)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"d0064ea563eab186c1d9f397918d3d4a8f0ccce7","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"4f3a4641_62482eab","updated":"2023-02-10 11:58:07.000000000","message":"Removed test cases for domain-scoped tokens\nRemoved credential_id, following the latest updates of https://review.opendev.org/c/openstack/keystone/+/860613 ","commit_id":"6379743ca740ee2538c0ec0bc01fdbef2f186e42"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"9957e63ba0eaf7950cb13235c662935a60141388","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"ad83569e_97529b60","updated":"2023-02-17 11:18:19.000000000","message":"The Zuul error was solved in https://review.opendev.org/c/openstack/keystonemiddleware/+/873382.","commit_id":"6379743ca740ee2538c0ec0bc01fdbef2f186e42"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"d4e000de395481c571b7f59d722949fdee80df77","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"004fe75e_6ee7b94f","updated":"2023-02-10 13:44:57.000000000","message":"recheck","commit_id":"6379743ca740ee2538c0ec0bc01fdbef2f186e42"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"4ee8d6d6ac7b9b0fef969d5ea9cd280704c67022","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"6cb396fe_23435660","updated":"2023-02-10 15:39:27.000000000","message":"recheck","commit_id":"6379743ca740ee2538c0ec0bc01fdbef2f186e42"},{"author":{"_account_id":7414,"name":"David Wilde","email":"dwilde@redhat.com","username":"d34dh0r53"},"change_message_id":"7184ffdcadb206c5da90f317efbd6ebc1d3afb98","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"f162716c_986dc018","updated":"2023-02-24 14:53:04.000000000","message":"recheck - issue fixed","commit_id":"6379743ca740ee2538c0ec0bc01fdbef2f186e42"},{"author":{"_account_id":7414,"name":"David Wilde","email":"dwilde@redhat.com","username":"d34dh0r53"},"change_message_id":"4dce039ab6d6766fab72c1af666503055257b8ec","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"f93dc85a_40728470","updated":"2023-03-03 15:17:57.000000000","message":"LGTM","commit_id":"a59020fdab670314ac1ab3d0b77e89b352d7cf27"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"5c1709bb300512094faf9ea98ee7d131dc5c9dfd","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"1675ad3d_bb5a6bd8","updated":"2023-03-03 02:20:44.000000000","message":"Thank you for your comments.\nI removed dependency on OpenSSL.","commit_id":"a59020fdab670314ac1ab3d0b77e89b352d7cf27"},{"author":{"_account_id":14250,"name":"Grzegorz Grasza","email":"xek@redhat.com","username":"xek"},"change_message_id":"f819d4d18ba2652d342abbbd5d9e41eacf22aad2","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"d18ce1bd_ec56a549","updated":"2023-03-03 20:24:30.000000000","message":"recheck","commit_id":"a59020fdab670314ac1ab3d0b77e89b352d7cf27"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"297ab8f468f626a765106736810427a77986fe45","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"6f3e9ace_a4d3a988","updated":"2023-03-03 12:58:35.000000000","message":"recheck, unrelated error [ERROR] /opt/stack/devstack/functions-common:2378 Neutron did not start","commit_id":"a59020fdab670314ac1ab3d0b77e89b352d7cf27"}],"keystonemiddleware/oauth2_mtls_token.py":[{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"c905e43d713c4f370dd500bfa31ed500f5dba3f3","unresolved":true,"context_lines":[{"line_number":91,"context_line":"                access_token, allow_expired\u003dFalse)"},{"line_number":92,"context_line":"            self._validate_token(user_auth_ref, allow_expired\u003dFalse)"},{"line_number":93,"context_line":"            token \u003d token_data.get(\u0027token\u0027)"},{"line_number":94,"context_line":"            oauth2_cred \u003d token.get(\u0027oauth2_credential\u0027)"},{"line_number":95,"context_line":"            if not oauth2_cred:"},{"line_number":96,"context_line":"                self.log.info("},{"line_number":97,"context_line":"                    \u0027Invalid OAuth2.0 certificate-bound access token: \u0027"},{"line_number":98,"context_line":"                    \u0027The token is not an OAuth2.0 credential access token.\u0027)"},{"line_number":99,"context_line":"                return False"},{"line_number":100,"context_line":""},{"line_number":101,"context_line":"            token_thumb \u003d oauth2_cred.get(\"x5t#S256\")"},{"line_number":102,"context_line":"            if self._confirm_certificate_thumbprint(token_thumb, peer_cert):"}],"source_content_type":"text/x-python","patch_set":3,"id":"de24ad49_e08cdb57","line":99,"range":{"start_line":94,"start_character":0,"end_line":99,"end_character":28},"updated":"2023-01-13 15:52:01.000000000","message":"May be it\u0027s not necessary. If there\u0027s a thumbprint, the token must be a mTLS OAuth2.0 one.","commit_id":"5b23a88d2832f8c39991e834ee30c415ea885803"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"d0064ea563eab186c1d9f397918d3d4a8f0ccce7","unresolved":false,"context_lines":[{"line_number":91,"context_line":"                access_token, allow_expired\u003dFalse)"},{"line_number":92,"context_line":"            self._validate_token(user_auth_ref, allow_expired\u003dFalse)"},{"line_number":93,"context_line":"            token \u003d token_data.get(\u0027token\u0027)"},{"line_number":94,"context_line":"            oauth2_cred \u003d token.get(\u0027oauth2_credential\u0027)"},{"line_number":95,"context_line":"            if not oauth2_cred:"},{"line_number":96,"context_line":"                self.log.info("},{"line_number":97,"context_line":"                    \u0027Invalid OAuth2.0 certificate-bound access token: \u0027"},{"line_number":98,"context_line":"                    \u0027The token is not an OAuth2.0 credential access token.\u0027)"},{"line_number":99,"context_line":"                return False"},{"line_number":100,"context_line":""},{"line_number":101,"context_line":"            token_thumb \u003d oauth2_cred.get(\"x5t#S256\")"},{"line_number":102,"context_line":"            if self._confirm_certificate_thumbprint(token_thumb, peer_cert):"}],"source_content_type":"text/x-python","patch_set":3,"id":"f916c3c9_84a3c61f","line":99,"range":{"start_line":94,"start_character":0,"end_line":99,"end_character":28},"in_reply_to":"de24ad49_e08cdb57","updated":"2023-02-10 11:58:07.000000000","message":"Done","commit_id":"5b23a88d2832f8c39991e834ee30c415ea885803"},{"author":{"_account_id":34634,"name":"Yonggen Sun","email":"sunyonggen@fujitsu.com","username":"sunyonggen"},"change_message_id":"9a316fb6a9727268fbbbb39847306f45d48c3a51","unresolved":true,"context_lines":[{"line_number":90,"context_line":"                access_token, allow_expired\u003dFalse)"},{"line_number":91,"context_line":"            self._validate_token(user_auth_ref, allow_expired\u003dFalse)"},{"line_number":92,"context_line":"            token \u003d token_data.get(\u0027token\u0027)"},{"line_number":93,"context_line":"            oauth2_cred \u003d token.get(\u0027oauth2_credential\u0027)"},{"line_number":94,"context_line":"            if not oauth2_cred:"},{"line_number":95,"context_line":"                self.log.info("},{"line_number":96,"context_line":"                    \u0027Invalid OAuth2.0 certificate-bound access token: \u0027"}],"source_content_type":"text/x-python","patch_set":4,"id":"350a81d1_fb149454","line":93,"range":{"start_line":93,"start_character":0,"end_line":93,"end_character":12},"updated":"2023-02-13 04:58:06.000000000","message":"line94- line111.\nThis code may need to be modified according to the following example. Because Keystone can support tls_client_auth，client_secret_basic two methods at the same time, if this place is not modified, the token obtained through the client_secret_basic cannot be authenticated.\n\nexample code:\n            if oauth2_cred:\n                token_thumb \u003d oauth2_cred.get(\"x5t#S256\")\n                if not self._confirm_certificate_thumbprint(\n                        token_thumb, peer_cert):\n                    self.log.info(\n                        \u0027Invalid OAuth2.0 certificate-bound access token: \u0027\n                        \u0027the access token dose not match the client \u0027\n                        \u0027certificate.\u0027)\n                    return False\n            self._confirm_token_bind(user_auth_ref, request)\n            request.token_info \u003d token_data\n            request.token_auth \u003d _user_plugin.UserAuthPlugin(\n                user_auth_ref, None)\n            return True","commit_id":"6379743ca740ee2538c0ec0bc01fdbef2f186e42"},{"author":{"_account_id":34634,"name":"Yonggen Sun","email":"sunyonggen@fujitsu.com","username":"sunyonggen"},"change_message_id":"010d10130286b5815704c66c5868cbd6722c0e60","unresolved":false,"context_lines":[{"line_number":90,"context_line":"                access_token, allow_expired\u003dFalse)"},{"line_number":91,"context_line":"            self._validate_token(user_auth_ref, allow_expired\u003dFalse)"},{"line_number":92,"context_line":"            token \u003d token_data.get(\u0027token\u0027)"},{"line_number":93,"context_line":"            oauth2_cred \u003d token.get(\u0027oauth2_credential\u0027)"},{"line_number":94,"context_line":"            if not oauth2_cred:"},{"line_number":95,"context_line":"                self.log.info("},{"line_number":96,"context_line":"                    \u0027Invalid OAuth2.0 certificate-bound access token: \u0027"}],"source_content_type":"text/x-python","patch_set":4,"id":"1563b499_2a299bcd","line":93,"range":{"start_line":93,"start_character":0,"end_line":93,"end_character":12},"in_reply_to":"0ebb1653_aa6d9ba9","updated":"2023-02-14 01:52:25.000000000","message":"I see.","commit_id":"6379743ca740ee2538c0ec0bc01fdbef2f186e42"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"2e18f2cb576502cfcd56a3d35c53908a1a7a3a7a","unresolved":true,"context_lines":[{"line_number":90,"context_line":"                access_token, allow_expired\u003dFalse)"},{"line_number":91,"context_line":"            self._validate_token(user_auth_ref, allow_expired\u003dFalse)"},{"line_number":92,"context_line":"            token \u003d token_data.get(\u0027token\u0027)"},{"line_number":93,"context_line":"            oauth2_cred \u003d token.get(\u0027oauth2_credential\u0027)"},{"line_number":94,"context_line":"            if not oauth2_cred:"},{"line_number":95,"context_line":"                self.log.info("},{"line_number":96,"context_line":"                    \u0027Invalid OAuth2.0 certificate-bound access token: \u0027"}],"source_content_type":"text/x-python","patch_set":4,"id":"0ebb1653_aa6d9ba9","line":93,"range":{"start_line":93,"start_character":0,"end_line":93,"end_character":12},"in_reply_to":"350a81d1_fb149454","updated":"2023-02-14 01:45:11.000000000","message":"I thought `client_secret_basic` should be handled by OAuth2Protocol [1] as Keystone middleware is not originally designed to support `tls_client_auth` and `client_secret_basic` at the same time. \n\nIf we support `client_secret_basic` by this patch, we need to:\n- consider the deprecation of OAuth2Protocol\n- add config for auth method like we did in https://review.opendev.org/c/openstack/keystone/+/860613\n- change the codes to safely fallback from `tls_client_auth` to `client_secret_basic` according to the config and token format\n\nI feel it\u0027s too heavy for this patch. Any idea?\n\n[1] https://github.com/openstack/keystonemiddleware/blob/master/keystonemiddleware/oauth2_token.py","commit_id":"6379743ca740ee2538c0ec0bc01fdbef2f186e42"}],"test-requirements.txt":[{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"e30674af34f8632753b9b181a081035c1d2af026","unresolved":true,"context_lines":[{"line_number":19,"context_line":"python-memcached\u003e\u003d1.59 # PSF"},{"line_number":20,"context_line":"WebTest\u003e\u003d2.0.27 # MIT"},{"line_number":21,"context_line":"oslo.messaging\u003e\u003d5.29.0 # Apache-2.0"},{"line_number":22,"context_line":"pyOpenSSL\u003e\u003d22.0.0 # Apache-2.0"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"# Bandit security code scanner"},{"line_number":25,"context_line":"bandit!\u003d1.6.0,\u003e\u003d1.1.0 # Apache-2.0"}],"source_content_type":"text/plain","patch_set":4,"id":"17fbe5a3_8e45277a","line":22,"range":{"start_line":22,"start_character":0,"end_line":22,"end_character":30},"updated":"2023-02-28 20:56:39.000000000","message":"We should use cryptography.io for any and all cryptography work.  I would prefer not to add a new cryptography dependency even if it is just for testing.","commit_id":"6379743ca740ee2538c0ec0bc01fdbef2f186e42"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"5c1709bb300512094faf9ea98ee7d131dc5c9dfd","unresolved":true,"context_lines":[{"line_number":19,"context_line":"python-memcached\u003e\u003d1.59 # PSF"},{"line_number":20,"context_line":"WebTest\u003e\u003d2.0.27 # MIT"},{"line_number":21,"context_line":"oslo.messaging\u003e\u003d5.29.0 # Apache-2.0"},{"line_number":22,"context_line":"pyOpenSSL\u003e\u003d22.0.0 # Apache-2.0"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"# Bandit security code scanner"},{"line_number":25,"context_line":"bandit!\u003d1.6.0,\u003e\u003d1.1.0 # Apache-2.0"}],"source_content_type":"text/plain","patch_set":4,"id":"bee620b4_25d22508","line":22,"range":{"start_line":22,"start_character":0,"end_line":22,"end_character":30},"in_reply_to":"17fbe5a3_8e45277a","updated":"2023-03-03 02:20:44.000000000","message":"Fixed in PS5","commit_id":"6379743ca740ee2538c0ec0bc01fdbef2f186e42"}]}