)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":7118,"name":"Ian Wienand","email":"iwienand@redhat.com","username":"iwienand"},"change_message_id":"568844da1f04d7520077066a14bfcea40c2d8100","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"2cd8d158_bcee0ae0","updated":"2022-10-06 00:17:05.000000000","message":"This looks logical.  My thinking for review was\n\n* all docs and examples updated - yes\n* no old references - no, i grepped on admin-rule and all were updated ...\n* except for one to test backwards compat -- which is done","commit_id":"1919045e2678d221757a7b4b19c2c1d8a66d3498"},{"author":{"_account_id":7118,"name":"Ian Wienand","email":"iwienand@redhat.com","username":"iwienand"},"change_message_id":"977e0ec0aed732e7ae726ba50ea46f4f153ee844","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"1b4275af_8275cb89","updated":"2022-10-06 00:01:10.000000000","message":"recheck","commit_id":"1919045e2678d221757a7b4b19c2c1d8a66d3498"},{"author":{"_account_id":27952,"name":"Felix Edel","email":"felix.edel@bmw.de","username":"felix.schmidt"},"change_message_id":"87597caa2e29b5cc145ab93fda1c451662512370","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":4,"id":"1ffe8981_199715ac","updated":"2022-10-11 13:57:36.000000000","message":"If I understood everything correctly, I\u0027m fine with this. I\u0027m just thinking if it would make sense to also use \"authorization_rules\" within the Python code rather than \"authz_rules\". I often find the written-out form (is it called like that?) more speakable than the abbreviation. This is only my opinion, so no blocker.","commit_id":"3a0eaa1ffea1a32d4f11864485f2883194a99354"},{"author":{"_account_id":27952,"name":"Felix Edel","email":"felix.edel@bmw.de","username":"felix.schmidt"},"change_message_id":"6f92d2d99866b6a9bc29e98e52eaa723aedb2492","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"fe974c3e_1099f670","updated":"2022-10-12 07:42:31.000000000","message":"Thanks for the explanation 😊","commit_id":"3a0eaa1ffea1a32d4f11864485f2883194a99354"},{"author":{"_account_id":1,"name":"James E. Blair","email":"jim@acmegating.com","username":"corvus"},"change_message_id":"1316c8a6f44e0f59de75401b67fb20537eeec333","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"37bb31f8_700ededb","in_reply_to":"1ffe8981_199715ac","updated":"2022-10-11 14:30:24.000000000","message":"I thought about this, but I think the advantages of compactness (we have an 80 char line limit!) and ease of typing in the code outweigh that.  We\u0027re going to be typing it *a lot* in later changes.\n\nI think most English speakers pronounce authz \"auth-zee\" and authn \"auth-en\" to make the distinction audible (assuming you don\u0027t just read it as the full word).","commit_id":"3a0eaa1ffea1a32d4f11864485f2883194a99354"}],"releasenotes/notes/authz-rule-55a6db54340f2e08.yaml":[{"author":{"_account_id":27952,"name":"Felix Edel","email":"felix.edel@bmw.de","username":"felix.schmidt"},"change_message_id":"87597caa2e29b5cc145ab93fda1c451662512370","unresolved":true,"context_lines":[{"line_number":13,"context_line":""},{"line_number":14,"context_line":"    .. code-block:: yaml"},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"       - authorization-rule:"},{"line_number":17,"context_line":"           name: example-rule"},{"line_number":18,"context_line":"       - tenant:"},{"line_number":19,"context_line":"           name: example-tenant"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"72def74b_7f5061b5","line":16,"updated":"2022-10-11 13:57:36.000000000","message":"Just for my understanding on the difference between admin-rule and authorization-rule:\nThe admin-rule in the tenant configuration was renamed to authorization-rule because it is used to validate that a user is authorized depending on whatever criteria are specified by this rule. The tenant attribute on the other hand is still called admin-rule because it really tells that the linked authorization-rule will enable admin access to the tenant. We did that split to allow further levels of authorization on for a tenant (let\u0027s call it something like a \"moderator\" or some kind of \"privileged user\" for a tenant). Did I understand that correctly?","commit_id":"3a0eaa1ffea1a32d4f11864485f2883194a99354"},{"author":{"_account_id":1,"name":"James E. Blair","email":"jim@acmegating.com","username":"corvus"},"change_message_id":"1316c8a6f44e0f59de75401b67fb20537eeec333","unresolved":false,"context_lines":[{"line_number":13,"context_line":""},{"line_number":14,"context_line":"    .. code-block:: yaml"},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"       - authorization-rule:"},{"line_number":17,"context_line":"           name: example-rule"},{"line_number":18,"context_line":"       - tenant:"},{"line_number":19,"context_line":"           name: example-tenant"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"90071cfc_1294e9fa","line":16,"in_reply_to":"72def74b_7f5061b5","updated":"2022-10-11 14:30:24.000000000","message":"Exactly (though in this case, the next level is going to be \"read access\" instead of \"moderator\", but this would support that case as well).","commit_id":"3a0eaa1ffea1a32d4f11864485f2883194a99354"}],"zuul/model.py":[{"author":{"_account_id":27952,"name":"Felix Edel","email":"felix.edel@bmw.de","username":"felix.schmidt"},"change_message_id":"87597caa2e29b5cc145ab93fda1c451662512370","unresolved":true,"context_lines":[{"line_number":7927,"context_line":"        # The per tenant default ansible version"},{"line_number":7928,"context_line":"        self.default_ansible_version \u003d None"},{"line_number":7929,"context_line":""},{"line_number":7930,"context_line":"        self.admin_rules \u003d []"},{"line_number":7931,"context_line":"        self.default_auth_realm \u003d None"},{"line_number":7932,"context_line":"        self.global_semaphores \u003d set()"},{"line_number":7933,"context_line":""}],"source_content_type":"text/x-python","patch_set":4,"id":"76f2c622_3ac4c2f6","line":7930,"updated":"2022-10-11 13:57:36.000000000","message":"In the Python code it looks like admin_rules and authorization_rules are just exchanged (so one becomes the other), but I assume this is more like a cleanup step to align on the new values.","commit_id":"3a0eaa1ffea1a32d4f11864485f2883194a99354"},{"author":{"_account_id":1,"name":"James E. Blair","email":"jim@acmegating.com","username":"corvus"},"change_message_id":"1316c8a6f44e0f59de75401b67fb20537eeec333","unresolved":false,"context_lines":[{"line_number":7927,"context_line":"        # The per tenant default ansible version"},{"line_number":7928,"context_line":"        self.default_ansible_version \u003d None"},{"line_number":7929,"context_line":""},{"line_number":7930,"context_line":"        self.admin_rules \u003d []"},{"line_number":7931,"context_line":"        self.default_auth_realm \u003d None"},{"line_number":7932,"context_line":"        self.global_semaphores \u003d set()"},{"line_number":7933,"context_line":""}],"source_content_type":"text/x-python","patch_set":4,"id":"ab87d4ae_bbbbff5b","line":7930,"in_reply_to":"76f2c622_3ac4c2f6","updated":"2022-10-11 14:30:24.000000000","message":"Yes -- an authz rule is generic (it doesn\u0027t say what it authorizes, it\u0027s just the set of criteria).  But when it\u0027s applied to restrict access to administrative functions, it\u0027s an admin rule.\n\nThat distinction is now important since we will authorize to multiple things, and this change aligns them.","commit_id":"3a0eaa1ffea1a32d4f11864485f2883194a99354"}]}