)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"25ed589cedc61c0267c608bd35ba0f45026e1a25","unresolved":true,"context_lines":[{"line_number":7,"context_line":"Add documentation and releasenotes for RBAC change"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"We have droped the system scope from Nova policy"},{"line_number":10,"context_line":"and keeping the legacy admin behaviour same. This"},{"line_number":11,"context_line":"commit adds the releasenotes and update the policy"},{"line_number":12,"context_line":"configuration documentation accordingly."},{"line_number":13,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":5,"id":"8b205850_520ac5d9","line":10,"updated":"2022-08-29 21:27:09.000000000","message":"nit: the same.","commit_id":"69034568205839830c73d0ffe6ec19dd866140ce"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"25ed589cedc61c0267c608bd35ba0f45026e1a25","unresolved":true,"context_lines":[{"line_number":8,"context_line":""},{"line_number":9,"context_line":"We have droped the system scope from Nova policy"},{"line_number":10,"context_line":"and keeping the legacy admin behaviour same. This"},{"line_number":11,"context_line":"commit adds the releasenotes and update the policy"},{"line_number":12,"context_line":"configuration documentation accordingly."},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"Also, remove the upgrade check for policy which was"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":5,"id":"6bfb7fde_663011c8","line":11,"updated":"2022-08-29 21:27:09.000000000","message":"… and updates the …","commit_id":"69034568205839830c73d0ffe6ec19dd866140ce"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"50711fba89a93577dfd410d0fddc9956b2b6089a","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"bf21b404_20bc78d8","updated":"2022-08-29 15:46:44.000000000","message":"Mostly some nits and grammar things. Thanks gmann!","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"3fba1a80a731ced6101362e880a55d50af9dad83","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"fb6a3b46_9edcd5af","updated":"2022-08-29 15:31:27.000000000","message":"look good. thanks.","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"756e6dc4427549d01b34df487385ef84d374d1aa","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"b7884f6a_dbe55bdf","updated":"2022-08-29 19:32:01.000000000","message":"Thanks gmann. Still a few things in here, but it\u0027s much better now, so I don\u0027t think you need to revise again unless there\u0027s other feedback to address.","commit_id":"c10aaec3b1fc5fa59201b2efe95131e76328a03b"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"a72e29a83b7b072734de7398c4fae41f29594bca","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"f694df2c_43632a83","in_reply_to":"b7884f6a_dbe55bdf","updated":"2022-08-29 20:14:13.000000000","message":"thanks Dan, let me fix them quickly as these are documentation.","commit_id":"c10aaec3b1fc5fa59201b2efe95131e76328a03b"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"032e9d40b0750fff4cddd85199438fc158b670e5","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"10809e2d_5677303c","updated":"2022-08-30 16:15:29.000000000","message":"I thought I pushed +A this morning. Anyhow fixed now","commit_id":"69034568205839830c73d0ffe6ec19dd866140ce"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"73427daae96ea9c322e51f9a4db8aa4939c72834","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"3dde0db6_c74640a1","updated":"2022-08-31 06:57:27.000000000","message":"recheck unshelve host status error","commit_id":"69034568205839830c73d0ffe6ec19dd866140ce"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"cccee8f7caac977a5ce20c8ea7fba1ef451fa9ff","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"ada572fc_635d0724","updated":"2022-08-31 17:30:18.000000000","message":"recheck unshelve-test is disabled on multi-cell job","commit_id":"69034568205839830c73d0ffe6ec19dd866140ce"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"9f8e903bf91671fc01c513286ab5a6ba47402c8e","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"d721eecb_2ed4dbce","updated":"2022-08-31 19:57:50.000000000","message":"recheck unshelve-test is disabled on multi-cell job\n","commit_id":"69034568205839830c73d0ffe6ec19dd866140ce"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"25ed589cedc61c0267c608bd35ba0f45026e1a25","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"93a70e9c_48ab1768","updated":"2022-08-29 21:27:09.000000000","message":"this looks good to me.\n\nill leave +w for now and add it tommorrow if no one else reviews incase gibi wants to review.","commit_id":"69034568205839830c73d0ffe6ec19dd866140ce"}],"doc/source/cli/nova-status.rst":[{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"50711fba89a93577dfd410d0fddc9956b2b6089a","unresolved":true,"context_lines":[{"line_number":137,"context_line":""},{"line_number":138,"context_line":"  * Checks for the Placement API are modified to require version 1.35."},{"line_number":139,"context_line":"  * Checks for the policy files are not automatically overwritten with"},{"line_number":140,"context_line":"    new defaults."},{"line_number":141,"context_line":""},{"line_number":142,"context_line":"  **22.0.0 (Victoria)**"},{"line_number":143,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"1a6738f1_cf70866a","side":"PARENT","line":140,"updated":"2022-08-29 15:46:44.000000000","message":"I\u0027m not sure what our usual procedure is here, but it seems a little weird to re-write history like this. I know that status check came there and is now removed, but purely being absent might be confusing for someone looking at the previous notes compared to this. Maybe we should replace this with a note that the check was initially in Ussuri but has since been dropped?","commit_id":"0bab2e5a882235bfd41d2bce86db9885fd0b81b2"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"9ff5811a2f38ea9fbbbbdd65e965df2c7759c427","unresolved":false,"context_lines":[{"line_number":137,"context_line":""},{"line_number":138,"context_line":"  * Checks for the Placement API are modified to require version 1.35."},{"line_number":139,"context_line":"  * Checks for the policy files are not automatically overwritten with"},{"line_number":140,"context_line":"    new defaults."},{"line_number":141,"context_line":""},{"line_number":142,"context_line":"  **22.0.0 (Victoria)**"},{"line_number":143,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"7027da7e_7260b2c8","side":"PARENT","line":140,"in_reply_to":"1a6738f1_cf70866a","updated":"2022-08-29 18:32:11.000000000","message":"yeah, I think it make sense to add dropped statement here as this doc is for reference.","commit_id":"0bab2e5a882235bfd41d2bce86db9885fd0b81b2"}],"doc/source/configuration/policy-concepts.rst":[{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"50711fba89a93577dfd410d0fddc9956b2b6089a","unresolved":true,"context_lines":[{"line_number":159,"context_line":""},{"line_number":160,"context_line":"project-member is denoted by someone with the member role on a project. It is"},{"line_number":161,"context_line":"intended to be used by end users who consume resources within a project"},{"line_number":162,"context_line":"require higher permission than reader role but less than admin role. It"},{"line_number":163,"context_line":"inherits all the permissions of a project-reader."},{"line_number":164,"context_line":""},{"line_number":165,"context_line":"project-member persona in the policy check string:"}],"source_content_type":"text/x-rst","patch_set":3,"id":"9e6d5d7f_7e92b5aa","line":162,"range":{"start_line":162,"start_character":0,"end_line":162,"end_character":7},"updated":"2022-08-29 15:46:44.000000000","message":"\"which requires\" ?","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"9ff5811a2f38ea9fbbbbdd65e965df2c7759c427","unresolved":false,"context_lines":[{"line_number":159,"context_line":""},{"line_number":160,"context_line":"project-member is denoted by someone with the member role on a project. It is"},{"line_number":161,"context_line":"intended to be used by end users who consume resources within a project"},{"line_number":162,"context_line":"require higher permission than reader role but less than admin role. It"},{"line_number":163,"context_line":"inherits all the permissions of a project-reader."},{"line_number":164,"context_line":""},{"line_number":165,"context_line":"project-member persona in the policy check string:"}],"source_content_type":"text/x-rst","patch_set":3,"id":"2e58dffe_47d0e445","line":162,"range":{"start_line":162,"start_character":0,"end_line":162,"end_character":7},"in_reply_to":"9e6d5d7f_7e92b5aa","updated":"2022-08-29 18:32:11.000000000","message":"Done","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"50711fba89a93577dfd410d0fddc9956b2b6089a","unresolved":true,"context_lines":[{"line_number":172,"context_line":"        description\u003d\"Default rule for Project level non admin APIs.\""},{"line_number":173,"context_line":"    )"},{"line_number":174,"context_line":""},{"line_number":175,"context_line":"Using it in policy rule (with admin + member access): (because we want to keep legacy admin behavior same we need to give access of member APIs to admin role too.)"},{"line_number":176,"context_line":""},{"line_number":177,"context_line":".. code-block:: python"},{"line_number":178,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"ad406b76_0f2de2d5","line":175,"range":{"start_line":175,"start_character":101,"end_line":175,"end_character":105},"updated":"2022-08-29 15:46:44.000000000","message":"I would just s/same/,/","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"50711fba89a93577dfd410d0fddc9956b2b6089a","unresolved":true,"context_lines":[{"line_number":172,"context_line":"        description\u003d\"Default rule for Project level non admin APIs.\""},{"line_number":173,"context_line":"    )"},{"line_number":174,"context_line":""},{"line_number":175,"context_line":"Using it in policy rule (with admin + member access): (because we want to keep legacy admin behavior same we need to give access of member APIs to admin role too.)"},{"line_number":176,"context_line":""},{"line_number":177,"context_line":".. code-block:: python"},{"line_number":178,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"d95c0c7b_4b967123","line":175,"range":{"start_line":175,"start_character":129,"end_line":175,"end_character":131},"updated":"2022-08-29 15:46:44.000000000","message":"s/of/to/","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"9ff5811a2f38ea9fbbbbdd65e965df2c7759c427","unresolved":false,"context_lines":[{"line_number":172,"context_line":"        description\u003d\"Default rule for Project level non admin APIs.\""},{"line_number":173,"context_line":"    )"},{"line_number":174,"context_line":""},{"line_number":175,"context_line":"Using it in policy rule (with admin + member access): (because we want to keep legacy admin behavior same we need to give access of member APIs to admin role too.)"},{"line_number":176,"context_line":""},{"line_number":177,"context_line":".. code-block:: python"},{"line_number":178,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"2ecbdba4_92678653","line":175,"range":{"start_line":175,"start_character":101,"end_line":175,"end_character":105},"in_reply_to":"ad406b76_0f2de2d5","updated":"2022-08-29 18:32:11.000000000","message":"Done","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"9ff5811a2f38ea9fbbbbdd65e965df2c7759c427","unresolved":false,"context_lines":[{"line_number":172,"context_line":"        description\u003d\"Default rule for Project level non admin APIs.\""},{"line_number":173,"context_line":"    )"},{"line_number":174,"context_line":""},{"line_number":175,"context_line":"Using it in policy rule (with admin + member access): (because we want to keep legacy admin behavior same we need to give access of member APIs to admin role too.)"},{"line_number":176,"context_line":""},{"line_number":177,"context_line":".. code-block:: python"},{"line_number":178,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"1b2f1eae_f84ddbac","line":175,"range":{"start_line":175,"start_character":129,"end_line":175,"end_character":131},"in_reply_to":"d95c0c7b_4b967123","updated":"2022-08-29 18:32:11.000000000","message":"Done","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"50711fba89a93577dfd410d0fddc9956b2b6089a","unresolved":true,"context_lines":[{"line_number":244,"context_line":"Nova supports the below combination of scopes and roles where roles can be"},{"line_number":245,"context_line":"overridden in the policy.yaml file but scope is not override-able."},{"line_number":246,"context_line":""},{"line_number":247,"context_line":"#. ADMIN: ``admin`` role on ``project`` scope. This is is administrator to"},{"line_number":248,"context_line":"   perform the admin level operations. Example: enable/disable compute"},{"line_number":249,"context_line":"   service, Live migrate server etc."},{"line_number":250,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"64fc0e59_ba1f2800","line":247,"range":{"start_line":247,"start_character":55,"end_line":247,"end_character":57},"updated":"2022-08-29 15:46:44.000000000","message":"duplicate \"is\" here. Maybe s/is/the/ or s/is/an/","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"9ff5811a2f38ea9fbbbbdd65e965df2c7759c427","unresolved":false,"context_lines":[{"line_number":244,"context_line":"Nova supports the below combination of scopes and roles where roles can be"},{"line_number":245,"context_line":"overridden in the policy.yaml file but scope is not override-able."},{"line_number":246,"context_line":""},{"line_number":247,"context_line":"#. ADMIN: ``admin`` role on ``project`` scope. This is is administrator to"},{"line_number":248,"context_line":"   perform the admin level operations. Example: enable/disable compute"},{"line_number":249,"context_line":"   service, Live migrate server etc."},{"line_number":250,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"ed2ff8a8_c8b849f5","line":247,"range":{"start_line":247,"start_character":55,"end_line":247,"end_character":57},"in_reply_to":"64fc0e59_ba1f2800","updated":"2022-08-29 18:32:11.000000000","message":"Done","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"50711fba89a93577dfd410d0fddc9956b2b6089a","unresolved":true,"context_lines":[{"line_number":255,"context_line":"   read-only operation within project. For example: Get server."},{"line_number":256,"context_line":""},{"line_number":257,"context_line":"#. PROJECT_MEMBER_OR_ADMIN: ``admin`` or ``member`` role on ``project`` scope.    Such policy rules are default to most of the owner level APIs and aling"},{"line_number":258,"context_line":"   with `member` role legacy admin continue to access those APIs."},{"line_number":259,"context_line":""},{"line_number":260,"context_line":"#. PROJECT_READER_OR_ADMIN: ``admin`` or ``reader`` role on ``project`` scope.    Such policy rules are default to most of the read only APIs so that legacy"},{"line_number":261,"context_line":"   admin continue to access those APIs."}],"source_content_type":"text/x-rst","patch_set":3,"id":"79e13eba_aa4ac0cf","line":258,"range":{"start_line":258,"start_character":35,"end_line":258,"end_character":43},"updated":"2022-08-29 15:46:44.000000000","message":"\"can continue\"","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"9ff5811a2f38ea9fbbbbdd65e965df2c7759c427","unresolved":false,"context_lines":[{"line_number":255,"context_line":"   read-only operation within project. For example: Get server."},{"line_number":256,"context_line":""},{"line_number":257,"context_line":"#. PROJECT_MEMBER_OR_ADMIN: ``admin`` or ``member`` role on ``project`` scope.    Such policy rules are default to most of the owner level APIs and aling"},{"line_number":258,"context_line":"   with `member` role legacy admin continue to access those APIs."},{"line_number":259,"context_line":""},{"line_number":260,"context_line":"#. PROJECT_READER_OR_ADMIN: ``admin`` or ``reader`` role on ``project`` scope.    Such policy rules are default to most of the read only APIs so that legacy"},{"line_number":261,"context_line":"   admin continue to access those APIs."}],"source_content_type":"text/x-rst","patch_set":3,"id":"85ae1a7c_2241d5cf","line":258,"range":{"start_line":258,"start_character":35,"end_line":258,"end_character":43},"in_reply_to":"79e13eba_aa4ac0cf","updated":"2022-08-29 18:32:11.000000000","message":"Done","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"50711fba89a93577dfd410d0fddc9956b2b6089a","unresolved":true,"context_lines":[{"line_number":258,"context_line":"   with `member` role legacy admin continue to access those APIs."},{"line_number":259,"context_line":""},{"line_number":260,"context_line":"#. PROJECT_READER_OR_ADMIN: ``admin`` or ``reader`` role on ``project`` scope.    Such policy rules are default to most of the read only APIs so that legacy"},{"line_number":261,"context_line":"   admin continue to access those APIs."},{"line_number":262,"context_line":""},{"line_number":263,"context_line":"Backward Compatibility"},{"line_number":264,"context_line":"----------------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"7bafa178_3c92aaf3","line":261,"range":{"start_line":261,"start_character":9,"end_line":261,"end_character":17},"updated":"2022-08-29 15:46:44.000000000","message":"ditto","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"9ff5811a2f38ea9fbbbbdd65e965df2c7759c427","unresolved":false,"context_lines":[{"line_number":258,"context_line":"   with `member` role legacy admin continue to access those APIs."},{"line_number":259,"context_line":""},{"line_number":260,"context_line":"#. PROJECT_READER_OR_ADMIN: ``admin`` or ``reader`` role on ``project`` scope.    Such policy rules are default to most of the read only APIs so that legacy"},{"line_number":261,"context_line":"   admin continue to access those APIs."},{"line_number":262,"context_line":""},{"line_number":263,"context_line":"Backward Compatibility"},{"line_number":264,"context_line":"----------------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"1743f4b3_ba0dd40c","line":261,"range":{"start_line":261,"start_character":9,"end_line":261,"end_character":17},"in_reply_to":"7bafa178_3c92aaf3","updated":"2022-08-29 18:32:11.000000000","message":"Done","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"50711fba89a93577dfd410d0fddc9956b2b6089a","unresolved":true,"context_lines":[{"line_number":266,"context_line":"Backward compatibility with versions prior to 21.0.0 (Ussuri) is maintained by"},{"line_number":267,"context_line":"supporting the old defaults and disabling the ``scope_type`` feature by default."},{"line_number":268,"context_line":"This means the old defaults and deployments that use them will keep working"},{"line_number":269,"context_line":"as-is. However, we encourage every deployment to switch to new policy. The"},{"line_number":270,"context_line":"new defaults will be enabled by default in OpenStack 2023.1 (Nova 27.0.0)"},{"line_number":271,"context_line":"release and old defaults will be removed starting in the OpenStack 2023.2"},{"line_number":272,"context_line":"(Nova 28.0.0) release."}],"source_content_type":"text/x-rst","patch_set":3,"id":"ca818d32_46e9974f","line":269,"range":{"start_line":269,"start_character":59,"end_line":269,"end_character":62},"updated":"2022-08-29 15:46:44.000000000","message":"\"the new\"","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"9ff5811a2f38ea9fbbbbdd65e965df2c7759c427","unresolved":false,"context_lines":[{"line_number":266,"context_line":"Backward compatibility with versions prior to 21.0.0 (Ussuri) is maintained by"},{"line_number":267,"context_line":"supporting the old defaults and disabling the ``scope_type`` feature by default."},{"line_number":268,"context_line":"This means the old defaults and deployments that use them will keep working"},{"line_number":269,"context_line":"as-is. However, we encourage every deployment to switch to new policy. The"},{"line_number":270,"context_line":"new defaults will be enabled by default in OpenStack 2023.1 (Nova 27.0.0)"},{"line_number":271,"context_line":"release and old defaults will be removed starting in the OpenStack 2023.2"},{"line_number":272,"context_line":"(Nova 28.0.0) release."}],"source_content_type":"text/x-rst","patch_set":3,"id":"269d360f_5b58ac66","line":269,"range":{"start_line":269,"start_character":59,"end_line":269,"end_character":62},"in_reply_to":"ca818d32_46e9974f","updated":"2022-08-29 18:32:11.000000000","message":"Done","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"50711fba89a93577dfd410d0fddc9956b2b6089a","unresolved":true,"context_lines":[{"line_number":344,"context_line":"|                    |                           |Read            |           |"},{"line_number":345,"context_line":"+--------------------+---------------------------+----------------+-----------+"},{"line_number":346,"context_line":""},{"line_number":347,"context_line":"We expect all deployments to migrate to new policy by OpenStack 2023.1 (Nova"},{"line_number":348,"context_line":"27.0.0) release so that we can remove the support of old policies."}],"source_content_type":"text/x-rst","patch_set":3,"id":"10cede97_d4be7126","line":347,"updated":"2022-08-29 15:46:44.000000000","message":"\"the new\"","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"9ff5811a2f38ea9fbbbbdd65e965df2c7759c427","unresolved":false,"context_lines":[{"line_number":344,"context_line":"|                    |                           |Read            |           |"},{"line_number":345,"context_line":"+--------------------+---------------------------+----------------+-----------+"},{"line_number":346,"context_line":""},{"line_number":347,"context_line":"We expect all deployments to migrate to new policy by OpenStack 2023.1 (Nova"},{"line_number":348,"context_line":"27.0.0) release so that we can remove the support of old policies."}],"source_content_type":"text/x-rst","patch_set":3,"id":"5b0946cf_b1c772cd","line":347,"in_reply_to":"10cede97_d4be7126","updated":"2022-08-29 18:32:11.000000000","message":"Done","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"756e6dc4427549d01b34df487385ef84d374d1aa","unresolved":true,"context_lines":[{"line_number":69,"context_line":"     and is not overridable via the policy file."},{"line_number":70,"context_line":""},{"line_number":71,"context_line":"Nova policies have implemented the scope concept by defining the ``scope_type``"},{"line_number":72,"context_line":"for all the policies to ``project`` scoped. It means if user try to access"},{"line_number":73,"context_line":"nova APIs with ``system`` scoped token they will get 403 permission denied"},{"line_number":74,"context_line":"error."},{"line_number":75,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"3bd3212b_82f87909","line":72,"range":{"start_line":72,"start_character":61,"end_line":72,"end_character":64},"updated":"2022-08-29 19:32:01.000000000","message":"\"tries\"\n\nSorry I missed this earlier.","commit_id":"c10aaec3b1fc5fa59201b2efe95131e76328a03b"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"a72e29a83b7b072734de7398c4fae41f29594bca","unresolved":false,"context_lines":[{"line_number":69,"context_line":"     and is not overridable via the policy file."},{"line_number":70,"context_line":""},{"line_number":71,"context_line":"Nova policies have implemented the scope concept by defining the ``scope_type``"},{"line_number":72,"context_line":"for all the policies to ``project`` scoped. It means if user try to access"},{"line_number":73,"context_line":"nova APIs with ``system`` scoped token they will get 403 permission denied"},{"line_number":74,"context_line":"error."},{"line_number":75,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"cfbea82f_8641bcc3","line":72,"range":{"start_line":72,"start_character":61,"end_line":72,"end_character":64},"in_reply_to":"3bd3212b_82f87909","updated":"2022-08-29 20:14:13.000000000","message":"Done","commit_id":"c10aaec3b1fc5fa59201b2efe95131e76328a03b"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"756e6dc4427549d01b34df487385ef84d374d1aa","unresolved":true,"context_lines":[{"line_number":172,"context_line":"        description\u003d\"Default rule for Project level non admin APIs.\""},{"line_number":173,"context_line":"    )"},{"line_number":174,"context_line":""},{"line_number":175,"context_line":"Using it in policy rule (with admin + member access): (because we want to keep legacy admin behavior, we need to give member APIs access to admin role too.)"},{"line_number":176,"context_line":""},{"line_number":177,"context_line":".. code-block:: python"},{"line_number":178,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"6f76f20a_9863ed16","line":175,"range":{"start_line":175,"start_character":113,"end_line":175,"end_character":150},"updated":"2022-08-29 19:32:01.000000000","message":"This doesn\u0027t really make sense. You don\u0027t give an API access to the admin role, you get an admin role access to an API.\n\nI think people will understand what you meant, so not critical, but maybe if there\u0027s a follow-up...","commit_id":"c10aaec3b1fc5fa59201b2efe95131e76328a03b"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"a72e29a83b7b072734de7398c4fae41f29594bca","unresolved":false,"context_lines":[{"line_number":172,"context_line":"        description\u003d\"Default rule for Project level non admin APIs.\""},{"line_number":173,"context_line":"    )"},{"line_number":174,"context_line":""},{"line_number":175,"context_line":"Using it in policy rule (with admin + member access): (because we want to keep legacy admin behavior, we need to give member APIs access to admin role too.)"},{"line_number":176,"context_line":""},{"line_number":177,"context_line":".. code-block:: python"},{"line_number":178,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"75561e03_f80c57bc","line":175,"range":{"start_line":175,"start_character":113,"end_line":175,"end_character":150},"in_reply_to":"6f76f20a_9863ed16","updated":"2022-08-29 20:14:13.000000000","message":"ok, clarifying it in better way.","commit_id":"c10aaec3b1fc5fa59201b2efe95131e76328a03b"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"756e6dc4427549d01b34df487385ef84d374d1aa","unresolved":true,"context_lines":[{"line_number":329,"context_line":"NOTE::"},{"line_number":330,"context_line":""},{"line_number":331,"context_line":"  We recommend to enable the both scope as well new defaults together"},{"line_number":332,"context_line":"  otherwise you may experience some late failure with unclear error"},{"line_number":333,"context_line":"  message. For example, if you enable new default and disable scope check"},{"line_number":334,"context_line":"  then it allow system users to access the APIs but fail later due to"},{"line_number":335,"context_line":"  project check which can be difficult to debug."}],"source_content_type":"text/x-rst","patch_set":4,"id":"991a313c_36575737","line":332,"range":{"start_line":332,"start_character":41,"end_line":332,"end_character":48},"updated":"2022-08-29 19:32:01.000000000","message":"\"failures\"","commit_id":"c10aaec3b1fc5fa59201b2efe95131e76328a03b"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"a72e29a83b7b072734de7398c4fae41f29594bca","unresolved":false,"context_lines":[{"line_number":329,"context_line":"NOTE::"},{"line_number":330,"context_line":""},{"line_number":331,"context_line":"  We recommend to enable the both scope as well new defaults together"},{"line_number":332,"context_line":"  otherwise you may experience some late failure with unclear error"},{"line_number":333,"context_line":"  message. For example, if you enable new default and disable scope check"},{"line_number":334,"context_line":"  then it allow system users to access the APIs but fail later due to"},{"line_number":335,"context_line":"  project check which can be difficult to debug."}],"source_content_type":"text/x-rst","patch_set":4,"id":"91ce63fb_966fd41d","line":332,"range":{"start_line":332,"start_character":41,"end_line":332,"end_character":48},"in_reply_to":"991a313c_36575737","updated":"2022-08-29 20:14:13.000000000","message":"Done","commit_id":"c10aaec3b1fc5fa59201b2efe95131e76328a03b"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"756e6dc4427549d01b34df487385ef84d374d1aa","unresolved":true,"context_lines":[{"line_number":330,"context_line":""},{"line_number":331,"context_line":"  We recommend to enable the both scope as well new defaults together"},{"line_number":332,"context_line":"  otherwise you may experience some late failure with unclear error"},{"line_number":333,"context_line":"  message. For example, if you enable new default and disable scope check"},{"line_number":334,"context_line":"  then it allow system users to access the APIs but fail later due to"},{"line_number":335,"context_line":"  project check which can be difficult to debug."},{"line_number":336,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"2ab0a0e3_c16ba3eb","line":333,"range":{"start_line":333,"start_character":42,"end_line":333,"end_character":49},"updated":"2022-08-29 19:32:01.000000000","message":"\"defaults\"","commit_id":"c10aaec3b1fc5fa59201b2efe95131e76328a03b"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"756e6dc4427549d01b34df487385ef84d374d1aa","unresolved":true,"context_lines":[{"line_number":330,"context_line":""},{"line_number":331,"context_line":"  We recommend to enable the both scope as well new defaults together"},{"line_number":332,"context_line":"  otherwise you may experience some late failure with unclear error"},{"line_number":333,"context_line":"  message. For example, if you enable new default and disable scope check"},{"line_number":334,"context_line":"  then it allow system users to access the APIs but fail later due to"},{"line_number":335,"context_line":"  project check which can be difficult to debug."},{"line_number":336,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"df69b39c_448f2474","line":333,"range":{"start_line":333,"start_character":2,"end_line":333,"end_character":9},"updated":"2022-08-29 19:32:01.000000000","message":"\"messages\"","commit_id":"c10aaec3b1fc5fa59201b2efe95131e76328a03b"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"a72e29a83b7b072734de7398c4fae41f29594bca","unresolved":false,"context_lines":[{"line_number":330,"context_line":""},{"line_number":331,"context_line":"  We recommend to enable the both scope as well new defaults together"},{"line_number":332,"context_line":"  otherwise you may experience some late failure with unclear error"},{"line_number":333,"context_line":"  message. For example, if you enable new default and disable scope check"},{"line_number":334,"context_line":"  then it allow system users to access the APIs but fail later due to"},{"line_number":335,"context_line":"  project check which can be difficult to debug."},{"line_number":336,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"2faf06b4_1222b7df","line":333,"range":{"start_line":333,"start_character":42,"end_line":333,"end_character":49},"in_reply_to":"2ab0a0e3_c16ba3eb","updated":"2022-08-29 20:14:13.000000000","message":"Done","commit_id":"c10aaec3b1fc5fa59201b2efe95131e76328a03b"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"a72e29a83b7b072734de7398c4fae41f29594bca","unresolved":false,"context_lines":[{"line_number":330,"context_line":""},{"line_number":331,"context_line":"  We recommend to enable the both scope as well new defaults together"},{"line_number":332,"context_line":"  otherwise you may experience some late failure with unclear error"},{"line_number":333,"context_line":"  message. For example, if you enable new default and disable scope check"},{"line_number":334,"context_line":"  then it allow system users to access the APIs but fail later due to"},{"line_number":335,"context_line":"  project check which can be difficult to debug."},{"line_number":336,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"2644e56a_1ccd254e","line":333,"range":{"start_line":333,"start_character":2,"end_line":333,"end_character":9},"in_reply_to":"df69b39c_448f2474","updated":"2022-08-29 20:14:13.000000000","message":"Done","commit_id":"c10aaec3b1fc5fa59201b2efe95131e76328a03b"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"756e6dc4427549d01b34df487385ef84d374d1aa","unresolved":true,"context_lines":[{"line_number":331,"context_line":"  We recommend to enable the both scope as well new defaults together"},{"line_number":332,"context_line":"  otherwise you may experience some late failure with unclear error"},{"line_number":333,"context_line":"  message. For example, if you enable new default and disable scope check"},{"line_number":334,"context_line":"  then it allow system users to access the APIs but fail later due to"},{"line_number":335,"context_line":"  project check which can be difficult to debug."},{"line_number":336,"context_line":""},{"line_number":337,"context_line":"Below table show how legacy rules are mapped to new rules:"}],"source_content_type":"text/x-rst","patch_set":4,"id":"670a227b_814718fd","line":334,"range":{"start_line":334,"start_character":10,"end_line":334,"end_character":15},"updated":"2022-08-29 19:32:01.000000000","message":"\"will allow\"","commit_id":"c10aaec3b1fc5fa59201b2efe95131e76328a03b"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"a72e29a83b7b072734de7398c4fae41f29594bca","unresolved":false,"context_lines":[{"line_number":331,"context_line":"  We recommend to enable the both scope as well new defaults together"},{"line_number":332,"context_line":"  otherwise you may experience some late failure with unclear error"},{"line_number":333,"context_line":"  message. For example, if you enable new default and disable scope check"},{"line_number":334,"context_line":"  then it allow system users to access the APIs but fail later due to"},{"line_number":335,"context_line":"  project check which can be difficult to debug."},{"line_number":336,"context_line":""},{"line_number":337,"context_line":"Below table show how legacy rules are mapped to new rules:"}],"source_content_type":"text/x-rst","patch_set":4,"id":"f784aa70_9763ca0a","line":334,"range":{"start_line":334,"start_character":10,"end_line":334,"end_character":15},"in_reply_to":"670a227b_814718fd","updated":"2022-08-29 20:14:13.000000000","message":"Done","commit_id":"c10aaec3b1fc5fa59201b2efe95131e76328a03b"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"756e6dc4427549d01b34df487385ef84d374d1aa","unresolved":true,"context_lines":[{"line_number":332,"context_line":"  otherwise you may experience some late failure with unclear error"},{"line_number":333,"context_line":"  message. For example, if you enable new default and disable scope check"},{"line_number":334,"context_line":"  then it allow system users to access the APIs but fail later due to"},{"line_number":335,"context_line":"  project check which can be difficult to debug."},{"line_number":336,"context_line":""},{"line_number":337,"context_line":"Below table show how legacy rules are mapped to new rules:"},{"line_number":338,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"c2b81480_681a743f","line":335,"range":{"start_line":335,"start_character":2,"end_line":335,"end_character":9},"updated":"2022-08-29 19:32:01.000000000","message":"\"the project\" or \"a project\"","commit_id":"c10aaec3b1fc5fa59201b2efe95131e76328a03b"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"a72e29a83b7b072734de7398c4fae41f29594bca","unresolved":false,"context_lines":[{"line_number":332,"context_line":"  otherwise you may experience some late failure with unclear error"},{"line_number":333,"context_line":"  message. For example, if you enable new default and disable scope check"},{"line_number":334,"context_line":"  then it allow system users to access the APIs but fail later due to"},{"line_number":335,"context_line":"  project check which can be difficult to debug."},{"line_number":336,"context_line":""},{"line_number":337,"context_line":"Below table show how legacy rules are mapped to new rules:"},{"line_number":338,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"c061ce86_021ad3b5","line":335,"range":{"start_line":335,"start_character":2,"end_line":335,"end_character":9},"in_reply_to":"c2b81480_681a743f","updated":"2022-08-29 20:14:13.000000000","message":"Done","commit_id":"c10aaec3b1fc5fa59201b2efe95131e76328a03b"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"25ed589cedc61c0267c608bd35ba0f45026e1a25","unresolved":true,"context_lines":[{"line_number":270,"context_line":"new defaults will be enabled by default in OpenStack 2023.1 (Nova 27.0.0)"},{"line_number":271,"context_line":"release and old defaults will be removed starting in the OpenStack 2023.2"},{"line_number":272,"context_line":"(Nova 28.0.0) release."},{"line_number":273,"context_line":""},{"line_number":274,"context_line":"To implement the new default reader roles, some policies needed to become"},{"line_number":275,"context_line":"granular. They have been renamed, with the old names still supported for"},{"line_number":276,"context_line":"backwards compatibility."}],"source_content_type":"text/x-rst","patch_set":5,"id":"68661acc_b11dc2ac","line":273,"updated":"2022-08-29 21:27:09.000000000","message":"ack the AA release will serve as the deprecation notice for the new lifecycle and we can remove the old polciy rules in BB","commit_id":"69034568205839830c73d0ffe6ec19dd866140ce"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"25ed589cedc61c0267c608bd35ba0f45026e1a25","unresolved":true,"context_lines":[{"line_number":333,"context_line":"  messages. For example, if you enable new defaults and disable scope"},{"line_number":334,"context_line":"  check then it will allow system users to access the APIs but fail"},{"line_number":335,"context_line":"  later due to the project check which can be difficult to debug."},{"line_number":336,"context_line":""},{"line_number":337,"context_line":"Below table show how legacy rules are mapped to new rules:"},{"line_number":338,"context_line":""},{"line_number":339,"context_line":"+--------------------+---------------------------+----------------+-----------+"}],"source_content_type":"text/x-rst","patch_set":5,"id":"f123eb2e_12b9d07f","line":336,"updated":"2022-08-29 21:27:09.000000000","message":"i was a little confused by this.\n\ni realised after that while nova no longer has use of system scoped users keystone and ironic do so this makes sense.","commit_id":"69034568205839830c73d0ffe6ec19dd866140ce"}],"releasenotes/notes/project-reader-rbac-8a1d11b3b2e776fd.yaml":[{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"50711fba89a93577dfd410d0fddc9956b2b6089a","unresolved":true,"context_lines":[{"line_number":5,"context_line":"    API policy is scoped to project. This means that system scoped users"},{"line_number":6,"context_line":"    will get 403 permission denied error."},{"line_number":7,"context_line":""},{"line_number":8,"context_line":"    Also, project reader role is ready to use. User with reader role can"},{"line_number":9,"context_line":"    only access the read-only operations within their project. This role"},{"line_number":10,"context_line":"    can be used for the audit purpose."},{"line_number":11,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":3,"id":"ae533450_b9e81dcf","line":8,"range":{"start_line":8,"start_character":47,"end_line":8,"end_character":51},"updated":"2022-08-29 15:46:44.000000000","message":"\"Users\"","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"50711fba89a93577dfd410d0fddc9956b2b6089a","unresolved":true,"context_lines":[{"line_number":5,"context_line":"    API policy is scoped to project. This means that system scoped users"},{"line_number":6,"context_line":"    will get 403 permission denied error."},{"line_number":7,"context_line":""},{"line_number":8,"context_line":"    Also, project reader role is ready to use. User with reader role can"},{"line_number":9,"context_line":"    only access the read-only operations within their project. This role"},{"line_number":10,"context_line":"    can be used for the audit purpose."},{"line_number":11,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":3,"id":"a8ac47a7_793de03c","line":8,"range":{"start_line":8,"start_character":10,"end_line":8,"end_character":17},"updated":"2022-08-29 15:46:44.000000000","message":"\"the project\"","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"9ff5811a2f38ea9fbbbbdd65e965df2c7759c427","unresolved":false,"context_lines":[{"line_number":5,"context_line":"    API policy is scoped to project. This means that system scoped users"},{"line_number":6,"context_line":"    will get 403 permission denied error."},{"line_number":7,"context_line":""},{"line_number":8,"context_line":"    Also, project reader role is ready to use. User with reader role can"},{"line_number":9,"context_line":"    only access the read-only operations within their project. This role"},{"line_number":10,"context_line":"    can be used for the audit purpose."},{"line_number":11,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":3,"id":"ab55ba81_12ae2a72","line":8,"range":{"start_line":8,"start_character":10,"end_line":8,"end_character":17},"in_reply_to":"a8ac47a7_793de03c","updated":"2022-08-29 18:32:11.000000000","message":"Done","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"9ff5811a2f38ea9fbbbbdd65e965df2c7759c427","unresolved":false,"context_lines":[{"line_number":5,"context_line":"    API policy is scoped to project. This means that system scoped users"},{"line_number":6,"context_line":"    will get 403 permission denied error."},{"line_number":7,"context_line":""},{"line_number":8,"context_line":"    Also, project reader role is ready to use. User with reader role can"},{"line_number":9,"context_line":"    only access the read-only operations within their project. This role"},{"line_number":10,"context_line":"    can be used for the audit purpose."},{"line_number":11,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":3,"id":"aceff1fa_e5b42150","line":8,"range":{"start_line":8,"start_character":47,"end_line":8,"end_character":51},"in_reply_to":"ae533450_b9e81dcf","updated":"2022-08-29 18:32:11.000000000","message":"Done","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"50711fba89a93577dfd410d0fddc9956b2b6089a","unresolved":true,"context_lines":[{"line_number":6,"context_line":"    will get 403 permission denied error."},{"line_number":7,"context_line":""},{"line_number":8,"context_line":"    Also, project reader role is ready to use. User with reader role can"},{"line_number":9,"context_line":"    only access the read-only operations within their project. This role"},{"line_number":10,"context_line":"    can be used for the audit purpose."},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"    Currently, nova supports below roles:"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"75332fd1_daf145b6","line":9,"range":{"start_line":9,"start_character":9,"end_line":9,"end_character":19},"updated":"2022-08-29 15:46:44.000000000","message":"I think \"perform\" would sound better here.","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"9ff5811a2f38ea9fbbbbdd65e965df2c7759c427","unresolved":false,"context_lines":[{"line_number":6,"context_line":"    will get 403 permission denied error."},{"line_number":7,"context_line":""},{"line_number":8,"context_line":"    Also, project reader role is ready to use. User with reader role can"},{"line_number":9,"context_line":"    only access the read-only operations within their project. This role"},{"line_number":10,"context_line":"    can be used for the audit purpose."},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"    Currently, nova supports below roles:"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"9f23d85c_3a84d211","line":9,"range":{"start_line":9,"start_character":9,"end_line":9,"end_character":19},"in_reply_to":"75332fd1_daf145b6","updated":"2022-08-29 18:32:11.000000000","message":"Done","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"50711fba89a93577dfd410d0fddc9956b2b6089a","unresolved":true,"context_lines":[{"line_number":7,"context_line":""},{"line_number":8,"context_line":"    Also, project reader role is ready to use. User with reader role can"},{"line_number":9,"context_line":"    only access the read-only operations within their project. This role"},{"line_number":10,"context_line":"    can be used for the audit purpose."},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"    Currently, nova supports below roles:"},{"line_number":13,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":3,"id":"78c9f5e2_f55e00b3","line":10,"range":{"start_line":10,"start_character":30,"end_line":10,"end_character":37},"updated":"2022-08-29 15:46:44.000000000","message":"\"purposes\"","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"9ff5811a2f38ea9fbbbbdd65e965df2c7759c427","unresolved":false,"context_lines":[{"line_number":7,"context_line":""},{"line_number":8,"context_line":"    Also, project reader role is ready to use. User with reader role can"},{"line_number":9,"context_line":"    only access the read-only operations within their project. This role"},{"line_number":10,"context_line":"    can be used for the audit purpose."},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"    Currently, nova supports below roles:"},{"line_number":13,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":3,"id":"6a2a87c3_455d5f9b","line":10,"range":{"start_line":10,"start_character":30,"end_line":10,"end_character":37},"in_reply_to":"78c9f5e2_f55e00b3","updated":"2022-08-29 18:32:11.000000000","message":"Done","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"50711fba89a93577dfd410d0fddc9956b2b6089a","unresolved":true,"context_lines":[{"line_number":9,"context_line":"    only access the read-only operations within their project. This role"},{"line_number":10,"context_line":"    can be used for the audit purpose."},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"    Currently, nova supports below roles:"},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"    * ``admin`` (Legacy admin)"},{"line_number":15,"context_line":"    * ``project member``"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"465e9ba6_b5f2ff28","line":12,"range":{"start_line":12,"start_character":29,"end_line":12,"end_character":34},"updated":"2022-08-29 15:46:44.000000000","message":"\"these\" or \"the following\"","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"9ff5811a2f38ea9fbbbbdd65e965df2c7759c427","unresolved":false,"context_lines":[{"line_number":9,"context_line":"    only access the read-only operations within their project. This role"},{"line_number":10,"context_line":"    can be used for the audit purpose."},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"    Currently, nova supports below roles:"},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"    * ``admin`` (Legacy admin)"},{"line_number":15,"context_line":"    * ``project member``"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"5a9822b1_154b14f6","line":12,"range":{"start_line":12,"start_character":29,"end_line":12,"end_character":34},"in_reply_to":"465e9ba6_b5f2ff28","updated":"2022-08-29 18:32:11.000000000","message":"Done","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"50711fba89a93577dfd410d0fddc9956b2b6089a","unresolved":true,"context_lines":[{"line_number":15,"context_line":"    * ``project member``"},{"line_number":16,"context_line":"    * ``project reader``"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"    For the details on what changed from the existing policy, please refer the"},{"line_number":19,"context_line":"    `RBAC new guidelines`_. We have implemented only phase-1 of the"},{"line_number":20,"context_line":"    `RBAC new guidelines`_."},{"line_number":21,"context_line":"    Currently, scope checks and new defaults are disabled by default. You can"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"7786851e_dc77684c","line":18,"range":{"start_line":18,"start_character":69,"end_line":18,"end_character":74},"updated":"2022-08-29 15:46:44.000000000","message":"\"refer to\"","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"9ff5811a2f38ea9fbbbbdd65e965df2c7759c427","unresolved":false,"context_lines":[{"line_number":15,"context_line":"    * ``project member``"},{"line_number":16,"context_line":"    * ``project reader``"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"    For the details on what changed from the existing policy, please refer the"},{"line_number":19,"context_line":"    `RBAC new guidelines`_. We have implemented only phase-1 of the"},{"line_number":20,"context_line":"    `RBAC new guidelines`_."},{"line_number":21,"context_line":"    Currently, scope checks and new defaults are disabled by default. You can"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"6aeace25_ee4ffd76","line":18,"range":{"start_line":18,"start_character":69,"end_line":18,"end_character":74},"in_reply_to":"7786851e_dc77684c","updated":"2022-08-29 18:32:11.000000000","message":"Done","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"50711fba89a93577dfd410d0fddc9956b2b6089a","unresolved":true,"context_lines":[{"line_number":23,"context_line":""},{"line_number":24,"context_line":"      [oslo_policy]"},{"line_number":25,"context_line":"      enforce_new_defaults\u003dTrue"},{"line_number":26,"context_line":"      enforce_scope\u003dTrue"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"    Please refer `Policy New Defaults`_ for detail about policy new defaults"},{"line_number":29,"context_line":"    and migration plan."}],"source_content_type":"text/x-yaml","patch_set":3,"id":"78080bf9_f27b8237","line":26,"range":{"start_line":26,"start_character":6,"end_line":26,"end_character":24},"updated":"2022-08-29 15:46:44.000000000","message":"I wonder if it\u0027s worth noting something about enabling the new defaults without the scope check is likely to allow system-scoped users to get part way through an API call and fail late due to a project check? Or maybe just recommend that they be enabled together and not explain why?","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"9ff5811a2f38ea9fbbbbdd65e965df2c7759c427","unresolved":false,"context_lines":[{"line_number":23,"context_line":""},{"line_number":24,"context_line":"      [oslo_policy]"},{"line_number":25,"context_line":"      enforce_new_defaults\u003dTrue"},{"line_number":26,"context_line":"      enforce_scope\u003dTrue"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"    Please refer `Policy New Defaults`_ for detail about policy new defaults"},{"line_number":29,"context_line":"    and migration plan."}],"source_content_type":"text/x-yaml","patch_set":3,"id":"ed5ad9e8_2458abe2","line":26,"range":{"start_line":26,"start_character":6,"end_line":26,"end_character":24},"in_reply_to":"78080bf9_f27b8237","updated":"2022-08-29 18:32:11.000000000","message":"point, i think I can mention these in policy-concept doc too.","commit_id":"18408297a7f2633e6770063390e07b6248ddff48"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"756e6dc4427549d01b34df487385ef84d374d1aa","unresolved":true,"context_lines":[{"line_number":26,"context_line":"      enforce_scope\u003dTrue"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"    We recommend to enable the both scope as well new defaults together"},{"line_number":29,"context_line":"    otherwise you may experience some late failure with unclear error message."},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"    Please refer `Policy New Defaults`_ for detail about policy new defaults"},{"line_number":32,"context_line":"    and migration plan."}],"source_content_type":"text/x-yaml","patch_set":4,"id":"73582a3d_111ffdd6","line":29,"range":{"start_line":29,"start_character":43,"end_line":29,"end_character":50},"updated":"2022-08-29 19:32:01.000000000","message":"\"failures\"","commit_id":"c10aaec3b1fc5fa59201b2efe95131e76328a03b"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"756e6dc4427549d01b34df487385ef84d374d1aa","unresolved":true,"context_lines":[{"line_number":26,"context_line":"      enforce_scope\u003dTrue"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"    We recommend to enable the both scope as well new defaults together"},{"line_number":29,"context_line":"    otherwise you may experience some late failure with unclear error message."},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"    Please refer `Policy New Defaults`_ for detail about policy new defaults"},{"line_number":32,"context_line":"    and migration plan."}],"source_content_type":"text/x-yaml","patch_set":4,"id":"f29b6903_4f06172f","line":29,"range":{"start_line":29,"start_character":70,"end_line":29,"end_character":77},"updated":"2022-08-29 19:32:01.000000000","message":"\"messages\"","commit_id":"c10aaec3b1fc5fa59201b2efe95131e76328a03b"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"a72e29a83b7b072734de7398c4fae41f29594bca","unresolved":false,"context_lines":[{"line_number":26,"context_line":"      enforce_scope\u003dTrue"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"    We recommend to enable the both scope as well new defaults together"},{"line_number":29,"context_line":"    otherwise you may experience some late failure with unclear error message."},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"    Please refer `Policy New Defaults`_ for detail about policy new defaults"},{"line_number":32,"context_line":"    and migration plan."}],"source_content_type":"text/x-yaml","patch_set":4,"id":"f81a785c_94eb2a36","line":29,"range":{"start_line":29,"start_character":43,"end_line":29,"end_character":50},"in_reply_to":"73582a3d_111ffdd6","updated":"2022-08-29 20:14:13.000000000","message":"Done","commit_id":"c10aaec3b1fc5fa59201b2efe95131e76328a03b"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"a72e29a83b7b072734de7398c4fae41f29594bca","unresolved":false,"context_lines":[{"line_number":26,"context_line":"      enforce_scope\u003dTrue"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"    We recommend to enable the both scope as well new defaults together"},{"line_number":29,"context_line":"    otherwise you may experience some late failure with unclear error message."},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"    Please refer `Policy New Defaults`_ for detail about policy new defaults"},{"line_number":32,"context_line":"    and migration plan."}],"source_content_type":"text/x-yaml","patch_set":4,"id":"3de0a8f2_18d397bc","line":29,"range":{"start_line":29,"start_character":70,"end_line":29,"end_character":77},"in_reply_to":"f29b6903_4f06172f","updated":"2022-08-29 20:14:13.000000000","message":"Done","commit_id":"c10aaec3b1fc5fa59201b2efe95131e76328a03b"}]}