)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"04a0ae8301ee3af038a7dc87e0832b9cfd74b62c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"8c24feb7_4c47f0b2","updated":"2023-05-18 09:26:20.000000000","message":"Few comments inline. IMO the problem that operators are facing here is the distinction between, service token, service role, service user terminologies, which are now well explained but i can see the reason for their confusion.","commit_id":"48e0fca2ce114b74a904d29257bd084a76c65e0e"},{"author":{"_account_id":34275,"name":"Jorge Merlino","email":"jorge.merlino@canonical.com","username":"drencrom"},"change_message_id":"3c66c37dd508a4adef70a7e68174aee5af443df0","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"35d3f121_0637e828","updated":"2023-05-17 15:05:38.000000000","message":"LGTM","commit_id":"48e0fca2ce114b74a904d29257bd084a76c65e0e"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"9eeb87aefa2ecc9cb2cc13ce62bfb5f6dc5aea45","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"4081f6bb_b1f80078","updated":"2023-05-17 14:15:05.000000000","message":"Thanks, Gorka.  This is very clear.  Just caught one typo, and I have a suggestion to add something to the top of the document.","commit_id":"48e0fca2ce114b74a904d29257bd084a76c65e0e"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"30ef42f58dfbfab76eef8b6b0d67b0d5f474b351","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"693cdff0_9bf3f0b5","updated":"2023-05-23 12:21:14.000000000","message":"One nit noted inline, but this LGTM.  I think it would be good to get it published and then follow up with clarifications if necessary.","commit_id":"18b7a4796de6270d43d38d5d0ccd1a293c13e9fb"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"8dfece080cf7f618cb0850caafbd299481ad52cc","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"b803cdc8_f51d184f","updated":"2023-05-23 15:59:31.000000000","message":"Caught one final typo (noted inline).  Otherwise, this looks ready to go.","commit_id":"2c61f04b208abcb68e279c0b4ad735f9d6a3260d"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"03c50b06e044da7a9a74213a01fc64d49e6d9b25","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"4a267e3c_4fc614af","updated":"2023-05-24 11:37:20.000000000","message":"All my comments (and Rajat\u0027s) have been addressed.  Ninja-approving a docs change.","commit_id":"1101402b8fda7423b41b2f2e078f8f5a1d2bb4bd"}],"doc/source/configuration/block-storage/service-token.rst":[{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"9eeb87aefa2ecc9cb2cc13ce62bfb5f6dc5aea45","unresolved":true,"context_lines":[{"line_number":1,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":2,"context_line":"Using service tokens"},{"line_number":3,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":4,"context_line":""},{"line_number":5,"context_line":"When a user initiates a request whose processing involves multiple services"},{"line_number":6,"context_line":"(for example, a boot-from-volume request to the Compute Service will require"},{"line_number":7,"context_line":"processing by the Block Storage Service, and may require processing by the"}],"source_content_type":"text/x-rst","patch_set":1,"id":"e35784c2_d4946e3b","line":4,"updated":"2023-05-17 14:15:05.000000000","message":"Let\u0027s add a note up here similar to what you added to the index page for people who come directly to this page:\n\n```\n.. warning::\n\n   For all OpenStack releases after 2023-05-10, it is **required** that\n   Nova be configured to send a service token to Cinder (and Cinder, of\n   course must to be configured to receive service tokens).  This is \n   required by the fix for `CVE-2023-2088 \u003c\n   https://nvd.nist.gov/vuln/detail/CVE-2023-2088\u003e`_.  See\n   `OSSA-2023-003 \u003chttps://security.openstack.org/ossa/OSSA-2023-003.html\u003e`_\n   for details.\n```","commit_id":"48e0fca2ce114b74a904d29257bd084a76c65e0e"},{"author":{"_account_id":9535,"name":"Gorka Eguileor","email":"geguileo@redhat.com","username":"Gorka"},"change_message_id":"032fd94d20a66fba6d6e00c102274b47f425c2e7","unresolved":false,"context_lines":[{"line_number":1,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":2,"context_line":"Using service tokens"},{"line_number":3,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":4,"context_line":""},{"line_number":5,"context_line":"When a user initiates a request whose processing involves multiple services"},{"line_number":6,"context_line":"(for example, a boot-from-volume request to the Compute Service will require"},{"line_number":7,"context_line":"processing by the Block Storage Service, and may require processing by the"}],"source_content_type":"text/x-rst","patch_set":1,"id":"808f8eee_e12e4986","line":4,"in_reply_to":"e35784c2_d4946e3b","updated":"2023-05-19 08:32:18.000000000","message":"Done","commit_id":"48e0fca2ce114b74a904d29257bd084a76c65e0e"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"04a0ae8301ee3af038a7dc87e0832b9cfd74b62c","unresolved":true,"context_lines":[{"line_number":56,"context_line":"Cinder, to send a \"service token\" along with the user\u0027s token when it makes a"},{"line_number":57,"context_line":"request to another service, you must do the following:"},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"1. Configure the services to send the token when calling other OpenStack"},{"line_number":60,"context_line":"   services."},{"line_number":61,"context_line":"2. Configure the users as service roles."},{"line_number":62,"context_line":"3. Configure the services to expect the token and validate it appropriately on"},{"line_number":63,"context_line":"   reception."},{"line_number":64,"context_line":""},{"line_number":65,"context_line":"Send service token"},{"line_number":66,"context_line":"^^^^^^^^^^^^^^^^^^"}],"source_content_type":"text/x-rst","patch_set":1,"id":"949a550c_49c46382","line":63,"range":{"start_line":59,"start_character":0,"end_line":63,"end_character":13},"updated":"2023-05-18 09:26:20.000000000","message":"here \"services\" is used multiple times in different contexts. can we just indicate which \"services\" are referring to in different points. like, \"sender service\" and \"receiver service\" or any similar terminology. Then the points would be modified to,\n\n1. Configure the \"sender\" services to send the token when calling other OpenStack\n   \"receiver\" services.\n2. Configure the users as service roles.\n3. Configure the \"receiver\" services to expect the token and validate it appropriately.","commit_id":"48e0fca2ce114b74a904d29257bd084a76c65e0e"},{"author":{"_account_id":9535,"name":"Gorka Eguileor","email":"geguileo@redhat.com","username":"Gorka"},"change_message_id":"479e9fe5b2475794c1d017285b5f8d0c61fd2d8a","unresolved":false,"context_lines":[{"line_number":56,"context_line":"Cinder, to send a \"service token\" along with the user\u0027s token when it makes a"},{"line_number":57,"context_line":"request to another service, you must do the following:"},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"1. Configure the services to send the token when calling other OpenStack"},{"line_number":60,"context_line":"   services."},{"line_number":61,"context_line":"2. Configure the users as service roles."},{"line_number":62,"context_line":"3. Configure the services to expect the token and validate it appropriately on"},{"line_number":63,"context_line":"   reception."},{"line_number":64,"context_line":""},{"line_number":65,"context_line":"Send service token"},{"line_number":66,"context_line":"^^^^^^^^^^^^^^^^^^"}],"source_content_type":"text/x-rst","patch_set":1,"id":"c386f072_2a414570","line":63,"range":{"start_line":59,"start_character":0,"end_line":63,"end_character":13},"in_reply_to":"949a550c_49c46382","updated":"2023-05-19 08:27:38.000000000","message":"In my opinion it\u0027s clear that if we say \"the services to send\" it\u0027s a sender, and \"services to expect\" it\u0027s the receiver, but I\u0027ll change it.","commit_id":"48e0fca2ce114b74a904d29257bd084a76c65e0e"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"04a0ae8301ee3af038a7dc87e0832b9cfd74b62c","unresolved":true,"context_lines":[{"line_number":105,"context_line":"even have multiple service roles.  For simplicity\u0027s sake we recommend having"},{"line_number":106,"context_line":"just one, ``service``."},{"line_number":107,"context_line":""},{"line_number":108,"context_line":"We need to make sure that the users we used in the different ``[service_user]``"},{"line_number":109,"context_line":"sections all have our service role."},{"line_number":110,"context_line":""},{"line_number":111,"context_line":"Assuming our users are ``nova`` and ``cinder`` from the ``service`` project and"},{"line_number":112,"context_line":"the service role is going to be the default ``service``, we first check"}],"source_content_type":"text/x-rst","patch_set":1,"id":"b66f6f8a_9603eb03","line":109,"range":{"start_line":108,"start_character":26,"end_line":109,"end_character":35},"updated":"2023-05-18 09:26:20.000000000","message":"the user configured in the ``[service_user]`` for a project should have the service role.","commit_id":"48e0fca2ce114b74a904d29257bd084a76c65e0e"},{"author":{"_account_id":9535,"name":"Gorka Eguileor","email":"geguileo@redhat.com","username":"Gorka"},"change_message_id":"479e9fe5b2475794c1d017285b5f8d0c61fd2d8a","unresolved":false,"context_lines":[{"line_number":105,"context_line":"even have multiple service roles.  For simplicity\u0027s sake we recommend having"},{"line_number":106,"context_line":"just one, ``service``."},{"line_number":107,"context_line":""},{"line_number":108,"context_line":"We need to make sure that the users we used in the different ``[service_user]``"},{"line_number":109,"context_line":"sections all have our service role."},{"line_number":110,"context_line":""},{"line_number":111,"context_line":"Assuming our users are ``nova`` and ``cinder`` from the ``service`` project and"},{"line_number":112,"context_line":"the service role is going to be the default ``service``, we first check"}],"source_content_type":"text/x-rst","patch_set":1,"id":"c15dd820_b6e224af","line":109,"range":{"start_line":108,"start_character":26,"end_line":109,"end_character":35},"in_reply_to":"b66f6f8a_9603eb03","updated":"2023-05-19 08:27:38.000000000","message":"Done","commit_id":"48e0fca2ce114b74a904d29257bd084a76c65e0e"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"04a0ae8301ee3af038a7dc87e0832b9cfd74b62c","unresolved":true,"context_lines":[{"line_number":153,"context_line":"``service_token_roles_required``."},{"line_number":154,"context_line":""},{"line_number":155,"context_line":"The ``service_token_roles`` contains a list of roles that we consider to belong"},{"line_number":156,"context_line":"to services.  The serve user must belong to at least one of them to be"},{"line_number":157,"context_line":"considered a valid service token.  The value defaults to ``service``, so we"},{"line_number":158,"context_line":"don\u0027t need to set it if that\u0027s the value we are using."},{"line_number":159,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"7ab93599_b81e2fed","line":156,"range":{"start_line":156,"start_character":18,"end_line":156,"end_character":23},"updated":"2023-05-18 09:26:20.000000000","message":"nit: service","commit_id":"48e0fca2ce114b74a904d29257bd084a76c65e0e"},{"author":{"_account_id":9535,"name":"Gorka Eguileor","email":"geguileo@redhat.com","username":"Gorka"},"change_message_id":"479e9fe5b2475794c1d017285b5f8d0c61fd2d8a","unresolved":false,"context_lines":[{"line_number":153,"context_line":"``service_token_roles_required``."},{"line_number":154,"context_line":""},{"line_number":155,"context_line":"The ``service_token_roles`` contains a list of roles that we consider to belong"},{"line_number":156,"context_line":"to services.  The serve user must belong to at least one of them to be"},{"line_number":157,"context_line":"considered a valid service token.  The value defaults to ``service``, so we"},{"line_number":158,"context_line":"don\u0027t need to set it if that\u0027s the value we are using."},{"line_number":159,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"48d7a8ea_ff0b9738","line":156,"range":{"start_line":156,"start_character":18,"end_line":156,"end_character":23},"in_reply_to":"7ab93599_b81e2fed","updated":"2023-05-19 08:27:38.000000000","message":"Done","commit_id":"48e0fca2ce114b74a904d29257bd084a76c65e0e"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"9eeb87aefa2ecc9cb2cc13ce62bfb5f6dc5aea45","unresolved":true,"context_lines":[{"line_number":157,"context_line":"considered a valid service token.  The value defaults to ``service``, so we"},{"line_number":158,"context_line":"don\u0027t need to set it if that\u0027s the value we are using."},{"line_number":159,"context_line":""},{"line_number":160,"context_line":"Now we need to tell the keyston middleware to actually validate the service"},{"line_number":161,"context_line":"token and confirm that it\u0027s not only a valid token, but that it has one of the"},{"line_number":162,"context_line":"roles set in ``service_token_roles``. We do this by setting"},{"line_number":163,"context_line":"``service_token_roles_required`` to ``true``."}],"source_content_type":"text/x-rst","patch_set":1,"id":"3f089e84_0e732784","line":160,"range":{"start_line":160,"start_character":24,"end_line":160,"end_character":31},"updated":"2023-05-17 14:15:05.000000000","message":"keystone","commit_id":"48e0fca2ce114b74a904d29257bd084a76c65e0e"},{"author":{"_account_id":9535,"name":"Gorka Eguileor","email":"geguileo@redhat.com","username":"Gorka"},"change_message_id":"479e9fe5b2475794c1d017285b5f8d0c61fd2d8a","unresolved":false,"context_lines":[{"line_number":157,"context_line":"considered a valid service token.  The value defaults to ``service``, so we"},{"line_number":158,"context_line":"don\u0027t need to set it if that\u0027s the value we are using."},{"line_number":159,"context_line":""},{"line_number":160,"context_line":"Now we need to tell the keyston middleware to actually validate the service"},{"line_number":161,"context_line":"token and confirm that it\u0027s not only a valid token, but that it has one of the"},{"line_number":162,"context_line":"roles set in ``service_token_roles``. We do this by setting"},{"line_number":163,"context_line":"``service_token_roles_required`` to ``true``."}],"source_content_type":"text/x-rst","patch_set":1,"id":"b65044b7_5b1a4177","line":160,"range":{"start_line":160,"start_character":24,"end_line":160,"end_character":31},"in_reply_to":"3f089e84_0e732784","updated":"2023-05-19 08:27:38.000000000","message":"Done","commit_id":"48e0fca2ce114b74a904d29257bd084a76c65e0e"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"9eeb87aefa2ecc9cb2cc13ce62bfb5f6dc5aea45","unresolved":true,"context_lines":[{"line_number":186,"context_line":"    section above."},{"line_number":187,"context_line":""},{"line_number":188,"context_line":"    .. note::"},{"line_number":189,"context_line":"       As of the Train release, Glance does not have the ability to pass"},{"line_number":190,"context_line":"       service tokens.  It can receive them, though.  The place where you may"},{"line_number":191,"context_line":"       still see a long running failure is when Glance is using a backend that"},{"line_number":192,"context_line":"       requires Keystone validation (for example, the Swift backend) and the"}],"source_content_type":"text/x-rst","patch_set":1,"id":"210a9762_5a6fae07","line":189,"range":{"start_line":189,"start_character":17,"end_line":189,"end_character":22},"updated":"2023-05-17 14:15:05.000000000","message":"Might as well update this to 2023.1","commit_id":"48e0fca2ce114b74a904d29257bd084a76c65e0e"},{"author":{"_account_id":9535,"name":"Gorka Eguileor","email":"geguileo@redhat.com","username":"Gorka"},"change_message_id":"479e9fe5b2475794c1d017285b5f8d0c61fd2d8a","unresolved":false,"context_lines":[{"line_number":186,"context_line":"    section above."},{"line_number":187,"context_line":""},{"line_number":188,"context_line":"    .. note::"},{"line_number":189,"context_line":"       As of the Train release, Glance does not have the ability to pass"},{"line_number":190,"context_line":"       service tokens.  It can receive them, though.  The place where you may"},{"line_number":191,"context_line":"       still see a long running failure is when Glance is using a backend that"},{"line_number":192,"context_line":"       requires Keystone validation (for example, the Swift backend) and the"}],"source_content_type":"text/x-rst","patch_set":1,"id":"ab8c2370_945220f6","line":189,"range":{"start_line":189,"start_character":17,"end_line":189,"end_character":22},"in_reply_to":"210a9762_5a6fae07","updated":"2023-05-19 08:27:38.000000000","message":"I have rephrased it, hope it\u0027s good enough.","commit_id":"48e0fca2ce114b74a904d29257bd084a76c65e0e"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"30ef42f58dfbfab76eef8b6b0d67b0d5f474b351","unresolved":true,"context_lines":[{"line_number":195,"context_line":"    section above."},{"line_number":196,"context_line":""},{"line_number":197,"context_line":"    .. note::"},{"line_number":198,"context_line":"       In the Train release Glance removed the feature of passsing service"},{"line_number":199,"context_line":"       tokens to other OpenStack services.  It can receive them, though.  The"},{"line_number":200,"context_line":"       place where you may still see a long running failure is when Glance is"},{"line_number":201,"context_line":"       using a backend that requires Keystone validation (for example, the"}],"source_content_type":"text/x-rst","patch_set":3,"id":"a548fa73_fc7f89cd","line":198,"range":{"start_line":198,"start_character":28,"end_line":198,"end_character":42},"updated":"2023-05-23 12:21:14.000000000","message":"This isn\u0027t quite right, Glance never had this ability.  The point of mentioning the release is that Glance doesn\u0027t always update us of what they\u0027ve been up to, so basically what we\u0027re saying here is that the last time we checked (which is 2023.1), Glance didn\u0027t have this ability, implying that if you\u0027re reading this after 2023.1, you might want to check the Glance docs to see if this statement is still accurate.","commit_id":"18b7a4796de6270d43d38d5d0ccd1a293c13e9fb"},{"author":{"_account_id":9535,"name":"Gorka Eguileor","email":"geguileo@redhat.com","username":"Gorka"},"change_message_id":"c22d649024258d7b546ea06a1a752c5c1d3ed156","unresolved":false,"context_lines":[{"line_number":195,"context_line":"    section above."},{"line_number":196,"context_line":""},{"line_number":197,"context_line":"    .. note::"},{"line_number":198,"context_line":"       In the Train release Glance removed the feature of passsing service"},{"line_number":199,"context_line":"       tokens to other OpenStack services.  It can receive them, though.  The"},{"line_number":200,"context_line":"       place where you may still see a long running failure is when Glance is"},{"line_number":201,"context_line":"       using a backend that requires Keystone validation (for example, the"}],"source_content_type":"text/x-rst","patch_set":3,"id":"003359bd_882308ba","line":198,"range":{"start_line":198,"start_character":28,"end_line":198,"end_character":42},"in_reply_to":"a548fa73_fc7f89cd","updated":"2023-05-23 14:20:41.000000000","message":"Ooooooh, my bad, I\u0027ll fix it.","commit_id":"18b7a4796de6270d43d38d5d0ccd1a293c13e9fb"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"8dfece080cf7f618cb0850caafbd299481ad52cc","unresolved":true,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"   For all OpenStack releases after 2023-05-10, it is **required** that Nova be"},{"line_number":8,"context_line":"   configured to send a service token to Cinder and Cinder to receive it"},{"line_number":9,"context_line":"   service tokens).  This is required by the fix for `CVE-2023-2088"},{"line_number":10,"context_line":"   \u003chttps://nvd.nist.gov/vuln/detail/CVE-2023-2088\u003e`_.  See"},{"line_number":11,"context_line":"   `OSSA-2023-003 \u003chttps://security.openstack.org/ossa/OSSA-2023-003.html\u003e`_"},{"line_number":12,"context_line":"   for details."}],"source_content_type":"text/x-rst","patch_set":4,"id":"6fee787f_f46e9869","line":9,"range":{"start_line":9,"start_character":3,"end_line":9,"end_character":18},"updated":"2023-05-23 15:59:31.000000000","message":"This looks left over from a previous edit.","commit_id":"2c61f04b208abcb68e279c0b4ad735f9d6a3260d"},{"author":{"_account_id":9535,"name":"Gorka Eguileor","email":"geguileo@redhat.com","username":"Gorka"},"change_message_id":"14f384bca98e9d9bc01c96f690f684ab30b1a98a","unresolved":false,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"   For all OpenStack releases after 2023-05-10, it is **required** that Nova be"},{"line_number":8,"context_line":"   configured to send a service token to Cinder and Cinder to receive it"},{"line_number":9,"context_line":"   service tokens).  This is required by the fix for `CVE-2023-2088"},{"line_number":10,"context_line":"   \u003chttps://nvd.nist.gov/vuln/detail/CVE-2023-2088\u003e`_.  See"},{"line_number":11,"context_line":"   `OSSA-2023-003 \u003chttps://security.openstack.org/ossa/OSSA-2023-003.html\u003e`_"},{"line_number":12,"context_line":"   for details."}],"source_content_type":"text/x-rst","patch_set":4,"id":"6549cdb5_3c845793","line":9,"range":{"start_line":9,"start_character":3,"end_line":9,"end_character":18},"in_reply_to":"6fee787f_f46e9869","updated":"2023-05-24 08:17:02.000000000","message":"Done","commit_id":"2c61f04b208abcb68e279c0b4ad735f9d6a3260d"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"8dfece080cf7f618cb0850caafbd299481ad52cc","unresolved":true,"context_lines":[{"line_number":67,"context_line":""},{"line_number":68,"context_line":"1. Configure the \"sender\" services to send the token when calling other"},{"line_number":69,"context_line":"   OpenStack services."},{"line_number":70,"context_line":"2. Configure the users as service roles."},{"line_number":71,"context_line":"3. Configure the \"receiver\" services to expect the token and validate it"},{"line_number":72,"context_line":"   appropriately on reception."},{"line_number":73,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"da38106f_f6e3fd40","line":70,"range":{"start_line":70,"start_character":17,"end_line":70,"end_character":40},"updated":"2023-05-23 15:59:31.000000000","message":"I think this would be more clear as \"Configure each service\u0027s user to have a service role in Keystone\", but maybe it\u0027s fine the way it is.","commit_id":"2c61f04b208abcb68e279c0b4ad735f9d6a3260d"},{"author":{"_account_id":9535,"name":"Gorka Eguileor","email":"geguileo@redhat.com","username":"Gorka"},"change_message_id":"14f384bca98e9d9bc01c96f690f684ab30b1a98a","unresolved":false,"context_lines":[{"line_number":67,"context_line":""},{"line_number":68,"context_line":"1. Configure the \"sender\" services to send the token when calling other"},{"line_number":69,"context_line":"   OpenStack services."},{"line_number":70,"context_line":"2. Configure the users as service roles."},{"line_number":71,"context_line":"3. Configure the \"receiver\" services to expect the token and validate it"},{"line_number":72,"context_line":"   appropriately on reception."},{"line_number":73,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"44766f5f_13303895","line":70,"range":{"start_line":70,"start_character":17,"end_line":70,"end_character":40},"in_reply_to":"da38106f_f6e3fd40","updated":"2023-05-24 08:17:02.000000000","message":"Done","commit_id":"2c61f04b208abcb68e279c0b4ad735f9d6a3260d"}]}