)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":19234,"name":"Alexey Stupnikov","email":"aleksey.stupnikov@gmail.com","username":"astupnikov"},"change_message_id":"413457aee27db391abd32c40b7e5ce8f9b0e3c03","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"3e8f33fc_e82ab63e","updated":"2023-05-29 13:16:41.000000000","message":"recheck\ngrenade-skip-level-always: web server timeout\nnova-multi-cell: volume detachment timeout","commit_id":"0f3722f97db56eb128ba19639ddec932210e084b"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"312c3a58166b781fa6fef13afba154d5d1cfd7a5","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"f5e99581_76cb7611","updated":"2023-05-29 15:41:55.000000000","message":"This is pretty good for a first pass.\n\nit should have a release note and a test to show that this also works as expected\nif network_caps is not defined in the capabilities.","commit_id":"f22716e226b92ad3526a5b9bd55eace894b19a7f"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"fa501555cbf3db035785ddba2eeb13b79503cd3b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"c327df9e_7a7d6f5a","updated":"2023-10-17 12:36:16.000000000","message":"ah this https://review.opendev.org/c/openstack/nova/+/898435 has not merged yet\n\nthat is the cause fo the fialing jobs so once this is merge we can recheck or rebase this and we should get a clean ci run","commit_id":"82db85758d0e157fde7fa3d83f8a8a8d5bdef16d"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"b7e241593d66db7ddb981e258619520b435aaf6d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"bddd4579_62f8baec","updated":"2023-10-17 11:11:35.000000000","message":"i am happy that this has reached a state where we coudl merge this.\nwe might want to consider updating some docs but i belive the current docs for this live in neutron. https://docs.openstack.org/neutron/latest/admin/config-ovs-offload.html\n\na seperate patch can be written once this merges to remove refence to addign the switchdev capablity to the port\nhttps://docs.openstack.org/neutron/latest/admin/config-ovs-offload.html#validate-open-vswitch-hardware-offloading\n\nthanks for working on this alex.","commit_id":"82db85758d0e157fde7fa3d83f8a8a8d5bdef16d"},{"author":{"_account_id":19234,"name":"Alexey Stupnikov","email":"aleksey.stupnikov@gmail.com","username":"astupnikov"},"change_message_id":"d4024bc9265ebd39bd9c0f0dcb8b143c3a9b46e7","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"dbedd8a1_3dc745e5","updated":"2023-10-17 09:00:00.000000000","message":"recheck lxml-related failures: module seem to be installed, but for some reason it not available for some tests","commit_id":"82db85758d0e157fde7fa3d83f8a8a8d5bdef16d"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"9bc2ec79d0cbb026730169a978973e2225d8a2f6","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"393c2ff1_6276e1f4","updated":"2023-10-17 11:02:03.000000000","message":"the nova-live-migration job was broken yesterday so dont worry about those failures it shoudl pass with the new version","commit_id":"82db85758d0e157fde7fa3d83f8a8a8d5bdef16d"},{"author":{"_account_id":19234,"name":"Alexey Stupnikov","email":"aleksey.stupnikov@gmail.com","username":"astupnikov"},"change_message_id":"6c299027e3eb9655365b09302a6ec83ecafbc826","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"1f8040fa_acba3640","in_reply_to":"bddd4579_62f8baec","updated":"2023-10-17 14:45:41.000000000","message":"Thank you for pointing this out. Indeed, it makes no sense to recommend setting capabilities after this patch is merged. I have uploaded https://review.opendev.org/c/openstack/neutron/+/898556 for review.","commit_id":"82db85758d0e157fde7fa3d83f8a8a8d5bdef16d"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"2b568aa1836d5ed6ab617b82893c18e1c6396e87","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"1595b9c7_5523f8f7","updated":"2023-10-20 12:19:17.000000000","message":"Looks good to me. Thanks Alex!","commit_id":"cef3b5ef2cc1fe983578e4966208cf95fdea5880"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"d572d0594b6b98e2eda9b7b63bc9ae957f7d342f","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"f7181e8d_6643bd66","updated":"2023-10-17 15:59:27.000000000","message":"thanks for the update and docs patch.\nalso you rebased on the ci fix so ci is now passing so readding +2","commit_id":"cef3b5ef2cc1fe983578e4966208cf95fdea5880"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"667e4868e48ca26ba1ce9829724a6f9360db6d0f","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"cba11414_391b7863","updated":"2023-10-19 12:01:00.000000000","message":"thanks,","commit_id":"cef3b5ef2cc1fe983578e4966208cf95fdea5880"}],"releasenotes/notes/translate_vf_network_capabilities_to_port_binding-48abbfe0ce2923cf.yaml":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"b7e241593d66db7ddb981e258619520b435aaf6d","unresolved":true,"context_lines":[{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Previously \"switchdev\" capabilities should be configured manually by a"},{"line_number":5,"context_line":"    user with admin privileges using port\u0027s binding profile. This blocked"},{"line_number":6,"context_line":"    regular users from managing ports with Open vSwitch hardware offloading."},{"line_number":7,"context_line":""},{"line_number":8,"context_line":"    This patch fixes this situation by translating VF capabilities reported"},{"line_number":9,"context_line":"    by Libvirt to Neutron port binding profiles. Other VF capabilities are"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"af3ce1c6_dc3c35d1","line":6,"updated":"2023-10-17 11:11:35.000000000","message":"you could add that exposing the port bining profile via custom policy to non admin is a secuirty risk\n\n\"\"\"\n This blocked\n    regular users from managing ports with Open vSwitch hardware offloading as exposing write access to the binding profile to non admins is a security risk.\n    The binding profile contians the pci_slot which denotes the host\n    pci adress of the device attched to the vm. allowing write access to this would\n    enable an enduser to passthough any host device to the guest. As such this is only viable in a trusted private cloud.\n\"\"\"","commit_id":"82db85758d0e157fde7fa3d83f8a8a8d5bdef16d"},{"author":{"_account_id":19234,"name":"Alexey Stupnikov","email":"aleksey.stupnikov@gmail.com","username":"astupnikov"},"change_message_id":"89ebcfd8002976c7d67eca30b3ba84e58263acf7","unresolved":false,"context_lines":[{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Previously \"switchdev\" capabilities should be configured manually by a"},{"line_number":5,"context_line":"    user with admin privileges using port\u0027s binding profile. This blocked"},{"line_number":6,"context_line":"    regular users from managing ports with Open vSwitch hardware offloading."},{"line_number":7,"context_line":""},{"line_number":8,"context_line":"    This patch fixes this situation by translating VF capabilities reported"},{"line_number":9,"context_line":"    by Libvirt to Neutron port binding profiles. Other VF capabilities are"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"84622cfa_bf7eeb51","line":6,"in_reply_to":"af3ce1c6_dc3c35d1","updated":"2023-10-17 13:31:10.000000000","message":"Done","commit_id":"82db85758d0e157fde7fa3d83f8a8a8d5bdef16d"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"d572d0594b6b98e2eda9b7b63bc9ae957f7d342f","unresolved":true,"context_lines":[{"line_number":9,"context_line":"    ``pci_slot`` definition, which denotes the host PCI address of the"},{"line_number":10,"context_line":"    device attached to the VM. A malicious user can use this parameter to"},{"line_number":11,"context_line":"    passthrough any host device to a guest, so it is impossible to provide"},{"line_number":12,"context_line":"    write access to a binding profile to regular users in many scenarios."},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"    This patch fixes this situation by translating VF capabilities reported"},{"line_number":15,"context_line":"    by Libvirt to Neutron port binding profiles. Other VF capabilities are"}],"source_content_type":"text/x-yaml","patch_set":6,"id":"ad5e85c0_afd502a1","line":12,"updated":"2023-10-17 15:59:27.000000000","message":"+1","commit_id":"cef3b5ef2cc1fe983578e4966208cf95fdea5880"}]}