)]}'
{"barbican/plugin/castellan_secret_store.py":[{"author":{"_account_id":27954,"name":"Moisés Guimarães de Medeiros","email":"guimaraes@pm.me","username":"moguimar"},"change_message_id":"e5849d53510b35a2c36a1293ca4561dbdbf6a0df","unresolved":true,"context_lines":[{"line_number":51,"context_line":"                          ss.SecretType.PUBLIC,"},{"line_number":52,"context_line":"                          ss.SecretType.SYMMETRIC]"},{"line_number":53,"context_line":"    if secret_type not in unnormalized_types:"},{"line_number":54,"context_line":"        return"},{"line_number":55,"context_line":"    try:"},{"line_number":56,"context_line":"        tr.denormalize_after_decryption(secret_value, content_type)"},{"line_number":57,"context_line":"    except (UnicodeDecodeError, TypeError):"}],"source_content_type":"text/x-python","patch_set":1,"id":"97569ad3_40ef5c11","line":54,"range":{"start_line":54,"start_character":8,"end_line":54,"end_character":14},"updated":"2020-11-24 10:20:27.000000000","message":"Do you have coverage for this return? What happens when None is returned instead of a secret?","commit_id":"032e4a992d324e5f8eea6adc97646af6f38bee15"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"1a7254bee6d96ab59582c7929a5ef47e45d8539d","unresolved":false,"context_lines":[{"line_number":51,"context_line":"                          ss.SecretType.PUBLIC,"},{"line_number":52,"context_line":"                          ss.SecretType.SYMMETRIC]"},{"line_number":53,"context_line":"    if secret_type not in unnormalized_types:"},{"line_number":54,"context_line":"        return"},{"line_number":55,"context_line":"    try:"},{"line_number":56,"context_line":"        tr.denormalize_after_decryption(secret_value, content_type)"},{"line_number":57,"context_line":"    except (UnicodeDecodeError, TypeError):"}],"source_content_type":"text/x-python","patch_set":1,"id":"f216b75b_ca811281","line":54,"range":{"start_line":54,"start_character":8,"end_line":54,"end_character":14},"in_reply_to":"8da5a2eb_be31ec97","updated":"2020-11-24 11:57:21.000000000","message":"Done","commit_id":"032e4a992d324e5f8eea6adc97646af6f38bee15"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"c4f3c87afcc3fbf0c47e1470c4f73e6d6cc0a2e4","unresolved":true,"context_lines":[{"line_number":51,"context_line":"                          ss.SecretType.PUBLIC,"},{"line_number":52,"context_line":"                          ss.SecretType.SYMMETRIC]"},{"line_number":53,"context_line":"    if secret_type not in unnormalized_types:"},{"line_number":54,"context_line":"        return"},{"line_number":55,"context_line":"    try:"},{"line_number":56,"context_line":"        tr.denormalize_after_decryption(secret_value, content_type)"},{"line_number":57,"context_line":"    except (UnicodeDecodeError, TypeError):"}],"source_content_type":"text/x-python","patch_set":1,"id":"8da5a2eb_be31ec97","line":54,"range":{"start_line":54,"start_character":8,"end_line":54,"end_character":14},"in_reply_to":"97569ad3_40ef5c11","updated":"2020-11-24 10:50:02.000000000","message":"Good catch, I\u0027m not sure how I didn\u0027t spot that. I\u0027ll fix and add a unit test.","commit_id":"032e4a992d324e5f8eea6adc97646af6f38bee15"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"ed044bf425e21da67d3a09ff5eaf7f13aabc3538","unresolved":true,"context_lines":[{"line_number":53,"context_line":"    if secret_type not in unnormalized_types:"},{"line_number":54,"context_line":"        return secret_value"},{"line_number":55,"context_line":"    try:"},{"line_number":56,"context_line":"        tr.denormalize_after_decryption(secret_value, content_type)"},{"line_number":57,"context_line":"    except (UnicodeDecodeError, TypeError):"},{"line_number":58,"context_line":"        secret_value, _ \u003d tr.normalize_before_encryption(secret_value,"},{"line_number":59,"context_line":"                                                         content_type, None,"}],"source_content_type":"text/x-python","patch_set":5,"id":"7ddd85ca_a84adbe6","line":56,"updated":"2021-04-30 21:24:37.000000000","message":"I think it may be better to check the length of the secret and only denormalize when there is a mismatch instead of attempting to denormalize every single symmetric key.","commit_id":"f0520a92a9aef8cca4b5cc3d47699d22d96ca8f1"}],"barbican/tests/plugin/test_castellan_secret_store.py":[{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"ed044bf425e21da67d3a09ff5eaf7f13aabc3538","unresolved":true,"context_lines":[{"line_number":192,"context_line":"        )"},{"line_number":193,"context_line":""},{"line_number":194,"context_line":"    def test_get_secret_not_normalized(self):"},{"line_number":195,"context_line":"        # NOTE(mgoddard): When generating keys, Castellan creates secrets"},{"line_number":196,"context_line":"        # internally which are not normalized (base64 encoded). The plugin"},{"line_number":197,"context_line":"        # should ensure these secrets are normalized."},{"line_number":198,"context_line":"        # https://storyboard.openstack.org/#!/story/2008335"},{"line_number":199,"context_line":"        not_normalized \u003d base64.b64decode(secret_passphrase)"}],"source_content_type":"text/x-python","patch_set":5,"id":"4be08bdb_9da30b6c","line":196,"range":{"start_line":195,"start_character":26,"end_line":196,"end_character":62},"updated":"2021-04-30 21:24:37.000000000","message":"This is certainly a bug in the VaultSecretStore.  I think it\u0027s a mistake to defer generation of symmetric keys to the castellan key_manager directly because they result inconsistent encodings and there is no way to tell which is what.\n\nI think a complete fix for this issue should include changes to VaultSecretStore to ensure that generated keys are stored in the same way as keys stored via the API.  We should not have to guess what format is stored in the DB.\n\nTo be extra thorough, we may want to consider adding a new column/meta value to effectively version the data we\u0027re storing so we can be confident we only store things in a single format moving forward. (Maybe we need to revisit the OVO patches?)","commit_id":"f0520a92a9aef8cca4b5cc3d47699d22d96ca8f1"}]}