)]}'
{"placement/tests/functional/gabbits/usage-secure-rbac.yaml":[{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"db33686057a9e0e8ad757d945f29f21fbdadabfd","unresolved":true,"context_lines":[{"line_number":125,"context_line":"# they have no business knowing about."},{"line_number":126,"context_line":"- name: project admin cannot get total usage for unauthorized project"},{"line_number":127,"context_line":"  GET: /usages?project_id\u003d$ENVIRON[\u0027PROJECT_ID\u0027]"},{"line_number":128,"context_line":"  request_headers: *alt_project_admin_headers"},{"line_number":129,"context_line":"  status: 403"},{"line_number":130,"context_line":""},{"line_number":131,"context_line":"- name: project member cannot get total usage for unauthorized project"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"6bec2273_4aa76b21","line":128,"updated":"2021-01-22 16:34:15.000000000","message":"This test fails consistently because the logical OR from oslo.policy is always applied in the tests and I\u0027m not sure why. This means that even project administrators from other projects can view project usage for projects they have no authorization on, even if:\n\n  enforce_scope\u003dTrue\n  enforce_new_defaults\u003dTrue\n\nWhich is what we setup in the SecureRBACPolicyFixture.","commit_id":"83739d938c6da9cc452363dcbec1eec329efd74f"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"808e59a6246933d38711d8f6efdae6e4da2300a3","unresolved":true,"context_lines":[{"line_number":125,"context_line":"# they have no business knowing about."},{"line_number":126,"context_line":"- name: project admin cannot get total usage for unauthorized project"},{"line_number":127,"context_line":"  GET: /usages?project_id\u003d$ENVIRON[\u0027PROJECT_ID\u0027]"},{"line_number":128,"context_line":"  request_headers: *alt_project_admin_headers"},{"line_number":129,"context_line":"  status: 403"},{"line_number":130,"context_line":""},{"line_number":131,"context_line":"- name: project member cannot get total usage for unauthorized project"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"fde66c43_659852f3","line":128,"in_reply_to":"51d062cb_f888dbda","updated":"2021-01-22 18:56:11.000000000","message":"because project id is not passed in oslo.policy for this, \n if we pass req.project_id then it can be checked if it is same as context.project_id or not https://github.com/openstack/placement/blob/master/placement/handlers/usage.py#L95","commit_id":"83739d938c6da9cc452363dcbec1eec329efd74f"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"6910c4207f702c06d544a81b8b59161c9c4c1e4b","unresolved":true,"context_lines":[{"line_number":125,"context_line":"# they have no business knowing about."},{"line_number":126,"context_line":"- name: project admin cannot get total usage for unauthorized project"},{"line_number":127,"context_line":"  GET: /usages?project_id\u003d$ENVIRON[\u0027PROJECT_ID\u0027]"},{"line_number":128,"context_line":"  request_headers: *alt_project_admin_headers"},{"line_number":129,"context_line":"  status: 403"},{"line_number":130,"context_line":""},{"line_number":131,"context_line":"- name: project member cannot get total usage for unauthorized project"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"51d062cb_f888dbda","line":128,"in_reply_to":"6bec2273_4aa76b21","updated":"2021-01-22 16:44:33.000000000","message":"Note, if you\u0027d like to debug this locally, be sure to downgrade gabbi to 1.49.0, which will allow you to capture stdout.\n\nhttps://github.com/cdent/gabbi/issues/287","commit_id":"83739d938c6da9cc452363dcbec1eec329efd74f"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"f2ade4eb66e08dd701ccd0bca62fa9a7614660cb","unresolved":true,"context_lines":[{"line_number":125,"context_line":"# they have no business knowing about."},{"line_number":126,"context_line":"- name: project admin cannot get total usage for unauthorized project"},{"line_number":127,"context_line":"  GET: /usages?project_id\u003d$ENVIRON[\u0027PROJECT_ID\u0027]"},{"line_number":128,"context_line":"  request_headers: *alt_project_admin_headers"},{"line_number":129,"context_line":"  status: 403"},{"line_number":130,"context_line":""},{"line_number":131,"context_line":"- name: project member cannot get total usage for unauthorized project"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"482d1756_06e6d9f5","line":128,"in_reply_to":"fde66c43_659852f3","updated":"2021-01-22 18:57:43.000000000","message":"Stephen already fixed that I believe.\n\nhttps://review.opendev.org/c/openstack/placement/+/771964/1/placement/handlers/usage.py","commit_id":"83739d938c6da9cc452363dcbec1eec329efd74f"}]}