)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":7118,"name":"Ian Wienand","email":"iwienand@redhat.com","username":"iwienand"},"change_message_id":"20dfd6aac5a3f30ecf59607a5a5a2265c5d831f6","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"9524cb93_942bcc94","updated":"2023-04-14 01:59:52.000000000","message":"This LGTM and I poked at the server and it\u0027s fine.  But I think we should try and understand what is going on with the API calls, because it all seems like a bug when I took a closer look; see inline.","commit_id":"2464a3eebdce6e8daea3cf384d046b0e62263ca6"},{"author":{"_account_id":7118,"name":"Ian Wienand","email":"iwienand@redhat.com","username":"iwienand"},"change_message_id":"01a433e5cbf59b7c9e0f2b1e8d58f40570d17bb7","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":6,"id":"31e3468a_f6d70c01","updated":"2023-04-18 23:37:13.000000000","message":"now we understand this, I\u0027m not -1 on it.  we can probably hold off a few days and see what comes from the bug reports?","commit_id":"2464a3eebdce6e8daea3cf384d046b0e62263ca6"},{"author":{"_account_id":7118,"name":"Ian Wienand","email":"iwienand@redhat.com","username":"iwienand"},"change_message_id":"2b0c3688459fa80190416c7f157ccfcb402ca16b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"b2003be3_dad8c265","updated":"2023-05-02 01:12:32.000000000","message":"https://158.69.65.228:3081\n\nLGTM.  The 401 header issue is still under discussion, but we can just keep an eye on that.","commit_id":"2d29e2d5be576ac66762308a1f8a50bc935621d5"}],"playbooks/roles/gitea-set-org-logos/tasks/main.yaml":[{"author":{"_account_id":7118,"name":"Ian Wienand","email":"iwienand@redhat.com","username":"iwienand"},"change_message_id":"20dfd6aac5a3f30ecf59607a5a5a2265c5d831f6","unresolved":true,"context_lines":[{"line_number":4,"context_line":"    method: GET"},{"line_number":5,"context_line":"    user: root"},{"line_number":6,"context_line":"    password: \u0027{{ gitea_root_password }}\u0027"},{"line_number":7,"context_line":"    force_basic_auth: true"},{"line_number":8,"context_line":"    return_content: yes"},{"line_number":9,"context_line":"    validate_certs: false"},{"line_number":10,"context_line":"    status_code: 200"}],"source_content_type":"text/x-yaml","patch_set":6,"id":"7ab84c05_423b08fa","line":7,"updated":"2023-04-14 01:59:52.000000000","message":"This has raised some questions for me that I think maybe we should answer ...\n\nFirstly, why is this call requiring authentication?  If you call against opendev or the gitea directly\n\n```\ncurl https://opendev.org/api/v1/orgs\ncurl https://gitea09.opendev.org:3081/api/v1/orgs\n```\n\nyou get a response.  So why are we getting a 401 on the test instance?\n\nI could not understand why ansible\u0027s uri would not be dealing with this correctly.  This uses urllib under the hood -- I wrote something to hit the test server at https://158.69.65.113:3081/api/v1/orgs [1] and you get back\n\n```\n$ python3 ./test.py\nsend: b\u0027GET /api/v1/orgs HTTP/1.1\\r\\nAccept-Encoding: identity\\r\\nHost: 158.69.65.113:3081\\r\\nUser-Agent: Python-urllib/3.11\\r\\nConnection: close\\r\\n\\r\\n\u0027\nreply: \u0027HTTP/1.1 401 Unauthorized\\r\\n\u0027\nheader: Date: Fri, 14 Apr 2023 01:52:29 GMT\nheader: Server: Apache/2.4.52 (Ubuntu)\nheader: Cache-Control: max-age\u003d0, private, must-revalidate, no-transform\nheader: Content-Type: application/json;charset\u003dutf-8\nheader: X-Content-Type-Options: nosniff\nheader: X-Frame-Options: SAMEORIGIN\nheader: Content-Length: 72\nheader: Connection: close\n```\n\nSo youg et back a 401, but no ```WWW-Authenticate``` header.  I think this is why uri: doesn\u0027t know what to do and fails.\n\nSo the two questions are, which are probably related somehow\n\n1) why is this even requiring auth in the test env\n2) why is gitea not sending a proper 401\n\n[1] https://paste.opendev.org/show/bX8XicKBKDJWdLrnIsQi/","commit_id":"2464a3eebdce6e8daea3cf384d046b0e62263ca6"},{"author":{"_account_id":7118,"name":"Ian Wienand","email":"iwienand@redhat.com","username":"iwienand"},"change_message_id":"9156b9e2cc8f2e26bb1e0bfc3ed5bede9e850ebc","unresolved":true,"context_lines":[{"line_number":4,"context_line":"    method: GET"},{"line_number":5,"context_line":"    user: root"},{"line_number":6,"context_line":"    password: \u0027{{ gitea_root_password }}\u0027"},{"line_number":7,"context_line":"    force_basic_auth: true"},{"line_number":8,"context_line":"    return_content: yes"},{"line_number":9,"context_line":"    validate_certs: false"},{"line_number":10,"context_line":"    status_code: 200"}],"source_content_type":"text/x-yaml","patch_set":6,"id":"f5f8ffb1_4dac1b4d","line":7,"in_reply_to":"7ab84c05_423b08fa","updated":"2023-04-17 03:21:45.000000000","message":"I\u0027ve dug into this a bit more.  My first thought was that it might relate to the root URL, but testing showed that not to be the case.  \n\nDigging through the routing pieces of the API, it seems like there has been a move to scoped access tokens with 1.19 [1].  It may be a bug that this has become an authenticated endpoint.  I\u0027ve filed [2] for that.\n\nThe other thing is the ```force_basic_auth``` requirement.  I think this is also a bug, and I\u0027ve filed [3] for that\n\n[1] https://github.com/go-gitea/gitea/commit/de484e86bc495a67d2f122ed438178d587a92526\n[2] https://github.com/go-gitea/gitea/issues/24159\n[3] https://github.com/go-gitea/gitea/issues/24160","commit_id":"2464a3eebdce6e8daea3cf384d046b0e62263ca6"},{"author":{"_account_id":7118,"name":"Ian Wienand","email":"iwienand@redhat.com","username":"iwienand"},"change_message_id":"01a433e5cbf59b7c9e0f2b1e8d58f40570d17bb7","unresolved":true,"context_lines":[{"line_number":4,"context_line":"    method: GET"},{"line_number":5,"context_line":"    user: root"},{"line_number":6,"context_line":"    password: \u0027{{ gitea_root_password }}\u0027"},{"line_number":7,"context_line":"    force_basic_auth: true"},{"line_number":8,"context_line":"    return_content: yes"},{"line_number":9,"context_line":"    validate_certs: false"},{"line_number":10,"context_line":"    status_code: 200"}],"source_content_type":"text/x-yaml","patch_set":6,"id":"4c5f6590_9e828ad3","line":7,"in_reply_to":"f5f8ffb1_4dac1b4d","updated":"2023-04-18 23:37:13.000000000","message":"Upstream seem to have engaged with the bug reports, marking them for 1.19.2.  I do not think anyone relies on these public endpoints that have gone private -- certainly not for opendev.org and we seem to be the first bug report for gitea in general.\n\nI think what we do want to remember is that if this is fixed, to remove the auth here so we could catch any similar regressions.","commit_id":"2464a3eebdce6e8daea3cf384d046b0e62263ca6"}]}