)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"61ac364cf4590f8fe5825c34717faea5211d2ef6","unresolved":false,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Allow HttpImageService to accept custom certificate"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Allow HttpImageService to accept custom certificate"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"Change-Id: I5f308271004a24203ecbbc1718ba9070ed65b960"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"9f560f44_16f08dc9","line":9,"updated":"2020-07-25 14:05:58.000000000","message":"No need to repeat the summary","commit_id":"1762deb6486ef4614c52e8da42c1019723e087ab"},{"author":{"_account_id":18781,"name":"vinay50muddu","email":"vinay50muddu@yahoo.com","username":"vmud213"},"change_message_id":"2ecd59a12e11400e72ce8d28c45590e967f0c742","unresolved":false,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Allow HttpImageService to accept custom certificate"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Allow HttpImageService to accept custom certificate"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"Change-Id: I5f308271004a24203ecbbc1718ba9070ed65b960"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"9f560f44_4980a38c","line":9,"in_reply_to":"9f560f44_16f08dc9","updated":"2020-07-27 08:00:02.000000000","message":"Done","commit_id":"1762deb6486ef4614c52e8da42c1019723e087ab"}],"ironic/common/image_service.py":[{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"a3e5c2e261eb8eb65bdf469f53e44090de40b596","unresolved":false,"context_lines":[{"line_number":124,"context_line":"            raise exception.ImageDownloadFailed(image_href\u003dimage_href,"},{"line_number":125,"context_line":"                                                reason\u003dstr(e))"},{"line_number":126,"context_line":""},{"line_number":127,"context_line":"    def show(self, image_href, verify\u003dTrue):"},{"line_number":128,"context_line":"        \"\"\"Get dictionary of image properties."},{"line_number":129,"context_line":""},{"line_number":130,"context_line":"        :param image_href: Image reference."}],"source_content_type":"text/x-python","patch_set":1,"id":"9f560f44_fa2065fa","line":127,"range":{"start_line":127,"start_character":30,"end_line":127,"end_character":44},"updated":"2020-07-24 16:56:09.000000000","message":"A few things.\n1) This seems like we may end up accidentally creating a breaking change.\n2) This should be an operator changeable setting via ironic.conf. That also being said, we shouldn\u0027t set the value as part of the method definition because we can\u0027t change that from an immutable configuration standpoint, so you\u0027ll want to have a helper populate it if not already set by the caller?\n3) You\u0027ll need a release note.\n\nBeyond that, I\u0027m confused who and what code would actually be making choices of verify\u003dFalse. That is not necessarily blocking to getting the change merged, but it would be good for reviewers to understand.","commit_id":"1762deb6486ef4614c52e8da42c1019723e087ab"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"61ac364cf4590f8fe5825c34717faea5211d2ef6","unresolved":false,"context_lines":[{"line_number":124,"context_line":"            raise exception.ImageDownloadFailed(image_href\u003dimage_href,"},{"line_number":125,"context_line":"                                                reason\u003dstr(e))"},{"line_number":126,"context_line":""},{"line_number":127,"context_line":"    def show(self, image_href, verify\u003dTrue):"},{"line_number":128,"context_line":"        \"\"\"Get dictionary of image properties."},{"line_number":129,"context_line":""},{"line_number":130,"context_line":"        :param image_href: Image reference."}],"source_content_type":"text/x-python","patch_set":1,"id":"9f560f44_f6ecf9f4","line":127,"updated":"2020-07-25 14:05:58.000000000","message":"I don\u0027t think it\u0027s breaking: certificates are validated by default. It does seem a bit useless though since there is no way to set verify to False or to provide custom certificates.","commit_id":"1762deb6486ef4614c52e8da42c1019723e087ab"},{"author":{"_account_id":18781,"name":"vinay50muddu","email":"vinay50muddu@yahoo.com","username":"vmud213"},"change_message_id":"6df51412207a00b59452ac879f1e9c4a48d81200","unresolved":false,"context_lines":[{"line_number":124,"context_line":"            raise exception.ImageDownloadFailed(image_href\u003dimage_href,"},{"line_number":125,"context_line":"                                                reason\u003dstr(e))"},{"line_number":126,"context_line":""},{"line_number":127,"context_line":"    def show(self, image_href, verify\u003dTrue):"},{"line_number":128,"context_line":"        \"\"\"Get dictionary of image properties."},{"line_number":129,"context_line":""},{"line_number":130,"context_line":"        :param image_href: Image reference."}],"source_content_type":"text/x-python","patch_set":1,"id":"9f560f44_69c2c7eb","line":127,"in_reply_to":"9f560f44_f6ecf9f4","updated":"2020-07-27 07:58:40.000000000","message":"Currently, if the webserver that is hosting the deploy images is configured with custom certificate, Ironic will fail to validate the hrefs and eventually the deployment will fail. Currently there is no way to set the certificate. This patch enables it and eventually we can either have another config option similar to \"http_root\", \"http_url\" which is something like \"http_ca_cert\" and use it to validate hrefs. For instance images, the idea is to accept the certificate as a property like \"instance_info/image_cert\" similar to \"instance_info/image_source\" and \"instance_info/image_checksum\". Please let me know your ideas on this.","commit_id":"1762deb6486ef4614c52e8da42c1019723e087ab"},{"author":{"_account_id":18781,"name":"vinay50muddu","email":"vinay50muddu@yahoo.com","username":"vmud213"},"change_message_id":"6df51412207a00b59452ac879f1e9c4a48d81200","unresolved":false,"context_lines":[{"line_number":124,"context_line":"            raise exception.ImageDownloadFailed(image_href\u003dimage_href,"},{"line_number":125,"context_line":"                                                reason\u003dstr(e))"},{"line_number":126,"context_line":""},{"line_number":127,"context_line":"    def show(self, image_href, verify\u003dTrue):"},{"line_number":128,"context_line":"        \"\"\"Get dictionary of image properties."},{"line_number":129,"context_line":""},{"line_number":130,"context_line":"        :param image_href: Image reference."}],"source_content_type":"text/x-python","patch_set":1,"id":"9f560f44_c95b1385","line":127,"range":{"start_line":127,"start_character":30,"end_line":127,"end_character":44},"in_reply_to":"9f560f44_fa2065fa","updated":"2020-07-27 07:58:40.000000000","message":"Thanks for the detailed comments. Here are my replies.\n1) No this is not a breaking change. As Dmitry pointed out\nthe default value set by \"requests\" is True. As per my understanding, the verify argument can take one of the following aligning with requests library.\n(a) A boolean value which can be True or False\n(b) None\n(c) A path to certificate directory or a specific certificate file.\n\nIf verify is None it is converted to True by requests and the certificate bundle from the standard path is considered for validation of certificates.\nIf verify is set to a path then\n  a) if the path is a file, it is considered to be the custom certificate\n  b) if the path is a directory, all the PEM files in the \ndirectory are considered for certificate validation\n\nIf verify is False, the requests does no certificate validation. Here is a link that gives brief understanding of the particular flag.\n\nhttps://github.com/psf/requests/blob/2d39c0db054e158767ab4a755476844fe40787e7/requests/sessions.py#L705-#L708\n\n2) Yes. I agree. This should be an operator changeable value and this change is all about paving the way to enable custom certificates. The current change has no impact on the existing functionality. So it will not break the code. \n\n3) Sure. I will add a release notes.\n\nWe have this functionality in IPA when the instance image is referred from a webserver hosted with custom certificate. The following are the links to the code.\na) https://opendev.org/openstack/ironic-python-agent/src/branch/master/ironic_python_agent/extensions/standby.py#L58\nb) https://opendev.org/openstack/ironic-python-agent/src/branch/master/ironic_python_agent/utils.py#L430-L444\n\nBut the same would fail on the ironic when we call \"validate_image_properties\" from deploy_utils.py\n\nAlso another instance is when we configure the webserver on HTTPS with custom certificates. The validation of deploy images fail.","commit_id":"1762deb6486ef4614c52e8da42c1019723e087ab"},{"author":{"_account_id":11076,"name":"Shivanand Tendulker","email":"stendulker@gmail.com","username":"stendulker"},"change_message_id":"86721996dacbaee428c11db065120ea50c2bdd30","unresolved":false,"context_lines":[{"line_number":77,"context_line":"class HttpImageService(BaseImageService):"},{"line_number":78,"context_line":"    \"\"\"Provides retrieval of disk images using HTTP.\"\"\""},{"line_number":79,"context_line":""},{"line_number":80,"context_line":"    def validate_href(self, image_href, secret\u003dFalse, verify\u003dTrue):"},{"line_number":81,"context_line":"        \"\"\"Validate HTTP image reference."},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"        :param image_href: Image reference."}],"source_content_type":"text/x-python","patch_set":3,"id":"9f560f44_d55b8b2b","line":80,"range":{"start_line":80,"start_character":53,"end_line":80,"end_character":65},"updated":"2020-07-28 11:11:35.000000000","message":"This is a default behavior, better to take this as True, False or path to CA bundles file or directory with certificates of trusted CAs. It would be useful if it is an ironic configuration parameter.","commit_id":"df12d82890814520517000208765667c86b385a6"},{"author":{"_account_id":18781,"name":"vinay50muddu","email":"vinay50muddu@yahoo.com","username":"vmud213"},"change_message_id":"1375e753e587fe21ef9e52b2ea693207e178fc35","unresolved":false,"context_lines":[{"line_number":77,"context_line":"class HttpImageService(BaseImageService):"},{"line_number":78,"context_line":"    \"\"\"Provides retrieval of disk images using HTTP.\"\"\""},{"line_number":79,"context_line":""},{"line_number":80,"context_line":"    def validate_href(self, image_href, secret\u003dFalse, verify\u003dTrue):"},{"line_number":81,"context_line":"        \"\"\"Validate HTTP image reference."},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"        :param image_href: Image reference."}],"source_content_type":"text/x-python","patch_set":3,"id":"9f560f44_b7c0767e","line":80,"range":{"start_line":80,"start_character":53,"end_line":80,"end_character":65},"in_reply_to":"9f560f44_d55b8b2b","updated":"2020-07-30 06:08:03.000000000","message":"+1. Sure i will work on the suggested change.","commit_id":"df12d82890814520517000208765667c86b385a6"},{"author":{"_account_id":11076,"name":"Shivanand Tendulker","email":"stendulker@gmail.com","username":"stendulker"},"change_message_id":"22396de5fa41590e27ca7509507d9184d2da8f5b","unresolved":false,"context_lines":[{"line_number":114,"context_line":"                    raise exception.ImageRefValidationFailed("},{"line_number":115,"context_line":"                        image_href\u003doutput_url, reason\u003dstr(e))"},{"line_number":116,"context_line":""},{"line_number":117,"context_line":"                response \u003d requests.head(image_href, verify\u003dTrue)"},{"line_number":118,"context_line":""},{"line_number":119,"context_line":"                if response.status_code !\u003d http_client.OK:"},{"line_number":120,"context_line":"                    raise exception.ImageRefValidationFailed("}],"source_content_type":"text/x-python","patch_set":5,"id":"9f560f44_2a08f825","line":117,"range":{"start_line":117,"start_character":0,"end_line":117,"end_character":65},"updated":"2020-08-07 07:34:58.000000000","message":"Why is this re-attempt w/o passing the cert path ?","commit_id":"eb6c9790bedb6d6a401d6f5617ecb1fa1929902a"},{"author":{"_account_id":18781,"name":"vinay50muddu","email":"vinay50muddu@yahoo.com","username":"vmud213"},"change_message_id":"dcea018de1411dff6a03c1216575449021a1c471","unresolved":false,"context_lines":[{"line_number":114,"context_line":"                    raise exception.ImageRefValidationFailed("},{"line_number":115,"context_line":"                        image_href\u003doutput_url, reason\u003dstr(e))"},{"line_number":116,"context_line":""},{"line_number":117,"context_line":"                response \u003d requests.head(image_href, verify\u003dTrue)"},{"line_number":118,"context_line":""},{"line_number":119,"context_line":"                if response.status_code !\u003d http_client.OK:"},{"line_number":120,"context_line":"                    raise exception.ImageRefValidationFailed("}],"source_content_type":"text/x-python","patch_set":5,"id":"9f560f44_54586b86","line":117,"range":{"start_line":117,"start_character":0,"end_line":117,"end_character":65},"in_reply_to":"9f560f44_2a08f825","updated":"2020-08-07 14:45:12.000000000","message":"We are here because \"get\" would have been already called with the certificate path and it failed to validate. To retain the original behavior we also try with the standard CA bundle in the system path which may be used by some images.","commit_id":"eb6c9790bedb6d6a401d6f5617ecb1fa1929902a"},{"author":{"_account_id":11076,"name":"Shivanand Tendulker","email":"stendulker@gmail.com","username":"stendulker"},"change_message_id":"22396de5fa41590e27ca7509507d9184d2da8f5b","unresolved":false,"context_lines":[{"line_number":164,"context_line":"                    raise exception.ImageRefValidationFailed("},{"line_number":165,"context_line":"                        image_href\u003dimage_href, reason\u003dstr(e))"},{"line_number":166,"context_line":""},{"line_number":167,"context_line":"                response \u003d requests.get(image_href, stream\u003dTrue, verify\u003dTrue)"},{"line_number":168,"context_line":""},{"line_number":169,"context_line":"                if response.status_code !\u003d http_client.OK:"},{"line_number":170,"context_line":"                    raise exception.ImageRefValidationFailed("}],"source_content_type":"text/x-python","patch_set":5,"id":"9f560f44_f6126c61","line":167,"range":{"start_line":167,"start_character":16,"end_line":167,"end_character":77},"updated":"2020-08-07 07:34:58.000000000","message":"ditto","commit_id":"eb6c9790bedb6d6a401d6f5617ecb1fa1929902a"},{"author":{"_account_id":18781,"name":"vinay50muddu","email":"vinay50muddu@yahoo.com","username":"vmud213"},"change_message_id":"dcea018de1411dff6a03c1216575449021a1c471","unresolved":false,"context_lines":[{"line_number":164,"context_line":"                    raise exception.ImageRefValidationFailed("},{"line_number":165,"context_line":"                        image_href\u003dimage_href, reason\u003dstr(e))"},{"line_number":166,"context_line":""},{"line_number":167,"context_line":"                response \u003d requests.get(image_href, stream\u003dTrue, verify\u003dTrue)"},{"line_number":168,"context_line":""},{"line_number":169,"context_line":"                if response.status_code !\u003d http_client.OK:"},{"line_number":170,"context_line":"                    raise exception.ImageRefValidationFailed("}],"source_content_type":"text/x-python","patch_set":5,"id":"9f560f44_14d0b3c8","line":167,"range":{"start_line":167,"start_character":16,"end_line":167,"end_character":77},"in_reply_to":"9f560f44_f6126c61","updated":"2020-08-07 14:45:12.000000000","message":"See above. The same explanation holds good.","commit_id":"eb6c9790bedb6d6a401d6f5617ecb1fa1929902a"},{"author":{"_account_id":11076,"name":"Shivanand Tendulker","email":"stendulker@gmail.com","username":"stendulker"},"change_message_id":"6ae8f1f70ef9047cf7b537eeb373c1b704efed44","unresolved":false,"context_lines":[{"line_number":111,"context_line":"                                 \"to HEAD request.\") % response.status_code)"},{"line_number":112,"context_line":"            except requests.ConnectionError as e:"},{"line_number":113,"context_line":""},{"line_number":114,"context_line":"                if scheme \u003d\u003d \u0027http\u0027 or isinstance(verify, bool):"},{"line_number":115,"context_line":"                    raise exception.ImageRefValidationFailed("},{"line_number":116,"context_line":"                        image_href\u003doutput_url, reason\u003dstr(e))"},{"line_number":117,"context_line":""},{"line_number":118,"context_line":"                LOG.warning(\"Failed to validate with the custom certificate \""},{"line_number":119,"context_line":"                            \"%(cert_path)s. Trying to validate with standard \""},{"line_number":120,"context_line":"                            \"CA bundle.\", {\"cert_path\": verify})"},{"line_number":121,"context_line":"                response \u003d requests.head(image_href, verify\u003dTrue)"},{"line_number":122,"context_line":""},{"line_number":123,"context_line":"                if response.status_code !\u003d http_client.OK:"},{"line_number":124,"context_line":"                    raise exception.ImageRefValidationFailed("}],"source_content_type":"text/x-python","patch_set":7,"id":"9f560f44_72ee15ee","line":121,"range":{"start_line":114,"start_character":16,"end_line":121,"end_character":65},"updated":"2020-08-31 15:14:46.000000000","message":"Not sure if need do this extra work if the supplied custom certificates do not work. We do not do that at other places.  Ex: [1]\n\n[1] https://github.com/openstack/ironic/blob/master/ironic/drivers/modules/agent_client.py#L172-L175","commit_id":"aef6ca25b18bdcfe0a26fd39681e802f678166c9"},{"author":{"_account_id":18781,"name":"vinay50muddu","email":"vinay50muddu@yahoo.com","username":"vmud213"},"change_message_id":"a7bc3f51d43c1c76bb21c7bc58f06e1584c36907","unresolved":false,"context_lines":[{"line_number":111,"context_line":"                                 \"to HEAD request.\") % response.status_code)"},{"line_number":112,"context_line":"            except requests.ConnectionError as e:"},{"line_number":113,"context_line":""},{"line_number":114,"context_line":"                if scheme \u003d\u003d \u0027http\u0027 or isinstance(verify, bool):"},{"line_number":115,"context_line":"                    raise exception.ImageRefValidationFailed("},{"line_number":116,"context_line":"                        image_href\u003doutput_url, reason\u003dstr(e))"},{"line_number":117,"context_line":""},{"line_number":118,"context_line":"                LOG.warning(\"Failed to validate with the custom certificate \""},{"line_number":119,"context_line":"                            \"%(cert_path)s. Trying to validate with standard \""},{"line_number":120,"context_line":"                            \"CA bundle.\", {\"cert_path\": verify})"},{"line_number":121,"context_line":"                response \u003d requests.head(image_href, verify\u003dTrue)"},{"line_number":122,"context_line":""},{"line_number":123,"context_line":"                if response.status_code !\u003d http_client.OK:"},{"line_number":124,"context_line":"                    raise exception.ImageRefValidationFailed("}],"source_content_type":"text/x-python","patch_set":7,"id":"9f560f44_15d7c351","line":121,"range":{"start_line":114,"start_character":16,"end_line":121,"end_character":65},"in_reply_to":"9f560f44_72ee15ee","updated":"2020-08-31 15:45:09.000000000","message":"IMO, the scenario in the code you referred and the current scenario are different. In the code that\u0027s referred, when conductor talks to agent it is only one certificate that Ironic has to know with which the IPA API server comes up. In other words there is only one possible server certificate that the conductor encounters.\nBut this code here is a generic code that may need to talk to different servers. Particularly i am concerned about a likely scenario where the deploy images are possibly hosted on the webserver with custom certificate where ironic is running and the user images hosted some where in the network with standard root CA.","commit_id":"aef6ca25b18bdcfe0a26fd39681e802f678166c9"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"339c21468b7228a1569e9bc1dfaa695c47e60417","unresolved":false,"context_lines":[{"line_number":98,"context_line":"            verify \u003d CONF.webserver_verify_ca"},{"line_number":99,"context_line":""},{"line_number":100,"context_line":"        if not isinstance(verify, bool) and not os.path.exists(verify):"},{"line_number":101,"context_line":"            verify \u003d True"},{"line_number":102,"context_line":""},{"line_number":103,"context_line":"        try:"},{"line_number":104,"context_line":"            response \u003d requests.head(image_href, verify\u003dverify)"}],"source_content_type":"text/x-python","patch_set":8,"id":"9f560f44_59d91181","line":101,"updated":"2020-09-07 14:10:10.000000000","message":"see below re this bit","commit_id":"5eb10ec5df0cf0b4dc7a6e054ddfe9d5fd445744"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"339c21468b7228a1569e9bc1dfaa695c47e60417","unresolved":false,"context_lines":[{"line_number":132,"context_line":"            verify \u003d CONF.webserver_verify_ca"},{"line_number":133,"context_line":""},{"line_number":134,"context_line":"        if not isinstance(verify, bool) and not os.path.exists(verify):"},{"line_number":135,"context_line":"            verify \u003d True"},{"line_number":136,"context_line":""},{"line_number":137,"context_line":"        try:"},{"line_number":138,"context_line":"            response \u003d requests.get(image_href, stream\u003dTrue,"}],"source_content_type":"text/x-python","patch_set":8,"id":"9f560f44_b9e2ed2e","line":135,"updated":"2020-09-07 14:10:10.000000000","message":"This should be an error. Otherwise an mistake in a path will be silently interpreted as True.\n\nI\u0027d just remove it and let requests raise.","commit_id":"5eb10ec5df0cf0b4dc7a6e054ddfe9d5fd445744"},{"author":{"_account_id":11076,"name":"Shivanand Tendulker","email":"stendulker@gmail.com","username":"stendulker"},"change_message_id":"d81ae207c9ab97a41ef36076229f831ca62ddf78","unresolved":false,"context_lines":[{"line_number":132,"context_line":"            verify \u003d CONF.webserver_verify_ca"},{"line_number":133,"context_line":""},{"line_number":134,"context_line":"        if not isinstance(verify, bool) and not os.path.exists(verify):"},{"line_number":135,"context_line":"            verify \u003d True"},{"line_number":136,"context_line":""},{"line_number":137,"context_line":"        try:"},{"line_number":138,"context_line":"            response \u003d requests.get(image_href, stream\u003dTrue,"}],"source_content_type":"text/x-python","patch_set":8,"id":"9f560f44_5952b168","line":135,"in_reply_to":"9f560f44_b9e2ed2e","updated":"2020-09-07 14:32:46.000000000","message":"+1","commit_id":"5eb10ec5df0cf0b4dc7a6e054ddfe9d5fd445744"}],"ironic/conf/default.py":[{"author":{"_account_id":11076,"name":"Shivanand Tendulker","email":"stendulker@gmail.com","username":"stendulker"},"change_message_id":"22396de5fa41590e27ca7509507d9184d2da8f5b","unresolved":false,"context_lines":[{"line_number":379,"context_line":"                help\u003d_(\u0027Whether the server certificates to be verified or .\u0027"},{"line_number":380,"context_line":"                       \u0027not. If set to False, no certificate verification is\u0027"},{"line_number":381,"context_line":"                       \u0027done on TLS connections and the value of the\u0027"},{"line_number":382,"context_line":"                       \u0027config parameter \"certs path\" is ignored. \u0027"},{"line_number":383,"context_line":"                       \u0027If set to True, the certificates present in the\u0027"},{"line_number":384,"context_line":"                       \u0027\"certs_path\" are used for TLS handshake. If the \u0027"},{"line_number":385,"context_line":"                       \u0027verification fails the certificates in the standard \u0027"}],"source_content_type":"text/x-python","patch_set":5,"id":"9f560f44_f6442c76","line":382,"range":{"start_line":382,"start_character":42,"end_line":382,"end_character":52},"updated":"2020-08-07 07:34:58.000000000","message":"s/ certs path / certs_path /","commit_id":"eb6c9790bedb6d6a401d6f5617ecb1fa1929902a"},{"author":{"_account_id":18781,"name":"vinay50muddu","email":"vinay50muddu@yahoo.com","username":"vmud213"},"change_message_id":"dcea018de1411dff6a03c1216575449021a1c471","unresolved":false,"context_lines":[{"line_number":379,"context_line":"                help\u003d_(\u0027Whether the server certificates to be verified or .\u0027"},{"line_number":380,"context_line":"                       \u0027not. If set to False, no certificate verification is\u0027"},{"line_number":381,"context_line":"                       \u0027done on TLS connections and the value of the\u0027"},{"line_number":382,"context_line":"                       \u0027config parameter \"certs path\" is ignored. \u0027"},{"line_number":383,"context_line":"                       \u0027If set to True, the certificates present in the\u0027"},{"line_number":384,"context_line":"                       \u0027\"certs_path\" are used for TLS handshake. If the \u0027"},{"line_number":385,"context_line":"                       \u0027verification fails the certificates in the standard \u0027"}],"source_content_type":"text/x-python","patch_set":5,"id":"9f560f44_d4f2bb6f","line":382,"range":{"start_line":382,"start_character":42,"end_line":382,"end_character":52},"in_reply_to":"9f560f44_f6442c76","updated":"2020-08-07 14:45:12.000000000","message":"Done","commit_id":"eb6c9790bedb6d6a401d6f5617ecb1fa1929902a"},{"author":{"_account_id":11076,"name":"Shivanand Tendulker","email":"stendulker@gmail.com","username":"stendulker"},"change_message_id":"22396de5fa41590e27ca7509507d9184d2da8f5b","unresolved":false,"context_lines":[{"line_number":381,"context_line":"                       \u0027done on TLS connections and the value of the\u0027"},{"line_number":382,"context_line":"                       \u0027config parameter \"certs path\" is ignored. \u0027"},{"line_number":383,"context_line":"                       \u0027If set to True, the certificates present in the\u0027"},{"line_number":384,"context_line":"                       \u0027\"certs_path\" are used for TLS handshake. If the \u0027"},{"line_number":385,"context_line":"                       \u0027verification fails the certificates in the standard \u0027"},{"line_number":386,"context_line":"                       \u0027path are used for validation. Defaults to True.\u0027)),"},{"line_number":387,"context_line":"    cfg.StrOpt(\u0027certs_path\u0027,"}],"source_content_type":"text/x-python","patch_set":5,"id":"9f560f44_d63c88e2","line":384,"range":{"start_line":384,"start_character":37,"end_line":384,"end_character":64},"updated":"2020-08-07 07:34:58.000000000","message":"I think we need to mention which components will be using this. This will not get used for agent communication which also can be using TLS.","commit_id":"eb6c9790bedb6d6a401d6f5617ecb1fa1929902a"},{"author":{"_account_id":18781,"name":"vinay50muddu","email":"vinay50muddu@yahoo.com","username":"vmud213"},"change_message_id":"dcea018de1411dff6a03c1216575449021a1c471","unresolved":false,"context_lines":[{"line_number":381,"context_line":"                       \u0027done on TLS connections and the value of the\u0027"},{"line_number":382,"context_line":"                       \u0027config parameter \"certs path\" is ignored. \u0027"},{"line_number":383,"context_line":"                       \u0027If set to True, the certificates present in the\u0027"},{"line_number":384,"context_line":"                       \u0027\"certs_path\" are used for TLS handshake. If the \u0027"},{"line_number":385,"context_line":"                       \u0027verification fails the certificates in the standard \u0027"},{"line_number":386,"context_line":"                       \u0027path are used for validation. Defaults to True.\u0027)),"},{"line_number":387,"context_line":"    cfg.StrOpt(\u0027certs_path\u0027,"}],"source_content_type":"text/x-python","patch_set":5,"id":"9f560f44_74f76f5a","line":384,"range":{"start_line":384,"start_character":37,"end_line":384,"end_character":64},"in_reply_to":"9f560f44_d63c88e2","updated":"2020-08-07 14:45:12.000000000","message":"will change it to \"are used for TLS handshake by conductor\". Is that fine?","commit_id":"eb6c9790bedb6d6a401d6f5617ecb1fa1929902a"},{"author":{"_account_id":11076,"name":"Shivanand Tendulker","email":"stendulker@gmail.com","username":"stendulker"},"change_message_id":"6ae8f1f70ef9047cf7b537eeb373c1b704efed44","unresolved":false,"context_lines":[{"line_number":373,"context_line":"]"},{"line_number":374,"context_line":""},{"line_number":375,"context_line":"cert_verify_opts \u003d ["},{"line_number":376,"context_line":"    cfg.StrOpt(\u0027ironic_verify_ca\u0027,"},{"line_number":377,"context_line":"               default\u003d\u0027True\u0027,"},{"line_number":378,"context_line":"               mutable\u003dTrue,"},{"line_number":379,"context_line":"               help\u003d_(\u0027CA certificates to be used for certificate \u0027"}],"source_content_type":"text/x-python","patch_set":7,"id":"9f560f44_3f22a6bb","line":376,"range":{"start_line":376,"start_character":16,"end_line":376,"end_character":32},"updated":"2020-08-31 15:14:46.000000000","message":"Would it be better to name it as image_verify_ca or so, instead of ironic_verify_ca ?","commit_id":"aef6ca25b18bdcfe0a26fd39681e802f678166c9"},{"author":{"_account_id":11076,"name":"Shivanand Tendulker","email":"stendulker@gmail.com","username":"stendulker"},"change_message_id":"7b08c6f7b6770638ad213dcb28ba3423699097f0","unresolved":false,"context_lines":[{"line_number":373,"context_line":"]"},{"line_number":374,"context_line":""},{"line_number":375,"context_line":"cert_verify_opts \u003d ["},{"line_number":376,"context_line":"    cfg.StrOpt(\u0027ironic_verify_ca\u0027,"},{"line_number":377,"context_line":"               default\u003d\u0027True\u0027,"},{"line_number":378,"context_line":"               mutable\u003dTrue,"},{"line_number":379,"context_line":"               help\u003d_(\u0027CA certificates to be used for certificate \u0027"}],"source_content_type":"text/x-python","patch_set":7,"id":"9f560f44_2b3543a9","line":376,"range":{"start_line":376,"start_character":16,"end_line":376,"end_character":32},"in_reply_to":"9f560f44_3f22a6bb","updated":"2020-09-01 05:00:20.000000000","message":"May be better to name it as \u0027webserver_verify_ca\u0027 as this conf deals with validating webserver certificates","commit_id":"aef6ca25b18bdcfe0a26fd39681e802f678166c9"},{"author":{"_account_id":18781,"name":"vinay50muddu","email":"vinay50muddu@yahoo.com","username":"vmud213"},"change_message_id":"a7bc3f51d43c1c76bb21c7bc58f06e1584c36907","unresolved":false,"context_lines":[{"line_number":373,"context_line":"]"},{"line_number":374,"context_line":""},{"line_number":375,"context_line":"cert_verify_opts \u003d ["},{"line_number":376,"context_line":"    cfg.StrOpt(\u0027ironic_verify_ca\u0027,"},{"line_number":377,"context_line":"               default\u003d\u0027True\u0027,"},{"line_number":378,"context_line":"               mutable\u003dTrue,"},{"line_number":379,"context_line":"               help\u003d_(\u0027CA certificates to be used for certificate \u0027"}],"source_content_type":"text/x-python","patch_set":7,"id":"9f560f44_b5cff7b1","line":376,"range":{"start_line":376,"start_character":16,"end_line":376,"end_character":32},"in_reply_to":"9f560f44_3f22a6bb","updated":"2020-08-31 15:45:09.000000000","message":"Sure. Will change it.","commit_id":"aef6ca25b18bdcfe0a26fd39681e802f678166c9"}],"ironic/tests/unit/common/test_image_service.py":[{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"61ac364cf4590f8fe5825c34717faea5211d2ef6","unresolved":false,"context_lines":[{"line_number":50,"context_line":"                          self.href)"},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"    @mock.patch.object(requests, \u0027head\u0027, autospec\u003dTrue)"},{"line_number":53,"context_line":"    def test_validate_hrefi_verify_false(self, head_mock):"},{"line_number":54,"context_line":"        response \u003d head_mock.return_value"},{"line_number":55,"context_line":"        response.status_code \u003d http_client.OK"},{"line_number":56,"context_line":"        self.service.validate_href(self.href, verify\u003dFalse)"}],"source_content_type":"text/x-python","patch_set":1,"id":"9f560f44_56bb25e4","line":53,"updated":"2020-07-25 14:05:58.000000000","message":"nit: \"href\"","commit_id":"1762deb6486ef4614c52e8da42c1019723e087ab"},{"author":{"_account_id":18781,"name":"vinay50muddu","email":"vinay50muddu@yahoo.com","username":"vmud213"},"change_message_id":"2ecd59a12e11400e72ce8d28c45590e967f0c742","unresolved":false,"context_lines":[{"line_number":50,"context_line":"                          self.href)"},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"    @mock.patch.object(requests, \u0027head\u0027, autospec\u003dTrue)"},{"line_number":53,"context_line":"    def test_validate_hrefi_verify_false(self, head_mock):"},{"line_number":54,"context_line":"        response \u003d head_mock.return_value"},{"line_number":55,"context_line":"        response.status_code \u003d http_client.OK"},{"line_number":56,"context_line":"        self.service.validate_href(self.href, verify\u003dFalse)"}],"source_content_type":"text/x-python","patch_set":1,"id":"9f560f44_297d6fb1","line":53,"in_reply_to":"9f560f44_56bb25e4","updated":"2020-07-27 08:00:02.000000000","message":"Done","commit_id":"1762deb6486ef4614c52e8da42c1019723e087ab"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"603bc095c724da8b47ad7624f26cf5150f9c1441","unresolved":false,"context_lines":[{"line_number":145,"context_line":"        shutil_mock.side_effect \u003d IOError"},{"line_number":146,"context_line":"        self.assertRaises(exception.ImageDownloadFailed,"},{"line_number":147,"context_line":"                          self.service.download, self.href, file_mock)"},{"line_number":148,"context_line":"        req_get_mock.assert_called_once_with(self.href, stream\u003dTrue, verify\u003dTrue)"},{"line_number":149,"context_line":""},{"line_number":150,"context_line":""},{"line_number":151,"context_line":"class FileImageServiceTestCase(base.TestCase):"}],"source_content_type":"text/x-python","patch_set":1,"id":"9f560f44_e069d88b","line":148,"updated":"2020-07-24 18:17:29.000000000","message":"pep8: E501 line too long (81 \u003e 79 characters)","commit_id":"1762deb6486ef4614c52e8da42c1019723e087ab"},{"author":{"_account_id":18781,"name":"vinay50muddu","email":"vinay50muddu@yahoo.com","username":"vmud213"},"change_message_id":"2ecd59a12e11400e72ce8d28c45590e967f0c742","unresolved":false,"context_lines":[{"line_number":145,"context_line":"        shutil_mock.side_effect \u003d IOError"},{"line_number":146,"context_line":"        self.assertRaises(exception.ImageDownloadFailed,"},{"line_number":147,"context_line":"                          self.service.download, self.href, file_mock)"},{"line_number":148,"context_line":"        req_get_mock.assert_called_once_with(self.href, stream\u003dTrue, verify\u003dTrue)"},{"line_number":149,"context_line":""},{"line_number":150,"context_line":""},{"line_number":151,"context_line":"class FileImageServiceTestCase(base.TestCase):"}],"source_content_type":"text/x-python","patch_set":1,"id":"9f560f44_69500734","line":148,"in_reply_to":"9f560f44_e069d88b","updated":"2020-07-27 08:00:02.000000000","message":"Done","commit_id":"1762deb6486ef4614c52e8da42c1019723e087ab"}],"releasenotes/notes/allow_custom_certificate_validation-8ba00759ed79e429.yaml":[{"author":{"_account_id":11076,"name":"Shivanand Tendulker","email":"stendulker@gmail.com","username":"stendulker"},"change_message_id":"22396de5fa41590e27ca7509507d9184d2da8f5b","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Adds support to accept custom certificate in HttpImageService which can"},{"line_number":5,"context_line":"    validate URLs hosted on a HTTPS webserver."}],"source_content_type":"text/x-yaml","patch_set":5,"id":"9f560f44_4a3e0cb8","line":4,"range":{"start_line":4,"start_character":46,"end_line":4,"end_character":75},"updated":"2020-08-07 07:34:58.000000000","message":"s/ in HttpImageService which can / to /","commit_id":"eb6c9790bedb6d6a401d6f5617ecb1fa1929902a"},{"author":{"_account_id":18781,"name":"vinay50muddu","email":"vinay50muddu@yahoo.com","username":"vmud213"},"change_message_id":"dcea018de1411dff6a03c1216575449021a1c471","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Adds support to accept custom certificate in HttpImageService which can"},{"line_number":5,"context_line":"    validate URLs hosted on a HTTPS webserver."}],"source_content_type":"text/x-yaml","patch_set":5,"id":"9f560f44_149ef305","line":4,"range":{"start_line":4,"start_character":46,"end_line":4,"end_character":75},"in_reply_to":"9f560f44_4a3e0cb8","updated":"2020-08-07 14:45:12.000000000","message":"Done","commit_id":"eb6c9790bedb6d6a401d6f5617ecb1fa1929902a"},{"author":{"_account_id":11076,"name":"Shivanand Tendulker","email":"stendulker@gmail.com","username":"stendulker"},"change_message_id":"6ae8f1f70ef9047cf7b537eeb373c1b704efed44","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Adds support to accept custom certificates to validate URLs"},{"line_number":5,"context_line":"    hosted on a HTTPS webserver."}],"source_content_type":"text/x-yaml","patch_set":7,"id":"9f560f44_52a791a8","line":5,"range":{"start_line":4,"start_character":4,"end_line":5,"end_character":32},"updated":"2020-08-31 15:14:46.000000000","message":"Also add information about the config parameter.","commit_id":"aef6ca25b18bdcfe0a26fd39681e802f678166c9"},{"author":{"_account_id":18781,"name":"vinay50muddu","email":"vinay50muddu@yahoo.com","username":"vmud213"},"change_message_id":"a7bc3f51d43c1c76bb21c7bc58f06e1584c36907","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Adds support to accept custom certificates to validate URLs"},{"line_number":5,"context_line":"    hosted on a HTTPS webserver."}],"source_content_type":"text/x-yaml","patch_set":7,"id":"9f560f44_75bd5f01","line":5,"range":{"start_line":4,"start_character":4,"end_line":5,"end_character":32},"in_reply_to":"9f560f44_52a791a8","updated":"2020-08-31 15:45:09.000000000","message":"Will do it.","commit_id":"aef6ca25b18bdcfe0a26fd39681e802f678166c9"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"339c21468b7228a1569e9bc1dfaa695c47e60417","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Adds a configuration option ``webserver_verify_ca`` to support accepting"},{"line_number":5,"context_line":"    custom certificates to validate URLs hosted on a HTTPS webserver."}],"source_content_type":"text/x-yaml","patch_set":8,"id":"9f560f44_99df2965","line":4,"updated":"2020-09-07 14:10:10.000000000","message":"nit: s/accepting//","commit_id":"5eb10ec5df0cf0b4dc7a6e054ddfe9d5fd445744"}]}
