)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"d5ec4ebfe15536d88dbf76c4dc4f888a1071b893","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"98f0680c_689da57e","updated":"2022-06-16 15:58:17.000000000","message":"Hello Keystone team,\nThis one was close to get merged, but never did. It was extensively discussed, but it never got through. Do you guys think that we need to change something in order to get it moving? What is the reason to keep blocking this proposal for so long? It adds an interesting new feature to Keystone identity federation module while maintaining backward compatibility.","commit_id":"e68fc57d8ef94b764a699253570e409326ed8522"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"8f94a5f44a35b2c6f13ee9fd0c4f89b41c4437ba","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"49794b98_f8a8c304","updated":"2022-02-23 13:04:58.000000000","message":"Hello Keystone team,\nThis one was close to get merged, but never did. It was extensively discussed, but it never got through. Do you guys think that we need to change something in order to get it moving? What is the reason to keep blocking this proposal for so long? It adds an interesting new feature to Keystone while maintaining backward compatibility.","commit_id":"e68fc57d8ef94b764a699253570e409326ed8522"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"1aeb66efa9162b23b5839038d6240172b92bba0f","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":10,"id":"7a68982d_bb6e77b7","updated":"2022-07-01 14:48:30.000000000","message":"Looks good to me.","commit_id":"9d1efea8013ba1c240af7de2e25ccfcdffd0549c"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"ed87cfcd3a643c71a8b0c90b1261e2acb95db267","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":10,"id":"e13105ab_4bf2738b","in_reply_to":"7a68982d_bb6e77b7","updated":"2022-07-01 19:58:32.000000000","message":"Thanks for your review!!\n\nIt is much appreciated. I tried to improve the title of the spec. Can you see if that is good enough? Maybe, I can improve it further, if needed.","commit_id":"9d1efea8013ba1c240af7de2e25ccfcdffd0549c"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"1948874a02dcc9ced919a1220b5645b8846b2c50","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"cae36111_a86d0efc","updated":"2022-11-30 11:48:37.000000000","message":"Hello guys, is the -1 here still valid? If this spec gets merged, I can then focus on the patch itself to resolve the conflicts and to make it ready for merging.","commit_id":"5e224b91a2307945bb03491d58eec9dbdae929fb"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"6166fad6daf2890c335ccac74a1a1b6e8171b7e7","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"05d4d532_b2e0db4f","updated":"2022-07-29 14:33:27.000000000","message":"Hi Rafael,\n\nI apologize for the late review, but I think it may be better to hold of on schema \nchanges until we\u0027re completely moved to alembic. [1]\n\nI think we should be able to still get this functionality in Zed by using a new \"default_domain\" attribute that works as described in the spec.\n\nWe can revisit the schema changes in AA.\n\n[1] https://review.opendev.org/c/openstack/keystone/+/825844","commit_id":"5e224b91a2307945bb03491d58eec9dbdae929fb"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"5f6050386634e1f7f6b068d8197d537ba85f57c4","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"42fcd1ea_14e32928","in_reply_to":"05d4d532_b2e0db4f","updated":"2022-08-19 01:41:01.000000000","message":"Hello Douglas, \nThanks for the feedback on this patch. I see that the patch #825844 is already merged. Therefore, are you ok with us moving on with this one as is?","commit_id":"5e224b91a2307945bb03491d58eec9dbdae929fb"},{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"2e57ae588aec0d00fffdad348951c6d0509a5960","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":12,"id":"8de78cdc_90d10177","updated":"2023-10-10 14:48:25.000000000","message":"a nasty question: is this what people are still interested in and we can try to get in? We are currently searching for a solution where this seems like it should solve the usecase","commit_id":"87cb1e6bde224371b1feba406dd383e3e0a97124"},{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"71020340aacbea108e016d1a313cb9f3039223d7","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":12,"id":"0c2a118b_d36d38a4","updated":"2023-10-13 18:49:06.000000000","message":"yes, please. We are also interested and I am ready to chase Keystone folks wrt this","commit_id":"87cb1e6bde224371b1feba406dd383e3e0a97124"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"749b77a78a4d8a2922df6ed48dc3b8abb282502d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":12,"id":"56fe3ef8_32d0ac3a","in_reply_to":"0c2a118b_d36d38a4","updated":"2023-10-13 18:57:04.000000000","message":"Awesome! I rebased the patch. As soon as it is merged, I can update the patch for the code.","commit_id":"87cb1e6bde224371b1feba406dd383e3e0a97124"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"473787363c28a016ec7c850f8df7fdcbca7605f4","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":12,"id":"6696edac_ad8765ed","in_reply_to":"8de78cdc_90d10177","updated":"2023-10-13 18:42:24.000000000","message":"I am. We use this solution internally, but people (the community) never allowed us to merge upstream. \n\nIf this desire has changed, I can update the patches, and work to fix the conflicts and improve the code, if needed.","commit_id":"87cb1e6bde224371b1feba406dd383e3e0a97124"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"f1467351f9e6c6f556f07e0df4f85ccedff8ec0e","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":14,"id":"e83a2093_5a58aa38","updated":"2023-11-18 21:18:04.000000000","message":"I\u0027m okay with this, however I strongly do not want to introduce new schema versions for every new change, but reserve them just for backwards incompatible ones like this one.\n\nIn addition, use semantic versioning. So a backwards incompatible change would imply a bump of the major version. So the new schema version that uses the \"domain\" attribute differently would be version 2, instead of 1.1\n\nIn other words, just adding new attributes shouldn\u0027t require a version bump. This makes the user experience significantly easier, and unless people add the new attributes explicitly then they won\u0027t be opted in to them.","commit_id":"8c21bee4aaa72aef90e0dd7ca573678e6304895e"},{"author":{"_account_id":28619,"name":"Dmitriy Rabotyagov","email":"noonedeadpunk@gmail.com","username":"noonedeadpunk"},"change_message_id":"9716f0924b51c89c8bc240a1d7c71592f672ae01","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":14,"id":"ddcd081c_afc80bf7","updated":"2023-10-23 13:46:51.000000000","message":"I\u0027ve added topic to the PTG discussion","commit_id":"8c21bee4aaa72aef90e0dd7ca573678e6304895e"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"3edfad0572885fa8f8dac6bcc4e57b7bd229a8cf","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":14,"id":"0b4fd9b8_03ce2966","updated":"2023-11-18 11:11:17.000000000","message":"Thanks for the review! As soon, as it is merged, I can resolve the conflicts of the code patches, and then move them on. \n\nAfter this one is merged, I can update the other proposals that are based on this one \u003d)","commit_id":"8c21bee4aaa72aef90e0dd7ca573678e6304895e"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"53b42e30cea4fbed5a05b9e7e68b9afc2c7cba75","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":14,"id":"4d66a989_ddaa0dc9","in_reply_to":"7448c497_8f52edb9","updated":"2023-11-19 23:50:35.000000000","message":"Done","commit_id":"8c21bee4aaa72aef90e0dd7ca573678e6304895e"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"57ec355e3aaf6732a8db3dccb4f6068d2783da4b","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":14,"id":"7448c497_8f52edb9","in_reply_to":"9a3438e3_1b9f4ee0","updated":"2023-11-19 02:15:53.000000000","message":"with respect to this spec it’s enough to change the version mentioned in this spec from 1.1 to 2.","commit_id":"8c21bee4aaa72aef90e0dd7ca573678e6304895e"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"4102017d3c7325d324965f1d37f969e9e5537fc2","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":14,"id":"9a3438e3_1b9f4ee0","in_reply_to":"e83a2093_5a58aa38","updated":"2023-11-18 23:28:08.000000000","message":"I understand what you mean, but I do not get the point with respect to this patch. Should we add some note of some sort in the spec here?","commit_id":"8c21bee4aaa72aef90e0dd7ca573678e6304895e"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"57853b7650e970bc16e6f39f107770e032f50a81","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":15,"id":"f89d39e8_92b68ea5","updated":"2023-11-20 19:14:21.000000000","message":"Thank you for quickly revising the spec to implement my prior suggestion of making the schema version 2.0.\n\nThe following suggestions are solely to improve the way the spec reads, removing some superfluous sentences, incorrect wordings, or confusing passages.\n\nThank you.","commit_id":"239c75547354f7bd3566248c9c591727ab924970"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"e8c941ea4043108ac6190cf6ba4c26d4571b2309","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":15,"id":"e76ddcf5_681466c7","in_reply_to":"f89d39e8_92b68ea5","updated":"2023-11-20 20:21:51.000000000","message":"Thank you for the review! I have amended the patch as suggested.","commit_id":"239c75547354f7bd3566248c9c591727ab924970"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"bb8c290d4ae10dbd84222e3b71a4ee6b63119427","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":17,"id":"13c7d3e0_202d22f0","updated":"2023-12-12 20:08:10.000000000","message":"I updated the patch at https://review.opendev.org/c/openstack/keystone/+/739966?tab\u003dcomments, with the updated code to reflect the spec that was merged. Thank you guys for your reviews!","commit_id":"2170b9176d6d8edaecb2bfee998f9a2d082b180c"},{"author":{"_account_id":7414,"name":"David Wilde","email":"dwilde@redhat.com","username":"d34dh0r53"},"change_message_id":"834d5e8e693bd0476dc1bbaf8283d96569e2298b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":17,"id":"95f87022_e8da8321","updated":"2023-12-06 14:55:37.000000000","message":"Looks good to me","commit_id":"2170b9176d6d8edaecb2bfee998f9a2d082b180c"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"2047469498072f83ac7cd1a91d07c5f3ede45944","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":17,"id":"1b0f334f_edd7fea5","updated":"2023-11-20 21:43:05.000000000","message":"Thank you for the prompt revisions! This looks good to me.","commit_id":"2170b9176d6d8edaecb2bfee998f9a2d082b180c"},{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"e2db6e1a38ae2b8cc4c2bee2b4245de0855c14d4","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":17,"id":"bef274ad_e5e65dfd","updated":"2023-11-21 07:01:50.000000000","message":"thanks Kristi for reviews","commit_id":"2170b9176d6d8edaecb2bfee998f9a2d082b180c"}],"specs/keystone/2024.1/versioning-for-attribute-mapping-schema.rst":[{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"57853b7650e970bc16e6f39f107770e032f50a81","unresolved":true,"context_lines":[{"line_number":4,"context_line":" http://creativecommons.org/licenses/by/3.0/legalcode"},{"line_number":5,"context_line":""},{"line_number":6,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":7,"context_line":"Add schema version and add support to \"domain\" attribute in mapping rules"},{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":"This spec makes Keystone to honor the \"domain\" attribute mapping rules,"},{"line_number":10,"context_line":"and adds a versioning method to the attribute mapping schema used by identity"}],"source_content_type":"text/x-rst","patch_set":15,"id":"a96d48c7_996fbaa6","line":7,"range":{"start_line":7,"start_character":35,"end_line":7,"end_character":37},"updated":"2023-11-20 19:14:21.000000000","message":"\"to\" is not necessary here, please remove.","commit_id":"239c75547354f7bd3566248c9c591727ab924970"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"e8c941ea4043108ac6190cf6ba4c26d4571b2309","unresolved":false,"context_lines":[{"line_number":4,"context_line":" http://creativecommons.org/licenses/by/3.0/legalcode"},{"line_number":5,"context_line":""},{"line_number":6,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":7,"context_line":"Add schema version and add support to \"domain\" attribute in mapping rules"},{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":"This spec makes Keystone to honor the \"domain\" attribute mapping rules,"},{"line_number":10,"context_line":"and adds a versioning method to the attribute mapping schema used by identity"}],"source_content_type":"text/x-rst","patch_set":15,"id":"09125809_db37f1f7","line":7,"range":{"start_line":7,"start_character":35,"end_line":7,"end_character":37},"in_reply_to":"3ac168e6_f3c2db90","updated":"2023-11-20 20:21:51.000000000","message":"Done","commit_id":"239c75547354f7bd3566248c9c591727ab924970"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"8847b58260f216c922d8a57ca10f7526851ea480","unresolved":true,"context_lines":[{"line_number":4,"context_line":" http://creativecommons.org/licenses/by/3.0/legalcode"},{"line_number":5,"context_line":""},{"line_number":6,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":7,"context_line":"Add schema version and add support to \"domain\" attribute in mapping rules"},{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":"This spec makes Keystone to honor the \"domain\" attribute mapping rules,"},{"line_number":10,"context_line":"and adds a versioning method to the attribute mapping schema used by identity"}],"source_content_type":"text/x-rst","patch_set":15,"id":"3ac168e6_f3c2db90","line":7,"range":{"start_line":7,"start_character":35,"end_line":7,"end_character":37},"in_reply_to":"a96d48c7_996fbaa6","updated":"2023-11-20 19:15:20.000000000","message":"\"for\" would be the right word choice.","commit_id":"239c75547354f7bd3566248c9c591727ab924970"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"57853b7650e970bc16e6f39f107770e032f50a81","unresolved":true,"context_lines":[{"line_number":6,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":7,"context_line":"Add schema version and add support to \"domain\" attribute in mapping rules"},{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":"This spec makes Keystone to honor the \"domain\" attribute mapping rules,"},{"line_number":10,"context_line":"and adds a versioning method to the attribute mapping schema used by identity"},{"line_number":11,"context_line":"federation deployments."},{"line_number":12,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"b5442e65_d0193437","line":9,"range":{"start_line":9,"start_character":25,"end_line":9,"end_character":27},"updated":"2023-11-20 19:14:21.000000000","message":"\"to\" is not necessary here, please remove. A more correct wording is: This spec introduces support for the \"domain\" attribute in mapping rules...","commit_id":"239c75547354f7bd3566248c9c591727ab924970"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"e8c941ea4043108ac6190cf6ba4c26d4571b2309","unresolved":false,"context_lines":[{"line_number":6,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":7,"context_line":"Add schema version and add support to \"domain\" attribute in mapping rules"},{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":"This spec makes Keystone to honor the \"domain\" attribute mapping rules,"},{"line_number":10,"context_line":"and adds a versioning method to the attribute mapping schema used by identity"},{"line_number":11,"context_line":"federation deployments."},{"line_number":12,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"cf580be9_2bd3f167","line":9,"range":{"start_line":9,"start_character":25,"end_line":9,"end_character":27},"in_reply_to":"b5442e65_d0193437","updated":"2023-11-20 20:21:51.000000000","message":"Done","commit_id":"239c75547354f7bd3566248c9c591727ab924970"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"57853b7650e970bc16e6f39f107770e032f50a81","unresolved":true,"context_lines":[{"line_number":29,"context_line":"defined in the mapping will also apply to users and projects. However, that is"},{"line_number":30,"context_line":"not what happens."},{"line_number":31,"context_line":""},{"line_number":32,"context_line":"The examples in the documentation [2]_ do not cover all use cases, which is"},{"line_number":33,"context_line":"fine. Therefore, some people might do what I did when I started working with"},{"line_number":34,"context_line":"identity federation in Keystone. I went directly to the code, and checked the"},{"line_number":35,"context_line":"schema to understand what I could define as the mapping. Then, I saw that at"},{"line_number":36,"context_line":"the root of the `local` rules, we had a domain definition [3]_. I also saw a"}],"source_content_type":"text/x-rst","patch_set":15,"id":"8b3982eb_46579e41","line":33,"range":{"start_line":32,"start_character":67,"end_line":33,"end_character":4},"updated":"2023-11-20 19:14:21.000000000","message":"This part of the sentence is unnecessary. Please remove it.","commit_id":"239c75547354f7bd3566248c9c591727ab924970"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"e8c941ea4043108ac6190cf6ba4c26d4571b2309","unresolved":false,"context_lines":[{"line_number":29,"context_line":"defined in the mapping will also apply to users and projects. However, that is"},{"line_number":30,"context_line":"not what happens."},{"line_number":31,"context_line":""},{"line_number":32,"context_line":"The examples in the documentation [2]_ do not cover all use cases, which is"},{"line_number":33,"context_line":"fine. Therefore, some people might do what I did when I started working with"},{"line_number":34,"context_line":"identity federation in Keystone. I went directly to the code, and checked the"},{"line_number":35,"context_line":"schema to understand what I could define as the mapping. Then, I saw that at"},{"line_number":36,"context_line":"the root of the `local` rules, we had a domain definition [3]_. I also saw a"}],"source_content_type":"text/x-rst","patch_set":15,"id":"ede18143_c1670b8e","line":33,"range":{"start_line":32,"start_character":67,"end_line":33,"end_character":4},"in_reply_to":"8b3982eb_46579e41","updated":"2023-11-20 20:21:51.000000000","message":"Done","commit_id":"239c75547354f7bd3566248c9c591727ab924970"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"57853b7650e970bc16e6f39f107770e032f50a81","unresolved":true,"context_lines":[{"line_number":30,"context_line":"not what happens."},{"line_number":31,"context_line":""},{"line_number":32,"context_line":"The examples in the documentation [2]_ do not cover all use cases, which is"},{"line_number":33,"context_line":"fine. Therefore, some people might do what I did when I started working with"},{"line_number":34,"context_line":"identity federation in Keystone. I went directly to the code, and checked the"},{"line_number":35,"context_line":"schema to understand what I could define as the mapping. Then, I saw that at"},{"line_number":36,"context_line":"the root of the `local` rules, we had a domain definition [3]_. I also saw a"},{"line_number":37,"context_line":"domain options for the `user` and `group` properties. Therefore, I thought"},{"line_number":38,"context_line":"that those could be used as an override, and this one ([3]_) was the default"},{"line_number":39,"context_line":"for the mapping rule. I only discovered that this was not the case when I"},{"line_number":40,"context_line":"started testing, and then I checked how the mapping was being processed."},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"This patch is not changing the feature, all we had working before will keep"},{"line_number":43,"context_line":"working as it was. We are merely adding to it. Adding a method to define"}],"source_content_type":"text/x-rst","patch_set":15,"id":"c0a76fdb_c6b85709","line":40,"range":{"start_line":33,"start_character":6,"end_line":40,"end_character":72},"updated":"2023-11-20 19:14:21.000000000","message":"Can you please re-write this section without using first person?","commit_id":"239c75547354f7bd3566248c9c591727ab924970"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"e8c941ea4043108ac6190cf6ba4c26d4571b2309","unresolved":false,"context_lines":[{"line_number":30,"context_line":"not what happens."},{"line_number":31,"context_line":""},{"line_number":32,"context_line":"The examples in the documentation [2]_ do not cover all use cases, which is"},{"line_number":33,"context_line":"fine. Therefore, some people might do what I did when I started working with"},{"line_number":34,"context_line":"identity federation in Keystone. I went directly to the code, and checked the"},{"line_number":35,"context_line":"schema to understand what I could define as the mapping. Then, I saw that at"},{"line_number":36,"context_line":"the root of the `local` rules, we had a domain definition [3]_. I also saw a"},{"line_number":37,"context_line":"domain options for the `user` and `group` properties. Therefore, I thought"},{"line_number":38,"context_line":"that those could be used as an override, and this one ([3]_) was the default"},{"line_number":39,"context_line":"for the mapping rule. I only discovered that this was not the case when I"},{"line_number":40,"context_line":"started testing, and then I checked how the mapping was being processed."},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"This patch is not changing the feature, all we had working before will keep"},{"line_number":43,"context_line":"working as it was. We are merely adding to it. Adding a method to define"}],"source_content_type":"text/x-rst","patch_set":15,"id":"0a2bceaf_419838c1","line":40,"range":{"start_line":33,"start_character":6,"end_line":40,"end_character":72},"in_reply_to":"c0a76fdb_c6b85709","updated":"2023-11-20 20:21:51.000000000","message":"Done","commit_id":"239c75547354f7bd3566248c9c591727ab924970"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"57853b7650e970bc16e6f39f107770e032f50a81","unresolved":true,"context_lines":[{"line_number":39,"context_line":"for the mapping rule. I only discovered that this was not the case when I"},{"line_number":40,"context_line":"started testing, and then I checked how the mapping was being processed."},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"This patch is not changing the feature, all we had working before will keep"},{"line_number":43,"context_line":"working as it was. We are merely adding to it. Adding a method to define"},{"line_number":44,"context_line":"a \"default\" domain for the rules, which can then be overridden in the user,"},{"line_number":45,"context_line":"projects, or groups definitions."},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"Proposed Change"},{"line_number":48,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":15,"id":"7f692bb0_195981a1","line":45,"range":{"start_line":42,"start_character":0,"end_line":45,"end_character":32},"updated":"2023-11-20 19:14:21.000000000","message":"Please remove this paragraph from the problem description section. The proposed change does a better job at describing the change.","commit_id":"239c75547354f7bd3566248c9c591727ab924970"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"e8c941ea4043108ac6190cf6ba4c26d4571b2309","unresolved":false,"context_lines":[{"line_number":39,"context_line":"for the mapping rule. I only discovered that this was not the case when I"},{"line_number":40,"context_line":"started testing, and then I checked how the mapping was being processed."},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"This patch is not changing the feature, all we had working before will keep"},{"line_number":43,"context_line":"working as it was. We are merely adding to it. Adding a method to define"},{"line_number":44,"context_line":"a \"default\" domain for the rules, which can then be overridden in the user,"},{"line_number":45,"context_line":"projects, or groups definitions."},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"Proposed Change"},{"line_number":48,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":15,"id":"5b6a47f9_b40519a8","line":45,"range":{"start_line":42,"start_character":0,"end_line":45,"end_character":32},"in_reply_to":"7f692bb0_195981a1","updated":"2023-11-20 20:21:51.000000000","message":"Done","commit_id":"239c75547354f7bd3566248c9c591727ab924970"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"57853b7650e970bc16e6f39f107770e032f50a81","unresolved":true,"context_lines":[{"line_number":60,"context_line":"Thus we extended Keystone identity provider (IdP) attribute mapping"},{"line_number":61,"context_line":"schema to make Keystone honor the `domain` configuration that we have on it."},{"line_number":62,"context_line":"Currently, that configuration is only used to define a default domain for"},{"line_number":63,"context_line":"groups (and then each group there, could override it). It is interesting to"},{"line_number":64,"context_line":"expand this configuration (as long as it is in the root of the attribute"},{"line_number":65,"context_line":"mapping) to be also applied for users and projects."},{"line_number":66,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"6631b437_536ed091","line":63,"range":{"start_line":63,"start_character":55,"end_line":63,"end_character":72},"updated":"2023-11-20 19:14:21.000000000","message":"A more correct wording is: it is of interest.","commit_id":"239c75547354f7bd3566248c9c591727ab924970"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"e8c941ea4043108ac6190cf6ba4c26d4571b2309","unresolved":false,"context_lines":[{"line_number":60,"context_line":"Thus we extended Keystone identity provider (IdP) attribute mapping"},{"line_number":61,"context_line":"schema to make Keystone honor the `domain` configuration that we have on it."},{"line_number":62,"context_line":"Currently, that configuration is only used to define a default domain for"},{"line_number":63,"context_line":"groups (and then each group there, could override it). It is interesting to"},{"line_number":64,"context_line":"expand this configuration (as long as it is in the root of the attribute"},{"line_number":65,"context_line":"mapping) to be also applied for users and projects."},{"line_number":66,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"fdcafd50_275c8d78","line":63,"range":{"start_line":63,"start_character":55,"end_line":63,"end_character":72},"in_reply_to":"6631b437_536ed091","updated":"2023-11-20 20:21:51.000000000","message":"Done","commit_id":"239c75547354f7bd3566248c9c591727ab924970"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"57853b7650e970bc16e6f39f107770e032f50a81","unresolved":true,"context_lines":[{"line_number":248,"context_line":"- a new attribute will be available `schema_version`. It defaults to `1.0`."},{"line_number":249,"context_line":"- Properties `groups`, `projects`, and `user`, all accept the definition of a"},{"line_number":250,"context_line":"  `domain` that overrides the optional `domain` that is defined in the root of"},{"line_number":251,"context_line":"  the mapping rule. If thoese objects do not define a domain, we take the one"},{"line_number":252,"context_line":"  specified in the root of the mapping rule. If no domain is also defined in"},{"line_number":253,"context_line":"  the root of the mapping rule, the IdP domain is used."},{"line_number":254,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"20d2eb28_57b55738","line":251,"range":{"start_line":251,"start_character":23,"end_line":251,"end_character":29},"updated":"2023-11-20 19:14:21.000000000","message":"these","commit_id":"239c75547354f7bd3566248c9c591727ab924970"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"e8c941ea4043108ac6190cf6ba4c26d4571b2309","unresolved":false,"context_lines":[{"line_number":248,"context_line":"- a new attribute will be available `schema_version`. It defaults to `1.0`."},{"line_number":249,"context_line":"- Properties `groups`, `projects`, and `user`, all accept the definition of a"},{"line_number":250,"context_line":"  `domain` that overrides the optional `domain` that is defined in the root of"},{"line_number":251,"context_line":"  the mapping rule. If thoese objects do not define a domain, we take the one"},{"line_number":252,"context_line":"  specified in the root of the mapping rule. If no domain is also defined in"},{"line_number":253,"context_line":"  the root of the mapping rule, the IdP domain is used."},{"line_number":254,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"8f645f94_d1d6f560","line":251,"range":{"start_line":251,"start_character":23,"end_line":251,"end_character":29},"in_reply_to":"20d2eb28_57b55738","updated":"2023-11-20 20:21:51.000000000","message":"Done","commit_id":"239c75547354f7bd3566248c9c591727ab924970"},{"author":{"_account_id":13478,"name":"Boris Bobrov","email":"b.bobrov@sap.com","username":"bbobrov"},"change_message_id":"486ef69aabfe4900d0b59f513a3ba2fc2dcff971","unresolved":true,"context_lines":[{"line_number":225,"context_line":"    | rules | text        | NO   |     | NULL    |       |"},{"line_number":226,"context_line":"    +-------+-------------+------+-----+---------+-------+"},{"line_number":227,"context_line":""},{"line_number":228,"context_line":"We would add a newfield to it. Therefore, it would look like:"},{"line_number":229,"context_line":""},{"line_number":230,"context_line":".. code-block:: bash"},{"line_number":231,"context_line":""}],"source_content_type":"text/x-rst","patch_set":17,"id":"cbd78fca_86000587","line":228,"updated":"2023-11-29 15:27:54.000000000","message":"Could it be done with resource options instead?","commit_id":"2170b9176d6d8edaecb2bfee998f9a2d082b180c"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"7da2c48b7dc3f5c7266217ebd312f28dd2289835","unresolved":true,"context_lines":[{"line_number":225,"context_line":"    | rules | text        | NO   |     | NULL    |       |"},{"line_number":226,"context_line":"    +-------+-------------+------+-----+---------+-------+"},{"line_number":227,"context_line":""},{"line_number":228,"context_line":"We would add a newfield to it. Therefore, it would look like:"},{"line_number":229,"context_line":""},{"line_number":230,"context_line":".. code-block:: bash"},{"line_number":231,"context_line":""}],"source_content_type":"text/x-rst","patch_set":17,"id":"ee580e1e_ad8c7dfa","line":228,"in_reply_to":"cbd78fca_86000587","updated":"2023-11-29 16:28:13.000000000","message":"What do you by \"resource options\"?\n\nWhat would be the difference with the current proposal?","commit_id":"2170b9176d6d8edaecb2bfee998f9a2d082b180c"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"e06ebf9a3629f8da0f880f105d7d5a687bc2abcd","unresolved":true,"context_lines":[{"line_number":225,"context_line":"    | rules | text        | NO   |     | NULL    |       |"},{"line_number":226,"context_line":"    +-------+-------------+------+-----+---------+-------+"},{"line_number":227,"context_line":""},{"line_number":228,"context_line":"We would add a newfield to it. Therefore, it would look like:"},{"line_number":229,"context_line":""},{"line_number":230,"context_line":".. code-block:: bash"},{"line_number":231,"context_line":""}],"source_content_type":"text/x-rst","patch_set":17,"id":"c8d3f9f8_d333ad27","line":228,"in_reply_to":"dcc7db37_1a410095","updated":"2023-11-30 17:40:13.000000000","message":"I find this type of approach a bit too complicated. It feels easier, simpler and better for future evolution/development to have clear data structures, instead of a generic table with columns where we pile everything and anything.\n\n\nIf it is a requirement to move this spec forward, I can change it thing. However, I do not see the benefits of such approach for this specific case.","commit_id":"2170b9176d6d8edaecb2bfee998f9a2d082b180c"},{"author":{"_account_id":13478,"name":"Boris Bobrov","email":"b.bobrov@sap.com","username":"bbobrov"},"change_message_id":"94ed7967103a2c9f0751d3e8392fdd9163497155","unresolved":true,"context_lines":[{"line_number":225,"context_line":"    | rules | text        | NO   |     | NULL    |       |"},{"line_number":226,"context_line":"    +-------+-------------+------+-----+---------+-------+"},{"line_number":227,"context_line":""},{"line_number":228,"context_line":"We would add a newfield to it. Therefore, it would look like:"},{"line_number":229,"context_line":""},{"line_number":230,"context_line":".. code-block:: bash"},{"line_number":231,"context_line":""}],"source_content_type":"text/x-rst","patch_set":17,"id":"dcc7db37_1a410095","line":228,"in_reply_to":"ee580e1e_ad8c7dfa","updated":"2023-11-29 16:40:32.000000000","message":"https://bugs.launchpad.net/keystone/+bug/1807751 . Some time ago, keystone received resource options, that can be used with all resource types. The idea was to stop adding fields to existing tables, and to extend models in another general-purpose table. This means less migrations, easier format changes, individual options per entry and application-level validation.\n\nFor example, if you set project as immutable, it will not be added to the `projects` table and will be handled via resource options.\n\nThe difference would be that there will be no extra field and no database migration, but a change to the model and a new resource option, attached to the existing model.\n\nI am not sure that it is the right way to implement this and just wanted to talk through it.","commit_id":"2170b9176d6d8edaecb2bfee998f9a2d082b180c"}],"specs/keystone/wallaby/versioning-for-attribute-mapping-schema.rst":[{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"555eace5fd1557f393abdb68777ed2a3e33da9f2","unresolved":true,"context_lines":[{"line_number":5,"context_line":""},{"line_number":6,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":7,"context_line":"Keystone to honor the \"domain\" attribute mapping rules"},{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":"This spec makes Keystone to honor the \"domain\" attribute mapping rules,"},{"line_number":10,"context_line":"and adds a versioning method to the attribute mapping schema used by identity"},{"line_number":11,"context_line":"federation deployments."}],"source_content_type":"text/x-rst","patch_set":4,"id":"7b269062_c1ee14dd","line":8,"updated":"2020-11-22 22:52:20.000000000","message":"Can you include a link to the RFE bug (see the template https://opendev.org/openstack/keystone-specs/src/branch/master/specs/template.rst)","commit_id":"c0b1e99db2d12a5c900a6b39fdc180783bd0c0de"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"b3c825fb20166661bee5cefd1a2f7a13f21bb25c","unresolved":false,"context_lines":[{"line_number":5,"context_line":""},{"line_number":6,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":7,"context_line":"Keystone to honor the \"domain\" attribute mapping rules"},{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":"This spec makes Keystone to honor the \"domain\" attribute mapping rules,"},{"line_number":10,"context_line":"and adds a versioning method to the attribute mapping schema used by identity"},{"line_number":11,"context_line":"federation deployments."}],"source_content_type":"text/x-rst","patch_set":4,"id":"f28a6b06_b5af3469","line":8,"in_reply_to":"7b269062_c1ee14dd","updated":"2020-11-25 14:15:09.000000000","message":"Sure, I was not aware of this template.","commit_id":"c0b1e99db2d12a5c900a6b39fdc180783bd0c0de"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"555eace5fd1557f393abdb68777ed2a3e33da9f2","unresolved":true,"context_lines":[{"line_number":7,"context_line":"Keystone to honor the \"domain\" attribute mapping rules"},{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":"This spec makes Keystone to honor the \"domain\" attribute mapping rules,"},{"line_number":10,"context_line":"and adds a versioning method to the attribute mapping schema used by identity"},{"line_number":11,"context_line":"federation deployments."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Problem Description"}],"source_content_type":"text/x-rst","patch_set":4,"id":"95cc3c57_786833a0","line":10,"range":{"start_line":10,"start_character":11,"end_line":10,"end_character":28},"updated":"2020-11-22 22:52:20.000000000","message":"This sounds very much like https://specs.openstack.org/openstack/keystone-specs/specs/keystone/backlog/versioned-mappings.html\n\nCan you rework that spec and propose it for this cycle, and make this new attribute dependent on that? Or at a minimum please reference that spec in this one and remove it from the backlog.","commit_id":"c0b1e99db2d12a5c900a6b39fdc180783bd0c0de"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"b3c825fb20166661bee5cefd1a2f7a13f21bb25c","unresolved":false,"context_lines":[{"line_number":7,"context_line":"Keystone to honor the \"domain\" attribute mapping rules"},{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":"This spec makes Keystone to honor the \"domain\" attribute mapping rules,"},{"line_number":10,"context_line":"and adds a versioning method to the attribute mapping schema used by identity"},{"line_number":11,"context_line":"federation deployments."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Problem Description"}],"source_content_type":"text/x-rst","patch_set":4,"id":"1b985da6_c4f48ea9","line":10,"range":{"start_line":10,"start_character":11,"end_line":10,"end_character":28},"in_reply_to":"95cc3c57_786833a0","updated":"2020-11-25 14:15:09.000000000","message":"I would rather stick with this one. Therefore, I am citing that spec here, and I removed it from the backlog.","commit_id":"c0b1e99db2d12a5c900a6b39fdc180783bd0c0de"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"555eace5fd1557f393abdb68777ed2a3e33da9f2","unresolved":true,"context_lines":[{"line_number":20,"context_line":"in OpenStack."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"An operator when reading the attribute mapping section and seeing the schema"},{"line_number":23,"context_line":"for the attribute mapping definition, can be led to think that the domain"},{"line_number":24,"context_line":"defined in the mapping will also apply to users and projects. However, that is"},{"line_number":25,"context_line":"not what happens."},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"Proposed Change"}],"source_content_type":"text/x-rst","patch_set":4,"id":"fee40072_2a965e71","line":24,"range":{"start_line":23,"start_character":38,"end_line":24,"end_character":61},"updated":"2020-11-22 22:52:20.000000000","message":"Can you give an example mapping that would lead someone to think this? When I look at e.g. https://docs.openstack.org/keystone/latest/admin/federation/mapping_combinations.html#empty-condition the domain is part of the \"group\" object and so it does not seem misleading to me.\n\nYou can moreover use local users and directly set the domain for those users (see the last example in https://docs.openstack.org/keystone/latest/admin/federation/mapping_combinations.html#other-conditions [search \"Users can be mapped to local users that already exist in keystone’s identity backend\"...]), why is that not sufficient?","commit_id":"c0b1e99db2d12a5c900a6b39fdc180783bd0c0de"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"269b46ad1d15f497aea5c6592f978ecd63bfed55","unresolved":true,"context_lines":[{"line_number":20,"context_line":"in OpenStack."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"An operator when reading the attribute mapping section and seeing the schema"},{"line_number":23,"context_line":"for the attribute mapping definition, can be led to think that the domain"},{"line_number":24,"context_line":"defined in the mapping will also apply to users and projects. However, that is"},{"line_number":25,"context_line":"not what happens."},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"Proposed Change"}],"source_content_type":"text/x-rst","patch_set":4,"id":"dcce349b_4d4f18a6","line":24,"range":{"start_line":23,"start_character":38,"end_line":24,"end_character":61},"in_reply_to":"3cd0a30d_a9bb828c","updated":"2020-11-25 19:02:48.000000000","message":"We are not changing the feature. We are merely adding to it. Adding a method to define a \"default\" domain for the rules, which can then be overridden in the user, projects, or groups definition.\n\nSure defining a domain in the user property works, but that is not what is being discussed and proposed here.","commit_id":"c0b1e99db2d12a5c900a6b39fdc180783bd0c0de"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"ed87cfcd3a643c71a8b0c90b1261e2acb95db267","unresolved":false,"context_lines":[{"line_number":20,"context_line":"in OpenStack."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"An operator when reading the attribute mapping section and seeing the schema"},{"line_number":23,"context_line":"for the attribute mapping definition, can be led to think that the domain"},{"line_number":24,"context_line":"defined in the mapping will also apply to users and projects. However, that is"},{"line_number":25,"context_line":"not what happens."},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"Proposed Change"}],"source_content_type":"text/x-rst","patch_set":4,"id":"7cc77880_7fbbc7fd","line":24,"range":{"start_line":23,"start_character":38,"end_line":24,"end_character":61},"in_reply_to":"dcce349b_4d4f18a6","updated":"2022-07-01 19:58:32.000000000","message":"Done","commit_id":"c0b1e99db2d12a5c900a6b39fdc180783bd0c0de"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"2891aa75259ecefffd335f0dac124cb253f63b86","unresolved":true,"context_lines":[{"line_number":20,"context_line":"in OpenStack."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"An operator when reading the attribute mapping section and seeing the schema"},{"line_number":23,"context_line":"for the attribute mapping definition, can be led to think that the domain"},{"line_number":24,"context_line":"defined in the mapping will also apply to users and projects. However, that is"},{"line_number":25,"context_line":"not what happens."},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"Proposed Change"}],"source_content_type":"text/x-rst","patch_set":4,"id":"3cd0a30d_a9bb828c","line":24,"range":{"start_line":23,"start_character":38,"end_line":24,"end_character":61},"in_reply_to":"e77eb9a2_ba1077fb","updated":"2020-11-25 18:29:36.000000000","message":"\u003e The examples there do not cover some cases.\n\nRight, could you discuss those cases here, in the spec? (not in the comments)\n\n\u003e I went directly to the code\n\nHmm well I don\u0027t really agree that the code being unclear is a reason to change the functionality, it\u0027s a good argument for improving the documentation though.\n\nCan you explain (in the spec, not in a comment) the answer to my second question, why are local users not sufficient?","commit_id":"c0b1e99db2d12a5c900a6b39fdc180783bd0c0de"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"b3c825fb20166661bee5cefd1a2f7a13f21bb25c","unresolved":true,"context_lines":[{"line_number":20,"context_line":"in OpenStack."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"An operator when reading the attribute mapping section and seeing the schema"},{"line_number":23,"context_line":"for the attribute mapping definition, can be led to think that the domain"},{"line_number":24,"context_line":"defined in the mapping will also apply to users and projects. However, that is"},{"line_number":25,"context_line":"not what happens."},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"Proposed Change"}],"source_content_type":"text/x-rst","patch_set":4,"id":"e77eb9a2_ba1077fb","line":24,"range":{"start_line":23,"start_character":38,"end_line":24,"end_character":61},"in_reply_to":"fee40072_2a965e71","updated":"2020-11-25 14:15:09.000000000","message":"The examples there do not cover some cases. Therefore, when I started working with identity federation in Keystone, I went directly to the code, and I checked the schema to understand what I could define as the mapping. Then, I saw that at the root of the `local` rules, we had a domain definition (https://github.com/openstack/keystone/blob/b0b93c03986f3bb40c5a2ec31ee37c83014e197a/keystone/federation/utils.py#L118). I also saw domain options for the `user` and `group` options. Therefore, I thought that those could be used as an override, and this one (https://github.com/openstack/keystone/blob/b0b93c03986f3bb40c5a2ec31ee37c83014e197a/keystone/federation/utils.py#L118) was somehow the default for the mapping rule. I only discovered that this was not the case when I started testing, and then I checked how the mapping was being processed.","commit_id":"c0b1e99db2d12a5c900a6b39fdc180783bd0c0de"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"555eace5fd1557f393abdb68777ed2a3e33da9f2","unresolved":true,"context_lines":[{"line_number":33,"context_line":"validation of the attribute mapping, and also the rule processors used to"},{"line_number":34,"context_line":"process the attributes that come from the IdP. So far, with this patch, we"},{"line_number":35,"context_line":"introduce support to the attribute mapping schema \"1.1\", which enables"},{"line_number":36,"context_line":"operators to also define a domain for the projects they want to assign users."},{"line_number":37,"context_line":"If no domain is defined either in the project or in the global domain"},{"line_number":38,"context_line":"definition for the attribute mapping, we take the IdP domain as the default."},{"line_number":39,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"8d0f9658_f6b23364","line":36,"range":{"start_line":36,"start_character":13,"end_line":36,"end_character":50},"updated":"2020-11-22 22:52:20.000000000","message":"Is this meant to map users to existing local projects, or to auto-provision new projects in the given domain? If the latter, what is to prevent collisions between mapped projects and potential existing local projects?","commit_id":"c0b1e99db2d12a5c900a6b39fdc180783bd0c0de"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"269b46ad1d15f497aea5c6592f978ecd63bfed55","unresolved":false,"context_lines":[{"line_number":33,"context_line":"validation of the attribute mapping, and also the rule processors used to"},{"line_number":34,"context_line":"process the attributes that come from the IdP. So far, with this patch, we"},{"line_number":35,"context_line":"introduce support to the attribute mapping schema \"1.1\", which enables"},{"line_number":36,"context_line":"operators to also define a domain for the projects they want to assign users."},{"line_number":37,"context_line":"If no domain is defined either in the project or in the global domain"},{"line_number":38,"context_line":"definition for the attribute mapping, we take the IdP domain as the default."},{"line_number":39,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"e5d6bca7_ed7c9880","line":36,"range":{"start_line":36,"start_character":13,"end_line":36,"end_character":50},"in_reply_to":"13660a14_b71a8e9d","updated":"2020-11-25 19:02:48.000000000","message":"Done","commit_id":"c0b1e99db2d12a5c900a6b39fdc180783bd0c0de"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"b3c825fb20166661bee5cefd1a2f7a13f21bb25c","unresolved":true,"context_lines":[{"line_number":33,"context_line":"validation of the attribute mapping, and also the rule processors used to"},{"line_number":34,"context_line":"process the attributes that come from the IdP. So far, with this patch, we"},{"line_number":35,"context_line":"introduce support to the attribute mapping schema \"1.1\", which enables"},{"line_number":36,"context_line":"operators to also define a domain for the projects they want to assign users."},{"line_number":37,"context_line":"If no domain is defined either in the project or in the global domain"},{"line_number":38,"context_line":"definition for the attribute mapping, we take the IdP domain as the default."},{"line_number":39,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"13660a14_b71a8e9d","line":36,"range":{"start_line":36,"start_character":13,"end_line":36,"end_character":50},"in_reply_to":"8d0f9658_f6b23364","updated":"2020-11-25 14:15:09.000000000","message":"Both. If the project does not exist, we create it. If it exist we use it. That is already what happens if you define a mapping to an existing project.","commit_id":"c0b1e99db2d12a5c900a6b39fdc180783bd0c0de"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"555eace5fd1557f393abdb68777ed2a3e33da9f2","unresolved":true,"context_lines":[{"line_number":35,"context_line":"introduce support to the attribute mapping schema \"1.1\", which enables"},{"line_number":36,"context_line":"operators to also define a domain for the projects they want to assign users."},{"line_number":37,"context_line":"If no domain is defined either in the project or in the global domain"},{"line_number":38,"context_line":"definition for the attribute mapping, we take the IdP domain as the default."},{"line_number":39,"context_line":""},{"line_number":40,"context_line":"Thus we extended Keystone identity provider (IdP) attribute mapping"},{"line_number":41,"context_line":"schema to make Keystone honor the `domain` configuration that we have on it."}],"source_content_type":"text/x-rst","patch_set":4,"id":"9b0193b6_fc2b66b8","line":38,"range":{"start_line":38,"start_character":38,"end_line":38,"end_character":76},"updated":"2020-11-22 22:52:20.000000000","message":"Since this is already the case for auto-provisioned projects, this would seem to be a backwards compatible change since operators need to provide the domain in order to opt into this behavior, so I wonder why the schema version would be needed?","commit_id":"c0b1e99db2d12a5c900a6b39fdc180783bd0c0de"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"7898fb2edaf82023dad7a00d7518dd590ccb415e","unresolved":false,"context_lines":[{"line_number":35,"context_line":"introduce support to the attribute mapping schema \"1.1\", which enables"},{"line_number":36,"context_line":"operators to also define a domain for the projects they want to assign users."},{"line_number":37,"context_line":"If no domain is defined either in the project or in the global domain"},{"line_number":38,"context_line":"definition for the attribute mapping, we take the IdP domain as the default."},{"line_number":39,"context_line":""},{"line_number":40,"context_line":"Thus we extended Keystone identity provider (IdP) attribute mapping"},{"line_number":41,"context_line":"schema to make Keystone honor the `domain` configuration that we have on it."}],"source_content_type":"text/x-rst","patch_set":4,"id":"24ba18cb_da32a4e6","line":38,"range":{"start_line":38,"start_character":38,"end_line":38,"end_character":76},"in_reply_to":"80db817b_314c8aa7","updated":"2020-12-01 11:53:19.000000000","message":"Yes, we also discussed that already here. However, for now, this need did not show up in PROD. However, to implement it, we would like a mechanism to enable/disable these features. That is why this versioning is important.","commit_id":"c0b1e99db2d12a5c900a6b39fdc180783bd0c0de"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"b3c825fb20166661bee5cefd1a2f7a13f21bb25c","unresolved":true,"context_lines":[{"line_number":35,"context_line":"introduce support to the attribute mapping schema \"1.1\", which enables"},{"line_number":36,"context_line":"operators to also define a domain for the projects they want to assign users."},{"line_number":37,"context_line":"If no domain is defined either in the project or in the global domain"},{"line_number":38,"context_line":"definition for the attribute mapping, we take the IdP domain as the default."},{"line_number":39,"context_line":""},{"line_number":40,"context_line":"Thus we extended Keystone identity provider (IdP) attribute mapping"},{"line_number":41,"context_line":"schema to make Keystone honor the `domain` configuration that we have on it."}],"source_content_type":"text/x-rst","patch_set":4,"id":"d7725a9c_95b7b810","line":38,"range":{"start_line":38,"start_character":38,"end_line":38,"end_character":76},"in_reply_to":"9b0193b6_fc2b66b8","updated":"2020-11-25 14:15:09.000000000","message":"To honor the domain that is defined in the root of the `local` rules, and to use the other domain definition as overrides. \n\nThis proposal here is just providing a simple use case for the use of the attribute mapping schema version.","commit_id":"c0b1e99db2d12a5c900a6b39fdc180783bd0c0de"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"269b46ad1d15f497aea5c6592f978ecd63bfed55","unresolved":true,"context_lines":[{"line_number":35,"context_line":"introduce support to the attribute mapping schema \"1.1\", which enables"},{"line_number":36,"context_line":"operators to also define a domain for the projects they want to assign users."},{"line_number":37,"context_line":"If no domain is defined either in the project or in the global domain"},{"line_number":38,"context_line":"definition for the attribute mapping, we take the IdP domain as the default."},{"line_number":39,"context_line":""},{"line_number":40,"context_line":"Thus we extended Keystone identity provider (IdP) attribute mapping"},{"line_number":41,"context_line":"schema to make Keystone honor the `domain` configuration that we have on it."}],"source_content_type":"text/x-rst","patch_set":4,"id":"c7c42a60_073896e1","line":38,"range":{"start_line":38,"start_character":38,"end_line":38,"end_character":76},"in_reply_to":"bb33fd0d_8dd9f70d","updated":"2020-11-25 19:02:48.000000000","message":"I am not understanding what you mean. The default domain definition in the \"local\" property of the attribute mapping rule was not being used. Therefore, what we are proposing and doing here is to consider it. Therefore, one can, for instance, define a user or a project, without a domain, and then we check if there is a domain in the local section of the mapping rule, if there is, we use it; otherwise, we take the domain of the IdP.","commit_id":"c0b1e99db2d12a5c900a6b39fdc180783bd0c0de"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"554ba332cd17ff1a4a20d83930d0f23df183f7cb","unresolved":true,"context_lines":[{"line_number":35,"context_line":"introduce support to the attribute mapping schema \"1.1\", which enables"},{"line_number":36,"context_line":"operators to also define a domain for the projects they want to assign users."},{"line_number":37,"context_line":"If no domain is defined either in the project or in the global domain"},{"line_number":38,"context_line":"definition for the attribute mapping, we take the IdP domain as the default."},{"line_number":39,"context_line":""},{"line_number":40,"context_line":"Thus we extended Keystone identity provider (IdP) attribute mapping"},{"line_number":41,"context_line":"schema to make Keystone honor the `domain` configuration that we have on it."}],"source_content_type":"text/x-rst","patch_set":4,"id":"80db817b_314c8aa7","line":38,"range":{"start_line":38,"start_character":38,"end_line":38,"end_character":76},"in_reply_to":"c7c42a60_073896e1","updated":"2020-11-30 19:58:50.000000000","message":"\u003e The default domain definition in the \"local\" property of the attribute mapping rule was not being used. \n\nThanks, that was exactly my confusion. I misunderstood what you meant by honoring the domain.\n\n\u003e Therefore, what we are proposing and doing here is to consider it. Therefore, one can, for instance, define a user or a project, without a domain, and then we check if there is a domain in the local section of the mapping rule, if there is, we use it; otherwise, we take the domain of the IdP.\n\nOkay, this explanation makes sense. I would have understood it quicker if there was an example of the JSON mapping and the current vs desired result provided in the spec, this is what I was asking for when I said \"Could you show (in the spec)...\"\n\nPersonally I would expect a domain property like this (if it was working) to mean the same thing as the project property, i.e. a domain should be auto-provisioned and a role assigned on it. But I suppose that\u0027s just one interpretation and as long as the behavior is documented it\u0027s a fine behavior.","commit_id":"c0b1e99db2d12a5c900a6b39fdc180783bd0c0de"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"2891aa75259ecefffd335f0dac124cb253f63b86","unresolved":true,"context_lines":[{"line_number":35,"context_line":"introduce support to the attribute mapping schema \"1.1\", which enables"},{"line_number":36,"context_line":"operators to also define a domain for the projects they want to assign users."},{"line_number":37,"context_line":"If no domain is defined either in the project or in the global domain"},{"line_number":38,"context_line":"definition for the attribute mapping, we take the IdP domain as the default."},{"line_number":39,"context_line":""},{"line_number":40,"context_line":"Thus we extended Keystone identity provider (IdP) attribute mapping"},{"line_number":41,"context_line":"schema to make Keystone honor the `domain` configuration that we have on it."}],"source_content_type":"text/x-rst","patch_set":4,"id":"bb33fd0d_8dd9f70d","line":38,"range":{"start_line":38,"start_character":38,"end_line":38,"end_character":76},"in_reply_to":"d7725a9c_95b7b810","updated":"2020-11-25 18:29:36.000000000","message":"I can\u0027t quite tell what that domain attribute does. It almost looks like it\u0027s just ignored. Could you show (in the spec) how it would continue to be honored?","commit_id":"c0b1e99db2d12a5c900a6b39fdc180783bd0c0de"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"555eace5fd1557f393abdb68777ed2a3e33da9f2","unresolved":true,"context_lines":[{"line_number":48,"context_line":"------------------------"},{"line_number":49,"context_line":"The current schema defined at keystone/federation/utils.py:"},{"line_number":50,"context_line":""},{"line_number":51,"context_line":".. code-block:: python"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"    {"},{"line_number":54,"context_line":"      \"type\": \"object\","}],"source_content_type":"text/x-rst","patch_set":4,"id":"0fda2906_5e88ea87","line":51,"updated":"2020-11-22 22:52:20.000000000","message":"Please do not include python code samples in a spec. Specs are for describing a change in design or a change in the API. Instead of using python snippets, describe the changes to the JSON API that a user would see here https://docs.openstack.org/api-ref/identity/v3-ext/#mappings","commit_id":"c0b1e99db2d12a5c900a6b39fdc180783bd0c0de"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"b3c825fb20166661bee5cefd1a2f7a13f21bb25c","unresolved":true,"context_lines":[{"line_number":48,"context_line":"------------------------"},{"line_number":49,"context_line":"The current schema defined at keystone/federation/utils.py:"},{"line_number":50,"context_line":""},{"line_number":51,"context_line":".. code-block:: python"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"    {"},{"line_number":54,"context_line":"      \"type\": \"object\","}],"source_content_type":"text/x-rst","patch_set":4,"id":"738f5c1b_345c75ac","line":51,"in_reply_to":"0fda2906_5e88ea87","updated":"2020-11-25 14:15:09.000000000","message":"I do not see any problem with this; and I guess others did not see problems here as well. It is not code per se. I am only illustrating the schema, and that we are adding a new property to it.","commit_id":"c0b1e99db2d12a5c900a6b39fdc180783bd0c0de"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"2891aa75259ecefffd335f0dac124cb253f63b86","unresolved":true,"context_lines":[{"line_number":48,"context_line":"------------------------"},{"line_number":49,"context_line":"The current schema defined at keystone/federation/utils.py:"},{"line_number":50,"context_line":""},{"line_number":51,"context_line":".. code-block:: python"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"    {"},{"line_number":54,"context_line":"      \"type\": \"object\","}],"source_content_type":"text/x-rst","patch_set":4,"id":"8c6a22d4_0de12aa2","line":51,"in_reply_to":"738f5c1b_345c75ac","updated":"2020-11-25 18:29:36.000000000","message":"It\u0027s part of the instructions in the template: https://opendev.org/openstack/keystone-specs/src/branch/master/specs/template.rst#user-content-proposed-change \"Address the issue at an architectural level, leaving the implementation details for code review.\"\n\n\u003e I guess others did not see problems here as well\n\nI\u0027ll stop reviewing if you don\u0027t need my feedback.","commit_id":"c0b1e99db2d12a5c900a6b39fdc180783bd0c0de"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"269b46ad1d15f497aea5c6592f978ecd63bfed55","unresolved":false,"context_lines":[{"line_number":48,"context_line":"------------------------"},{"line_number":49,"context_line":"The current schema defined at keystone/federation/utils.py:"},{"line_number":50,"context_line":""},{"line_number":51,"context_line":".. code-block:: python"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"    {"},{"line_number":54,"context_line":"      \"type\": \"object\","}],"source_content_type":"text/x-rst","patch_set":4,"id":"81a4eeb9_5f01cb8e","line":51,"in_reply_to":"8c6a22d4_0de12aa2","updated":"2020-11-25 19:02:48.000000000","message":"All right I will remove it.","commit_id":"c0b1e99db2d12a5c900a6b39fdc180783bd0c0de"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"555eace5fd1557f393abdb68777ed2a3e33da9f2","unresolved":true,"context_lines":[{"line_number":110,"context_line":""},{"line_number":111,"context_line":"API impacts"},{"line_number":112,"context_line":"-----------"},{"line_number":113,"context_line":"None"},{"line_number":114,"context_line":""},{"line_number":115,"context_line":""},{"line_number":116,"context_line":"Assignee(s)"}],"source_content_type":"text/x-rst","patch_set":4,"id":"fffc6b78_2f5453ca","line":113,"range":{"start_line":113,"start_character":0,"end_line":113,"end_character":4},"updated":"2020-11-22 22:52:20.000000000","message":"This is wrong, this spec is specifically about the API.","commit_id":"c0b1e99db2d12a5c900a6b39fdc180783bd0c0de"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"2891aa75259ecefffd335f0dac124cb253f63b86","unresolved":true,"context_lines":[{"line_number":110,"context_line":""},{"line_number":111,"context_line":"API impacts"},{"line_number":112,"context_line":"-----------"},{"line_number":113,"context_line":"None"},{"line_number":114,"context_line":""},{"line_number":115,"context_line":""},{"line_number":116,"context_line":"Assignee(s)"}],"source_content_type":"text/x-rst","patch_set":4,"id":"cac70764_f1a118e5","line":113,"range":{"start_line":113,"start_character":0,"end_line":113,"end_character":4},"in_reply_to":"74c5c47a_01391835","updated":"2020-11-25 18:29:36.000000000","message":"It\u0027s the schema version and the way the domains will be handled.","commit_id":"c0b1e99db2d12a5c900a6b39fdc180783bd0c0de"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"269b46ad1d15f497aea5c6592f978ecd63bfed55","unresolved":false,"context_lines":[{"line_number":110,"context_line":""},{"line_number":111,"context_line":"API impacts"},{"line_number":112,"context_line":"-----------"},{"line_number":113,"context_line":"None"},{"line_number":114,"context_line":""},{"line_number":115,"context_line":""},{"line_number":116,"context_line":"Assignee(s)"}],"source_content_type":"text/x-rst","patch_set":4,"id":"e40c1ef0_9f00cd7f","line":113,"range":{"start_line":113,"start_character":0,"end_line":113,"end_character":4},"in_reply_to":"cac70764_f1a118e5","updated":"2020-11-25 19:02:48.000000000","message":"Done","commit_id":"c0b1e99db2d12a5c900a6b39fdc180783bd0c0de"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"b3c825fb20166661bee5cefd1a2f7a13f21bb25c","unresolved":true,"context_lines":[{"line_number":110,"context_line":""},{"line_number":111,"context_line":"API impacts"},{"line_number":112,"context_line":"-----------"},{"line_number":113,"context_line":"None"},{"line_number":114,"context_line":""},{"line_number":115,"context_line":""},{"line_number":116,"context_line":"Assignee(s)"}],"source_content_type":"text/x-rst","patch_set":4,"id":"74c5c47a_01391835","line":113,"range":{"start_line":113,"start_character":0,"end_line":113,"end_character":4},"in_reply_to":"fffc6b78_2f5453ca","updated":"2020-11-25 14:15:09.000000000","message":"Maybe it is because English is my second language, but I see an impact as a negative effect. For instance, if we were breaking somehow the API. However, that is not the case here. We add a new option, but it has a default, which maintains the compatibility with everything that has been using the API so far.\n\nWould you like me to explicitly state here that the API now will accept a new parameter, which is the schema version?","commit_id":"c0b1e99db2d12a5c900a6b39fdc180783bd0c0de"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"2891aa75259ecefffd335f0dac124cb253f63b86","unresolved":true,"context_lines":[{"line_number":10,"context_line":"and adds a versioning method to the attribute mapping schema used by identity"},{"line_number":11,"context_line":"federation deployments."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"bug #1887515"},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"This specification implements an alternative solution for the versioned"},{"line_number":16,"context_line":"mappings that were proposed in [1]_."}],"source_content_type":"text/x-rst","patch_set":6,"id":"a4bd3f3c_8441a947","line":13,"updated":"2020-11-25 18:29:36.000000000","message":"Please use RST to create a link to the bug, the example is in the template","commit_id":"80d5f75206ea9e966697846cb7ed13a621d1a362"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"269b46ad1d15f497aea5c6592f978ecd63bfed55","unresolved":false,"context_lines":[{"line_number":10,"context_line":"and adds a versioning method to the attribute mapping schema used by identity"},{"line_number":11,"context_line":"federation deployments."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"bug #1887515"},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"This specification implements an alternative solution for the versioned"},{"line_number":16,"context_line":"mappings that were proposed in [1]_."}],"source_content_type":"text/x-rst","patch_set":6,"id":"216be01d_da881c63","line":13,"in_reply_to":"a4bd3f3c_8441a947","updated":"2020-11-25 19:02:48.000000000","message":"Done","commit_id":"80d5f75206ea9e966697846cb7ed13a621d1a362"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"2891aa75259ecefffd335f0dac124cb253f63b86","unresolved":true,"context_lines":[{"line_number":13,"context_line":"bug #1887515"},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"This specification implements an alternative solution for the versioned"},{"line_number":16,"context_line":"mappings that were proposed in [1]_."},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"Problem Description"},{"line_number":19,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":6,"id":"f8c3a2c4_7cecd612","line":16,"range":{"start_line":16,"start_character":31,"end_line":16,"end_character":35},"updated":"2020-11-25 18:29:36.000000000","message":"Since the spec is being removed in this change this link will stop working. Maybe use a permalink to the opendev.org source code?","commit_id":"80d5f75206ea9e966697846cb7ed13a621d1a362"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"269b46ad1d15f497aea5c6592f978ecd63bfed55","unresolved":false,"context_lines":[{"line_number":13,"context_line":"bug #1887515"},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"This specification implements an alternative solution for the versioned"},{"line_number":16,"context_line":"mappings that were proposed in [1]_."},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"Problem Description"},{"line_number":19,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":6,"id":"5544cfac_80bd7a7a","line":16,"range":{"start_line":16,"start_character":31,"end_line":16,"end_character":35},"in_reply_to":"f8c3a2c4_7cecd612","updated":"2020-11-25 19:02:48.000000000","message":"Done","commit_id":"80d5f75206ea9e966697846cb7ed13a621d1a362"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"554ba332cd17ff1a4a20d83930d0f23df183f7cb","unresolved":true,"context_lines":[{"line_number":72,"context_line":"new property will be a String that holds the mapping rule schema version."},{"line_number":73,"context_line":""},{"line_number":74,"context_line":"The mapping rule schema version is then used to define the processor that we"},{"line_number":75,"context_line":"take to process the attribute mapping rules JSON."},{"line_number":76,"context_line":""},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"Validations"}],"source_content_type":"text/x-rst","patch_set":7,"id":"4ec3ade4_ac5dda7e","line":75,"updated":"2020-11-30 19:58:50.000000000","message":"I apologize, I wasn\u0027t clear when I said the implementation detail should be removed. I was hoping that the user-facing API would be provided here instead, for example a code-block:: json sample of what a user would see on https://docs.openstack.org/api-ref/identity/v3-ext/?expanded\u003dcreate-a-mapping-detail#mappings","commit_id":"66439ee390ea3811354059ea5fc4078214788fb4"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"7898fb2edaf82023dad7a00d7518dd590ccb415e","unresolved":true,"context_lines":[{"line_number":72,"context_line":"new property will be a String that holds the mapping rule schema version."},{"line_number":73,"context_line":""},{"line_number":74,"context_line":"The mapping rule schema version is then used to define the processor that we"},{"line_number":75,"context_line":"take to process the attribute mapping rules JSON."},{"line_number":76,"context_line":""},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"Validations"}],"source_content_type":"text/x-rst","patch_set":7,"id":"c4938cbc_b49b2168","line":75,"in_reply_to":"4ec3ade4_ac5dda7e","updated":"2020-12-01 11:53:19.000000000","message":"I see. Now I see what you wanted. I did not understand that because the domain was already part of the API, but it was not been processed/used as proposed here. What I did now to clarify this is to show a JSON example of the mapping. I guess this would clarify the goal of this proposal.","commit_id":"66439ee390ea3811354059ea5fc4078214788fb4"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"ed87cfcd3a643c71a8b0c90b1261e2acb95db267","unresolved":false,"context_lines":[{"line_number":72,"context_line":"new property will be a String that holds the mapping rule schema version."},{"line_number":73,"context_line":""},{"line_number":74,"context_line":"The mapping rule schema version is then used to define the processor that we"},{"line_number":75,"context_line":"take to process the attribute mapping rules JSON."},{"line_number":76,"context_line":""},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"Validations"}],"source_content_type":"text/x-rst","patch_set":7,"id":"55f7e9bc_48040655","line":75,"in_reply_to":"c4938cbc_b49b2168","updated":"2022-07-01 19:58:32.000000000","message":"Done","commit_id":"66439ee390ea3811354059ea5fc4078214788fb4"}],"specs/keystone/z/versioning-for-attribute-mapping-schema.rst":[{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"f605056accac694512aacc2f588fdad6bfacf008","unresolved":true,"context_lines":[{"line_number":4,"context_line":" http://creativecommons.org/licenses/by/3.0/legalcode"},{"line_number":5,"context_line":""},{"line_number":6,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":7,"context_line":"Keystone to honor the \"domain\" attribute mapping rules"},{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":"This spec makes Keystone to honor the \"domain\" attribute mapping rules,"},{"line_number":10,"context_line":"and adds a versioning method to the attribute mapping schema used by identity"}],"source_content_type":"text/x-rst","patch_set":10,"id":"8f67288f_9ee6a4b5","line":7,"range":{"start_line":7,"start_character":0,"end_line":7,"end_character":54},"updated":"2022-07-01 14:59:36.000000000","message":"Please update the title to match.","commit_id":"9d1efea8013ba1c240af7de2e25ccfcdffd0549c"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"ed87cfcd3a643c71a8b0c90b1261e2acb95db267","unresolved":false,"context_lines":[{"line_number":4,"context_line":" http://creativecommons.org/licenses/by/3.0/legalcode"},{"line_number":5,"context_line":""},{"line_number":6,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":7,"context_line":"Keystone to honor the \"domain\" attribute mapping rules"},{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":"This spec makes Keystone to honor the \"domain\" attribute mapping rules,"},{"line_number":10,"context_line":"and adds a versioning method to the attribute mapping schema used by identity"}],"source_content_type":"text/x-rst","patch_set":10,"id":"5c441f4e_1fabc404","line":7,"range":{"start_line":7,"start_character":0,"end_line":7,"end_character":54},"in_reply_to":"8f67288f_9ee6a4b5","updated":"2022-07-01 19:58:32.000000000","message":"Done","commit_id":"9d1efea8013ba1c240af7de2e25ccfcdffd0549c"}]}