstanceGroupList.get_all(context)"},{"line_number":167,"context_line":"        else:"},{"line_number":168,"context_line":"            sgs \u003d objects.InstanceGroupList.get_by_project_id("}],"source_content_type":"text/x-python","patch_set":2,"id":"df33271e_9f0bd322","line":165,"updated":"2020-04-07 08:50:21.000000000","message":"Erm, this should be a separate policy rule... oops. We should probably fix that.\n\nIt probably is a separate patch to this one, but I think we should fix it before we complete this chain.","commit_id":"c9dd53227a519e0442d41ddf92bc1e7c0aa0a449"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"ae17437aa89d6dc1615851957534ac5dc7e42717","unresolved":false,"context_lines":[{"line_number":162,"context_line":"        # own server group."},{"line_number":163,"context_line":"        context.can(sg_policies.POLICY_ROOT % \u0027index\u0027,"},{"line_number":164,"context_line":"                    target\u003d{\u0027project_id\u0027: project_id})"},{"line_number":165,"context_line":"        if \u0027all_projects\u0027 in req.GET and context.is_admin:"},{"line_number":166,"context_line":"            sgs \u003d objects.InstanceGroupList.get_all(context)"},{"line_number":167,"context_line":"        else:"},{"line_number":168,"context_line":"            sgs \u003d objects.InstanceGroupList.get_by_project_id("}],"source_content_type":"text/x-python","patch_set":2,"id":"df33271e_6c91fe99","line":165,"in_reply_to":"df33271e_3f91e79a","updated":"2020-04-07 15:08:16.000000000","message":"ah yeah. thanks for noticing this. Will add","commit_id":"c9dd53227a519e0442d41ddf92bc1e7c0aa0a449"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"4535f682fb7d931e9201dbf5bccb01c69472c971","unresolved":false,"context_lines":[{"line_number":162,"context_line":"        # own server group."},{"line_number":163,"context_line":"        context.can(sg_policies.POLICY_ROOT % \u0027index\u0027,"},{"line_number":164,"context_line":"                    target\u003d{\u0027project_id\u0027: project_id})"},{"line_number":165,"context_line":"        if \u0027all_projects\u0027 in req.GET and context.is_admin:"},{"line_number":166,"context_line":"            sgs \u003d objects.InstanceGroupList.get_all(context)"},{"line_number":167,"context_line":"        else:"},{"line_number":168,"context_line":"            sgs \u003d objects.InstanceGroupList.get_by_project_id("}],"source_content_type":"text/x-python","patch_set":2,"id":"df33271e_3f91e79a","line":165,"in_reply_to":"df33271e_9f0bd322","updated":"2020-04-07 08:50:47.000000000","message":"This should be system reader.","commit_id":"c9dd53227a519e0442d41ddf92bc1e7c0aa0a449"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"7426835f393652cf6bb0804ea3e0e00f4ced9f7e","unresolved":false,"context_lines":[{"line_number":184,"context_line":"        # that when we remove the default target from policy class,"},{"line_number":185,"context_line":"        # it does not fail if user requesting operation on for their"},{"line_number":186,"context_line":"        # own server group."},{"line_number":187,"context_line":"        context.can(sg_policies.POLICY_ROOT % \u0027create\u0027,"},{"line_number":188,"context_line":"                    target\u003d{\u0027project_id\u0027: context.project_id})"},{"line_number":189,"context_line":""},{"line_number":190,"context_line":"        try:"}],"source_content_type":"text/x-python","patch_set":2,"id":"df33271e_023643e8","line":187,"range":{"start_line":187,"start_character":32,"end_line":187,"end_character":43},"updated":"2020-04-07 12:19:23.000000000","message":"I am not sure we can allow system admin to call this one? they don\u0027t have a project_id defined.","commit_id":"c9dd53227a519e0442d41ddf92bc1e7c0aa0a449"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"ae17437aa89d6dc1615851957534ac5dc7e42717","unresolved":false,"context_lines":[{"line_number":184,"context_line":"        # that when we remove the default target from policy class,"},{"line_number":185,"context_line":"        # it does not fail if user requesting operation on for their"},{"line_number":186,"context_line":"        # own server group."},{"line_number":187,"context_line":"        context.can(sg_policies.POLICY_ROOT % \u0027create\u0027,"},{"line_number":188,"context_line":"                    target\u003d{\u0027project_id\u0027: context.project_id})"},{"line_number":189,"context_line":""},{"line_number":190,"context_line":"        try:"}],"source_content_type":"text/x-python","patch_set":2,"id":"df33271e_ace82616","line":187,"range":{"start_line":187,"start_character":32,"end_line":187,"end_character":43},"in_reply_to":"df33271e_023643e8","updated":"2020-04-07 15:08:16.000000000","message":"yeah, i did not think on this. Until we allow someone to create sg for someone (taking project id in request) then it does not make sense to allow system admin.","commit_id":"c9dd53227a519e0442d41ddf92bc1e7c0aa0a449"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"38ec346e51e052dfc7fb0fc2620e90abc9442ed4","unresolved":false,"context_lines":[{"line_number":215,"context_line":"            sg \u003d objects.InstanceGroup(context, policy\u003dpolicies[0])"},{"line_number":216,"context_line":"        try:"},{"line_number":217,"context_line":"            sg.name \u003d vals.get(\u0027name\u0027)"},{"line_number":218,"context_line":"            sg.project_id \u003d context.project_id"},{"line_number":219,"context_line":"            sg.user_id \u003d context.user_id"},{"line_number":220,"context_line":"            sg.create()"},{"line_number":221,"context_line":"        except ValueError as e:"}],"source_content_type":"text/x-python","patch_set":2,"id":"df33271e_1f5ea311","line":218,"updated":"2020-04-07 08:50:21.000000000","message":"Nit: I am tempted to have a local variable project_id, that is used in the target and used here.\n\nIt happens to be context.project_id, but that is just currently the only when to specify the project_id.\n\nThis will be the same for create_server.\n\n... I don\u0027t think we should allow system admin to call these APIs, because they don\u0027t have a project_id. Eeek.","commit_id":"c9dd53227a519e0442d41ddf92bc1e7c0aa0a449"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"ae17437aa89d6dc1615851957534ac5dc7e42717","unresolved":false,"context_lines":[{"line_number":215,"context_line":"            sg \u003d objects.InstanceGroup(context, policy\u003dpolicies[0])"},{"line_number":216,"context_line":"        try:"},{"line_number":217,"context_line":"            sg.name \u003d vals.get(\u0027name\u0027)"},{"line_number":218,"context_line":"            sg.project_id \u003d context.project_id"},{"line_number":219,"context_line":"            sg.user_id \u003d context.user_id"},{"line_number":220,"context_line":"            sg.create()"},{"line_number":221,"context_line":"        except ValueError as e:"}],"source_content_type":"text/x-python","patch_set":2,"id":"df33271e_6ce61e47","line":218,"in_reply_to":"df33271e_1f5ea311","updated":"2020-04-07 15:08:16.000000000","message":"yeah make sense. will fix.","commit_id":"c9dd53227a519e0442d41ddf92bc1e7c0aa0a449"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"da444569ed49fa795043bcf7071789618325442e","unresolved":false,"context_lines":[{"line_number":123,"context_line":"        context \u003d req.environ[\u0027nova.context\u0027]"},{"line_number":124,"context_line":"        try:"},{"line_number":125,"context_line":"            sg \u003d objects.InstanceGroup.get_by_uuid(context, id)"},{"line_number":126,"context_line":"            context.can(sg_policies.POLICY_ROOT % \u0027show\u0027,"},{"line_number":127,"context_line":"                        target\u003d{\u0027project_id\u0027: sg.project_id})"},{"line_number":128,"context_line":"        except nova.exception.InstanceGroupNotFound as e:"},{"line_number":129,"context_line":"            raise webob.exc.HTTPNotFound(explanation\u003de.format_message())"},{"line_number":130,"context_line":"        return {\u0027server_group\u0027: self._format_server_group(context, sg, req)}"}],"source_content_type":"text/x-python","patch_set":7,"id":"3f4c43b2_54703073","line":127,"range":{"start_line":126,"start_character":0,"end_line":127,"end_character":61},"updated":"2020-04-14 10:36:41.000000000","message":"Can you move this outside of the try block?","commit_id":"82303e0561b6ffe179478c4b420f98218aa586f1"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"b5d6721614c00e773d8009aa8aab56dcae88938b","unresolved":false,"context_lines":[{"line_number":123,"context_line":"        context \u003d req.environ[\u0027nova.context\u0027]"},{"line_number":124,"context_line":"        try:"},{"line_number":125,"context_line":"            sg \u003d objects.InstanceGroup.get_by_uuid(context, id)"},{"line_number":126,"context_line":"            context.can(sg_policies.POLICY_ROOT % \u0027show\u0027,"},{"line_number":127,"context_line":"                        target\u003d{\u0027project_id\u0027: sg.project_id})"},{"line_number":128,"context_line":"        except nova.exception.InstanceGroupNotFound as e:"},{"line_number":129,"context_line":"            raise webob.exc.HTTPNotFound(explanation\u003de.format_message())"},{"line_number":130,"context_line":"        return {\u0027server_group\u0027: self._format_server_group(context, sg, req)}"}],"source_content_type":"text/x-python","patch_set":7,"id":"3f4c43b2_c0a0f7a8","line":127,"range":{"start_line":126,"start_character":0,"end_line":127,"end_character":61},"in_reply_to":"3f4c43b2_54703073","updated":"2020-04-14 13:52:41.000000000","message":"ok. I will do in followup","commit_id":"82303e0561b6ffe179478c4b420f98218aa586f1"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"da444569ed49fa795043bcf7071789618325442e","unresolved":false,"context_lines":[{"line_number":136,"context_line":"        context \u003d req.environ[\u0027nova.context\u0027]"},{"line_number":137,"context_line":"        try:"},{"line_number":138,"context_line":"            sg \u003d objects.InstanceGroup.get_by_uuid(context, id)"},{"line_number":139,"context_line":"            context.can(sg_policies.POLICY_ROOT % \u0027delete\u0027,"},{"line_number":140,"context_line":"                        target\u003d{\u0027project_id\u0027: sg.project_id})"},{"line_number":141,"context_line":"        except nova.exception.InstanceGroupNotFound as e:"},{"line_number":142,"context_line":"            raise webob.exc.HTTPNotFound(explanation\u003de.format_message())"},{"line_number":143,"context_line":"        try:"}],"source_content_type":"text/x-python","patch_set":7,"id":"3f4c43b2_b46d349a","line":140,"range":{"start_line":139,"start_character":0,"end_line":140,"end_character":61},"updated":"2020-04-14 10:36:41.000000000","message":"Ditto","commit_id":"82303e0561b6ffe179478c4b420f98218aa586f1"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"b5d6721614c00e773d8009aa8aab56dcae88938b","unresolved":false,"context_lines":[{"line_number":136,"context_line":"        context \u003d req.environ[\u0027nova.context\u0027]"},{"line_number":137,"context_line":"        try:"},{"line_number":138,"context_line":"            sg \u003d objects.InstanceGroup.get_by_uuid(context, id)"},{"line_number":139,"context_line":"            context.can(sg_policies.POLICY_ROOT % \u0027delete\u0027,"},{"line_number":140,"context_line":"                        target\u003d{\u0027project_id\u0027: sg.project_id})"},{"line_number":141,"context_line":"        except nova.exception.InstanceGroupNotFound as e:"},{"line_number":142,"context_line":"            raise webob.exc.HTTPNotFound(explanation\u003de.format_message())"},{"line_number":143,"context_line":"        try:"}],"source_content_type":"text/x-python","patch_set":7,"id":"3f4c43b2_a0a5ebb7","line":140,"range":{"start_line":139,"start_character":0,"end_line":140,"end_character":61},"in_reply_to":"3f4c43b2_b46d349a","updated":"2020-04-14 13:52:41.000000000","message":"ack","commit_id":"82303e0561b6ffe179478c4b420f98218aa586f1"}]}