)]}'
{"deliverables/train/keystone.yaml":[{"author":{"_account_id":21420,"name":"Gage Hugo","email":"gagehugo@gmail.com","username":"ghugo"},"change_message_id":"13a058832b9ae72db0f3c2a84cd515d423b5a03d","unresolved":false,"context_lines":[{"line_number":19,"context_line":"    ``[oslo_policy]/enforce_scope`` to ``true`` in `keystone.conf`, which, with"},{"line_number":20,"context_line":"    the default policies, will allow keystone to distinguish between"},{"line_number":21,"context_line":"    project-specific requests and requests that operate on an entire"},{"line_number":22,"context_line":"    deployment. This makes it making it safe to grant admin access to a"},{"line_number":23,"context_line":"    specific keystone project without giving admin access to all of keystone\u0027s"},{"line_number":24,"context_line":"    APIs, but please be aware that depending on the default and overridden"},{"line_number":25,"context_line":"    policies of other OpenStack services, a project admin may still have"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"5faad753_e3d321d4","line":22,"range":{"start_line":22,"start_character":21,"end_line":22,"end_character":43},"updated":"2019-09-12 19:36:29.000000000","message":"\"makes it safe\"","commit_id":"647655ee4566bb554dce73314007af497ed1c6b1"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"2c5f1600cd8c543fe9f649100f8b110e9cc78e73","unresolved":false,"context_lines":[{"line_number":19,"context_line":"    ``[oslo_policy]/enforce_scope`` to ``true`` in `keystone.conf`, which, with"},{"line_number":20,"context_line":"    the default policies, will allow keystone to distinguish between"},{"line_number":21,"context_line":"    project-specific requests and requests that operate on an entire"},{"line_number":22,"context_line":"    deployment. This makes it making it safe to grant admin access to a"},{"line_number":23,"context_line":"    specific keystone project without giving admin access to all of keystone\u0027s"},{"line_number":24,"context_line":"    APIs, but please be aware that depending on the default and overridden"},{"line_number":25,"context_line":"    policies of other OpenStack services, a project admin may still have"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"5faad753_03f2fd70","line":22,"range":{"start_line":22,"start_character":30,"end_line":22,"end_character":39},"updated":"2019-09-12 19:36:55.000000000","message":"remove?","commit_id":"647655ee4566bb554dce73314007af497ed1c6b1"},{"author":{"_account_id":2903,"name":"Morgan Fainberg","email":"morgan.fainberg@gmail.com","username":"mdrnstm"},"change_message_id":"cb41849d85d170ef5ad1cdab0f42195047600213","unresolved":false,"context_lines":[{"line_number":32,"context_line":"    OpenStack API requests for which an application credential is permitted to"},{"line_number":33,"context_line":"    be used. This level of access control is supplemental to traditional"},{"line_number":34,"context_line":"    role-based access control managed through policy rules.\""},{"line_number":35,"context_line":"  - \"Keystone roles and projects may now be made immutable, so that certain"},{"line_number":36,"context_line":"    important resources like the default roles or service projects cannot be"},{"line_number":37,"context_line":"    accidentally modified or deleted. This is done through resource options on"},{"line_number":38,"context_line":"    roles and projects. The ``keystone-manage bootstrap`` command now allows"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"5faad753_437d547d","line":35,"range":{"start_line":35,"start_character":24,"end_line":35,"end_character":32},"updated":"2019-09-12 19:51:42.000000000","message":"including domains","commit_id":"d9edda5276b5b128a975f9f28ca3729592a20e06"},{"author":{"_account_id":2903,"name":"Morgan Fainberg","email":"morgan.fainberg@gmail.com","username":"mdrnstm"},"change_message_id":"cb41849d85d170ef5ad1cdab0f42195047600213","unresolved":false,"context_lines":[{"line_number":37,"context_line":"    accidentally modified or deleted. This is done through resource options on"},{"line_number":38,"context_line":"    roles and projects. The ``keystone-manage bootstrap`` command now allows"},{"line_number":39,"context_line":"    the deployer to opt into creating the default roles as immutable at"},{"line_number":40,"context_line":"    deployment time, which will become the default behavior in the future.\""}],"source_content_type":"text/x-yaml","patch_set":2,"id":"5faad753_a36be8b4","line":40,"range":{"start_line":40,"start_character":74,"end_line":40,"end_character":75},"updated":"2019-09-12 19:51:42.000000000","message":"Roles, projects, and domains can be made immutable via update for those resources existing prior to running keystone-manage-bootstrap","commit_id":"d9edda5276b5b128a975f9f28ca3729592a20e06"}]}