)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":28271,"name":"Josephine Seifert","email":"josephine.seifert@cloudandheat.com","username":"josei"},"change_message_id":"961a9c5658cb72b98e2ac780d0331904ab458dd6","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"6139e5e4_b35cefe7","updated":"2024-02-12 10:17:10.000000000","message":"I will look through the rest in another update","commit_id":"963692aad98ef67e57ed71a3920df994695ad715"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"5500c7e4ed19611ca97ebd5f9387e8bb8f32ebbc","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"3e96255c_8933a25a","updated":"2024-01-10 05:35:03.000000000","message":"Thank you for working on this.\n\nThis should need additional tests to cover registration/unregistration of secret consumer also functional/tempest test to verify this is working as expected should be good to have.","commit_id":"963692aad98ef67e57ed71a3920df994695ad715"}],"glance/api/v2/images.py":[{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"5500c7e4ed19611ca97ebd5f9387e8bb8f32ebbc","unresolved":true,"context_lines":[{"line_number":128,"context_line":"        except castellan_exception.KeyManagerError as e:"},{"line_number":129,"context_line":"            msg \u003d (\"Unable to register image as secret consumer: %s\" %"},{"line_number":130,"context_line":"                   e.message)"},{"line_number":131,"context_line":"            raise webob.exc.HTTPServerError(explanation\u003dmsg)"},{"line_number":132,"context_line":""},{"line_number":133,"context_line":"        return"},{"line_number":134,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"01180d12_ecd51f43","line":131,"range":{"start_line":131,"start_character":28,"end_line":131,"end_character":43},"updated":"2024-01-10 05:35:03.000000000","message":"why this should be HTTPServerError and not BadRequest?","commit_id":"963692aad98ef67e57ed71a3920df994695ad715"},{"author":{"_account_id":28271,"name":"Josephine Seifert","email":"josephine.seifert@cloudandheat.com","username":"josei"},"change_message_id":"961a9c5658cb72b98e2ac780d0331904ab458dd6","unresolved":true,"context_lines":[{"line_number":128,"context_line":"        except castellan_exception.KeyManagerError as e:"},{"line_number":129,"context_line":"            msg \u003d (\"Unable to register image as secret consumer: %s\" %"},{"line_number":130,"context_line":"                   e.message)"},{"line_number":131,"context_line":"            raise webob.exc.HTTPServerError(explanation\u003dmsg)"},{"line_number":132,"context_line":""},{"line_number":133,"context_line":"        return"},{"line_number":134,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"655cdffb_09cb031a","line":131,"range":{"start_line":131,"start_character":28,"end_line":131,"end_character":43},"in_reply_to":"01180d12_ecd51f43","updated":"2024-02-12 10:17:10.000000000","message":"We wanted to separate between a failed policy check, an unknown secret (both are cases, where Barbican would work as expected) and some unknown Error on Barbican side, that could be an unreachable Barbican instance.\n\nTo me the separation between a BadRequest and ServerError would fit for this.","commit_id":"963692aad98ef67e57ed71a3920df994695ad715"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"5500c7e4ed19611ca97ebd5f9387e8bb8f32ebbc","unresolved":true,"context_lines":[{"line_number":156,"context_line":"            return"},{"line_number":157,"context_line":""},{"line_number":158,"context_line":"        for k in mandatory_keys:"},{"line_number":159,"context_line":"            if k not in api_params:"},{"line_number":160,"context_line":"                msg \u003d (\"The container_format was set to \u0027encrypted\u0027 but the \""},{"line_number":161,"context_line":"                       \"mandatory encryption parameter \u0027%s\u0027 is missing. \""},{"line_number":162,"context_line":"                       \"This parameter must be specified for encryption.\" % k)"},{"line_number":163,"context_line":"                raise webob.exc.HTTPBadRequest(explanation\u003dmsg)"},{"line_number":164,"context_line":""},{"line_number":165,"context_line":"    @utils.mutating"},{"line_number":166,"context_line":"    def create(self, req, image, extra_properties, tags):"}],"source_content_type":"text/x-python","patch_set":2,"id":"a933defa_1d7612fe","line":163,"range":{"start_line":159,"start_character":12,"end_line":163,"end_character":63},"updated":"2024-01-10 05:35:03.000000000","message":"I think at once we should raise all missing parameters rather than raising concern for one by one.","commit_id":"963692aad98ef67e57ed71a3920df994695ad715"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"5500c7e4ed19611ca97ebd5f9387e8bb8f32ebbc","unresolved":true,"context_lines":[{"line_number":168,"context_line":"        image_repo \u003d self.gateway.get_repo(req.context)"},{"line_number":169,"context_line":"        container_format \u003d image.get(\u0027container_format\u0027, None)"},{"line_number":170,"context_line":"        try:"},{"line_number":171,"context_line":"            # validate encryption parameters"},{"line_number":172,"context_line":"            self._validate_encryption_parameters(**dict(image,"},{"line_number":173,"context_line":"                                                 **extra_properties))"},{"line_number":174,"context_line":"            # In case the default visibility changes at some point in the"}],"source_content_type":"text/x-python","patch_set":2,"id":"f2e66b7f_74e93bd9","line":171,"updated":"2024-01-10 05:35:03.000000000","message":"How about calling this method only if container_format is encrypted?\nI know in method you are checking that if container format is not encrypted and additional properties are specified but I think we can ignore those properties rather than failing if container_format is not encrypted.","commit_id":"963692aad98ef67e57ed71a3920df994695ad715"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"5500c7e4ed19611ca97ebd5f9387e8bb8f32ebbc","unresolved":true,"context_lines":[{"line_number":174,"context_line":"            # In case the default visibility changes at some point in the"},{"line_number":175,"context_line":"            # future, we need to ensure that encrypted images are only visible"},{"line_number":176,"context_line":"            # for the project which owns the encryption key:"},{"line_number":177,"context_line":"            if \u0027visibility\u0027 not in image and container_format \u003d\u003d \u0027encrypted\u0027:"},{"line_number":178,"context_line":"                image[\u0027visibility\u0027] \u003d \u0027private\u0027"},{"line_number":179,"context_line":"            if \u0027owner\u0027 not in image:"},{"line_number":180,"context_line":"                image[\u0027owner\u0027] \u003d req.context.project_id"},{"line_number":181,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"f35df513_49b8d084","line":178,"range":{"start_line":177,"start_character":12,"end_line":178,"end_character":47},"updated":"2024-01-10 05:35:03.000000000","message":"this will fail if user pass --visibility public while creating image.\n\nWhat in case of community/shared visibility?\nDoes this mean that encrypted image cannot be shared?","commit_id":"963692aad98ef67e57ed71a3920df994695ad715"},{"author":{"_account_id":28271,"name":"Josephine Seifert","email":"josephine.seifert@cloudandheat.com","username":"josei"},"change_message_id":"961a9c5658cb72b98e2ac780d0331904ab458dd6","unresolved":true,"context_lines":[{"line_number":174,"context_line":"            # In case the default visibility changes at some point in the"},{"line_number":175,"context_line":"            # future, we need to ensure that encrypted images are only visible"},{"line_number":176,"context_line":"            # for the project which owns the encryption key:"},{"line_number":177,"context_line":"            if \u0027visibility\u0027 not in image and container_format \u003d\u003d \u0027encrypted\u0027:"},{"line_number":178,"context_line":"                image[\u0027visibility\u0027] \u003d \u0027private\u0027"},{"line_number":179,"context_line":"            if \u0027owner\u0027 not in image:"},{"line_number":180,"context_line":"                image[\u0027owner\u0027] \u003d req.context.project_id"},{"line_number":181,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"1ec7e06c_e7618f25","line":178,"range":{"start_line":177,"start_character":12,"end_line":178,"end_character":47},"in_reply_to":"f35df513_49b8d084","updated":"2024-02-12 10:17:10.000000000","message":"The problem here is, that the key in Barbican in project-bound. So no one from another project is able to access the key necessary for decrypting the image.\n\nSetting a public or shared visibility for the image would only result in Errors when people are trying to decrypt the image (either in download or when creating a volume), as Barbican will say there is no key with that id, even though it is just in a different project.","commit_id":"963692aad98ef67e57ed71a3920df994695ad715"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"5500c7e4ed19611ca97ebd5f9387e8bb8f32ebbc","unresolved":true,"context_lines":[{"line_number":836,"context_line":"                   encryption_key_id)"},{"line_number":837,"context_line":"            LOG.warning(msg)"},{"line_number":838,"context_line":"        except (castellan_exception.ManagedObjectNotFoundError, KeyError):"},{"line_number":839,"context_line":"            msg \u003d \u0027Could not find consumer registration or encryption key \u0027 \\"},{"line_number":840,"context_line":"                  \u0027for key id %s\u0027 % encryption_key_id"},{"line_number":841,"context_line":"            LOG.warning(msg)"},{"line_number":842,"context_line":"        except ValueError as e:"}],"source_content_type":"text/x-python","patch_set":2,"id":"4a1d3a88_fd3da623","line":839,"range":{"start_line":839,"start_character":76,"end_line":839,"end_character":77},"updated":"2024-01-10 05:35:03.000000000","message":"I think we avoid using \\ for line breaks","commit_id":"963692aad98ef67e57ed71a3920df994695ad715"}]}