)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"7cc760228531bcd44d0fa25183eed48f0e1c387d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"2cbad905_50318d19","updated":"2023-12-13 03:45:35.000000000","message":"Minor things inline. The main thing I saw is I\u0027m pretty sure one of the CLI command examples is supposed to be \"delete\".","commit_id":"cef74cbd1087f00ac30ab5ea4ab32836543bbc3f"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"1d90fb07201f7b5c046a67c9bb7c45e846cda25f","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"c4ec6438_c5dc0f18","updated":"2023-12-13 12:51:10.000000000","message":"Thanks for the review, @melwitt. Addressed everything I think. I pushed them as a follow-up to keep @bauzas\u0027 +2. I assume you can probably ninja approve that one.","commit_id":"cef74cbd1087f00ac30ab5ea4ab32836543bbc3f"},{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"50f613eea98e05b3eb7dcafc688e1a42bc8b01ef","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"30310d36_a2c16e55","updated":"2023-12-13 20:15:14.000000000","message":"This is good stuff to add to our docs, thanks for writing it up!\n\nMy comments have been addressed in the followup patch [1], so LGTM\n\n[1] https://review.opendev.org/c/openstack/nova/+/903590","commit_id":"cef74cbd1087f00ac30ab5ea4ab32836543bbc3f"}],"doc/source/user/security-groups.rst":[{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"7cc760228531bcd44d0fa25183eed48f0e1c387d","unresolved":true,"context_lines":[{"line_number":9,"context_line":""},{"line_number":10,"context_line":"All projects have a ``default`` security group which is applied to any port"},{"line_number":11,"context_line":"that has no other defined security group. Unless you change the default, this"},{"line_number":12,"context_line":"security group denies all incoming traffic and allows only outgoing traffic to"},{"line_number":13,"context_line":"your instance."},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"It\u0027s important to note early on that security groups and their quota are"}],"source_content_type":"text/x-rst","patch_set":1,"id":"9f0f60c6_f751af3d","line":12,"range":{"start_line":12,"start_character":76,"end_line":12,"end_character":78},"updated":"2023-12-13 03:45:35.000000000","message":"Should this be \"from\"? Does the outgoing traffic come from the instance?","commit_id":"cef74cbd1087f00ac30ab5ea4ab32836543bbc3f"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"1d90fb07201f7b5c046a67c9bb7c45e846cda25f","unresolved":false,"context_lines":[{"line_number":9,"context_line":""},{"line_number":10,"context_line":"All projects have a ``default`` security group which is applied to any port"},{"line_number":11,"context_line":"that has no other defined security group. Unless you change the default, this"},{"line_number":12,"context_line":"security group denies all incoming traffic and allows only outgoing traffic to"},{"line_number":13,"context_line":"your instance."},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"It\u0027s important to note early on that security groups and their quota are"}],"source_content_type":"text/x-rst","patch_set":1,"id":"01b30f88_6aa586bd","line":12,"range":{"start_line":12,"start_character":76,"end_line":12,"end_character":78},"in_reply_to":"9f0f60c6_f751af3d","updated":"2023-12-13 12:51:10.000000000","message":"It should. Fixed.","commit_id":"cef74cbd1087f00ac30ab5ea4ab32836543bbc3f"},{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"7cc760228531bcd44d0fa25183eed48f0e1c387d","unresolved":true,"context_lines":[{"line_number":14,"context_line":""},{"line_number":15,"context_line":"It\u0027s important to note early on that security groups and their quota are"},{"line_number":16,"context_line":"resources of :neutron-doc:`the networking service, Neutron"},{"line_number":17,"context_line":"\u003c/admin/intro-os-networking.html#security-groups\u003e`. The are modelled as an"},{"line_number":18,"context_line":"attribute of ports rather than servers. With this said, Nova provides utility"},{"line_number":19,"context_line":"APIs that allow users to add and remove security groups from all ports attached"},{"line_number":20,"context_line":"to a server. In addition, it is possible to specify security groups to"}],"source_content_type":"text/x-rst","patch_set":1,"id":"bf1e02f5_dc79938d","line":17,"range":{"start_line":17,"start_character":52,"end_line":17,"end_character":55},"updated":"2023-12-13 03:45:35.000000000","message":"They? These?","commit_id":"cef74cbd1087f00ac30ab5ea4ab32836543bbc3f"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"1d90fb07201f7b5c046a67c9bb7c45e846cda25f","unresolved":false,"context_lines":[{"line_number":14,"context_line":""},{"line_number":15,"context_line":"It\u0027s important to note early on that security groups and their quota are"},{"line_number":16,"context_line":"resources of :neutron-doc:`the networking service, Neutron"},{"line_number":17,"context_line":"\u003c/admin/intro-os-networking.html#security-groups\u003e`. The are modelled as an"},{"line_number":18,"context_line":"attribute of ports rather than servers. With this said, Nova provides utility"},{"line_number":19,"context_line":"APIs that allow users to add and remove security groups from all ports attached"},{"line_number":20,"context_line":"to a server. In addition, it is possible to specify security groups to"}],"source_content_type":"text/x-rst","patch_set":1,"id":"354ac4b0_885bd9e3","line":17,"range":{"start_line":17,"start_character":52,"end_line":17,"end_character":55},"in_reply_to":"bf1e02f5_dc79938d","updated":"2023-12-13 12:51:10.000000000","message":"They. Done","commit_id":"cef74cbd1087f00ac30ab5ea4ab32836543bbc3f"},{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"7cc760228531bcd44d0fa25183eed48f0e1c387d","unresolved":true,"context_lines":[{"line_number":47,"context_line":"    When adding a new security group, you should pick a descriptive but brief"},{"line_number":48,"context_line":"    name. This name shows up in brief descriptions of the servers that use it"},{"line_number":49,"context_line":"    where the longer description field often does not. For example, seeing that"},{"line_number":50,"context_line":"    an server is using security group ``http`` is much easier to understand"},{"line_number":51,"context_line":"    than ``bobs_group`` or ``secgrp1``."},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"Security groups are really only containers for rules. Security group rules"}],"source_content_type":"text/x-rst","patch_set":1,"id":"64f84253_3bad9350","line":50,"range":{"start_line":50,"start_character":4,"end_line":50,"end_character":6},"updated":"2023-12-13 03:45:35.000000000","message":"a","commit_id":"cef74cbd1087f00ac30ab5ea4ab32836543bbc3f"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"1d90fb07201f7b5c046a67c9bb7c45e846cda25f","unresolved":false,"context_lines":[{"line_number":47,"context_line":"    When adding a new security group, you should pick a descriptive but brief"},{"line_number":48,"context_line":"    name. This name shows up in brief descriptions of the servers that use it"},{"line_number":49,"context_line":"    where the longer description field often does not. For example, seeing that"},{"line_number":50,"context_line":"    an server is using security group ``http`` is much easier to understand"},{"line_number":51,"context_line":"    than ``bobs_group`` or ``secgrp1``."},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"Security groups are really only containers for rules. Security group rules"}],"source_content_type":"text/x-rst","patch_set":1,"id":"32d5a540_efeb923f","line":50,"range":{"start_line":50,"start_character":4,"end_line":50,"end_character":6},"in_reply_to":"64f84253_3bad9350","updated":"2023-12-13 12:51:10.000000000","message":"Done","commit_id":"cef74cbd1087f00ac30ab5ea4ab32836543bbc3f"},{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"7cc760228531bcd44d0fa25183eed48f0e1c387d","unresolved":true,"context_lines":[{"line_number":52,"context_line":""},{"line_number":53,"context_line":"Security groups are really only containers for rules. Security group rules"},{"line_number":54,"context_line":"define the actual IP filter rules that will be applied. Security groups deny"},{"line_number":55,"context_line":"everything by default, so rules indicated what is allowed. A security group"},{"line_number":56,"context_line":"rule has a couple of attribute: an IP protocol (one of ICMP, TCP, or UDP), a"},{"line_number":57,"context_line":"destination port or port range, and a remote IP range (in CIDR format). You"},{"line_number":58,"context_line":"create security group rules by specifying these attributes and the security"}],"source_content_type":"text/x-rst","patch_set":1,"id":"fe9d3ca1_f47919e0","line":55,"range":{"start_line":55,"start_character":32,"end_line":55,"end_character":41},"updated":"2023-12-13 03:45:35.000000000","message":"indicate?","commit_id":"cef74cbd1087f00ac30ab5ea4ab32836543bbc3f"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"1d90fb07201f7b5c046a67c9bb7c45e846cda25f","unresolved":false,"context_lines":[{"line_number":52,"context_line":""},{"line_number":53,"context_line":"Security groups are really only containers for rules. Security group rules"},{"line_number":54,"context_line":"define the actual IP filter rules that will be applied. Security groups deny"},{"line_number":55,"context_line":"everything by default, so rules indicated what is allowed. A security group"},{"line_number":56,"context_line":"rule has a couple of attribute: an IP protocol (one of ICMP, TCP, or UDP), a"},{"line_number":57,"context_line":"destination port or port range, and a remote IP range (in CIDR format). You"},{"line_number":58,"context_line":"create security group rules by specifying these attributes and the security"}],"source_content_type":"text/x-rst","patch_set":1,"id":"a5f7ab6a_09b3c53b","line":55,"range":{"start_line":55,"start_character":32,"end_line":55,"end_character":41},"in_reply_to":"fe9d3ca1_f47919e0","updated":"2023-12-13 12:51:10.000000000","message":"Done","commit_id":"cef74cbd1087f00ac30ab5ea4ab32836543bbc3f"},{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"7cc760228531bcd44d0fa25183eed48f0e1c387d","unresolved":true,"context_lines":[{"line_number":53,"context_line":"Security groups are really only containers for rules. Security group rules"},{"line_number":54,"context_line":"define the actual IP filter rules that will be applied. Security groups deny"},{"line_number":55,"context_line":"everything by default, so rules indicated what is allowed. A security group"},{"line_number":56,"context_line":"rule has a couple of attribute: an IP protocol (one of ICMP, TCP, or UDP), a"},{"line_number":57,"context_line":"destination port or port range, and a remote IP range (in CIDR format). You"},{"line_number":58,"context_line":"create security group rules by specifying these attributes and the security"},{"line_number":59,"context_line":"group to which the rules should be added. For example:"}],"source_content_type":"text/x-rst","patch_set":1,"id":"2b650219_a167931a","line":56,"range":{"start_line":56,"start_character":21,"end_line":56,"end_character":30},"updated":"2023-12-13 03:45:35.000000000","message":"attributes","commit_id":"cef74cbd1087f00ac30ab5ea4ab32836543bbc3f"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"1d90fb07201f7b5c046a67c9bb7c45e846cda25f","unresolved":false,"context_lines":[{"line_number":53,"context_line":"Security groups are really only containers for rules. Security group rules"},{"line_number":54,"context_line":"define the actual IP filter rules that will be applied. Security groups deny"},{"line_number":55,"context_line":"everything by default, so rules indicated what is allowed. A security group"},{"line_number":56,"context_line":"rule has a couple of attribute: an IP protocol (one of ICMP, TCP, or UDP), a"},{"line_number":57,"context_line":"destination port or port range, and a remote IP range (in CIDR format). You"},{"line_number":58,"context_line":"create security group rules by specifying these attributes and the security"},{"line_number":59,"context_line":"group to which the rules should be added. For example:"}],"source_content_type":"text/x-rst","patch_set":1,"id":"c88035b5_dc82fb7e","line":56,"range":{"start_line":56,"start_character":21,"end_line":56,"end_character":30},"in_reply_to":"2b650219_a167931a","updated":"2023-12-13 12:51:10.000000000","message":"Done","commit_id":"cef74cbd1087f00ac30ab5ea4ab32836543bbc3f"},{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"7cc760228531bcd44d0fa25183eed48f0e1c387d","unresolved":true,"context_lines":[{"line_number":116,"context_line":""},{"line_number":117,"context_line":".. code-block:: console"},{"line_number":118,"context_line":""},{"line_number":119,"context_line":"    $ openstack security group rule show \u003cgroup\u003e \u003crule\u003e"},{"line_number":120,"context_line":""},{"line_number":121,"context_line":".. rubric:: Port operations"},{"line_number":122,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"b18792e4_4605bcca","line":119,"range":{"start_line":119,"start_character":36,"end_line":119,"end_character":48},"updated":"2023-12-13 03:45:35.000000000","message":"delete?","commit_id":"cef74cbd1087f00ac30ab5ea4ab32836543bbc3f"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"1d90fb07201f7b5c046a67c9bb7c45e846cda25f","unresolved":false,"context_lines":[{"line_number":116,"context_line":""},{"line_number":117,"context_line":".. code-block:: console"},{"line_number":118,"context_line":""},{"line_number":119,"context_line":"    $ openstack security group rule show \u003cgroup\u003e \u003crule\u003e"},{"line_number":120,"context_line":""},{"line_number":121,"context_line":".. rubric:: Port operations"},{"line_number":122,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"72e1444f_7cc80200","line":119,"range":{"start_line":119,"start_character":36,"end_line":119,"end_character":48},"in_reply_to":"b18792e4_4605bcca","updated":"2023-12-13 12:51:10.000000000","message":"Whoops, good spot. Done.","commit_id":"cef74cbd1087f00ac30ab5ea4ab32836543bbc3f"},{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"7cc760228531bcd44d0fa25183eed48f0e1c387d","unresolved":true,"context_lines":[{"line_number":161,"context_line":"basis. When you create a new server, networks can be either automatically"},{"line_number":162,"context_line":"allocated (a feature known as \":neutron-doc:`Get me a network"},{"line_number":163,"context_line":"\u003c/admin/config-auto-allocation.html\u003e`\") or manually configured. In both cases,"},{"line_number":164,"context_line":"attaching a network to server results in the creation of a port. It is possible"},{"line_number":165,"context_line":"to specify one or more security groups to assign to these ports. For example:"},{"line_number":166,"context_line":""},{"line_number":167,"context_line":".. code-block:: console"}],"source_content_type":"text/x-rst","patch_set":1,"id":"b933209e_109145a7","line":164,"range":{"start_line":164,"start_character":23,"end_line":164,"end_character":29},"updated":"2023-12-13 03:45:35.000000000","message":"a server?","commit_id":"cef74cbd1087f00ac30ab5ea4ab32836543bbc3f"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"1d90fb07201f7b5c046a67c9bb7c45e846cda25f","unresolved":false,"context_lines":[{"line_number":161,"context_line":"basis. When you create a new server, networks can be either automatically"},{"line_number":162,"context_line":"allocated (a feature known as \":neutron-doc:`Get me a network"},{"line_number":163,"context_line":"\u003c/admin/config-auto-allocation.html\u003e`\") or manually configured. In both cases,"},{"line_number":164,"context_line":"attaching a network to server results in the creation of a port. It is possible"},{"line_number":165,"context_line":"to specify one or more security groups to assign to these ports. For example:"},{"line_number":166,"context_line":""},{"line_number":167,"context_line":".. code-block:: console"}],"source_content_type":"text/x-rst","patch_set":1,"id":"6ac2a374_34dafe55","line":164,"range":{"start_line":164,"start_character":23,"end_line":164,"end_character":29},"in_reply_to":"b933209e_109145a7","updated":"2023-12-13 12:51:10.000000000","message":"Done","commit_id":"cef74cbd1087f00ac30ab5ea4ab32836543bbc3f"}]}