)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"6cc44e8c86e7b12c44058f514af96a2181dbf615","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"da1ae571_d8efd979","updated":"2024-07-15 08:46:12.000000000","message":"Hi Jens, please find my reply inline.","commit_id":"f123aec65ee6f02138b2d4b70ad5704481e8718c"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"72deb93ad5f41ffab7dbedaf80693312b4fff06c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"4c5f9852_6322a2e3","updated":"2024-06-26 19:45:23.000000000","message":"lgtm,\n\nThe new configs is enabled in\n-  https://review.opendev.org/c/openstack/cinder/+/909847\n\nand job passing fine with using the service token\n- https://zuul.opendev.org/t/openstack/build/b6682634e6b74d87b62a47670c142936","commit_id":"f123aec65ee6f02138b2d4b70ad5704481e8718c"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"007e9b9ab1651d4a885a324fc067e209db19cebd","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"11b5726b_1fde04c3","updated":"2024-04-11 06:19:22.000000000","message":"recheck the previous logs have expired. Let\u0027s get fresh result.","commit_id":"f123aec65ee6f02138b2d4b70ad5704481e8718c"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"9893a0182291142f689ba939ce38e566856c0d6b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"11e85a52_849f7692","updated":"2024-08-13 19:37:55.000000000","message":"Thanks Jens!","commit_id":"80c1605a1df9687c7d1d842b258a3d99ec2eda35"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"232b9c1ec63b50fb4b3cc792c7bcaf7da8214afc","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"4618a439_94c23831","updated":"2024-08-16 07:39:43.000000000","message":"recheck I can see similar failures in other gates as well (nova, glance)\ngoing through the build history, the issue doesn\u0027t seem to persist now\n\nhttps://zuul.opendev.org/t/openstack/builds?job_name\u003dnova-ceph-multistore","commit_id":"80c1605a1df9687c7d1d842b258a3d99ec2eda35"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"5220c182bf2593e95daaf359e1691d51c5019a0c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"125aafc7_f314b593","updated":"2024-08-14 10:23:59.000000000","message":"recheck compute tests failed that should be unrelated to this patch\n\nlet\u0027s see if enabling the service token is causing it or not\n\nrecheck image tests failed with compute \u003c-\u003e glance interaction which is unrelated to this patch\n\ntempest.api.image.v2.test_images_formats.ImagesFormatTest","commit_id":"80c1605a1df9687c7d1d842b258a3d99ec2eda35"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"014d24b9ff4ecafe3dd8832e38d143182f5f7102","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"efea5ba1_405a16c8","updated":"2024-08-16 13:46:59.000000000","message":"thx","commit_id":"80c1605a1df9687c7d1d842b258a3d99ec2eda35"}],"lib/cinder":[{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"11e9bfe08e2c7b5b33508cfff243c05074733a56","unresolved":true,"context_lines":[{"line_number":90,"context_line":""},{"line_number":91,"context_line":"# ``CINDER_USE_SERVICE_TOKEN`` is a mode where service token is passed along with"},{"line_number":92,"context_line":"# user token while communicating to external RESP API\u0027s like Glance."},{"line_number":93,"context_line":"CINDER_USE_SERVICE_TOKEN\u003d$(trueorfalse False CINDER_USE_SERVICE_TOKEN)"},{"line_number":94,"context_line":""},{"line_number":95,"context_line":"# Default backends"},{"line_number":96,"context_line":"# The backend format is type:name where type is one of the supported backend"}],"source_content_type":"application/x-shellscript","patch_set":4,"id":"0d758f76_1d7ac0c4","line":93,"updated":"2024-08-08 15:51:48.000000000","message":"I wonder whether this actually needs to be optional. What would be bad about that config section unconditionally?","commit_id":"f123aec65ee6f02138b2d4b70ad5704481e8718c"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"9893a0182291142f689ba939ce38e566856c0d6b","unresolved":false,"context_lines":[{"line_number":90,"context_line":""},{"line_number":91,"context_line":"# ``CINDER_USE_SERVICE_TOKEN`` is a mode where service token is passed along with"},{"line_number":92,"context_line":"# user token while communicating to external RESP API\u0027s like Glance."},{"line_number":93,"context_line":"CINDER_USE_SERVICE_TOKEN\u003d$(trueorfalse False CINDER_USE_SERVICE_TOKEN)"},{"line_number":94,"context_line":""},{"line_number":95,"context_line":"# Default backends"},{"line_number":96,"context_line":"# The backend format is type:name where type is one of the supported backend"}],"source_content_type":"application/x-shellscript","patch_set":4,"id":"6b7da3f8_3366b8ea","line":93,"in_reply_to":"0d758f76_1d7ac0c4","updated":"2024-08-13 19:37:55.000000000","message":"I don\u0027t think there should be an issue, we are passing an additional token in service-to-service interaction so either it will be used or ignored. should not open new vulnerabilities but if it does, we can disable it with this option.\nSetting this to True.","commit_id":"f123aec65ee6f02138b2d4b70ad5704481e8718c"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"e84b84c0ce2eec6b147f3d2fea4aa7c99ed90ca3","unresolved":true,"context_lines":[{"line_number":774,"context_line":"    iniset $CINDER_CONF service_user user_domain_name \"$SERVICE_DOMAIN_NAME\""},{"line_number":775,"context_line":"    iniset $CINDER_CONF service_user project_name \"$SERVICE_PROJECT_NAME\""},{"line_number":776,"context_line":"    iniset $CINDER_CONF service_user project_domain_name \"$SERVICE_DOMAIN_NAME\""},{"line_number":777,"context_line":"    iniset $CINDER_CONF service_user auth_strategy keystone"},{"line_number":778,"context_line":"}"},{"line_number":779,"context_line":""},{"line_number":780,"context_line":"# Restore xtrace"}],"source_content_type":"application/x-shellscript","patch_set":4,"id":"e24bfe7c_a68e01f0","line":777,"updated":"2024-07-09 16:30:52.000000000","message":"can you call configure_keystone_authtoken_middleware here and just set the additional vars that are needed? I\u0027d like to reduce duplication and make it easier to switch all auth to application credentials","commit_id":"f123aec65ee6f02138b2d4b70ad5704481e8718c"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"9893a0182291142f689ba939ce38e566856c0d6b","unresolved":false,"context_lines":[{"line_number":774,"context_line":"    iniset $CINDER_CONF service_user user_domain_name \"$SERVICE_DOMAIN_NAME\""},{"line_number":775,"context_line":"    iniset $CINDER_CONF service_user project_name \"$SERVICE_PROJECT_NAME\""},{"line_number":776,"context_line":"    iniset $CINDER_CONF service_user project_domain_name \"$SERVICE_DOMAIN_NAME\""},{"line_number":777,"context_line":"    iniset $CINDER_CONF service_user auth_strategy keystone"},{"line_number":778,"context_line":"}"},{"line_number":779,"context_line":""},{"line_number":780,"context_line":"# Restore xtrace"}],"source_content_type":"application/x-shellscript","patch_set":4,"id":"57003097_eb85aa66","line":777,"in_reply_to":"0af42473_55848789","updated":"2024-08-13 19:37:55.000000000","message":"Done","commit_id":"f123aec65ee6f02138b2d4b70ad5704481e8718c"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"11e9bfe08e2c7b5b33508cfff243c05074733a56","unresolved":true,"context_lines":[{"line_number":774,"context_line":"    iniset $CINDER_CONF service_user user_domain_name \"$SERVICE_DOMAIN_NAME\""},{"line_number":775,"context_line":"    iniset $CINDER_CONF service_user project_name \"$SERVICE_PROJECT_NAME\""},{"line_number":776,"context_line":"    iniset $CINDER_CONF service_user project_domain_name \"$SERVICE_DOMAIN_NAME\""},{"line_number":777,"context_line":"    iniset $CINDER_CONF service_user auth_strategy keystone"},{"line_number":778,"context_line":"}"},{"line_number":779,"context_line":""},{"line_number":780,"context_line":"# Restore xtrace"}],"source_content_type":"application/x-shellscript","patch_set":4,"id":"0af42473_55848789","line":777,"in_reply_to":"9d8b8b3b_d6798080","updated":"2024-08-08 15:51:48.000000000","message":"you can add a section name to the configure_keystone_authtoken_middleware invocation. and I\u0027m cleaning up the use in nova with https://review.opendev.org/c/openstack/devstack/+/923943/1/lib/nova , so that that will no longer be an example to copy from","commit_id":"f123aec65ee6f02138b2d4b70ad5704481e8718c"},{"author":{"_account_id":27615,"name":"Rajat Dhasmana","email":"rajatdhasmana@gmail.com","username":"whoami-rajat"},"change_message_id":"6cc44e8c86e7b12c44058f514af96a2181dbf615","unresolved":true,"context_lines":[{"line_number":774,"context_line":"    iniset $CINDER_CONF service_user user_domain_name \"$SERVICE_DOMAIN_NAME\""},{"line_number":775,"context_line":"    iniset $CINDER_CONF service_user project_name \"$SERVICE_PROJECT_NAME\""},{"line_number":776,"context_line":"    iniset $CINDER_CONF service_user project_domain_name \"$SERVICE_DOMAIN_NAME\""},{"line_number":777,"context_line":"    iniset $CINDER_CONF service_user auth_strategy keystone"},{"line_number":778,"context_line":"}"},{"line_number":779,"context_line":""},{"line_number":780,"context_line":"# Restore xtrace"}],"source_content_type":"application/x-shellscript","patch_set":4,"id":"9d8b8b3b_d6798080","line":777,"in_reply_to":"e24bfe7c_a68e01f0","updated":"2024-07-15 08:46:12.000000000","message":"Sorry i didn\u0027t understand. IIUC, configure_keystone_authtoken_middleware is used to set config options in [keystone_authtoken] section[1] whereas here I\u0027m adding config for the [service_user] section.\nAlso I\u0027ve followed the same approach as nova[2] as how they have defined these options. They are needed for service-to-service communication between glance and cinder here.\n\n[1] https://github.com/openstack/devstack/blob/master/lib/keystone#L454\n[2] https://github.com/openstack/devstack/blob/master/lib/nova#L835-L845","commit_id":"f123aec65ee6f02138b2d4b70ad5704481e8718c"}]}