)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"117fee5e922c4a196408201481d291ae51b67bd6","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"835e8768_a02b4122","updated":"2025-02-14 18:35:45.000000000","message":"recheck deps updated","commit_id":"a6af1b9bc5f90313722bdf4c7d38fe36a4cbb76d"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"ba84a6d3609240359e2277f1dbe4f6b9636dff65","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"7351b8cf_ea69d8a4","updated":"2025-02-15 00:37:07.000000000","message":"recheck ssh timeout in test_resize_volume_backed_server_confirm","commit_id":"a6af1b9bc5f90313722bdf4c7d38fe36a4cbb76d"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"8cd5af71517f8ec2a92cd5c43abc5ba83ec37a3c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"ff4c3427_c1e0f2cd","updated":"2025-02-15 19:54:46.000000000","message":"recheck timeout in test_cold_migrate_unshelved_instance","commit_id":"a6af1b9bc5f90313722bdf4c7d38fe36a4cbb76d"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"2b5b48c0ddc6615616c2457f961274d7f612d46d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"e6c877b4_18c11829","updated":"2025-06-26 00:19:28.000000000","message":"While testing the manager role in tempest[1], I realized that we should allow migration list (all migrations list)[2] also for the manager. The current proposal was to allow only in-progress live migration list[3] for manager.\n\n[1] https://review.opendev.org/c/openstack/tempest/+/953265\n[2] https://docs.openstack.org/api-ref/compute/#list-migrations\n[3] https://docs.openstack.org/api-ref/compute/#id318","commit_id":"2035a0b2ee0ab11c66b37b6700698f21d468b8a9"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"dc46704cef9ec5cdb433db24a177a84e5aafef00","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"4d874dae_b40ea35c","in_reply_to":"e6c877b4_18c11829","updated":"2025-06-26 18:32:06.000000000","message":"After doing more analysis on the migration list (all migrations list), it returns all migrations from all projects. If we want to allow the manager role to list all migrations of its own project, then we need the all_tenant|project field in the request param. That is an API change and needs to be done by the microversion. I will add a TODO about it so that if any use case comes for this, we know that it is not just a policy change, but an API change.","commit_id":"2035a0b2ee0ab11c66b37b6700698f21d468b8a9"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"c5da7ebf646f6c199a040532e7c4271f1d682a30","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"b1b469f6_7f2ebdca","updated":"2025-07-15 00:24:20.000000000","message":"I am squashing this change in https://review.opendev.org/c/openstack/nova/+/953063","commit_id":"524d01ffff6fec3dfb37dddc8ee9ae409aa1c4ff"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"03ee6ac1e5b719ea77414c5a201c25805f43db89","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":6,"id":"e7e70175_bbc4b989","updated":"2025-07-09 20:33:51.000000000","message":"im confilicted becasue you are impleting what the spec se but i htink i just enrily miseed the PROJECT_MEMBER_OR_ADMIN -\u003e New default: PROJECT_MANAGER_OR_ADMIN wehn i looked at the spec the last time so before we proceed with this i want to make sure we actully really agree with that change\n\nalso i kind of want you to merge this with the previos change but that is nto a must. i just dont think we gain anything really be addign the new polices and updating them in 2 changes.\n\nif you want to keep it as two that is fine but you need to update the releasenote and doc in thei change to reflect the new fucntionality.","commit_id":"524d01ffff6fec3dfb37dddc8ee9ae409aa1c4ff"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"2c7f82fa00529ecb107437dc863ca6ed7bfb08b4","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"5da33635_457e0c67","updated":"2025-07-09 09:30:34.000000000","message":"shouldn\u0027t this have a release note? what about documentation?","commit_id":"524d01ffff6fec3dfb37dddc8ee9ae409aa1c4ff"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"03ee6ac1e5b719ea77414c5a201c25805f43db89","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":6,"id":"dda24d09_833fdd87","in_reply_to":"41dc4fbd_d5c63070","updated":"2025-07-09 20:33:51.000000000","message":"ah i new i saw this comemnt somewhere.\ni agree that the release note shoudl be updated in this change as well to call out that the manager role is now used.","commit_id":"524d01ffff6fec3dfb37dddc8ee9ae409aa1c4ff"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"89048a70dcef20666caa30109b186e23a71885c9","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"41dc4fbd_d5c63070","in_reply_to":"5da33635_457e0c67","updated":"2025-07-09 17:07:41.000000000","message":"yeah, I have that in plan. I was doing code its testing first and then plan to add doc/releasenotes in this or followup change.\n\nAs code and testing looks good, I will be doing that today or tomorrow.","commit_id":"524d01ffff6fec3dfb37dddc8ee9ae409aa1c4ff"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"87499f85cea36492b7ea8980f8343783d5caddca","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"09985257_821986ee","in_reply_to":"e7e70175_bbc4b989","updated":"2025-07-14 18:33:15.000000000","message":"I think we can keep them as it is (allow for member). Rethinking on those, I agree that there is no strong use case I have not allow member to do those when we are allowing many other same level operations.","commit_id":"524d01ffff6fec3dfb37dddc8ee9ae409aa1c4ff"}],"nova/policies/admin_password.py":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"61d3dd393548dfd228dc6e7db5cd7532f59c5db1","unresolved":true,"context_lines":[{"line_number":46,"context_line":"        ],"},{"line_number":47,"context_line":"        scope_types\u003d[\u0027project\u0027],"},{"line_number":48,"context_line":"        deprecated_rule\u003dDEPRECATED_POLICY)"},{"line_number":49,"context_line":"]"},{"line_number":50,"context_line":""},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"def list_rules():"}],"source_content_type":"text/x-python","patch_set":2,"id":"be512e72_99b4cf26","line":49,"updated":"2025-02-18 18:36:03.000000000","message":"so this remves the ablity for a proejct member to set the admin password on an instnace\n\nwhere as in the spec we were sayign we woudl only make aditive changes\n\nso i dont think this is corerct to do.","commit_id":"a6af1b9bc5f90313722bdf4c7d38fe36a4cbb76d"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"5dda8e939ca1980359101144ba3201180038a8b2","unresolved":false,"context_lines":[{"line_number":46,"context_line":"        ],"},{"line_number":47,"context_line":"        scope_types\u003d[\u0027project\u0027],"},{"line_number":48,"context_line":"        deprecated_rule\u003dDEPRECATED_POLICY)"},{"line_number":49,"context_line":"]"},{"line_number":50,"context_line":""},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"def list_rules():"}],"source_content_type":"text/x-python","patch_set":2,"id":"ed2514c1_54aa053f","line":49,"in_reply_to":"8612f4d8_f06302fa","updated":"2025-06-23 23:25:36.000000000","message":"Done. as per latest spec, no change in this policy. Agree with Sean concern.","commit_id":"a6af1b9bc5f90313722bdf4c7d38fe36a4cbb76d"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"d9e9dcca5d81748c65c839e78992a74df4d42da4","unresolved":true,"context_lines":[{"line_number":46,"context_line":"        ],"},{"line_number":47,"context_line":"        scope_types\u003d[\u0027project\u0027],"},{"line_number":48,"context_line":"        deprecated_rule\u003dDEPRECATED_POLICY)"},{"line_number":49,"context_line":"]"},{"line_number":50,"context_line":""},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"def list_rules():"}],"source_content_type":"text/x-python","patch_set":2,"id":"8612f4d8_f06302fa","line":49,"in_reply_to":"be512e72_99b4cf26","updated":"2025-02-18 19:35:37.000000000","message":"I do not think we said that in spec[1]. Whole point of adding manager role is to have someone who has higher permission than member and less then admin. If we are giving member role access also here then what is actual use/benefits of adding manager role? If anyone want some transition from member role to manager role then we still support the old defaults (member role access) as deprecated so they can enable them. But having default access to manager and member both is not something we discussed in RBAC goal. \n\n[1] https://review.opendev.org/c/openstack/nova-specs/+/937650/5/specs/2025.1/approved/policy-service-and-manager-role-default.rst#151\n\nAnd this is what we defined in RBAC goal for what Manager role should be - - https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#phase-3","commit_id":"a6af1b9bc5f90313722bdf4c7d38fe36a4cbb76d"}],"nova/policies/base.py":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"03ee6ac1e5b719ea77414c5a201c25805f43db89","unresolved":true,"context_lines":[{"line_number":93,"context_line":"    policy.RuleDefault("},{"line_number":94,"context_line":"        \"project_manager_api\","},{"line_number":95,"context_line":"        \"role:manager and project_id:%(project_id)s\","},{"line_number":96,"context_line":"        \"Default rule for Project level admin APIs.\","},{"line_number":97,"context_line":"        deprecated_rule\u003dDEPRECATED_ADMIN_POLICY),"},{"line_number":98,"context_line":"    policy.RuleDefault("},{"line_number":99,"context_line":"        \"project_member_api\","}],"source_content_type":"text/x-python","patch_set":6,"id":"525c9726_b6932434","line":96,"range":{"start_line":96,"start_character":40,"end_line":96,"end_character":45},"updated":"2025-07-09 20:33:51.000000000","message":"```suggestion\n        \"Default rule for Project level manager APIs.\",\n```\n\nalso this shoudl have deprecated_since\n\nbut beyond that do we need this here? is this actully used?\n\nyou didnt defien a constant for this above.","commit_id":"524d01ffff6fec3dfb37dddc8ee9ae409aa1c4ff"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"87499f85cea36492b7ea8980f8343783d5caddca","unresolved":false,"context_lines":[{"line_number":93,"context_line":"    policy.RuleDefault("},{"line_number":94,"context_line":"        \"project_manager_api\","},{"line_number":95,"context_line":"        \"role:manager and project_id:%(project_id)s\","},{"line_number":96,"context_line":"        \"Default rule for Project level admin APIs.\","},{"line_number":97,"context_line":"        deprecated_rule\u003dDEPRECATED_ADMIN_POLICY),"},{"line_number":98,"context_line":"    policy.RuleDefault("},{"line_number":99,"context_line":"        \"project_member_api\","}],"source_content_type":"text/x-python","patch_set":6,"id":"d85d7623_37e8d0bd","line":96,"range":{"start_line":96,"start_character":40,"end_line":96,"end_character":45},"in_reply_to":"525c9726_b6932434","updated":"2025-07-14 18:33:15.000000000","message":"Done. deprecated_since i defined in DEPRECATED_ADMIN_POLICY","commit_id":"524d01ffff6fec3dfb37dddc8ee9ae409aa1c4ff"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"c5da7ebf646f6c199a040532e7c4271f1d682a30","unresolved":false,"context_lines":[{"line_number":93,"context_line":"    policy.RuleDefault("},{"line_number":94,"context_line":"        \"project_manager_api\","},{"line_number":95,"context_line":"        \"role:manager and project_id:%(project_id)s\","},{"line_number":96,"context_line":"        \"Default rule for Project level admin APIs.\","},{"line_number":97,"context_line":"        deprecated_rule\u003dDEPRECATED_ADMIN_POLICY),"},{"line_number":98,"context_line":"    policy.RuleDefault("},{"line_number":99,"context_line":"        \"project_member_api\","}],"source_content_type":"text/x-python","patch_set":6,"id":"89a55588_95b0aa71","line":96,"range":{"start_line":96,"start_character":40,"end_line":96,"end_character":45},"in_reply_to":"d85d7623_37e8d0bd","updated":"2025-07-15 00:24:20.000000000","message":"done in https://review.opendev.org/c/openstack/nova/+/953063","commit_id":"524d01ffff6fec3dfb37dddc8ee9ae409aa1c4ff"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"03ee6ac1e5b719ea77414c5a201c25805f43db89","unresolved":false,"context_lines":[{"line_number":94,"context_line":"        \"project_manager_api\","},{"line_number":95,"context_line":"        \"role:manager and project_id:%(project_id)s\","},{"line_number":96,"context_line":"        \"Default rule for Project level admin APIs.\","},{"line_number":97,"context_line":"        deprecated_rule\u003dDEPRECATED_ADMIN_POLICY),"},{"line_number":98,"context_line":"    policy.RuleDefault("},{"line_number":99,"context_line":"        \"project_member_api\","},{"line_number":100,"context_line":"        \"role:member and project_id:%(project_id)s\","}],"source_content_type":"text/x-python","patch_set":6,"id":"fc0298cc_ef386cc2","line":97,"range":{"start_line":97,"start_character":8,"end_line":97,"end_character":47},"updated":"2025-07-09 20:33:51.000000000","message":"hum we need to do this because we have not remove to deisble the new roles right.\nwe re ally are overdue removing the ablity to opt out for the new policy but ok i guess this makes sense only because we did not move any project member actions to require project manager.\n\nof we had requiring admin would have been incorrect.","commit_id":"524d01ffff6fec3dfb37dddc8ee9ae409aa1c4ff"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"87499f85cea36492b7ea8980f8343783d5caddca","unresolved":false,"context_lines":[{"line_number":94,"context_line":"        \"project_manager_api\","},{"line_number":95,"context_line":"        \"role:manager and project_id:%(project_id)s\","},{"line_number":96,"context_line":"        \"Default rule for Project level admin APIs.\","},{"line_number":97,"context_line":"        deprecated_rule\u003dDEPRECATED_ADMIN_POLICY),"},{"line_number":98,"context_line":"    policy.RuleDefault("},{"line_number":99,"context_line":"        \"project_member_api\","},{"line_number":100,"context_line":"        \"role:member and project_id:%(project_id)s\","}],"source_content_type":"text/x-python","patch_set":6,"id":"a06dd61e_cce90ff3","line":97,"range":{"start_line":97,"start_character":8,"end_line":97,"end_character":47},"in_reply_to":"fc0298cc_ef386cc2","updated":"2025-07-14 18:33:15.000000000","message":"yes. once we move the old defaults then these deprecated_rule will go away.","commit_id":"524d01ffff6fec3dfb37dddc8ee9ae409aa1c4ff"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"03ee6ac1e5b719ea77414c5a201c25805f43db89","unresolved":true,"context_lines":[{"line_number":107,"context_line":"        deprecated_rule\u003dDEPRECATED_ADMIN_OR_OWNER_POLICY),"},{"line_number":108,"context_line":"    policy.RuleDefault("},{"line_number":109,"context_line":"        \"project_manager_or_admin\","},{"line_number":110,"context_line":"        \"rule:project_manager_api or rule:context_is_admin\","},{"line_number":111,"context_line":"        \"Default rule for Project Manager or admin APIs.\","},{"line_number":112,"context_line":"        deprecated_rule\u003dDEPRECATED_ADMIN_POLICY),"},{"line_number":113,"context_line":"    policy.RuleDefault("}],"source_content_type":"text/x-python","patch_set":6,"id":"b338dd5a_a04229e2","line":110,"updated":"2025-07-09 20:33:51.000000000","message":"I guess it\u0027s used transitively here.\n\nso all use of project_manager_api is actully via PROJECT_MANAGER_OR_ADMIN","commit_id":"524d01ffff6fec3dfb37dddc8ee9ae409aa1c4ff"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"87499f85cea36492b7ea8980f8343783d5caddca","unresolved":false,"context_lines":[{"line_number":107,"context_line":"        deprecated_rule\u003dDEPRECATED_ADMIN_OR_OWNER_POLICY),"},{"line_number":108,"context_line":"    policy.RuleDefault("},{"line_number":109,"context_line":"        \"project_manager_or_admin\","},{"line_number":110,"context_line":"        \"rule:project_manager_api or rule:context_is_admin\","},{"line_number":111,"context_line":"        \"Default rule for Project Manager or admin APIs.\","},{"line_number":112,"context_line":"        deprecated_rule\u003dDEPRECATED_ADMIN_POLICY),"},{"line_number":113,"context_line":"    policy.RuleDefault("}],"source_content_type":"text/x-python","patch_set":6,"id":"2646c0ca_2c826311","line":110,"in_reply_to":"b338dd5a_a04229e2","updated":"2025-07-14 18:33:15.000000000","message":"yes, that is what policy rule will be using. We want ADMIN to continue have permission for manager things.","commit_id":"524d01ffff6fec3dfb37dddc8ee9ae409aa1c4ff"}],"nova/policies/deferred_delete.py":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"61d3dd393548dfd228dc6e7db5cd7532f59c5db1","unresolved":true,"context_lines":[{"line_number":36,"context_line":"deferred_delete_policies \u003d ["},{"line_number":37,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":38,"context_line":"        name\u003dBASE_POLICY_NAME % \u0027restore\u0027,"},{"line_number":39,"context_line":"        check_str\u003dbase.PROJECT_MANAGER_OR_ADMIN,"},{"line_number":40,"context_line":"        description\u003d\"Restore a soft deleted server\","},{"line_number":41,"context_line":"        operations\u003d["},{"line_number":42,"context_line":"            {"}],"source_content_type":"text/x-python","patch_set":2,"id":"32863e63_e9661249","line":39,"updated":"2025-02-18 18:36:03.000000000","message":"again this has the same probelme you makign it more restictive so this is an upgrade problem","commit_id":"a6af1b9bc5f90313722bdf4c7d38fe36a4cbb76d"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"d9e9dcca5d81748c65c839e78992a74df4d42da4","unresolved":true,"context_lines":[{"line_number":36,"context_line":"deferred_delete_policies \u003d ["},{"line_number":37,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":38,"context_line":"        name\u003dBASE_POLICY_NAME % \u0027restore\u0027,"},{"line_number":39,"context_line":"        check_str\u003dbase.PROJECT_MANAGER_OR_ADMIN,"},{"line_number":40,"context_line":"        description\u003d\"Restore a soft deleted server\","},{"line_number":41,"context_line":"        operations\u003d["},{"line_number":42,"context_line":"            {"}],"source_content_type":"text/x-python","patch_set":2,"id":"56d6e716_cd1fed48","line":39,"in_reply_to":"32863e63_e9661249","updated":"2025-02-18 19:35:37.000000000","message":"replied in previous comments, the Main idea of the Manager role is to make some APIs more restrictive than member. That is what we planned as per the RBAC goal\n- https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#phase-3","commit_id":"a6af1b9bc5f90313722bdf4c7d38fe36a4cbb76d"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"5dda8e939ca1980359101144ba3201180038a8b2","unresolved":false,"context_lines":[{"line_number":36,"context_line":"deferred_delete_policies \u003d ["},{"line_number":37,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":38,"context_line":"        name\u003dBASE_POLICY_NAME % \u0027restore\u0027,"},{"line_number":39,"context_line":"        check_str\u003dbase.PROJECT_MANAGER_OR_ADMIN,"},{"line_number":40,"context_line":"        description\u003d\"Restore a soft deleted server\","},{"line_number":41,"context_line":"        operations\u003d["},{"line_number":42,"context_line":"            {"}],"source_content_type":"text/x-python","patch_set":2,"id":"d46e589d_712970a3","line":39,"in_reply_to":"56d6e716_cd1fed48","updated":"2025-06-23 23:25:36.000000000","message":"we discussed it in spec and agreed to change these policy change to PROJECT_MANAGER_OR_ADMIN","commit_id":"a6af1b9bc5f90313722bdf4c7d38fe36a4cbb76d"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"03ee6ac1e5b719ea77414c5a201c25805f43db89","unresolved":true,"context_lines":[{"line_number":36,"context_line":"deferred_delete_policies \u003d ["},{"line_number":37,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":38,"context_line":"        name\u003dBASE_POLICY_NAME % \u0027restore\u0027,"},{"line_number":39,"context_line":"        check_str\u003dbase.PROJECT_MANAGER_OR_ADMIN,"},{"line_number":40,"context_line":"        description\u003d\"Restore a soft deleted server\","},{"line_number":41,"context_line":"        operations\u003d["},{"line_number":42,"context_line":"            {"}],"source_content_type":"text/x-python","patch_set":6,"id":"c3806478_738d0b78","line":39,"updated":"2025-07-09 20:33:51.000000000","message":"this is problematic.\n\ni tought we didn not tighten any project member api to now requrie project manager\n\nlooking at \n\nhttps://specs.openstack.org/openstack/nova-specs/specs/2025.2/approved/policy-manager-role-default.html#below-apis-policy-will-be-default-to-project-manager-or-admin-role\n\ni think i missed that change.\nhowe is this not an upgrade issue?\n\nyou are effectivly removing the api form being useable as a normal user which feel like it at the level that need a microveriosn.\n\nWhat do you want to make this change in policy?\nspecificly why shoudl someone wiht project member who realsied that they acicentlly delted the wrogn vm not be able to restore it.\n\nthey typicaly only have a few seconds at most to do that and finding someone with project manager right and getting them to fix it even if it someone at the desk becide them is likely going to be too late.\n\nso i think we shoudl reconsider that.","commit_id":"524d01ffff6fec3dfb37dddc8ee9ae409aa1c4ff"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"c5da7ebf646f6c199a040532e7c4271f1d682a30","unresolved":false,"context_lines":[{"line_number":36,"context_line":"deferred_delete_policies \u003d ["},{"line_number":37,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":38,"context_line":"        name\u003dBASE_POLICY_NAME % \u0027restore\u0027,"},{"line_number":39,"context_line":"        check_str\u003dbase.PROJECT_MANAGER_OR_ADMIN,"},{"line_number":40,"context_line":"        description\u003d\"Restore a soft deleted server\","},{"line_number":41,"context_line":"        operations\u003d["},{"line_number":42,"context_line":"            {"}],"source_content_type":"text/x-python","patch_set":6,"id":"d9ee118b_549c8474","line":39,"in_reply_to":"1bb16085_4be3a7a3","updated":"2025-07-15 00:24:20.000000000","message":"done in https://review.opendev.org/c/openstack/nova/+/953063","commit_id":"524d01ffff6fec3dfb37dddc8ee9ae409aa1c4ff"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"87499f85cea36492b7ea8980f8343783d5caddca","unresolved":false,"context_lines":[{"line_number":36,"context_line":"deferred_delete_policies \u003d ["},{"line_number":37,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":38,"context_line":"        name\u003dBASE_POLICY_NAME % \u0027restore\u0027,"},{"line_number":39,"context_line":"        check_str\u003dbase.PROJECT_MANAGER_OR_ADMIN,"},{"line_number":40,"context_line":"        description\u003d\"Restore a soft deleted server\","},{"line_number":41,"context_line":"        operations\u003d["},{"line_number":42,"context_line":"            {"}],"source_content_type":"text/x-python","patch_set":6,"id":"1bb16085_4be3a7a3","line":39,"in_reply_to":"c3806478_738d0b78","updated":"2025-07-14 18:33:15.000000000","message":"Rethinking on this, I think you are right and I am not finding any strong reason to disallow member. Specifically, when we allow many destructive operations on their VM by members. If they can deleet, rebuild, resize VM etc then why not restore.\n\nI think i asked same in spec if any objection on this policy change but then forgot to refresh those.\n\nI agree to keep them for member level and manager can do those anyways. I will push follow up on spec also to match the doc with what we are doing in code.","commit_id":"524d01ffff6fec3dfb37dddc8ee9ae409aa1c4ff"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"03ee6ac1e5b719ea77414c5a201c25805f43db89","unresolved":true,"context_lines":[{"line_number":57,"context_line":"            }"},{"line_number":58,"context_line":"        ],"},{"line_number":59,"context_line":"        scope_types\u003d[\u0027project\u0027],"},{"line_number":60,"context_line":"        deprecated_rule\u003dDEPRECATED_POLICY)"},{"line_number":61,"context_line":"]"},{"line_number":62,"context_line":""},{"line_number":63,"context_line":""}],"source_content_type":"text/x-python","patch_set":6,"id":"2272d01c_7cea5a88","line":60,"updated":"2025-07-09 20:33:51.000000000","message":"this is maybe more reaonble but im not sure this is woth the upgrade impact.","commit_id":"524d01ffff6fec3dfb37dddc8ee9ae409aa1c4ff"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"87499f85cea36492b7ea8980f8343783d5caddca","unresolved":false,"context_lines":[{"line_number":57,"context_line":"            }"},{"line_number":58,"context_line":"        ],"},{"line_number":59,"context_line":"        scope_types\u003d[\u0027project\u0027],"},{"line_number":60,"context_line":"        deprecated_rule\u003dDEPRECATED_POLICY)"},{"line_number":61,"context_line":"]"},{"line_number":62,"context_line":""},{"line_number":63,"context_line":""}],"source_content_type":"text/x-python","patch_set":6,"id":"ad685cd7_c1131bd7","line":60,"in_reply_to":"2272d01c_7cea5a88","updated":"2025-07-14 18:33:15.000000000","message":"let\u0027s keep it for member as restore is kept. If anyone want to retore or makre sure VM delete before deffer intervals, then they should be able to do both.","commit_id":"524d01ffff6fec3dfb37dddc8ee9ae409aa1c4ff"}],"nova/policies/instance_usage_audit_log.py":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"61d3dd393548dfd228dc6e7db5cd7532f59c5db1","unresolved":true,"context_lines":[{"line_number":36,"context_line":"instance_usage_audit_log_policies \u003d ["},{"line_number":37,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":38,"context_line":"        name\u003dBASE_POLICY_NAME % \u0027list\u0027,"},{"line_number":39,"context_line":"        check_str\u003dbase.PROJECT_MANAGER_OR_ADMIN,"},{"line_number":40,"context_line":"        description\u003d\"List all usage audits.\","},{"line_number":41,"context_line":"        operations\u003d["},{"line_number":42,"context_line":"            {"}],"source_content_type":"text/x-python","patch_set":2,"id":"b49eae87_3c14b5cb","line":39,"updated":"2025-02-18 18:36:03.000000000","message":"Unfortunately this provides hos specific information about the compute nodes\n\nso this is not appropriate to expose to the project manager\n\nhttps://docs.openstack.org/api-ref/compute/#id309","commit_id":"a6af1b9bc5f90313722bdf4c7d38fe36a4cbb76d"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"5dda8e939ca1980359101144ba3201180038a8b2","unresolved":false,"context_lines":[{"line_number":36,"context_line":"instance_usage_audit_log_policies \u003d ["},{"line_number":37,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":38,"context_line":"        name\u003dBASE_POLICY_NAME % \u0027list\u0027,"},{"line_number":39,"context_line":"        check_str\u003dbase.PROJECT_MANAGER_OR_ADMIN,"},{"line_number":40,"context_line":"        description\u003d\"List all usage audits.\","},{"line_number":41,"context_line":"        operations\u003d["},{"line_number":42,"context_line":"            {"}],"source_content_type":"text/x-python","patch_set":2,"id":"fc767e18_4fde35d4","line":39,"in_reply_to":"a1f50f02_fdf0a75c","updated":"2025-06-23 23:25:36.000000000","message":"Agreed with Sean concern and as per latest spec no change in this policy","commit_id":"a6af1b9bc5f90313722bdf4c7d38fe36a4cbb76d"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"d9e9dcca5d81748c65c839e78992a74df4d42da4","unresolved":true,"context_lines":[{"line_number":36,"context_line":"instance_usage_audit_log_policies \u003d ["},{"line_number":37,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":38,"context_line":"        name\u003dBASE_POLICY_NAME % \u0027list\u0027,"},{"line_number":39,"context_line":"        check_str\u003dbase.PROJECT_MANAGER_OR_ADMIN,"},{"line_number":40,"context_line":"        description\u003d\"List all usage audits.\","},{"line_number":41,"context_line":"        operations\u003d["},{"line_number":42,"context_line":"            {"}],"source_content_type":"text/x-python","patch_set":2,"id":"a1f50f02_fdf0a75c","line":39,"in_reply_to":"b49eae87_3c14b5cb","updated":"2025-02-18 19:35:37.000000000","message":"you are right, I just see those and agree that it still has host info returned. I will keep it admin only which need update in spec also.","commit_id":"a6af1b9bc5f90313722bdf4c7d38fe36a4cbb76d"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"61d3dd393548dfd228dc6e7db5cd7532f59c5db1","unresolved":true,"context_lines":[{"line_number":48,"context_line":"        deprecated_rule\u003dDEPRECATED_POLICY),"},{"line_number":49,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":50,"context_line":"        name\u003dBASE_POLICY_NAME % \u0027show\u0027,"},{"line_number":51,"context_line":"        check_str\u003dbase.PROJECT_MANAGER_OR_ADMIN,"},{"line_number":52,"context_line":"        description\u003d\"List all usage audits occurred before \""},{"line_number":53,"context_line":"        \"a specified time for all servers on all compute hosts where \""},{"line_number":54,"context_line":"        \"usage auditing is configured\","}],"source_content_type":"text/x-python","patch_set":2,"id":"a508c2cb_9663d7b4","line":51,"updated":"2025-02-18 18:36:03.000000000","message":"the same applies here\nhttps://docs.openstack.org/api-ref/compute/#id311","commit_id":"a6af1b9bc5f90313722bdf4c7d38fe36a4cbb76d"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"5dda8e939ca1980359101144ba3201180038a8b2","unresolved":false,"context_lines":[{"line_number":48,"context_line":"        deprecated_rule\u003dDEPRECATED_POLICY),"},{"line_number":49,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":50,"context_line":"        name\u003dBASE_POLICY_NAME % \u0027show\u0027,"},{"line_number":51,"context_line":"        check_str\u003dbase.PROJECT_MANAGER_OR_ADMIN,"},{"line_number":52,"context_line":"        description\u003d\"List all usage audits occurred before \""},{"line_number":53,"context_line":"        \"a specified time for all servers on all compute hosts where \""},{"line_number":54,"context_line":"        \"usage auditing is configured\","}],"source_content_type":"text/x-python","patch_set":2,"id":"4a23f3fc_08888dfe","line":51,"in_reply_to":"a508c2cb_9663d7b4","updated":"2025-06-23 23:25:36.000000000","message":"ditto.","commit_id":"a6af1b9bc5f90313722bdf4c7d38fe36a4cbb76d"}],"nova/policies/migrate_server.py":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"61d3dd393548dfd228dc6e7db5cd7532f59c5db1","unresolved":true,"context_lines":[{"line_number":24,"context_line":"migrate_server_policies \u003d ["},{"line_number":25,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":26,"context_line":"        name\u003dPOLICY_ROOT % \u0027migrate\u0027,"},{"line_number":27,"context_line":"        check_str\u003dbase.PROJECT_MANAGER_OR_ADMIN,"},{"line_number":28,"context_line":"        description\u003d\"Cold migrate a server without specifying a host\","},{"line_number":29,"context_line":"        operations\u003d["},{"line_number":30,"context_line":"            {"}],"source_content_type":"text/x-python","patch_set":2,"id":"499ca011_684382aa","line":27,"updated":"2025-02-18 18:36:03.000000000","message":"this is an api that is valid to provide access to the manger role.\n+1","commit_id":"a6af1b9bc5f90313722bdf4c7d38fe36a4cbb76d"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"d9e9dcca5d81748c65c839e78992a74df4d42da4","unresolved":false,"context_lines":[{"line_number":24,"context_line":"migrate_server_policies \u003d ["},{"line_number":25,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":26,"context_line":"        name\u003dPOLICY_ROOT % \u0027migrate\u0027,"},{"line_number":27,"context_line":"        check_str\u003dbase.PROJECT_MANAGER_OR_ADMIN,"},{"line_number":28,"context_line":"        description\u003d\"Cold migrate a server without specifying a host\","},{"line_number":29,"context_line":"        operations\u003d["},{"line_number":30,"context_line":"            {"}],"source_content_type":"text/x-python","patch_set":2,"id":"baa14ab2_41da7c4f","line":27,"in_reply_to":"499ca011_684382aa","updated":"2025-02-18 19:35:37.000000000","message":"ack","commit_id":"a6af1b9bc5f90313722bdf4c7d38fe36a4cbb76d"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"61d3dd393548dfd228dc6e7db5cd7532f59c5db1","unresolved":true,"context_lines":[{"line_number":46,"context_line":"        scope_types\u003d[\u0027project\u0027]),"},{"line_number":47,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":48,"context_line":"        name\u003dPOLICY_ROOT % \u0027migrate_live\u0027,"},{"line_number":49,"context_line":"        check_str\u003dbase.ADMIN,"},{"line_number":50,"context_line":"        description\u003d\"Live migrate a server to a new host without a reboot\","},{"line_number":51,"context_line":"        operations\u003d["},{"line_number":52,"context_line":"            {"}],"source_content_type":"text/x-python","patch_set":2,"id":"290020a4_7e29c4a7","line":49,"range":{"start_line":49,"start_character":0,"end_line":49,"end_character":2},"updated":"2025-02-18 18:36:03.000000000","message":"live mgration without specifying a host is also valid for the manager right?\nso this should be update to base.PROJECT_MANAGER_OR_ADMIN","commit_id":"a6af1b9bc5f90313722bdf4c7d38fe36a4cbb76d"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"5dda8e939ca1980359101144ba3201180038a8b2","unresolved":false,"context_lines":[{"line_number":46,"context_line":"        scope_types\u003d[\u0027project\u0027]),"},{"line_number":47,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":48,"context_line":"        name\u003dPOLICY_ROOT % \u0027migrate_live\u0027,"},{"line_number":49,"context_line":"        check_str\u003dbase.ADMIN,"},{"line_number":50,"context_line":"        description\u003d\"Live migrate a server to a new host without a reboot\","},{"line_number":51,"context_line":"        operations\u003d["},{"line_number":52,"context_line":"            {"}],"source_content_type":"text/x-python","patch_set":2,"id":"0a7cbc2b_9f9d3c09","line":49,"range":{"start_line":49,"start_character":0,"end_line":49,"end_character":2},"in_reply_to":"290020a4_7e29c4a7","updated":"2025-06-23 23:25:36.000000000","message":"Done, adding the new policy for migrate to host and made this policy allowed for PROJECT_MANAGER_OR_ADMIN","commit_id":"a6af1b9bc5f90313722bdf4c7d38fe36a4cbb76d"}],"nova/policies/servers_migrations.py":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"61d3dd393548dfd228dc6e7db5cd7532f59c5db1","unresolved":true,"context_lines":[{"line_number":43,"context_line":"            {"},{"line_number":44,"context_line":"                \u0027method\u0027: \u0027POST\u0027,"},{"line_number":45,"context_line":"                \u0027path\u0027: \u0027/servers/{server_id}/migrations/{migration_id}\u0027"},{"line_number":46,"context_line":"                        \u0027/action (force_complete)\u0027"},{"line_number":47,"context_line":"            }"},{"line_number":48,"context_line":"        ],"},{"line_number":49,"context_line":"        scope_types\u003d[\u0027project\u0027]),"}],"source_content_type":"text/x-python","patch_set":2,"id":"78955c28_21e177ed","line":46,"updated":"2025-02-18 18:36:03.000000000","message":"yep force completing a live migration sound valid to me.","commit_id":"a6af1b9bc5f90313722bdf4c7d38fe36a4cbb76d"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"d9e9dcca5d81748c65c839e78992a74df4d42da4","unresolved":false,"context_lines":[{"line_number":43,"context_line":"            {"},{"line_number":44,"context_line":"                \u0027method\u0027: \u0027POST\u0027,"},{"line_number":45,"context_line":"                \u0027path\u0027: \u0027/servers/{server_id}/migrations/{migration_id}\u0027"},{"line_number":46,"context_line":"                        \u0027/action (force_complete)\u0027"},{"line_number":47,"context_line":"            }"},{"line_number":48,"context_line":"        ],"},{"line_number":49,"context_line":"        scope_types\u003d[\u0027project\u0027]),"}],"source_content_type":"text/x-python","patch_set":2,"id":"26302d80_e90a209b","line":46,"in_reply_to":"78955c28_21e177ed","updated":"2025-02-18 19:35:37.000000000","message":"Acknowledged","commit_id":"a6af1b9bc5f90313722bdf4c7d38fe36a4cbb76d"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"61d3dd393548dfd228dc6e7db5cd7532f59c5db1","unresolved":true,"context_lines":[{"line_number":50,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":51,"context_line":"        name\u003dPOLICY_ROOT % \u0027delete\u0027,"},{"line_number":52,"context_line":"        check_str\u003dbase.PROJECT_MANAGER_OR_ADMIN,"},{"line_number":53,"context_line":"        description\u003d\"Delete(Abort) an in-progress live migration\","},{"line_number":54,"context_line":"        operations\u003d["},{"line_number":55,"context_line":"            {"},{"line_number":56,"context_line":"                \u0027method\u0027: \u0027DELETE\u0027,"}],"source_content_type":"text/x-python","patch_set":2,"id":"0d389273_082fa718","line":53,"updated":"2025-02-18 18:36:03.000000000","message":"live migration about woudl also be valid i think althoguh we do need to filter the migration list respocnes to remvoe host specific info","commit_id":"a6af1b9bc5f90313722bdf4c7d38fe36a4cbb76d"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"d9e9dcca5d81748c65c839e78992a74df4d42da4","unresolved":true,"context_lines":[{"line_number":50,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":51,"context_line":"        name\u003dPOLICY_ROOT % \u0027delete\u0027,"},{"line_number":52,"context_line":"        check_str\u003dbase.PROJECT_MANAGER_OR_ADMIN,"},{"line_number":53,"context_line":"        description\u003d\"Delete(Abort) an in-progress live migration\","},{"line_number":54,"context_line":"        operations\u003d["},{"line_number":55,"context_line":"            {"},{"line_number":56,"context_line":"                \u0027method\u0027: \u0027DELETE\u0027,"}],"source_content_type":"text/x-python","patch_set":2,"id":"fcae8840_a52b5a79","line":53,"in_reply_to":"0d389273_082fa718","updated":"2025-02-18 19:35:37.000000000","message":"yeah we discussed that in spec and having no separate policy for host info filter lead us not to do that as part of this effort. We need to add a few separate policy to control the host info and then we can make those access to manager role if needed","commit_id":"a6af1b9bc5f90313722bdf4c7d38fe36a4cbb76d"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"75ce18cfe515e795a55a0e29f389bf7492b8ad88","unresolved":false,"context_lines":[{"line_number":50,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":51,"context_line":"        name\u003dPOLICY_ROOT % \u0027delete\u0027,"},{"line_number":52,"context_line":"        check_str\u003dbase.PROJECT_MANAGER_OR_ADMIN,"},{"line_number":53,"context_line":"        description\u003d\"Delete(Abort) an in-progress live migration\","},{"line_number":54,"context_line":"        operations\u003d["},{"line_number":55,"context_line":"            {"},{"line_number":56,"context_line":"                \u0027method\u0027: \u0027DELETE\u0027,"}],"source_content_type":"text/x-python","patch_set":2,"id":"5f7bd348_07cf2f59","line":53,"in_reply_to":"fcae8840_a52b5a79","updated":"2025-06-25 02:27:42.000000000","message":"Done in https://review.opendev.org/c/openstack/nova/+/953063/5/nova/api/openstack/compute/server_migrations.py#67","commit_id":"a6af1b9bc5f90313722bdf4c7d38fe36a4cbb76d"}],"nova/tests/unit/policies/base.py":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"03ee6ac1e5b719ea77414c5a201c25805f43db89","unresolved":true,"context_lines":[{"line_number":175,"context_line":"            self.project_manager_context, self.project_member_context,"},{"line_number":176,"context_line":"            self.project_reader_context, self.project_foo_context"},{"line_number":177,"context_line":"        ])"},{"line_number":178,"context_line":"        # With scope enable and no legacy rule, only project scoped admin"},{"line_number":179,"context_line":"        # and project members have access. No other role in that project"},{"line_number":180,"context_line":"        # or system scoped token will have access."},{"line_number":181,"context_line":"        self.project_member_or_admin_with_scope_no_legacy \u003d set(["}],"source_content_type":"text/x-python","patch_set":6,"id":"a82b17af_0864d96d","side":"PARENT","line":178,"range":{"start_line":178,"start_character":53,"end_line":178,"end_character":73},"updated":"2025-07-09 20:33:51.000000000","message":"this is an exisitng issue but the pharse \"project scoped admin\"  shoudl be avoided.\n\nits really shoudl say  \"admin with a project scope token\"\n\nwhich is very diffent one imples a toke that has admin right only on a given proejct\n\nthe other reflect hta the scoep fo the toke is to project resouce and they have the admin role but they can make admin rewstion acroos all proejct\n\ni.e. it refect reality.\n\ni kind of feel that you shoudl fix this since your extending the comment but its also unrelated.\n\ni jsut think that the words \"project scoped admin\" shoudl nto exist in openstack period.","commit_id":"bb0a8a1b3d543fad1ab8dce2ba04fd239e5400c9"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"c5da7ebf646f6c199a040532e7c4271f1d682a30","unresolved":false,"context_lines":[{"line_number":175,"context_line":"            self.project_manager_context, self.project_member_context,"},{"line_number":176,"context_line":"            self.project_reader_context, self.project_foo_context"},{"line_number":177,"context_line":"        ])"},{"line_number":178,"context_line":"        # With scope enable and no legacy rule, only project scoped admin"},{"line_number":179,"context_line":"        # and project members have access. No other role in that project"},{"line_number":180,"context_line":"        # or system scoped token will have access."},{"line_number":181,"context_line":"        self.project_member_or_admin_with_scope_no_legacy \u003d set(["}],"source_content_type":"text/x-python","patch_set":6,"id":"356daca4_cd5cc20c","side":"PARENT","line":178,"range":{"start_line":178,"start_character":53,"end_line":178,"end_character":73},"in_reply_to":"452bbb74_d1f1a4fa","updated":"2025-07-15 00:24:20.000000000","message":"Done,  in https://review.opendev.org/c/openstack/nova/+/953063","commit_id":"bb0a8a1b3d543fad1ab8dce2ba04fd239e5400c9"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"87499f85cea36492b7ea8980f8343783d5caddca","unresolved":true,"context_lines":[{"line_number":175,"context_line":"            self.project_manager_context, self.project_member_context,"},{"line_number":176,"context_line":"            self.project_reader_context, self.project_foo_context"},{"line_number":177,"context_line":"        ])"},{"line_number":178,"context_line":"        # With scope enable and no legacy rule, only project scoped admin"},{"line_number":179,"context_line":"        # and project members have access. No other role in that project"},{"line_number":180,"context_line":"        # or system scoped token will have access."},{"line_number":181,"context_line":"        self.project_member_or_admin_with_scope_no_legacy \u003d set(["}],"source_content_type":"text/x-python","patch_set":6,"id":"452bbb74_d1f1a4fa","side":"PARENT","line":178,"range":{"start_line":178,"start_character":53,"end_line":178,"end_character":73},"in_reply_to":"a82b17af_0864d96d","updated":"2025-07-14 18:33:15.000000000","message":"yeah, that is a little confusing. As I am touching this comment, let me fix it.","commit_id":"bb0a8a1b3d543fad1ab8dce2ba04fd239e5400c9"}]}