)]}'
{"doc/source/configuration/index.rst":[{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":51,"context_line":"* :doc:`Policy New Defaults \u003cpolicy-new-defaults\u003e`: Starting in the Ussuri"},{"line_number":52,"context_line":"  release, Nova API policy defines new default roles with system scope"},{"line_number":53,"context_line":"  capabilities. These new changes improve the security level and"},{"line_number":54,"context_line":"  manageability as they are richer in terms of handling access at"},{"line_number":55,"context_line":"  system and project level token with \u0027Read\u0027 and \u0027Write\u0027 roles."},{"line_number":56,"context_line":""},{"line_number":57,"context_line":".. toctree::"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_695f6ce5","line":54,"range":{"start_line":54,"start_character":15,"end_line":54,"end_character":16},"updated":"2020-04-21 09:44:33.000000000","message":"of the nova API","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":51,"context_line":"* :doc:`Policy New Defaults \u003cpolicy-new-defaults\u003e`: Starting in the Ussuri"},{"line_number":52,"context_line":"  release, Nova API policy defines new default roles with system scope"},{"line_number":53,"context_line":"  capabilities. These new changes improve the security level and"},{"line_number":54,"context_line":"  manageability as they are richer in terms of handling access at"},{"line_number":55,"context_line":"  system and project level token with \u0027Read\u0027 and \u0027Write\u0027 roles."},{"line_number":56,"context_line":""},{"line_number":57,"context_line":".. toctree::"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_1cfa5f41","line":54,"range":{"start_line":54,"start_character":15,"end_line":54,"end_character":16},"in_reply_to":"1f493fa4_695f6ce5","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"}],"doc/source/configuration/policy-new-defaults.rst":[{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"1f493fa4_a95974ff","updated":"2020-04-21 09:44:33.000000000","message":"Can you rename this to just \"policy.rst\"?","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"1f493fa4_e70e0031","in_reply_to":"1f493fa4_a95974ff","updated":"2020-04-21 16:32:10.000000000","message":"there is already policy.rst present which is used for policies references a HTML view of all the policy with description.\n\nHow about policy-concept.rst ? or underdtanding-policy.rst","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":9,"context_line":"In the Ussuri (21.0.0) release, further work was undertaken to address some issues"},{"line_number":10,"context_line":"that had been identified:"},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"#. No global vs project admin. The ``admin_only`` is used for the global admin that"},{"line_number":13,"context_line":"   is able to make almost any change to Nova, and see all details of the Nova"},{"line_number":14,"context_line":"   system. The rule passes for any user with an admin role, it doesn’t matter"},{"line_number":15,"context_line":"   which project is used."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_c96fa090","line":12,"range":{"start_line":12,"start_character":49,"end_line":12,"end_character":50},"updated":"2020-04-21 09:44:33.000000000","message":"role?","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":9,"context_line":"In the Ussuri (21.0.0) release, further work was undertaken to address some issues"},{"line_number":10,"context_line":"that had been identified:"},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"#. No global vs project admin. The ``admin_only`` is used for the global admin that"},{"line_number":13,"context_line":"   is able to make almost any change to Nova, and see all details of the Nova"},{"line_number":14,"context_line":"   system. The rule passes for any user with an admin role, it doesn’t matter"},{"line_number":15,"context_line":"   which project is used."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_471c146a","line":12,"range":{"start_line":12,"start_character":49,"end_line":12,"end_character":50},"in_reply_to":"1f493fa4_c96fa090","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":14,"context_line":"   system. The rule passes for any user with an admin role, it doesn’t matter"},{"line_number":15,"context_line":"   which project is used."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"#. No read-only roles. If you want a read only access role, several APIs share a"},{"line_number":18,"context_line":"   single policy rule for read and write actions, i.e. we don’t have the"},{"line_number":19,"context_line":"   granularity for such a role to be added."},{"line_number":20,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_096a287f","line":17,"range":{"start_line":17,"start_character":37,"end_line":17,"end_character":47},"updated":"2020-04-21 09:44:33.000000000","message":"read-only","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":14,"context_line":"   system. The rule passes for any user with an admin role, it doesn’t matter"},{"line_number":15,"context_line":"   which project is used."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"#. No read-only roles. If you want a read only access role, several APIs share a"},{"line_number":18,"context_line":"   single policy rule for read and write actions, i.e. we don’t have the"},{"line_number":19,"context_line":"   granularity for such a role to be added."},{"line_number":20,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_e73720e3","line":17,"range":{"start_line":17,"start_character":37,"end_line":17,"end_character":47},"in_reply_to":"1f493fa4_096a287f","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":14,"context_line":"   system. The rule passes for any user with an admin role, it doesn’t matter"},{"line_number":15,"context_line":"   which project is used."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"#. No read-only roles. If you want a read only access role, several APIs share a"},{"line_number":18,"context_line":"   single policy rule for read and write actions, i.e. we don’t have the"},{"line_number":19,"context_line":"   granularity for such a role to be added."},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"#. The ``admin_or_owner`` does not work as expected. For most APIs with ``admin_or_owner``,"},{"line_number":22,"context_line":"   the project authentication happened in a separate component than API in Nova that does"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_493270a9","line":19,"range":{"start_line":17,"start_character":23,"end_line":19,"end_character":43},"updated":"2020-04-21 09:44:33.000000000","message":"How about:\n\nSince several APIs tend to share a single policy rule for read and write actions, they did not provide the granularity necessary for read-only access roles.","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"a027047223036584f3ed011186522a6cafe0e5bb","unresolved":false,"context_lines":[{"line_number":14,"context_line":"   system. The rule passes for any user with an admin role, it doesn’t matter"},{"line_number":15,"context_line":"   which project is used."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"#. No read-only roles. If you want a read only access role, several APIs share a"},{"line_number":18,"context_line":"   single policy rule for read and write actions, i.e. we don’t have the"},{"line_number":19,"context_line":"   granularity for such a role to be added."},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"#. The ``admin_or_owner`` does not work as expected. For most APIs with ``admin_or_owner``,"},{"line_number":22,"context_line":"   the project authentication happened in a separate component than API in Nova that does"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_6d32d7a9","line":19,"range":{"start_line":17,"start_character":23,"end_line":19,"end_character":43},"in_reply_to":"1f493fa4_493270a9","updated":"2020-04-21 10:15:29.000000000","message":"+1, sounds better to my non-native eyes (sic!)","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":14,"context_line":"   system. The rule passes for any user with an admin role, it doesn’t matter"},{"line_number":15,"context_line":"   which project is used."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"#. No read-only roles. If you want a read only access role, several APIs share a"},{"line_number":18,"context_line":"   single policy rule for read and write actions, i.e. we don’t have the"},{"line_number":19,"context_line":"   granularity for such a role to be added."},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"#. The ``admin_or_owner`` does not work as expected. For most APIs with ``admin_or_owner``,"},{"line_number":22,"context_line":"   the project authentication happened in a separate component than API in Nova that does"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_473534da","line":19,"range":{"start_line":17,"start_character":23,"end_line":19,"end_character":43},"in_reply_to":"1f493fa4_493270a9","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":18,"context_line":"   single policy rule for read and write actions, i.e. we don’t have the"},{"line_number":19,"context_line":"   granularity for such a role to be added."},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"#. The ``admin_or_owner`` does not work as expected. For most APIs with ``admin_or_owner``,"},{"line_number":22,"context_line":"   the project authentication happened in a separate component than API in Nova that does"},{"line_number":23,"context_line":"   not honor changes to policy and thus policy could not override hard-coded"},{"line_number":24,"context_line":"   in-project checks."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_a9dcd446","line":21,"range":{"start_line":21,"start_character":26,"end_line":21,"end_character":30},"updated":"2020-04-21 09:44:33.000000000","message":"did","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":18,"context_line":"   single policy rule for read and write actions, i.e. we don’t have the"},{"line_number":19,"context_line":"   granularity for such a role to be added."},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"#. The ``admin_or_owner`` does not work as expected. For most APIs with ``admin_or_owner``,"},{"line_number":22,"context_line":"   the project authentication happened in a separate component than API in Nova that does"},{"line_number":23,"context_line":"   not honor changes to policy and thus policy could not override hard-coded"},{"line_number":24,"context_line":"   in-project checks."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_c91de010","line":21,"range":{"start_line":21,"start_character":25,"end_line":21,"end_character":26},"updated":"2020-04-21 09:44:33.000000000","message":"role","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":18,"context_line":"   single policy rule for read and write actions, i.e. we don’t have the"},{"line_number":19,"context_line":"   granularity for such a role to be added."},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"#. The ``admin_or_owner`` does not work as expected. For most APIs with ``admin_or_owner``,"},{"line_number":22,"context_line":"   the project authentication happened in a separate component than API in Nova that does"},{"line_number":23,"context_line":"   not honor changes to policy and thus policy could not override hard-coded"},{"line_number":24,"context_line":"   in-project checks."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_c7a4a40b","line":21,"range":{"start_line":21,"start_character":25,"end_line":21,"end_character":26},"in_reply_to":"1f493fa4_c91de010","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":19,"context_line":"   granularity for such a role to be added."},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"#. The ``admin_or_owner`` does not work as expected. For most APIs with ``admin_or_owner``,"},{"line_number":22,"context_line":"   the project authentication happened in a separate component than API in Nova that does"},{"line_number":23,"context_line":"   not honor changes to policy and thus policy could not override hard-coded"},{"line_number":24,"context_line":"   in-project checks."},{"line_number":25,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_e9e53c0c","line":22,"range":{"start_line":22,"start_character":85,"end_line":22,"end_character":89},"updated":"2020-04-21 09:44:33.000000000","message":"did","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":19,"context_line":"   granularity for such a role to be added."},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"#. The ``admin_or_owner`` does not work as expected. For most APIs with ``admin_or_owner``,"},{"line_number":22,"context_line":"   the project authentication happened in a separate component than API in Nova that does"},{"line_number":23,"context_line":"   not honor changes to policy and thus policy could not override hard-coded"},{"line_number":24,"context_line":"   in-project checks."},{"line_number":25,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_a7a998e0","line":22,"range":{"start_line":22,"start_character":85,"end_line":22,"end_character":89},"in_reply_to":"1f493fa4_e9e53c0c","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":20,"context_line":""},{"line_number":21,"context_line":"#. The ``admin_or_owner`` does not work as expected. For most APIs with ``admin_or_owner``,"},{"line_number":22,"context_line":"   the project authentication happened in a separate component than API in Nova that does"},{"line_number":23,"context_line":"   not honor changes to policy and thus policy could not override hard-coded"},{"line_number":24,"context_line":"   in-project checks."},{"line_number":25,"context_line":""},{"line_number":26,"context_line":"Keystone comes with ``admin``, ``member`` and ``reader`` roles by default."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_29f0c4c9","line":23,"range":{"start_line":23,"start_character":30,"end_line":23,"end_character":39},"updated":"2020-04-21 09:44:33.000000000","message":". As a result,","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":20,"context_line":""},{"line_number":21,"context_line":"#. The ``admin_or_owner`` does not work as expected. For most APIs with ``admin_or_owner``,"},{"line_number":22,"context_line":"   the project authentication happened in a separate component than API in Nova that does"},{"line_number":23,"context_line":"   not honor changes to policy and thus policy could not override hard-coded"},{"line_number":24,"context_line":"   in-project checks."},{"line_number":25,"context_line":""},{"line_number":26,"context_line":"Keystone comes with ``admin``, ``member`` and ``reader`` roles by default."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_07ae8ce6","line":23,"range":{"start_line":23,"start_character":30,"end_line":23,"end_character":39},"in_reply_to":"1f493fa4_29f0c4c9","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":26,"context_line":"Keystone comes with ``admin``, ``member`` and ``reader`` roles by default."},{"line_number":27,"context_line":"You can get more information about these new defaults in `new defaults`_"},{"line_number":28,"context_line":"document."},{"line_number":29,"context_line":""},{"line_number":30,"context_line":"In addition, keystone supports a new \"system scope\" concept that makes it easier to"},{"line_number":31,"context_line":"protect deployment level resources from project or system level resources. Please"},{"line_number":32,"context_line":"refer to the `available scope`_ document and `system scope specification`_ to understand"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_a9b5f4f0","line":29,"updated":"2020-04-21 09:44:33.000000000","message":"Can you drop this newline and join these two paragraphs?","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":26,"context_line":"Keystone comes with ``admin``, ``member`` and ``reader`` roles by default."},{"line_number":27,"context_line":"You can get more information about these new defaults in `new defaults`_"},{"line_number":28,"context_line":"document."},{"line_number":29,"context_line":""},{"line_number":30,"context_line":"In addition, keystone supports a new \"system scope\" concept that makes it easier to"},{"line_number":31,"context_line":"protect deployment level resources from project or system level resources. Please"},{"line_number":32,"context_line":"refer to the `available scope`_ document and `system scope specification`_ to understand"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_e7aa80d0","line":29,"in_reply_to":"1f493fa4_a9b5f4f0","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":44,"context_line":"first two issues mentioned above and extend more functionality to end users in a safe"},{"line_number":45,"context_line":"and secure way."},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"Please refer to this `nova specification`_ also for more detail."},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"Scope"},{"line_number":50,"context_line":"-----"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_49a550b5","line":47,"range":{"start_line":47,"start_character":0,"end_line":47,"end_character":64},"updated":"2020-04-21 09:44:33.000000000","message":"More information is provided in the `nova specification`__.","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":44,"context_line":"first two issues mentioned above and extend more functionality to end users in a safe"},{"line_number":45,"context_line":"and secure way."},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"Please refer to this `nova specification`_ also for more detail."},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"Scope"},{"line_number":50,"context_line":"-----"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_8783bc56","line":47,"range":{"start_line":47,"start_character":0,"end_line":47,"end_character":64},"in_reply_to":"1f493fa4_49a550b5","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":54,"context_line":"Token scopes represent the layer of authorization. Policy ``scope_types`` represent"},{"line_number":55,"context_line":"the layer of authorization required to access an API."},{"line_number":56,"context_line":""},{"line_number":57,"context_line":".. note:: ``scope_type`` is hardcoded in APIs and not overridable via policy file."},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"Nova policies have implemented the scope concept by defining the ``scope_type``"},{"line_number":60,"context_line":"in policies. To know each policy\u0027s ``scope_type``, please refer to the"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_69b76cda","line":57,"updated":"2020-04-21 09:44:33.000000000","message":"It took me a while to understand what you were trying to say. I think you mean:\n\n  .. note::\n\n     The ``scope_type`` of each policy is hardcoded and is not\n     not overridable via the policy file.","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":54,"context_line":"Token scopes represent the layer of authorization. Policy ``scope_types`` represent"},{"line_number":55,"context_line":"the layer of authorization required to access an API."},{"line_number":56,"context_line":""},{"line_number":57,"context_line":".. note:: ``scope_type`` is hardcoded in APIs and not overridable via policy file."},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"Nova policies have implemented the scope concept by defining the ``scope_type``"},{"line_number":60,"context_line":"in policies. To know each policy\u0027s ``scope_type``, please refer to the"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_87e8dc16","line":57,"in_reply_to":"1f493fa4_69b76cda","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"a027047223036584f3ed011186522a6cafe0e5bb","unresolved":false,"context_lines":[{"line_number":61,"context_line":":doc:`Policy Reference \u003c/configuration/policy\u003e` and look for ``Scope Types`` or"},{"line_number":62,"context_line":"``Intended scope(s)`` in `Policy Sample File`_ as shown in below examples."},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"#. ``system`` Scope"},{"line_number":65,"context_line":""},{"line_number":66,"context_line":"   Policies with ``scope_type`` as ``system`` means a user with"},{"line_number":67,"context_line":"   ``system-scoped`` token has permission to access. This can be"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_0d7d131c","line":64,"range":{"start_line":64,"start_character":14,"end_line":64,"end_character":15},"updated":"2020-04-21 10:15:29.000000000","message":"do we need capital letter here?","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":61,"context_line":":doc:`Policy Reference \u003c/configuration/policy\u003e` and look for ``Scope Types`` or"},{"line_number":62,"context_line":"``Intended scope(s)`` in `Policy Sample File`_ as shown in below examples."},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"#. ``system`` Scope"},{"line_number":65,"context_line":""},{"line_number":66,"context_line":"   Policies with ``scope_type`` as ``system`` means a user with"},{"line_number":67,"context_line":"   ``system-scoped`` token has permission to access. This can be"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_07dccc72","line":64,"range":{"start_line":64,"start_character":14,"end_line":64,"end_character":15},"in_reply_to":"1f493fa4_0d7d131c","updated":"2020-04-21 16:32:10.000000000","message":"not required here. done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":63,"context_line":""},{"line_number":64,"context_line":"#. ``system`` Scope"},{"line_number":65,"context_line":""},{"line_number":66,"context_line":"   Policies with ``scope_type`` as ``system`` means a user with"},{"line_number":67,"context_line":"   ``system-scoped`` token has permission to access. This can be"},{"line_number":68,"context_line":"   seen as a global role. All the system-level operation\u0027s policies"},{"line_number":69,"context_line":"   have defaulted to [\u0027system\u0027] ``scope_type``."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_89b638d9","line":66,"range":{"start_line":66,"start_character":17,"end_line":66,"end_character":34},"updated":"2020-04-21 09:44:33.000000000","message":"a ``scope_type`` of ``system``\n\n(ditto for below)","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":63,"context_line":""},{"line_number":64,"context_line":"#. ``system`` Scope"},{"line_number":65,"context_line":""},{"line_number":66,"context_line":"   Policies with ``scope_type`` as ``system`` means a user with"},{"line_number":67,"context_line":"   ``system-scoped`` token has permission to access. This can be"},{"line_number":68,"context_line":"   seen as a global role. All the system-level operation\u0027s policies"},{"line_number":69,"context_line":"   have defaulted to [\u0027system\u0027] ``scope_type``."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_e9ca5c4d","line":66,"range":{"start_line":66,"start_character":59,"end_line":66,"end_character":63},"updated":"2020-04-21 09:44:33.000000000","message":"with a","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":63,"context_line":""},{"line_number":64,"context_line":"#. ``system`` Scope"},{"line_number":65,"context_line":""},{"line_number":66,"context_line":"   Policies with ``scope_type`` as ``system`` means a user with"},{"line_number":67,"context_line":"   ``system-scoped`` token has permission to access. This can be"},{"line_number":68,"context_line":"   seen as a global role. All the system-level operation\u0027s policies"},{"line_number":69,"context_line":"   have defaulted to [\u0027system\u0027] ``scope_type``."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_c7cb04a3","line":66,"range":{"start_line":66,"start_character":59,"end_line":66,"end_character":63},"in_reply_to":"1f493fa4_e9ca5c4d","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":64,"context_line":"#. ``system`` Scope"},{"line_number":65,"context_line":""},{"line_number":66,"context_line":"   Policies with ``scope_type`` as ``system`` means a user with"},{"line_number":67,"context_line":"   ``system-scoped`` token has permission to access. This can be"},{"line_number":68,"context_line":"   seen as a global role. All the system-level operation\u0027s policies"},{"line_number":69,"context_line":"   have defaulted to [\u0027system\u0027] ``scope_type``."},{"line_number":70,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_29c5643d","line":67,"range":{"start_line":67,"start_character":45,"end_line":67,"end_character":51},"updated":"2020-04-21 09:44:33.000000000","message":"access the resource","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":64,"context_line":"#. ``system`` Scope"},{"line_number":65,"context_line":""},{"line_number":66,"context_line":"   Policies with ``scope_type`` as ``system`` means a user with"},{"line_number":67,"context_line":"   ``system-scoped`` token has permission to access. This can be"},{"line_number":68,"context_line":"   seen as a global role. All the system-level operation\u0027s policies"},{"line_number":69,"context_line":"   have defaulted to [\u0027system\u0027] ``scope_type``."},{"line_number":70,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_e7c1e082","line":67,"range":{"start_line":67,"start_character":45,"end_line":67,"end_character":51},"in_reply_to":"1f493fa4_29c5643d","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":66,"context_line":"   Policies with ``scope_type`` as ``system`` means a user with"},{"line_number":67,"context_line":"   ``system-scoped`` token has permission to access. This can be"},{"line_number":68,"context_line":"   seen as a global role. All the system-level operation\u0027s policies"},{"line_number":69,"context_line":"   have defaulted to [\u0027system\u0027] ``scope_type``."},{"line_number":70,"context_line":""},{"line_number":71,"context_line":"   For example, consider the ``GET /os-hypervisors`` API."},{"line_number":72,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_09c22834","line":69,"range":{"start_line":69,"start_character":21,"end_line":69,"end_character":47},"updated":"2020-04-21 09:44:33.000000000","message":"``scope_type\u003d\u003d[\u0027system\u0027]``\n\nor\n\na ``scope_type`` of ``[\u0027system\u0027]``","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":66,"context_line":"   Policies with ``scope_type`` as ``system`` means a user with"},{"line_number":67,"context_line":"   ``system-scoped`` token has permission to access. This can be"},{"line_number":68,"context_line":"   seen as a global role. All the system-level operation\u0027s policies"},{"line_number":69,"context_line":"   have defaulted to [\u0027system\u0027] ``scope_type``."},{"line_number":70,"context_line":""},{"line_number":71,"context_line":"   For example, consider the ``GET /os-hypervisors`` API."},{"line_number":72,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_47bff4fa","line":69,"range":{"start_line":69,"start_character":21,"end_line":69,"end_character":47},"in_reply_to":"1f493fa4_09c22834","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":77,"context_line":"       # Intended scope(s): system"},{"line_number":78,"context_line":"       #\"os_compute_api:os-hypervisors:list\": \"rule:system_reader_api\""},{"line_number":79,"context_line":""},{"line_number":80,"context_line":"#. ``system and project`` Scoped"},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"   Policies with ``scope_type`` as ``system and project`` means a user with"},{"line_number":83,"context_line":"   ``system-scoped`` or ``project-scoped`` token has permission to access."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_29f3a4a0","line":80,"range":{"start_line":80,"start_character":0,"end_line":80,"end_character":32},"updated":"2020-04-21 09:44:33.000000000","message":"Could you make this the third point/header. It would flow better, IMO\n\nsystem\nproject\nsystem and project","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":77,"context_line":"       # Intended scope(s): system"},{"line_number":78,"context_line":"       #\"os_compute_api:os-hypervisors:list\": \"rule:system_reader_api\""},{"line_number":79,"context_line":""},{"line_number":80,"context_line":"#. ``system and project`` Scoped"},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"   Policies with ``scope_type`` as ``system and project`` means a user with"},{"line_number":83,"context_line":"   ``system-scoped`` or ``project-scoped`` token has permission to access."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_e21d4e10","line":80,"range":{"start_line":80,"start_character":0,"end_line":80,"end_character":32},"in_reply_to":"1f493fa4_29f3a4a0","updated":"2020-04-21 16:32:10.000000000","message":"ok, make sense. done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":79,"context_line":""},{"line_number":80,"context_line":"#. ``system and project`` Scoped"},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"   Policies with ``scope_type`` as ``system and project`` means a user with"},{"line_number":83,"context_line":"   ``system-scoped`` or ``project-scoped`` token has permission to access."},{"line_number":84,"context_line":"   All the system and project level operation\u0027s policies have defaulted to"},{"line_number":85,"context_line":"   ``system and project`` ``scope_type``."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_89ebd8ae","line":82,"range":{"start_line":82,"start_character":17,"end_line":82,"end_character":34},"updated":"2020-04-21 09:44:33.000000000","message":"a ``scope_type`` of","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":79,"context_line":""},{"line_number":80,"context_line":"#. ``system and project`` Scoped"},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"   Policies with ``scope_type`` as ``system and project`` means a user with"},{"line_number":83,"context_line":"   ``system-scoped`` or ``project-scoped`` token has permission to access."},{"line_number":84,"context_line":"   All the system and project level operation\u0027s policies have defaulted to"},{"line_number":85,"context_line":"   ``system and project`` ``scope_type``."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_e9cffc54","line":82,"range":{"start_line":82,"start_character":71,"end_line":82,"end_character":75},"updated":"2020-04-21 09:44:33.000000000","message":"with a","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":79,"context_line":""},{"line_number":80,"context_line":"#. ``system and project`` Scoped"},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"   Policies with ``scope_type`` as ``system and project`` means a user with"},{"line_number":83,"context_line":"   ``system-scoped`` or ``project-scoped`` token has permission to access."},{"line_number":84,"context_line":"   All the system and project level operation\u0027s policies have defaulted to"},{"line_number":85,"context_line":"   ``system and project`` ``scope_type``."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_e2cb8e6f","line":82,"range":{"start_line":82,"start_character":71,"end_line":82,"end_character":75},"in_reply_to":"1f493fa4_e9cffc54","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":80,"context_line":"#. ``system and project`` Scoped"},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"   Policies with ``scope_type`` as ``system and project`` means a user with"},{"line_number":83,"context_line":"   ``system-scoped`` or ``project-scoped`` token has permission to access."},{"line_number":84,"context_line":"   All the system and project level operation\u0027s policies have defaulted to"},{"line_number":85,"context_line":"   ``system and project`` ``scope_type``."},{"line_number":86,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_29da8416","line":83,"range":{"start_line":83,"start_character":73,"end_line":83,"end_character":74},"updated":"2020-04-21 09:44:33.000000000","message":"the resource.","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":80,"context_line":"#. ``system and project`` Scoped"},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"   Policies with ``scope_type`` as ``system and project`` means a user with"},{"line_number":83,"context_line":"   ``system-scoped`` or ``project-scoped`` token has permission to access."},{"line_number":84,"context_line":"   All the system and project level operation\u0027s policies have defaulted to"},{"line_number":85,"context_line":"   ``system and project`` ``scope_type``."},{"line_number":86,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_42c9a276","line":83,"range":{"start_line":83,"start_character":73,"end_line":83,"end_character":74},"in_reply_to":"1f493fa4_29da8416","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":82,"context_line":"   Policies with ``scope_type`` as ``system and project`` means a user with"},{"line_number":83,"context_line":"   ``system-scoped`` or ``project-scoped`` token has permission to access."},{"line_number":84,"context_line":"   All the system and project level operation\u0027s policies have defaulted to"},{"line_number":85,"context_line":"   ``system and project`` ``scope_type``."},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"   For example, consider the ``POST /servers/{server_id}/action (os-migrateLive)`` API."},{"line_number":88,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_09d7c8ef","line":85,"range":{"start_line":85,"start_character":3,"end_line":85,"end_character":40},"updated":"2020-04-21 09:44:33.000000000","message":"a ``scope_type`` of ``[\u0027system\u0027, \u0027project\u0027]``","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":82,"context_line":"   Policies with ``scope_type`` as ``system and project`` means a user with"},{"line_number":83,"context_line":"   ``system-scoped`` or ``project-scoped`` token has permission to access."},{"line_number":84,"context_line":"   All the system and project level operation\u0027s policies have defaulted to"},{"line_number":85,"context_line":"   ``system and project`` ``scope_type``."},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"   For example, consider the ``POST /servers/{server_id}/action (os-migrateLive)`` API."},{"line_number":88,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_82a0caa7","line":85,"range":{"start_line":85,"start_character":3,"end_line":85,"end_character":40},"in_reply_to":"1f493fa4_09d7c8ef","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":95,"context_line":""},{"line_number":96,"context_line":"#. ``project`` Scoped"},{"line_number":97,"context_line":""},{"line_number":98,"context_line":"   Policies with ``scope_type`` as ``project`` means a user with"},{"line_number":99,"context_line":"   ``project-scoped`` token has permission to access. Project-level only"},{"line_number":100,"context_line":"   operation\u0027s policies are defaulted to ``project`` ``scope_type``."},{"line_number":101,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_8904787d","line":98,"range":{"start_line":98,"start_character":17,"end_line":98,"end_character":46},"updated":"2020-04-21 09:44:33.000000000","message":"a ``scope_type`` of ``project``","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":108,"context_line":"       # Intended scope(s): project"},{"line_number":109,"context_line":"       #\"os_compute_api:os-server-groups:create\": \"rule:project_member_api\""},{"line_number":110,"context_line":""},{"line_number":111,"context_line":"This way the problem of system vs project level admin can be solved. You can"},{"line_number":112,"context_line":"control the information with scope of the users. This means you can"},{"line_number":113,"context_line":"control that none of the project level role can get the hypervisor"},{"line_number":114,"context_line":"information."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_89391843","line":111,"range":{"start_line":111,"start_character":0,"end_line":111,"end_character":68},"updated":"2020-04-21 09:44:33.000000000","message":"These scope types provide a way to differentiate between system-level and project-level admin access.","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":108,"context_line":"       # Intended scope(s): project"},{"line_number":109,"context_line":"       #\"os_compute_api:os-server-groups:create\": \"rule:project_member_api\""},{"line_number":110,"context_line":""},{"line_number":111,"context_line":"This way the problem of system vs project level admin can be solved. You can"},{"line_number":112,"context_line":"control the information with scope of the users. This means you can"},{"line_number":113,"context_line":"control that none of the project level role can get the hypervisor"},{"line_number":114,"context_line":"information."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_2273b617","line":111,"range":{"start_line":111,"start_character":0,"end_line":111,"end_character":68},"in_reply_to":"1f493fa4_89391843","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":116,"context_line":"Policy scope is disabled by default to allow operators to migrate from"},{"line_number":117,"context_line":"the old policy enforcement system in a graceful way. This can be"},{"line_number":118,"context_line":"enabled by configuring the :oslo.config:option:`oslo_policy.enforce_scope`"},{"line_number":119,"context_line":"option to ``False``."},{"line_number":120,"context_line":""},{"line_number":121,"context_line":".. code-block:: ini"},{"line_number":122,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_2948c4ca","line":119,"range":{"start_line":119,"start_character":12,"end_line":119,"end_character":17},"updated":"2020-04-21 09:44:33.000000000","message":"True","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":113,"context_line":"control that none of the project level role can get the hypervisor"},{"line_number":114,"context_line":"information."},{"line_number":115,"context_line":""},{"line_number":116,"context_line":"Policy scope is disabled by default to allow operators to migrate from"},{"line_number":117,"context_line":"the old policy enforcement system in a graceful way. This can be"},{"line_number":118,"context_line":"enabled by configuring the :oslo.config:option:`oslo_policy.enforce_scope`"},{"line_number":119,"context_line":"option to ``False``."},{"line_number":120,"context_line":""},{"line_number":121,"context_line":".. code-block:: ini"},{"line_number":122,"context_line":""},{"line_number":123,"context_line":"  [oslo_policy]"},{"line_number":124,"context_line":"  enforce_scope\u003dTrue"},{"line_number":125,"context_line":""},{"line_number":126,"context_line":""},{"line_number":127,"context_line":"Roles"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_c93a0033","line":124,"range":{"start_line":116,"start_character":0,"end_line":124,"end_character":20},"updated":"2020-04-21 09:44:33.000000000","message":"Can you put this inside a \u0027.. note\u0027 directive?","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":113,"context_line":"control that none of the project level role can get the hypervisor"},{"line_number":114,"context_line":"information."},{"line_number":115,"context_line":""},{"line_number":116,"context_line":"Policy scope is disabled by default to allow operators to migrate from"},{"line_number":117,"context_line":"the old policy enforcement system in a graceful way. This can be"},{"line_number":118,"context_line":"enabled by configuring the :oslo.config:option:`oslo_policy.enforce_scope`"},{"line_number":119,"context_line":"option to ``False``."},{"line_number":120,"context_line":""},{"line_number":121,"context_line":".. code-block:: ini"},{"line_number":122,"context_line":""},{"line_number":123,"context_line":"  [oslo_policy]"},{"line_number":124,"context_line":"  enforce_scope\u003dTrue"},{"line_number":125,"context_line":""},{"line_number":126,"context_line":""},{"line_number":127,"context_line":"Roles"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_8261ea3c","line":124,"range":{"start_line":116,"start_character":0,"end_line":124,"end_character":20},"in_reply_to":"1f493fa4_c93a0033","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":127,"context_line":"Roles"},{"line_number":128,"context_line":"-----"},{"line_number":129,"context_line":""},{"line_number":130,"context_line":"You can refer to this document to know about all available defaults"},{"line_number":131,"context_line":"from Keystone `new defaults`_"},{"line_number":132,"context_line":""},{"line_number":133,"context_line":"Along with the ``scope_type`` feature, Nova policy defines new"},{"line_number":134,"context_line":"defaults for each policy."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_091ea8b9","line":131,"range":{"start_line":130,"start_character":0,"end_line":131,"end_character":29},"updated":"2020-04-21 09:44:33.000000000","message":"This should be the last point in this section, IMO","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":127,"context_line":"Roles"},{"line_number":128,"context_line":"-----"},{"line_number":129,"context_line":""},{"line_number":130,"context_line":"You can refer to this document to know about all available defaults"},{"line_number":131,"context_line":"from Keystone `new defaults`_"},{"line_number":132,"context_line":""},{"line_number":133,"context_line":"Along with the ``scope_type`` feature, Nova policy defines new"},{"line_number":134,"context_line":"defaults for each policy."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_a2d506bc","line":131,"range":{"start_line":130,"start_character":0,"end_line":131,"end_character":29},"in_reply_to":"1f493fa4_091ea8b9","updated":"2020-04-21 16:32:10.000000000","message":"this is to understand the keystone defaults and how they benefit users. Having it st first so that reader of this doc can understand new defaults first then reading nova specific defaults which are the combination of keystone common defaults.","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":133,"context_line":"Along with the ``scope_type`` feature, Nova policy defines new"},{"line_number":134,"context_line":"defaults for each policy."},{"line_number":135,"context_line":""},{"line_number":136,"context_line":"#. ``reader``"},{"line_number":137,"context_line":""},{"line_number":138,"context_line":"   This provides read-only access to the resources within the ``system`` or"},{"line_number":139,"context_line":"   ``project``. Nova policies are defaulted to below rules:"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_c9684023","line":136,"range":{"start_line":136,"start_character":0,"end_line":136,"end_character":13},"updated":"2020-04-21 09:44:33.000000000","message":"Could you use \u0027.. rubric:: ``reader``\u0027 here instead? You\u0027ll need to dedent the below.","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":133,"context_line":"Along with the ``scope_type`` feature, Nova policy defines new"},{"line_number":134,"context_line":"defaults for each policy."},{"line_number":135,"context_line":""},{"line_number":136,"context_line":"#. ``reader``"},{"line_number":137,"context_line":""},{"line_number":138,"context_line":"   This provides read-only access to the resources within the ``system`` or"},{"line_number":139,"context_line":"   ``project``. Nova policies are defaulted to below rules:"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_76545fcb","line":136,"range":{"start_line":136,"start_character":0,"end_line":136,"end_character":13},"in_reply_to":"1f493fa4_c9684023","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":196,"context_line":"Backward Compatibility"},{"line_number":197,"context_line":"----------------------"},{"line_number":198,"context_line":""},{"line_number":199,"context_line":"Backward compatibility is maintained by supporting the old defaults and keeping"},{"line_number":200,"context_line":"``scope_type`` disabled by default."},{"line_number":201,"context_line":""},{"line_number":202,"context_line":"Old defaults will keep working as it is and they are marked as deprecated for"},{"line_number":203,"context_line":"removal. This means existing deployment will keep working as it is."},{"line_number":204,"context_line":""},{"line_number":205,"context_line":"We encourage every deployment to switch to new policy. ``scope_type`` will be"},{"line_number":206,"context_line":"enabled by default and old defaults will be removed in the 23.0.0 release."},{"line_number":207,"context_line":""},{"line_number":208,"context_line":"To implement the new default reader roles, some policies needed to become granular."},{"line_number":209,"context_line":"They have been renamed, with the old names still supported for backwards compatibility."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_49f4305c","line":206,"range":{"start_line":199,"start_character":0,"end_line":206,"end_character":74},"updated":"2020-04-21 09:44:33.000000000","message":"Backward compatibility with versions prior to 21.0.0 (Queens) is maintained by supporting the old defaults and disabling the ``scope_type`` feature by default. This means the old defaults and deployments that use them will keep working as-is. However, we encourage every deployment to switch to new policy. ``scope_type`` will be enabled by default and the old defaults will be removed starting in the 23.0.0 (W) release.","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":196,"context_line":"Backward Compatibility"},{"line_number":197,"context_line":"----------------------"},{"line_number":198,"context_line":""},{"line_number":199,"context_line":"Backward compatibility is maintained by supporting the old defaults and keeping"},{"line_number":200,"context_line":"``scope_type`` disabled by default."},{"line_number":201,"context_line":""},{"line_number":202,"context_line":"Old defaults will keep working as it is and they are marked as deprecated for"},{"line_number":203,"context_line":"removal. This means existing deployment will keep working as it is."},{"line_number":204,"context_line":""},{"line_number":205,"context_line":"We encourage every deployment to switch to new policy. ``scope_type`` will be"},{"line_number":206,"context_line":"enabled by default and old defaults will be removed in the 23.0.0 release."},{"line_number":207,"context_line":""},{"line_number":208,"context_line":"To implement the new default reader roles, some policies needed to become granular."},{"line_number":209,"context_line":"They have been renamed, with the old names still supported for backwards compatibility."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_56ffa3a9","line":206,"range":{"start_line":199,"start_character":0,"end_line":206,"end_character":74},"in_reply_to":"1f493fa4_49f4305c","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":227,"context_line":"#. Create new default roles in keystone if not done:"},{"line_number":228,"context_line":""},{"line_number":229,"context_line":"   If you do not have new defaults in Keystone then you can create and re-run"},{"line_number":230,"context_line":"   the `Keystone Bootstrap`_. Keystone added this support in rocky release."},{"line_number":231,"context_line":""},{"line_number":232,"context_line":"#. Enable Scope Checks"},{"line_number":233,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_29fd643a","line":230,"range":{"start_line":230,"start_character":61,"end_line":230,"end_character":66},"updated":"2020-04-21 09:44:33.000000000","message":"14.0.0 (Rocky)","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":227,"context_line":"#. Create new default roles in keystone if not done:"},{"line_number":228,"context_line":""},{"line_number":229,"context_line":"   If you do not have new defaults in Keystone then you can create and re-run"},{"line_number":230,"context_line":"   the `Keystone Bootstrap`_. Keystone added this support in rocky release."},{"line_number":231,"context_line":""},{"line_number":232,"context_line":"#. Enable Scope Checks"},{"line_number":233,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_3621374f","line":230,"range":{"start_line":230,"start_character":61,"end_line":230,"end_character":66},"in_reply_to":"1f493fa4_29fd643a","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":231,"context_line":""},{"line_number":232,"context_line":"#. Enable Scope Checks"},{"line_number":233,"context_line":""},{"line_number":234,"context_line":"   ``enforce_scope`` flag is to enable the ``scope_type`` features. The scope of"},{"line_number":235,"context_line":"   the token used in the request is always compared to the scope_type of the policy."},{"line_number":236,"context_line":"   If the scopes do not match, one of two things can happen. If ``enforce_scope`` is"},{"line_number":237,"context_line":"   True, the request will be rejected. If ``encore_scope`` is False, an warning will"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_098fc8cc","line":234,"range":{"start_line":234,"start_character":3,"end_line":234,"end_character":31},"updated":"2020-04-21 09:44:33.000000000","message":"The :oslo.config:option:`oslo_config.enforce_scope` flag is used to","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":231,"context_line":""},{"line_number":232,"context_line":"#. Enable Scope Checks"},{"line_number":233,"context_line":""},{"line_number":234,"context_line":"   ``enforce_scope`` flag is to enable the ``scope_type`` features. The scope of"},{"line_number":235,"context_line":"   the token used in the request is always compared to the scope_type of the policy."},{"line_number":236,"context_line":"   If the scopes do not match, one of two things can happen. If ``enforce_scope`` is"},{"line_number":237,"context_line":"   True, the request will be rejected. If ``encore_scope`` is False, an warning will"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_5618431c","line":234,"range":{"start_line":234,"start_character":3,"end_line":234,"end_character":31},"in_reply_to":"1f493fa4_098fc8cc","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":232,"context_line":"#. Enable Scope Checks"},{"line_number":233,"context_line":""},{"line_number":234,"context_line":"   ``enforce_scope`` flag is to enable the ``scope_type`` features. The scope of"},{"line_number":235,"context_line":"   the token used in the request is always compared to the scope_type of the policy."},{"line_number":236,"context_line":"   If the scopes do not match, one of two things can happen. If ``enforce_scope`` is"},{"line_number":237,"context_line":"   True, the request will be rejected. If ``encore_scope`` is False, an warning will"},{"line_number":238,"context_line":"   be logged, but the request will be accepted (assuming the rest of the policy passes)."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_69bdac67","line":235,"range":{"start_line":235,"start_character":59,"end_line":235,"end_character":69},"updated":"2020-04-21 09:44:33.000000000","message":"``scope_type``","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":232,"context_line":"#. Enable Scope Checks"},{"line_number":233,"context_line":""},{"line_number":234,"context_line":"   ``enforce_scope`` flag is to enable the ``scope_type`` features. The scope of"},{"line_number":235,"context_line":"   the token used in the request is always compared to the scope_type of the policy."},{"line_number":236,"context_line":"   If the scopes do not match, one of two things can happen. If ``enforce_scope`` is"},{"line_number":237,"context_line":"   True, the request will be rejected. If ``encore_scope`` is False, an warning will"},{"line_number":238,"context_line":"   be logged, but the request will be accepted (assuming the rest of the policy passes)."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_b6d26733","line":235,"range":{"start_line":235,"start_character":59,"end_line":235,"end_character":69},"in_reply_to":"1f493fa4_69bdac67","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":233,"context_line":""},{"line_number":234,"context_line":"   ``enforce_scope`` flag is to enable the ``scope_type`` features. The scope of"},{"line_number":235,"context_line":"   the token used in the request is always compared to the scope_type of the policy."},{"line_number":236,"context_line":"   If the scopes do not match, one of two things can happen. If ``enforce_scope`` is"},{"line_number":237,"context_line":"   True, the request will be rejected. If ``encore_scope`` is False, an warning will"},{"line_number":238,"context_line":"   be logged, but the request will be accepted (assuming the rest of the policy passes)."},{"line_number":239,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_89bc786a","line":236,"range":{"start_line":236,"start_character":64,"end_line":236,"end_character":81},"updated":"2020-04-21 09:44:33.000000000","message":":oslo_config.option:`oslo_config.enforce_scope`","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":233,"context_line":""},{"line_number":234,"context_line":"   ``enforce_scope`` flag is to enable the ``scope_type`` features. The scope of"},{"line_number":235,"context_line":"   the token used in the request is always compared to the scope_type of the policy."},{"line_number":236,"context_line":"   If the scopes do not match, one of two things can happen. If ``enforce_scope`` is"},{"line_number":237,"context_line":"   True, the request will be rejected. If ``encore_scope`` is False, an warning will"},{"line_number":238,"context_line":"   be logged, but the request will be accepted (assuming the rest of the policy passes)."},{"line_number":239,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_96d76b24","line":236,"range":{"start_line":236,"start_character":64,"end_line":236,"end_character":81},"in_reply_to":"1f493fa4_89bc786a","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":234,"context_line":"   ``enforce_scope`` flag is to enable the ``scope_type`` features. The scope of"},{"line_number":235,"context_line":"   the token used in the request is always compared to the scope_type of the policy."},{"line_number":236,"context_line":"   If the scopes do not match, one of two things can happen. If ``enforce_scope`` is"},{"line_number":237,"context_line":"   True, the request will be rejected. If ``encore_scope`` is False, an warning will"},{"line_number":238,"context_line":"   be logged, but the request will be accepted (assuming the rest of the policy passes)."},{"line_number":239,"context_line":""},{"line_number":240,"context_line":"   This flag is false by default and can be enabled via config option in"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_c9ade032","line":237,"range":{"start_line":237,"start_character":42,"end_line":237,"end_character":58},"updated":"2020-04-21 09:44:33.000000000","message":"ditto","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":234,"context_line":"   ``enforce_scope`` flag is to enable the ``scope_type`` features. The scope of"},{"line_number":235,"context_line":"   the token used in the request is always compared to the scope_type of the policy."},{"line_number":236,"context_line":"   If the scopes do not match, one of two things can happen. If ``enforce_scope`` is"},{"line_number":237,"context_line":"   True, the request will be rejected. If ``encore_scope`` is False, an warning will"},{"line_number":238,"context_line":"   be logged, but the request will be accepted (assuming the rest of the policy passes)."},{"line_number":239,"context_line":""},{"line_number":240,"context_line":"   This flag is false by default and can be enabled via config option in"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_d6e1f300","line":237,"range":{"start_line":237,"start_character":42,"end_line":237,"end_character":58},"in_reply_to":"1f493fa4_c9ade032","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":240,"context_line":"   This flag is false by default and can be enabled via config option in"},{"line_number":241,"context_line":"   nova.conf as shown below:"},{"line_number":242,"context_line":""},{"line_number":243,"context_line":""},{"line_number":244,"context_line":"   .. code-block:: ini"},{"line_number":245,"context_line":""},{"line_number":246,"context_line":"      [oslo_policy]"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_09a8681d","line":243,"updated":"2020-04-21 09:44:33.000000000","message":"nit: drop newline","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":240,"context_line":"   This flag is false by default and can be enabled via config option in"},{"line_number":241,"context_line":"   nova.conf as shown below:"},{"line_number":242,"context_line":""},{"line_number":243,"context_line":""},{"line_number":244,"context_line":"   .. code-block:: ini"},{"line_number":245,"context_line":""},{"line_number":246,"context_line":"      [oslo_policy]"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_76f0dfca","line":243,"in_reply_to":"1f493fa4_09a8681d","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":237,"context_line":"   True, the request will be rejected. If ``encore_scope`` is False, an warning will"},{"line_number":238,"context_line":"   be logged, but the request will be accepted (assuming the rest of the policy passes)."},{"line_number":239,"context_line":""},{"line_number":240,"context_line":"   This flag is false by default and can be enabled via config option in"},{"line_number":241,"context_line":"   nova.conf as shown below:"},{"line_number":242,"context_line":""},{"line_number":243,"context_line":""},{"line_number":244,"context_line":"   .. code-block:: ini"},{"line_number":245,"context_line":""},{"line_number":246,"context_line":"      [oslo_policy]"},{"line_number":247,"context_line":"      enforce_scope\u003dTrue"},{"line_number":248,"context_line":""},{"line_number":249,"context_line":"   .. note:: Before you enable this flag, you need to audit your users and make sure everyone"},{"line_number":250,"context_line":"             who needs system-level access has a system role assignment in keystone."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_6962cc18","line":247,"range":{"start_line":240,"start_character":0,"end_line":247,"end_character":24},"updated":"2020-04-21 09:44:33.000000000","message":"I think this section could be dropped. People reading this should know how to configure flags.","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":237,"context_line":"   True, the request will be rejected. If ``encore_scope`` is False, an warning will"},{"line_number":238,"context_line":"   be logged, but the request will be accepted (assuming the rest of the policy passes)."},{"line_number":239,"context_line":""},{"line_number":240,"context_line":"   This flag is false by default and can be enabled via config option in"},{"line_number":241,"context_line":"   nova.conf as shown below:"},{"line_number":242,"context_line":""},{"line_number":243,"context_line":""},{"line_number":244,"context_line":"   .. code-block:: ini"},{"line_number":245,"context_line":""},{"line_number":246,"context_line":"      [oslo_policy]"},{"line_number":247,"context_line":"      enforce_scope\u003dTrue"},{"line_number":248,"context_line":""},{"line_number":249,"context_line":"   .. note:: Before you enable this flag, you need to audit your users and make sure everyone"},{"line_number":250,"context_line":"             who needs system-level access has a system role assignment in keystone."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_36e65718","line":247,"range":{"start_line":240,"start_character":0,"end_line":247,"end_character":24},"in_reply_to":"1f493fa4_6962cc18","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":251,"context_line":""},{"line_number":252,"context_line":"#. Enable new defaults"},{"line_number":253,"context_line":""},{"line_number":254,"context_line":"   ``enforce_new_defaults`` flag switches the policy to new defaults-only. This"},{"line_number":255,"context_line":"   flag controls whether or not to use old deprecated defaults when evaluating"},{"line_number":256,"context_line":"   policies. If True, the old deprecated defaults are not going to be evaluated."},{"line_number":257,"context_line":"   This means if any existing token is allowed for old defaults but is disallowed"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_c97200e4","line":254,"range":{"start_line":254,"start_character":3,"end_line":254,"end_character":32},"updated":"2020-04-21 09:44:33.000000000","message":"The :oslo.config:option:`oslo_config.enforce_new_defaults` flag","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":251,"context_line":""},{"line_number":252,"context_line":"#. Enable new defaults"},{"line_number":253,"context_line":""},{"line_number":254,"context_line":"   ``enforce_new_defaults`` flag switches the policy to new defaults-only. This"},{"line_number":255,"context_line":"   flag controls whether or not to use old deprecated defaults when evaluating"},{"line_number":256,"context_line":"   policies. If True, the old deprecated defaults are not going to be evaluated."},{"line_number":257,"context_line":"   This means if any existing token is allowed for old defaults but is disallowed"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_56c68369","line":254,"range":{"start_line":254,"start_character":3,"end_line":254,"end_character":32},"in_reply_to":"1f493fa4_c97200e4","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":253,"context_line":""},{"line_number":254,"context_line":"   ``enforce_new_defaults`` flag switches the policy to new defaults-only. This"},{"line_number":255,"context_line":"   flag controls whether or not to use old deprecated defaults when evaluating"},{"line_number":256,"context_line":"   policies. If True, the old deprecated defaults are not going to be evaluated."},{"line_number":257,"context_line":"   This means if any existing token is allowed for old defaults but is disallowed"},{"line_number":258,"context_line":"   for new defaults, it will be disallowed."},{"line_number":259,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_694bec86","line":256,"range":{"start_line":256,"start_character":58,"end_line":256,"end_character":70},"updated":"2020-04-21 09:44:33.000000000","message":"strike","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":253,"context_line":""},{"line_number":254,"context_line":"   ``enforce_new_defaults`` flag switches the policy to new defaults-only. This"},{"line_number":255,"context_line":"   flag controls whether or not to use old deprecated defaults when evaluating"},{"line_number":256,"context_line":"   policies. If True, the old deprecated defaults are not going to be evaluated."},{"line_number":257,"context_line":"   This means if any existing token is allowed for old defaults but is disallowed"},{"line_number":258,"context_line":"   for new defaults, it will be disallowed."},{"line_number":259,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_96a5abb8","line":256,"range":{"start_line":256,"start_character":58,"end_line":256,"end_character":70},"in_reply_to":"1f493fa4_694bec86","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":257,"context_line":"   This means if any existing token is allowed for old defaults but is disallowed"},{"line_number":258,"context_line":"   for new defaults, it will be disallowed."},{"line_number":259,"context_line":""},{"line_number":260,"context_line":"   This is false by default and can be enabled via config option in nova.conf"},{"line_number":261,"context_line":"   as shown below:"},{"line_number":262,"context_line":""},{"line_number":263,"context_line":"   .. code-block:: ini"},{"line_number":264,"context_line":""},{"line_number":265,"context_line":"      [oslo_policy]"},{"line_number":266,"context_line":"       enforce_new_defaults\u003dTrue"},{"line_number":267,"context_line":""},{"line_number":268,"context_line":"   .. note:: Before you enable this flag, you need to educate users about the different roles"},{"line_number":269,"context_line":"             they need to use to continue using Nova APIs."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_c95b2052","line":266,"range":{"start_line":260,"start_character":0,"end_line":266,"end_character":32},"updated":"2020-04-21 09:44:33.000000000","message":"Again, I don\u0027t think this is necessary","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":257,"context_line":"   This means if any existing token is allowed for old defaults but is disallowed"},{"line_number":258,"context_line":"   for new defaults, it will be disallowed."},{"line_number":259,"context_line":""},{"line_number":260,"context_line":"   This is false by default and can be enabled via config option in nova.conf"},{"line_number":261,"context_line":"   as shown below:"},{"line_number":262,"context_line":""},{"line_number":263,"context_line":"   .. code-block:: ini"},{"line_number":264,"context_line":""},{"line_number":265,"context_line":"      [oslo_policy]"},{"line_number":266,"context_line":"       enforce_new_defaults\u003dTrue"},{"line_number":267,"context_line":""},{"line_number":268,"context_line":"   .. note:: Before you enable this flag, you need to educate users about the different roles"},{"line_number":269,"context_line":"             they need to use to continue using Nova APIs."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_b6a0a7a7","line":266,"range":{"start_line":260,"start_character":0,"end_line":266,"end_character":32},"in_reply_to":"1f493fa4_c95b2052","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":271,"context_line":""},{"line_number":272,"context_line":"#. Check for deprecated policies"},{"line_number":273,"context_line":""},{"line_number":274,"context_line":"   Few policies are made more granular to implement the reader roles. New"},{"line_number":275,"context_line":"   policy names are available to use. If old policy name which are renamed"},{"line_number":276,"context_line":"   are overwriten in policy file then warning will be logged. Please migrate"},{"line_number":277,"context_line":"   those policy to new policy names."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_0956a82a","line":274,"range":{"start_line":274,"start_character":3,"end_line":274,"end_character":6},"updated":"2020-04-21 09:44:33.000000000","message":"A few","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":271,"context_line":""},{"line_number":272,"context_line":"#. Check for deprecated policies"},{"line_number":273,"context_line":""},{"line_number":274,"context_line":"   Few policies are made more granular to implement the reader roles. New"},{"line_number":275,"context_line":"   policy names are available to use. If old policy name which are renamed"},{"line_number":276,"context_line":"   are overwriten in policy file then warning will be logged. Please migrate"},{"line_number":277,"context_line":"   those policy to new policy names."}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_69300c09","line":274,"range":{"start_line":274,"start_character":16,"end_line":274,"end_character":19},"updated":"2020-04-21 09:44:33.000000000","message":"were","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":279,"context_line":"We expect all deployments to migrate to new policy by 23.0.0 release so that we can"},{"line_number":280,"context_line":"remove the support of old policies."},{"line_number":281,"context_line":""},{"line_number":282,"context_line":".. _nova specification: https://specs.openstack.org/openstack/nova-specs/specs/ussuri/approved/policy-defaults-refresh.html"},{"line_number":283,"context_line":".. _available scope: https://docs.openstack.org/keystone/latest/admin/tokens-overview.html#authorization-scopes"},{"line_number":284,"context_line":".. _new defaults: https://docs.openstack.org/keystone/latest/admin/service-api-protection.html"},{"line_number":285,"context_line":".. _Policy Sample File: https://docs.openstack.org/nova/latest/configuration/sample-policy.html"},{"line_number":286,"context_line":".. _system scope specification: https://specs.openstack.org/openstack/keystone-specs/specs/keystone/queens/system-scope.html"},{"line_number":287,"context_line":".. _Create System Scoped Token: https://docs.openstack.org/keystone/latest/admin/tokens-overview.html#operation_create_system_token"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_e97c1c22","line":284,"range":{"start_line":282,"start_character":0,"end_line":284,"end_character":94},"updated":"2020-04-21 09:44:33.000000000","message":"All of these are keystone links, so you should use them inline with the :keystone-doc: role","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":282,"context_line":".. _nova specification: https://specs.openstack.org/openstack/nova-specs/specs/ussuri/approved/policy-defaults-refresh.html"},{"line_number":283,"context_line":".. _available scope: https://docs.openstack.org/keystone/latest/admin/tokens-overview.html#authorization-scopes"},{"line_number":284,"context_line":".. _new defaults: https://docs.openstack.org/keystone/latest/admin/service-api-protection.html"},{"line_number":285,"context_line":".. _Policy Sample File: https://docs.openstack.org/nova/latest/configuration/sample-policy.html"},{"line_number":286,"context_line":".. _system scope specification: https://specs.openstack.org/openstack/keystone-specs/specs/keystone/queens/system-scope.html"},{"line_number":287,"context_line":".. _Create System Scoped Token: https://docs.openstack.org/keystone/latest/admin/tokens-overview.html#operation_create_system_token"},{"line_number":288,"context_line":".. _Create Project Scoped Token: https://docs.openstack.org/keystone/latest/admin/tokens-overview.html#operation_create_project_scoped_token"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_a998546a","line":285,"range":{"start_line":285,"start_character":0,"end_line":285,"end_character":95},"updated":"2020-04-21 09:44:33.000000000","message":"This is an in-tree doc. Can you use \u0027:doc:`/configuration/sample-policy` instead?","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":283,"context_line":".. _available scope: https://docs.openstack.org/keystone/latest/admin/tokens-overview.html#authorization-scopes"},{"line_number":284,"context_line":".. _new defaults: https://docs.openstack.org/keystone/latest/admin/service-api-protection.html"},{"line_number":285,"context_line":".. _Policy Sample File: https://docs.openstack.org/nova/latest/configuration/sample-policy.html"},{"line_number":286,"context_line":".. _system scope specification: https://specs.openstack.org/openstack/keystone-specs/specs/keystone/queens/system-scope.html"},{"line_number":287,"context_line":".. _Create System Scoped Token: https://docs.openstack.org/keystone/latest/admin/tokens-overview.html#operation_create_system_token"},{"line_number":288,"context_line":".. _Create Project Scoped Token: https://docs.openstack.org/keystone/latest/admin/tokens-overview.html#operation_create_project_scoped_token"},{"line_number":289,"context_line":".. _Keystone Bootstrap: https://docs.openstack.org/keystone/latest/admin/bootstrap.html"}],"source_content_type":"text/x-rst","patch_set":2,"id":"1f493fa4_69892c25","line":289,"range":{"start_line":286,"start_character":0,"end_line":289,"end_character":87},"updated":"2020-04-21 09:44:33.000000000","message":"Inline with :keystone-doc:","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"}],"releasenotes/notes/bp-policy-defaults-refresh-b8e6e2d6b1a7bc21.yaml":[{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ae3ce25256116e550a0a5bb7e10ff90206407a43","unresolved":false,"context_lines":[{"line_number":16,"context_line":"      Each policy is protected with appropriate ``scope_type``. Nova support"},{"line_number":17,"context_line":"      two types of ``sope_type`` with their combination. ``[\u0027system\u0027]``,"},{"line_number":18,"context_line":"      ``[\u0027project\u0027]`` and ``[\u0027system\u0027, \u0027project\u0027]``."},{"line_number":19,"context_line":""},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"      To know each policy scope_type, please refer the \u0027Policy Reference\u0027_"},{"line_number":22,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":2,"id":"1f493fa4_e9237cbd","line":19,"updated":"2020-04-21 09:44:33.000000000","message":"nit: newline","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"0fd631be5abee4772d2896edb025949228303a60","unresolved":false,"context_lines":[{"line_number":16,"context_line":"      Each policy is protected with appropriate ``scope_type``. Nova support"},{"line_number":17,"context_line":"      two types of ``sope_type`` with their combination. ``[\u0027system\u0027]``,"},{"line_number":18,"context_line":"      ``[\u0027project\u0027]`` and ``[\u0027system\u0027, \u0027project\u0027]``."},{"line_number":19,"context_line":""},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"      To know each policy scope_type, please refer the \u0027Policy Reference\u0027_"},{"line_number":22,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":2,"id":"1f493fa4_7c9443e9","line":19,"in_reply_to":"1f493fa4_e9237cbd","updated":"2020-04-21 16:32:10.000000000","message":"Done","commit_id":"2accae14dc93cd49f9c33b935d3367e1422bc36c"}]}