)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":28522,"name":"Hervé Beraud","email":"herveberaud.pro@gmail.com","username":"hberaud"},"change_message_id":"b8783e80e700ae7fb7756ebd67ace2e24514b8a6","unresolved":false,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"add \"verify_ssl_path\" config for barbican key manager"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Now we cann\u0027t use the verify_ssl if we set True, so we"},{"line_number":10,"context_line":"add the \"verify_ssl_path\" config to solve it."},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"Closes-Bug: #1876102"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":6,"id":"ff570b3c_45ad1030","line":9,"range":{"start_line":9,"start_character":7,"end_line":9,"end_character":11},"updated":"2020-05-25 12:08:01.000000000","message":"nits","commit_id":"89f311dfbd264a5d4309ea1ca4283f2746d6fa24"}],"castellan/key_manager/barbican_key_manager.py":[{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"4d7170125249d01457f6a7148d238e4162e4ca9e","unresolved":false,"context_lines":[{"line_number":61,"context_line":"               default\u003d60,"},{"line_number":62,"context_line":"               help\u003d\u0027Number of times to retry poll for key creation \u0027"},{"line_number":63,"context_line":"                    \u0027completion\u0027),"},{"line_number":64,"context_line":"    cfg.StrOpt(\u0027verify_ssl\u0027,"},{"line_number":65,"context_line":"               default\u003dTrue,"},{"line_number":66,"context_line":"               help\u003d\u0027The verification arguments to pass to requests. These \u0027"},{"line_number":67,"context_line":"                    \u0027are of the same form as requests expects, so True or \u0027"}],"source_content_type":"text/x-python","patch_set":3,"id":"1f493fa4_4187cdb7","line":64,"updated":"2020-05-05 09:49:20.000000000","message":"This is currently passed directly through to \u0027keystoneauth1.session.Session\u0027 and you\u0027re trying to maintain that pattern they are using. However, that pattern is confusing because the option can be a boolean, a string, or none [1]. Instead of copying this pattern, how about you add a new parameter here? Something like \u0027verify_ssl_path\u0027, which is a \u0027StrOpt\u0027 that defaults to None. If \u0027verify_ssl\u0027 is False, \u0027verify_ssl_path\u0027 would be ignored. If \u0027verify_ssl\u0027 is True, \u0027verify_ssl_path\u0027 will be used if available. You could call \u0027Session\u0027 like so:\n\n  sess \u003d session.Session(\n      auth\u003dauth,\n      verify\u003dverify_ssl and verify_ssl_path or verify_ssl,\n  )\n\nWhich I think is correct since a value of None (which would happen if \u0027verify_ssl\u003dTrue\u0027 and \u0027verify_ssl_path\u003dNone\u0027) should indicate \"for requests to attempt to locate and use certificates\" [2]\n\n[1] https://github.com/openstack/keystoneauth/blob/1bffde331/keystoneauth1/session.py#L280-L285\n[2] https://github.com/openstack/keystoneauth/blob/1bffde331/keystoneauth1/session.py#L482-L485","commit_id":"2b0dfcd7cf84c0e60d5a695872a5bb3a72015751"},{"author":{"_account_id":27594,"name":"Jie Li","email":"lijie@unitedstack.com","username":"ramboman"},"change_message_id":"c9327fc725a82a568c117fd975e738b5ba6d83f5","unresolved":false,"context_lines":[{"line_number":61,"context_line":"               default\u003d60,"},{"line_number":62,"context_line":"               help\u003d\u0027Number of times to retry poll for key creation \u0027"},{"line_number":63,"context_line":"                    \u0027completion\u0027),"},{"line_number":64,"context_line":"    cfg.StrOpt(\u0027verify_ssl\u0027,"},{"line_number":65,"context_line":"               default\u003dTrue,"},{"line_number":66,"context_line":"               help\u003d\u0027The verification arguments to pass to requests. These \u0027"},{"line_number":67,"context_line":"                    \u0027are of the same form as requests expects, so True or \u0027"}],"source_content_type":"text/x-python","patch_set":3,"id":"1f493fa4_04bdc167","line":64,"in_reply_to":"1f493fa4_4187cdb7","updated":"2020-05-06 04:57:05.000000000","message":"yes ,you are right.","commit_id":"2b0dfcd7cf84c0e60d5a695872a5bb3a72015751"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"e62a081180224ce59215ca10be78635ac3d5f177","unresolved":false,"context_lines":[{"line_number":65,"context_line":"                default\u003dTrue,"},{"line_number":66,"context_line":"                help\u003d\u0027Specifies if insecure TLS (https) requests. If False, \u0027"},{"line_number":67,"context_line":"                     \u0027the server\\\u0027s certificate will not be validated, if \u0027"},{"line_number":68,"context_line":"                     \u0027True, we have to set the verify_ssl_path config. \u0027),"},{"line_number":69,"context_line":"    cfg.StrOpt(\u0027verify_ssl_path\u0027,"},{"line_number":70,"context_line":"               default\u003dNone,"},{"line_number":71,"context_line":"               help\u003d\u0027A path to a bundle or CA certs to check against, or\u0027"}],"source_content_type":"text/x-python","patch_set":4,"id":"1f493fa4_fc494532","line":68,"range":{"start_line":68,"start_character":28,"end_line":68,"end_character":70},"updated":"2020-05-06 10:52:10.000000000","message":"This isn\u0027t true. You don\u0027t *have* to set it.","commit_id":"7f7df84e6f5dbdfc211ab91047c335c6b9a85be4"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"e62a081180224ce59215ca10be78635ac3d5f177","unresolved":false,"context_lines":[{"line_number":65,"context_line":"                default\u003dTrue,"},{"line_number":66,"context_line":"                help\u003d\u0027Specifies if insecure TLS (https) requests. If False, \u0027"},{"line_number":67,"context_line":"                     \u0027the server\\\u0027s certificate will not be validated, if \u0027"},{"line_number":68,"context_line":"                     \u0027True, we have to set the verify_ssl_path config. \u0027),"},{"line_number":69,"context_line":"    cfg.StrOpt(\u0027verify_ssl_path\u0027,"},{"line_number":70,"context_line":"               default\u003dNone,"},{"line_number":71,"context_line":"               help\u003d\u0027A path to a bundle or CA certs to check against, or\u0027"}],"source_content_type":"text/x-python","patch_set":4,"id":"1f493fa4_3c544dca","line":68,"range":{"start_line":68,"start_character":70,"end_line":68,"end_character":71},"updated":"2020-05-06 10:52:10.000000000","message":"Trailing whitespace","commit_id":"7f7df84e6f5dbdfc211ab91047c335c6b9a85be4"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"e62a081180224ce59215ca10be78635ac3d5f177","unresolved":false,"context_lines":[{"line_number":68,"context_line":"                     \u0027True, we have to set the verify_ssl_path config. \u0027),"},{"line_number":69,"context_line":"    cfg.StrOpt(\u0027verify_ssl_path\u0027,"},{"line_number":70,"context_line":"               default\u003dNone,"},{"line_number":71,"context_line":"               help\u003d\u0027A path to a bundle or CA certs to check against, or\u0027"},{"line_number":72,"context_line":"                    \u0027 None for requests to attempt to locate and use \u0027"},{"line_number":73,"context_line":"                    \u0027certificates\u0027),"},{"line_number":74,"context_line":"    cfg.StrOpt(\u0027barbican_endpoint_type\u0027,"}],"source_content_type":"text/x-python","patch_set":4,"id":"1f493fa4_7c0415c7","line":71,"range":{"start_line":71,"start_character":72,"end_line":71,"end_character":73},"updated":"2020-05-06 10:52:10.000000000","message":"Can you put the whitespace at the end of the line instead of the beginning of the next line","commit_id":"7f7df84e6f5dbdfc211ab91047c335c6b9a85be4"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"e62a081180224ce59215ca10be78635ac3d5f177","unresolved":false,"context_lines":[{"line_number":70,"context_line":"               default\u003dNone,"},{"line_number":71,"context_line":"               help\u003d\u0027A path to a bundle or CA certs to check against, or\u0027"},{"line_number":72,"context_line":"                    \u0027 None for requests to attempt to locate and use \u0027"},{"line_number":73,"context_line":"                    \u0027certificates\u0027),"},{"line_number":74,"context_line":"    cfg.StrOpt(\u0027barbican_endpoint_type\u0027,"},{"line_number":75,"context_line":"               default\u003d\u0027public\u0027,"},{"line_number":76,"context_line":"               choices\u003d[\u0027public\u0027, \u0027internal\u0027, \u0027admin\u0027],"}],"source_content_type":"text/x-python","patch_set":4,"id":"1f493fa4_9c5c81ee","line":73,"range":{"start_line":73,"start_character":33,"end_line":73,"end_character":34},"updated":"2020-05-06 10:52:10.000000000","message":". Ignored if verify_ssl\u003dFalse.","commit_id":"7f7df84e6f5dbdfc211ab91047c335c6b9a85be4"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"e62a081180224ce59215ca10be78635ac3d5f177","unresolved":false,"context_lines":[{"line_number":118,"context_line":"            verify_ssl \u003d self.conf.barbican.verify_ssl"},{"line_number":119,"context_line":"            verify_ssl_path \u003d self.conf.barbican.verify_ssl_path"},{"line_number":120,"context_line":"            verify \u003d verify_ssl and verify_ssl_path or verify_ssl"},{"line_number":121,"context_line":"            sess \u003d session.Session(auth\u003dauth,"},{"line_number":122,"context_line":"                                   verify\u003dverify)"},{"line_number":123,"context_line":""},{"line_number":124,"context_line":"            self._barbican_endpoint \u003d self._get_barbican_endpoint(auth, sess)"},{"line_number":125,"context_line":"            self._barbican_client \u003d barbican_client_import.Client("}],"source_content_type":"text/x-python","patch_set":4,"id":"1f493fa4_5c0799ca","line":122,"range":{"start_line":121,"start_character":45,"end_line":122,"end_character":35},"updated":"2020-05-06 10:52:10.000000000","message":"nit: Can you merge these onto one line now?","commit_id":"7f7df84e6f5dbdfc211ab91047c335c6b9a85be4"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"972e96d80d7cce6dd44832f9fc3aa900c5ebd17f","unresolved":false,"context_lines":[{"line_number":71,"context_line":"               help\u003d\u0027A path to a bundle or CA certs to check against, or \u0027"},{"line_number":72,"context_line":"                    \u0027None for requests to attempt to locate and use \u0027"},{"line_number":73,"context_line":"                    \u0027certificates which verify_ssh is True. If verify_ssl \u0027"},{"line_number":74,"context_line":"                    \u0027is False, we could ignore this.\u0027),"},{"line_number":75,"context_line":"    cfg.StrOpt(\u0027barbican_endpoint_type\u0027,"},{"line_number":76,"context_line":"               default\u003d\u0027public\u0027,"},{"line_number":77,"context_line":"               choices\u003d[\u0027public\u0027, \u0027internal\u0027, \u0027admin\u0027],"}],"source_content_type":"text/x-python","patch_set":5,"id":"1f493fa4_ad72e9ab","line":74,"range":{"start_line":74,"start_character":31,"end_line":74,"end_character":51},"updated":"2020-05-06 13:27:29.000000000","message":"this is ignored.\n\n(the way it\u0027s worded at the moment doesn\u0027t make sense)","commit_id":"4003c4c1c1cfcb8631825a85b7ffbe8fde341c19"}],"releasenotes/notes/bug-1876102-7c7288fb6e90b11d.yaml":[{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"e62a081180224ce59215ca10be78635ac3d5f177","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"fixes:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    fix the CA certs couldn\u0027t be use problem. So we add a new parameter"},{"line_number":5,"context_line":"    \"verify_ssl_path\", which is a \u0027StrOpt\u0027 that defaults to None."}],"source_content_type":"text/x-yaml","patch_set":4,"id":"1f493fa4_5c30399f","line":5,"range":{"start_line":4,"start_character":4,"end_line":5,"end_character":65},"updated":"2020-05-06 10:52:10.000000000","message":"How about:\n\n  Add a new parameter, ``verify_ssl_path``, that can be used to\n  configure the path to CA certs when verifying requests to\n  Barbican.","commit_id":"7f7df84e6f5dbdfc211ab91047c335c6b9a85be4"}]}