)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"e0ffdfc10604d3900f52b204d36c5659cf9b4e5a","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":5,"id":"bf8fa733_339d6914","updated":"2024-08-27 15:40:00.000000000","message":"Thanks for pulling the patch into this series. \n\nCould you add some test coverage ensuring that the manila client access right handling functions are using the admin token while the rest of the manila client calls using the user token from the context?","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"6124578c8b4e30b6384ce8bc7b06d8797ddf95b5","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"54fecabf_2121738c","updated":"2024-08-28 13:17:18.000000000","message":"We will need a third core here as I will not be able to +2 this as I wrote the majority of it.","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"cc9210591ac631937fc3acbdf6b6ec05da4268b6","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":5,"id":"74743077_f106322f","in_reply_to":"54fecabf_2121738c","updated":"2024-09-16 13:10:24.000000000","message":"This is still important. We need one more core at least to look at this patch as I was the main author of this.","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"1eb17e795e67f475b675baebfba05f5fb454e1dc","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"ba39dfbf_734e9469","in_reply_to":"bf8fa733_339d6914","updated":"2024-11-19 16:00:45.000000000","message":"Done","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"cc9210591ac631937fc3acbdf6b6ec05da4268b6","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"4273a3d1_c64bdc3e","updated":"2024-09-16 13:10:24.000000000","message":"I have couple of nits","commit_id":"8267bfbe82c859e2cd2277af6582c1daf7fe9e39"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"5fd35430b663967ac41c871ba9ee01b08c72d77e","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"6e47297e_b0263bbd","updated":"2024-09-17 12:05:31.000000000","message":"PS7 is just a rebase so my comments on PS6 are still applicable","commit_id":"f0fb49fe6228f2a118a6bcacf2514e0c253df7f3"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"efbdd3721a9a1fc5a380f43b2f21e1e57960bb31","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"1148ad37_a3f81194","updated":"2024-10-11 11:21:56.000000000","message":"My comments are fixed. Thank. Looks good but I cannot +2 it as I implemented most of the logic.","commit_id":"4ea9bac0daab601f7a1c501170e5268e20a7b02e"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"65aee040833d44e1b6e4d768ca9e3708a0eebded","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":10,"id":"c4e46f39_5aad5daa","updated":"2024-11-13 14:19:04.000000000","message":"I\u0027m in favor of that change, we need it in order to call the Manila API as an user. I usually +1 the series until I\u0027m able to fully review the branch, but here I want to send the clear signal that we can merge that patch.","commit_id":"2ec85ed9e7a114f13e99ef44cb70f38a85d118f6"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"14b5cdd2184c96c2e48d50240458ef7560bd940f","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":10,"id":"b49c5741_52202b4e","updated":"2024-11-05 12:55:43.000000000","message":"no new content since my last review so this still looks OK but I cannot +2 it as I added significant code to this patch. We need an additional core to look at the token forwarding","commit_id":"2ec85ed9e7a114f13e99ef44cb70f38a85d118f6"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"5b3058a89ff7b625cb4c4df06fd39222e6b1ac3a","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"4706fd84_664d36bd","updated":"2024-11-15 14:55:17.000000000","message":"Thanks Sean for checking this. I responded based on our discsusion.","commit_id":"487cf0e8c8ef3c81bc59c1478bae8787744b5025"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"0b59e302be6bffdc887c186b5fe67a89ba8ef3f3","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"04a91c43_e54483e9","updated":"2024-11-15 10:10:02.000000000","message":"The recent change looks good to me. See my inline explanation.","commit_id":"487cf0e8c8ef3c81bc59c1478bae8787744b5025"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"0f31b3db0f95ae0c0286074e40885e8e49500819","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"b03f7e80_6c73c114","updated":"2024-11-15 10:44:20.000000000","message":"Then, I don\u0027t have any concerns.","commit_id":"487cf0e8c8ef3c81bc59c1478bae8787744b5025"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"986f3d3d70f693d409a3f2a30bf4ae5408a03732","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"8cc28234_aabf050a","updated":"2024-11-15 10:45:04.000000000","message":"recheck multi-cell guest kernel panic","commit_id":"487cf0e8c8ef3c81bc59c1478bae8787744b5025"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"7413fd35d510d5ca60ca66a96751ada45e6b7b9c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":12,"id":"bc51a6b3_537d9034","updated":"2024-11-20 15:02:09.000000000","message":"no code change so still looks OK to me.","commit_id":"545dccfa07ef38296f08b71f8a30266c188d816b"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"09fee924658336e8ecf81847e594c8b71a831b02","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":12,"id":"3093efaa_dcb12a8c","updated":"2024-11-20 15:07:17.000000000","message":"the bug i asksed for has been filed so upgradign to +2","commit_id":"545dccfa07ef38296f08b71f8a30266c188d816b"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"ea045e54b5ce96b5189bc4e0769ad7192273d28c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":14,"id":"51ee8458_d9257eeb","updated":"2024-11-22 16:04:48.000000000","message":"conflict resolution looks good to me.","commit_id":"bee0a5c54aed343ae5c11fd5f2adfcd71d30211d"}],"nova/api/openstack/compute/baremetal_nodes.py":[{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"e0ffdfc10604d3900f52b204d36c5659cf9b4e5a","unresolved":true,"context_lines":[{"line_number":56,"context_line":"            # up to handle this and raise VirtDriverNotReady as appropriate."},{"line_number":57,"context_line":"            self._ironic_connection \u003d utils.get_sdk_adapter("},{"line_number":58,"context_line":"                \u0027baremetal\u0027,"},{"line_number":59,"context_line":"                True,"},{"line_number":60,"context_line":"                check_service\u003dTrue,"},{"line_number":61,"context_line":"            )"},{"line_number":62,"context_line":"        return self._ironic_connection"}],"source_content_type":"text/x-python","patch_set":5,"id":"83210692_a833bc26","line":59,"updated":"2024-08-27 15:40:00.000000000","message":"nit: would use kwarg (i.e. admin\u003dTrue) here for readability","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"99f59549adea1c071b5c2d8d604c122b5b8b9ed9","unresolved":false,"context_lines":[{"line_number":56,"context_line":"            # up to handle this and raise VirtDriverNotReady as appropriate."},{"line_number":57,"context_line":"            self._ironic_connection \u003d utils.get_sdk_adapter("},{"line_number":58,"context_line":"                \u0027baremetal\u0027,"},{"line_number":59,"context_line":"                True,"},{"line_number":60,"context_line":"                check_service\u003dTrue,"},{"line_number":61,"context_line":"            )"},{"line_number":62,"context_line":"        return self._ironic_connection"}],"source_content_type":"text/x-python","patch_set":5,"id":"92b693bd_4747904b","line":59,"in_reply_to":"83210692_a833bc26","updated":"2024-09-09 16:11:44.000000000","message":"Done","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"65aee040833d44e1b6e4d768ca9e3708a0eebded","unresolved":false,"context_lines":[{"line_number":56,"context_line":"            # up to handle this and raise VirtDriverNotReady as appropriate."},{"line_number":57,"context_line":"            self._ironic_connection \u003d utils.get_sdk_adapter("},{"line_number":58,"context_line":"                \u0027baremetal\u0027,"},{"line_number":59,"context_line":"                admin\u003dTrue,"},{"line_number":60,"context_line":"                check_service\u003dTrue,"},{"line_number":61,"context_line":"            )"},{"line_number":62,"context_line":"        return self._ironic_connection"}],"source_content_type":"text/x-python","patch_set":10,"id":"b046a189_470156cf","line":59,"updated":"2024-11-13 14:19:04.000000000","message":"this is correct, we need the admin context","commit_id":"2ec85ed9e7a114f13e99ef44cb70f38a85d118f6"}],"nova/cmd/manage.py":[{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"e0ffdfc10604d3900f52b204d36c5659cf9b4e5a","unresolved":true,"context_lines":[{"line_number":3469,"context_line":"        #"},{"line_number":3470,"context_line":"        # The configured user needs \u0027role:admin and system_scope:all\u0027 by"},{"line_number":3471,"context_line":"        # default in order to create limits in Keystone."},{"line_number":3472,"context_line":"        keystone_api \u003d utils.get_sdk_adapter(\u0027identity\u0027, True)"},{"line_number":3473,"context_line":""},{"line_number":3474,"context_line":"        # Service ID is required in unified limits APIs."},{"line_number":3475,"context_line":"        service_id \u003d keystone_api.find_service(\u0027nova\u0027).id"}],"source_content_type":"text/x-python","patch_set":5,"id":"c08e577c_6b2933f2","line":3472,"updated":"2024-08-27 15:40:00.000000000","message":"ditto, I would use admin\u003dTrue for readability","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"99f59549adea1c071b5c2d8d604c122b5b8b9ed9","unresolved":false,"context_lines":[{"line_number":3469,"context_line":"        #"},{"line_number":3470,"context_line":"        # The configured user needs \u0027role:admin and system_scope:all\u0027 by"},{"line_number":3471,"context_line":"        # default in order to create limits in Keystone."},{"line_number":3472,"context_line":"        keystone_api \u003d utils.get_sdk_adapter(\u0027identity\u0027, True)"},{"line_number":3473,"context_line":""},{"line_number":3474,"context_line":"        # Service ID is required in unified limits APIs."},{"line_number":3475,"context_line":"        service_id \u003d keystone_api.find_service(\u0027nova\u0027).id"}],"source_content_type":"text/x-python","patch_set":5,"id":"0d43f043_df7db624","line":3472,"in_reply_to":"c08e577c_6b2933f2","updated":"2024-09-09 16:11:44.000000000","message":"Done","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"65aee040833d44e1b6e4d768ca9e3708a0eebded","unresolved":false,"context_lines":[{"line_number":3475,"context_line":"        #"},{"line_number":3476,"context_line":"        # The configured user needs \u0027role:admin and system_scope:all\u0027 by"},{"line_number":3477,"context_line":"        # default in order to create limits in Keystone."},{"line_number":3478,"context_line":"        keystone_api \u003d utils.get_sdk_adapter(\u0027identity\u0027, admin\u003dTrue)"},{"line_number":3479,"context_line":""},{"line_number":3480,"context_line":"        # Service ID is required in unified limits APIs."},{"line_number":3481,"context_line":"        service_id \u003d keystone_api.find_service(\u0027nova\u0027).id"}],"source_content_type":"text/x-python","patch_set":10,"id":"f48f06ad_4af81886","line":3478,"updated":"2024-11-13 14:19:04.000000000","message":"ditto","commit_id":"2ec85ed9e7a114f13e99ef44cb70f38a85d118f6"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"ea045e54b5ce96b5189bc4e0769ad7192273d28c","unresolved":false,"context_lines":[{"line_number":3753,"context_line":"            conf_utils.register_ksa_opts("},{"line_number":3754,"context_line":"                CONF, \u0027keystone_authtoken\u0027, \u0027identity\u0027)"},{"line_number":3755,"context_line":"        keystone_api \u003d utils.get_sdk_adapter("},{"line_number":3756,"context_line":"            \u0027identity\u0027, admin\u003dTrue, conf_group\u003d\u0027keystone_authtoken\u0027)"},{"line_number":3757,"context_line":"        # Service ID is required in unified limits APIs."},{"line_number":3758,"context_line":"        service_id \u003d keystone_api.find_service(\u0027nova\u0027).id"},{"line_number":3759,"context_line":""}],"source_content_type":"text/x-python","patch_set":14,"id":"923aeb66_3b47d942","line":3756,"updated":"2024-11-22 16:04:48.000000000","message":"++ now we need to pass admin\u003dTrue to keep the behavior intact.","commit_id":"bee0a5c54aed343ae5c11fd5f2adfcd71d30211d"}],"nova/scheduler/client/report.py":[{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"e0ffdfc10604d3900f52b204d36c5659cf9b4e5a","unresolved":true,"context_lines":[{"line_number":274,"context_line":"        \"\"\"Create the HTTP session accessing the placement service.\"\"\""},{"line_number":275,"context_line":"        # Flush provider tree and associations so we start from a clean slate."},{"line_number":276,"context_line":"        self.clear_provider_cache(init\u003dTrue)"},{"line_number":277,"context_line":"        client \u003d self._adapter or utils.get_sdk_adapter(\u0027placement\u0027, True)"},{"line_number":278,"context_line":"        # Set accept header on every request to ensure we notify placement"},{"line_number":279,"context_line":"        # service of our response body media type preferences."},{"line_number":280,"context_line":"        client.additional_headers \u003d {\u0027accept\u0027: \u0027application/json\u0027}"}],"source_content_type":"text/x-python","patch_set":5,"id":"b73febd7_f94ec428","line":277,"updated":"2024-08-27 15:40:00.000000000","message":"admin\u003dTrue for readability","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"99f59549adea1c071b5c2d8d604c122b5b8b9ed9","unresolved":false,"context_lines":[{"line_number":274,"context_line":"        \"\"\"Create the HTTP session accessing the placement service.\"\"\""},{"line_number":275,"context_line":"        # Flush provider tree and associations so we start from a clean slate."},{"line_number":276,"context_line":"        self.clear_provider_cache(init\u003dTrue)"},{"line_number":277,"context_line":"        client \u003d self._adapter or utils.get_sdk_adapter(\u0027placement\u0027, True)"},{"line_number":278,"context_line":"        # Set accept header on every request to ensure we notify placement"},{"line_number":279,"context_line":"        # service of our response body media type preferences."},{"line_number":280,"context_line":"        client.additional_headers \u003d {\u0027accept\u0027: \u0027application/json\u0027}"}],"source_content_type":"text/x-python","patch_set":5,"id":"0264a876_5f4cec63","line":277,"in_reply_to":"b73febd7_f94ec428","updated":"2024-09-09 16:11:44.000000000","message":"Done","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"65aee040833d44e1b6e4d768ca9e3708a0eebded","unresolved":false,"context_lines":[{"line_number":275,"context_line":"        # Flush provider tree and associations so we start from a clean slate."},{"line_number":276,"context_line":"        self.clear_provider_cache(init\u003dTrue)"},{"line_number":277,"context_line":"        client \u003d self._adapter or utils.get_sdk_adapter("},{"line_number":278,"context_line":"            \"placement\", admin\u003dTrue)"},{"line_number":279,"context_line":"        # Set accept header on every request to ensure we notify placement"},{"line_number":280,"context_line":"        # service of our response body media type preferences."},{"line_number":281,"context_line":"        client.additional_headers \u003d {\u0027accept\u0027: \u0027application/json\u0027}"}],"source_content_type":"text/x-python","patch_set":10,"id":"b3a4ff96_c921e30a","line":278,"updated":"2024-11-13 14:19:04.000000000","message":"ditto, we talk to placement with admin rights","commit_id":"2ec85ed9e7a114f13e99ef44cb70f38a85d118f6"}],"nova/share/manila.py":[{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"e0ffdfc10604d3900f52b204d36c5659cf9b4e5a","unresolved":true,"context_lines":[{"line_number":30,"context_line":"MIN_SHARE_FILE_SYSTEM_MICROVERSION \u003d \"2.82\""},{"line_number":31,"context_line":""},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"def _manilaclient(context, admin):"},{"line_number":34,"context_line":"    \"\"\"Constructs a manila client object for making API requests."},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"    :return: An openstack.proxy.Proxy object for the specified service_type."}],"source_content_type":"text/x-python","patch_set":5,"id":"07df2be7_f9938b06","line":33,"updated":"2024-08-27 15:40:00.000000000","message":"we can default admin to False as that is the safest option.","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"464c751e1a6a92e3fe7561f02c42301623f58ddc","unresolved":true,"context_lines":[{"line_number":30,"context_line":"MIN_SHARE_FILE_SYSTEM_MICROVERSION \u003d \"2.82\""},{"line_number":31,"context_line":""},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"def _manilaclient(context, admin):"},{"line_number":34,"context_line":"    \"\"\"Constructs a manila client object for making API requests."},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"    :return: An openstack.proxy.Proxy object for the specified service_type."}],"source_content_type":"text/x-python","patch_set":5,"id":"b9f044ed_c9a48e90","line":33,"in_reply_to":"07df2be7_f9938b06","updated":"2024-08-28 12:26:01.000000000","message":"Totally agree with gibi\u0027s point, only needed calls to admin should br asked. By default, we should call by user.","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"99f59549adea1c071b5c2d8d604c122b5b8b9ed9","unresolved":false,"context_lines":[{"line_number":30,"context_line":"MIN_SHARE_FILE_SYSTEM_MICROVERSION \u003d \"2.82\""},{"line_number":31,"context_line":""},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"def _manilaclient(context, admin):"},{"line_number":34,"context_line":"    \"\"\"Constructs a manila client object for making API requests."},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"    :return: An openstack.proxy.Proxy object for the specified service_type."}],"source_content_type":"text/x-python","patch_set":5,"id":"74238bdb_0e3a5f35","line":33,"in_reply_to":"b9f044ed_c9a48e90","updated":"2024-09-09 16:11:44.000000000","message":"Done","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"e0ffdfc10604d3900f52b204d36c5659cf9b4e5a","unresolved":true,"context_lines":[{"line_number":210,"context_line":"                    paths.append(export_location.path)"},{"line_number":211,"context_line":"            return paths[0]"},{"line_number":212,"context_line":""},{"line_number":213,"context_line":"        client \u003d _manilaclient(context, False)"},{"line_number":214,"context_line":"        LOG.debug(\"Get share id:\u0027%s\u0027 data from manila\", share_id)"},{"line_number":215,"context_line":"        share \u003d client.get_share(share_id)"},{"line_number":216,"context_line":"        export_locations \u003d client.export_locations(share.id)"}],"source_content_type":"text/x-python","patch_set":5,"id":"fd6999d7_501e0a4d","line":213,"updated":"2024-08-27 15:40:00.000000000","message":"either default admin to False and remove the parameter here or use the admin\u003dFalse for readability","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"99f59549adea1c071b5c2d8d604c122b5b8b9ed9","unresolved":false,"context_lines":[{"line_number":210,"context_line":"                    paths.append(export_location.path)"},{"line_number":211,"context_line":"            return paths[0]"},{"line_number":212,"context_line":""},{"line_number":213,"context_line":"        client \u003d _manilaclient(context, False)"},{"line_number":214,"context_line":"        LOG.debug(\"Get share id:\u0027%s\u0027 data from manila\", share_id)"},{"line_number":215,"context_line":"        share \u003d client.get_share(share_id)"},{"line_number":216,"context_line":"        export_locations \u003d client.export_locations(share.id)"}],"source_content_type":"text/x-python","patch_set":5,"id":"8473f7bc_1bfd1d2c","line":213,"in_reply_to":"bbbcbda4_e14f2ae4","updated":"2024-09-09 16:11:44.000000000","message":"Done","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"464c751e1a6a92e3fe7561f02c42301623f58ddc","unresolved":true,"context_lines":[{"line_number":210,"context_line":"                    paths.append(export_location.path)"},{"line_number":211,"context_line":"            return paths[0]"},{"line_number":212,"context_line":""},{"line_number":213,"context_line":"        client \u003d _manilaclient(context, False)"},{"line_number":214,"context_line":"        LOG.debug(\"Get share id:\u0027%s\u0027 data from manila\", share_id)"},{"line_number":215,"context_line":"        share \u003d client.get_share(share_id)"},{"line_number":216,"context_line":"        export_locations \u003d client.export_locations(share.id)"}],"source_content_type":"text/x-python","patch_set":5,"id":"bbbcbda4_e14f2ae4","line":213,"in_reply_to":"fd6999d7_501e0a4d","updated":"2024-08-28 12:26:01.000000000","message":"++","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"e0ffdfc10604d3900f52b204d36c5659cf9b4e5a","unresolved":true,"context_lines":[{"line_number":238,"context_line":""},{"line_number":239,"context_line":"        LOG.debug(\"Get share access id for share id:\u0027%s\u0027\","},{"line_number":240,"context_line":"                  share_id)"},{"line_number":241,"context_line":"        access_list \u003d _manilaclient(context, False).access_rules(share_id)"},{"line_number":242,"context_line":""},{"line_number":243,"context_line":"        for access in access_list:"},{"line_number":244,"context_line":"            if ("}],"source_content_type":"text/x-python","patch_set":5,"id":"b6591a2d_c6ec5260","line":241,"updated":"2024-08-27 15:40:00.000000000","message":"ditto","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"99f59549adea1c071b5c2d8d604c122b5b8b9ed9","unresolved":false,"context_lines":[{"line_number":238,"context_line":""},{"line_number":239,"context_line":"        LOG.debug(\"Get share access id for share id:\u0027%s\u0027\","},{"line_number":240,"context_line":"                  share_id)"},{"line_number":241,"context_line":"        access_list \u003d _manilaclient(context, False).access_rules(share_id)"},{"line_number":242,"context_line":""},{"line_number":243,"context_line":"        for access in access_list:"},{"line_number":244,"context_line":"            if ("}],"source_content_type":"text/x-python","patch_set":5,"id":"50d6fd1b_fffb2232","line":241,"in_reply_to":"b6591a2d_c6ec5260","updated":"2024-09-09 16:11:44.000000000","message":"Done","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"e0ffdfc10604d3900f52b204d36c5659cf9b4e5a","unresolved":true,"context_lines":[{"line_number":281,"context_line":"        LOG.debug(\"Allow host access to share id:\u0027%s\u0027\","},{"line_number":282,"context_line":"                  share_id)"},{"line_number":283,"context_line":""},{"line_number":284,"context_line":"        access \u003d _manilaclient(context, True).create_access_rule("},{"line_number":285,"context_line":"            share_id,"},{"line_number":286,"context_line":"            access_type\u003daccess_type,"},{"line_number":287,"context_line":"            access_to\u003daccess_to,"}],"source_content_type":"text/x-python","patch_set":5,"id":"13cf0ba7_87de327c","line":284,"updated":"2024-08-27 15:40:00.000000000","message":"use admin\u003dTrue for readability","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"99f59549adea1c071b5c2d8d604c122b5b8b9ed9","unresolved":false,"context_lines":[{"line_number":281,"context_line":"        LOG.debug(\"Allow host access to share id:\u0027%s\u0027\","},{"line_number":282,"context_line":"                  share_id)"},{"line_number":283,"context_line":""},{"line_number":284,"context_line":"        access \u003d _manilaclient(context, True).create_access_rule("},{"line_number":285,"context_line":"            share_id,"},{"line_number":286,"context_line":"            access_type\u003daccess_type,"},{"line_number":287,"context_line":"            access_to\u003daccess_to,"}],"source_content_type":"text/x-python","patch_set":5,"id":"505a7f20_99db8946","line":284,"in_reply_to":"13cf0ba7_87de327c","updated":"2024-09-09 16:11:44.000000000","message":"Done","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"e0ffdfc10604d3900f52b204d36c5659cf9b4e5a","unresolved":true,"context_lines":[{"line_number":313,"context_line":"            respond with a status code 202."},{"line_number":314,"context_line":"        \"\"\""},{"line_number":315,"context_line":""},{"line_number":316,"context_line":"        client \u003d _manilaclient(context, True)"},{"line_number":317,"context_line":""},{"line_number":318,"context_line":"        access \u003d self.get_access("},{"line_number":319,"context_line":"            context,"}],"source_content_type":"text/x-python","patch_set":5,"id":"4e403490_9c433bda","line":316,"updated":"2024-08-27 15:40:00.000000000","message":"ditto","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"99f59549adea1c071b5c2d8d604c122b5b8b9ed9","unresolved":false,"context_lines":[{"line_number":313,"context_line":"            respond with a status code 202."},{"line_number":314,"context_line":"        \"\"\""},{"line_number":315,"context_line":""},{"line_number":316,"context_line":"        client \u003d _manilaclient(context, True)"},{"line_number":317,"context_line":""},{"line_number":318,"context_line":"        access \u003d self.get_access("},{"line_number":319,"context_line":"            context,"}],"source_content_type":"text/x-python","patch_set":5,"id":"3dc3c8ac_68914ab8","line":316,"in_reply_to":"4e403490_9c433bda","updated":"2024-09-09 16:11:44.000000000","message":"Done","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"cc9210591ac631937fc3acbdf6b6ec05da4268b6","unresolved":true,"context_lines":[{"line_number":41,"context_line":""},{"line_number":42,"context_line":"    return utils.get_sdk_adapter("},{"line_number":43,"context_line":"        \"shared-file-system\","},{"line_number":44,"context_line":"        admin,"},{"line_number":45,"context_line":"        check_service\u003dTrue,"},{"line_number":46,"context_line":"        context\u003dcontext,"},{"line_number":47,"context_line":"        shared_file_system_api_version\u003dMIN_SHARE_FILE_SYSTEM_MICROVERSION,"}],"source_content_type":"text/x-python","patch_set":6,"id":"141aff7f_d1f636f2","line":44,"updated":"2024-09-16 13:10:24.000000000","message":"admin\u003dadmin (this will help making the mock asserts in the unit test cases more readable)","commit_id":"8267bfbe82c859e2cd2277af6582c1daf7fe9e39"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"e7488d0846b81b35aac4108f91d7231eef15ceb3","unresolved":false,"context_lines":[{"line_number":41,"context_line":""},{"line_number":42,"context_line":"    return utils.get_sdk_adapter("},{"line_number":43,"context_line":"        \"shared-file-system\","},{"line_number":44,"context_line":"        admin,"},{"line_number":45,"context_line":"        check_service\u003dTrue,"},{"line_number":46,"context_line":"        context\u003dcontext,"},{"line_number":47,"context_line":"        shared_file_system_api_version\u003dMIN_SHARE_FILE_SYSTEM_MICROVERSION,"}],"source_content_type":"text/x-python","patch_set":6,"id":"b9666321_71d2ef78","line":44,"in_reply_to":"141aff7f_d1f636f2","updated":"2024-09-23 14:49:34.000000000","message":"Done","commit_id":"8267bfbe82c859e2cd2277af6582c1daf7fe9e39"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"cc9210591ac631937fc3acbdf6b6ec05da4268b6","unresolved":true,"context_lines":[{"line_number":210,"context_line":"                    paths.append(export_location.path)"},{"line_number":211,"context_line":"            return paths[0]"},{"line_number":212,"context_line":""},{"line_number":213,"context_line":"        client \u003d _manilaclient(context, False)"},{"line_number":214,"context_line":"        LOG.debug(\"Get share id:\u0027%s\u0027 data from manila\", share_id)"},{"line_number":215,"context_line":"        share \u003d client.get_share(share_id)"},{"line_number":216,"context_line":"        export_locations \u003d client.export_locations(share.id)"}],"source_content_type":"text/x-python","patch_set":6,"id":"5ecfb4d7_a10ebefe","line":213,"updated":"2024-09-16 13:10:24.000000000","message":"either drop the False parameter (as it is the default), or use kwargs admin\u003dFalse.","commit_id":"8267bfbe82c859e2cd2277af6582c1daf7fe9e39"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"e7488d0846b81b35aac4108f91d7231eef15ceb3","unresolved":false,"context_lines":[{"line_number":210,"context_line":"                    paths.append(export_location.path)"},{"line_number":211,"context_line":"            return paths[0]"},{"line_number":212,"context_line":""},{"line_number":213,"context_line":"        client \u003d _manilaclient(context, False)"},{"line_number":214,"context_line":"        LOG.debug(\"Get share id:\u0027%s\u0027 data from manila\", share_id)"},{"line_number":215,"context_line":"        share \u003d client.get_share(share_id)"},{"line_number":216,"context_line":"        export_locations \u003d client.export_locations(share.id)"}],"source_content_type":"text/x-python","patch_set":6,"id":"34721142_c44c249b","line":213,"in_reply_to":"5ecfb4d7_a10ebefe","updated":"2024-09-23 14:49:34.000000000","message":"Done","commit_id":"8267bfbe82c859e2cd2277af6582c1daf7fe9e39"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"65aee040833d44e1b6e4d768ca9e3708a0eebded","unresolved":false,"context_lines":[{"line_number":239,"context_line":"        LOG.debug(\"Get share access id for share id:\u0027%s\u0027\","},{"line_number":240,"context_line":"                  share_id)"},{"line_number":241,"context_line":"        access_list \u003d _manilaclient("},{"line_number":242,"context_line":"            context, admin\u003dFalse).access_rules(share_id)"},{"line_number":243,"context_line":""},{"line_number":244,"context_line":"        for access in access_list:"},{"line_number":245,"context_line":"            if ("}],"source_content_type":"text/x-python","patch_set":10,"id":"bd2362d9_16ca2861","line":242,"updated":"2024-11-13 14:19:04.000000000","message":"yeah, this is crucial to use the user token here.","commit_id":"2ec85ed9e7a114f13e99ef44cb70f38a85d118f6"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"65aee040833d44e1b6e4d768ca9e3708a0eebded","unresolved":false,"context_lines":[{"line_number":282,"context_line":"        LOG.debug(\"Allow host access to share id:\u0027%s\u0027\","},{"line_number":283,"context_line":"                  share_id)"},{"line_number":284,"context_line":""},{"line_number":285,"context_line":"        access \u003d _manilaclient(context, admin\u003dTrue).create_access_rule("},{"line_number":286,"context_line":"            share_id,"},{"line_number":287,"context_line":"            access_type\u003daccess_type,"},{"line_number":288,"context_line":"            access_to\u003daccess_to,"}],"source_content_type":"text/x-python","patch_set":10,"id":"3fb8e202_8c3698df","line":285,"updated":"2024-11-13 14:19:04.000000000","message":"while here we need to speak as nova","commit_id":"2ec85ed9e7a114f13e99ef44cb70f38a85d118f6"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"65aee040833d44e1b6e4d768ca9e3708a0eebded","unresolved":false,"context_lines":[{"line_number":322,"context_line":"            )"},{"line_number":323,"context_line":""},{"line_number":324,"context_line":"        if access:"},{"line_number":325,"context_line":"            client \u003d _manilaclient(context, admin\u003dTrue)"},{"line_number":326,"context_line":"            LOG.debug(\"Deny host access to share id:\u0027%s\u0027\", share_id)"},{"line_number":327,"context_line":"            resp \u003d client.delete_access_rule(access.id, share_id)"},{"line_number":328,"context_line":"            if resp.status_code !\u003d 202:"}],"source_content_type":"text/x-python","patch_set":10,"id":"0da13401_2af204bc","line":325,"updated":"2024-11-13 14:19:04.000000000","message":"and here too.","commit_id":"2ec85ed9e7a114f13e99ef44cb70f38a85d118f6"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"7ca1508f2dc2323e867a1a84efbf844c5acab378","unresolved":true,"context_lines":[{"line_number":239,"context_line":"        LOG.debug(\"Get share access id for share id:\u0027%s\u0027\","},{"line_number":240,"context_line":"                  share_id)"},{"line_number":241,"context_line":"        access_list \u003d _manilaclient("},{"line_number":242,"context_line":"            context, admin\u003dTrue).access_rules(share_id)"},{"line_number":243,"context_line":""},{"line_number":244,"context_line":"        for access in access_list:"},{"line_number":245,"context_line":"            if ("}],"source_content_type":"text/x-python","patch_set":11,"id":"65aeed03_e0f853b7","line":242,"updated":"2024-11-14 10:44:00.000000000","message":"Hmmm, let\u0027s discuss this now. If we use the nova context, we won\u0027t test whether an user can get an access, right?","commit_id":"487cf0e8c8ef3c81bc59c1478bae8787744b5025"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"09fee924658336e8ecf81847e594c8b71a831b02","unresolved":false,"context_lines":[{"line_number":239,"context_line":"        LOG.debug(\"Get share access id for share id:\u0027%s\u0027\","},{"line_number":240,"context_line":"                  share_id)"},{"line_number":241,"context_line":"        access_list \u003d _manilaclient("},{"line_number":242,"context_line":"            context, admin\u003dTrue).access_rules(share_id)"},{"line_number":243,"context_line":""},{"line_number":244,"context_line":"        for access in access_list:"},{"line_number":245,"context_line":"            if ("}],"source_content_type":"text/x-python","patch_set":11,"id":"2b0a8094_18e0cdf0","line":242,"in_reply_to":"5260af24_ccd5fc02","updated":"2024-11-20 15:07:17.000000000","message":"Acknowledged","commit_id":"487cf0e8c8ef3c81bc59c1478bae8787744b5025"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"0b59e302be6bffdc887c186b5fe67a89ba8ef3f3","unresolved":true,"context_lines":[{"line_number":239,"context_line":"        LOG.debug(\"Get share access id for share id:\u0027%s\u0027\","},{"line_number":240,"context_line":"                  share_id)"},{"line_number":241,"context_line":"        access_list \u003d _manilaclient("},{"line_number":242,"context_line":"            context, admin\u003dTrue).access_rules(share_id)"},{"line_number":243,"context_line":""},{"line_number":244,"context_line":"        for access in access_list:"},{"line_number":245,"context_line":"            if ("}],"source_content_type":"text/x-python","patch_set":11,"id":"b7d786a3_14865e26","line":242,"in_reply_to":"65aeed03_e0f853b7","updated":"2024-11-15 10:10:02.000000000","message":"This is not used for \"getting access to a share\" it is used for \"reading an already created access\". \n\nTo get access to a share nova needs to *create the access\" that is done by `_manilaclient(context, admin\u003dTrue).create_access_rule(` in the allow RPC code path.\n\nNova needs to create the access with the nova service token as that is the only way for nova to atomically lock the access and the underlying share to prevent the deletion of an attaches share. Basically the access to the share is requested for nova not requested for the user owning the share. As it is nova that needs to mount it to the hypervisor, not the user mounts it to some VM. \n\nThe `access_rules` call here reads the list of existing accesses for the share from manila. As the access was created with the nova service token, reading back the same access should also happen with the same token. (I suspect that manila actually too forgiving and shows the access created by nova to the end user as well and this is why we did not detected the issue earlier when get_access was called with the user token during the deny RPC code path)\n\nI think we have two goals with the token handling in this patch series:\n1. The users should not be able to attach a share to their VM if they don\u0027t have access to the share in the first place. I.e. nova should not allow privilege escalation for shares. This is handle by the get() call in this module that always uses the user token. And nova-api use this get() call during attach / detach to ensure the share exists, and visible to the user requesting the attach / detach\n\n2. The user should not be able to delete a share (even its own share) that is attached to an instance as that would pull out the backend under the nova managed VM and lead to data loss and DB inconsistencies. This is achieved by having a nova owned lock on the share. This lock is created by manila as a consequence of the create_access_rule call. That call is using nova\u0027s service token so the access and the related locks are belonging to nova not to the user, so the user cannot delete them.\n\nbottom line: This change is necessary and correct.","commit_id":"487cf0e8c8ef3c81bc59c1478bae8787744b5025"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"11f9ba6bdb8425db12e04f3e3bb03fd93ef9f1ea","unresolved":true,"context_lines":[{"line_number":239,"context_line":"        LOG.debug(\"Get share access id for share id:\u0027%s\u0027\","},{"line_number":240,"context_line":"                  share_id)"},{"line_number":241,"context_line":"        access_list \u003d _manilaclient("},{"line_number":242,"context_line":"            context, admin\u003dTrue).access_rules(share_id)"},{"line_number":243,"context_line":""},{"line_number":244,"context_line":"        for access in access_list:"},{"line_number":245,"context_line":"            if ("}],"source_content_type":"text/x-python","patch_set":11,"id":"5260af24_ccd5fc02","line":242,"in_reply_to":"8fb78cfc_217132c6","updated":"2024-11-15 15:24:05.000000000","message":"as noted elsewher 2 is not quite what i expected form previous dicssion on this topic however i agree that that is workable and that its inlien with the nova spec evien if it does not use the fature that was added in the manila spec so that we did not need to use an admin client.\n\ni dont think the delta in workflow is worth holding this feature so ill upgrade my +1 to a +2 once the bug is filed.","commit_id":"487cf0e8c8ef3c81bc59c1478bae8787744b5025"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"0f31b3db0f95ae0c0286074e40885e8e49500819","unresolved":true,"context_lines":[{"line_number":239,"context_line":"        LOG.debug(\"Get share access id for share id:\u0027%s\u0027\","},{"line_number":240,"context_line":"                  share_id)"},{"line_number":241,"context_line":"        access_list \u003d _manilaclient("},{"line_number":242,"context_line":"            context, admin\u003dTrue).access_rules(share_id)"},{"line_number":243,"context_line":""},{"line_number":244,"context_line":"        for access in access_list:"},{"line_number":245,"context_line":"            if ("}],"source_content_type":"text/x-python","patch_set":11,"id":"8fb78cfc_217132c6","line":242,"in_reply_to":"b7d786a3_14865e26","updated":"2024-11-15 10:44:20.000000000","message":"Oh, I see, I won\u0027t paraphrase you but I see the difference : this is not a call for the user asking to get a share, but rather a call for nova saying I want to read the access list.\n\nOK OK, then I\u0027m OK with this change.","commit_id":"487cf0e8c8ef3c81bc59c1478bae8787744b5025"}],"nova/tests/unit/test_manila.py":[{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"464c751e1a6a92e3fe7561f02c42301623f58ddc","unresolved":true,"context_lines":[{"line_number":225,"context_line":"        return FakeConnection()"},{"line_number":226,"context_line":""},{"line_number":227,"context_line":"    def create_client(self, context):"},{"line_number":228,"context_line":"        return manila._manilaclient(context, False)"},{"line_number":229,"context_line":""},{"line_number":230,"context_line":"    def test_client(self):"},{"line_number":231,"context_line":"        client \u003d self.create_client(self.context)"}],"source_content_type":"text/x-python","patch_set":5,"id":"fb9d2887_ddabf87a","line":228,"range":{"start_line":228,"start_character":43,"end_line":228,"end_character":51},"updated":"2024-08-28 12:26:01.000000000","message":"here, indeed, this is weird, I prefer to use False by default.","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"e7488d0846b81b35aac4108f91d7231eef15ceb3","unresolved":false,"context_lines":[{"line_number":225,"context_line":"        return FakeConnection()"},{"line_number":226,"context_line":""},{"line_number":227,"context_line":"    def create_client(self, context):"},{"line_number":228,"context_line":"        return manila._manilaclient(context, False)"},{"line_number":229,"context_line":""},{"line_number":230,"context_line":"    def test_client(self):"},{"line_number":231,"context_line":"        client \u003d self.create_client(self.context)"}],"source_content_type":"text/x-python","patch_set":5,"id":"ec932d4a_2903f423","line":228,"range":{"start_line":228,"start_character":43,"end_line":228,"end_character":51},"in_reply_to":"fb9d2887_ddabf87a","updated":"2024-09-23 14:49:34.000000000","message":"Done","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"cc9210591ac631937fc3acbdf6b6ec05da4268b6","unresolved":true,"context_lines":[{"line_number":235,"context_line":"        self.assertTrue(hasattr(client, \u0027delete_access_rule\u0027))"},{"line_number":236,"context_line":"        mock_get_sdk_adapter.assert_called_once_with("},{"line_number":237,"context_line":"            \"shared-file-system\","},{"line_number":238,"context_line":"            False,"},{"line_number":239,"context_line":"            check_service\u003dTrue,"},{"line_number":240,"context_line":"            context\u003dself.context,"},{"line_number":241,"context_line":"            shared_file_system_api_version\u003d\"2.82\","}],"source_content_type":"text/x-python","patch_set":6,"id":"a6600482_8d571135","line":238,"updated":"2024-09-16 13:10:24.000000000","message":"admin\u003dFalse","commit_id":"8267bfbe82c859e2cd2277af6582c1daf7fe9e39"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"e7488d0846b81b35aac4108f91d7231eef15ceb3","unresolved":false,"context_lines":[{"line_number":235,"context_line":"        self.assertTrue(hasattr(client, \u0027delete_access_rule\u0027))"},{"line_number":236,"context_line":"        mock_get_sdk_adapter.assert_called_once_with("},{"line_number":237,"context_line":"            \"shared-file-system\","},{"line_number":238,"context_line":"            False,"},{"line_number":239,"context_line":"            check_service\u003dTrue,"},{"line_number":240,"context_line":"            context\u003dself.context,"},{"line_number":241,"context_line":"            shared_file_system_api_version\u003d\"2.82\","}],"source_content_type":"text/x-python","patch_set":6,"id":"9e3ff01a_ae354698","line":238,"in_reply_to":"a6600482_8d571135","updated":"2024-09-23 14:49:34.000000000","message":"Done","commit_id":"8267bfbe82c859e2cd2277af6582c1daf7fe9e39"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"cc9210591ac631937fc3acbdf6b6ec05da4268b6","unresolved":true,"context_lines":[{"line_number":279,"context_line":"        share \u003d self.api.get(self.context, \u00271234\u0027)"},{"line_number":280,"context_line":"        mock_get_sdk_adapter.assert_called_once_with("},{"line_number":281,"context_line":"            \"shared-file-system\","},{"line_number":282,"context_line":"            False,"},{"line_number":283,"context_line":"            check_service\u003dTrue,"},{"line_number":284,"context_line":"            context\u003dself.context,"},{"line_number":285,"context_line":"            shared_file_system_api_version\u003d\"2.82\","}],"source_content_type":"text/x-python","patch_set":6,"id":"8b00676c_fb999dea","line":282,"updated":"2024-09-16 13:10:24.000000000","message":"admin\u003dFalse","commit_id":"8267bfbe82c859e2cd2277af6582c1daf7fe9e39"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"e7488d0846b81b35aac4108f91d7231eef15ceb3","unresolved":false,"context_lines":[{"line_number":279,"context_line":"        share \u003d self.api.get(self.context, \u00271234\u0027)"},{"line_number":280,"context_line":"        mock_get_sdk_adapter.assert_called_once_with("},{"line_number":281,"context_line":"            \"shared-file-system\","},{"line_number":282,"context_line":"            False,"},{"line_number":283,"context_line":"            check_service\u003dTrue,"},{"line_number":284,"context_line":"            context\u003dself.context,"},{"line_number":285,"context_line":"            shared_file_system_api_version\u003d\"2.82\","}],"source_content_type":"text/x-python","patch_set":6,"id":"6f5b10d5_05512b9a","line":282,"in_reply_to":"8b00676c_fb999dea","updated":"2024-09-23 14:49:34.000000000","message":"Done","commit_id":"8267bfbe82c859e2cd2277af6582c1daf7fe9e39"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"cc9210591ac631937fc3acbdf6b6ec05da4268b6","unresolved":true,"context_lines":[{"line_number":348,"context_line":"        access \u003d self.api.get_access(self.context, \u00271234\u0027, \u0027ip\u0027, \u00270.0.0.0/0\u0027)"},{"line_number":349,"context_line":"        mock_get_sdk_adapter.assert_called_once_with("},{"line_number":350,"context_line":"            \"shared-file-system\","},{"line_number":351,"context_line":"            False,"},{"line_number":352,"context_line":"            check_service\u003dTrue,"},{"line_number":353,"context_line":"            context\u003dself.context,"},{"line_number":354,"context_line":"            shared_file_system_api_version\u003d\"2.82\","}],"source_content_type":"text/x-python","patch_set":6,"id":"9035733e_817b4ed3","line":351,"updated":"2024-09-16 13:10:24.000000000","message":"ditto","commit_id":"8267bfbe82c859e2cd2277af6582c1daf7fe9e39"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"e7488d0846b81b35aac4108f91d7231eef15ceb3","unresolved":false,"context_lines":[{"line_number":348,"context_line":"        access \u003d self.api.get_access(self.context, \u00271234\u0027, \u0027ip\u0027, \u00270.0.0.0/0\u0027)"},{"line_number":349,"context_line":"        mock_get_sdk_adapter.assert_called_once_with("},{"line_number":350,"context_line":"            \"shared-file-system\","},{"line_number":351,"context_line":"            False,"},{"line_number":352,"context_line":"            check_service\u003dTrue,"},{"line_number":353,"context_line":"            context\u003dself.context,"},{"line_number":354,"context_line":"            shared_file_system_api_version\u003d\"2.82\","}],"source_content_type":"text/x-python","patch_set":6,"id":"c87d6ea3_1b840ce9","line":351,"in_reply_to":"9035733e_817b4ed3","updated":"2024-09-23 14:49:34.000000000","message":"Done","commit_id":"8267bfbe82c859e2cd2277af6582c1daf7fe9e39"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"cc9210591ac631937fc3acbdf6b6ec05da4268b6","unresolved":true,"context_lines":[{"line_number":394,"context_line":"        access \u003d self.api.allow(self.context, \u00271234\u0027, \u0027ip\u0027, \u00270.0.0.0/0\u0027, \u0027rw\u0027)"},{"line_number":395,"context_line":"        mock_get_sdk_adapter.assert_called_once_with("},{"line_number":396,"context_line":"            \"shared-file-system\","},{"line_number":397,"context_line":"            True,"},{"line_number":398,"context_line":"            check_service\u003dTrue,"},{"line_number":399,"context_line":"            context\u003dself.context,"},{"line_number":400,"context_line":"            shared_file_system_api_version\u003d\"2.82\","}],"source_content_type":"text/x-python","patch_set":6,"id":"4a69ef91_b6e0673f","line":397,"updated":"2024-09-16 13:10:24.000000000","message":"admin\u003dTrue","commit_id":"8267bfbe82c859e2cd2277af6582c1daf7fe9e39"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"e7488d0846b81b35aac4108f91d7231eef15ceb3","unresolved":false,"context_lines":[{"line_number":394,"context_line":"        access \u003d self.api.allow(self.context, \u00271234\u0027, \u0027ip\u0027, \u00270.0.0.0/0\u0027, \u0027rw\u0027)"},{"line_number":395,"context_line":"        mock_get_sdk_adapter.assert_called_once_with("},{"line_number":396,"context_line":"            \"shared-file-system\","},{"line_number":397,"context_line":"            True,"},{"line_number":398,"context_line":"            check_service\u003dTrue,"},{"line_number":399,"context_line":"            context\u003dself.context,"},{"line_number":400,"context_line":"            shared_file_system_api_version\u003d\"2.82\","}],"source_content_type":"text/x-python","patch_set":6,"id":"9220444d_3ec9bd85","line":397,"in_reply_to":"4a69ef91_b6e0673f","updated":"2024-09-23 14:49:34.000000000","message":"Done","commit_id":"8267bfbe82c859e2cd2277af6582c1daf7fe9e39"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"cc9210591ac631937fc3acbdf6b6ec05da4268b6","unresolved":true,"context_lines":[{"line_number":451,"context_line":"            \u00270.0.0.0/0\u0027"},{"line_number":452,"context_line":"        )"},{"line_number":453,"context_line":"        self.assertEqual(2, mock_get_sdk_adapter.call_count)"},{"line_number":454,"context_line":""},{"line_number":455,"context_line":"        for i in range(0, mock_get_sdk_adapter.call_count):"},{"line_number":456,"context_line":"            admin \u003d False if i \u003d\u003d 0 else True"},{"line_number":457,"context_line":"            self.assertEqual("},{"line_number":458,"context_line":"                mock_get_sdk_adapter.call_args_list[i].args,"},{"line_number":459,"context_line":"                ("}],"source_content_type":"text/x-python","patch_set":6,"id":"0eae0bd6_d9fafeca","line":456,"range":{"start_line":454,"start_character":0,"end_line":456,"end_character":45},"updated":"2024-09-16 13:10:24.000000000","message":"I suggest to unroll the loop for readability instead","commit_id":"8267bfbe82c859e2cd2277af6582c1daf7fe9e39"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"e7488d0846b81b35aac4108f91d7231eef15ceb3","unresolved":false,"context_lines":[{"line_number":451,"context_line":"            \u00270.0.0.0/0\u0027"},{"line_number":452,"context_line":"        )"},{"line_number":453,"context_line":"        self.assertEqual(2, mock_get_sdk_adapter.call_count)"},{"line_number":454,"context_line":""},{"line_number":455,"context_line":"        for i in range(0, mock_get_sdk_adapter.call_count):"},{"line_number":456,"context_line":"            admin \u003d False if i \u003d\u003d 0 else True"},{"line_number":457,"context_line":"            self.assertEqual("},{"line_number":458,"context_line":"                mock_get_sdk_adapter.call_args_list[i].args,"},{"line_number":459,"context_line":"                ("}],"source_content_type":"text/x-python","patch_set":6,"id":"d39fe847_b4abfd02","line":456,"range":{"start_line":454,"start_character":0,"end_line":456,"end_character":45},"in_reply_to":"0eae0bd6_d9fafeca","updated":"2024-09-23 14:49:34.000000000","message":"Done","commit_id":"8267bfbe82c859e2cd2277af6582c1daf7fe9e39"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"11f9ba6bdb8425db12e04f3e3bb03fd93ef9f1ea","unresolved":true,"context_lines":[{"line_number":158,"context_line":"        self.mock_get_confgrp \u003d self.useFixture(fixtures.MockPatch("},{"line_number":159,"context_line":"            \u0027nova.utils._get_conf_group\u0027)).mock"},{"line_number":160,"context_line":""},{"line_number":161,"context_line":"        self.mock_ks_loading \u003d self.useFixture("},{"line_number":162,"context_line":"            fixtures.MockPatchObject(ks_loading, \u0027load_auth_from_conf_options\u0027)"},{"line_number":163,"context_line":"        ).mock"},{"line_number":164,"context_line":""}],"source_content_type":"text/x-python","patch_set":11,"id":"c567fe1c_a509a0f6","line":161,"updated":"2024-11-15 15:24:05.000000000","message":"nit: we seem to be mocking this but not actually using self.mock_ks_loading in the tests below.\n\nso we don\u0027t technically need to assign this but perhaps that is used in later patches so this is just an observation.\nno need to change anything because of this comment.","commit_id":"487cf0e8c8ef3c81bc59c1478bae8787744b5025"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"09fee924658336e8ecf81847e594c8b71a831b02","unresolved":false,"context_lines":[{"line_number":158,"context_line":"        self.mock_get_confgrp \u003d self.useFixture(fixtures.MockPatch("},{"line_number":159,"context_line":"            \u0027nova.utils._get_conf_group\u0027)).mock"},{"line_number":160,"context_line":""},{"line_number":161,"context_line":"        self.mock_ks_loading \u003d self.useFixture("},{"line_number":162,"context_line":"            fixtures.MockPatchObject(ks_loading, \u0027load_auth_from_conf_options\u0027)"},{"line_number":163,"context_line":"        ).mock"},{"line_number":164,"context_line":""}],"source_content_type":"text/x-python","patch_set":11,"id":"571a3635_f9ed3822","line":161,"in_reply_to":"c567fe1c_a509a0f6","updated":"2024-11-20 15:07:17.000000000","message":"Acknowledged","commit_id":"487cf0e8c8ef3c81bc59c1478bae8787744b5025"}],"nova/tests/unit/test_utils.py":[{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"e0ffdfc10604d3900f52b204d36c5659cf9b4e5a","unresolved":true,"context_lines":[{"line_number":1192,"context_line":""},{"line_number":1193,"context_line":"    def test_get_sdk_adapter(self):"},{"line_number":1194,"context_line":"        self.assertEqual("},{"line_number":1195,"context_line":"            self._test_get_sdk_adapter(True), mock.sentinel.proxy"},{"line_number":1196,"context_line":"        )"},{"line_number":1197,"context_line":""},{"line_number":1198,"context_line":"    def test_get_sdk_adapter_strict(self):"}],"source_content_type":"text/x-python","patch_set":5,"id":"e4405f3d_c6e6a44d","line":1195,"updated":"2024-08-27 15:40:00.000000000","message":"I would use admin\u003dTrue here and below for readability","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"99f59549adea1c071b5c2d8d604c122b5b8b9ed9","unresolved":false,"context_lines":[{"line_number":1192,"context_line":""},{"line_number":1193,"context_line":"    def test_get_sdk_adapter(self):"},{"line_number":1194,"context_line":"        self.assertEqual("},{"line_number":1195,"context_line":"            self._test_get_sdk_adapter(True), mock.sentinel.proxy"},{"line_number":1196,"context_line":"        )"},{"line_number":1197,"context_line":""},{"line_number":1198,"context_line":"    def test_get_sdk_adapter_strict(self):"}],"source_content_type":"text/x-python","patch_set":5,"id":"469495aa_9e140aae","line":1195,"in_reply_to":"e4405f3d_c6e6a44d","updated":"2024-09-09 16:11:44.000000000","message":"Done","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"}],"nova/utils.py":[{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"464c751e1a6a92e3fe7561f02c42301623f58ddc","unresolved":true,"context_lines":[{"line_number":981,"context_line":"                  and password; otherwise, it will use the user\u0027s token."},{"line_number":982,"context_line":"    :param check_service: If True, we will query the endpoint to make sure the"},{"line_number":983,"context_line":"            service is alive, raising ServiceUnavailable if it is not."},{"line_number":984,"context_line":"    :param context: Use to get user\u0027s token, if admin is set to False."},{"line_number":985,"context_line":"    :param kwargs: Additional arguments to pass to the Adapter constructor."},{"line_number":986,"context_line":"                   Mainly used to pass microversion to a specific service,"},{"line_number":987,"context_line":"                   e.g. shared_file_system_api_version\u003d\"2.82\"."}],"source_content_type":"text/x-python","patch_set":5,"id":"36f0a478_111f51c6","line":984,"updated":"2024-08-28 12:26:01.000000000","message":"I wonder, but I hate this proposal : if we only add one parameter, which would be context, then we could say \"if no user context is passed, then we\u0027ll call as admin\".\n\nThis is quite of a security point so I could understand to provide a specific other parameter called \u0027admin\u0027 for that but then it would need admin\u003dFalse by default IMHO.","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"6124578c8b4e30b6384ce8bc7b06d8797ddf95b5","unresolved":true,"context_lines":[{"line_number":981,"context_line":"                  and password; otherwise, it will use the user\u0027s token."},{"line_number":982,"context_line":"    :param check_service: If True, we will query the endpoint to make sure the"},{"line_number":983,"context_line":"            service is alive, raising ServiceUnavailable if it is not."},{"line_number":984,"context_line":"    :param context: Use to get user\u0027s token, if admin is set to False."},{"line_number":985,"context_line":"    :param kwargs: Additional arguments to pass to the Adapter constructor."},{"line_number":986,"context_line":"                   Mainly used to pass microversion to a specific service,"},{"line_number":987,"context_line":"                   e.g. shared_file_system_api_version\u003d\"2.82\"."}],"source_content_type":"text/x-python","patch_set":5,"id":"b95586b4_86fd9705","line":984,"in_reply_to":"36f0a478_111f51c6","updated":"2024-08-28 13:17:18.000000000","message":"yes I would like to have admin param passed explicitly to avoid the case when unintentionally a context is not passed and therefore we default to an admin client.","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"65aee040833d44e1b6e4d768ca9e3708a0eebded","unresolved":false,"context_lines":[{"line_number":981,"context_line":"                  and password; otherwise, it will use the user\u0027s token."},{"line_number":982,"context_line":"    :param check_service: If True, we will query the endpoint to make sure the"},{"line_number":983,"context_line":"            service is alive, raising ServiceUnavailable if it is not."},{"line_number":984,"context_line":"    :param context: Use to get user\u0027s token, if admin is set to False."},{"line_number":985,"context_line":"    :param kwargs: Additional arguments to pass to the Adapter constructor."},{"line_number":986,"context_line":"                   Mainly used to pass microversion to a specific service,"},{"line_number":987,"context_line":"                   e.g. shared_file_system_api_version\u003d\"2.82\"."}],"source_content_type":"text/x-python","patch_set":5,"id":"7982eb7b_b0c96237","line":984,"in_reply_to":"b95586b4_86fd9705","updated":"2024-11-13 14:19:04.000000000","message":"we eventually agreed on that approach, closing the comment","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"d19ec82de9e07618f9f6f0255e1bb891cc85ede6","unresolved":true,"context_lines":[{"line_number":1013,"context_line":"                service_types\u003d{service_type},"},{"line_number":1014,"context_line":"                strict_proxies\u003dcheck_service,"},{"line_number":1015,"context_line":"                **kwargs,"},{"line_number":1016,"context_line":"            )"},{"line_number":1017,"context_line":"        else:"},{"line_number":1018,"context_line":"            # Create a connection based on nova\u0027s service user/pass"},{"line_number":1019,"context_line":"            sess \u003d _get_auth_and_session(confgrp)[1]"}],"source_content_type":"text/x-python","patch_set":11,"id":"70fdc461_d0ca71fa","line":1016,"updated":"2024-11-15 14:24:38.000000000","message":"does this ensure the session has teh service token in additon to the user token.\n\nwe should be passing both.","commit_id":"487cf0e8c8ef3c81bc59c1478bae8787744b5025"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"7413fd35d510d5ca60ca66a96751ada45e6b7b9c","unresolved":true,"context_lines":[{"line_number":1013,"context_line":"                service_types\u003d{service_type},"},{"line_number":1014,"context_line":"                strict_proxies\u003dcheck_service,"},{"line_number":1015,"context_line":"                **kwargs,"},{"line_number":1016,"context_line":"            )"},{"line_number":1017,"context_line":"        else:"},{"line_number":1018,"context_line":"            # Create a connection based on nova\u0027s service user/pass"},{"line_number":1019,"context_line":"            sess \u003d _get_auth_and_session(confgrp)[1]"}],"source_content_type":"text/x-python","patch_set":11,"id":"d1da2ddd_3f46d798","line":1016,"in_reply_to":"69bc7aa1_0fa007a9","updated":"2024-11-20 15:02:09.000000000","message":"Bug is reported https://bugs.launchpad.net/nova/+bug/2089030 and mentioned as a known issue in the doc https://review.opendev.org/c/openstack/nova/+/871642/49/doc/source/admin/manage-shares.rst#102\n\n@smooney@redhat.com as far as understand this allows you to upgrade your vote to +2","commit_id":"487cf0e8c8ef3c81bc59c1478bae8787744b5025"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"11f9ba6bdb8425db12e04f3e3bb03fd93ef9f1ea","unresolved":true,"context_lines":[{"line_number":1013,"context_line":"                service_types\u003d{service_type},"},{"line_number":1014,"context_line":"                strict_proxies\u003dcheck_service,"},{"line_number":1015,"context_line":"                **kwargs,"},{"line_number":1016,"context_line":"            )"},{"line_number":1017,"context_line":"        else:"},{"line_number":1018,"context_line":"            # Create a connection based on nova\u0027s service user/pass"},{"line_number":1019,"context_line":"            sess \u003d _get_auth_and_session(confgrp)[1]"}],"source_content_type":"text/x-python","patch_set":11,"id":"69bc7aa1_0fa007a9","line":1016,"in_reply_to":"6dfe079c_9942011f","updated":"2024-11-15 15:24:05.000000000","message":"given there is still an open question on how to use the service token header with the sdk\n\nand that we can reasonable refactor this in the future i agre with gibi that this is not a blocker to proceed.\n\nif we can file a bug to move to using the user\u0027s token + the service token instead of the admin branch below im ok with moving forward with the current design.\n\nThe bug should be against both Nova and the SDK, curently im not aware of any documenation on there side with regard to how to do this properly and it might need code chagnes if they dont have this supprot aready. This general pattern is a blocker for us to use the SDK to talk to Cinder to manage attachments and for the SRBAC goal of moving all inter-service calls to depend on the service role instead of admin.\n\nin the cidner case we do not allow admins to delete a cinder attachmetn for a volume attached to a nova insntance without the service token also being present on security gounds. as long as we cant supprot that with the sdk we will be stuch suing cidner client. \n\ni misunderstood that that is what gibi was trying to address with this patch originally hence my question. I asked for this to be in the spec in the past but it looks like we did not incorporate it so I\u0027ll consider this refactor to be out of scope for Epxoy based on that.","commit_id":"487cf0e8c8ef3c81bc59c1478bae8787744b5025"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"5b3058a89ff7b625cb4c4df06fd39222e6b1ac3a","unresolved":true,"context_lines":[{"line_number":1013,"context_line":"                service_types\u003d{service_type},"},{"line_number":1014,"context_line":"                strict_proxies\u003dcheck_service,"},{"line_number":1015,"context_line":"                **kwargs,"},{"line_number":1016,"context_line":"            )"},{"line_number":1017,"context_line":"        else:"},{"line_number":1018,"context_line":"            # Create a connection based on nova\u0027s service user/pass"},{"line_number":1019,"context_line":"            sess \u003d _get_auth_and_session(confgrp)[1]"}],"source_content_type":"text/x-python","patch_set":11,"id":"6dfe079c_9942011f","line":1016,"in_reply_to":"70fdc461_d0ca71fa","updated":"2024-11-15 14:55:17.000000000","message":"As far as I understand this only passes nova\u0027s sevice token and the else branch passes the user\u0027s token only.\n\nAfter discussing this with Sean I understood two possible issues that the two token solution resolves:\n* the users token expires while nova tries to use that for manila requests. This does not affect the virtiofs series as the only place where nova uses the user\u0027s token is in the nova-api to reading the share from manila, if the token expires there then the client get a synchronous error from the api and can retry the attach  / detach requests\n* if nova does not send the user\u0027s token along with nova\u0027s service token then during access creation manila will only see nova as the requestor and the audit trail log will not contain that nova acts on manila due to a user request. This is a real limitation of the current impl. @rene.ribaud@gmail.com please file tracker bug on this and add it to the known issue section of the doc. I don\u0027t consider this as a blocker for the series as it does not cause a security leak or a visible error.\n\n[1]https://github.com/openstack/manila-specs/blob/master/specs/bobcat/allow-locking-shares-against-deletion.rst?plain\u003d1#L76","commit_id":"487cf0e8c8ef3c81bc59c1478bae8787744b5025"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"09fee924658336e8ecf81847e594c8b71a831b02","unresolved":false,"context_lines":[{"line_number":1013,"context_line":"                service_types\u003d{service_type},"},{"line_number":1014,"context_line":"                strict_proxies\u003dcheck_service,"},{"line_number":1015,"context_line":"                **kwargs,"},{"line_number":1016,"context_line":"            )"},{"line_number":1017,"context_line":"        else:"},{"line_number":1018,"context_line":"            # Create a connection based on nova\u0027s service user/pass"},{"line_number":1019,"context_line":"            sess \u003d _get_auth_and_session(confgrp)[1]"}],"source_content_type":"text/x-python","patch_set":11,"id":"105fb722_51574506","line":1016,"in_reply_to":"d1da2ddd_3f46d798","updated":"2024-11-20 15:07:17.000000000","message":"yep thanks for the ping.","commit_id":"487cf0e8c8ef3c81bc59c1478bae8787744b5025"}],"nova/virt/ironic/driver.py":[{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"e0ffdfc10604d3900f52b204d36c5659cf9b4e5a","unresolved":true,"context_lines":[{"line_number":197,"context_line":"            # service isn\u0027t ready yet. Consumers of ironic_connection are set"},{"line_number":198,"context_line":"            # up to handle this and raise VirtDriverNotReady as appropriate."},{"line_number":199,"context_line":"            self._ironic_connection \u003d utils.get_sdk_adapter("},{"line_number":200,"context_line":"                \u0027baremetal\u0027, True, check_service\u003dTrue)"},{"line_number":201,"context_line":"        return self._ironic_connection"},{"line_number":202,"context_line":""},{"line_number":203,"context_line":"    def _get_node(self, node_id):"}],"source_content_type":"text/x-python","patch_set":5,"id":"babc3642_fc329a15","line":200,"updated":"2024-08-27 15:40:00.000000000","message":"admin\u003dTrue","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"99f59549adea1c071b5c2d8d604c122b5b8b9ed9","unresolved":false,"context_lines":[{"line_number":197,"context_line":"            # service isn\u0027t ready yet. Consumers of ironic_connection are set"},{"line_number":198,"context_line":"            # up to handle this and raise VirtDriverNotReady as appropriate."},{"line_number":199,"context_line":"            self._ironic_connection \u003d utils.get_sdk_adapter("},{"line_number":200,"context_line":"                \u0027baremetal\u0027, True, check_service\u003dTrue)"},{"line_number":201,"context_line":"        return self._ironic_connection"},{"line_number":202,"context_line":""},{"line_number":203,"context_line":"    def _get_node(self, node_id):"}],"source_content_type":"text/x-python","patch_set":5,"id":"48ac923a_15a443ca","line":200,"in_reply_to":"babc3642_fc329a15","updated":"2024-09-09 16:11:44.000000000","message":"Done","commit_id":"bed2934002445e34cb75d06f8a12e6af8e6fd98c"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"cc9210591ac631937fc3acbdf6b6ec05da4268b6","unresolved":true,"context_lines":[{"line_number":198,"context_line":"            # service isn\u0027t ready yet. Consumers of ironic_connection are set"},{"line_number":199,"context_line":"            # up to handle this and raise VirtDriverNotReady as appropriate."},{"line_number":200,"context_line":"            self._ironic_connection \u003d utils.get_sdk_adapter("},{"line_number":201,"context_line":"                \u0027baremetal\u0027, True, check_service\u003dTrue)"},{"line_number":202,"context_line":"        return self._ironic_connection"},{"line_number":203,"context_line":""},{"line_number":204,"context_line":"    def _get_node(self, node_id):"}],"source_content_type":"text/x-python","patch_set":6,"id":"b823edd6_fea07c9b","line":201,"updated":"2024-09-16 13:10:24.000000000","message":"please use admin\u003dTrue","commit_id":"8267bfbe82c859e2cd2277af6582c1daf7fe9e39"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"e7488d0846b81b35aac4108f91d7231eef15ceb3","unresolved":false,"context_lines":[{"line_number":198,"context_line":"            # service isn\u0027t ready yet. Consumers of ironic_connection are set"},{"line_number":199,"context_line":"            # up to handle this and raise VirtDriverNotReady as appropriate."},{"line_number":200,"context_line":"            self._ironic_connection \u003d utils.get_sdk_adapter("},{"line_number":201,"context_line":"                \u0027baremetal\u0027, True, check_service\u003dTrue)"},{"line_number":202,"context_line":"        return self._ironic_connection"},{"line_number":203,"context_line":""},{"line_number":204,"context_line":"    def _get_node(self, node_id):"}],"source_content_type":"text/x-python","patch_set":6,"id":"fcc7b70f_94280cc8","line":201,"in_reply_to":"b823edd6_fea07c9b","updated":"2024-09-23 14:49:34.000000000","message":"Done","commit_id":"8267bfbe82c859e2cd2277af6582c1daf7fe9e39"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"65aee040833d44e1b6e4d768ca9e3708a0eebded","unresolved":false,"context_lines":[{"line_number":198,"context_line":"            # service isn\u0027t ready yet. Consumers of ironic_connection are set"},{"line_number":199,"context_line":"            # up to handle this and raise VirtDriverNotReady as appropriate."},{"line_number":200,"context_line":"            self._ironic_connection \u003d utils.get_sdk_adapter("},{"line_number":201,"context_line":"                \u0027baremetal\u0027, admin\u003dTrue, check_service\u003dTrue)"},{"line_number":202,"context_line":"        return self._ironic_connection"},{"line_number":203,"context_line":""},{"line_number":204,"context_line":"    def _get_node(self, node_id):"}],"source_content_type":"text/x-python","patch_set":10,"id":"dccdc873_4244b3aa","line":201,"updated":"2024-11-13 14:19:04.000000000","message":"yup, this is the service token, not the user token","commit_id":"2ec85ed9e7a114f13e99ef44cb70f38a85d118f6"}]}