)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":24711,"name":"Jackie Truong","email":"jacklyn.truong@jhuapl.edu","username":"jackie-truong"},"change_message_id":"6e91c68f884216fe902b526c0ae851bb94b36cbd","unresolved":false,"context_lines":[{"line_number":7,"context_line":"[WIP] Add certificate validation scenario tests"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This patch updates the existing image signing scenario tests to"},{"line_number":10,"context_line":"incorporate the cursive\u0027s new certificate validation feature."},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"Change-Id: Ica1d32ca66d6f89692e9cc90e415bf569332f58d"},{"line_number":13,"context_line":"Depends-On: I0ae2dbf66241207a425bf7d0fc02a4d2e2dea409"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":3,"id":"ff82abbf_d6875661","line":10,"range":{"start_line":10,"start_character":12,"end_line":10,"end_character":15},"updated":"2017-11-30 20:26:27.000000000","message":"This will be removed in the next patch.","commit_id":"17d196705e7ef3a1576eedbf44fd98bb1faf3e24"},{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"2e4140585aa5e04b0c0c34a87c59530ad136c59e","unresolved":false,"context_lines":[{"line_number":10,"context_line":"incorporate cursive\u0027s new certificate validation feature."},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"Change-Id: Ica1d32ca66d6f89692e9cc90e415bf569332f58d"},{"line_number":13,"context_line":"Depends-On: https://review.openstack.org/#/c/479949/"},{"line_number":14,"context_line":"Depends-On: https://review.openstack.org/#/c/526485/"},{"line_number":15,"context_line":"Depends-On: https://review.openstack.org/#/c/569062/"},{"line_number":16,"context_line":"Implements: blueprint nova-validate-certificates"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":34,"id":"5f7c97a3_2310c84f","line":13,"updated":"2018-06-04 14:26:56.000000000","message":"You can remove this since the next dependency on tempest depends on the REST API change in nova which depends on this change in the series.","commit_id":"4d35f48f8525b3cde9029e02cf5a287d92050c3e"},{"author":{"_account_id":7012,"name":"Brianna Poulos","email":"Brianna.Poulos@jhuapl.edu","username":"brianna-poulos"},"change_message_id":"6ef8cd28b8075349e2818792b542c0076abc3432","unresolved":false,"context_lines":[{"line_number":10,"context_line":"incorporate cursive\u0027s new certificate validation feature."},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"Change-Id: Ica1d32ca66d6f89692e9cc90e415bf569332f58d"},{"line_number":13,"context_line":"Depends-On: https://review.openstack.org/#/c/479949/"},{"line_number":14,"context_line":"Depends-On: https://review.openstack.org/#/c/526485/"},{"line_number":15,"context_line":"Depends-On: https://review.openstack.org/#/c/569062/"},{"line_number":16,"context_line":"Implements: blueprint nova-validate-certificates"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":34,"id":"5f7c97a3_e3c2d034","line":13,"in_reply_to":"5f7c97a3_2310c84f","updated":"2018-06-04 14:43:33.000000000","message":"Done","commit_id":"4d35f48f8525b3cde9029e02cf5a287d92050c3e"},{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"2e4140585aa5e04b0c0c34a87c59530ad136c59e","unresolved":false,"context_lines":[{"line_number":12,"context_line":"Change-Id: Ica1d32ca66d6f89692e9cc90e415bf569332f58d"},{"line_number":13,"context_line":"Depends-On: https://review.openstack.org/#/c/479949/"},{"line_number":14,"context_line":"Depends-On: https://review.openstack.org/#/c/526485/"},{"line_number":15,"context_line":"Depends-On: https://review.openstack.org/#/c/569062/"},{"line_number":16,"context_line":"Implements: blueprint nova-validate-certificates"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":34,"id":"5f7c97a3_430dc433","line":15,"updated":"2018-06-04 14:26:56.000000000","message":"This is merged so you can remove it.","commit_id":"4d35f48f8525b3cde9029e02cf5a287d92050c3e"},{"author":{"_account_id":7012,"name":"Brianna Poulos","email":"Brianna.Poulos@jhuapl.edu","username":"brianna-poulos"},"change_message_id":"6ef8cd28b8075349e2818792b542c0076abc3432","unresolved":false,"context_lines":[{"line_number":12,"context_line":"Change-Id: Ica1d32ca66d6f89692e9cc90e415bf569332f58d"},{"line_number":13,"context_line":"Depends-On: https://review.openstack.org/#/c/479949/"},{"line_number":14,"context_line":"Depends-On: https://review.openstack.org/#/c/526485/"},{"line_number":15,"context_line":"Depends-On: https://review.openstack.org/#/c/569062/"},{"line_number":16,"context_line":"Implements: blueprint nova-validate-certificates"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":34,"id":"5f7c97a3_03c02c2a","line":15,"in_reply_to":"5f7c97a3_430dc433","updated":"2018-06-04 14:43:33.000000000","message":"Done","commit_id":"4d35f48f8525b3cde9029e02cf5a287d92050c3e"}],"barbican_tempest_plugin/tests/scenario/barbican_manager.py":[{"author":{"_account_id":7012,"name":"Brianna Poulos","email":"Brianna.Poulos@jhuapl.edu","username":"brianna-poulos"},"change_message_id":"c37a82093b3fe852d7d85936a41dcfbd52bdd6b8","unresolved":false,"context_lines":[{"line_number":28,"context_line":""},{"line_number":29,"context_line":"from oslo_log import log as logging"},{"line_number":30,"context_line":"from tempest import config"},{"line_number":31,"context_line":"from tempest.api.compute import api_microversion_fixture"},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"from barbican_tempest_plugin import clients"},{"line_number":34,"context_line":"from barbican_tempest_plugin.tests.scenario import manager as mgr"}],"source_content_type":"text/x-python","patch_set":11,"id":"df87a7cf_f0e3dc32","line":31,"range":{"start_line":31,"start_character":0,"end_line":31,"end_character":56},"updated":"2017-12-08 21:24:16.000000000","message":"This isn\u0027t in alphabetical order: http://logs.openstack.org/10/515210/11/check/openstack-tox-pep8/c4808ab/job-output.txt.gz#_2017-12-08_18_59_16_561138","commit_id":"da97c46f4abc225530a58b0077771ee3042a68b0"},{"author":{"_account_id":7012,"name":"Brianna Poulos","email":"Brianna.Poulos@jhuapl.edu","username":"brianna-poulos"},"change_message_id":"86c86c86f4e3d9df16043feb865594b139a824ad","unresolved":false,"context_lines":[{"line_number":119,"context_line":"            x509.NameAttribute(NameOID.ORGANIZATION_NAME, u\"My Company\"),"},{"line_number":120,"context_line":"            x509.NameAttribute(NameOID.COMMON_NAME, u\"Test Certificate\"),"},{"line_number":121,"context_line":"        ])"},{"line_number":122,"context_line":"        cert_builder \u003d x509.CertificateBuilder("},{"line_number":123,"context_line":"            issuer_name\u003dissuer, subject_name\u003dissuer,"},{"line_number":124,"context_line":"            public_key\u003dprivate_key.public_key(),"},{"line_number":125,"context_line":"            serial_number\u003dx509.random_serial_number(),"},{"line_number":126,"context_line":"            not_valid_before\u003ddatetime.utcnow(),"},{"line_number":127,"context_line":"            not_valid_after\u003ddatetime.utcnow() + timedelta(days\u003d10)"},{"line_number":128,"context_line":"        )"},{"line_number":129,"context_line":"        cert \u003d cert_builder.sign(private_key,"},{"line_number":130,"context_line":"                                 hashes.SHA256(),"},{"line_number":131,"context_line":"                                 default_backend())"}],"source_content_type":"text/x-python","patch_set":15,"id":"df87a7cf_343eeac0","line":128,"range":{"start_line":122,"start_character":8,"end_line":128,"end_character":9},"updated":"2017-12-11 21:11:56.000000000","message":"The cert_builder has to have the Basic Constraints and Key Usage extensions or else it can\u0027t be used as a trusted certificate (see https://github.com/openstack/cursive/blob/master/cursive/certificate_utils.py#L87 ).\n\nThis can be done with the following lines:\n\ncert_builder \u003d x509.CertificateBuilder(\n            issuer_name\u003dissuer, subject_name\u003dissuer,\n            public_key\u003dprivate_key.public_key(),\n            serial_number\u003dx509.random_serial_number(),\n            not_valid_before\u003ddatetime.utcnow(),\n            not_valid_after\u003ddatetime.utcnow() + timedelta(days\u003d10)\n        ).add_extension(\n            x509.BasicConstraints(\n                ca\u003dTrue,\n                path_length\u003d1\n            ),\n            critical\u003dTrue\n        ).add_extension(\n            x509.KeyUsage(\n                digital_signature\u003dTrue,\n                content_commitment\u003dTrue,\n                key_encipherment\u003dFalse,\n                data_encipherment\u003dFalse,\n                key_agreement\u003dFalse,\n                key_cert_sign\u003dTrue,\n                crl_sign\u003dFalse,\n                encipher_only\u003dFalse,\n                decipher_only\u003dFalse\n            ),\n            critical\u003dFalse\n        )","commit_id":"3f0da3dbffda244ed80bd1bfbbf80c75d8e06861"},{"author":{"_account_id":24711,"name":"Jackie Truong","email":"jacklyn.truong@jhuapl.edu","username":"jackie-truong"},"change_message_id":"02c41626f3b0f1230095abdf3bba7f0e041008ad","unresolved":false,"context_lines":[{"line_number":119,"context_line":"            x509.NameAttribute(NameOID.ORGANIZATION_NAME, u\"My Company\"),"},{"line_number":120,"context_line":"            x509.NameAttribute(NameOID.COMMON_NAME, u\"Test Certificate\"),"},{"line_number":121,"context_line":"        ])"},{"line_number":122,"context_line":"        cert_builder \u003d x509.CertificateBuilder("},{"line_number":123,"context_line":"            issuer_name\u003dissuer, subject_name\u003dissuer,"},{"line_number":124,"context_line":"            public_key\u003dprivate_key.public_key(),"},{"line_number":125,"context_line":"            serial_number\u003dx509.random_serial_number(),"},{"line_number":126,"context_line":"            not_valid_before\u003ddatetime.utcnow(),"},{"line_number":127,"context_line":"            not_valid_after\u003ddatetime.utcnow() + timedelta(days\u003d10)"},{"line_number":128,"context_line":"        )"},{"line_number":129,"context_line":"        cert \u003d cert_builder.sign(private_key,"},{"line_number":130,"context_line":"                                 hashes.SHA256(),"},{"line_number":131,"context_line":"                                 default_backend())"}],"source_content_type":"text/x-python","patch_set":15,"id":"df87a7cf_d49a1e12","line":128,"range":{"start_line":122,"start_character":8,"end_line":128,"end_character":9},"in_reply_to":"df87a7cf_343eeac0","updated":"2017-12-11 21:33:20.000000000","message":"Thank you, @Brianna. I had forgotten to include these extensions.","commit_id":"3f0da3dbffda244ed80bd1bfbbf80c75d8e06861"},{"author":{"_account_id":7012,"name":"Brianna Poulos","email":"Brianna.Poulos@jhuapl.edu","username":"brianna-poulos"},"change_message_id":"13ad65f1d66c9c3d51a9b9f0cbea8861a1ea7e76","unresolved":false,"context_lines":[{"line_number":65,"context_line":"        self.signing_cert_uuid \u003d self._store_cert("},{"line_number":66,"context_line":"            self.signing_certificate"},{"line_number":67,"context_line":"        )"},{"line_number":68,"context_line":"        self.bad_signing_certificate \u003d self._create_self_signed_certificate("},{"line_number":69,"context_line":"            self.private_key"},{"line_number":70,"context_line":"        )"},{"line_number":71,"context_line":"        self.bad_cert_uuid \u003d self._store_cert("},{"line_number":72,"context_line":"            self.bad_signing_certificate"},{"line_number":73,"context_line":"        )"},{"line_number":74,"context_line":""},{"line_number":75,"context_line":"    @classmethod"},{"line_number":76,"context_line":"    def skip_checks(cls):"}],"source_content_type":"text/x-python","patch_set":16,"id":"df87a7cf_260f8588","line":73,"range":{"start_line":68,"start_character":8,"end_line":73,"end_character":9},"updated":"2017-12-12 19:32:45.000000000","message":"What makes this a bad signing certificate?  It looks like it will be valid, since it\u0027s based off of the same private key, and will have the same subject/issuer as the other certificate (thus looking like a parent certificate since both are self-signed).\n\nOne possibility is to generate a certificate without the proper KeyUsage and BasicConstraints extensions, or use a different subject than the other cert.","commit_id":"534ed0ab6b067d26ee8c6d95699553b5fe802f13"}],"barbican_tempest_plugin/tests/scenario/manager.py":[{"author":{"_account_id":7012,"name":"Brianna Poulos","email":"Brianna.Poulos@jhuapl.edu","username":"brianna-poulos"},"change_message_id":"3ef4c525637ff296f10b0dac1c3dec1c0b5ba6cf","unresolved":false,"context_lines":[{"line_number":196,"context_line":"        # This needs to be done in order for Tempest to accept"},{"line_number":197,"context_line":"        # trusted_image_certificates as an expected value"},{"line_number":198,"context_line":"        if \u0027trusted_image_certificates\u0027 in kwargs:"},{"line_number":199,"context_line":"            for cert in kwargs.pop(\u0027trusted_image_certificates\u0027, []):"},{"line_number":200,"context_line":"                LOG.debug(\"trusted_cert: %s\", cert)"},{"line_number":201,"context_line":""},{"line_number":202,"context_line":"        body, servers \u003d compute.create_test_server("}],"source_content_type":"text/x-python","patch_set":6,"id":"df87a7cf_c42195fd","line":199,"range":{"start_line":199,"start_character":31,"end_line":199,"end_character":34},"updated":"2017-12-05 21:43:54.000000000","message":"This should be \u0027get\u0027 instead -- otherwise the trusted_image_certificates value is removed from kwargs before it can be passed to create_test_server.","commit_id":"3aef4630b4c37a9f11a3068f96876d0e5eeb1b16"},{"author":{"_account_id":24711,"name":"Jackie Truong","email":"jacklyn.truong@jhuapl.edu","username":"jackie-truong"},"change_message_id":"c33069d30846d744be65e2e9a68f4ffaa1835236","unresolved":false,"context_lines":[{"line_number":196,"context_line":"        # This needs to be done in order for Tempest to accept"},{"line_number":197,"context_line":"        # trusted_image_certificates as an expected value"},{"line_number":198,"context_line":"        if \u0027trusted_image_certificates\u0027 in kwargs:"},{"line_number":199,"context_line":"            for cert in kwargs.pop(\u0027trusted_image_certificates\u0027, []):"},{"line_number":200,"context_line":"                LOG.debug(\"trusted_cert: %s\", cert)"},{"line_number":201,"context_line":""},{"line_number":202,"context_line":"        body, servers \u003d compute.create_test_server("}],"source_content_type":"text/x-python","patch_set":6,"id":"df87a7cf_e402990b","line":199,"range":{"start_line":199,"start_character":31,"end_line":199,"end_character":34},"in_reply_to":"df87a7cf_c42195fd","updated":"2017-12-05 21:56:47.000000000","message":"Thanks, @Brianna. Good catch. I\u0027m unsure that this is actually needed, but I do think that we need to add the nova API patch as a dependency.","commit_id":"3aef4630b4c37a9f11a3068f96876d0e5eeb1b16"}],"barbican_tempest_plugin/tests/scenario/test_image_signing.py":[{"author":{"_account_id":7012,"name":"Brianna Poulos","email":"Brianna.Poulos@jhuapl.edu","username":"brianna-poulos"},"change_message_id":"13ad65f1d66c9c3d51a9b9f0cbea8861a1ea7e76","unresolved":false,"context_lines":[{"line_number":118,"context_line":"        img_uuid \u003d self.sign_and_upload_image()"},{"line_number":119,"context_line":""},{"line_number":120,"context_line":"        LOG.debug(\"Booting server with self-signed image %s and invalid \""},{"line_number":121,"context_line":"                  \"certificate ID\", img_uuid)"},{"line_number":122,"context_line":"        self.assertRaisesRegex(exceptions.BuildErrorException,"},{"line_number":123,"context_line":"                               \"Certificate chain building failed\","},{"line_number":124,"context_line":"                               self.create_server,"}],"source_content_type":"text/x-python","patch_set":16,"id":"df87a7cf_e6699d24","line":121,"updated":"2017-12-12 19:32:45.000000000","message":"I think it would be good to include the UUID of the invalid certificate here.","commit_id":"534ed0ab6b067d26ee8c6d95699553b5fe802f13"},{"author":{"_account_id":7012,"name":"Brianna Poulos","email":"Brianna.Poulos@jhuapl.edu","username":"brianna-poulos"},"change_message_id":"2e646e64befeeeced7abdcd549a8e7e1720efc45","unresolved":false,"context_lines":[{"line_number":86,"context_line":""},{"line_number":87,"context_line":"        LOG.debug(\"Modifying image signature to be incorrect\")"},{"line_number":88,"context_line":"        metadata \u003d {\u0027img_signature\u0027: \u0027fake_signature\u0027}"},{"line_number":89,"context_line":"        self.compute_images_client.update_image_metadata("},{"line_number":90,"context_line":"            img_uuid, metadata"},{"line_number":91,"context_line":"        )"},{"line_number":92,"context_line":""},{"line_number":93,"context_line":"        self.assertRaisesRegex(exceptions.BuildErrorException,"},{"line_number":94,"context_line":"                               \"Signature verification for the image failed\","}],"source_content_type":"text/x-python","patch_set":19,"id":"df87a7cf_e7f3bb72","line":91,"range":{"start_line":89,"start_character":8,"end_line":91,"end_character":9},"updated":"2017-12-13 17:17:09.000000000","message":"This test is currently the only one failing.\n\nSince the problem is going through a proxy API, would it be possible to go through the image client (glance) instead of through the compute_image client to update the image properties?\n\nMaybe something like what\u0027s at: http://git.openstack.org/cgit/openstack/tempest/tree/tempest/api/image/v1/test_images.py#n318","commit_id":"32d5cd2225142007c7bf0c1d5c140c2991f434b6"},{"author":{"_account_id":24711,"name":"Jackie Truong","email":"jacklyn.truong@jhuapl.edu","username":"jackie-truong"},"change_message_id":"782fa7524faa028bc4b5397aa2a70ddd87686754","unresolved":false,"context_lines":[{"line_number":86,"context_line":""},{"line_number":87,"context_line":"        LOG.debug(\"Modifying image signature to be incorrect\")"},{"line_number":88,"context_line":"        metadata \u003d {\u0027img_signature\u0027: \u0027fake_signature\u0027}"},{"line_number":89,"context_line":"        self.compute_images_client.update_image_metadata("},{"line_number":90,"context_line":"            img_uuid, metadata"},{"line_number":91,"context_line":"        )"},{"line_number":92,"context_line":""},{"line_number":93,"context_line":"        self.assertRaisesRegex(exceptions.BuildErrorException,"},{"line_number":94,"context_line":"                               \"Signature verification for the image failed\","}],"source_content_type":"text/x-python","patch_set":19,"id":"df87a7cf_26bc40ba","line":91,"range":{"start_line":89,"start_character":8,"end_line":91,"end_character":9},"in_reply_to":"df87a7cf_e7f3bb72","updated":"2017-12-13 21:11:02.000000000","message":"@Brianna: The check_image call is only supported in ImagesClient v1. I am looking into alternatives.","commit_id":"32d5cd2225142007c7bf0c1d5c140c2991f434b6"},{"author":{"_account_id":7012,"name":"Brianna Poulos","email":"Brianna.Poulos@jhuapl.edu","username":"brianna-poulos"},"change_message_id":"6b38129a458392ebcd7f36e8360ac4b3df6909dc","unresolved":false,"context_lines":[{"line_number":26,"context_line":""},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"class ImageSigningTest(barbican_manager.BarbicanScenarioTest):"},{"line_number":29,"context_line":"    min_microversion \u003d \u00272.59\u0027"},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"    @classmethod"},{"line_number":32,"context_line":"    def resource_setup(cls):"}],"source_content_type":"text/x-python","patch_set":25,"id":"7f96bb07_c693fda2","line":29,"range":{"start_line":29,"start_character":24,"end_line":29,"end_character":28},"updated":"2018-01-22 16:11:44.000000000","message":"This needs to be updated to be 2.60.","commit_id":"3ac6210186b67a4812936227582c7fa27527889a"},{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"7bf55362cf8f48f0375242214d4bab0c8632ecae","unresolved":false,"context_lines":[{"line_number":122,"context_line":"                               \"Certificate chain building failed\","},{"line_number":123,"context_line":"                               self.create_server,"},{"line_number":124,"context_line":"                               image_id\u003dimg_uuid,"},{"line_number":125,"context_line":"                               trusted_image_certificates\u003d[self.bad_cert_uuid])"},{"line_number":126,"context_line":""},{"line_number":127,"context_line":""},{"line_number":128,"context_line":"class ImageSigningSnapshotTest(barbican_manager.BarbicanScenarioTest,"}],"source_content_type":"text/x-python","patch_set":31,"id":"bf659307_db880372","line":125,"updated":"2018-04-13 22:32:48.000000000","message":"Note to self: the tempest wait_for_server_status method will raise BuildErrorException containing the server[\u0027fault\u0027] as the message if the state is observed to be ERROR. Pretty cool.","commit_id":"bfa488e3e90dd0080aee502b8f58da4fd83e9404"},{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"fa4aec602c82c2e899f11610c5daeb8da177f73c","unresolved":false,"context_lines":[{"line_number":58,"context_line":"        instance \u003d self.create_server(name\u003d\u0027signed_img_server\u0027,"},{"line_number":59,"context_line":"                                      image_id\u003dimg_uuid,"},{"line_number":60,"context_line":"                                      wait_until\u003d\u0027ACTIVE\u0027,"},{"line_number":61,"context_line":"                                      trusted_image_certificates\u003d["},{"line_number":62,"context_line":"                                          self.signing_cert_uuid])"},{"line_number":63,"context_line":"        self.servers_client.delete_server(instance[\u0027id\u0027])"},{"line_number":64,"context_line":""}],"source_content_type":"text/x-python","patch_set":34,"id":"5f7c97a3_a3d0582d","line":61,"range":{"start_line":61,"start_character":38,"end_line":61,"end_character":64},"updated":"2018-06-04 14:36:49.000000000","message":"This job isn\u0027t configuring nova to set [glance]/enable_certificate_validation\u003dTrue, but I guess for now that doesn\u0027t matter because the glance API code in nova is handling the case that the trusted_certs are passed in differently:\n\nhttps://review.openstack.org/#/c/479949/72/nova/image/glance.py@370\n\nThere is a bug in the libvirt driver code and it looks like we should probably have a test for a hard reboot of a server that has trusted_certs:\n\nhttps://review.openstack.org/#/c/561262/17/nova/virt/libvirt/driver.py@7677","commit_id":"4d35f48f8525b3cde9029e02cf5a287d92050c3e"},{"author":{"_account_id":7012,"name":"Brianna Poulos","email":"Brianna.Poulos@jhuapl.edu","username":"brianna-poulos"},"change_message_id":"6ef8cd28b8075349e2818792b542c0076abc3432","unresolved":false,"context_lines":[{"line_number":58,"context_line":"        instance \u003d self.create_server(name\u003d\u0027signed_img_server\u0027,"},{"line_number":59,"context_line":"                                      image_id\u003dimg_uuid,"},{"line_number":60,"context_line":"                                      wait_until\u003d\u0027ACTIVE\u0027,"},{"line_number":61,"context_line":"                                      trusted_image_certificates\u003d["},{"line_number":62,"context_line":"                                          self.signing_cert_uuid])"},{"line_number":63,"context_line":"        self.servers_client.delete_server(instance[\u0027id\u0027])"},{"line_number":64,"context_line":""}],"source_content_type":"text/x-python","patch_set":34,"id":"5f7c97a3_4339443d","line":61,"range":{"start_line":61,"start_character":38,"end_line":61,"end_character":64},"in_reply_to":"5f7c97a3_a3d0582d","updated":"2018-06-04 14:43:33.000000000","message":"Yes, cert validation is happening even with enable_certificate_validation\u003dFalse (see http://logs.openstack.org/10/515210/34/check/barbican-simple-crypto-devstack-tempest/a98095f/logs/screen-n-cpu.txt.gz#_May_25_18_28_32_286881 ).\n\nI will create a test for a hard reboot of a server with trusted_certs.","commit_id":"4d35f48f8525b3cde9029e02cf5a287d92050c3e"}],"tools/pre_test_hook.sh":[{"author":{"_account_id":7012,"name":"Brianna Poulos","email":"Brianna.Poulos@jhuapl.edu","username":"brianna-poulos"},"change_message_id":"1402ed292270f30a6b362742178c57efa20aa295","unresolved":false,"context_lines":[{"line_number":36,"context_line":""},{"line_number":37,"context_line":"# Trusted image certificates are only supported from 2.57 onward"},{"line_number":38,"context_line":"echo -e \u0027[compute]\u0027 \u003e\u003e $LOCALCONF_PATH"},{"line_number":39,"context_line":"echo -e \u0027min_microversion \u003d 2.57\u0027 \u003e\u003e $LOCALCONF_PATH"},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"# Glance v1 doesn\u0027t do signature verification on image upload"},{"line_number":42,"context_line":"echo -e \u0027[image-feature-enabled]\u0027 \u003e\u003e $LOCALCONF_PATH"}],"source_content_type":"text/x-sh","patch_set":7,"id":"df87a7cf_ec14a4a2","line":39,"range":{"start_line":39,"start_character":9,"end_line":39,"end_character":32},"updated":"2017-12-06 18:46:43.000000000","message":"It doesn\u0027t look like this is setting the microversion to 2.57.\n\nIn the nova api logs of the tempest test, the microversion is still set to 2.1: http://logs.openstack.org/10/515210/7/check/barbican-simple-crypto-devstack-tempest/af0daff/logs/screen-n-api.txt.gz#_Dec_05_22_54_19_114686 \n\nAnd the trusted_image_certificates parameter is still recognized as invalid: http://logs.openstack.org/10/515210/7/check/barbican-simple-crypto-devstack-tempest/af0daff/logs/testr_results.html.gz","commit_id":"9c4a891847c2885952a17cdcc3153f780af16392"}]}