)]}'
{"skyline_apiserver/api/v1/extension.py":[{"author":{"_account_id":6282,"name":"Wu Wenxiang","email":"wu.wenxiang@algoblu.com","username":"wu-wenxiang"},"change_message_id":"775493b45dbb149d0326fb107f9cfffbbfabe0e4","unresolved":true,"context_lines":[{"line_number":1026,"context_line":"    return schemas.PortsResponse(ports\u003dresult)"},{"line_number":1027,"context_line":""},{"line_number":1028,"context_line":""},{"line_number":1029,"context_line":"@router.get("},{"line_number":1030,"context_line":"    \"/extension/compute-services\","},{"line_number":1031,"context_line":"    description\u003d\"List compute services\","},{"line_number":1032,"context_line":"    responses\u003d{"}],"source_content_type":"text/x-python","patch_set":4,"id":"dc28a80d_2cb877d9","line":1029,"range":{"start_line":1029,"start_character":0,"end_line":1029,"end_character":12},"updated":"2026-01-28 00:56:29.000000000","message":"This is a get API, why we remove system_reader permission?","commit_id":"7f66be856f2d9c89d85ef2b94f310db2a42198c0"},{"author":{"_account_id":38294,"name":"Reet Srivastava","display_name":"Reet Srivastava","email":"reet.srivastava@rackspace.com","username":"reetsrivastava"},"change_message_id":"47e6e3a6a82f8f86850680c700eec1cbd2723730","unresolved":false,"context_lines":[{"line_number":1026,"context_line":"    return schemas.PortsResponse(ports\u003dresult)"},{"line_number":1027,"context_line":""},{"line_number":1028,"context_line":""},{"line_number":1029,"context_line":"@router.get("},{"line_number":1030,"context_line":"    \"/extension/compute-services\","},{"line_number":1031,"context_line":"    description\u003d\"List compute services\","},{"line_number":1032,"context_line":"    responses\u003d{"}],"source_content_type":"text/x-python","patch_set":4,"id":"ac0c7050_23646b64","line":1029,"range":{"start_line":1029,"start_character":0,"end_line":1029,"end_character":12},"in_reply_to":"5e8ce25e_0308e837","updated":"2026-02-01 15:55:23.000000000","message":"I don\u0027t think there will be any confusion for the users. But in terms of Security, a review was made by our engineers, and it was found that if someone hits this \u003cskyline\u003e/api/openstack/skyline/api/v1/extension/compute-services api directly, they are able to get the list in a json format. Not sure if this comes as a valid concern from an open-source point of view.","commit_id":"7f66be856f2d9c89d85ef2b94f310db2a42198c0"},{"author":{"_account_id":28706,"name":"Boxiang Zhu","email":"bxzhu_5355@163.com","username":"ZhuBoxiang"},"change_message_id":"e4d2aef441321c4cda5d341023e355feb7952806","unresolved":false,"context_lines":[{"line_number":1026,"context_line":"    return schemas.PortsResponse(ports\u003dresult)"},{"line_number":1027,"context_line":""},{"line_number":1028,"context_line":""},{"line_number":1029,"context_line":"@router.get("},{"line_number":1030,"context_line":"    \"/extension/compute-services\","},{"line_number":1031,"context_line":"    description\u003d\"List compute services\","},{"line_number":1032,"context_line":"    responses\u003d{"}],"source_content_type":"text/x-python","patch_set":4,"id":"c03533af_39840d31","line":1029,"range":{"start_line":1029,"start_character":0,"end_line":1029,"end_character":12},"in_reply_to":"ac0c7050_23646b64","updated":"2026-02-07 03:00:45.000000000","message":"The reader here is system_reader_roles not normal reader. It is defined in CONF.openstack.system_reader_roles. So even someone hits the API \u003cskyline\u003e/api/openstack/skyline/api/v1/extension/compute-services, if he has no system_reader_roles, he can not get the result.","commit_id":"7f66be856f2d9c89d85ef2b94f310db2a42198c0"},{"author":{"_account_id":6282,"name":"Wu Wenxiang","email":"wu.wenxiang@algoblu.com","username":"wu-wenxiang"},"change_message_id":"f22f33525c3fa94bd62247ab9104839a9a724456","unresolved":false,"context_lines":[{"line_number":1026,"context_line":"    return schemas.PortsResponse(ports\u003dresult)"},{"line_number":1027,"context_line":""},{"line_number":1028,"context_line":""},{"line_number":1029,"context_line":"@router.get("},{"line_number":1030,"context_line":"    \"/extension/compute-services\","},{"line_number":1031,"context_line":"    description\u003d\"List compute services\","},{"line_number":1032,"context_line":"    responses\u003d{"}],"source_content_type":"text/x-python","patch_set":4,"id":"5e8ce25e_0308e837","line":1029,"range":{"start_line":1029,"start_character":0,"end_line":1029,"end_character":12},"in_reply_to":"c47656ef_4b989356","updated":"2026-01-30 10:01:33.000000000","message":"Members should not have access to this information, yet system readers ought to be permitted to do so. This might stem from the fact that the community edition code does not carefully differentiate between tenant (domain/project) members and system readers by default. I would like to understand what confusion this will cause to users if no modifications are made? Does a genuine security vulnerability exist where project member tenants can access hypervisor information?","commit_id":"7f66be856f2d9c89d85ef2b94f310db2a42198c0"},{"author":{"_account_id":38294,"name":"Reet Srivastava","display_name":"Reet Srivastava","email":"reet.srivastava@rackspace.com","username":"reetsrivastava"},"change_message_id":"9f3b761d9315b245e74bd9c5dad15a2a867ba7c7","unresolved":true,"context_lines":[{"line_number":1026,"context_line":"    return schemas.PortsResponse(ports\u003dresult)"},{"line_number":1027,"context_line":""},{"line_number":1028,"context_line":""},{"line_number":1029,"context_line":"@router.get("},{"line_number":1030,"context_line":"    \"/extension/compute-services\","},{"line_number":1031,"context_line":"    description\u003d\"List compute services\","},{"line_number":1032,"context_line":"    responses\u003d{"}],"source_content_type":"text/x-python","patch_set":4,"id":"c47656ef_4b989356","line":1029,"range":{"start_line":1029,"start_character":0,"end_line":1029,"end_character":12},"in_reply_to":"dc28a80d_2cb877d9","updated":"2026-01-28 05:16:46.000000000","message":"Even though this is a get API, Users with member only role should not be able to obtain hypervisor information similar to nova service-list.\nIn general, this information is hidden behind administrator console in Skyline UI, and also in CLI, it disallows this request for users without admin role","commit_id":"7f66be856f2d9c89d85ef2b94f310db2a42198c0"}]}