)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"fd45a8bec7edb3bc9724da37446e822fe4c9e97d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"01411743_4c96ca05","updated":"2026-05-04 18:01:18.000000000","message":"Good start.  Lets fix the tests.","commit_id":"73c379617671bcad6404b09aee539f8fbd286d05"},{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"43397fadf0914b3d349e83f5a652f6085b8c53f9","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"ae9e49c1_7ffc8003","updated":"2026-05-08 20:45:54.000000000","message":"Almost there.  Nice to see the new tests.","commit_id":"429417a493d6bd51e3153be822c6e4f2f732332e"},{"author":{"_account_id":35125,"name":"Mauricio Harley","email":"mharley@redhat.com","username":"mharley-rh"},"change_message_id":"7b60564fc956c73b5f3b6af5ce1d353b83521095","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"3a219aab_4d0a27eb","updated":"2026-05-06 12:48:59.000000000","message":"Thanks for the review.  All comments were addressed.  Mind reviewing again?","commit_id":"429417a493d6bd51e3153be822c6e4f2f732332e"},{"author":{"_account_id":35125,"name":"Mauricio Harley","email":"mharley@redhat.com","username":"mharley-rh"},"change_message_id":"cdcdc3688066c20a891704324d5ec7e8b7652fff","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"43fed321_f0536cdb","updated":"2026-05-11 10:46:54.000000000","message":"Thanks, new patchset was submitted.","commit_id":"dce1d1ca7e9900031cb3b5824666370871014bb0"}],"barbican/plugin/crypto/simple_crypto.py":[{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"fd45a8bec7edb3bc9724da37446e822fe4c9e97d","unresolved":true,"context_lines":[{"line_number":233,"context_line":"                backend\u003ddefault_backend()"},{"line_number":234,"context_line":"            )"},{"line_number":235,"context_line":"        elif algorithm \u003d\u003d \u0027dsa\u0027:"},{"line_number":236,"context_line":"            warnings.warn("},{"line_number":237,"context_line":"                \"DSA key generation is deprecated per NIST SP 800-131A \""},{"line_number":238,"context_line":"                \"Rev.2. Consider using RSA or EC instead.\","},{"line_number":239,"context_line":"                DeprecationWarning,"},{"line_number":240,"context_line":"                stacklevel\u003d4"},{"line_number":241,"context_line":"            )"},{"line_number":242,"context_line":"            return dsa.generate_private_key("},{"line_number":243,"context_line":"                key_size\u003dgenerate_dto.bit_length,"},{"line_number":244,"context_line":"                backend\u003ddefault_backend()"}],"source_content_type":"text/x-python","patch_set":2,"id":"fb45ef41_ac49532e","line":241,"range":{"start_line":236,"start_character":12,"end_line":241,"end_character":13},"updated":"2026-05-04 18:01:18.000000000","message":"I\u0027m not sure the end user would see this warning.  This just goes into the logs, right?  In which case, I\u0027m not sure it makes sense to warn here.\n\nIf anything, we should probably warn if the default algorithm is set to dsa.","commit_id":"73c379617671bcad6404b09aee539f8fbd286d05"},{"author":{"_account_id":35125,"name":"Mauricio Harley","email":"mharley@redhat.com","username":"mharley-rh"},"change_message_id":"7b60564fc956c73b5f3b6af5ce1d353b83521095","unresolved":false,"context_lines":[{"line_number":233,"context_line":"                backend\u003ddefault_backend()"},{"line_number":234,"context_line":"            )"},{"line_number":235,"context_line":"        elif algorithm \u003d\u003d \u0027dsa\u0027:"},{"line_number":236,"context_line":"            warnings.warn("},{"line_number":237,"context_line":"                \"DSA key generation is deprecated per NIST SP 800-131A \""},{"line_number":238,"context_line":"                \"Rev.2. Consider using RSA or EC instead.\","},{"line_number":239,"context_line":"                DeprecationWarning,"},{"line_number":240,"context_line":"                stacklevel\u003d4"},{"line_number":241,"context_line":"            )"},{"line_number":242,"context_line":"            return dsa.generate_private_key("},{"line_number":243,"context_line":"                key_size\u003dgenerate_dto.bit_length,"},{"line_number":244,"context_line":"                backend\u003ddefault_backend()"}],"source_content_type":"text/x-python","patch_set":2,"id":"f31be399_ff005a82","line":241,"range":{"start_line":236,"start_character":12,"end_line":241,"end_character":13},"in_reply_to":"fb45ef41_ac49532e","updated":"2026-05-06 12:48:59.000000000","message":"Done","commit_id":"73c379617671bcad6404b09aee539f8fbd286d05"},{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"43397fadf0914b3d349e83f5a652f6085b8c53f9","unresolved":true,"context_lines":[{"line_number":238,"context_line":"                backend\u003ddefault_backend()"},{"line_number":239,"context_line":"            )"},{"line_number":240,"context_line":"        elif algorithm \u003d\u003d \u0027dsa\u0027:"},{"line_number":241,"context_line":"            LOG.warning("},{"line_number":242,"context_line":"                \"DSA key generation is deprecated per NIST SP 800-131A \""},{"line_number":243,"context_line":"                \"Rev.2. Consider using RSA or EC instead.\""},{"line_number":244,"context_line":"            )"},{"line_number":245,"context_line":"            return dsa.generate_private_key("},{"line_number":246,"context_line":"                key_size\u003dgenerate_dto.bit_length,"},{"line_number":247,"context_line":"                backend\u003ddefault_backend()"}],"source_content_type":"text/x-python","patch_set":3,"id":"2e49be8d_e99ff486","line":244,"range":{"start_line":241,"start_character":12,"end_line":244,"end_character":13},"updated":"2026-05-08 20:45:54.000000000","message":"The point in my previous comment is that a warning here would just go to the log - which is not visible to the user that is requesting the DSA key.  Therefore, it makes sense not to log anything at all here.\n\nAn warning in the log file makes more sense when the process is starting up and the admin is selecting to use DSA as a default key.  I notice that you have (correctly) added that warning to the init code.","commit_id":"429417a493d6bd51e3153be822c6e4f2f732332e"},{"author":{"_account_id":35125,"name":"Mauricio Harley","email":"mharley@redhat.com","username":"mharley-rh"},"change_message_id":"cdcdc3688066c20a891704324d5ec7e8b7652fff","unresolved":false,"context_lines":[{"line_number":238,"context_line":"                backend\u003ddefault_backend()"},{"line_number":239,"context_line":"            )"},{"line_number":240,"context_line":"        elif algorithm \u003d\u003d \u0027dsa\u0027:"},{"line_number":241,"context_line":"            LOG.warning("},{"line_number":242,"context_line":"                \"DSA key generation is deprecated per NIST SP 800-131A \""},{"line_number":243,"context_line":"                \"Rev.2. Consider using RSA or EC instead.\""},{"line_number":244,"context_line":"            )"},{"line_number":245,"context_line":"            return dsa.generate_private_key("},{"line_number":246,"context_line":"                key_size\u003dgenerate_dto.bit_length,"},{"line_number":247,"context_line":"                backend\u003ddefault_backend()"}],"source_content_type":"text/x-python","patch_set":3,"id":"8f14dcc8_414beea1","line":244,"range":{"start_line":241,"start_character":12,"end_line":244,"end_character":13},"in_reply_to":"2e49be8d_e99ff486","updated":"2026-05-11 10:46:54.000000000","message":"Done","commit_id":"429417a493d6bd51e3153be822c6e4f2f732332e"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"37e9d9d6f2aee862a529f8ce4136ca89f8fd6048","unresolved":true,"context_lines":[{"line_number":54,"context_line":"    cfg.StrOpt(\u0027plugin_name\u0027,"},{"line_number":55,"context_line":"               help\u003du._(\u0027User friendly plugin name\u0027),"},{"line_number":56,"context_line":"               default\u003d\u0027Software Only Crypto\u0027),"},{"line_number":57,"context_line":"    cfg.StrOpt("},{"line_number":58,"context_line":"        \u0027asymmetric_key_default_algorithm\u0027,"},{"line_number":59,"context_line":"        default\u003d\u0027RSA\u0027,"},{"line_number":60,"context_line":"        help\u003du._(\u0027Default algorithm for asymmetric key generation when the \u0027"},{"line_number":61,"context_line":"                 \u0027API request does not specify one. \u0027"},{"line_number":62,"context_line":"                 \u0027Supported values: RSA, DSA, EC. \u0027"},{"line_number":63,"context_line":"                 \u0027Note: DSA is deprecated per NIST SP 800-131A Rev.2.\u0027),"},{"line_number":64,"context_line":"    ),"},{"line_number":65,"context_line":"]"},{"line_number":66,"context_line":"CONF.register_group(simple_crypto_plugin_group)"},{"line_number":67,"context_line":"CONF.register_opts(simple_crypto_plugin_opts, group\u003dsimple_crypto_plugin_group)"}],"source_content_type":"text/x-python","patch_set":4,"id":"b0eeff9f_197c4224","line":64,"range":{"start_line":57,"start_character":4,"end_line":64,"end_character":6},"updated":"2026-05-15 14:23:54.000000000","message":"I don\u0027t think we need to add a new option here.  `generate_asymmetric()` is called when an Order is being processed.  The Order request body specifies the algorithm, and if no algorithm is specified we should return a 400 instead of assuming a default algorithm.","commit_id":"dce1d1ca7e9900031cb3b5824666370871014bb0"},{"author":{"_account_id":35125,"name":"Mauricio Harley","email":"mharley@redhat.com","username":"mharley-rh"},"change_message_id":"5f3027c4326925eecb3e8515ca413a78b3b5a95b","unresolved":false,"context_lines":[{"line_number":54,"context_line":"    cfg.StrOpt(\u0027plugin_name\u0027,"},{"line_number":55,"context_line":"               help\u003du._(\u0027User friendly plugin name\u0027),"},{"line_number":56,"context_line":"               default\u003d\u0027Software Only Crypto\u0027),"},{"line_number":57,"context_line":"    cfg.StrOpt("},{"line_number":58,"context_line":"        \u0027asymmetric_key_default_algorithm\u0027,"},{"line_number":59,"context_line":"        default\u003d\u0027RSA\u0027,"},{"line_number":60,"context_line":"        help\u003du._(\u0027Default algorithm for asymmetric key generation when the \u0027"},{"line_number":61,"context_line":"                 \u0027API request does not specify one. \u0027"},{"line_number":62,"context_line":"                 \u0027Supported values: RSA, DSA, EC. \u0027"},{"line_number":63,"context_line":"                 \u0027Note: DSA is deprecated per NIST SP 800-131A Rev.2.\u0027),"},{"line_number":64,"context_line":"    ),"},{"line_number":65,"context_line":"]"},{"line_number":66,"context_line":"CONF.register_group(simple_crypto_plugin_group)"},{"line_number":67,"context_line":"CONF.register_opts(simple_crypto_plugin_opts, group\u003dsimple_crypto_plugin_group)"}],"source_content_type":"text/x-python","patch_set":4,"id":"c6cfc2fd_a3bf4d39","line":64,"range":{"start_line":57,"start_character":4,"end_line":64,"end_character":6},"in_reply_to":"b0eeff9f_197c4224","updated":"2026-05-27 15:42:21.000000000","message":"Done. Removed the config option entirely. `generate_asymmetric()` now raises `CryptoPrivateKeyFailureException` if the algorithm is not specified in the order request, which will result in a 400 to the client. Thanks for the feedback!","commit_id":"dce1d1ca7e9900031cb3b5824666370871014bb0"}],"barbican/tests/plugin/crypto/test_crypto.py":[{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"fd45a8bec7edb3bc9724da37446e822fe4c9e97d","unresolved":true,"context_lines":[{"line_number":560,"context_line":"                                            private_dto.kek_meta_extended,"},{"line_number":561,"context_line":"                                            mock.MagicMock())"},{"line_number":562,"context_line":""},{"line_number":563,"context_line":"        private_key \u003d serialization.load_pem_private_key("},{"line_number":564,"context_line":"            data\u003dprivate_bytes,"},{"line_number":565,"context_line":"            password\u003db\u0027changeme\u0027,"},{"line_number":566,"context_line":"            backend\u003ddefault_backend()"}],"source_content_type":"text/x-python","patch_set":2,"id":"99f229ee_3b03771d","line":563,"range":{"start_line":563,"start_character":22,"end_line":563,"end_character":57},"updated":"2026-05-04 18:01:18.000000000","message":"Can we add a negative test here too.   That is attempt to load the private key either without or with bad password and catch the error.","commit_id":"73c379617671bcad6404b09aee539f8fbd286d05"},{"author":{"_account_id":35125,"name":"Mauricio Harley","email":"mharley@redhat.com","username":"mharley-rh"},"change_message_id":"7b60564fc956c73b5f3b6af5ce1d353b83521095","unresolved":false,"context_lines":[{"line_number":560,"context_line":"                                            private_dto.kek_meta_extended,"},{"line_number":561,"context_line":"                                            mock.MagicMock())"},{"line_number":562,"context_line":""},{"line_number":563,"context_line":"        private_key \u003d serialization.load_pem_private_key("},{"line_number":564,"context_line":"            data\u003dprivate_bytes,"},{"line_number":565,"context_line":"            password\u003db\u0027changeme\u0027,"},{"line_number":566,"context_line":"            backend\u003ddefault_backend()"}],"source_content_type":"text/x-python","patch_set":2,"id":"2f660a58_ba9632b3","line":563,"range":{"start_line":563,"start_character":22,"end_line":563,"end_character":57},"in_reply_to":"99f229ee_3b03771d","updated":"2026-05-06 12:48:59.000000000","message":"Done","commit_id":"73c379617671bcad6404b09aee539f8fbd286d05"},{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"fd45a8bec7edb3bc9724da37446e822fe4c9e97d","unresolved":true,"context_lines":[{"line_number":589,"context_line":"            generate_dto, kek_meta_dto, mock.MagicMock()"},{"line_number":590,"context_line":"        )"},{"line_number":591,"context_line":""},{"line_number":592,"context_line":"    def test_generate_asymmetric_uses_default_algorithm(self):"},{"line_number":593,"context_line":"        generate_dto \u003d plugin.GenerateDTO(None, 2048, None, None)"},{"line_number":594,"context_line":"        kek_meta_dto \u003d self._get_mocked_kek_meta_dto()"},{"line_number":595,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"0e769d3d_289be106","line":592,"range":{"start_line":592,"start_character":0,"end_line":592,"end_character":2},"updated":"2026-05-04 18:01:18.000000000","message":"This test silently assumes we have rsa as the default algorithm.  I would think that something that were testing the default algorithm would verify that the key that was generated would match the symmetric_key_default_algorithm.","commit_id":"73c379617671bcad6404b09aee539f8fbd286d05"},{"author":{"_account_id":35125,"name":"Mauricio Harley","email":"mharley@redhat.com","username":"mharley-rh"},"change_message_id":"7b60564fc956c73b5f3b6af5ce1d353b83521095","unresolved":false,"context_lines":[{"line_number":589,"context_line":"            generate_dto, kek_meta_dto, mock.MagicMock()"},{"line_number":590,"context_line":"        )"},{"line_number":591,"context_line":""},{"line_number":592,"context_line":"    def test_generate_asymmetric_uses_default_algorithm(self):"},{"line_number":593,"context_line":"        generate_dto \u003d plugin.GenerateDTO(None, 2048, None, None)"},{"line_number":594,"context_line":"        kek_meta_dto \u003d self._get_mocked_kek_meta_dto()"},{"line_number":595,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"dbff96e4_96331db0","line":592,"range":{"start_line":592,"start_character":0,"end_line":592,"end_character":2},"in_reply_to":"0e769d3d_289be106","updated":"2026-05-06 12:48:59.000000000","message":"Done","commit_id":"73c379617671bcad6404b09aee539f8fbd286d05"},{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"fd45a8bec7edb3bc9724da37446e822fe4c9e97d","unresolved":true,"context_lines":[{"line_number":609,"context_line":"        )"},{"line_number":610,"context_line":"        self.assertEqual(2048, private_key.key_size)"},{"line_number":611,"context_line":""},{"line_number":612,"context_line":"    def test_dsa_generates_deprecation_warning(self):"},{"line_number":613,"context_line":"        generate_dto \u003d plugin.GenerateDTO(\u0027dsa\u0027, 1024, None, None)"},{"line_number":614,"context_line":"        kek_meta_dto \u003d self._get_mocked_kek_meta_dto()"},{"line_number":615,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"9aca5c26_5ba2ea01","line":612,"range":{"start_line":612,"start_character":8,"end_line":612,"end_character":46},"updated":"2026-05-04 18:01:18.000000000","message":"See comment in SimpleCrypto code","commit_id":"73c379617671bcad6404b09aee539f8fbd286d05"},{"author":{"_account_id":35125,"name":"Mauricio Harley","email":"mharley@redhat.com","username":"mharley-rh"},"change_message_id":"7b60564fc956c73b5f3b6af5ce1d353b83521095","unresolved":false,"context_lines":[{"line_number":609,"context_line":"        )"},{"line_number":610,"context_line":"        self.assertEqual(2048, private_key.key_size)"},{"line_number":611,"context_line":""},{"line_number":612,"context_line":"    def test_dsa_generates_deprecation_warning(self):"},{"line_number":613,"context_line":"        generate_dto \u003d plugin.GenerateDTO(\u0027dsa\u0027, 1024, None, None)"},{"line_number":614,"context_line":"        kek_meta_dto \u003d self._get_mocked_kek_meta_dto()"},{"line_number":615,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"d5355d8d_29867fa6","line":612,"range":{"start_line":612,"start_character":8,"end_line":612,"end_character":46},"in_reply_to":"9aca5c26_5ba2ea01","updated":"2026-05-06 12:48:59.000000000","message":"Done","commit_id":"73c379617671bcad6404b09aee539f8fbd286d05"}]}