)]}'
{"pegleg/engine/secrets.py":[{"author":{"_account_id":26449,"name":"Scott Hussey","email":"sthussey@att.com","username":"sh8121"},"change_message_id":"6b1cc2829a31541b8ce7eed2b0edbadc796f1b46","unresolved":false,"context_lines":[{"line_number":276,"context_line":"    :return: Either the global, or site level - passphrase and salt"},{"line_number":277,"context_line":"    \"\"\""},{"line_number":278,"context_line":""},{"line_number":279,"context_line":"    config.set_passphrase()"},{"line_number":280,"context_line":"    config.set_salt()"},{"line_number":281,"context_line":"    global_passphrase \u003d None"},{"line_number":282,"context_line":"    global_salt \u003d None"},{"line_number":283,"context_line":"    docs \u003d definition.documents_for_site(site_name)"},{"line_number":284,"context_line":""},{"line_number":285,"context_line":"    for doc in docs:"},{"line_number":286,"context_line":"        if doc[\u0027schema\u0027] \u003d\u003d \u0027pegleg/PeglegManagedDocument/v1\u0027:"},{"line_number":287,"context_line":"            try:"},{"line_number":288,"context_line":"                name \u003d doc[\u0027data\u0027][\u0027managedDocument\u0027][\u0027metadata\u0027][\u0027name\u0027]"},{"line_number":289,"context_line":"                schema \u003d doc[\u0027data\u0027][\u0027managedDocument\u0027][\u0027schema\u0027]"},{"line_number":290,"context_line":"                data \u003d doc[\u0027data\u0027][\u0027managedDocument\u0027][\u0027data\u0027]"},{"line_number":291,"context_line":"                if schema \u003d\u003d \u0027deckhand/Passphrase/v1\u0027:"},{"line_number":292,"context_line":"                    if name \u003d\u003d \u0027global_passphrase\u0027:"},{"line_number":293,"context_line":"                        global_passphrase \u003d encryption.decrypt("},{"line_number":294,"context_line":"                            data, config.get_passphrase(), config.get_salt())"},{"line_number":295,"context_line":"                    elif name \u003d\u003d \u0027global_salt\u0027:"},{"line_number":296,"context_line":"                        global_salt \u003d encryption.decrypt("},{"line_number":297,"context_line":"                            data, config.get_passphrase(), config.get_salt())"},{"line_number":298,"context_line":"            except KeyError:"},{"line_number":299,"context_line":"                continue"},{"line_number":300,"context_line":"        else:"},{"line_number":301,"context_line":"            try:"},{"line_number":302,"context_line":"                name \u003d doc[\u0027metadata\u0027][\u0027name\u0027]"},{"line_number":303,"context_line":"                schema \u003d doc[\u0027schema\u0027]"},{"line_number":304,"context_line":"                data \u003d doc[\u0027data\u0027]"},{"line_number":305,"context_line":"                if name \u003d\u003d \u0027global_passphrase\u0027:"},{"line_number":306,"context_line":"                    global_passphrase \u003d data.encode()"},{"line_number":307,"context_line":"                elif name \u003d\u003d \u0027global_salt\u0027:"},{"line_number":308,"context_line":"                    global_salt \u003d data.encode()"},{"line_number":309,"context_line":"            except KeyError:"},{"line_number":310,"context_line":"                continue"},{"line_number":311,"context_line":"        # Break out of search if both passphrase and salt are found"},{"line_number":312,"context_line":"        if global_passphrase and global_salt:"},{"line_number":313,"context_line":"            return (global_passphrase, global_salt)"},{"line_number":314,"context_line":""},{"line_number":315,"context_line":"    # End of search, determine if we should use site keys or raise an error"},{"line_number":316,"context_line":"    if global_passphrase or global_salt:"},{"line_number":317,"context_line":"        raise exceptions.GlobalCredentialsNotFound()"},{"line_number":318,"context_line":"    else:"},{"line_number":319,"context_line":"        return (config.get_passphrase(), config.get_salt())"}],"source_content_type":"text/x-python","patch_set":25,"id":"3fa7e38b_6c581d30","line":319,"range":{"start_line":279,"start_character":0,"end_line":319,"end_character":59},"updated":"2019-09-30 18:28:50.000000000","message":"It may make sense to generacize this approach by allowing any number of document-layer -\u003e key/salt document names to be specified as options. \u0027global\u0027 shouldn\u0027t be magic in terms of a layer that allows encrypted docs while others do not.","commit_id":"f967cc230b96da2e28ab76257de914c95cc1b71c"}],"pegleg/engine/util/pegleg_managed_document.py":[{"author":{"_account_id":27715,"name":"Sean Eagan","email":"seaneagan@microsoft.com","username":"seaneagan"},"change_message_id":"f77619ca1ba0a8569efcf78e44c590f71e24736c","unresolved":false,"context_lines":[{"line_number":79,"context_line":"        layering_definition \u003d OrderedDict("},{"line_number":80,"context_line":"            ["},{"line_number":81,"context_line":"                (\u0027abstract\u0027, False),"},{"line_number":82,"context_line":"                # The current requirement only requires site layer."},{"line_number":83,"context_line":"                (\u0027layer\u0027, layer)"},{"line_number":84,"context_line":"            ])"},{"line_number":85,"context_line":"        metadata \u003d OrderedDict("}],"source_content_type":"text/x-python","patch_set":23,"id":"3fa7e38b_26c9e457","line":82,"range":{"start_line":82,"start_character":16,"end_line":82,"end_character":67},"updated":"2019-09-30 16:27:49.000000000","message":"is this comment still accurate?","commit_id":"9a68e5c2ca124c16e5323183510b72e74eb24d30"},{"author":{"_account_id":29624,"name":"Alexander Hughes","email":"Alexander.Hughes@pm.me","username":"alexanderhughes"},"change_message_id":"b39b3316e2f67372b565b7f772cacbd888d5c8c7","unresolved":false,"context_lines":[{"line_number":79,"context_line":"        layering_definition \u003d OrderedDict("},{"line_number":80,"context_line":"            ["},{"line_number":81,"context_line":"                (\u0027abstract\u0027, False),"},{"line_number":82,"context_line":"                # The current requirement only requires site layer."},{"line_number":83,"context_line":"                (\u0027layer\u0027, layer)"},{"line_number":84,"context_line":"            ])"},{"line_number":85,"context_line":"        metadata \u003d OrderedDict("}],"source_content_type":"text/x-python","patch_set":23,"id":"3fa7e38b_21e46e0c","line":82,"range":{"start_line":82,"start_character":16,"end_line":82,"end_character":67},"in_reply_to":"3fa7e38b_26c9e457","updated":"2019-09-30 17:12:07.000000000","message":"Done","commit_id":"9a68e5c2ca124c16e5323183510b72e74eb24d30"},{"author":{"_account_id":26449,"name":"Scott Hussey","email":"sthussey@att.com","username":"sh8121"},"change_message_id":"6b1cc2829a31541b8ce7eed2b0edbadc796f1b46","unresolved":false,"context_lines":[{"line_number":75,"context_line":"        \"\"\""},{"line_number":76,"context_line":"        layer \u003d secrets_document.get(\u0027metadata\u0027,"},{"line_number":77,"context_line":"                                     {}).get(\u0027layeringDefinition\u0027,"},{"line_number":78,"context_line":"                                             {}).get(\u0027layer\u0027, DEFAULT_LAYER)"},{"line_number":79,"context_line":"        layering_definition \u003d OrderedDict("},{"line_number":80,"context_line":"            [(\u0027abstract\u0027, False), (\u0027layer\u0027, layer)])"},{"line_number":81,"context_line":"        metadata \u003d OrderedDict("}],"source_content_type":"text/x-python","patch_set":25,"id":"3fa7e38b_ecbe4dac","line":78,"range":{"start_line":78,"start_character":62,"end_line":78,"end_character":75},"updated":"2019-09-30 18:28:50.000000000","message":"Why is there any default? Per [0], layeringDefinition.layer is a required field for a non-Control document. Is the idea that encryption is supported for Control documents or is this just superfluous?\n\n[0] https://airshipit.readthedocs.io/projects/deckhand/en/latest/users/validation.html#metadata-schemas","commit_id":"f967cc230b96da2e28ab76257de914c95cc1b71c"},{"author":{"_account_id":29624,"name":"Alexander Hughes","email":"Alexander.Hughes@pm.me","username":"alexanderhughes"},"change_message_id":"b3e061452c313a26a1a3cfbcf533b154df94e1b9","unresolved":false,"context_lines":[{"line_number":75,"context_line":"        \"\"\""},{"line_number":76,"context_line":"        layer \u003d secrets_document.get(\u0027metadata\u0027,"},{"line_number":77,"context_line":"                                     {}).get(\u0027layeringDefinition\u0027,"},{"line_number":78,"context_line":"                                             {}).get(\u0027layer\u0027, DEFAULT_LAYER)"},{"line_number":79,"context_line":"        layering_definition \u003d OrderedDict("},{"line_number":80,"context_line":"            [(\u0027abstract\u0027, False), (\u0027layer\u0027, layer)])"},{"line_number":81,"context_line":"        metadata \u003d OrderedDict("}],"source_content_type":"text/x-python","patch_set":25,"id":"3fa7e38b_6c47bd78","line":78,"range":{"start_line":78,"start_character":62,"end_line":78,"end_character":75},"in_reply_to":"3fa7e38b_ecbe4dac","updated":"2019-10-01 12:40:42.000000000","message":"in keeping with the original logic that was here any document that is wrapped by pegleg has a layer.  that layer is how we\u0027re identifying which set of keys to use for encrypt/decrypt operations.\n\nby defaulting to site as was previously done we ensure a layer is present, but we try to use the layer defined in case it\u0027s different, such that documents with layer:global for example will use global keys if specified for encrypt/decrypt instead of site keys.","commit_id":"f967cc230b96da2e28ab76257de914c95cc1b71c"}]}