)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"b07c6392edf88f283bc9f7cdb9e0ca1eb345874d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"a5583249_362c189e","updated":"2026-01-13 20:48:55.000000000","message":"Spelling nit","commit_id":"22618484ea3feb26b85cae690cf9fbb6744ed470"}],"glance/common/auth.py":[{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"9961c4208f9e0f69f745a6f7cf2b026fdbf37e1f","unresolved":true,"context_lines":[{"line_number":95,"context_line":"        # For v2.0 also check tenant is present"},{"line_number":96,"context_line":"        if self.creds[\u0027auth_url\u0027].rstrip(\u0027/\u0027).endswith(\u0027v2.0\u0027):"},{"line_number":97,"context_line":"            if self.creds.get(\"tenant\") is None:"},{"line_number":98,"context_line":"                raise exception.MissingCredentialError(required\u003d\u0027tenant\u0027)"},{"line_number":99,"context_line":""},{"line_number":100,"context_line":"        # For v3 also check project is present"},{"line_number":101,"context_line":"        if self.creds[\u0027auth_url\u0027].rstrip(\u0027/\u0027).endswith(\u0027v3\u0027):"}],"source_content_type":"text/x-python","patch_set":2,"id":"c7ba5719_878981e6","side":"PARENT","line":98,"updated":"2026-01-13 17:05:12.000000000","message":"This removes support without a migration path. Is that because v2.0 is completely deprecated and removed such that nobody could be using it in that way at this point?","commit_id":"638c769059369233f1c9f27a42585ae05223892b"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"f108554711621a020285c246603cc75e2e83beb1","unresolved":false,"context_lines":[{"line_number":95,"context_line":"        # For v2.0 also check tenant is present"},{"line_number":96,"context_line":"        if self.creds[\u0027auth_url\u0027].rstrip(\u0027/\u0027).endswith(\u0027v2.0\u0027):"},{"line_number":97,"context_line":"            if self.creds.get(\"tenant\") is None:"},{"line_number":98,"context_line":"                raise exception.MissingCredentialError(required\u003d\u0027tenant\u0027)"},{"line_number":99,"context_line":""},{"line_number":100,"context_line":"        # For v3 also check project is present"},{"line_number":101,"context_line":"        if self.creds[\u0027auth_url\u0027].rstrip(\u0027/\u0027).endswith(\u0027v3\u0027):"}],"source_content_type":"text/x-python","patch_set":2,"id":"66e89d37_d709a128","side":"PARENT","line":98,"in_reply_to":"7b4828a9_942a3fac","updated":"2026-01-13 20:46:35.000000000","message":"Acknowledged","commit_id":"638c769059369233f1c9f27a42585ae05223892b"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"69e232ed5d7076a64091894e32619f93540c0627","unresolved":true,"context_lines":[{"line_number":95,"context_line":"        # For v2.0 also check tenant is present"},{"line_number":96,"context_line":"        if self.creds[\u0027auth_url\u0027].rstrip(\u0027/\u0027).endswith(\u0027v2.0\u0027):"},{"line_number":97,"context_line":"            if self.creds.get(\"tenant\") is None:"},{"line_number":98,"context_line":"                raise exception.MissingCredentialError(required\u003d\u0027tenant\u0027)"},{"line_number":99,"context_line":""},{"line_number":100,"context_line":"        # For v3 also check project is present"},{"line_number":101,"context_line":"        if self.creds[\u0027auth_url\u0027].rstrip(\u0027/\u0027).endswith(\u0027v3\u0027):"}],"source_content_type":"text/x-python","patch_set":2,"id":"7b4828a9_942a3fac","side":"PARENT","line":98,"in_reply_to":"c7ba5719_878981e6","updated":"2026-01-13 17:37:53.000000000","message":"Identity v2 API was removed 7 years ago, during Queens cycle[1]. I do not really expect anyone may attempt using the latest glance with that old version of keystone.\n\nv1 API was removed further long ago, and is no longer supported by keystoneauth, so it\u0027s not really possible to use it.\n\n[1] https://github.com/openstack/keystone/commit/d5e9c0b4fe814ba6e6d36a7d1ea676914c79e5eb","commit_id":"638c769059369233f1c9f27a42585ae05223892b"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"9961c4208f9e0f69f745a6f7cf2b026fdbf37e1f","unresolved":true,"context_lines":[{"line_number":125,"context_line":"            token_url \u003d urlparse.urljoin(auth_url, \"tokens\")"},{"line_number":126,"context_line":"            # 1. Check Keystone version"},{"line_number":127,"context_line":"            is_v2 \u003d auth_url.rstrip(\u0027/\u0027).endswith(\u0027v2.0\u0027)"},{"line_number":128,"context_line":"            is_v3 \u003d auth_url.rstrip(\u0027/\u0027).endswith(\u0027v3\u0027)"},{"line_number":129,"context_line":"            if is_v3:"},{"line_number":130,"context_line":"                token_url \u003d urlparse.urljoin(auth_url, \"auth/tokens\")"},{"line_number":131,"context_line":"                self._v3_auth(token_url)"}],"source_content_type":"text/x-python","patch_set":2,"id":"96a77c7b_cf9c3742","side":"PARENT","line":128,"updated":"2026-01-13 17:05:12.000000000","message":"Again, I\u0027m just wondering if people could possibly  be running with the older versions.. perhaps we should at least check and raise a helpful error message? I guess I\u0027m not sure what happens if we\u0027re pointed at one of the old versions.","commit_id":"638c769059369233f1c9f27a42585ae05223892b"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"b07e172ddb9271d1201337153fff13a066e0ef49","unresolved":false,"context_lines":[{"line_number":125,"context_line":"            token_url \u003d urlparse.urljoin(auth_url, \"tokens\")"},{"line_number":126,"context_line":"            # 1. Check Keystone version"},{"line_number":127,"context_line":"            is_v2 \u003d auth_url.rstrip(\u0027/\u0027).endswith(\u0027v2.0\u0027)"},{"line_number":128,"context_line":"            is_v3 \u003d auth_url.rstrip(\u0027/\u0027).endswith(\u0027v3\u0027)"},{"line_number":129,"context_line":"            if is_v3:"},{"line_number":130,"context_line":"                token_url \u003d urlparse.urljoin(auth_url, \"auth/tokens\")"},{"line_number":131,"context_line":"                self._v3_auth(token_url)"}],"source_content_type":"text/x-python","patch_set":2,"id":"c703071e_fdd030a3","side":"PARENT","line":128,"in_reply_to":"2089cc3e_ee701854","updated":"2026-01-13 23:44:04.000000000","message":"OK. Then I\u0027ll mark this resolved.","commit_id":"638c769059369233f1c9f27a42585ae05223892b"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"f108554711621a020285c246603cc75e2e83beb1","unresolved":true,"context_lines":[{"line_number":125,"context_line":"            token_url \u003d urlparse.urljoin(auth_url, \"tokens\")"},{"line_number":126,"context_line":"            # 1. Check Keystone version"},{"line_number":127,"context_line":"            is_v2 \u003d auth_url.rstrip(\u0027/\u0027).endswith(\u0027v2.0\u0027)"},{"line_number":128,"context_line":"            is_v3 \u003d auth_url.rstrip(\u0027/\u0027).endswith(\u0027v3\u0027)"},{"line_number":129,"context_line":"            if is_v3:"},{"line_number":130,"context_line":"                token_url \u003d urlparse.urljoin(auth_url, \"auth/tokens\")"},{"line_number":131,"context_line":"                self._v3_auth(token_url)"}],"source_content_type":"text/x-python","patch_set":2,"id":"2089cc3e_ee701854","side":"PARENT","line":128,"in_reply_to":"7dc45650_19a1a0fc","updated":"2026-01-13 20:46:35.000000000","message":"If v2.0 has been gone since Queens then I think it\u0027s fine, I just wasn\u0027t sure and I don\u0027t see specific deprecation warnings that have been made to start the timer of deprecate-before-removal. But, 7 years is probably enough to avoid it entirely :)","commit_id":"638c769059369233f1c9f27a42585ae05223892b"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"69e232ed5d7076a64091894e32619f93540c0627","unresolved":true,"context_lines":[{"line_number":125,"context_line":"            token_url \u003d urlparse.urljoin(auth_url, \"tokens\")"},{"line_number":126,"context_line":"            # 1. Check Keystone version"},{"line_number":127,"context_line":"            is_v2 \u003d auth_url.rstrip(\u0027/\u0027).endswith(\u0027v2.0\u0027)"},{"line_number":128,"context_line":"            is_v3 \u003d auth_url.rstrip(\u0027/\u0027).endswith(\u0027v3\u0027)"},{"line_number":129,"context_line":"            if is_v3:"},{"line_number":130,"context_line":"                token_url \u003d urlparse.urljoin(auth_url, \"auth/tokens\")"},{"line_number":131,"context_line":"                self._v3_auth(token_url)"}],"source_content_type":"text/x-python","patch_set":2,"id":"7dc45650_19a1a0fc","side":"PARENT","line":128,"in_reply_to":"96a77c7b_cf9c3742","updated":"2026-01-13 17:37:53.000000000","message":"If keystone does not support v3 API then it may return 404 which results in Internal Error.\n\nWhile this change breaks compatibility with v2 API, https://review.opendev.org/c/openstack/glance/+/973195/ should restore it because generic.Password is capable to discover v2/v3 API and adjust its behavior accordingly. I\u0027ve adjusted the code to avoid requiring _domain_id (which are not necessary for v2 API). I can revert removal of v2 API support, but as the subsequent keystoneauth patch wipes that part, I wonder if we can avoid that revert assuming we can merge that migration to keystoneauth soon.","commit_id":"638c769059369233f1c9f27a42585ae05223892b"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"9961c4208f9e0f69f745a6f7cf2b026fdbf37e1f","unresolved":true,"context_lines":[{"line_number":84,"context_line":""},{"line_number":85,"context_line":"    def check_auth_params(self):"},{"line_number":86,"context_line":"        for required in (\u0027username\u0027, \u0027password\u0027, \u0027auth_url\u0027, \u0027project\u0027,"},{"line_number":87,"context_line":"                         \u0027strategy\u0027, \u0027user_domain_id\u0027, \u0027project_domain_id\u0027):"},{"line_number":88,"context_line":"            if self.creds.get(required) is None:"},{"line_number":89,"context_line":"                raise exception.MissingCredentialError(required\u003drequired)"},{"line_number":90,"context_line":"        if self.creds[\u0027strategy\u0027] !\u003d \u0027keystone\u0027:"}],"source_content_type":"text/x-python","patch_set":2,"id":"73008197_7783482a","line":87,"range":{"start_line":87,"start_character":56,"end_line":87,"end_character":73},"updated":"2026-01-13 17:05:12.000000000","message":"As best I can tell, `project_domain_id` is a new requirement here. Is that not going to surprise people or is there no way they could be running without it currently? For example, I don\u0027t see it in my devstack machine\u0027s configured [keystone_authtoken] section in `glance-api.conf`. What am I missing?","commit_id":"335e8d943bec510adfe9a7b284e749e534349fb5"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"69e232ed5d7076a64091894e32619f93540c0627","unresolved":true,"context_lines":[{"line_number":84,"context_line":""},{"line_number":85,"context_line":"    def check_auth_params(self):"},{"line_number":86,"context_line":"        for required in (\u0027username\u0027, \u0027password\u0027, \u0027auth_url\u0027, \u0027project\u0027,"},{"line_number":87,"context_line":"                         \u0027strategy\u0027, \u0027user_domain_id\u0027, \u0027project_domain_id\u0027):"},{"line_number":88,"context_line":"            if self.creds.get(required) is None:"},{"line_number":89,"context_line":"                raise exception.MissingCredentialError(required\u003drequired)"},{"line_number":90,"context_line":"        if self.creds[\u0027strategy\u0027] !\u003d \u0027keystone\u0027:"}],"source_content_type":"text/x-python","patch_set":2,"id":"ed1c028e_27e1a626","line":87,"range":{"start_line":87,"start_character":56,"end_line":87,"end_character":73},"in_reply_to":"73008197_7783482a","updated":"2026-01-13 17:37:53.000000000","message":"The only consumer of this code is CacheClient and the current code passes these two keys in [1]. So this makes no change about the behavior.\n\nTechnically it can impact external users importing these code, but I don\u0027t think that\u0027s the real use case we should consider.\n\n[1] https://github.com/openstack/glance/blob/master/glance/image_cache/client.py#L116-L119","commit_id":"335e8d943bec510adfe9a7b284e749e534349fb5"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"f108554711621a020285c246603cc75e2e83beb1","unresolved":false,"context_lines":[{"line_number":84,"context_line":""},{"line_number":85,"context_line":"    def check_auth_params(self):"},{"line_number":86,"context_line":"        for required in (\u0027username\u0027, \u0027password\u0027, \u0027auth_url\u0027, \u0027project\u0027,"},{"line_number":87,"context_line":"                         \u0027strategy\u0027, \u0027user_domain_id\u0027, \u0027project_domain_id\u0027):"},{"line_number":88,"context_line":"            if self.creds.get(required) is None:"},{"line_number":89,"context_line":"                raise exception.MissingCredentialError(required\u003drequired)"},{"line_number":90,"context_line":"        if self.creds[\u0027strategy\u0027] !\u003d \u0027keystone\u0027:"}],"source_content_type":"text/x-python","patch_set":2,"id":"770e0460_b5860073","line":87,"range":{"start_line":87,"start_character":56,"end_line":87,"end_character":73},"in_reply_to":"ed1c028e_27e1a626","updated":"2026-01-13 20:46:35.000000000","message":"Okay I guess I thought this was coming direct from the config blob, but fair enough.","commit_id":"335e8d943bec510adfe9a7b284e749e534349fb5"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"b07c6392edf88f283bc9f7cdb9e0ca1eb345874d","unresolved":true,"context_lines":[{"line_number":156,"context_line":"        elif resp.status \u003d\u003d 401:"},{"line_number":157,"context_line":"            raise exception.NotAuthenticated()"},{"line_number":158,"context_line":"        else:"},{"line_number":159,"context_line":"            raise Exception(_(\u0027Unkonwn response code: %d\u0027) % resp.status)"},{"line_number":160,"context_line":""},{"line_number":161,"context_line":"    @property"},{"line_number":162,"context_line":"    def is_authenticated(self):"}],"source_content_type":"text/x-python","patch_set":6,"id":"dcbb908f_3c948049","line":159,"range":{"start_line":159,"start_character":0,"end_line":159,"end_character":73},"updated":"2026-01-13 20:48:55.000000000","message":"\"Unknown\"","commit_id":"22618484ea3feb26b85cae690cf9fbb6744ed470"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"b07e172ddb9271d1201337153fff13a066e0ef49","unresolved":false,"context_lines":[{"line_number":156,"context_line":"        elif resp.status \u003d\u003d 401:"},{"line_number":157,"context_line":"            raise exception.NotAuthenticated()"},{"line_number":158,"context_line":"        else:"},{"line_number":159,"context_line":"            raise Exception(_(\u0027Unkonwn response code: %d\u0027) % resp.status)"},{"line_number":160,"context_line":""},{"line_number":161,"context_line":"    @property"},{"line_number":162,"context_line":"    def is_authenticated(self):"}],"source_content_type":"text/x-python","patch_set":6,"id":"6de0ab72_996bd2ae","line":159,"range":{"start_line":159,"start_character":0,"end_line":159,"end_character":73},"in_reply_to":"dcbb908f_3c948049","updated":"2026-01-13 23:44:04.000000000","message":"Done","commit_id":"22618484ea3feb26b85cae690cf9fbb6744ed470"}]}