)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"624455780bc3ea610d59d2b8fc0f9c66843a62ae","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"bedafda2_33dab280","updated":"2023-05-10 15:53:56.000000000","message":"Just a couple other nits I noticed while re-reading this","commit_id":"d2f2c470e031c3f10f8b331b80274de98d67d020"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"97bde8b0a31c9d6b20d4c09561a29d6b4886f44a","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"c90b4d32_ec5ac886","updated":"2023-05-10 16:29:06.000000000","message":"The linter doesn\u0027t like the long lines in the policy example.","commit_id":"6daf7351551fdf09e118b37a09bc52185cb57429"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"f09e140d4ae01095a34ea48d90f500e98d00c678","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"5ff1ebd0_eb83727b","updated":"2023-05-10 16:40:40.000000000","message":"Missed that comment from brian because I didn\u0027t refresh...","commit_id":"01670e022bd5a02d18c442c394fdc6c5e83f594a"}],"security-notes/OSSN-0092":[{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"624455780bc3ea610d59d2b8fc0f9c66843a62ae","unresolved":true,"context_lines":[{"line_number":40,"context_line":"full change described in the previous section."},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"Steps for Mitigation:"},{"line_number":43,"context_line":"A. Ensure the user used by Nova (and Glance, if applicable) have"},{"line_number":44,"context_line":"the service role"},{"line_number":45,"context_line":"      * In Nova, this is the user configured in the [service_user]"},{"line_number":46,"context_line":"        section of nova.conf"}],"source_content_type":"application/octet-stream","patch_set":1,"id":"38cab535_946c35db","line":43,"updated":"2023-05-10 15:53:56.000000000","message":"\"users\"","commit_id":"d2f2c470e031c3f10f8b331b80274de98d67d020"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"4f822ea567ac337a8e6b0158eb37c1a045b63b87","unresolved":false,"context_lines":[{"line_number":40,"context_line":"full change described in the previous section."},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"Steps for Mitigation:"},{"line_number":43,"context_line":"A. Ensure the user used by Nova (and Glance, if applicable) have"},{"line_number":44,"context_line":"the service role"},{"line_number":45,"context_line":"      * In Nova, this is the user configured in the [service_user]"},{"line_number":46,"context_line":"        section of nova.conf"}],"source_content_type":"application/octet-stream","patch_set":1,"id":"4d1da1fd_4ce6d741","line":43,"in_reply_to":"38cab535_946c35db","updated":"2023-05-10 16:22:25.000000000","message":"Done","commit_id":"d2f2c470e031c3f10f8b331b80274de98d67d020"},{"author":{"_account_id":5263,"name":"Jeremy Stanley","display_name":"fungi","email":"fungi@yuggoth.org","username":"fungi","status":"missing, presumed fed"},"change_message_id":"448630bf1e54c5d7fe8b221aaf988a39c70794c4","unresolved":false,"context_lines":[{"line_number":40,"context_line":"full change described in the previous section."},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"Steps for Mitigation:"},{"line_number":43,"context_line":"A. Ensure the user used by Nova (and Glance, if applicable) have"},{"line_number":44,"context_line":"the service role"},{"line_number":45,"context_line":"      * In Nova, this is the user configured in the [service_user]"},{"line_number":46,"context_line":"        section of nova.conf"}],"source_content_type":"application/octet-stream","patch_set":1,"id":"fd830be2_2160361c","line":43,"in_reply_to":"38cab535_946c35db","updated":"2023-05-10 16:57:48.000000000","message":"Done","commit_id":"d2f2c470e031c3f10f8b331b80274de98d67d020"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"7fb0607f5ab863f054562c3efb4471883fe6dc07","unresolved":true,"context_lines":[{"line_number":60,"context_line":""},{"line_number":61,"context_line":"C. Configure the cinder policies as per"},{"line_number":62,"context_line":"https://docs.openstack.org/cinder/latest/configuration/block-storage/policy-config-HOWTO.html"},{"line_number":63,"context_line":"to have the following: "},{"line_number":64,"context_line":""},{"line_number":65,"context_line":"    \"is_service\": \"role:service or service_user_id:\u003cnova_service_uuid\u003e\""},{"line_number":66,"context_line":"    \"volume:attachment_delete\": \"rule:xena_system_admin_or_project_member and rule:is_service\""}],"source_content_type":"application/octet-stream","patch_set":1,"id":"9c088ecd_85389407","line":63,"updated":"2023-05-10 15:44:51.000000000","message":"Trailing whitespace, in case you didn\u0027t see it.","commit_id":"d2f2c470e031c3f10f8b331b80274de98d67d020"},{"author":{"_account_id":5263,"name":"Jeremy Stanley","display_name":"fungi","email":"fungi@yuggoth.org","username":"fungi","status":"missing, presumed fed"},"change_message_id":"448630bf1e54c5d7fe8b221aaf988a39c70794c4","unresolved":false,"context_lines":[{"line_number":60,"context_line":""},{"line_number":61,"context_line":"C. Configure the cinder policies as per"},{"line_number":62,"context_line":"https://docs.openstack.org/cinder/latest/configuration/block-storage/policy-config-HOWTO.html"},{"line_number":63,"context_line":"to have the following: "},{"line_number":64,"context_line":""},{"line_number":65,"context_line":"    \"is_service\": \"role:service or service_user_id:\u003cnova_service_uuid\u003e\""},{"line_number":66,"context_line":"    \"volume:attachment_delete\": \"rule:xena_system_admin_or_project_member and rule:is_service\""}],"source_content_type":"application/octet-stream","patch_set":1,"id":"5ea724a6_5bed8a21","line":63,"in_reply_to":"9c088ecd_85389407","updated":"2023-05-10 16:57:48.000000000","message":"Done","commit_id":"d2f2c470e031c3f10f8b331b80274de98d67d020"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"4f822ea567ac337a8e6b0158eb37c1a045b63b87","unresolved":false,"context_lines":[{"line_number":60,"context_line":""},{"line_number":61,"context_line":"C. Configure the cinder policies as per"},{"line_number":62,"context_line":"https://docs.openstack.org/cinder/latest/configuration/block-storage/policy-config-HOWTO.html"},{"line_number":63,"context_line":"to have the following: "},{"line_number":64,"context_line":""},{"line_number":65,"context_line":"    \"is_service\": \"role:service or service_user_id:\u003cnova_service_uuid\u003e\""},{"line_number":66,"context_line":"    \"volume:attachment_delete\": \"rule:xena_system_admin_or_project_member and rule:is_service\""}],"source_content_type":"application/octet-stream","patch_set":1,"id":"c104a11b_f43555cf","line":63,"in_reply_to":"9c088ecd_85389407","updated":"2023-05-10 16:22:25.000000000","message":"Done","commit_id":"d2f2c470e031c3f10f8b331b80274de98d67d020"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"624455780bc3ea610d59d2b8fc0f9c66843a62ae","unresolved":true,"context_lines":[{"line_number":69,"context_line":"    \"volume_extension:volume_admin_actions:force_detach\": \"!\""},{"line_number":70,"context_line":""},{"line_number":71,"context_line":"    Notes:"},{"line_number":72,"context_line":"          - Operator should replace \"\u003cnova_service_uuid\u003e\" with the"},{"line_number":73,"context_line":"            actual UUID of the user configured in the [service_user]"},{"line_number":74,"context_line":"            section of nova.conf"},{"line_number":75,"context_line":"          - If the role name in Keystone to identify a service is"}],"source_content_type":"application/octet-stream","patch_set":1,"id":"a679e541_738202f7","line":72,"updated":"2023-05-10 15:53:56.000000000","message":"Maybe \"The operator\"","commit_id":"d2f2c470e031c3f10f8b331b80274de98d67d020"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"4f822ea567ac337a8e6b0158eb37c1a045b63b87","unresolved":false,"context_lines":[{"line_number":69,"context_line":"    \"volume_extension:volume_admin_actions:force_detach\": \"!\""},{"line_number":70,"context_line":""},{"line_number":71,"context_line":"    Notes:"},{"line_number":72,"context_line":"          - Operator should replace \"\u003cnova_service_uuid\u003e\" with the"},{"line_number":73,"context_line":"            actual UUID of the user configured in the [service_user]"},{"line_number":74,"context_line":"            section of nova.conf"},{"line_number":75,"context_line":"          - If the role name in Keystone to identify a service is"}],"source_content_type":"application/octet-stream","patch_set":1,"id":"57836fb2_10bc9037","line":72,"in_reply_to":"a679e541_738202f7","updated":"2023-05-10 16:22:25.000000000","message":"Done","commit_id":"d2f2c470e031c3f10f8b331b80274de98d67d020"},{"author":{"_account_id":5263,"name":"Jeremy Stanley","display_name":"fungi","email":"fungi@yuggoth.org","username":"fungi","status":"missing, presumed fed"},"change_message_id":"448630bf1e54c5d7fe8b221aaf988a39c70794c4","unresolved":false,"context_lines":[{"line_number":69,"context_line":"    \"volume_extension:volume_admin_actions:force_detach\": \"!\""},{"line_number":70,"context_line":""},{"line_number":71,"context_line":"    Notes:"},{"line_number":72,"context_line":"          - Operator should replace \"\u003cnova_service_uuid\u003e\" with the"},{"line_number":73,"context_line":"            actual UUID of the user configured in the [service_user]"},{"line_number":74,"context_line":"            section of nova.conf"},{"line_number":75,"context_line":"          - If the role name in Keystone to identify a service is"}],"source_content_type":"application/octet-stream","patch_set":1,"id":"b45500d4_e0e39245","line":72,"in_reply_to":"a679e541_738202f7","updated":"2023-05-10 16:57:48.000000000","message":"Done","commit_id":"d2f2c470e031c3f10f8b331b80274de98d67d020"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"7b9ea513544d3553bbd962f0537effdecfa0e7e7","unresolved":true,"context_lines":[{"line_number":56,"context_line":"        Cinder; instead, the mitigation-by-policy strategy described"},{"line_number":57,"context_line":"        below relies upon the user configured in glance in the"},{"line_number":58,"context_line":"        [cinder]/cinder_store_user_name option in glance.conf having"},{"line_number":59,"context_line":"        been granted the service role in KeystoneI"},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"C. Configure the cinder policies as per"},{"line_number":62,"context_line":"https://docs.openstack.org/cinder/latest/configuration/block-storage/policy-config-HOWTO.html"}],"source_content_type":"application/octet-stream","patch_set":2,"id":"57230f4c_8763f0b6","line":59,"range":{"start_line":59,"start_character":49,"end_line":59,"end_character":50},"updated":"2023-05-10 16:26:27.000000000","message":"nit: extraneous I","commit_id":"6daf7351551fdf09e118b37a09bc52185cb57429"},{"author":{"_account_id":5263,"name":"Jeremy Stanley","display_name":"fungi","email":"fungi@yuggoth.org","username":"fungi","status":"missing, presumed fed"},"change_message_id":"448630bf1e54c5d7fe8b221aaf988a39c70794c4","unresolved":false,"context_lines":[{"line_number":56,"context_line":"        Cinder; instead, the mitigation-by-policy strategy described"},{"line_number":57,"context_line":"        below relies upon the user configured in glance in the"},{"line_number":58,"context_line":"        [cinder]/cinder_store_user_name option in glance.conf having"},{"line_number":59,"context_line":"        been granted the service role in KeystoneI"},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"C. Configure the cinder policies as per"},{"line_number":62,"context_line":"https://docs.openstack.org/cinder/latest/configuration/block-storage/policy-config-HOWTO.html"}],"source_content_type":"application/octet-stream","patch_set":2,"id":"a5c0e08d_f9a5dc76","line":59,"range":{"start_line":59,"start_character":49,"end_line":59,"end_character":50},"in_reply_to":"57230f4c_8763f0b6","updated":"2023-05-10 16:57:48.000000000","message":"Done","commit_id":"6daf7351551fdf09e118b37a09bc52185cb57429"}]}