)]}'
{"deckhand/barbican/driver.py":[{"author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"change_message_id":"a28447519a184fd45e195f0bab616955b16f0303","unresolved":false,"context_lines":[{"line_number":96,"context_line":"        # enforced from Barbican\u0027s Python client. Some pre-processing and"},{"line_number":97,"context_line":"        # transformation is needed to make Barbican work with non-compatible"},{"line_number":98,"context_line":"        # formats."},{"line_number":99,"context_line":"        if not payload and payload is not False:"},{"line_number":100,"context_line":"            # There is no point in even bothering to encrypt an empty"},{"line_number":101,"context_line":"            # body, which just leads to needless overhead, so return"},{"line_number":102,"context_line":"            # early."}],"source_content_type":"text/x-python","patch_set":1,"id":"3fa7e38b_f8cfeb50","line":99,"range":{"start_line":99,"start_character":8,"end_line":99,"end_character":47},"updated":"2019-12-13 03:17:44.000000000","message":"It\u0027s a bit contrived, but if payload \u003d 0 (as a number, not a string), this evaluates to True. I\u0027m not entirely sure how we can end up with a non-string here anyway.","commit_id":"d235155b8e3844effe85db2bdb50cb52728df05e"},{"author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"change_message_id":"48b385ddb4534b08041bd08478260b4f37c3f88c","unresolved":false,"context_lines":[{"line_number":96,"context_line":"        # enforced from Barbican\u0027s Python client. Some pre-processing and"},{"line_number":97,"context_line":"        # transformation is needed to make Barbican work with non-compatible"},{"line_number":98,"context_line":"        # formats."},{"line_number":99,"context_line":"        if not payload and payload is not False:"},{"line_number":100,"context_line":"            # There is no point in even bothering to encrypt an empty"},{"line_number":101,"context_line":"            # body, which just leads to needless overhead, so return"},{"line_number":102,"context_line":"            # early."}],"source_content_type":"text/x-python","patch_set":1,"id":"3fa7e38b_8471a648","line":99,"range":{"start_line":99,"start_character":8,"end_line":99,"end_character":47},"in_reply_to":"3fa7e38b_9964b622","updated":"2019-12-13 20:23:24.000000000","message":"Actually I think the payload in this case is going to be the .data section of the deckhand document, which should be a string (?)","commit_id":"d235155b8e3844effe85db2bdb50cb52728df05e"},{"author":{"_account_id":28718,"name":"Doug Aaser","email":"douglas.aaser@att.com","username":"daaser"},"change_message_id":"95870363271044c3b7096dbb281eab77abda2900","unresolved":false,"context_lines":[{"line_number":96,"context_line":"        # enforced from Barbican\u0027s Python client. Some pre-processing and"},{"line_number":97,"context_line":"        # transformation is needed to make Barbican work with non-compatible"},{"line_number":98,"context_line":"        # formats."},{"line_number":99,"context_line":"        if not payload and payload is not False:"},{"line_number":100,"context_line":"            # There is no point in even bothering to encrypt an empty"},{"line_number":101,"context_line":"            # body, which just leads to needless overhead, so return"},{"line_number":102,"context_line":"            # early."}],"source_content_type":"text/x-python","patch_set":1,"id":"3fa7e38b_9964b622","line":99,"range":{"start_line":99,"start_character":8,"end_line":99,"end_character":47},"in_reply_to":"3fa7e38b_f8cfeb50","updated":"2019-12-13 13:23:06.000000000","message":"This logic isn\u0027t checking for non-strings. It\u0027s checking for an empty dictionary. We could add a third condition to this to make sure that the type of the payload is a dictionary.","commit_id":"d235155b8e3844effe85db2bdb50cb52728df05e"},{"author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"change_message_id":"a28447519a184fd45e195f0bab616955b16f0303","unresolved":false,"context_lines":[{"line_number":104,"context_line":"                     \u0027Deckhand will not encrypt document [%s, %s] %s.\u0027,"},{"line_number":105,"context_line":"                     secret_doc.schema, secret_doc.layer, secret_doc.name)"},{"line_number":106,"context_line":"            secret_doc.storage_policy \u003d types.CLEARTEXT"},{"line_number":107,"context_line":""},{"line_number":108,"context_line":"        LOG.debug(\u0027Forcibly base64-encoding payload of type %s \u0027"},{"line_number":109,"context_line":"                  \u0027for document [%s, %s] %s.\u0027, secret_type,"},{"line_number":110,"context_line":"                  secret_doc.schema, secret_doc.layer, secret_doc.name)"}],"source_content_type":"text/x-python","patch_set":1,"id":"3fa7e38b_78e45bdf","line":107,"updated":"2019-12-13 03:17:44.000000000","message":"Originally we were returning early on empty payloads, because everything else was in the `elif` block .. we should probably preserve that somehow.","commit_id":"d235155b8e3844effe85db2bdb50cb52728df05e"},{"author":{"_account_id":28718,"name":"Doug Aaser","email":"douglas.aaser@att.com","username":"daaser"},"change_message_id":"95870363271044c3b7096dbb281eab77abda2900","unresolved":false,"context_lines":[{"line_number":104,"context_line":"                     \u0027Deckhand will not encrypt document [%s, %s] %s.\u0027,"},{"line_number":105,"context_line":"                     secret_doc.schema, secret_doc.layer, secret_doc.name)"},{"line_number":106,"context_line":"            secret_doc.storage_policy \u003d types.CLEARTEXT"},{"line_number":107,"context_line":""},{"line_number":108,"context_line":"        LOG.debug(\u0027Forcibly base64-encoding payload of type %s \u0027"},{"line_number":109,"context_line":"                  \u0027for document [%s, %s] %s.\u0027, secret_type,"},{"line_number":110,"context_line":"                  secret_doc.schema, secret_doc.layer, secret_doc.name)"}],"source_content_type":"text/x-python","patch_set":1,"id":"3fa7e38b_3954a2c5","line":107,"in_reply_to":"3fa7e38b_78e45bdf","updated":"2019-12-13 13:23:06.000000000","message":"Yeah, I saw that in the coverage tests and it will be changed in the next PS.","commit_id":"d235155b8e3844effe85db2bdb50cb52728df05e"},{"author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"change_message_id":"a28447519a184fd45e195f0bab616955b16f0303","unresolved":false,"context_lines":[{"line_number":105,"context_line":"                     secret_doc.schema, secret_doc.layer, secret_doc.name)"},{"line_number":106,"context_line":"            secret_doc.storage_policy \u003d types.CLEARTEXT"},{"line_number":107,"context_line":""},{"line_number":108,"context_line":"        LOG.debug(\u0027Forcibly base64-encoding payload of type %s \u0027"},{"line_number":109,"context_line":"                  \u0027for document [%s, %s] %s.\u0027, secret_type,"},{"line_number":110,"context_line":"                  secret_doc.schema, secret_doc.layer, secret_doc.name)"},{"line_number":111,"context_line":""},{"line_number":112,"context_line":"        # NOTE(douglasaaser): base64-encoding the payload is"},{"line_number":113,"context_line":"        # done for serialization purposes, not for security purposes."}],"source_content_type":"text/x-python","patch_set":1,"id":"3fa7e38b_582f1ff4","line":110,"range":{"start_line":108,"start_character":0,"end_line":110,"end_character":71},"updated":"2019-12-13 03:17:44.000000000","message":"Move this closer to when we are actually doing the encoding so the sequence of log messages is accurate.","commit_id":"d235155b8e3844effe85db2bdb50cb52728df05e"},{"author":{"_account_id":28718,"name":"Doug Aaser","email":"douglas.aaser@att.com","username":"daaser"},"change_message_id":"95870363271044c3b7096dbb281eab77abda2900","unresolved":false,"context_lines":[{"line_number":105,"context_line":"                     secret_doc.schema, secret_doc.layer, secret_doc.name)"},{"line_number":106,"context_line":"            secret_doc.storage_policy \u003d types.CLEARTEXT"},{"line_number":107,"context_line":""},{"line_number":108,"context_line":"        LOG.debug(\u0027Forcibly base64-encoding payload of type %s \u0027"},{"line_number":109,"context_line":"                  \u0027for document [%s, %s] %s.\u0027, secret_type,"},{"line_number":110,"context_line":"                  secret_doc.schema, secret_doc.layer, secret_doc.name)"},{"line_number":111,"context_line":""},{"line_number":112,"context_line":"        # NOTE(douglasaaser): base64-encoding the payload is"},{"line_number":113,"context_line":"        # done for serialization purposes, not for security purposes."}],"source_content_type":"text/x-python","patch_set":1,"id":"3fa7e38b_d9e54e08","line":110,"range":{"start_line":108,"start_character":0,"end_line":110,"end_character":71},"in_reply_to":"3fa7e38b_582f1ff4","updated":"2019-12-13 13:23:06.000000000","message":"Will do","commit_id":"d235155b8e3844effe85db2bdb50cb52728df05e"},{"author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"change_message_id":"a28447519a184fd45e195f0bab616955b16f0303","unresolved":false,"context_lines":[{"line_number":145,"context_line":"            return payload"},{"line_number":146,"context_line":""},{"line_number":147,"context_line":"        # Store secret_ref in database for `secret_doc`."},{"line_number":148,"context_line":"        secret_args \u003d {"},{"line_number":149,"context_line":"            \u0027name\u0027: secret_doc[\u0027metadata\u0027][\u0027name\u0027],"},{"line_number":150,"context_line":"            \u0027secret_type\u0027: secret_type,"},{"line_number":151,"context_line":"            \u0027payload\u0027: payload"},{"line_number":152,"context_line":"        }"},{"line_number":153,"context_line":""},{"line_number":154,"context_line":"        LOG.info(\u0027Storing encrypted data in Barbican for document [{}, {}]\u0027"},{"line_number":155,"context_line":"                 .format(secret_doc.schema, secret_doc.name))"}],"source_content_type":"text/x-python","patch_set":1,"id":"3fa7e38b_780bfb7a","line":152,"range":{"start_line":148,"start_character":0,"end_line":152,"end_character":9},"updated":"2019-12-13 03:17:44.000000000","message":"Wondering if we should be explicit and set these:\n\n    \"payload_content_type\": \"application/octet-stream\",\n    \"payload_content_encoding\": \"base64\",\n\nThe docs and API behavior are not very clear.","commit_id":"d235155b8e3844effe85db2bdb50cb52728df05e"},{"author":{"_account_id":28718,"name":"Doug Aaser","email":"douglas.aaser@att.com","username":"daaser"},"change_message_id":"95870363271044c3b7096dbb281eab77abda2900","unresolved":false,"context_lines":[{"line_number":145,"context_line":"            return payload"},{"line_number":146,"context_line":""},{"line_number":147,"context_line":"        # Store secret_ref in database for `secret_doc`."},{"line_number":148,"context_line":"        secret_args \u003d {"},{"line_number":149,"context_line":"            \u0027name\u0027: secret_doc[\u0027metadata\u0027][\u0027name\u0027],"},{"line_number":150,"context_line":"            \u0027secret_type\u0027: secret_type,"},{"line_number":151,"context_line":"            \u0027payload\u0027: payload"},{"line_number":152,"context_line":"        }"},{"line_number":153,"context_line":""},{"line_number":154,"context_line":"        LOG.info(\u0027Storing encrypted data in Barbican for document [{}, {}]\u0027"},{"line_number":155,"context_line":"                 .format(secret_doc.schema, secret_doc.name))"}],"source_content_type":"text/x-python","patch_set":1,"id":"3fa7e38b_b9989275","line":152,"range":{"start_line":148,"start_character":0,"end_line":152,"end_character":9},"in_reply_to":"3fa7e38b_780bfb7a","updated":"2019-12-13 13:23:06.000000000","message":"The docs say not to set those. It will set them automatically based on the secret_type I believe: https://docs.openstack.org/python-barbicanclient/latest/reference/index.html#secrets","commit_id":"d235155b8e3844effe85db2bdb50cb52728df05e"},{"author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"change_message_id":"48b385ddb4534b08041bd08478260b4f37c3f88c","unresolved":false,"context_lines":[{"line_number":145,"context_line":"            return payload"},{"line_number":146,"context_line":""},{"line_number":147,"context_line":"        # Store secret_ref in database for `secret_doc`."},{"line_number":148,"context_line":"        secret_args \u003d {"},{"line_number":149,"context_line":"            \u0027name\u0027: secret_doc[\u0027metadata\u0027][\u0027name\u0027],"},{"line_number":150,"context_line":"            \u0027secret_type\u0027: secret_type,"},{"line_number":151,"context_line":"            \u0027payload\u0027: payload"},{"line_number":152,"context_line":"        }"},{"line_number":153,"context_line":""},{"line_number":154,"context_line":"        LOG.info(\u0027Storing encrypted data in Barbican for document [{}, {}]\u0027"},{"line_number":155,"context_line":"                 .format(secret_doc.schema, secret_doc.name))"}],"source_content_type":"text/x-python","patch_set":1,"id":"3fa7e38b_a4a3829b","line":152,"range":{"start_line":148,"start_character":0,"end_line":152,"end_character":9},"in_reply_to":"3fa7e38b_b9989275","updated":"2019-12-13 20:23:24.000000000","message":"Not 100% sure I trust the \"automatic\" logic, but we can leave alone for now.","commit_id":"d235155b8e3844effe85db2bdb50cb52728df05e"}]}