)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":4,"name":"Dolph Mathews","email":"dolph.mathews@gmail.com","username":"dolph"},"change_message_id":"e1202525618b2bc03980aa7246564e8d9070ae94","unresolved":false,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"AE Tokens"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Base implementation for Authenticated Encrypted tokens."},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"Change-Id: Ibca4b1765d06f239df113aa3ec367e60de61a225"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"da86d52c_7e826201","line":9,"updated":"2015-02-10 17:33:36.000000000","message":"authenticated encryption tokens?","commit_id":"8fff2ca452c5b6affd3e5d4bdd06e56fb2a39f37"},{"author":{"_account_id":9234,"name":"Steve Heyman","email":"steve@heyman.com","username":"hockeynut"},"change_message_id":"93a29b11e02f5e902a3b5ff500a39fa0f3a2ee5f","unresolved":false,"context_lines":[{"line_number":12,"context_line":"This patch also introduces a new dependency on python-keyczar."},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"Change-Id: Ibca4b1765d06f239df113aa3ec367e60de61a225"},{"line_number":15,"context_line":"Implements: bp ae-tokens"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":10,"id":"da86d52c_816df7ce","line":15,"updated":"2015-02-16 20:29:38.000000000","message":"link to blueprint doesn\u0027t work.","commit_id":"d5f880d6532253dbcf603a40350034fadf1b6daf"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"61b4a7affcde3655dc4828217eea45eceddc53b0","unresolved":false,"context_lines":[{"line_number":12,"context_line":"This patch also introduces a new dependency on python-keyczar."},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"Change-Id: Ibca4b1765d06f239df113aa3ec367e60de61a225"},{"line_number":15,"context_line":"Implements: bp ae-tokens"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":10,"id":"da86d52c_75da6618","line":15,"in_reply_to":"da86d52c_816df7ce","updated":"2015-02-17 15:17:35.000000000","message":"Good catch, will update. If the spec is accepted for SPFE the blueprint will be created in Launchpad.","commit_id":"d5f880d6532253dbcf603a40350034fadf1b6daf"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"3a6af43c91b3e0c17a8ca3691acfb0b25aa398ba","unresolved":false,"context_lines":[{"line_number":12,"context_line":"Co-Authored-By: Dolph Mathews \u003cdolph.mathews@gmail.com\u003e"},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"Change-Id: Ibca4b1765d06f239df113aa3ec367e60de61a225"},{"line_number":15,"context_line":"Implements: bp klw-tokens"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":22,"id":"ba7be1f8_98e1cf9c","line":15,"updated":"2015-02-24 07:40:42.000000000","message":"register a blueprint and target it to k3","commit_id":"431330194f0bd1d1bcbf4361ec1a9705b8c6e13f"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"d3c3e6b451eadb9c9faa36c4a950b3412b8a7171","unresolved":false,"context_lines":[{"line_number":12,"context_line":"Co-Authored-By: Dolph Mathews \u003cdolph.mathews@gmail.com\u003e"},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"Change-Id: Ibca4b1765d06f239df113aa3ec367e60de61a225"},{"line_number":15,"context_line":"Implements: bp klw-tokens"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":22,"id":"ba7be1f8_d5805bc2","line":15,"in_reply_to":"ba7be1f8_98e1cf9c","updated":"2015-02-24 15:44:02.000000000","message":"Done","commit_id":"431330194f0bd1d1bcbf4361ec1a9705b8c6e13f"},{"author":{"_account_id":1916,"name":"Guang Yee","email":"gyee@suse.com","username":"guang-yee"},"change_message_id":"e793e5419758b24c37944617852539b96e20b1f6","unresolved":false,"context_lines":[{"line_number":12,"context_line":"Co-Authored-By: Dolph Mathews \u003cdolph.mathews@gmail.com\u003e"},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"Change-Id: Ibca4b1765d06f239df113aa3ec367e60de61a225"},{"line_number":15,"context_line":"Implements: bp klw-tokens"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":33,"id":"ba7be1f8_58466dc1","line":15,"updated":"2015-03-02 20:28:05.000000000","message":"SecurityImpact? Do we need the OSS dudes to chime in? Especially on fernet.\nDocImpact as well since we are adding stuff to configuration?","commit_id":"93e17709ac0bc913a5243634d0b064947e344cce"}],"doc/source/configuration.rst":[{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"9d7f5760cf26456d9436c1ce91dead6bbf510954","unresolved":false,"context_lines":[{"line_number":429,"context_line":"PKIZ tokens would otherwise exceed). Both PKI and PKIZ tokens require signing"},{"line_number":430,"context_line":"certificates which may be created using ``keystone-manage pki_setup`` for"},{"line_number":431,"context_line":"demonstration purposes (this is not recommended for production deployments: use"},{"line_number":432,"context_line":"certificates issued by an trusted CA instead)."},{"line_number":433,"context_line":""},{"line_number":434,"context_line":"KLWT tokens contain a limited amount of identity and authorization data in a"},{"line_number":435,"context_line":"`MessagePacked \u003chttp://msgpack.org/\u003e`_ payload. The payload is then wrapped as"}],"source_content_type":"text/x-rst","patch_set":31,"id":"ba7be1f8_dbed13b9","line":432,"updated":"2015-03-02 11:27:39.000000000","message":"(nit) \u0027a\u0027 or \u0027an\u0027 ?","commit_id":"a605e2e4c41636bbd02f75db061b31e6d8177f73"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"e49689ab3f41c2ba8f289870e16a8fc26afbb96e","unresolved":false,"context_lines":[{"line_number":429,"context_line":"PKIZ tokens would otherwise exceed). Both PKI and PKIZ tokens require signing"},{"line_number":430,"context_line":"certificates which may be created using ``keystone-manage pki_setup`` for"},{"line_number":431,"context_line":"demonstration purposes (this is not recommended for production deployments: use"},{"line_number":432,"context_line":"certificates issued by an trusted CA instead)."},{"line_number":433,"context_line":""},{"line_number":434,"context_line":"KLWT tokens contain a limited amount of identity and authorization data in a"},{"line_number":435,"context_line":"`MessagePacked \u003chttp://msgpack.org/\u003e`_ payload. The payload is then wrapped as"}],"source_content_type":"text/x-rst","patch_set":31,"id":"ba7be1f8_72627ad9","line":432,"in_reply_to":"ba7be1f8_dbed13b9","updated":"2015-03-02 16:22:34.000000000","message":"Done","commit_id":"a605e2e4c41636bbd02f75db061b31e6d8177f73"},{"author":{"_account_id":1916,"name":"Guang Yee","email":"gyee@suse.com","username":"guang-yee"},"change_message_id":"e793e5419758b24c37944617852539b96e20b1f6","unresolved":false,"context_lines":[{"line_number":739,"context_line":"  time. This key will become the *primary* during the *next* key rotation. This"},{"line_number":740,"context_line":"  key is only used to validate tokens and serves to avoid race conditions in"},{"line_number":741,"context_line":"  multi-node deployments (all nodes should recognize all *primary* keys in the"},{"line_number":742,"context_line":"  deployment at all times)."},{"line_number":743,"context_line":""},{"line_number":744,"context_line":"* **Primary key**: In a key rotation, the old *staged* key is promoted to be"},{"line_number":745,"context_line":"  the *primary*. Only one key is considered to be the *primary* key at any"}],"source_content_type":"text/x-rst","patch_set":33,"id":"ba7be1f8_5b48275c","line":742,"updated":"2015-03-02 20:28:05.000000000","message":"The description still not quite clear. Are we saying for a multi-node deployment, some nodes may have already promoted the stage key while the others are in the process of promoting. In that case, the secondary keys only need to stick around till the last token issued by the last promoted staged key had expired.\n\nAlso, it would be nice to know whether if we are in the middle of a key rotation so we can lock down any new staged key generation, in case someone fat-fingered the thing and ended up generating staged keys multiple times at a node. Unleashing the chaos monkey.","commit_id":"93e17709ac0bc913a5243634d0b064947e344cce"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"b6ad1cff5cbbc9cc5c41dcdef84d8ef2fdefa605","unresolved":false,"context_lines":[{"line_number":739,"context_line":"  time. This key will become the *primary* during the *next* key rotation. This"},{"line_number":740,"context_line":"  key is only used to validate tokens and serves to avoid race conditions in"},{"line_number":741,"context_line":"  multi-node deployments (all nodes should recognize all *primary* keys in the"},{"line_number":742,"context_line":"  deployment at all times)."},{"line_number":743,"context_line":""},{"line_number":744,"context_line":"* **Primary key**: In a key rotation, the old *staged* key is promoted to be"},{"line_number":745,"context_line":"  the *primary*. Only one key is considered to be the *primary* key at any"}],"source_content_type":"text/x-rst","patch_set":33,"id":"ba7be1f8_2cb09b42","line":742,"in_reply_to":"ba7be1f8_5b48275c","updated":"2015-03-02 21:26:56.000000000","message":"Done","commit_id":"93e17709ac0bc913a5243634d0b064947e344cce"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"37f2cc475a4f953b39d868804ffbe74ccd39dcf0","unresolved":false,"context_lines":[{"line_number":741,"context_line":"  multi-node deployments (all nodes should recognize all *primary* keys in the"},{"line_number":742,"context_line":"  deployment at all times). In a multi-node Keystone deployment this would"},{"line_number":743,"context_line":"  allow for the *staged* key to be replicated to all Keystone nodes before"},{"line_number":744,"context_line":"  being promoted to *primary* on a sinlge node. This prevents the case where a"},{"line_number":745,"context_line":"  *primary* key is created on one Keystone node and tokens encryted/signed with"},{"line_number":746,"context_line":"  that new *primary* are rejected on another Keystone node because the new"},{"line_number":747,"context_line":"  *primary* doesn\u0027t exist there yet."}],"source_content_type":"text/x-rst","patch_set":34,"id":"ba7be1f8_520ac426","line":744,"updated":"2015-03-02 22:14:12.000000000","message":"so close! *single","commit_id":"215323a7fb05c51f27965f1f0d7bf9c060923f9a"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"f7f26fe459437d024ff28374d4ce78fc6c7153c2","unresolved":false,"context_lines":[{"line_number":741,"context_line":"  multi-node deployments (all nodes should recognize all *primary* keys in the"},{"line_number":742,"context_line":"  deployment at all times). In a multi-node Keystone deployment this would"},{"line_number":743,"context_line":"  allow for the *staged* key to be replicated to all Keystone nodes before"},{"line_number":744,"context_line":"  being promoted to *primary* on a sinlge node. This prevents the case where a"},{"line_number":745,"context_line":"  *primary* key is created on one Keystone node and tokens encryted/signed with"},{"line_number":746,"context_line":"  that new *primary* are rejected on another Keystone node because the new"},{"line_number":747,"context_line":"  *primary* doesn\u0027t exist there yet."}],"source_content_type":"text/x-rst","patch_set":34,"id":"ba7be1f8_cd88d973","line":744,"in_reply_to":"ba7be1f8_520ac426","updated":"2015-03-02 22:15:55.000000000","message":"Done, I\u0027m on the struggle bus today","commit_id":"215323a7fb05c51f27965f1f0d7bf9c060923f9a"}],"etc/keystone.conf.sample":[{"author":{"_account_id":4,"name":"Dolph Mathews","email":"dolph.mathews@gmail.com","username":"dolph"},"change_message_id":"e1202525618b2bc03980aa7246564e8d9070ae94","unresolved":false,"context_lines":[{"line_number":418,"context_line":"# From keystone"},{"line_number":419,"context_line":"#"},{"line_number":420,"context_line":""},{"line_number":421,"context_line":"# Location for AE token signing keys. (string value)"},{"line_number":422,"context_line":"#key_repository \u003d /etc/keystone/keys"},{"line_number":423,"context_line":""},{"line_number":424,"context_line":""}],"source_content_type":"application/octet-stream","patch_set":2,"id":"da86d52c_9e855609","line":421,"updated":"2015-02-10 17:33:36.000000000","message":"specify that this is a directory","commit_id":"8fff2ca452c5b6affd3e5d4bdd06e56fb2a39f37"},{"author":{"_account_id":1916,"name":"Guang Yee","email":"gyee@suse.com","username":"guang-yee"},"change_message_id":"0a49f1f524f2a14ad408d36ec193ceb7c8595855","unresolved":false,"context_lines":[{"line_number":412,"context_line":"#control_exchange \u003d keystone"},{"line_number":413,"context_line":""},{"line_number":414,"context_line":""},{"line_number":415,"context_line":"[ae_tokens]"},{"line_number":416,"context_line":""},{"line_number":417,"context_line":"#"},{"line_number":418,"context_line":"# From keystone"}],"source_content_type":"application/octet-stream","patch_set":4,"id":"da86d52c_c66e97ff","line":415,"updated":"2015-02-12 19:42:36.000000000","message":"shouldn\u0027t these be in the [token] section? Why do we need another section as it is really a property of token provider?","commit_id":"6fb2816ce2734fb89bed66b0680ceb5800d99cd5"}],"keystone/cli.py":[{"author":{"_account_id":1916,"name":"Guang Yee","email":"gyee@suse.com","username":"guang-yee"},"change_message_id":"96712b83f7298934b9518c303248123d54f6969c","unresolved":false,"context_lines":[{"line_number":199,"context_line":""},{"line_number":200,"context_line":""},{"line_number":201,"context_line":"class KLWTRotate(BasePermissionsSetup):"},{"line_number":202,"context_line":"    \"\"\"Rotate AES keys for AES-based tokens."},{"line_number":203,"context_line":""},{"line_number":204,"context_line":"    This assumes you have already run keystone-manage klwt_setup."},{"line_number":205,"context_line":""}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_bc1464e9","line":202,"updated":"2015-02-26 06:47:58.000000000","message":"may want to remove \u0027AES\u0027 from the description as algorithm and method are subject to change. For example, they would be just HMAC secrets of encryption is not used.","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"fc1b18cb392b67f389d6b291d1700dfb5d6e5e5a","unresolved":false,"context_lines":[{"line_number":199,"context_line":""},{"line_number":200,"context_line":""},{"line_number":201,"context_line":"class KLWTRotate(BasePermissionsSetup):"},{"line_number":202,"context_line":"    \"\"\"Rotate AES keys for AES-based tokens."},{"line_number":203,"context_line":""},{"line_number":204,"context_line":"    This assumes you have already run keystone-manage klwt_setup."},{"line_number":205,"context_line":""}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_9cd06eca","line":202,"in_reply_to":"ba7be1f8_bc1464e9","updated":"2015-02-26 12:41:32.000000000","message":"Done","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":1916,"name":"Guang Yee","email":"gyee@suse.com","username":"guang-yee"},"change_message_id":"96712b83f7298934b9518c303248123d54f6969c","unresolved":false,"context_lines":[{"line_number":204,"context_line":"    This assumes you have already run keystone-manage klwt_setup."},{"line_number":205,"context_line":""},{"line_number":206,"context_line":"    A new primary key is created, which is used for new tokens. The old primary"},{"line_number":207,"context_line":"    key is demoted to active, which can then still be used for validating"},{"line_number":208,"context_line":"    tokens. Excess active keys (beyond [klw_tokens] max_active_keys) are"},{"line_number":209,"context_line":"    revoked. Revoked keys are permanently deleted."},{"line_number":210,"context_line":""}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_3c85d406","line":207,"updated":"2015-02-26 06:47:58.000000000","message":"\"demoted to action\"? Keystone rotation should only involve two keys at any given time. What\u0027s the use case for \u0027max_active_keys\u0027?","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"fc1b18cb392b67f389d6b291d1700dfb5d6e5e5a","unresolved":false,"context_lines":[{"line_number":204,"context_line":"    This assumes you have already run keystone-manage klwt_setup."},{"line_number":205,"context_line":""},{"line_number":206,"context_line":"    A new primary key is created, which is used for new tokens. The old primary"},{"line_number":207,"context_line":"    key is demoted to active, which can then still be used for validating"},{"line_number":208,"context_line":"    tokens. Excess active keys (beyond [klw_tokens] max_active_keys) are"},{"line_number":209,"context_line":"    revoked. Revoked keys are permanently deleted."},{"line_number":210,"context_line":""}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_5c4d1699","line":207,"in_reply_to":"ba7be1f8_3c85d406","updated":"2015-02-26 12:41:32.000000000","message":"Active keys are allows to decrypt, or verify things. Primary keys are allows to encrypt and sign stuff. Depending on how often your keys rotate you can run into cases where you\u0027ll have multiple active keys that are only there because we need to keep them around for decrypting things. So the key lifecycle might look something like: \n\n    Add new key to the repo as \"active\" -\u003e promote key to \"primary\" -\u003e\n    promote new key to \"primary\" -\u003e demote old primary to active -\u003e\n    remove old primary after it\u0027s older than the token expiration time","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":1916,"name":"Guang Yee","email":"gyee@suse.com","username":"guang-yee"},"change_message_id":"96712b83f7298934b9518c303248123d54f6969c","unresolved":false,"context_lines":[{"line_number":209,"context_line":"    revoked. Revoked keys are permanently deleted."},{"line_number":210,"context_line":""},{"line_number":211,"context_line":"    Rotating keys too frequently, or with [klw_tokens] max_active_keys set too"},{"line_number":212,"context_line":"    low, will cause tokens to become invalid prior to their expiration."},{"line_number":213,"context_line":""},{"line_number":214,"context_line":"    \"\"\""},{"line_number":215,"context_line":""}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_bcc2a450","line":212,"updated":"2015-02-26 06:47:58.000000000","message":"that doesn\u0027t sound right. Why would key rotation invalidate the tokens?","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"fc1b18cb392b67f389d6b291d1700dfb5d6e5e5a","unresolved":false,"context_lines":[{"line_number":209,"context_line":"    revoked. Revoked keys are permanently deleted."},{"line_number":210,"context_line":""},{"line_number":211,"context_line":"    Rotating keys too frequently, or with [klw_tokens] max_active_keys set too"},{"line_number":212,"context_line":"    low, will cause tokens to become invalid prior to their expiration."},{"line_number":213,"context_line":""},{"line_number":214,"context_line":"    \"\"\""},{"line_number":215,"context_line":""}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_575c0f19","line":212,"in_reply_to":"ba7be1f8_bcc2a450","updated":"2015-02-26 12:41:32.000000000","message":"This is saying that there needs to be a happy balance between how many keys you allow in your key repo and how often you rotate your keys. So let\u0027s say that you want to rotate keys every 30 minutes and use a new primary. At the same time your token lifespan is something like 6 hours, but your max_active_keys is only 4. This would break because we would have at least 12 active keys at any given point in time.","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"90a8346768915f715ad8bef703d9ecefc77df7bc","unresolved":false,"context_lines":[{"line_number":180,"context_line":""},{"line_number":181,"context_line":""},{"line_number":182,"context_line":"class KLWTSetup(BasePermissionsSetup):"},{"line_number":183,"context_line":"    \"\"\"Setup an key repository for KLW tokens."},{"line_number":184,"context_line":""},{"line_number":185,"context_line":"    This also creates a primary key used for both creating and validating"},{"line_number":186,"context_line":"    Keystone Lightweight tokens. To improve security, you should rotate your"}],"source_content_type":"text/x-python","patch_set":25,"id":"ba7be1f8_e898c4c1","line":183,"updated":"2015-02-26 15:04:02.000000000","message":"(nit) s/an/a/","commit_id":"1858739d368fff8e0d22f17ad9d22f95c92b76e9"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"f6f98d21e20651916a5b4a1d301c09cae25e32b9","unresolved":false,"context_lines":[{"line_number":180,"context_line":""},{"line_number":181,"context_line":""},{"line_number":182,"context_line":"class KLWTSetup(BasePermissionsSetup):"},{"line_number":183,"context_line":"    \"\"\"Setup an key repository for KLW tokens."},{"line_number":184,"context_line":""},{"line_number":185,"context_line":"    This also creates a primary key used for both creating and validating"},{"line_number":186,"context_line":"    Keystone Lightweight tokens. To improve security, you should rotate your"}],"source_content_type":"text/x-python","patch_set":25,"id":"ba7be1f8_02b89028","line":183,"in_reply_to":"ba7be1f8_e898c4c1","updated":"2015-02-26 15:49:44.000000000","message":"Done","commit_id":"1858739d368fff8e0d22f17ad9d22f95c92b76e9"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"fc8b492d54a337183619d866f5eed92c9fff413a","unresolved":false,"context_lines":[{"line_number":94,"context_line":"        migration_helpers.print_db_version(extension)"},{"line_number":95,"context_line":""},{"line_number":96,"context_line":""},{"line_number":97,"context_line":"class BasePermissionsSetup(BaseApp):"},{"line_number":98,"context_line":"    \"\"\"Common user/group setup for file permissions.\"\"\""},{"line_number":99,"context_line":""},{"line_number":100,"context_line":"    @classmethod"}],"source_content_type":"text/x-python","patch_set":31,"id":"ba7be1f8_4e088ad9","line":97,"updated":"2015-03-02 08:31:14.000000000","message":"this split should have probably been done separately, but it\u0027s cool","commit_id":"a605e2e4c41636bbd02f75db061b31e6d8177f73"},{"author":{"_account_id":1916,"name":"Guang Yee","email":"gyee@suse.com","username":"guang-yee"},"change_message_id":"e793e5419758b24c37944617852539b96e20b1f6","unresolved":false,"context_lines":[{"line_number":182,"context_line":"class KLWTSetup(BasePermissionsSetup):"},{"line_number":183,"context_line":"    \"\"\"Setup a key repository for KLW tokens."},{"line_number":184,"context_line":""},{"line_number":185,"context_line":"    This also creates a primary key used for both creating and validating"},{"line_number":186,"context_line":"    Keystone Lightweight tokens. To improve security, you should rotate your"},{"line_number":187,"context_line":"    keys (using keystone-manage klwt_rotate, for example)."},{"line_number":188,"context_line":""}],"source_content_type":"text/x-python","patch_set":33,"id":"ba7be1f8_fb5c7b7f","line":185,"updated":"2015-03-02 20:28:05.000000000","message":"For the initial setup, it will create both the \u0027staged\u0027 and \u0027primary\u0027 key right?","commit_id":"93e17709ac0bc913a5243634d0b064947e344cce"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"b6ad1cff5cbbc9cc5c41dcdef84d8ef2fdefa605","unresolved":false,"context_lines":[{"line_number":182,"context_line":"class KLWTSetup(BasePermissionsSetup):"},{"line_number":183,"context_line":"    \"\"\"Setup a key repository for KLW tokens."},{"line_number":184,"context_line":""},{"line_number":185,"context_line":"    This also creates a primary key used for both creating and validating"},{"line_number":186,"context_line":"    Keystone Lightweight tokens. To improve security, you should rotate your"},{"line_number":187,"context_line":"    keys (using keystone-manage klwt_rotate, for example)."},{"line_number":188,"context_line":""}],"source_content_type":"text/x-python","patch_set":33,"id":"ba7be1f8_cc329fa6","line":185,"in_reply_to":"ba7be1f8_fb5c7b7f","updated":"2015-03-02 21:26:56.000000000","message":"Correct, it will start by creating a key named \u00270\u0027 and then promote that key to the primary key \u00271\u0027. It then creates the next primary key and names it 0. So you should have two keys on setup.","commit_id":"93e17709ac0bc913a5243634d0b064947e344cce"},{"author":{"_account_id":1916,"name":"Guang Yee","email":"gyee@suse.com","username":"guang-yee"},"change_message_id":"e793e5419758b24c37944617852539b96e20b1f6","unresolved":false,"context_lines":[{"line_number":203,"context_line":""},{"line_number":204,"context_line":"    This assumes you have already run keystone-manage klwt_setup."},{"line_number":205,"context_line":""},{"line_number":206,"context_line":"    A new primary key is created, which is used for new tokens. The old primary"},{"line_number":207,"context_line":"    key is demoted to active, which can then still be used for validating"},{"line_number":208,"context_line":"    tokens. Excess active keys (beyond [klw_tokens] max_active_keys) are"},{"line_number":209,"context_line":"    revoked. Revoked keys are permanently deleted."}],"source_content_type":"text/x-python","patch_set":33,"id":"ba7be1f8_5bf9074d","line":206,"updated":"2015-03-02 20:28:05.000000000","message":"A new staged key is created ...? And the old staged key will get promoted to primary.","commit_id":"93e17709ac0bc913a5243634d0b064947e344cce"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"b6ad1cff5cbbc9cc5c41dcdef84d8ef2fdefa605","unresolved":false,"context_lines":[{"line_number":203,"context_line":""},{"line_number":204,"context_line":"    This assumes you have already run keystone-manage klwt_setup."},{"line_number":205,"context_line":""},{"line_number":206,"context_line":"    A new primary key is created, which is used for new tokens. The old primary"},{"line_number":207,"context_line":"    key is demoted to active, which can then still be used for validating"},{"line_number":208,"context_line":"    tokens. Excess active keys (beyond [klw_tokens] max_active_keys) are"},{"line_number":209,"context_line":"    revoked. Revoked keys are permanently deleted."}],"source_content_type":"text/x-python","patch_set":33,"id":"ba7be1f8_8ca7c7a6","line":206,"in_reply_to":"ba7be1f8_5bf9074d","updated":"2015-03-02 21:26:56.000000000","message":"Done","commit_id":"93e17709ac0bc913a5243634d0b064947e344cce"},{"author":{"_account_id":4,"name":"Dolph Mathews","email":"dolph.mathews@gmail.com","username":"dolph"},"change_message_id":"61a3c46cee4fd6ffde2d22574f3bdbbd35c03444","unresolved":false,"context_lines":[{"line_number":206,"context_line":"    A new primary key is created, which is used for new tokens. The old primary"},{"line_number":207,"context_line":"    key is demoted to active, which can then still be used for validating"},{"line_number":208,"context_line":"    tokens. Excess active keys (beyond [klw_tokens] max_active_keys) are"},{"line_number":209,"context_line":"    revoked. Revoked keys are permanently deleted."},{"line_number":210,"context_line":""},{"line_number":211,"context_line":"    Rotating keys too frequently, or with [klw_tokens] max_active_keys set too"},{"line_number":212,"context_line":"    low, will cause tokens to become invalid prior to their expiration."}],"source_content_type":"text/x-python","patch_set":33,"id":"ba7be1f8_1e213d4d","line":209,"updated":"2015-03-02 20:22:53.000000000","message":"this needs to be revised with:\n\n  s/active/secondary/\n\nto match the terminology used in docs/","commit_id":"93e17709ac0bc913a5243634d0b064947e344cce"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"27394165e10a4a13c50992543ea682bd64259a5e","unresolved":false,"context_lines":[{"line_number":206,"context_line":"    A new primary key is created, which is used for new tokens. The old primary"},{"line_number":207,"context_line":"    key is demoted to active, which can then still be used for validating"},{"line_number":208,"context_line":"    tokens. Excess active keys (beyond [klw_tokens] max_active_keys) are"},{"line_number":209,"context_line":"    revoked. Revoked keys are permanently deleted."},{"line_number":210,"context_line":""},{"line_number":211,"context_line":"    Rotating keys too frequently, or with [klw_tokens] max_active_keys set too"},{"line_number":212,"context_line":"    low, will cause tokens to become invalid prior to their expiration."}],"source_content_type":"text/x-python","patch_set":33,"id":"ba7be1f8_c1d6e84e","line":209,"in_reply_to":"ba7be1f8_1e213d4d","updated":"2015-03-02 20:40:29.000000000","message":"Done","commit_id":"93e17709ac0bc913a5243634d0b064947e344cce"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"b0990a7c69fd139c4e9df06244a70b945a655775","unresolved":false,"context_lines":[{"line_number":208,"context_line":"    tokens. Excess active keys (beyond [klw_tokens] max_active_keys) are"},{"line_number":209,"context_line":"    revoked. Revoked keys are permanently deleted."},{"line_number":210,"context_line":""},{"line_number":211,"context_line":"    Rotating keys too frequently, or with [klw_tokens] max_active_keys set too"},{"line_number":212,"context_line":"    low, will cause tokens to become invalid prior to their expiration."},{"line_number":213,"context_line":""},{"line_number":214,"context_line":"    \"\"\""}],"source_content_type":"text/x-python","patch_set":33,"id":"ba7be1f8_eacd8ab8","line":211,"updated":"2015-03-02 19:24:45.000000000","message":"This like would actually be a great addition to the docs.","commit_id":"93e17709ac0bc913a5243634d0b064947e344cce"},{"author":{"_account_id":4,"name":"Dolph Mathews","email":"dolph.mathews@gmail.com","username":"dolph"},"change_message_id":"61a3c46cee4fd6ffde2d22574f3bdbbd35c03444","unresolved":false,"context_lines":[{"line_number":208,"context_line":"    tokens. Excess active keys (beyond [klw_tokens] max_active_keys) are"},{"line_number":209,"context_line":"    revoked. Revoked keys are permanently deleted."},{"line_number":210,"context_line":""},{"line_number":211,"context_line":"    Rotating keys too frequently, or with [klw_tokens] max_active_keys set too"},{"line_number":212,"context_line":"    low, will cause tokens to become invalid prior to their expiration."},{"line_number":213,"context_line":""},{"line_number":214,"context_line":"    \"\"\""}],"source_content_type":"text/x-python","patch_set":33,"id":"ba7be1f8_1efa1dbd","line":211,"in_reply_to":"ba7be1f8_eacd8ab8","updated":"2015-03-02 20:22:53.000000000","message":"++ this was my first pass at writing docs... but i thought these docstrs were rendered to --help (they\u0027re not, afaik). all this should be moved to docs/","commit_id":"93e17709ac0bc913a5243634d0b064947e344cce"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"27394165e10a4a13c50992543ea682bd64259a5e","unresolved":false,"context_lines":[{"line_number":208,"context_line":"    tokens. Excess active keys (beyond [klw_tokens] max_active_keys) are"},{"line_number":209,"context_line":"    revoked. Revoked keys are permanently deleted."},{"line_number":210,"context_line":""},{"line_number":211,"context_line":"    Rotating keys too frequently, or with [klw_tokens] max_active_keys set too"},{"line_number":212,"context_line":"    low, will cause tokens to become invalid prior to their expiration."},{"line_number":213,"context_line":""},{"line_number":214,"context_line":"    \"\"\""}],"source_content_type":"text/x-python","patch_set":33,"id":"ba7be1f8_01cd60b7","line":211,"in_reply_to":"ba7be1f8_eacd8ab8","updated":"2015-03-02 20:40:29.000000000","message":"Done","commit_id":"93e17709ac0bc913a5243634d0b064947e344cce"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"b0990a7c69fd139c4e9df06244a70b945a655775","unresolved":false,"context_lines":[{"line_number":327,"context_line":""},{"line_number":328,"context_line":""},{"line_number":329,"context_line":"CMDS \u003d ["},{"line_number":330,"context_line":"    KLWTRotate,"},{"line_number":331,"context_line":"    KLWTSetup,"},{"line_number":332,"context_line":"    DbSync,"},{"line_number":333,"context_line":"    DbVersion,"}],"source_content_type":"text/x-python","patch_set":33,"id":"ba7be1f8_6f9a8c6f","line":330,"updated":"2015-03-02 19:24:45.000000000","message":"Any reason these are not alphabetical like the others?","commit_id":"93e17709ac0bc913a5243634d0b064947e344cce"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"27394165e10a4a13c50992543ea682bd64259a5e","unresolved":false,"context_lines":[{"line_number":327,"context_line":""},{"line_number":328,"context_line":""},{"line_number":329,"context_line":"CMDS \u003d ["},{"line_number":330,"context_line":"    KLWTRotate,"},{"line_number":331,"context_line":"    KLWTSetup,"},{"line_number":332,"context_line":"    DbSync,"},{"line_number":333,"context_line":"    DbVersion,"}],"source_content_type":"text/x-python","patch_set":33,"id":"ba7be1f8_c13d0891","line":330,"in_reply_to":"ba7be1f8_6f9a8c6f","updated":"2015-03-02 20:40:29.000000000","message":"Done","commit_id":"93e17709ac0bc913a5243634d0b064947e344cce"},{"author":{"_account_id":4,"name":"Dolph Mathews","email":"dolph.mathews@gmail.com","username":"dolph"},"change_message_id":"61a3c46cee4fd6ffde2d22574f3bdbbd35c03444","unresolved":false,"context_lines":[{"line_number":327,"context_line":""},{"line_number":328,"context_line":""},{"line_number":329,"context_line":"CMDS \u003d ["},{"line_number":330,"context_line":"    KLWTRotate,"},{"line_number":331,"context_line":"    KLWTSetup,"},{"line_number":332,"context_line":"    DbSync,"},{"line_number":333,"context_line":"    DbVersion,"}],"source_content_type":"text/x-python","patch_set":33,"id":"ba7be1f8_1ea4dda4","line":330,"in_reply_to":"ba7be1f8_6f9a8c6f","updated":"2015-03-02 20:22:53.000000000","message":"they were in alphabetical order when they were called AERotate \u0026 AESetup :)","commit_id":"93e17709ac0bc913a5243634d0b064947e344cce"}],"keystone/common/config.py":[{"author":{"_account_id":4,"name":"Dolph Mathews","email":"dolph.mathews@gmail.com","username":"dolph"},"change_message_id":"e1202525618b2bc03980aa7246564e8d9070ae94","unresolved":false,"context_lines":[{"line_number":231,"context_line":"    \u0027ae_tokens\u0027: ["},{"line_number":232,"context_line":"        cfg.StrOpt(\u0027key_repository\u0027,"},{"line_number":233,"context_line":"                   default\u003d\u0027/etc/keystone/keys\u0027,"},{"line_number":234,"context_line":"                   help\u003d\u0027Location for AE token signing keys.\u0027)"},{"line_number":235,"context_line":"    ],"},{"line_number":236,"context_line":"    \u0027token\u0027: ["},{"line_number":237,"context_line":"        cfg.ListOpt(\u0027bind\u0027, default\u003d[],"}],"source_content_type":"text/x-python","patch_set":2,"id":"da86d52c_de76ee3e","line":234,"updated":"2015-02-10 17:33:36.000000000","message":"Directory containing AE token signing keys.","commit_id":"8fff2ca452c5b6affd3e5d4bdd06e56fb2a39f37"},{"author":{"_account_id":1916,"name":"Guang Yee","email":"gyee@suse.com","username":"guang-yee"},"change_message_id":"0a49f1f524f2a14ad408d36ec193ceb7c8595855","unresolved":false,"context_lines":[{"line_number":235,"context_line":"                         \u0027hierarchy can be optionally enabled.\u0027),"},{"line_number":236,"context_line":"    ],"},{"line_number":237,"context_line":"    \u0027ae_tokens\u0027: ["},{"line_number":238,"context_line":"        cfg.StrOpt(\u0027key_repository\u0027,"},{"line_number":239,"context_line":"                   help\u003d\u0027Directory containing AE token signing keys. If one \u0027"},{"line_number":240,"context_line":"                        \u0027is not specified, the driver will create a \u0027"},{"line_number":241,"context_line":"                        \u0027temporary directory instead.\u0027),"}],"source_content_type":"text/x-python","patch_set":4,"id":"da86d52c_c921489f","line":238,"updated":"2015-02-12 19:42:36.000000000","message":"Nice. May want to document that fact that multiple keys are allowed to make it easier to deployer to implement key rotation in their production environment.","commit_id":"6fb2816ce2734fb89bed66b0680ceb5800d99cd5"},{"author":{"_account_id":1916,"name":"Guang Yee","email":"gyee@suse.com","username":"guang-yee"},"change_message_id":"0a49f1f524f2a14ad408d36ec193ceb7c8595855","unresolved":false,"context_lines":[{"line_number":239,"context_line":"                   help\u003d\u0027Directory containing AE token signing keys. If one \u0027"},{"line_number":240,"context_line":"                        \u0027is not specified, the driver will create a \u0027"},{"line_number":241,"context_line":"                        \u0027temporary directory instead.\u0027),"},{"line_number":242,"context_line":"        cfg.BoolOpt(\u0027use_encryption\u0027, default\u003dTrue,"},{"line_number":243,"context_line":"                    help\u003d\u0027When set to True use encryption with AE tokens. \u0027"},{"line_number":244,"context_line":"                         \u0027Otherwise sign the tokens to ensure integrity. \u0027"},{"line_number":245,"context_line":"                         \u0027Tokens that have been encrypted can have 30+ \u0027"}],"source_content_type":"text/x-python","patch_set":4,"id":"da86d52c_4628e796","line":242,"updated":"2015-02-12 19:42:36.000000000","message":"did you regenerate the config?","commit_id":"6fb2816ce2734fb89bed66b0680ceb5800d99cd5"},{"author":{"_account_id":220,"name":"Haneef Ali","email":"haneef.ali@hp.com","username":"haneef"},"change_message_id":"659ff96088e4e75ccaf29d90f559126612f1a579","unresolved":false,"context_lines":[{"line_number":262,"context_line":"        cfg.StrOpt(\u0027provider\u0027,"},{"line_number":263,"context_line":"                   help\u003d\u0027Controls the token construction, validation, and \u0027"},{"line_number":264,"context_line":"                        \u0027revocation operations. Core providers are \u0027"},{"line_number":265,"context_line":"                        \u0027\"keystone.token.providers.[ae|pkiz|pki|uuid].\u0027"},{"line_number":266,"context_line":"                        \u0027Provider\". The default provider is uuid.\u0027),"},{"line_number":267,"context_line":"        cfg.StrOpt(\u0027driver\u0027,"},{"line_number":268,"context_line":"                   default\u003d\u0027keystone.token.persistence.backends.sql.Token\u0027,"}],"source_content_type":"text/x-python","patch_set":13,"id":"da86d52c_db37a5ae","line":265,"updated":"2015-02-18 05:16:06.000000000","message":"Do we want to use AE or KLWT?","commit_id":"ee4e68f10d5b9f987a4f812dc2a5adb32b1d7af1"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"04d3594327d63e7dfb1d028445a7c163863c59b8","unresolved":false,"context_lines":[{"line_number":262,"context_line":"        cfg.StrOpt(\u0027provider\u0027,"},{"line_number":263,"context_line":"                   help\u003d\u0027Controls the token construction, validation, and \u0027"},{"line_number":264,"context_line":"                        \u0027revocation operations. Core providers are \u0027"},{"line_number":265,"context_line":"                        \u0027\"keystone.token.providers.[ae|pkiz|pki|uuid].\u0027"},{"line_number":266,"context_line":"                        \u0027Provider\". The default provider is uuid.\u0027),"},{"line_number":267,"context_line":"        cfg.StrOpt(\u0027driver\u0027,"},{"line_number":268,"context_line":"                   default\u003d\u0027keystone.token.persistence.backends.sql.Token\u0027,"}],"source_content_type":"text/x-python","patch_set":13,"id":"da86d52c_9453296b","line":265,"in_reply_to":"da86d52c_db37a5ae","updated":"2015-02-18 15:49:34.000000000","message":"The spec details Keystone Lightweight Tokens. I think there were a few people in -keystone who didn\u0027t want to use AE so maybe we can catch up with them in -keystone.","commit_id":"ee4e68f10d5b9f987a4f812dc2a5adb32b1d7af1"},{"author":{"_account_id":11045,"name":"Bob Thyne","email":"bob.thyne@hp.com","username":"bobt"},"change_message_id":"a32a56f61e4cf80843e69dc557941bb8a3fcd86f","unresolved":false,"context_lines":[{"line_number":202,"context_line":"    \u0027klw_tokens\u0027: ["},{"line_number":203,"context_line":"        cfg.StrOpt(\u0027key_repository\u0027,"},{"line_number":204,"context_line":"                   default\u003d\u0027/etc/keystone/keys/\u0027,"},{"line_number":205,"context_line":"                   help\u003d\u0027Directory containing Keystone Lightweight token \u0027"},{"line_number":206,"context_line":"                        \u0027keys.\u0027),"},{"line_number":207,"context_line":"        cfg.IntOpt(\u0027max_active_keys\u0027,"},{"line_number":208,"context_line":"                   default\u003d1,"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_a198c21c","line":205,"updated":"2015-02-25 23:41:05.000000000","message":"Why do we call it out as Keystone Lightweight token and not stick to the common abbreviation of KLWT? For consistency I would vote for KLWT","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"fc1b18cb392b67f389d6b291d1700dfb5d6e5e5a","unresolved":false,"context_lines":[{"line_number":202,"context_line":"    \u0027klw_tokens\u0027: ["},{"line_number":203,"context_line":"        cfg.StrOpt(\u0027key_repository\u0027,"},{"line_number":204,"context_line":"                   default\u003d\u0027/etc/keystone/keys/\u0027,"},{"line_number":205,"context_line":"                   help\u003d\u0027Directory containing Keystone Lightweight token \u0027"},{"line_number":206,"context_line":"                        \u0027keys.\u0027),"},{"line_number":207,"context_line":"        cfg.IntOpt(\u0027max_active_keys\u0027,"},{"line_number":208,"context_line":"                   default\u003d1,"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_b740eb07","line":205,"in_reply_to":"ba7be1f8_1e7000db","updated":"2015-02-26 12:41:32.000000000","message":"Done","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":2903,"name":"Morgan Fainberg","email":"morgan.fainberg@gmail.com","username":"mdrnstm"},"change_message_id":"feaebc4dfb2bfe487cd682a5e5f30bc5c2cd0828","unresolved":false,"context_lines":[{"line_number":202,"context_line":"    \u0027klw_tokens\u0027: ["},{"line_number":203,"context_line":"        cfg.StrOpt(\u0027key_repository\u0027,"},{"line_number":204,"context_line":"                   default\u003d\u0027/etc/keystone/keys/\u0027,"},{"line_number":205,"context_line":"                   help\u003d\u0027Directory containing Keystone Lightweight token \u0027"},{"line_number":206,"context_line":"                        \u0027keys.\u0027),"},{"line_number":207,"context_line":"        cfg.IntOpt(\u0027max_active_keys\u0027,"},{"line_number":208,"context_line":"                   default\u003d1,"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_1e7000db","line":205,"in_reply_to":"ba7be1f8_a198c21c","updated":"2015-02-26 06:59:03.000000000","message":"Adding a \u0027(KLWT)\u0027 would also be sufficient.\n\nI am torn if this belongs in the [token] section or in it\u0027s own section...","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":1916,"name":"Guang Yee","email":"gyee@suse.com","username":"guang-yee"},"change_message_id":"96712b83f7298934b9518c303248123d54f6969c","unresolved":false,"context_lines":[{"line_number":204,"context_line":"                   default\u003d\u0027/etc/keystone/keys/\u0027,"},{"line_number":205,"context_line":"                   help\u003d\u0027Directory containing Keystone Lightweight token \u0027"},{"line_number":206,"context_line":"                        \u0027keys.\u0027),"},{"line_number":207,"context_line":"        cfg.IntOpt(\u0027max_active_keys\u0027,"},{"line_number":208,"context_line":"                   default\u003d1,"},{"line_number":209,"context_line":"                   help\u003d\u0027This controls how many non-primary active keys are \u0027"},{"line_number":210,"context_line":"                        \u0027held in rotation by keystone-manage klw_rotate \u0027"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_7e8f3c75","line":207,"updated":"2015-02-26 06:47:58.000000000","message":"This option is probably not necessary as key rotation should only involve two keys at any given time. Anyway, not a deal breaker.","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"fc1b18cb392b67f389d6b291d1700dfb5d6e5e5a","unresolved":false,"context_lines":[{"line_number":204,"context_line":"                   default\u003d\u0027/etc/keystone/keys/\u0027,"},{"line_number":205,"context_line":"                   help\u003d\u0027Directory containing Keystone Lightweight token \u0027"},{"line_number":206,"context_line":"                        \u0027keys.\u0027),"},{"line_number":207,"context_line":"        cfg.IntOpt(\u0027max_active_keys\u0027,"},{"line_number":208,"context_line":"                   default\u003d1,"},{"line_number":209,"context_line":"                   help\u003d\u0027This controls how many non-primary active keys are \u0027"},{"line_number":210,"context_line":"                        \u0027held in rotation by keystone-manage klw_rotate \u0027"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_b7f2ab03","line":207,"in_reply_to":"ba7be1f8_7e8f3c75","updated":"2015-02-26 12:41:32.000000000","message":"See previous comment in cli.py.","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":11045,"name":"Bob Thyne","email":"bob.thyne@hp.com","username":"bobt"},"change_message_id":"a32a56f61e4cf80843e69dc557941bb8a3fcd86f","unresolved":false,"context_lines":[{"line_number":207,"context_line":"        cfg.IntOpt(\u0027max_active_keys\u0027,"},{"line_number":208,"context_line":"                   default\u003d1,"},{"line_number":209,"context_line":"                   help\u003d\u0027This controls how many non-primary active keys are \u0027"},{"line_number":210,"context_line":"                        \u0027held in rotation by keystone-manage klw_rotate \u0027"},{"line_number":211,"context_line":"                        \u0027before they are deleted.\u0027)"},{"line_number":212,"context_line":"    ],"},{"line_number":213,"context_line":"    \u0027token\u0027: ["}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_a1ca8218","line":210,"updated":"2015-02-25 23:41:05.000000000","message":"Should be klwt_rotate","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"fc1b18cb392b67f389d6b291d1700dfb5d6e5e5a","unresolved":false,"context_lines":[{"line_number":207,"context_line":"        cfg.IntOpt(\u0027max_active_keys\u0027,"},{"line_number":208,"context_line":"                   default\u003d1,"},{"line_number":209,"context_line":"                   help\u003d\u0027This controls how many non-primary active keys are \u0027"},{"line_number":210,"context_line":"                        \u0027held in rotation by keystone-manage klw_rotate \u0027"},{"line_number":211,"context_line":"                        \u0027before they are deleted.\u0027)"},{"line_number":212,"context_line":"    ],"},{"line_number":213,"context_line":"    \u0027token\u0027: ["}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_f7226350","line":210,"in_reply_to":"ba7be1f8_a1ca8218","updated":"2015-02-26 12:41:32.000000000","message":"Done","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":2903,"name":"Morgan Fainberg","email":"morgan.fainberg@gmail.com","username":"mdrnstm"},"change_message_id":"feaebc4dfb2bfe487cd682a5e5f30bc5c2cd0828","unresolved":false,"context_lines":[{"line_number":207,"context_line":"        cfg.IntOpt(\u0027max_active_keys\u0027,"},{"line_number":208,"context_line":"                   default\u003d1,"},{"line_number":209,"context_line":"                   help\u003d\u0027This controls how many non-primary active keys are \u0027"},{"line_number":210,"context_line":"                        \u0027held in rotation by keystone-manage klw_rotate \u0027"},{"line_number":211,"context_line":"                        \u0027before they are deleted.\u0027)"},{"line_number":212,"context_line":"    ],"},{"line_number":213,"context_line":"    \u0027token\u0027: ["}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_be4d349c","line":210,"in_reply_to":"ba7be1f8_a1ca8218","updated":"2015-02-26 06:59:03.000000000","message":"This should probably be defined in the CLI options for rotate not in the config file unless it is referenced by the running service.","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"fc1b18cb392b67f389d6b291d1700dfb5d6e5e5a","unresolved":false,"context_lines":[{"line_number":207,"context_line":"        cfg.IntOpt(\u0027max_active_keys\u0027,"},{"line_number":208,"context_line":"                   default\u003d1,"},{"line_number":209,"context_line":"                   help\u003d\u0027This controls how many non-primary active keys are \u0027"},{"line_number":210,"context_line":"                        \u0027held in rotation by keystone-manage klw_rotate \u0027"},{"line_number":211,"context_line":"                        \u0027before they are deleted.\u0027)"},{"line_number":212,"context_line":"    ],"},{"line_number":213,"context_line":"    \u0027token\u0027: ["}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_17e53708","line":210,"in_reply_to":"ba7be1f8_be4d349c","updated":"2015-02-26 12:41:32.000000000","message":"I\u0027d have to check with Dolph on this, but I think this lives here because it needs to be the same each time?","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"b0990a7c69fd139c4e9df06244a70b945a655775","unresolved":false,"context_lines":[{"line_number":208,"context_line":"    ],"},{"line_number":209,"context_line":"    \u0027klw_tokens\u0027: ["},{"line_number":210,"context_line":"        cfg.StrOpt(\u0027key_repository\u0027,"},{"line_number":211,"context_line":"                   default\u003d\u0027/etc/keystone/keys/\u0027,"},{"line_number":212,"context_line":"                   help\u003d\u0027Directory containing Keystone Lightweight token \u0027"},{"line_number":213,"context_line":"                        \u0027(KLWT) keys.\u0027),"},{"line_number":214,"context_line":"        cfg.IntOpt(\u0027max_active_keys\u0027,"}],"source_content_type":"text/x-python","patch_set":33,"id":"ba7be1f8_8a05eec3","line":211,"updated":"2015-03-02 19:24:45.000000000","message":"Will we ever run in to a situation where we have to manage multiple types ?of keys?","commit_id":"93e17709ac0bc913a5243634d0b064947e344cce"},{"author":{"_account_id":4,"name":"Dolph Mathews","email":"dolph.mathews@gmail.com","username":"dolph"},"change_message_id":"61a3c46cee4fd6ffde2d22574f3bdbbd35c03444","unresolved":false,"context_lines":[{"line_number":208,"context_line":"    ],"},{"line_number":209,"context_line":"    \u0027klw_tokens\u0027: ["},{"line_number":210,"context_line":"        cfg.StrOpt(\u0027key_repository\u0027,"},{"line_number":211,"context_line":"                   default\u003d\u0027/etc/keystone/keys/\u0027,"},{"line_number":212,"context_line":"                   help\u003d\u0027Directory containing Keystone Lightweight token \u0027"},{"line_number":213,"context_line":"                        \u0027(KLWT) keys.\u0027),"},{"line_number":214,"context_line":"        cfg.IntOpt(\u0027max_active_keys\u0027,"}],"source_content_type":"text/x-python","patch_set":33,"id":"ba7be1f8_deade585","line":211,"in_reply_to":"ba7be1f8_8a05eec3","updated":"2015-03-02 20:22:53.000000000","message":"probably, so fernet_keys/ ?","commit_id":"93e17709ac0bc913a5243634d0b064947e344cce"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"27394165e10a4a13c50992543ea682bd64259a5e","unresolved":false,"context_lines":[{"line_number":208,"context_line":"    ],"},{"line_number":209,"context_line":"    \u0027klw_tokens\u0027: ["},{"line_number":210,"context_line":"        cfg.StrOpt(\u0027key_repository\u0027,"},{"line_number":211,"context_line":"                   default\u003d\u0027/etc/keystone/keys/\u0027,"},{"line_number":212,"context_line":"                   help\u003d\u0027Directory containing Keystone Lightweight token \u0027"},{"line_number":213,"context_line":"                        \u0027(KLWT) keys.\u0027),"},{"line_number":214,"context_line":"        cfg.IntOpt(\u0027max_active_keys\u0027,"}],"source_content_type":"text/x-python","patch_set":33,"id":"ba7be1f8_41703872","line":211,"in_reply_to":"ba7be1f8_deade585","updated":"2015-03-02 20:40:29.000000000","message":"Should this be renamed in the fernet renaming patch that dolph has?","commit_id":"93e17709ac0bc913a5243634d0b064947e344cce"}],"keystone/exception.py":[{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"3dc7fdda2c159e546d910f59fd9f03c73ac5e000","unresolved":false,"context_lines":[{"line_number":343,"context_line":""},{"line_number":344,"context_line":""},{"line_number":345,"context_line":"class KeyczarReadError(Error):"},{"line_number":346,"context_line":"    message_format \u003d _(\"%(details)s\")"},{"line_number":347,"context_line":""},{"line_number":348,"context_line":"    code \u003d 500"},{"line_number":349,"context_line":"    title \u003d \u0027Internal Server Error\u0027"}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_926890f6","line":346,"updated":"2015-02-18 21:05:28.000000000","message":"(nit) this is not a string that has to be translated","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"cbcb07182fd56dd4fed8761cd15127126ed05ac6","unresolved":false,"context_lines":[{"line_number":343,"context_line":""},{"line_number":344,"context_line":""},{"line_number":345,"context_line":"class KeyczarReadError(Error):"},{"line_number":346,"context_line":"    message_format \u003d _(\"%(details)s\")"},{"line_number":347,"context_line":""},{"line_number":348,"context_line":"    code \u003d 500"},{"line_number":349,"context_line":"    title \u003d \u0027Internal Server Error\u0027"}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_82a679bf","line":346,"in_reply_to":"da86d52c_926890f6","updated":"2015-02-18 21:32:20.000000000","message":"so I could just remove this?","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":2903,"name":"Morgan Fainberg","email":"morgan.fainberg@gmail.com","username":"mdrnstm"},"change_message_id":"feaebc4dfb2bfe487cd682a5e5f30bc5c2cd0828","unresolved":false,"context_lines":[{"line_number":342,"context_line":"    title \u003d \u0027Conflict\u0027"},{"line_number":343,"context_line":""},{"line_number":344,"context_line":""},{"line_number":345,"context_line":"class KeyczarReadError(Error):"},{"line_number":346,"context_line":"    message_format \u003d _(\"%(details)s\")"},{"line_number":347,"context_line":""},{"line_number":348,"context_line":"    code \u003d 500"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_de1e686f","line":345,"updated":"2015-02-26 06:59:03.000000000","message":"This is unused afaict, remove it please.","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"fc1b18cb392b67f389d6b291d1700dfb5d6e5e5a","unresolved":false,"context_lines":[{"line_number":342,"context_line":"    title \u003d \u0027Conflict\u0027"},{"line_number":343,"context_line":""},{"line_number":344,"context_line":""},{"line_number":345,"context_line":"class KeyczarReadError(Error):"},{"line_number":346,"context_line":"    message_format \u003d _(\"%(details)s\")"},{"line_number":347,"context_line":""},{"line_number":348,"context_line":"    code \u003d 500"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_f7d0a320","line":345,"in_reply_to":"ba7be1f8_de1e686f","updated":"2015-02-26 12:41:32.000000000","message":"Done","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"}],"keystone/tests/unit/test_v3_auth.py":[{"author":{"_account_id":4,"name":"Dolph Mathews","email":"dolph.mathews@gmail.com","username":"dolph"},"change_message_id":"c80947fc0aee4c6b334475168fd9c504a731f468","unresolved":false,"context_lines":[{"line_number":4102,"context_line":"            password\u003dtrustee_user[\u0027password\u0027],"},{"line_number":4103,"context_line":"            trust_id\u003dtrust[\u0027id\u0027])"},{"line_number":4104,"context_line":"        resp \u003d self.post(\u0027/auth/tokens\u0027, body\u003dauth_data, expected_status\u003d201)"},{"line_number":4105,"context_line":"        trust_scoped_token\u003d resp.headers.get(\u0027X-Subject-Token\u0027)"},{"line_number":4106,"context_line":"        self.assertTrue(trust_scoped_token.startswith(\u0027KLWT01\u0027))"},{"line_number":4107,"context_line":"        self.assertLess(len(trust_scoped_token), 255)"}],"source_content_type":"text/x-python","patch_set":13,"id":"da86d52c_a751f931","line":4105,"updated":"2015-02-18 02:02:01.000000000","message":"(pep8) missing a space","commit_id":"ee4e68f10d5b9f987a4f812dc2a5adb32b1d7af1"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"04d3594327d63e7dfb1d028445a7c163863c59b8","unresolved":false,"context_lines":[{"line_number":4102,"context_line":"            password\u003dtrustee_user[\u0027password\u0027],"},{"line_number":4103,"context_line":"            trust_id\u003dtrust[\u0027id\u0027])"},{"line_number":4104,"context_line":"        resp \u003d self.post(\u0027/auth/tokens\u0027, body\u003dauth_data, expected_status\u003d201)"},{"line_number":4105,"context_line":"        trust_scoped_token\u003d resp.headers.get(\u0027X-Subject-Token\u0027)"},{"line_number":4106,"context_line":"        self.assertTrue(trust_scoped_token.startswith(\u0027KLWT01\u0027))"},{"line_number":4107,"context_line":"        self.assertLess(len(trust_scoped_token), 255)"}],"source_content_type":"text/x-python","patch_set":13,"id":"da86d52c_94716979","line":4105,"in_reply_to":"da86d52c_a751f931","updated":"2015-02-18 15:49:34.000000000","message":"Done","commit_id":"ee4e68f10d5b9f987a4f812dc2a5adb32b1d7af1"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"3dc7fdda2c159e546d910f59fd9f03c73ac5e000","unresolved":false,"context_lines":[{"line_number":4131,"context_line":"        # Get a trust scoped token"},{"line_number":4132,"context_line":"        trust_scoped_token \u003d resp.headers.get(\u0027X-Subject-Token\u0027)"},{"line_number":4133,"context_line":"        headers \u003d {\u0027X-Subject-Token\u0027: trust_scoped_token}"},{"line_number":4134,"context_line":"        # Validate a trust scoped token. This should return a 200 but for some"},{"line_number":4135,"context_line":"        # reason this returns a 401 saying that the trustee doesn\u0027t have access"},{"line_number":4136,"context_line":"        # to the project referenced in the trust. This 401 is raised by"},{"line_number":4137,"context_line":"        # _populate_roles in _populate_roles in"}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_3dffb5ac","line":4134,"updated":"2015-02-18 21:05:28.000000000","message":"Is this something that has to be fixed before merge? If it\u0027s a bug we should get a bug reference in here.","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"cbcb07182fd56dd4fed8761cd15127126ed05ac6","unresolved":false,"context_lines":[{"line_number":4131,"context_line":"        # Get a trust scoped token"},{"line_number":4132,"context_line":"        trust_scoped_token \u003d resp.headers.get(\u0027X-Subject-Token\u0027)"},{"line_number":4133,"context_line":"        headers \u003d {\u0027X-Subject-Token\u0027: trust_scoped_token}"},{"line_number":4134,"context_line":"        # Validate a trust scoped token. This should return a 200 but for some"},{"line_number":4135,"context_line":"        # reason this returns a 401 saying that the trustee doesn\u0027t have access"},{"line_number":4136,"context_line":"        # to the project referenced in the trust. This 401 is raised by"},{"line_number":4137,"context_line":"        # _populate_roles in _populate_roles in"}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_6288a522","line":4134,"in_reply_to":"da86d52c_3dffb5ac","updated":"2015-02-18 21:32:20.000000000","message":"fixed in the latest patch set, it was something with how the trust/scoping context was being built on validate, so I don\u0027t think it was an issue with our testing structure.","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"9572db6f712ebf8a96c96f295253970a256bf5fc","unresolved":false,"context_lines":[{"line_number":542,"context_line":"    \"\"\"Test token revoke using v3 Identity API by token owner and admin.\"\"\""},{"line_number":543,"context_line":"    def load_sample_data(self):"},{"line_number":544,"context_line":"        \"\"\"Load Sample Data for Test Cases."},{"line_number":545,"context_line":""},{"line_number":546,"context_line":"        Two domains, domainA and domainB"},{"line_number":547,"context_line":"        Two users in domainA, userNormalA and userAdminA"},{"line_number":548,"context_line":"        One user in domainB, userAdminB"}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_abc83f75","line":545,"updated":"2015-02-21 08:15:52.000000000","message":"nit: revert this white space change","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"c3374f8053d8ccbd66bdeadb1966bb083387ae32","unresolved":false,"context_lines":[{"line_number":542,"context_line":"    \"\"\"Test token revoke using v3 Identity API by token owner and admin.\"\"\""},{"line_number":543,"context_line":"    def load_sample_data(self):"},{"line_number":544,"context_line":"        \"\"\"Load Sample Data for Test Cases."},{"line_number":545,"context_line":""},{"line_number":546,"context_line":"        Two domains, domainA and domainB"},{"line_number":547,"context_line":"        Two users in domainA, userNormalA and userAdminA"},{"line_number":548,"context_line":"        One user in domainB, userAdminB"}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_29543820","line":545,"in_reply_to":"ba7be1f8_abc83f75","updated":"2015-02-23 16:26:51.000000000","message":"Done","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":13152,"name":"Jorge Munoz","email":"elkidster@gmail.com","username":"jmunoz"},"change_message_id":"b75abab2b6ae7ae6c574bdb0dfab001fddf24b01","unresolved":false,"context_lines":[{"line_number":4031,"context_line":""},{"line_number":4032,"context_line":""},{"line_number":4033,"context_line":"class TestKLWTokenProvider(test_v3.RestfulTestCase,"},{"line_number":4034,"context_line":"                           klwt.KeyRepositoryTestMixin):"},{"line_number":4035,"context_line":"    def setUp(self):"},{"line_number":4036,"context_line":"        super(TestKLWTokenProvider, self).setUp()"},{"line_number":4037,"context_line":"        self.setUpKeyRepository()"}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_a2ecbd90","line":4034,"updated":"2015-02-23 17:00:08.000000000","message":"Some negative test cases would be helpful to verify that an error is returned when  a token has been tampered with.","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"328ab66c0e6ab19213bd6282d6ec5a2762eca1cf","unresolved":false,"context_lines":[{"line_number":4031,"context_line":""},{"line_number":4032,"context_line":""},{"line_number":4033,"context_line":"class TestKLWTokenProvider(test_v3.RestfulTestCase,"},{"line_number":4034,"context_line":"                           klwt.KeyRepositoryTestMixin):"},{"line_number":4035,"context_line":"    def setUp(self):"},{"line_number":4036,"context_line":"        super(TestKLWTokenProvider, self).setUp()"},{"line_number":4037,"context_line":"        self.setUpKeyRepository()"}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_fd03b6b5","line":4034,"in_reply_to":"ba7be1f8_a2ecbd90","updated":"2015-02-23 17:20:03.000000000","message":"++ \n\nwe do have some unit tests that cover this in test_klwt_provider.py but I can add more functional tests here.","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"9572db6f712ebf8a96c96f295253970a256bf5fc","unresolved":false,"context_lines":[{"line_number":4040,"context_line":"        super(TestKLWTokenProvider, self).config_overrides()"},{"line_number":4041,"context_line":"        self.config_fixture.config("},{"line_number":4042,"context_line":"            group\u003d\u0027token\u0027,"},{"line_number":4043,"context_line":"            provider\u003d\u0027keystone.token.providers.klwt.Provider\u0027)"},{"line_number":4044,"context_line":""},{"line_number":4045,"context_line":"    def test_authenticate_for_unscoped_token(self):"},{"line_number":4046,"context_line":"        auth_data \u003d self.build_authentication_request("}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_eba157aa","line":4043,"updated":"2015-02-21 08:15:52.000000000","message":"note: the provider here is keystone.token.providers.klwt.Provider but in config.py it\u0027s still keystone.token.providers.ae.Provider\n\njust a heads up","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"c3374f8053d8ccbd66bdeadb1966bb083387ae32","unresolved":false,"context_lines":[{"line_number":4040,"context_line":"        super(TestKLWTokenProvider, self).config_overrides()"},{"line_number":4041,"context_line":"        self.config_fixture.config("},{"line_number":4042,"context_line":"            group\u003d\u0027token\u0027,"},{"line_number":4043,"context_line":"            provider\u003d\u0027keystone.token.providers.klwt.Provider\u0027)"},{"line_number":4044,"context_line":""},{"line_number":4045,"context_line":"    def test_authenticate_for_unscoped_token(self):"},{"line_number":4046,"context_line":"        auth_data \u003d self.build_authentication_request("}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_a9166853","line":4043,"in_reply_to":"ba7be1f8_eba157aa","updated":"2015-02-23 16:26:51.000000000","message":"Done","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"218e8ebb0cec074e76e133875c70a44474853487","unresolved":false,"context_lines":[{"line_number":4063,"context_line":"                           klwt.KeyRepositoryTestMixin):"},{"line_number":4064,"context_line":"    def setUp(self):"},{"line_number":4065,"context_line":"        super(TestKLWTokenProvider, self).setUp()"},{"line_number":4066,"context_line":"        self.setUpKeyRepository()"},{"line_number":4067,"context_line":""},{"line_number":4068,"context_line":"    def config_overrides(self):"},{"line_number":4069,"context_line":"        super(TestKLWTokenProvider, self).config_overrides()"}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_7943a86c","line":4066,"updated":"2015-02-27 02:16:18.000000000","message":"there should be a key repository fixture instead.","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"218e8ebb0cec074e76e133875c70a44474853487","unresolved":false,"context_lines":[{"line_number":4077,"context_line":"            password\u003dself.user[\u0027password\u0027])"},{"line_number":4078,"context_line":"        resp \u003d self.post(\u0027/auth/tokens\u0027, body\u003dauth_data, expected_status\u003d201)"},{"line_number":4079,"context_line":"        unscoped_token \u003d resp.headers.get(\u0027X-Subject-Token\u0027)"},{"line_number":4080,"context_line":"        self.assertTrue(unscoped_token.startswith(\u0027KLWT00\u0027))"},{"line_number":4081,"context_line":"        self.assertLess(len(unscoped_token), 255)"},{"line_number":4082,"context_line":""},{"line_number":4083,"context_line":"    def test_validate_unscoped_token(self):"}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_19546c20","line":4080,"updated":"2015-02-27 02:16:18.000000000","message":"use StartsWith matcher instead: https://github.com/testing-cabal/testtools/blob/master/testtools/matchers/__init__.py#L54\n\nThis applies throughout these changes (see line 4089)\n\nAlso, could create the matcher once and use it multiple times.","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"7672022959e8deac99c2937ec154c2b5a102358d","unresolved":false,"context_lines":[{"line_number":4077,"context_line":"            password\u003dself.user[\u0027password\u0027])"},{"line_number":4078,"context_line":"        resp \u003d self.post(\u0027/auth/tokens\u0027, body\u003dauth_data, expected_status\u003d201)"},{"line_number":4079,"context_line":"        unscoped_token \u003d resp.headers.get(\u0027X-Subject-Token\u0027)"},{"line_number":4080,"context_line":"        self.assertTrue(unscoped_token.startswith(\u0027KLWT00\u0027))"},{"line_number":4081,"context_line":"        self.assertLess(len(unscoped_token), 255)"},{"line_number":4082,"context_line":""},{"line_number":4083,"context_line":"    def test_validate_unscoped_token(self):"}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_55e68745","line":4080,"in_reply_to":"ba7be1f8_19546c20","updated":"2015-02-27 16:08:51.000000000","message":"Done","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"b0990a7c69fd139c4e9df06244a70b945a655775","unresolved":false,"context_lines":[{"line_number":4064,"context_line":"    def setUp(self):"},{"line_number":4065,"context_line":"        super(TestKLWTokenProvider, self).setUp()"},{"line_number":4066,"context_line":"        self.setUpKeyRepository()"},{"line_number":4067,"context_line":"        self.standard_matcher \u003d matchers.StartsWith(\u0027KLWT00\u0027)"},{"line_number":4068,"context_line":"        self.trust_matcher \u003d matchers.StartsWith(\u0027KLWT01\u0027)"},{"line_number":4069,"context_line":""},{"line_number":4070,"context_line":"    def config_overrides(self):"}],"source_content_type":"text/x-python","patch_set":33,"id":"ba7be1f8_f80ba121","line":4067,"updated":"2015-03-02 19:24:45.000000000","message":"This is sorta funny. The point of using the matchers is that the test reads more like natural language.\n\n    self.assertThat(unscoped_token, matchers.StartsWith(something))","commit_id":"93e17709ac0bc913a5243634d0b064947e344cce"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"b6ad1cff5cbbc9cc5c41dcdef84d8ef2fdefa605","unresolved":false,"context_lines":[{"line_number":4064,"context_line":"    def setUp(self):"},{"line_number":4065,"context_line":"        super(TestKLWTokenProvider, self).setUp()"},{"line_number":4066,"context_line":"        self.setUpKeyRepository()"},{"line_number":4067,"context_line":"        self.standard_matcher \u003d matchers.StartsWith(\u0027KLWT00\u0027)"},{"line_number":4068,"context_line":"        self.trust_matcher \u003d matchers.StartsWith(\u0027KLWT01\u0027)"},{"line_number":4069,"context_line":""},{"line_number":4070,"context_line":"    def config_overrides(self):"}],"source_content_type":"text/x-python","patch_set":33,"id":"ba7be1f8_2cb17b8f","line":4067,"in_reply_to":"ba7be1f8_f80ba121","updated":"2015-03-02 21:26:56.000000000","message":"Done","commit_id":"93e17709ac0bc913a5243634d0b064947e344cce"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"b0990a7c69fd139c4e9df06244a70b945a655775","unresolved":false,"context_lines":[{"line_number":4079,"context_line":"            password\u003dself.user[\u0027password\u0027])"},{"line_number":4080,"context_line":"        resp \u003d self.post(\u0027/auth/tokens\u0027, body\u003dauth_data, expected_status\u003d201)"},{"line_number":4081,"context_line":"        unscoped_token \u003d resp.headers.get(\u0027X-Subject-Token\u0027)"},{"line_number":4082,"context_line":"        self.assertTrue(unscoped_token, self.standard_matcher)"},{"line_number":4083,"context_line":"        self.assertLess(len(unscoped_token), 255)"},{"line_number":4084,"context_line":""},{"line_number":4085,"context_line":"    def test_validate_unscoped_token(self):"}],"source_content_type":"text/x-python","patch_set":33,"id":"ba7be1f8_f859e135","line":4082,"updated":"2015-03-02 19:24:45.000000000","message":"assertTrue is defined as taking an expression as the first arg and a message as the second.","commit_id":"93e17709ac0bc913a5243634d0b064947e344cce"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"b6ad1cff5cbbc9cc5c41dcdef84d8ef2fdefa605","unresolved":false,"context_lines":[{"line_number":4079,"context_line":"            password\u003dself.user[\u0027password\u0027])"},{"line_number":4080,"context_line":"        resp \u003d self.post(\u0027/auth/tokens\u0027, body\u003dauth_data, expected_status\u003d201)"},{"line_number":4081,"context_line":"        unscoped_token \u003d resp.headers.get(\u0027X-Subject-Token\u0027)"},{"line_number":4082,"context_line":"        self.assertTrue(unscoped_token, self.standard_matcher)"},{"line_number":4083,"context_line":"        self.assertLess(len(unscoped_token), 255)"},{"line_number":4084,"context_line":""},{"line_number":4085,"context_line":"    def test_validate_unscoped_token(self):"}],"source_content_type":"text/x-python","patch_set":33,"id":"ba7be1f8_4caeaf2f","line":4082,"in_reply_to":"ba7be1f8_1ef93d80","updated":"2015-03-02 21:26:56.000000000","message":"Done","commit_id":"93e17709ac0bc913a5243634d0b064947e344cce"},{"author":{"_account_id":4,"name":"Dolph Mathews","email":"dolph.mathews@gmail.com","username":"dolph"},"change_message_id":"61a3c46cee4fd6ffde2d22574f3bdbbd35c03444","unresolved":false,"context_lines":[{"line_number":4079,"context_line":"            password\u003dself.user[\u0027password\u0027])"},{"line_number":4080,"context_line":"        resp \u003d self.post(\u0027/auth/tokens\u0027, body\u003dauth_data, expected_status\u003d201)"},{"line_number":4081,"context_line":"        unscoped_token \u003d resp.headers.get(\u0027X-Subject-Token\u0027)"},{"line_number":4082,"context_line":"        self.assertTrue(unscoped_token, self.standard_matcher)"},{"line_number":4083,"context_line":"        self.assertLess(len(unscoped_token), 255)"},{"line_number":4084,"context_line":""},{"line_number":4085,"context_line":"    def test_validate_unscoped_token(self):"}],"source_content_type":"text/x-python","patch_set":33,"id":"ba7be1f8_1ef93d80","line":4082,"in_reply_to":"ba7be1f8_f859e135","updated":"2015-03-02 20:22:53.000000000","message":"s/assertTrue/assertThat/","commit_id":"93e17709ac0bc913a5243634d0b064947e344cce"},{"author":{"_account_id":4,"name":"Dolph Mathews","email":"dolph.mathews@gmail.com","username":"dolph"},"change_message_id":"61a3c46cee4fd6ffde2d22574f3bdbbd35c03444","unresolved":false,"context_lines":[{"line_number":4088,"context_line":"            password\u003dself.user[\u0027password\u0027])"},{"line_number":4089,"context_line":"        resp \u003d self.post(\u0027/auth/tokens\u0027, body\u003dauth_data)"},{"line_number":4090,"context_line":"        unscoped_token \u003d resp.headers.get(\u0027X-Subject-Token\u0027)"},{"line_number":4091,"context_line":"        self.assertTrue(unscoped_token, self.standard_matcher)"},{"line_number":4092,"context_line":"        headers \u003d {\u0027X-Subject-Token\u0027: unscoped_token}"},{"line_number":4093,"context_line":"        self.get(\u0027/auth/tokens\u0027, headers\u003dheaders, expected_status\u003d200)"},{"line_number":4094,"context_line":""}],"source_content_type":"text/x-python","patch_set":33,"id":"ba7be1f8_de32455d","line":4091,"updated":"2015-03-02 20:22:53.000000000","message":"several instances of that","commit_id":"93e17709ac0bc913a5243634d0b064947e344cce"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"b6ad1cff5cbbc9cc5c41dcdef84d8ef2fdefa605","unresolved":false,"context_lines":[{"line_number":4088,"context_line":"            password\u003dself.user[\u0027password\u0027])"},{"line_number":4089,"context_line":"        resp \u003d self.post(\u0027/auth/tokens\u0027, body\u003dauth_data)"},{"line_number":4090,"context_line":"        unscoped_token \u003d resp.headers.get(\u0027X-Subject-Token\u0027)"},{"line_number":4091,"context_line":"        self.assertTrue(unscoped_token, self.standard_matcher)"},{"line_number":4092,"context_line":"        headers \u003d {\u0027X-Subject-Token\u0027: unscoped_token}"},{"line_number":4093,"context_line":"        self.get(\u0027/auth/tokens\u0027, headers\u003dheaders, expected_status\u003d200)"},{"line_number":4094,"context_line":""}],"source_content_type":"text/x-python","patch_set":33,"id":"ba7be1f8_6ca7f350","line":4091,"in_reply_to":"ba7be1f8_de32455d","updated":"2015-03-02 21:26:56.000000000","message":"Done","commit_id":"93e17709ac0bc913a5243634d0b064947e344cce"}],"keystone/tests/unit/token/test_ae_token_provider.py":[{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"589321917ac05a9f47b17be89ff928c8cbc38730","unresolved":false,"context_lines":[{"line_number":13,"context_line":"import base64"},{"line_number":14,"context_line":"import uuid"},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"from oslo.utils import timeutils"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"from keystone import exception"},{"line_number":19,"context_line":"from keystone import tests"}],"source_content_type":"text/x-python","patch_set":2,"id":"da86d52c_ee386e3f","line":16,"updated":"2015-02-09 21:43:58.000000000","message":"use oslo_utils","commit_id":"8fff2ca452c5b6affd3e5d4bdd06e56fb2a39f37"},{"author":{"_account_id":4,"name":"Dolph Mathews","email":"dolph.mathews@gmail.com","username":"dolph"},"change_message_id":"e1202525618b2bc03980aa7246564e8d9070ae94","unresolved":false,"context_lines":[{"line_number":54,"context_line":""},{"line_number":55,"context_line":"    def test_uuid_hex_to_byte_conversions(self):"},{"line_number":56,"context_line":"        expected_hex_uuid \u003d uuid.uuid4().hex"},{"line_number":57,"context_line":"        uuid_obj \u003d uuid.UUID(\u0027{\u0027 + expected_uuid_in_bytes+ \u0027}\u0027)"},{"line_number":58,"context_line":"        expected_uuid_in_bytes \u003d uuid_obj.bytes"},{"line_number":59,"context_line":"        actual_uuid_in_bytes \u003d self.formatter._convert_uuid_hex_to_bytes("},{"line_number":60,"context_line":"                hex_uuid)"}],"source_content_type":"text/x-python","patch_set":2,"id":"da86d52c_9eb396e8","line":57,"updated":"2015-02-10 17:33:36.000000000","message":"missing a space before the second +","commit_id":"8fff2ca452c5b6affd3e5d4bdd06e56fb2a39f37"}],"keystone/tests/unit/token/test_klwt_provider.py":[{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"3dc7fdda2c159e546d910f59fd9f03c73ac5e000","unresolved":false,"context_lines":[{"line_number":29,"context_line":""},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"class KeyRepositoryTestMixin(object):"},{"line_number":32,"context_line":"    def setUpKeyRepository(self, purpose\u003d\u0027crypt\u0027):"},{"line_number":33,"context_line":"        directory \u003d tempfile.mkdtemp()"},{"line_number":34,"context_line":"        self.addCleanup(shutil.rmtree, directory)"},{"line_number":35,"context_line":"        self.config_fixture.config(group\u003d\u0027klw_tokens\u0027,"}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_5d16294a","line":32,"updated":"2015-02-18 21:05:28.000000000","message":"I was going to ask why this wasn\u0027t just a setUp method so that it didn\u0027t need to be explicitly called, but it\u0027s likely the \u0027purpose\u0027 kwarg. Is that used yet?","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"cbcb07182fd56dd4fed8761cd15127126ed05ac6","unresolved":false,"context_lines":[{"line_number":29,"context_line":""},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"class KeyRepositoryTestMixin(object):"},{"line_number":32,"context_line":"    def setUpKeyRepository(self, purpose\u003d\u0027crypt\u0027):"},{"line_number":33,"context_line":"        directory \u003d tempfile.mkdtemp()"},{"line_number":34,"context_line":"        self.addCleanup(shutil.rmtree, directory)"},{"line_number":35,"context_line":"        self.config_fixture.config(group\u003d\u0027klw_tokens\u0027,"}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_22a94d7c","line":32,"in_reply_to":"da86d52c_5d16294a","updated":"2015-02-18 21:32:20.000000000","message":"yeah, we have to use the purpose kwarg each time we set up a new test class.","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":2903,"name":"Morgan Fainberg","email":"morgan.fainberg@gmail.com","username":"mdrnstm"},"change_message_id":"feaebc4dfb2bfe487cd682a5e5f30bc5c2cd0828","unresolved":false,"context_lines":[{"line_number":204,"context_line":"        super(TestStandardTokenFormatter, self).setUp()"},{"line_number":205,"context_line":""},{"line_number":206,"context_line":"        class HandRolledCrypto(object):"},{"line_number":207,"context_line":"            \"\"\"Hold my beer and watch this.\"\"\""},{"line_number":208,"context_line":"            def encrypt(self, plaintext):"},{"line_number":209,"context_line":"                \"\"\"Adds security by obscurity.\"\"\""},{"line_number":210,"context_line":"                checksum \u003d hashlib.md5(plaintext).hexdigest()"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_3c1ced69","line":207,"updated":"2015-02-26 06:59:03.000000000","message":"I..","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":2903,"name":"Morgan Fainberg","email":"morgan.fainberg@gmail.com","username":"mdrnstm"},"change_message_id":"feaebc4dfb2bfe487cd682a5e5f30bc5c2cd0828","unresolved":false,"context_lines":[{"line_number":206,"context_line":"        class HandRolledCrypto(object):"},{"line_number":207,"context_line":"            \"\"\"Hold my beer and watch this.\"\"\""},{"line_number":208,"context_line":"            def encrypt(self, plaintext):"},{"line_number":209,"context_line":"                \"\"\"Adds security by obscurity.\"\"\""},{"line_number":210,"context_line":"                checksum \u003d hashlib.md5(plaintext).hexdigest()"},{"line_number":211,"context_line":"                return \u0027%s-%s\u0027 % (plaintext[::-1], checksum)"},{"line_number":212,"context_line":""}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_7c290589","line":209,"updated":"2015-02-26 06:59:03.000000000","message":"ROT 26 it!","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"218e8ebb0cec074e76e133875c70a44474853487","unresolved":false,"context_lines":[{"line_number":30,"context_line":"CONF \u003d config.CONF"},{"line_number":31,"context_line":""},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"class KeyRepositoryTestMixin(object):"},{"line_number":34,"context_line":"    def setUpKeyRepository(self):"},{"line_number":35,"context_line":"        directory \u003d tempfile.mkdtemp()"},{"line_number":36,"context_line":"        self.addCleanup(shutil.rmtree, directory)"}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_d907341c","line":33,"updated":"2015-02-27 02:16:18.000000000","message":"Change this to a fixture.","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"218e8ebb0cec074e76e133875c70a44474853487","unresolved":false,"context_lines":[{"line_number":32,"context_line":""},{"line_number":33,"context_line":"class KeyRepositoryTestMixin(object):"},{"line_number":34,"context_line":"    def setUpKeyRepository(self):"},{"line_number":35,"context_line":"        directory \u003d tempfile.mkdtemp()"},{"line_number":36,"context_line":"        self.addCleanup(shutil.rmtree, directory)"},{"line_number":37,"context_line":"        self.config_fixture.config(group\u003d\u0027klw_tokens\u0027,"},{"line_number":38,"context_line":"                                   key_repository\u003ddirectory)"}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_3425b5ae","line":35,"updated":"2015-02-27 02:16:18.000000000","message":"fixtures provides a TempDir fixture which should be able to be used here.","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"218e8ebb0cec074e76e133875c70a44474853487","unresolved":false,"context_lines":[{"line_number":200,"context_line":""},{"line_number":201,"context_line":"class TestCustomTokenFormatter(TestStandardTokenFormatter):"},{"line_number":202,"context_line":"    def setUp(self):"},{"line_number":203,"context_line":"        # explicitly bypass our own parent\u0027s setup method"},{"line_number":204,"context_line":"        super(TestStandardTokenFormatter, self).setUp()"},{"line_number":205,"context_line":""},{"line_number":206,"context_line":"        class HandRolledCrypto(object):"}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_b46605ed","line":203,"updated":"2015-02-27 02:16:18.000000000","message":"this should say why this is being done rather than what is being done.","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"7672022959e8deac99c2937ec154c2b5a102358d","unresolved":false,"context_lines":[{"line_number":200,"context_line":""},{"line_number":201,"context_line":"class TestCustomTokenFormatter(TestStandardTokenFormatter):"},{"line_number":202,"context_line":"    def setUp(self):"},{"line_number":203,"context_line":"        # explicitly bypass our own parent\u0027s setup method"},{"line_number":204,"context_line":"        super(TestStandardTokenFormatter, self).setUp()"},{"line_number":205,"context_line":""},{"line_number":206,"context_line":"        class HandRolledCrypto(object):"}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_b56263ab","line":203,"in_reply_to":"ba7be1f8_b46605ed","updated":"2015-02-27 16:08:51.000000000","message":"Done","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"}],"keystone/token/provider.py":[{"author":{"_account_id":1916,"name":"Guang Yee","email":"gyee@suse.com","username":"guang-yee"},"change_message_id":"0a49f1f524f2a14ad408d36ec193ceb7c8595855","unresolved":false,"context_lines":[{"line_number":274,"context_line":"        # token_id, so in this case set the token_ref as the identifier of the"},{"line_number":275,"context_line":"        # token."},{"line_number":276,"context_line":"        ae_provider_str \u003d \u0027keystone.token.providers.ae.Provider\u0027  # FIXME"},{"line_number":277,"context_line":"        using_ae_tokens \u003d (CONF.token.provider \u003d\u003d ae_provider_str)  # FIXME"},{"line_number":278,"context_line":"        if using_ae_tokens:"},{"line_number":279,"context_line":"            # NOTE(morganfainberg): Ensure we never use the long-form token_id"},{"line_number":280,"context_line":"            # (PKI) as part of the cache_key."}],"source_content_type":"text/x-python","patch_set":4,"id":"da86d52c_69d21c5d","line":277,"updated":"2015-02-12 19:42:36.000000000","message":"yeah, may want to wait for this one\n\nhttps://review.openstack.org/#/c/150629/\n\nDavid\u0027s in the process of refactoring token provider interface I think.","commit_id":"6fb2816ce2734fb89bed66b0680ceb5800d99cd5"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"28f7c69fe37b4cf76165592e9be41606d4fdc6c2","unresolved":false,"context_lines":[{"line_number":274,"context_line":"        # token_id, so in this case set the token_ref as the identifier of the"},{"line_number":275,"context_line":"        # token."},{"line_number":276,"context_line":"        ae_provider_str \u003d \u0027keystone.token.providers.ae.Provider\u0027  # FIXME"},{"line_number":277,"context_line":"        using_ae_tokens \u003d (CONF.token.provider \u003d\u003d ae_provider_str)  # FIXME"},{"line_number":278,"context_line":"        if using_ae_tokens:"},{"line_number":279,"context_line":"            # NOTE(morganfainberg): Ensure we never use the long-form token_id"},{"line_number":280,"context_line":"            # (PKI) as part of the cache_key."}],"source_content_type":"text/x-python","patch_set":4,"id":"da86d52c_3c4224ab","line":277,"in_reply_to":"da86d52c_69d21c5d","updated":"2015-02-12 20:15:10.000000000","message":"Yep, I don\u0027t see this patch merging before David\u0027s and I expect we\u0027ll resolve what ever conflicts happen.","commit_id":"6fb2816ce2734fb89bed66b0680ceb5800d99cd5"},{"author":{"_account_id":1916,"name":"Guang Yee","email":"gyee@suse.com","username":"guang-yee"},"change_message_id":"0a49f1f524f2a14ad408d36ec193ceb7c8595855","unresolved":false,"context_lines":[{"line_number":324,"context_line":"                        expiration_time\u003dEXPIRATION_TIME)"},{"line_number":325,"context_line":"    def _validate_token(self, token_id):"},{"line_number":326,"context_line":"        ae_provider_str \u003d \u0027keystone.token.providers.ae.Provider\u0027"},{"line_number":327,"context_line":"        using_ae_tokens \u003d (CONF.token.provider \u003d\u003d ae_provider_str)"},{"line_number":328,"context_line":"        if using_ae_tokens:"},{"line_number":329,"context_line":"            return self.driver.validate_v3_token(token_id)"},{"line_number":330,"context_line":""}],"source_content_type":"text/x-python","patch_set":4,"id":"da86d52c_49b71821","line":327,"updated":"2015-02-12 19:42:36.000000000","message":"need refactor, same as above","commit_id":"6fb2816ce2734fb89bed66b0680ceb5800d99cd5"},{"author":{"_account_id":1916,"name":"Guang Yee","email":"gyee@suse.com","username":"guang-yee"},"change_message_id":"0a49f1f524f2a14ad408d36ec193ceb7c8595855","unresolved":false,"context_lines":[{"line_number":439,"context_line":"                    trust_id\u003dtrust[\u0027id\u0027] if trust else None,"},{"line_number":440,"context_line":"                    token_version\u003dself.V3)"},{"line_number":441,"context_line":"        ae_provider_str \u003d \u0027keystone.token.providers.ae.Provider\u0027"},{"line_number":442,"context_line":"        using_ae_tokens \u003d (CONF.token.provider \u003d\u003d ae_provider_str)"},{"line_number":443,"context_line":"        if not using_ae_tokens:"},{"line_number":444,"context_line":"            self._create_token(token_id, data)"},{"line_number":445,"context_line":"        return token_id, token_data"}],"source_content_type":"text/x-python","patch_set":4,"id":"da86d52c_69393ca3","line":442,"updated":"2015-02-12 19:42:36.000000000","message":"^^^","commit_id":"6fb2816ce2734fb89bed66b0680ceb5800d99cd5"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"9572db6f712ebf8a96c96f295253970a256bf5fc","unresolved":false,"context_lines":[{"line_number":274,"context_line":"        klwt_provider_str \u003d \u0027keystone.token.providers.klwt.Provider\u0027  # FIXME"},{"line_number":275,"context_line":"        using_klwt \u003d (CONF.token.provider \u003d\u003d klwt_provider_str)  # FIXME"},{"line_number":276,"context_line":"        if using_klwt:"},{"line_number":277,"context_line":"            # NOTE(morganfainberg): Ensure we never use the long-form token_id"},{"line_number":278,"context_line":"            # (PKI) as part of the cache_key."},{"line_number":279,"context_line":"            token_ref \u003d token_id"},{"line_number":280,"context_line":"        else:"}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_2bac4fa0","line":277,"updated":"2015-02-21 08:15:52.000000000","message":"this comment should probably stay in the else block","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"c3374f8053d8ccbd66bdeadb1966bb083387ae32","unresolved":false,"context_lines":[{"line_number":274,"context_line":"        klwt_provider_str \u003d \u0027keystone.token.providers.klwt.Provider\u0027  # FIXME"},{"line_number":275,"context_line":"        using_klwt \u003d (CONF.token.provider \u003d\u003d klwt_provider_str)  # FIXME"},{"line_number":276,"context_line":"        if using_klwt:"},{"line_number":277,"context_line":"            # NOTE(morganfainberg): Ensure we never use the long-form token_id"},{"line_number":278,"context_line":"            # (PKI) as part of the cache_key."},{"line_number":279,"context_line":"            token_ref \u003d token_id"},{"line_number":280,"context_line":"        else:"}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_8c0a921f","line":277,"in_reply_to":"ba7be1f8_2bac4fa0","updated":"2015-02-23 16:26:51.000000000","message":"Done","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"9572db6f712ebf8a96c96f295253970a256bf5fc","unresolved":false,"context_lines":[{"line_number":321,"context_line":"    @cache.on_arguments(should_cache_fn\u003dSHOULD_CACHE,"},{"line_number":322,"context_line":"                        expiration_time\u003dEXPIRATION_TIME)"},{"line_number":323,"context_line":"    def _validate_token(self, token_id):"},{"line_number":324,"context_line":"        klwt_provider_str \u003d \u0027keystone.token.providers.klwt.Provider\u0027"},{"line_number":325,"context_line":"        using_klwt \u003d (CONF.token.provider \u003d\u003d klwt_provider_str)"},{"line_number":326,"context_line":"        if using_klwt:"},{"line_number":327,"context_line":"            return self.driver.validate_v3_token(token_id)"}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_ab9f5f5e","line":324,"updated":"2015-02-21 08:15:52.000000000","message":"this is the second time i\u0027m seeing roughly the same code to determine if it\u0027s using KWLT, consider creating a helper function?","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"40705af75f1cc13803ee56bf0394b184d8277c27","unresolved":false,"context_lines":[{"line_number":321,"context_line":"    @cache.on_arguments(should_cache_fn\u003dSHOULD_CACHE,"},{"line_number":322,"context_line":"                        expiration_time\u003dEXPIRATION_TIME)"},{"line_number":323,"context_line":"    def _validate_token(self, token_id):"},{"line_number":324,"context_line":"        klwt_provider_str \u003d \u0027keystone.token.providers.klwt.Provider\u0027"},{"line_number":325,"context_line":"        using_klwt \u003d (CONF.token.provider \u003d\u003d klwt_provider_str)"},{"line_number":326,"context_line":"        if using_klwt:"},{"line_number":327,"context_line":"            return self.driver.validate_v3_token(token_id)"}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_4296a1f1","line":324,"in_reply_to":"ba7be1f8_6ca55eb4","updated":"2015-02-23 17:01:30.000000000","message":"attempted to do this with a new property method.","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"c3374f8053d8ccbd66bdeadb1966bb083387ae32","unresolved":false,"context_lines":[{"line_number":321,"context_line":"    @cache.on_arguments(should_cache_fn\u003dSHOULD_CACHE,"},{"line_number":322,"context_line":"                        expiration_time\u003dEXPIRATION_TIME)"},{"line_number":323,"context_line":"    def _validate_token(self, token_id):"},{"line_number":324,"context_line":"        klwt_provider_str \u003d \u0027keystone.token.providers.klwt.Provider\u0027"},{"line_number":325,"context_line":"        using_klwt \u003d (CONF.token.provider \u003d\u003d klwt_provider_str)"},{"line_number":326,"context_line":"        if using_klwt:"},{"line_number":327,"context_line":"            return self.driver.validate_v3_token(token_id)"}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_6ca55eb4","line":324,"in_reply_to":"ba7be1f8_ab9f5f5e","updated":"2015-02-23 16:26:51.000000000","message":"Agreed, I tried throwing this in __init__() but ended up hitting import races. I\u0027ll see if I can get something better up.","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"9572db6f712ebf8a96c96f295253970a256bf5fc","unresolved":false,"context_lines":[{"line_number":436,"context_line":"                    token_data\u003dtoken_data,"},{"line_number":437,"context_line":"                    trust_id\u003dtrust[\u0027id\u0027] if trust else None,"},{"line_number":438,"context_line":"                    token_version\u003dself.V3)"},{"line_number":439,"context_line":"        klwt_provider_str \u003d \u0027keystone.token.providers.klwt.Provider\u0027"},{"line_number":440,"context_line":"        using_klwt \u003d (CONF.token.provider \u003d\u003d klwt_provider_str)"},{"line_number":441,"context_line":"        if not using_klwt:"},{"line_number":442,"context_line":"            self._create_token(token_id, data)"}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_cb9c936c","line":439,"updated":"2015-02-21 08:15:52.000000000","message":"3rd time now","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"c3374f8053d8ccbd66bdeadb1966bb083387ae32","unresolved":false,"context_lines":[{"line_number":436,"context_line":"                    token_data\u003dtoken_data,"},{"line_number":437,"context_line":"                    trust_id\u003dtrust[\u0027id\u0027] if trust else None,"},{"line_number":438,"context_line":"                    token_version\u003dself.V3)"},{"line_number":439,"context_line":"        klwt_provider_str \u003d \u0027keystone.token.providers.klwt.Provider\u0027"},{"line_number":440,"context_line":"        using_klwt \u003d (CONF.token.provider \u003d\u003d klwt_provider_str)"},{"line_number":441,"context_line":"        if not using_klwt:"},{"line_number":442,"context_line":"            self._create_token(token_id, data)"}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_cc956a41","line":439,"in_reply_to":"ba7be1f8_cb9c936c","updated":"2015-02-23 16:26:51.000000000","message":"same as above.","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":2903,"name":"Morgan Fainberg","email":"morgan.fainberg@gmail.com","username":"mdrnstm"},"change_message_id":"6def87bcdd2ccca18fcdb1190c68fddbd286e6f5","unresolved":false,"context_lines":[{"line_number":140,"context_line":""},{"line_number":141,"context_line":"    @property"},{"line_number":142,"context_line":"    def _needs_persistence(self):"},{"line_number":143,"context_line":"        klwt_provider_str \u003d \u0027keystone.token.providers.klwt.Provider\u0027"},{"line_number":144,"context_line":"        using_klwt \u003d (CONF.token.provider \u003d\u003d klwt_provider_str)"},{"line_number":145,"context_line":"        needs_persistence \u003d not using_klwt"},{"line_number":146,"context_line":"        return needs_persistence"}],"source_content_type":"text/x-python","patch_set":22,"id":"ba7be1f8_a7938159","line":143,"updated":"2015-02-25 17:52:52.000000000","message":"Don\u0027t do explicit string checks. This is not making this any more correct than the previous one. make the klwt provider aware of if it needs persistence then ask:\n\nself.driver.needs_persistence [\u003c-- this should return true/false]\n\nAs it stands you\u0027re still locking klwt as the only non-persistent provider.","commit_id":"431330194f0bd1d1bcbf4361ec1a9705b8c6e13f"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"cb409935cce3f48bf2d125c717909bd60f0dd033","unresolved":false,"context_lines":[{"line_number":140,"context_line":""},{"line_number":141,"context_line":"    @property"},{"line_number":142,"context_line":"    def _needs_persistence(self):"},{"line_number":143,"context_line":"        klwt_provider_str \u003d \u0027keystone.token.providers.klwt.Provider\u0027"},{"line_number":144,"context_line":"        using_klwt \u003d (CONF.token.provider \u003d\u003d klwt_provider_str)"},{"line_number":145,"context_line":"        needs_persistence \u003d not using_klwt"},{"line_number":146,"context_line":"        return needs_persistence"}],"source_content_type":"text/x-python","patch_set":22,"id":"ba7be1f8_2032175f","line":143,"in_reply_to":"ba7be1f8_a7938159","updated":"2015-02-25 19:12:30.000000000","message":"Done","commit_id":"431330194f0bd1d1bcbf4361ec1a9705b8c6e13f"},{"author":{"_account_id":2903,"name":"Morgan Fainberg","email":"morgan.fainberg@gmail.com","username":"mdrnstm"},"change_message_id":"feaebc4dfb2bfe487cd682a5e5f30bc5c2cd0828","unresolved":false,"context_lines":[{"line_number":140,"context_line":""},{"line_number":141,"context_line":"    @property"},{"line_number":142,"context_line":"    def _needs_persistence(self):"},{"line_number":143,"context_line":"        return self.driver.needs_persistence()"},{"line_number":144,"context_line":""},{"line_number":145,"context_line":"    @property"},{"line_number":146,"context_line":"    def _persistence(self):"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_1c3809d2","line":143,"updated":"2015-02-26 06:59:03.000000000","message":"This could have been a change unto itself to aid in reviewability.","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"fc1b18cb392b67f389d6b291d1700dfb5d6e5e5a","unresolved":false,"context_lines":[{"line_number":140,"context_line":""},{"line_number":141,"context_line":"    @property"},{"line_number":142,"context_line":"    def _needs_persistence(self):"},{"line_number":143,"context_line":"        return self.driver.needs_persistence()"},{"line_number":144,"context_line":""},{"line_number":145,"context_line":"    @property"},{"line_number":146,"context_line":"    def _persistence(self):"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_379ebb63","line":143,"in_reply_to":"ba7be1f8_1c3809d2","updated":"2015-02-26 12:41:32.000000000","message":"I can push a patch.","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":11045,"name":"Bob Thyne","email":"bob.thyne@hp.com","username":"bobt"},"change_message_id":"a32a56f61e4cf80843e69dc557941bb8a3fcd86f","unresolved":false,"context_lines":[{"line_number":507,"context_line":"    def needs_persistence(self):"},{"line_number":508,"context_line":"        \"\"\"Determine if the token should be persisted."},{"line_number":509,"context_line":""},{"line_number":510,"context_line":"        If the token provider requires that the token be presisted to a"},{"line_number":511,"context_line":"        backend this should return True, otherwise return False."},{"line_number":512,"context_line":""},{"line_number":513,"context_line":"        \"\"\""}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_812e5e8a","line":510,"updated":"2015-02-25 23:41:05.000000000","message":"s/presisted/persisted","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"fc1b18cb392b67f389d6b291d1700dfb5d6e5e5a","unresolved":false,"context_lines":[{"line_number":507,"context_line":"    def needs_persistence(self):"},{"line_number":508,"context_line":"        \"\"\"Determine if the token should be persisted."},{"line_number":509,"context_line":""},{"line_number":510,"context_line":"        If the token provider requires that the token be presisted to a"},{"line_number":511,"context_line":"        backend this should return True, otherwise return False."},{"line_number":512,"context_line":""},{"line_number":513,"context_line":"        \"\"\""}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_f77ee317","line":510,"in_reply_to":"ba7be1f8_812e5e8a","updated":"2015-02-26 12:41:32.000000000","message":"Done","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":1916,"name":"Guang Yee","email":"gyee@suse.com","username":"guang-yee"},"change_message_id":"96712b83f7298934b9518c303248123d54f6969c","unresolved":false,"context_lines":[{"line_number":511,"context_line":"        backend this should return True, otherwise return False."},{"line_number":512,"context_line":""},{"line_number":513,"context_line":"        \"\"\""},{"line_number":514,"context_line":"        raise exception.NotImplemented()  # pragma: no cover"},{"line_number":515,"context_line":""},{"line_number":516,"context_line":"    @abc.abstractmethod"},{"line_number":517,"context_line":"    def get_token_version(self, token_data):"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_1e5ba0f6","line":514,"updated":"2015-02-26 06:47:58.000000000","message":"why can\u0027t we default it to True?","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":2903,"name":"Morgan Fainberg","email":"morgan.fainberg@gmail.com","username":"mdrnstm"},"change_message_id":"feaebc4dfb2bfe487cd682a5e5f30bc5c2cd0828","unresolved":false,"context_lines":[{"line_number":511,"context_line":"        backend this should return True, otherwise return False."},{"line_number":512,"context_line":""},{"line_number":513,"context_line":"        \"\"\""},{"line_number":514,"context_line":"        raise exception.NotImplemented()  # pragma: no cover"},{"line_number":515,"context_line":""},{"line_number":516,"context_line":"    @abc.abstractmethod"},{"line_number":517,"context_line":"    def get_token_version(self, token_data):"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_3c4a2d55","line":514,"in_reply_to":"ba7be1f8_1e5ba0f6","updated":"2015-02-26 06:59:03.000000000","message":"We can. But that is not the typical pattern we\u0027ve used for ABCMeta. In this case we could and remove the ABCMethod decorator. This shouldn\u0027t hold up the change [easy to modify later]","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"fc1b18cb392b67f389d6b291d1700dfb5d6e5e5a","unresolved":false,"context_lines":[{"line_number":511,"context_line":"        backend this should return True, otherwise return False."},{"line_number":512,"context_line":""},{"line_number":513,"context_line":"        \"\"\""},{"line_number":514,"context_line":"        raise exception.NotImplemented()  # pragma: no cover"},{"line_number":515,"context_line":""},{"line_number":516,"context_line":"    @abc.abstractmethod"},{"line_number":517,"context_line":"    def get_token_version(self, token_data):"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_57a7afa6","line":514,"in_reply_to":"ba7be1f8_3c4a2d55","updated":"2015-02-26 12:41:32.000000000","message":"I do like the fact this is consistent with the rest of the methods here.","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"218e8ebb0cec074e76e133875c70a44474853487","unresolved":false,"context_lines":[{"line_number":140,"context_line":""},{"line_number":141,"context_line":"    @property"},{"line_number":142,"context_line":"    def _needs_persistence(self):"},{"line_number":143,"context_line":"        return self.driver.needs_persistence()"},{"line_number":144,"context_line":""},{"line_number":145,"context_line":"    @property"},{"line_number":146,"context_line":"    def _persistence(self):"}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_94a901e2","line":143,"updated":"2015-02-27 02:16:18.000000000","message":"needs_persistence shouldn\u0027t need to be a method in the driver.","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"7672022959e8deac99c2937ec154c2b5a102358d","unresolved":false,"context_lines":[{"line_number":140,"context_line":""},{"line_number":141,"context_line":"    @property"},{"line_number":142,"context_line":"    def _needs_persistence(self):"},{"line_number":143,"context_line":"        return self.driver.needs_persistence()"},{"line_number":144,"context_line":""},{"line_number":145,"context_line":"    @property"},{"line_number":146,"context_line":"    def _persistence(self):"}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_35f593cb","line":143,"in_reply_to":"ba7be1f8_94a901e2","updated":"2015-02-27 16:08:51.000000000","message":"this was added per Morgan\u0027s request, maybe we can catch him in IRC.","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"}],"keystone/token/providers/ae/core.py":[{"author":{"_account_id":1916,"name":"Guang Yee","email":"gyee@suse.com","username":"guang-yee"},"change_message_id":"0a49f1f524f2a14ad408d36ec193ceb7c8595855","unresolved":false,"context_lines":[{"line_number":41,"context_line":"        :return: tuple containing the id of the token and the token data"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"        \"\"\""},{"line_number":44,"context_line":"        raise exception.NotImplemented()"},{"line_number":45,"context_line":""},{"line_number":46,"context_line":"    def issue_v3_token(self, user_id, method_names, expires_at\u003dNone,"},{"line_number":47,"context_line":"                       project_id\u003dNone, domain_id\u003dNone, auth_context\u003dNone,"}],"source_content_type":"text/x-python","patch_set":4,"id":"da86d52c_2953c4e2","line":44,"updated":"2015-02-12 19:42:36.000000000","message":"whaah, we don\u0027t support V2?!!!","commit_id":"6fb2816ce2734fb89bed66b0680ceb5800d99cd5"},{"author":{"_account_id":1916,"name":"Guang Yee","email":"gyee@suse.com","username":"guang-yee"},"change_message_id":"0a49f1f524f2a14ad408d36ec193ceb7c8595855","unresolved":false,"context_lines":[{"line_number":128,"context_line":"                        token_data) \u003d token_formatter.validate_token(token_str)"},{"line_number":129,"context_line":"                token_data \u003d self.v3_token_data_helper.get_token_data("},{"line_number":130,"context_line":"                    user_id,"},{"line_number":131,"context_line":"                    [\u0027password\u0027, \u0027token\u0027],"},{"line_number":132,"context_line":"                    {},"},{"line_number":133,"context_line":"                    project_id\u003dproject_id,"},{"line_number":134,"context_line":"                    expires\u003dtoken_data[\u0027token\u0027][\u0027expires_at\u0027],"}],"source_content_type":"text/x-python","patch_set":4,"id":"da86d52c_890af0cf","line":131,"updated":"2015-02-12 19:42:36.000000000","message":"why are we hardcoding the methods here? shouldn\u0027t they be baked into the AE token_id?","commit_id":"6fb2816ce2734fb89bed66b0680ceb5800d99cd5"}],"keystone/token/providers/ae/token_formatters.py":[{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"e9994c09cfa71c887932f50aa7bb2e5964725950","unresolved":false,"context_lines":[{"line_number":12,"context_line":""},{"line_number":13,"context_line":"import datetime"},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"from keyczar import keyczar"},{"line_number":16,"context_line":"import msgpack"},{"line_number":17,"context_line":"from oslo.utils import timeutils"},{"line_number":18,"context_line":""}],"source_content_type":"text/x-python","patch_set":1,"id":"3a961159_bd8564ae","line":15,"updated":"2015-01-06 21:13:40.000000000","message":"need to add this to global requirements","commit_id":"444d47e5cc30d2b0864e180195e9c8173aee51e9"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"ef2f7626ce7faf2908feae5b88b839be56c01de0","unresolved":false,"context_lines":[{"line_number":12,"context_line":""},{"line_number":13,"context_line":"import datetime"},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"from keyczar import keyczar"},{"line_number":16,"context_line":"import msgpack"},{"line_number":17,"context_line":"from oslo.utils import timeutils"},{"line_number":18,"context_line":""}],"source_content_type":"text/x-python","patch_set":1,"id":"3a961159_d2b056ff","line":15,"in_reply_to":"3a961159_bd8564ae","updated":"2015-01-07 00:14:45.000000000","message":"correct, thanks!","commit_id":"444d47e5cc30d2b0864e180195e9c8173aee51e9"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"e9994c09cfa71c887932f50aa7bb2e5964725950","unresolved":false,"context_lines":[{"line_number":27,"context_line":"class BaseTokenFormatter(object):"},{"line_number":28,"context_line":"    \"\"\"Base object for token formatters to inherit.\"\"\""},{"line_number":29,"context_line":""},{"line_number":30,"context_line":"    # NOTE(lbragstad): Each class the inherits BaseTokenFormatter should define"},{"line_number":31,"context_line":"    # the `token_format` and `token_version`. The combination of the two should"},{"line_number":32,"context_line":"    # create a unique combination."},{"line_number":33,"context_line":"    token_format \u003d None"}],"source_content_type":"text/x-python","patch_set":1,"id":"3a961159_7db77c85","line":30,"updated":"2015-01-06 21:13:40.000000000","message":"that*","commit_id":"444d47e5cc30d2b0864e180195e9c8173aee51e9"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"589321917ac05a9f47b17be89ff928c8cbc38730","unresolved":false,"context_lines":[{"line_number":15,"context_line":""},{"line_number":16,"context_line":"from keyczar import keyczar"},{"line_number":17,"context_line":"import msgpack"},{"line_number":18,"context_line":"from oslo.utils import timeutils"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"from keystone import config"},{"line_number":21,"context_line":"from keystone import exception"}],"source_content_type":"text/x-python","patch_set":2,"id":"da86d52c_ce0c8a97","line":18,"updated":"2015-02-09 21:43:58.000000000","message":"use oslo_utils","commit_id":"8fff2ca452c5b6affd3e5d4bdd06e56fb2a39f37"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"589321917ac05a9f47b17be89ff928c8cbc38730","unresolved":false,"context_lines":[{"line_number":93,"context_line":""},{"line_number":94,"context_line":"# FIXME(lbragstad): WTF is a \"standard token\". Come up with a better naming"},{"line_number":95,"context_line":"# convention for these!"},{"line_number":96,"context_line":"class StandardTokenFormatter(BaseTokenFormatter):"},{"line_number":97,"context_line":""},{"line_number":98,"context_line":"    token_format \u003d \u0027AE01\u0027"},{"line_number":99,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"da86d52c_ee0f8e86","line":96,"updated":"2015-02-09 21:43:58.000000000","message":"KeystoneTokenFormatter?","commit_id":"8fff2ca452c5b6affd3e5d4bdd06e56fb2a39f37"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"49af4ab511d42b32b5ab1414a738c81abc3354d9","unresolved":false,"context_lines":[{"line_number":76,"context_line":"            LOG.error(msg)"},{"line_number":77,"context_line":"            raise exception.UnexpectedError(msg)"},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"        self.crypter \u003d keyczar.Crypter.Read(self.key_repository)"},{"line_number":80,"context_line":""},{"line_number":81,"context_line":"    def _convert_uuid_hex_to_bytes(self, uuid_string):"},{"line_number":82,"context_line":"        \"\"\"Compress UUID formatted strings to bytes."}],"source_content_type":"text/x-python","patch_set":3,"id":"da86d52c_9e142d4e","line":79,"updated":"2015-02-11 15:21:47.000000000","message":"we can make this configurable so we can either sign or encrypt the data. I have an idea for this, pushing for review soon.","commit_id":"dd769249089adf83a11a114f449ca85a4869a714"}],"keystone/token/providers/klwt/core.py":[{"author":{"_account_id":220,"name":"Haneef Ali","email":"haneef.ali@hp.com","username":"haneef"},"change_message_id":"659ff96088e4e75ccaf29d90f559126612f1a579","unresolved":false,"context_lines":[{"line_number":89,"context_line":""},{"line_number":90,"context_line":"        if not token_format:"},{"line_number":91,"context_line":"            token_format \u003d \u0027KLWT00\u0027"},{"line_number":92,"context_line":""},{"line_number":93,"context_line":"        token_id \u003d self.token_format_map[token_format].create_token("},{"line_number":94,"context_line":"            user_id, project_id, token_data)"},{"line_number":95,"context_line":""}],"source_content_type":"text/x-python","patch_set":13,"id":"da86d52c_3ba7e10c","line":92,"updated":"2015-02-18 05:16:06.000000000","message":"Why can\u0027t this check be part of line 70 check?","commit_id":"ee4e68f10d5b9f987a4f812dc2a5adb32b1d7af1"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"04d3594327d63e7dfb1d028445a7c163863c59b8","unresolved":false,"context_lines":[{"line_number":89,"context_line":""},{"line_number":90,"context_line":"        if not token_format:"},{"line_number":91,"context_line":"            token_format \u003d \u0027KLWT00\u0027"},{"line_number":92,"context_line":""},{"line_number":93,"context_line":"        token_id \u003d self.token_format_map[token_format].create_token("},{"line_number":94,"context_line":"            user_id, project_id, token_data)"},{"line_number":95,"context_line":""}],"source_content_type":"text/x-python","patch_set":13,"id":"da86d52c_d4a8417a","line":92,"in_reply_to":"da86d52c_3ba7e10c","updated":"2015-02-18 15:49:34.000000000","message":"I can combine them","commit_id":"ee4e68f10d5b9f987a4f812dc2a5adb32b1d7af1"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"3dc7fdda2c159e546d910f59fd9f03c73ac5e000","unresolved":false,"context_lines":[{"line_number":17,"context_line":"from keystone.i18n import _"},{"line_number":18,"context_line":"from keystone.token.providers import common"},{"line_number":19,"context_line":"from keystone.token.providers.klwt import token_formatters"},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"CONF \u003d config.CONF"},{"line_number":22,"context_line":"LOG \u003d log.getLogger(__name__)"},{"line_number":23,"context_line":""}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_9868aff6","line":20,"updated":"2015-02-18 21:05:28.000000000","message":"(nit) needs a newline","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"cbcb07182fd56dd4fed8761cd15127126ed05ac6","unresolved":false,"context_lines":[{"line_number":17,"context_line":"from keystone.i18n import _"},{"line_number":18,"context_line":"from keystone.token.providers import common"},{"line_number":19,"context_line":"from keystone.token.providers.klwt import token_formatters"},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"CONF \u003d config.CONF"},{"line_number":22,"context_line":"LOG \u003d log.getLogger(__name__)"},{"line_number":23,"context_line":""}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_02ce095a","line":20,"in_reply_to":"da86d52c_9868aff6","updated":"2015-02-18 21:32:20.000000000","message":"Done","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"3dc7fdda2c159e546d910f59fd9f03c73ac5e000","unresolved":false,"context_lines":[{"line_number":88,"context_line":"            include_catalog\u003dinclude_catalog,"},{"line_number":89,"context_line":"            audit_info\u003dparent_audit_id)"},{"line_number":90,"context_line":""},{"line_number":91,"context_line":"        if not token_format:"},{"line_number":92,"context_line":"            token_format \u003d \u0027KLWT00\u0027"},{"line_number":93,"context_line":""},{"line_number":94,"context_line":"        token_id \u003d self.token_format_map[token_format].create_token("}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_387d03b3","line":91,"updated":"2015-02-18 21:05:28.000000000","message":"Is there any reason this isn\u0027t set up near line 70 to make it more clear?","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"cbcb07182fd56dd4fed8761cd15127126ed05ac6","unresolved":false,"context_lines":[{"line_number":88,"context_line":"            include_catalog\u003dinclude_catalog,"},{"line_number":89,"context_line":"            audit_info\u003dparent_audit_id)"},{"line_number":90,"context_line":""},{"line_number":91,"context_line":"        if not token_format:"},{"line_number":92,"context_line":"            token_format \u003d \u0027KLWT00\u0027"},{"line_number":93,"context_line":""},{"line_number":94,"context_line":"        token_id \u003d self.token_format_map[token_format].create_token("}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_42d481e8","line":91,"in_reply_to":"da86d52c_387d03b3","updated":"2015-02-18 21:32:20.000000000","message":"Done","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"9572db6f712ebf8a96c96f295253970a256bf5fc","unresolved":false,"context_lines":[{"line_number":37,"context_line":"        :param token_ref: reference describing the token"},{"line_number":38,"context_line":"        :param roles_ref: reference describing the roles for the token"},{"line_number":39,"context_line":"        :catalog_ref: reference describing the token\u0027s catalog"},{"line_number":40,"context_line":"        :return: tuple containing the id of the token and the token data"},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"        \"\"\""},{"line_number":43,"context_line":"        raise exception.NotImplemented()"}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_0b8eab2e","line":40,"updated":"2015-02-21 08:15:52.000000000","message":"you are not returning anything here, you are raising a notimplemented exception","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"c3374f8053d8ccbd66bdeadb1966bb083387ae32","unresolved":false,"context_lines":[{"line_number":37,"context_line":"        :param token_ref: reference describing the token"},{"line_number":38,"context_line":"        :param roles_ref: reference describing the roles for the token"},{"line_number":39,"context_line":"        :catalog_ref: reference describing the token\u0027s catalog"},{"line_number":40,"context_line":"        :return: tuple containing the id of the token and the token data"},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"        \"\"\""},{"line_number":43,"context_line":"        raise exception.NotImplemented()"}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_6ce1decf","line":40,"in_reply_to":"ba7be1f8_0b8eab2e","updated":"2015-02-23 16:26:51.000000000","message":"Done","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"9572db6f712ebf8a96c96f295253970a256bf5fc","unresolved":false,"context_lines":[{"line_number":69,"context_line":"        token_format \u003d None"},{"line_number":70,"context_line":""},{"line_number":71,"context_line":"        if trust:"},{"line_number":72,"context_line":"            token_format \u003d \u0027KLWT01\u0027"},{"line_number":73,"context_line":"        else:"},{"line_number":74,"context_line":"            token_format \u003d \u0027KLWT00\u0027"},{"line_number":75,"context_line":""}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_6b7c8721","line":72,"updated":"2015-02-21 08:15:52.000000000","message":"I feel like KLWT01 and the other formats should be defined as class variables, or stored in a map somehow? rather than always using the string","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"c3374f8053d8ccbd66bdeadb1966bb083387ae32","unresolved":false,"context_lines":[{"line_number":69,"context_line":"        token_format \u003d None"},{"line_number":70,"context_line":""},{"line_number":71,"context_line":"        if trust:"},{"line_number":72,"context_line":"            token_format \u003d \u0027KLWT01\u0027"},{"line_number":73,"context_line":"        else:"},{"line_number":74,"context_line":"            token_format \u003d \u0027KLWT00\u0027"},{"line_number":75,"context_line":""}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_0cf3029f","line":72,"in_reply_to":"ba7be1f8_6b7c8721","updated":"2015-02-23 16:26:51.000000000","message":"The format map is stored in the __init__() of this class. Here we just need a way to determine what we are dealing with so we can look up the right formatter in the map.","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"9572db6f712ebf8a96c96f295253970a256bf5fc","unresolved":false,"context_lines":[{"line_number":101,"context_line":""},{"line_number":102,"context_line":"        :param token_ref: reference describing the token to validate"},{"line_number":103,"context_line":"        :returns: the token data"},{"line_number":104,"context_line":"        :raises: keystone.exception.TokenNotFound"},{"line_number":105,"context_line":""},{"line_number":106,"context_line":"        \"\"\""},{"line_number":107,"context_line":"        raise exception.NotImplemented()"}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_cb73b34b","line":104,"updated":"2015-02-21 08:15:52.000000000","message":"it doesn\u0027t raise this exception","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"c3374f8053d8ccbd66bdeadb1966bb083387ae32","unresolved":false,"context_lines":[{"line_number":101,"context_line":""},{"line_number":102,"context_line":"        :param token_ref: reference describing the token to validate"},{"line_number":103,"context_line":"        :returns: the token data"},{"line_number":104,"context_line":"        :raises: keystone.exception.TokenNotFound"},{"line_number":105,"context_line":""},{"line_number":106,"context_line":"        \"\"\""},{"line_number":107,"context_line":"        raise exception.NotImplemented()"}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_2cee06b5","line":104,"in_reply_to":"ba7be1f8_cb73b34b","updated":"2015-02-23 16:26:51.000000000","message":"Done","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"9572db6f712ebf8a96c96f295253970a256bf5fc","unresolved":false,"context_lines":[{"line_number":111,"context_line":""},{"line_number":112,"context_line":"        :param token_ref: a reference describing the token to validate"},{"line_number":113,"context_line":"        :returns: the token data"},{"line_number":114,"context_line":"        :raises: keystone.exception.TokenNotFound"},{"line_number":115,"context_line":""},{"line_number":116,"context_line":"        \"\"\""},{"line_number":117,"context_line":"        for token_format in self.token_format_map:"}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_0b95cb32","line":114,"updated":"2015-02-21 08:15:52.000000000","message":"wrong raises text","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"c3374f8053d8ccbd66bdeadb1966bb083387ae32","unresolved":false,"context_lines":[{"line_number":111,"context_line":""},{"line_number":112,"context_line":"        :param token_ref: a reference describing the token to validate"},{"line_number":113,"context_line":"        :returns: the token data"},{"line_number":114,"context_line":"        :raises: keystone.exception.TokenNotFound"},{"line_number":115,"context_line":""},{"line_number":116,"context_line":"        \"\"\""},{"line_number":117,"context_line":"        for token_format in self.token_format_map:"}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_ac1036a9","line":114,"in_reply_to":"ba7be1f8_0b95cb32","updated":"2015-02-23 16:26:51.000000000","message":"Done","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"9572db6f712ebf8a96c96f295253970a256bf5fc","unresolved":false,"context_lines":[{"line_number":114,"context_line":"        :raises: keystone.exception.TokenNotFound"},{"line_number":115,"context_line":""},{"line_number":116,"context_line":"        \"\"\""},{"line_number":117,"context_line":"        for token_format in self.token_format_map:"},{"line_number":118,"context_line":"            if token_ref.startswith(token_format):"},{"line_number":119,"context_line":"                token_str \u003d token_ref[len(token_format):]"},{"line_number":120,"context_line":"                token_formatter \u003d self.token_format_map[token_format]"}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_8ba0db91","line":117,"updated":"2015-02-21 08:15:52.000000000","message":"would you be against grabbing the first 6 characters and performing a .get() on the token_format_map (instead of looping)? seems unnecessary right?","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"c3374f8053d8ccbd66bdeadb1966bb083387ae32","unresolved":false,"context_lines":[{"line_number":114,"context_line":"        :raises: keystone.exception.TokenNotFound"},{"line_number":115,"context_line":""},{"line_number":116,"context_line":"        \"\"\""},{"line_number":117,"context_line":"        for token_format in self.token_format_map:"},{"line_number":118,"context_line":"            if token_ref.startswith(token_format):"},{"line_number":119,"context_line":"                token_str \u003d token_ref[len(token_format):]"},{"line_number":120,"context_line":"                token_formatter \u003d self.token_format_map[token_format]"}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_8c6e1200","line":117,"in_reply_to":"ba7be1f8_8ba0db91","updated":"2015-02-23 16:26:51.000000000","message":"Oh, that would work well. One thing to keep in mind moving forward would be that it would require us to have token_format all the same length, versus the current implementation where we determine the token format length depending on the token_format being used. \n\nI think you raise a good point though, we can worry about solving that once we have multiple token_format strings of different length.","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"9572db6f712ebf8a96c96f295253970a256bf5fc","unresolved":false,"context_lines":[{"line_number":128,"context_line":""},{"line_number":129,"context_line":"        :param token_data: token information"},{"line_number":130,"context_line":"        :type token_data: dict"},{"line_number":131,"context_line":"        returns: token identifier"},{"line_number":132,"context_line":"        \"\"\""},{"line_number":133,"context_line":"        raise exception.NotImplemented()"}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_eb8f9721","line":131,"updated":"2015-02-21 08:15:52.000000000","message":"it raises a not implemented exception, doesn\u0027t return anything","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"c3374f8053d8ccbd66bdeadb1966bb083387ae32","unresolved":false,"context_lines":[{"line_number":128,"context_line":""},{"line_number":129,"context_line":"        :param token_data: token information"},{"line_number":130,"context_line":"        :type token_data: dict"},{"line_number":131,"context_line":"        returns: token identifier"},{"line_number":132,"context_line":"        \"\"\""},{"line_number":133,"context_line":"        raise exception.NotImplemented()"}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_3fd4661f","line":131,"in_reply_to":"ba7be1f8_eb8f9721","updated":"2015-02-23 16:26:51.000000000","message":"Done","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":11045,"name":"Bob Thyne","email":"bob.thyne@hp.com","username":"bobt"},"change_message_id":"a32a56f61e4cf80843e69dc557941bb8a3fcd86f","unresolved":false,"context_lines":[{"line_number":29,"context_line":""},{"line_number":30,"context_line":"        self.token_format_map \u003d {"},{"line_number":31,"context_line":"            \u0027KLWT00\u0027: token_formatters.StandardTokenFormatter(),"},{"line_number":32,"context_line":"            \u0027KLWT01\u0027: token_formatters.TrustTokenFormatter()}"},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"    def needs_persistence(self):"},{"line_number":35,"context_line":"        \"\"\"Should the token be written to a backend.\"\"\""}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_7b059912","line":32,"updated":"2015-02-25 23:41:05.000000000","message":"Instead of the code names: \u0027KLWT00\u0027 and \u0027KLWT01\u0027. Could we use something: \u0027KLWT\u0027 for standard and \u0027KLWT_Trust\u0027 for trust token formats?","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":2903,"name":"Morgan Fainberg","email":"morgan.fainberg@gmail.com","username":"mdrnstm"},"change_message_id":"feaebc4dfb2bfe487cd682a5e5f30bc5c2cd0828","unresolved":false,"context_lines":[{"line_number":29,"context_line":""},{"line_number":30,"context_line":"        self.token_format_map \u003d {"},{"line_number":31,"context_line":"            \u0027KLWT00\u0027: token_formatters.StandardTokenFormatter(),"},{"line_number":32,"context_line":"            \u0027KLWT01\u0027: token_formatters.TrustTokenFormatter()}"},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"    def needs_persistence(self):"},{"line_number":35,"context_line":"        \"\"\"Should the token be written to a backend.\"\"\""}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_de9bc815","line":32,"in_reply_to":"ba7be1f8_7b059912","updated":"2015-02-26 06:59:03.000000000","message":"I like the code names being opaque. However, we should not be re-defining magic strings here and down the code (as you highlighted with the refeence to this comment). We also want to keep the token values as small as possible. This prevents us from having KLWT_federated_trust_thing_with_stuff_and_junk, at a certain point we\u0027ve significantly increased the size of the token id.\n\nThis is *mostly* a cosmetic change however (where we define the KLWT\u003cXX\u003e references)","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":1916,"name":"Guang Yee","email":"gyee@suse.com","username":"guang-yee"},"change_message_id":"96712b83f7298934b9518c303248123d54f6969c","unresolved":false,"context_lines":[{"line_number":29,"context_line":""},{"line_number":30,"context_line":"        self.token_format_map \u003d {"},{"line_number":31,"context_line":"            \u0027KLWT00\u0027: token_formatters.StandardTokenFormatter(),"},{"line_number":32,"context_line":"            \u0027KLWT01\u0027: token_formatters.TrustTokenFormatter()}"},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"    def needs_persistence(self):"},{"line_number":35,"context_line":"        \"\"\"Should the token be written to a backend.\"\"\""}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_3efce4b7","line":32,"in_reply_to":"ba7be1f8_7b059912","updated":"2015-02-26 06:47:58.000000000","message":"saving chars as keep it under the 255 limit","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"fc1b18cb392b67f389d6b291d1700dfb5d6e5e5a","unresolved":false,"context_lines":[{"line_number":29,"context_line":""},{"line_number":30,"context_line":"        self.token_format_map \u003d {"},{"line_number":31,"context_line":"            \u0027KLWT00\u0027: token_formatters.StandardTokenFormatter(),"},{"line_number":32,"context_line":"            \u0027KLWT01\u0027: token_formatters.TrustTokenFormatter()}"},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"    def needs_persistence(self):"},{"line_number":35,"context_line":"        \"\"\"Should the token be written to a backend.\"\"\""}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_d7e9dfb7","line":32,"in_reply_to":"ba7be1f8_de9bc815","updated":"2015-02-26 12:41:32.000000000","message":"Are we still planning on possibly doing a rename? Maybe that is something to consider before this lands.","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":11045,"name":"Bob Thyne","email":"bob.thyne@hp.com","username":"bobt"},"change_message_id":"a32a56f61e4cf80843e69dc557941bb8a3fcd86f","unresolved":false,"context_lines":[{"line_number":70,"context_line":"        :returns: tuple containing the id of the token and the token data"},{"line_number":71,"context_line":""},{"line_number":72,"context_line":"        \"\"\""},{"line_number":73,"context_line":"        token_format \u003d None"},{"line_number":74,"context_line":""},{"line_number":75,"context_line":"        if trust:"},{"line_number":76,"context_line":"            token_format \u003d \u0027KLWT01\u0027"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_21fcd2b7","line":73,"updated":"2015-02-25 23:41:05.000000000","message":"The if-else statement surrounding the token_format assignment is verbose. Why not the following:\n\ntoken_format \u003d KLWT01 if trust else KLWT00 (*)\n\n(*) Assuming you don\u0027t accept the naming change recommended above i.e.  KLWT01\u003dKLWT_TOKEN and KLWT00\u003dKLWT","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":2903,"name":"Morgan Fainberg","email":"morgan.fainberg@gmail.com","username":"mdrnstm"},"change_message_id":"5ad0b7fa632d76039069bcf5f72f67a4a3f48fc8","unresolved":false,"context_lines":[{"line_number":70,"context_line":"        :returns: tuple containing the id of the token and the token data"},{"line_number":71,"context_line":""},{"line_number":72,"context_line":"        \"\"\""},{"line_number":73,"context_line":"        token_format \u003d None"},{"line_number":74,"context_line":""},{"line_number":75,"context_line":"        if trust:"},{"line_number":76,"context_line":"            token_format \u003d \u0027KLWT01\u0027"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_e3ef171c","line":73,"in_reply_to":"ba7be1f8_21fcd2b7","updated":"2015-02-26 05:29:21.000000000","message":"I would prefer to see this be explicit like this, as we add more tokens it\u0027ll become more and more complex to read.  That being said, I\u0027m not a huge fan of the magic string use here.\n\nThis is something that can be fixed/cleaned up down the road.","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":1916,"name":"Guang Yee","email":"gyee@suse.com","username":"guang-yee"},"change_message_id":"96712b83f7298934b9518c303248123d54f6969c","unresolved":false,"context_lines":[{"line_number":73,"context_line":"        token_format \u003d None"},{"line_number":74,"context_line":""},{"line_number":75,"context_line":"        if trust:"},{"line_number":76,"context_line":"            token_format \u003d \u0027KLWT01\u0027"},{"line_number":77,"context_line":"        else:"},{"line_number":78,"context_line":"            token_format \u003d \u0027KLWT00\u0027"},{"line_number":79,"context_line":""}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_de8e682d","line":76,"updated":"2015-02-26 06:47:58.000000000","message":"consider making these global constants, like\n\n TOKEN_PREFIX \u003d \u0027KLWT00\u0027\n TRUST_TOKEN_PREFIX \u003d \u0027KLWT01\u0027","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"fc1b18cb392b67f389d6b291d1700dfb5d6e5e5a","unresolved":false,"context_lines":[{"line_number":73,"context_line":"        token_format \u003d None"},{"line_number":74,"context_line":""},{"line_number":75,"context_line":"        if trust:"},{"line_number":76,"context_line":"            token_format \u003d \u0027KLWT01\u0027"},{"line_number":77,"context_line":"        else:"},{"line_number":78,"context_line":"            token_format \u003d \u0027KLWT00\u0027"},{"line_number":79,"context_line":""}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_d70e3f8b","line":76,"in_reply_to":"ba7be1f8_de8e682d","updated":"2015-02-26 12:41:32.000000000","message":"Done","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":11045,"name":"Bob Thyne","email":"bob.thyne@hp.com","username":"bobt"},"change_message_id":"a32a56f61e4cf80843e69dc557941bb8a3fcd86f","unresolved":false,"context_lines":[{"line_number":119,"context_line":""},{"line_number":120,"context_line":"        \"\"\""},{"line_number":121,"context_line":"        # Determine and look up the token formatter."},{"line_number":122,"context_line":"        token_format \u003d token_ref[:6]"},{"line_number":123,"context_line":"        token_formatter \u003d self.token_format_map.get(token_format)"},{"line_number":124,"context_line":"        if token_formatter:"},{"line_number":125,"context_line":"            # If we recognize the token format pass the rest of the token"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_862e748a","line":122,"updated":"2015-02-25 23:41:05.000000000","message":"Can we define a variable for the magic number 6?","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"fc1b18cb392b67f389d6b291d1700dfb5d6e5e5a","unresolved":false,"context_lines":[{"line_number":119,"context_line":""},{"line_number":120,"context_line":"        \"\"\""},{"line_number":121,"context_line":"        # Determine and look up the token formatter."},{"line_number":122,"context_line":"        token_format \u003d token_ref[:6]"},{"line_number":123,"context_line":"        token_formatter \u003d self.token_format_map.get(token_format)"},{"line_number":124,"context_line":"        if token_formatter:"},{"line_number":125,"context_line":"            # If we recognize the token format pass the rest of the token"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_d7855fcf","line":122,"in_reply_to":"ba7be1f8_862e748a","updated":"2015-02-26 12:41:32.000000000","message":"Done","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":2903,"name":"Morgan Fainberg","email":"morgan.fainberg@gmail.com","username":"mdrnstm"},"change_message_id":"feaebc4dfb2bfe487cd682a5e5f30bc5c2cd0828","unresolved":false,"context_lines":[{"line_number":119,"context_line":""},{"line_number":120,"context_line":"        \"\"\""},{"line_number":121,"context_line":"        # Determine and look up the token formatter."},{"line_number":122,"context_line":"        token_format \u003d token_ref[:6]"},{"line_number":123,"context_line":"        token_formatter \u003d self.token_format_map.get(token_format)"},{"line_number":124,"context_line":"        if token_formatter:"},{"line_number":125,"context_line":"            # If we recognize the token format pass the rest of the token"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_9edf90d5","line":122,"in_reply_to":"ba7be1f8_862e748a","updated":"2015-02-26 06:59:03.000000000","message":"Is actually more important that this lets on. we should be looking for an explicit delimiter not a magic number of characters. e.g. token_ref.split(\u0027_\u0027,1)[0]","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"fc1b18cb392b67f389d6b291d1700dfb5d6e5e5a","unresolved":false,"context_lines":[{"line_number":119,"context_line":""},{"line_number":120,"context_line":"        \"\"\""},{"line_number":121,"context_line":"        # Determine and look up the token formatter."},{"line_number":122,"context_line":"        token_format \u003d token_ref[:6]"},{"line_number":123,"context_line":"        token_formatter \u003d self.token_format_map.get(token_format)"},{"line_number":124,"context_line":"        if token_formatter:"},{"line_number":125,"context_line":"            # If we recognize the token format pass the rest of the token"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_b759cb8f","line":122,"in_reply_to":"ba7be1f8_9edf90d5","updated":"2015-02-26 12:41:32.000000000","message":"Would you suggest appending another character to the token format? \n\n    TOKEN_FORMAT  \u003d \"KLWT00-\"\n\nSo we always know we\u0027ll hit \"-\" at some point? Then again, we\u0027re adding stuff to the token.","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":11045,"name":"Bob Thyne","email":"bob.thyne@hp.com","username":"bobt"},"change_message_id":"a32a56f61e4cf80843e69dc557941bb8a3fcd86f","unresolved":false,"context_lines":[{"line_number":129,"context_line":"                token_formatter.validate_token(token_str))"},{"line_number":130,"context_line":"            return token_data"},{"line_number":131,"context_line":"        # If the token_format is not recognized, raise Unauthorized."},{"line_number":132,"context_line":"        raise exception.Unauthorized(_(\u0027This is not a recognized KLW token.\u0027))"},{"line_number":133,"context_line":""},{"line_number":134,"context_line":"    def _get_token_id(self, token_data):"},{"line_number":135,"context_line":"        \"\"\"Generate the token_id based upon the data in token_data."}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_86e1142c","line":132,"updated":"2015-02-25 23:41:05.000000000","message":"s/KLW/KLWT","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":2903,"name":"Morgan Fainberg","email":"morgan.fainberg@gmail.com","username":"mdrnstm"},"change_message_id":"feaebc4dfb2bfe487cd682a5e5f30bc5c2cd0828","unresolved":false,"context_lines":[{"line_number":129,"context_line":"                token_formatter.validate_token(token_str))"},{"line_number":130,"context_line":"            return token_data"},{"line_number":131,"context_line":"        # If the token_format is not recognized, raise Unauthorized."},{"line_number":132,"context_line":"        raise exception.Unauthorized(_(\u0027This is not a recognized KLW token.\u0027))"},{"line_number":133,"context_line":""},{"line_number":134,"context_line":"    def _get_token_id(self, token_data):"},{"line_number":135,"context_line":"        \"\"\"Generate the token_id based upon the data in token_data."}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_feb5ec7d","line":132,"in_reply_to":"ba7be1f8_86e1142c","updated":"2015-02-26 06:59:03.000000000","message":"This should be:\n\nThis is not a recognized KLWT formatted token.","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"fc1b18cb392b67f389d6b291d1700dfb5d6e5e5a","unresolved":false,"context_lines":[{"line_number":129,"context_line":"                token_formatter.validate_token(token_str))"},{"line_number":130,"context_line":"            return token_data"},{"line_number":131,"context_line":"        # If the token_format is not recognized, raise Unauthorized."},{"line_number":132,"context_line":"        raise exception.Unauthorized(_(\u0027This is not a recognized KLW token.\u0027))"},{"line_number":133,"context_line":""},{"line_number":134,"context_line":"    def _get_token_id(self, token_data):"},{"line_number":135,"context_line":"        \"\"\"Generate the token_id based upon the data in token_data."}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_57f6cf5d","line":132,"in_reply_to":"ba7be1f8_feb5ec7d","updated":"2015-02-26 12:41:32.000000000","message":"Done","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"218e8ebb0cec074e76e133875c70a44474853487","unresolved":false,"context_lines":[{"line_number":12,"context_line":""},{"line_number":13,"context_line":"from oslo_log import log"},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"from keystone import config"},{"line_number":16,"context_line":"from keystone import exception"},{"line_number":17,"context_line":"from keystone.i18n import _"},{"line_number":18,"context_line":"from keystone.token.providers import common"}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_d491b99b","line":15,"updated":"2015-02-27 02:16:18.000000000","message":"change this to\n\n from oslo_config import cfg","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"7672022959e8deac99c2937ec154c2b5a102358d","unresolved":false,"context_lines":[{"line_number":12,"context_line":""},{"line_number":13,"context_line":"from oslo_log import log"},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"from keystone import config"},{"line_number":16,"context_line":"from keystone import exception"},{"line_number":17,"context_line":"from keystone.i18n import _"},{"line_number":18,"context_line":"from keystone.token.providers import common"}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_75162bf3","line":15,"in_reply_to":"ba7be1f8_d491b99b","updated":"2015-02-27 16:08:51.000000000","message":"Done","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"218e8ebb0cec074e76e133875c70a44474853487","unresolved":false,"context_lines":[{"line_number":43,"context_line":""},{"line_number":44,"context_line":"        :param token_ref: reference describing the token"},{"line_number":45,"context_line":"        :param roles_ref: reference describing the roles for the token"},{"line_number":46,"context_line":"        :catalog_ref: reference describing the token\u0027s catalog"},{"line_number":47,"context_line":"        :raises: keystone.exception.NotImplemented"},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"        \"\"\""}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_54d4e946","line":46,"updated":"2015-02-27 02:16:18.000000000","message":"add param before catalog_ref.","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"7672022959e8deac99c2937ec154c2b5a102358d","unresolved":false,"context_lines":[{"line_number":43,"context_line":""},{"line_number":44,"context_line":"        :param token_ref: reference describing the token"},{"line_number":45,"context_line":"        :param roles_ref: reference describing the roles for the token"},{"line_number":46,"context_line":"        :catalog_ref: reference describing the token\u0027s catalog"},{"line_number":47,"context_line":"        :raises: keystone.exception.NotImplemented"},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"        \"\"\""}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_f5e13bff","line":46,"in_reply_to":"ba7be1f8_54d4e946","updated":"2015-02-27 16:08:51.000000000","message":"Done","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"218e8ebb0cec074e76e133875c70a44474853487","unresolved":false,"context_lines":[{"line_number":44,"context_line":"        :param token_ref: reference describing the token"},{"line_number":45,"context_line":"        :param roles_ref: reference describing the roles for the token"},{"line_number":46,"context_line":"        :catalog_ref: reference describing the token\u0027s catalog"},{"line_number":47,"context_line":"        :raises: keystone.exception.NotImplemented"},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"        \"\"\""},{"line_number":50,"context_line":"        raise exception.NotImplemented()"}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_94ce61b3","line":47,"updated":"2015-02-27 02:16:18.000000000","message":"this should be\n\n :raises keystone.exception.NotImplemented: when called\n\nsame comment applies throughout this file.","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"7672022959e8deac99c2937ec154c2b5a102358d","unresolved":false,"context_lines":[{"line_number":44,"context_line":"        :param token_ref: reference describing the token"},{"line_number":45,"context_line":"        :param roles_ref: reference describing the roles for the token"},{"line_number":46,"context_line":"        :catalog_ref: reference describing the token\u0027s catalog"},{"line_number":47,"context_line":"        :raises: keystone.exception.NotImplemented"},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"        \"\"\""},{"line_number":50,"context_line":"        raise exception.NotImplemented()"}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_15940f43","line":47,"in_reply_to":"ba7be1f8_94ce61b3","updated":"2015-02-27 16:08:51.000000000","message":"Done","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"218e8ebb0cec074e76e133875c70a44474853487","unresolved":false,"context_lines":[{"line_number":56,"context_line":"        \"\"\"Issue a V3 formatted token."},{"line_number":57,"context_line":""},{"line_number":58,"context_line":"        Here is where we need to detect what is given to us, and what kind of"},{"line_number":59,"context_line":"        token the user is expect. Depending on the outcome of that, we can pass"},{"line_number":60,"context_line":"        all the information to be packed to the proper token format handler."},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"        :param user_id: ID of the user"}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_14ba710a","line":59,"updated":"2015-02-27 02:16:18.000000000","message":"change \"expect\" to \"expecting\"","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"7672022959e8deac99c2937ec154c2b5a102358d","unresolved":false,"context_lines":[{"line_number":56,"context_line":"        \"\"\"Issue a V3 formatted token."},{"line_number":57,"context_line":""},{"line_number":58,"context_line":"        Here is where we need to detect what is given to us, and what kind of"},{"line_number":59,"context_line":"        token the user is expect. Depending on the outcome of that, we can pass"},{"line_number":60,"context_line":"        all the information to be packed to the proper token format handler."},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"        :param user_id: ID of the user"}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_157b2f2a","line":59,"in_reply_to":"ba7be1f8_14ba710a","updated":"2015-02-27 16:08:51.000000000","message":"Done","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"218e8ebb0cec074e76e133875c70a44474853487","unresolved":false,"context_lines":[{"line_number":76,"context_line":"        token_format \u003d None"},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"        if trust:"},{"line_number":79,"context_line":"            token_format \u003d TRUST_TOKEN_PREFIX"},{"line_number":80,"context_line":"        else:"},{"line_number":81,"context_line":"            token_format \u003d TOKEN_PREFIX"},{"line_number":82,"context_line":""}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_b470c574","line":79,"updated":"2015-02-27 02:16:18.000000000","message":"this could just as well be\n\n token_formatter \u003d self.token_format_map[TRUST_TOKEN_PREFIX]","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"218e8ebb0cec074e76e133875c70a44474853487","unresolved":false,"context_lines":[{"line_number":82,"context_line":""},{"line_number":83,"context_line":"        token_ref \u003d None"},{"line_number":84,"context_line":"        if auth_context and self._is_mapped_token(auth_context):"},{"line_number":85,"context_line":"            token_ref \u003d self._handle_mapped_tokens("},{"line_number":86,"context_line":"                auth_context, project_id, domain_id)"},{"line_number":87,"context_line":""},{"line_number":88,"context_line":"        token_data \u003d self.v3_token_data_helper.get_token_data("}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_74fd6d6e","line":85,"updated":"2015-02-27 02:16:18.000000000","message":"coverage report shows this isn\u0027t tested.","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"218e8ebb0cec074e76e133875c70a44474853487","unresolved":false,"context_lines":[{"line_number":134,"context_line":"            return token_data"},{"line_number":135,"context_line":"        # If the token_format is not recognized, raise Unauthorized."},{"line_number":136,"context_line":"        msg \u003d _(\u0027This is not a recognized KLWT formatted token\u0027)"},{"line_number":137,"context_line":"        raise exception.Unauthorized(msg)"},{"line_number":138,"context_line":""},{"line_number":139,"context_line":"    def _get_token_id(self, token_data):"},{"line_number":140,"context_line":"        \"\"\"Generate the token_id based upon the data in token_data."}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_74256d5b","line":137,"updated":"2015-02-27 02:16:18.000000000","message":"should at least log what format was provided.","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"7672022959e8deac99c2937ec154c2b5a102358d","unresolved":false,"context_lines":[{"line_number":134,"context_line":"            return token_data"},{"line_number":135,"context_line":"        # If the token_format is not recognized, raise Unauthorized."},{"line_number":136,"context_line":"        msg \u003d _(\u0027This is not a recognized KLWT formatted token\u0027)"},{"line_number":137,"context_line":"        raise exception.Unauthorized(msg)"},{"line_number":138,"context_line":""},{"line_number":139,"context_line":"    def _get_token_id(self, token_data):"},{"line_number":140,"context_line":"        \"\"\"Generate the token_id based upon the data in token_data."}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_95c63f15","line":137,"in_reply_to":"ba7be1f8_74256d5b","updated":"2015-02-27 16:08:51.000000000","message":"Done","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"0f6c7ec6fad23dea0e96c5063fe295def62866ec","unresolved":false,"context_lines":[{"line_number":82,"context_line":""},{"line_number":83,"context_line":"        token_ref \u003d None"},{"line_number":84,"context_line":"        if auth_context and self._is_mapped_token(auth_context):"},{"line_number":85,"context_line":"            token_ref \u003d self._handle_mapped_tokens("},{"line_number":86,"context_line":"                auth_context, project_id, domain_id)"},{"line_number":87,"context_line":""},{"line_number":88,"context_line":"        token_data \u003d self.v3_token_data_helper.get_token_data("}],"source_content_type":"text/x-python","patch_set":31,"id":"ba7be1f8_81024c3c","line":85,"updated":"2015-03-02 11:45:19.000000000","message":"cover says it\u0027s not tested and it\u0027s unclear to me what is designed behaviour with KLWT and mapped tokens.","commit_id":"a605e2e4c41636bbd02f75db061b31e6d8177f73"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"bbe603629605858a8a24d1a6c452d6460a97c52c","unresolved":false,"context_lines":[{"line_number":82,"context_line":""},{"line_number":83,"context_line":"        token_ref \u003d None"},{"line_number":84,"context_line":"        if auth_context and self._is_mapped_token(auth_context):"},{"line_number":85,"context_line":"            token_ref \u003d self._handle_mapped_tokens("},{"line_number":86,"context_line":"                auth_context, project_id, domain_id)"},{"line_number":87,"context_line":""},{"line_number":88,"context_line":"        token_data \u003d self.v3_token_data_helper.get_token_data("}],"source_content_type":"text/x-python","patch_set":31,"id":"ba7be1f8_679e3e56","line":85,"in_reply_to":"ba7be1f8_81024c3c","updated":"2015-03-02 15:46:52.000000000","message":"Actually, it this statement is True, it should be set to another token_format like we do above with TOKEN_PREFIX and TRUST_TOKEN_PREFIX. \n\nThis should come in another patch set that introduces the federated token formatter.","commit_id":"a605e2e4c41636bbd02f75db061b31e6d8177f73"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"e49689ab3f41c2ba8f289870e16a8fc26afbb96e","unresolved":false,"context_lines":[{"line_number":82,"context_line":""},{"line_number":83,"context_line":"        token_ref \u003d None"},{"line_number":84,"context_line":"        if auth_context and self._is_mapped_token(auth_context):"},{"line_number":85,"context_line":"            token_ref \u003d self._handle_mapped_tokens("},{"line_number":86,"context_line":"                auth_context, project_id, domain_id)"},{"line_number":87,"context_line":""},{"line_number":88,"context_line":"        token_data \u003d self.v3_token_data_helper.get_token_data("}],"source_content_type":"text/x-python","patch_set":31,"id":"ba7be1f8_6d4b7f59","line":85,"in_reply_to":"ba7be1f8_81024c3c","updated":"2015-03-02 16:22:34.000000000","message":"Done","commit_id":"a605e2e4c41636bbd02f75db061b31e6d8177f73"}],"keystone/token/providers/klwt/token_formatters.py":[{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"1fdbbd4604e47d65a04929834cb9ae9061b48ee5","unresolved":false,"context_lines":[{"line_number":35,"context_line":"    # the `token_format` and `token_version`. The combination of the two should"},{"line_number":36,"context_line":"    # be unique."},{"line_number":37,"context_line":"    token_format \u003d None"},{"line_number":38,"context_line":"    token_version \u003d None"},{"line_number":39,"context_line":""},{"line_number":40,"context_line":"    def __init__(self):"},{"line_number":41,"context_line":"        \"\"\"Establish a connection with Keyczar and store it.\"\"\""}],"source_content_type":"text/x-python","patch_set":11,"id":"da86d52c_988e2a26","line":38,"updated":"2015-02-17 17:21:17.000000000","message":"remove token_version, it\u0027s not being used.","commit_id":"c70411e6b5d6d9ae34e40fa35dd9b5b70df687e5"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"1fdbbd4604e47d65a04929834cb9ae9061b48ee5","unresolved":false,"context_lines":[{"line_number":313,"context_line":"        trust_id \u003d self._convert_uuid_bytes_to_hex(b_trust_id)"},{"line_number":314,"context_line":"        # Generate created at and expires at times"},{"line_number":315,"context_line":"        issued_at_str \u003d self._convert_int_to_time_string(issued_at_ts)"},{"line_number":316,"context_line":"        expires_at_str \u003d self._convert_int_to_time_string(expires_at_ts)"},{"line_number":317,"context_line":"        token_data \u003d {\u0027token\u0027: {}}"},{"line_number":318,"context_line":"        token_data[\u0027token\u0027][\u0027issued_at\u0027] \u003d issued_at_str"},{"line_number":319,"context_line":"        token_data[\u0027token\u0027][\u0027expires_at\u0027] \u003d expires_at_str"}],"source_content_type":"text/x-python","patch_set":11,"id":"da86d52c_78bed6af","line":316,"updated":"2015-02-17 17:21:17.000000000","message":"make sure trust info gets populated here, or ensure it\u0027s done in the provider when the rest of the token context is built.","commit_id":"c70411e6b5d6d9ae34e40fa35dd9b5b70df687e5"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"3dc7fdda2c159e546d910f59fd9f03c73ac5e000","unresolved":false,"context_lines":[{"line_number":61,"context_line":"                # FIXME(dolph): this is only here to satisfy tests"},{"line_number":62,"context_line":"                self.purpose \u003d \u0027sign\u0027"},{"line_number":63,"context_line":"            except keyczar.errors.KeyczarError as e:"},{"line_number":64,"context_line":"                raise exception.KeyczarReadError(details\u003de)"},{"line_number":65,"context_line":""},{"line_number":66,"context_line":"    def _convert_uuid_hex_to_bytes(self, uuid_string):"},{"line_number":67,"context_line":"        \"\"\"Compress UUID formatted strings to bytes."}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_ec12cc56","line":64,"updated":"2015-02-18 21:05:28.000000000","message":"Assuming that \u0027e\u0027 here is turned into a string for the user facing message...would you want to provide a message that can be translated? Or is Keyczar using translation for its messages?","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"3dc7fdda2c159e546d910f59fd9f03c73ac5e000","unresolved":false,"context_lines":[{"line_number":175,"context_line":""},{"line_number":176,"context_line":"    token_format \u003d \u0027KLWT00\u0027"},{"line_number":177,"context_line":""},{"line_number":178,"context_line":"    def __init__(self):"},{"line_number":179,"context_line":"        super(StandardTokenFormatter, self).__init__()"},{"line_number":180,"context_line":""},{"line_number":181,"context_line":"    def create_token(self, user_id, project_id, token_data):"}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_cccb48a2","line":178,"updated":"2015-02-18 21:05:28.000000000","message":"Do you need this here?","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"cbcb07182fd56dd4fed8761cd15127126ed05ac6","unresolved":false,"context_lines":[{"line_number":175,"context_line":""},{"line_number":176,"context_line":"    token_format \u003d \u0027KLWT00\u0027"},{"line_number":177,"context_line":""},{"line_number":178,"context_line":"    def __init__(self):"},{"line_number":179,"context_line":"        super(StandardTokenFormatter, self).__init__()"},{"line_number":180,"context_line":""},{"line_number":181,"context_line":"    def create_token(self, user_id, project_id, token_data):"}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_4242c1ab","line":178,"in_reply_to":"da86d52c_cccb48a2","updated":"2015-02-18 21:32:20.000000000","message":"In the latest patchset we use the V3TokenDataHelper class which is init\u0027d in the BaseTokenFormatter, if that helps?","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"3dc7fdda2c159e546d910f59fd9f03c73ac5e000","unresolved":false,"context_lines":[{"line_number":225,"context_line":"        # Pull out all information we need"},{"line_number":226,"context_line":"        b_user_id \u003d unpacked_token[0]"},{"line_number":227,"context_line":"        b_project_id \u003d None"},{"line_number":228,"context_line":"        if isinstance(unpacked_token[1], str):"},{"line_number":229,"context_line":"            b_project_id \u003d unpacked_token[1]"},{"line_number":230,"context_line":"            issued_at_ts \u003d unpacked_token[2]"},{"line_number":231,"context_line":"            expires_at_ts \u003d unpacked_token[3]"}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_8f6302b0","line":228,"updated":"2015-02-18 21:05:28.000000000","message":"Is there tests that show both behaviors?","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"cbcb07182fd56dd4fed8761cd15127126ed05ac6","unresolved":false,"context_lines":[{"line_number":225,"context_line":"        # Pull out all information we need"},{"line_number":226,"context_line":"        b_user_id \u003d unpacked_token[0]"},{"line_number":227,"context_line":"        b_project_id \u003d None"},{"line_number":228,"context_line":"        if isinstance(unpacked_token[1], str):"},{"line_number":229,"context_line":"            b_project_id \u003d unpacked_token[1]"},{"line_number":230,"context_line":"            issued_at_ts \u003d unpacked_token[2]"},{"line_number":231,"context_line":"            expires_at_ts \u003d unpacked_token[3]"}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_821759a2","line":228,"in_reply_to":"da86d52c_8f6302b0","updated":"2015-02-18 21:32:20.000000000","message":"Yep, when we test any sort of scoped token we hit the first case and when we test the unscoped case we hit the second case.","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"3dc7fdda2c159e546d910f59fd9f03c73ac5e000","unresolved":false,"context_lines":[{"line_number":259,"context_line":""},{"line_number":260,"context_line":"    token_format \u003d \u0027KLWT01\u0027"},{"line_number":261,"context_line":""},{"line_number":262,"context_line":"    def __init__(self):"},{"line_number":263,"context_line":"        super(TrustTokenFormatter, self).__init__()"},{"line_number":264,"context_line":""},{"line_number":265,"context_line":"    def create_token(self, user_id, project_id, token_data):"}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_2cba240b","line":262,"updated":"2015-02-18 21:05:28.000000000","message":"Or this","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"cbcb07182fd56dd4fed8761cd15127126ed05ac6","unresolved":false,"context_lines":[{"line_number":259,"context_line":""},{"line_number":260,"context_line":"    token_format \u003d \u0027KLWT01\u0027"},{"line_number":261,"context_line":""},{"line_number":262,"context_line":"    def __init__(self):"},{"line_number":263,"context_line":"        super(TrustTokenFormatter, self).__init__()"},{"line_number":264,"context_line":""},{"line_number":265,"context_line":"    def create_token(self, user_id, project_id, token_data):"}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_a208dd80","line":262,"in_reply_to":"da86d52c_2cba240b","updated":"2015-02-18 21:32:20.000000000","message":"same comment as above.","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"decabd02c988a6696bed06f5c92788970c63527d","unresolved":false,"context_lines":[{"line_number":34,"context_line":"class BaseTokenFormatter(object):"},{"line_number":35,"context_line":"    \"\"\"Base object for token formatters to inherit.\"\"\""},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"    # NOTE(lbragstad): Each class the inherits BaseTokenFormatter should define"},{"line_number":38,"context_line":"    # the `token_format` and `token_version`. The combination of the two should"},{"line_number":39,"context_line":"    # be unique."},{"line_number":40,"context_line":"    token_format \u003d None"}],"source_content_type":"text/x-python","patch_set":17,"id":"da86d52c_8f15ab3e","line":37,"updated":"2015-02-19 11:22:22.000000000","message":"(nit): s/the/that/ ?","commit_id":"b6d659c41da1a79decdcd79bc7e35d66a66b1ab6"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"a78dd0310f62920fdd4f663d304c62ba6ab708ea","unresolved":false,"context_lines":[{"line_number":34,"context_line":"class BaseTokenFormatter(object):"},{"line_number":35,"context_line":"    \"\"\"Base object for token formatters to inherit.\"\"\""},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"    # NOTE(lbragstad): Each class the inherits BaseTokenFormatter should define"},{"line_number":38,"context_line":"    # the `token_format` and `token_version`. The combination of the two should"},{"line_number":39,"context_line":"    # be unique."},{"line_number":40,"context_line":"    token_format \u003d None"}],"source_content_type":"text/x-python","patch_set":17,"id":"da86d52c_691a2f70","line":37,"in_reply_to":"da86d52c_8f15ab3e","updated":"2015-02-19 13:57:09.000000000","message":"Done","commit_id":"b6d659c41da1a79decdcd79bc7e35d66a66b1ab6"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"9572db6f712ebf8a96c96f295253970a256bf5fc","unresolved":false,"context_lines":[{"line_number":61,"context_line":""},{"line_number":62,"context_line":"        if not keys:"},{"line_number":63,"context_line":"            raise Exception(_("},{"line_number":64,"context_line":"                \u0027No encryption keys found; run keystone-manage klwt_setup to \u0027"},{"line_number":65,"context_line":"                \u0027bootstrap one.\u0027))"},{"line_number":66,"context_line":""},{"line_number":67,"context_line":"        fernet_instances \u003d [fernet.Fernet(key) for key in utils.load_keys()]"}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_0bbcebba","line":64,"updated":"2015-02-21 08:15:52.000000000","message":"this is an odd way to layout a message, you had all that space on the line above!","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"c3374f8053d8ccbd66bdeadb1966bb083387ae32","unresolved":false,"context_lines":[{"line_number":61,"context_line":""},{"line_number":62,"context_line":"        if not keys:"},{"line_number":63,"context_line":"            raise Exception(_("},{"line_number":64,"context_line":"                \u0027No encryption keys found; run keystone-manage klwt_setup to \u0027"},{"line_number":65,"context_line":"                \u0027bootstrap one.\u0027))"},{"line_number":66,"context_line":""},{"line_number":67,"context_line":"        fernet_instances \u003d [fernet.Fernet(key) for key in utils.load_keys()]"}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_df9eea53","line":64,"in_reply_to":"ba7be1f8_0bbcebba","updated":"2015-02-23 16:26:51.000000000","message":"Done","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":13152,"name":"Jorge Munoz","email":"elkidster@gmail.com","username":"jmunoz"},"change_message_id":"b75abab2b6ae7ae6c574bdb0dfab001fddf24b01","unresolved":false,"context_lines":[{"line_number":183,"context_line":"        # TODO(lbragstad): catch msgpack errors here"},{"line_number":184,"context_line":"        unpacked_token \u003d msgpack.unpackb(decrypted_token)"},{"line_number":185,"context_line":""},{"line_number":186,"context_line":"        # Pull out all information we need"},{"line_number":187,"context_line":"        b_user_id \u003d unpacked_token[0]"},{"line_number":188,"context_line":"        b_project_id \u003d None"},{"line_number":189,"context_line":"        if isinstance(unpacked_token[1], str):"}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_0cf222d2","line":186,"updated":"2015-02-23 17:00:08.000000000","message":"nit: Should this comment be something more like: \"Retrieve token information\".","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"328ab66c0e6ab19213bd6282d6ec5a2762eca1cf","unresolved":false,"context_lines":[{"line_number":183,"context_line":"        # TODO(lbragstad): catch msgpack errors here"},{"line_number":184,"context_line":"        unpacked_token \u003d msgpack.unpackb(decrypted_token)"},{"line_number":185,"context_line":""},{"line_number":186,"context_line":"        # Pull out all information we need"},{"line_number":187,"context_line":"        b_user_id \u003d unpacked_token[0]"},{"line_number":188,"context_line":"        b_project_id \u003d None"},{"line_number":189,"context_line":"        if isinstance(unpacked_token[1], str):"}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_38755c98","line":186,"in_reply_to":"ba7be1f8_0cf222d2","updated":"2015-02-23 17:20:03.000000000","message":"Done","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":13152,"name":"Jorge Munoz","email":"elkidster@gmail.com","username":"jmunoz"},"change_message_id":"b75abab2b6ae7ae6c574bdb0dfab001fddf24b01","unresolved":false,"context_lines":[{"line_number":265,"context_line":"        # TODO(lbragstad): catch msgpack errors here"},{"line_number":266,"context_line":"        unpacked_token \u003d msgpack.unpackb(decrypted_token)"},{"line_number":267,"context_line":""},{"line_number":268,"context_line":"        # Pull out all information we need"},{"line_number":269,"context_line":"        b_user_id \u003d unpacked_token[0]"},{"line_number":270,"context_line":"        b_project_id \u003d unpacked_token[1]"},{"line_number":271,"context_line":"        b_trust_id \u003d unpacked_token[2]"}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_5fa59ab3","line":268,"updated":"2015-02-23 17:00:08.000000000","message":"Same here.","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"328ab66c0e6ab19213bd6282d6ec5a2762eca1cf","unresolved":false,"context_lines":[{"line_number":265,"context_line":"        # TODO(lbragstad): catch msgpack errors here"},{"line_number":266,"context_line":"        unpacked_token \u003d msgpack.unpackb(decrypted_token)"},{"line_number":267,"context_line":""},{"line_number":268,"context_line":"        # Pull out all information we need"},{"line_number":269,"context_line":"        b_user_id \u003d unpacked_token[0]"},{"line_number":270,"context_line":"        b_project_id \u003d unpacked_token[1]"},{"line_number":271,"context_line":"        b_trust_id \u003d unpacked_token[2]"}],"source_content_type":"text/x-python","patch_set":20,"id":"ba7be1f8_38839c57","line":268,"in_reply_to":"ba7be1f8_5fa59ab3","updated":"2015-02-23 17:20:03.000000000","message":"Done","commit_id":"5396f10861d4e898833ca071b55ac47f92e48e5b"},{"author":{"_account_id":1916,"name":"Guang Yee","email":"gyee@suse.com","username":"guang-yee"},"change_message_id":"96712b83f7298934b9518c303248123d54f6969c","unresolved":false,"context_lines":[{"line_number":133,"context_line":""},{"line_number":134,"context_line":"class StandardTokenFormatter(BaseTokenFormatter):"},{"line_number":135,"context_line":""},{"line_number":136,"context_line":"    token_format \u003d \u0027KLWT00\u0027"},{"line_number":137,"context_line":""},{"line_number":138,"context_line":"    def __init__(self):"},{"line_number":139,"context_line":"        super(StandardTokenFormatter, self).__init__()"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_9ed5d0e6","line":136,"updated":"2015-02-26 06:47:58.000000000","message":"this should be a global as it is shared in a few places","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"fc1b18cb392b67f389d6b291d1700dfb5d6e5e5a","unresolved":false,"context_lines":[{"line_number":133,"context_line":""},{"line_number":134,"context_line":"class StandardTokenFormatter(BaseTokenFormatter):"},{"line_number":135,"context_line":""},{"line_number":136,"context_line":"    token_format \u003d \u0027KLWT00\u0027"},{"line_number":137,"context_line":""},{"line_number":138,"context_line":"    def __init__(self):"},{"line_number":139,"context_line":"        super(StandardTokenFormatter, self).__init__()"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_1787f7b5","line":136,"in_reply_to":"ba7be1f8_9ed5d0e6","updated":"2015-02-26 12:41:32.000000000","message":"These are specific to the class since only the class really needs to know about them.","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":1916,"name":"Guang Yee","email":"gyee@suse.com","username":"guang-yee"},"change_message_id":"96712b83f7298934b9518c303248123d54f6969c","unresolved":false,"context_lines":[{"line_number":157,"context_line":"                b_user_id, b_scope_id, issued_at_int, expires_at_int,"},{"line_number":158,"context_line":"                audit_ids)"},{"line_number":159,"context_line":"        else:"},{"line_number":160,"context_line":"            token \u003d (b_user_id, issued_at_int, expires_at_int, audit_ids)"},{"line_number":161,"context_line":""},{"line_number":162,"context_line":"        msgpacked_token \u003d msgpack.packb(token)"},{"line_number":163,"context_line":""}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_decd8832","line":160,"updated":"2015-02-26 06:47:58.000000000","message":"we really don\u0027t need both issued_at and expires_at as we can derive one from the other. For example,\n\nissued_at \u003d expires_at - CONF.token.expiration\n\nor\n\nexpired_at \u003d issued_at + CONF.token.expiration\n\nNot a deal break right now, but in the future we may need to include the auth methods in there whenever we need to solve the unbound group problem.","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"fc1b18cb392b67f389d6b291d1700dfb5d6e5e5a","unresolved":false,"context_lines":[{"line_number":157,"context_line":"                b_user_id, b_scope_id, issued_at_int, expires_at_int,"},{"line_number":158,"context_line":"                audit_ids)"},{"line_number":159,"context_line":"        else:"},{"line_number":160,"context_line":"            token \u003d (b_user_id, issued_at_int, expires_at_int, audit_ids)"},{"line_number":161,"context_line":""},{"line_number":162,"context_line":"        msgpacked_token \u003d msgpack.packb(token)"},{"line_number":163,"context_line":""}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_7766732b","line":160,"in_reply_to":"ba7be1f8_dc7e7169","updated":"2015-02-26 12:41:32.000000000","message":"Hmm good question. Opinions?","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"fc1b18cb392b67f389d6b291d1700dfb5d6e5e5a","unresolved":false,"context_lines":[{"line_number":157,"context_line":"                b_user_id, b_scope_id, issued_at_int, expires_at_int,"},{"line_number":158,"context_line":"                audit_ids)"},{"line_number":159,"context_line":"        else:"},{"line_number":160,"context_line":"            token \u003d (b_user_id, issued_at_int, expires_at_int, audit_ids)"},{"line_number":161,"context_line":""},{"line_number":162,"context_line":"        msgpacked_token \u003d msgpack.packb(token)"},{"line_number":163,"context_line":""}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_d7b8ff76","line":160,"in_reply_to":"ba7be1f8_decd8832","updated":"2015-02-26 12:41:32.000000000","message":"Dolph has a way that deals with this using fernet that I need to incorporate into this.","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":2903,"name":"Morgan Fainberg","email":"morgan.fainberg@gmail.com","username":"mdrnstm"},"change_message_id":"feaebc4dfb2bfe487cd682a5e5f30bc5c2cd0828","unresolved":false,"context_lines":[{"line_number":157,"context_line":"                b_user_id, b_scope_id, issued_at_int, expires_at_int,"},{"line_number":158,"context_line":"                audit_ids)"},{"line_number":159,"context_line":"        else:"},{"line_number":160,"context_line":"            token \u003d (b_user_id, issued_at_int, expires_at_int, audit_ids)"},{"line_number":161,"context_line":""},{"line_number":162,"context_line":"        msgpacked_token \u003d msgpack.packb(token)"},{"line_number":163,"context_line":""}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_dc7e7169","line":160,"in_reply_to":"ba7be1f8_decd8832","updated":"2015-02-26 06:59:03.000000000","message":"You would need to encode CONF.token.expiration in the token since you don\u0027t want changes to CONF to affect token longevity (or do you?), in either case encoding less data [but not by much]","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":11045,"name":"Bob Thyne","email":"bob.thyne@hp.com","username":"bobt"},"change_message_id":"a32a56f61e4cf80843e69dc557941bb8a3fcd86f","unresolved":false,"context_lines":[{"line_number":172,"context_line":"        \"\"\"Validate a KLWT00 formatted token."},{"line_number":173,"context_line":""},{"line_number":174,"context_line":"        :param token_string: a string representing the token"},{"line_number":175,"context_line":"        :return: a dictionary of token data"},{"line_number":176,"context_line":""},{"line_number":177,"context_line":"        \"\"\""},{"line_number":178,"context_line":"        try:"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_a115229d","line":175,"updated":"2015-02-25 23:41:05.000000000","message":"Returns a tuple","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"fc1b18cb392b67f389d6b291d1700dfb5d6e5e5a","unresolved":false,"context_lines":[{"line_number":172,"context_line":"        \"\"\"Validate a KLWT00 formatted token."},{"line_number":173,"context_line":""},{"line_number":174,"context_line":"        :param token_string: a string representing the token"},{"line_number":175,"context_line":"        :return: a dictionary of token data"},{"line_number":176,"context_line":""},{"line_number":177,"context_line":"        \"\"\""},{"line_number":178,"context_line":"        try:"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_774d9399","line":175,"in_reply_to":"ba7be1f8_a115229d","updated":"2015-02-26 12:41:32.000000000","message":"Done","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":1916,"name":"Guang Yee","email":"gyee@suse.com","username":"guang-yee"},"change_message_id":"96712b83f7298934b9518c303248123d54f6969c","unresolved":false,"context_lines":[{"line_number":212,"context_line":"            project_id\u003dproject_id,"},{"line_number":213,"context_line":"            expires\u003dexpires_at_str,"},{"line_number":214,"context_line":"            issued_at\u003dissued_at_str,"},{"line_number":215,"context_line":"            audit_info\u003daudit_ids)"},{"line_number":216,"context_line":""},{"line_number":217,"context_line":"        return (user_id, project_id, token_data)"},{"line_number":218,"context_line":""}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_3edea4dd","line":215,"updated":"2015-02-26 06:47:58.000000000","message":"where are we checking for revocation events?","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"fc1b18cb392b67f389d6b291d1700dfb5d6e5e5a","unresolved":false,"context_lines":[{"line_number":212,"context_line":"            project_id\u003dproject_id,"},{"line_number":213,"context_line":"            expires\u003dexpires_at_str,"},{"line_number":214,"context_line":"            issued_at\u003dissued_at_str,"},{"line_number":215,"context_line":"            audit_info\u003daudit_ids)"},{"line_number":216,"context_line":""},{"line_number":217,"context_line":"        return (user_id, project_id, token_data)"},{"line_number":218,"context_line":""}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_d7463f7a","line":215,"in_reply_to":"ba7be1f8_3c8f8d76","updated":"2015-02-26 12:41:32.000000000","message":"Correct, that is done in the provider. There is a follow on patch where jorge_munoz adds a bunch of test cases exercising that logic. \n\nhttps://github.com/lbragstad/keystone/blob/e0a87595ba72f7c5d340f016ba7d2815e0d89483/keystone/token/provider.py#L354","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":2903,"name":"Morgan Fainberg","email":"morgan.fainberg@gmail.com","username":"mdrnstm"},"change_message_id":"feaebc4dfb2bfe487cd682a5e5f30bc5c2cd0828","unresolved":false,"context_lines":[{"line_number":212,"context_line":"            project_id\u003dproject_id,"},{"line_number":213,"context_line":"            expires\u003dexpires_at_str,"},{"line_number":214,"context_line":"            issued_at\u003dissued_at_str,"},{"line_number":215,"context_line":"            audit_info\u003daudit_ids)"},{"line_number":216,"context_line":""},{"line_number":217,"context_line":"        return (user_id, project_id, token_data)"},{"line_number":218,"context_line":""}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_3c8f8d76","line":215,"in_reply_to":"ba7be1f8_3edea4dd","updated":"2015-02-26 06:59:03.000000000","message":"At the provider manager level. the driver shouldn\u0027t need to know how to do some of that scary logic.","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":1916,"name":"Guang Yee","email":"gyee@suse.com","username":"guang-yee"},"change_message_id":"96712b83f7298934b9518c303248123d54f6969c","unresolved":false,"context_lines":[{"line_number":220,"context_line":"@dependency.requires(\u0027trust_api\u0027)"},{"line_number":221,"context_line":"class TrustTokenFormatter(BaseTokenFormatter):"},{"line_number":222,"context_line":""},{"line_number":223,"context_line":"    token_format \u003d \u0027KLWT01\u0027"},{"line_number":224,"context_line":""},{"line_number":225,"context_line":"    def __init__(self):"},{"line_number":226,"context_line":"        super(TrustTokenFormatter, self).__init__()"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_5ed998f1","line":223,"updated":"2015-02-26 06:47:58.000000000","message":"global?","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"fc1b18cb392b67f389d6b291d1700dfb5d6e5e5a","unresolved":false,"context_lines":[{"line_number":220,"context_line":"@dependency.requires(\u0027trust_api\u0027)"},{"line_number":221,"context_line":"class TrustTokenFormatter(BaseTokenFormatter):"},{"line_number":222,"context_line":""},{"line_number":223,"context_line":"    token_format \u003d \u0027KLWT01\u0027"},{"line_number":224,"context_line":""},{"line_number":225,"context_line":"    def __init__(self):"},{"line_number":226,"context_line":"        super(TrustTokenFormatter, self).__init__()"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_b7438b6a","line":223,"in_reply_to":"ba7be1f8_5ed998f1","updated":"2015-02-26 12:41:32.000000000","message":"see above.","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":11045,"name":"Bob Thyne","email":"bob.thyne@hp.com","username":"bobt"},"change_message_id":"a32a56f61e4cf80843e69dc557941bb8a3fcd86f","unresolved":false,"context_lines":[{"line_number":254,"context_line":"        \"\"\"Validate a trust formatted token."},{"line_number":255,"context_line":""},{"line_number":256,"context_line":"        :param token_string: a string representing the token"},{"line_number":257,"context_line":"        :return: a dictionary of token data"},{"line_number":258,"context_line":""},{"line_number":259,"context_line":"        \"\"\""},{"line_number":260,"context_line":"        try:"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_c1e3f6d6","line":257,"updated":"2015-02-25 23:41:05.000000000","message":"This method returns a tuple","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"fc1b18cb392b67f389d6b291d1700dfb5d6e5e5a","unresolved":false,"context_lines":[{"line_number":254,"context_line":"        \"\"\"Validate a trust formatted token."},{"line_number":255,"context_line":""},{"line_number":256,"context_line":"        :param token_string: a string representing the token"},{"line_number":257,"context_line":"        :return: a dictionary of token data"},{"line_number":258,"context_line":""},{"line_number":259,"context_line":"        \"\"\""},{"line_number":260,"context_line":"        try:"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_321c096a","line":257,"in_reply_to":"ba7be1f8_c1e3f6d6","updated":"2015-02-26 12:41:32.000000000","message":"Done","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"218e8ebb0cec074e76e133875c70a44474853487","unresolved":false,"context_lines":[{"line_number":20,"context_line":"import six"},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"from keystone.common import dependency"},{"line_number":23,"context_line":"from keystone import config"},{"line_number":24,"context_line":"from keystone import exception"},{"line_number":25,"context_line":"from keystone.i18n import _"},{"line_number":26,"context_line":"from keystone.token.providers import common"}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_b4e5250c","line":23,"updated":"2015-02-27 02:16:18.000000000","message":"change this to\n\n from oslo_config import cfg","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"7672022959e8deac99c2937ec154c2b5a102358d","unresolved":false,"context_lines":[{"line_number":20,"context_line":"import six"},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"from keystone.common import dependency"},{"line_number":23,"context_line":"from keystone import config"},{"line_number":24,"context_line":"from keystone import exception"},{"line_number":25,"context_line":"from keystone.i18n import _"},{"line_number":26,"context_line":"from keystone.token.providers import common"}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_f5ecdb91","line":23,"in_reply_to":"ba7be1f8_b4e5250c","updated":"2015-02-27 16:08:51.000000000","message":"Done","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"218e8ebb0cec074e76e133875c70a44474853487","unresolved":false,"context_lines":[{"line_number":60,"context_line":"        keys \u003d utils.load_keys()"},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"        if not keys:"},{"line_number":63,"context_line":"            msg \u003d _(\u0027No encryption keys found; run keystone-manage klwt_setup \u0027"},{"line_number":64,"context_line":"                    \u0027to bootstrap one.\u0027)"},{"line_number":65,"context_line":"            raise Exception(msg)"},{"line_number":66,"context_line":""}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_f4f07d93","line":63,"updated":"2015-02-27 02:16:18.000000000","message":"coverage report shows this isn\u0027t tested.","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"218e8ebb0cec074e76e133875c70a44474853487","unresolved":false,"context_lines":[{"line_number":136,"context_line":"    token_format \u003d \u0027KLWT00\u0027"},{"line_number":137,"context_line":""},{"line_number":138,"context_line":"    def __init__(self):"},{"line_number":139,"context_line":"        super(StandardTokenFormatter, self).__init__()"},{"line_number":140,"context_line":""},{"line_number":141,"context_line":"    def create_token(self, user_id, project_id, token_data):"},{"line_number":142,"context_line":"        \"\"\"Create a standard formatted token."}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_34a055a5","line":139,"updated":"2015-02-27 02:16:18.000000000","message":"remove this since it\u0027s the default.","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"7672022959e8deac99c2937ec154c2b5a102358d","unresolved":false,"context_lines":[{"line_number":136,"context_line":"    token_format \u003d \u0027KLWT00\u0027"},{"line_number":137,"context_line":""},{"line_number":138,"context_line":"    def __init__(self):"},{"line_number":139,"context_line":"        super(StandardTokenFormatter, self).__init__()"},{"line_number":140,"context_line":""},{"line_number":141,"context_line":"    def create_token(self, user_id, project_id, token_data):"},{"line_number":142,"context_line":"        \"\"\"Create a standard formatted token."}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_758f0bcd","line":139,"in_reply_to":"ba7be1f8_34a055a5","updated":"2015-02-27 16:08:51.000000000","message":"Done","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"218e8ebb0cec074e76e133875c70a44474853487","unresolved":false,"context_lines":[{"line_number":223,"context_line":"    token_format \u003d \u0027KLWT01\u0027"},{"line_number":224,"context_line":""},{"line_number":225,"context_line":"    def __init__(self):"},{"line_number":226,"context_line":"        super(TrustTokenFormatter, self).__init__()"},{"line_number":227,"context_line":""},{"line_number":228,"context_line":"    def create_token(self, user_id, project_id, token_data):"},{"line_number":229,"context_line":"        \"\"\"Create a trust formatted token."}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_34877514","line":226,"updated":"2015-02-27 02:16:18.000000000","message":"remove this method since this is the default.","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"7672022959e8deac99c2937ec154c2b5a102358d","unresolved":false,"context_lines":[{"line_number":223,"context_line":"    token_format \u003d \u0027KLWT01\u0027"},{"line_number":224,"context_line":""},{"line_number":225,"context_line":"    def __init__(self):"},{"line_number":226,"context_line":"        super(TrustTokenFormatter, self).__init__()"},{"line_number":227,"context_line":""},{"line_number":228,"context_line":"    def create_token(self, user_id, project_id, token_data):"},{"line_number":229,"context_line":"        \"\"\"Create a trust formatted token."}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_d5b5177f","line":226,"in_reply_to":"ba7be1f8_34877514","updated":"2015-02-27 16:08:51.000000000","message":"Done","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"9d7f5760cf26456d9436c1ce91dead6bbf510954","unresolved":false,"context_lines":[{"line_number":62,"context_line":"        if not keys:"},{"line_number":63,"context_line":"            msg \u003d _(\u0027No encryption keys found; run keystone-manage klwt_setup \u0027"},{"line_number":64,"context_line":"                    \u0027to bootstrap one.\u0027)"},{"line_number":65,"context_line":"            raise Exception(msg)"},{"line_number":66,"context_line":""},{"line_number":67,"context_line":"        fernet_instances \u003d [fernet.Fernet(key) for key in utils.load_keys()]"},{"line_number":68,"context_line":"        return fernet.MultiFernet(fernet_instances)"}],"source_content_type":"text/x-python","patch_set":31,"id":"ba7be1f8_a6ccc662","line":65,"updated":"2015-03-02 11:27:39.000000000","message":"How about raising something more specific? (not Exception class)","commit_id":"a605e2e4c41636bbd02f75db061b31e6d8177f73"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"e49689ab3f41c2ba8f289870e16a8fc26afbb96e","unresolved":false,"context_lines":[{"line_number":62,"context_line":"        if not keys:"},{"line_number":63,"context_line":"            msg \u003d _(\u0027No encryption keys found; run keystone-manage klwt_setup \u0027"},{"line_number":64,"context_line":"                    \u0027to bootstrap one.\u0027)"},{"line_number":65,"context_line":"            raise Exception(msg)"},{"line_number":66,"context_line":""},{"line_number":67,"context_line":"        fernet_instances \u003d [fernet.Fernet(key) for key in utils.load_keys()]"},{"line_number":68,"context_line":"        return fernet.MultiFernet(fernet_instances)"}],"source_content_type":"text/x-python","patch_set":31,"id":"ba7be1f8_4dc5db3b","line":65,"in_reply_to":"ba7be1f8_a6ccc662","updated":"2015-03-02 16:22:34.000000000","message":"Done","commit_id":"a605e2e4c41636bbd02f75db061b31e6d8177f73"},{"author":{"_account_id":1916,"name":"Guang Yee","email":"gyee@suse.com","username":"guang-yee"},"change_message_id":"e793e5419758b24c37944617852539b96e20b1f6","unresolved":false,"context_lines":[{"line_number":62,"context_line":"        if not keys:"},{"line_number":63,"context_line":"            msg \u003d _(\u0027No encryption keys found; run keystone-manage klwt_setup \u0027"},{"line_number":64,"context_line":"                    \u0027to bootstrap one.\u0027)"},{"line_number":65,"context_line":"            raise Exception(msg)"},{"line_number":66,"context_line":""},{"line_number":67,"context_line":"        fernet_instances \u003d [fernet.Fernet(key) for key in utils.load_keys()]"},{"line_number":68,"context_line":"        return fernet.MultiFernet(fernet_instances)"}],"source_content_type":"text/x-python","patch_set":33,"id":"ba7be1f8_de6b25b7","line":65,"updated":"2015-03-02 20:28:05.000000000","message":"do we need a more specific exception here?","commit_id":"93e17709ac0bc913a5243634d0b064947e344cce"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"b6ad1cff5cbbc9cc5c41dcdef84d8ef2fdefa605","unresolved":false,"context_lines":[{"line_number":62,"context_line":"        if not keys:"},{"line_number":63,"context_line":"            msg \u003d _(\u0027No encryption keys found; run keystone-manage klwt_setup \u0027"},{"line_number":64,"context_line":"                    \u0027to bootstrap one.\u0027)"},{"line_number":65,"context_line":"            raise Exception(msg)"},{"line_number":66,"context_line":""},{"line_number":67,"context_line":"        fernet_instances \u003d [fernet.Fernet(key) for key in utils.load_keys()]"},{"line_number":68,"context_line":"        return fernet.MultiFernet(fernet_instances)"}],"source_content_type":"text/x-python","patch_set":33,"id":"ba7be1f8_6c037310","line":65,"in_reply_to":"ba7be1f8_de6b25b7","updated":"2015-03-02 21:26:56.000000000","message":"Strange, I did this in a previous patch set but I think it must have been overwritten in a rebase. Done.","commit_id":"93e17709ac0bc913a5243634d0b064947e344cce"},{"author":{"_account_id":1916,"name":"Guang Yee","email":"gyee@suse.com","username":"guang-yee"},"change_message_id":"e793e5419758b24c37944617852539b96e20b1f6","unresolved":false,"context_lines":[{"line_number":93,"context_line":"        uuid_obj \u003d uuid.UUID(bytes\u003duuid_byte_string)"},{"line_number":94,"context_line":"        return uuid_obj.hex"},{"line_number":95,"context_line":""},{"line_number":96,"context_line":"    def _convert_time_string_to_int(self, time_string):"},{"line_number":97,"context_line":"        \"\"\"Convert a time formatted string to a timestamp integer."},{"line_number":98,"context_line":""},{"line_number":99,"context_line":"        :param time_string: time formatted string"}],"source_content_type":"text/x-python","patch_set":33,"id":"ba7be1f8_bec03151","line":96,"updated":"2015-03-02 20:28:05.000000000","message":"would be awesome if timeutils provide this functionality","commit_id":"93e17709ac0bc913a5243634d0b064947e344cce"},{"author":{"_account_id":1916,"name":"Guang Yee","email":"gyee@suse.com","username":"guang-yee"},"change_message_id":"e793e5419758b24c37944617852539b96e20b1f6","unresolved":false,"context_lines":[{"line_number":148,"context_line":"            token_data)"},{"line_number":149,"context_line":""},{"line_number":150,"context_line":"        b_user_id \u003d self._convert_uuid_hex_to_bytes(user_id)"},{"line_number":151,"context_line":"        if project_id:"},{"line_number":152,"context_line":"            b_scope_id \u003d self._convert_uuid_hex_to_bytes(project_id)"},{"line_number":153,"context_line":"            token \u003d ("},{"line_number":154,"context_line":"                b_user_id, b_scope_id, issued_at_int, expires_at_int,"}],"source_content_type":"text/x-python","patch_set":33,"id":"ba7be1f8_defb2579","line":151,"updated":"2015-03-02 20:28:05.000000000","message":"no domain-scoped token?","commit_id":"93e17709ac0bc913a5243634d0b064947e344cce"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"b6ad1cff5cbbc9cc5c41dcdef84d8ef2fdefa605","unresolved":false,"context_lines":[{"line_number":148,"context_line":"            token_data)"},{"line_number":149,"context_line":""},{"line_number":150,"context_line":"        b_user_id \u003d self._convert_uuid_hex_to_bytes(user_id)"},{"line_number":151,"context_line":"        if project_id:"},{"line_number":152,"context_line":"            b_scope_id \u003d self._convert_uuid_hex_to_bytes(project_id)"},{"line_number":153,"context_line":"            token \u003d ("},{"line_number":154,"context_line":"                b_user_id, b_scope_id, issued_at_int, expires_at_int,"}],"source_content_type":"text/x-python","patch_set":33,"id":"ba7be1f8_a74e646d","line":151,"in_reply_to":"ba7be1f8_defb2579","updated":"2015-03-02 21:26:56.000000000","message":"Done, see testing in next patch set.","commit_id":"93e17709ac0bc913a5243634d0b064947e344cce"}],"keystone/token/providers/klwt/utils.py":[{"author":{"_account_id":220,"name":"Haneef Ali","email":"haneef.ali@hp.com","username":"haneef"},"change_message_id":"659ff96088e4e75ccaf29d90f559126612f1a579","unresolved":false,"context_lines":[{"line_number":45,"context_line":"            _(\u0027Insufficient permissions on [klw_tokens] key_repository: %s\u0027) %"},{"line_number":46,"context_line":"            (CONF.klw_tokens.key_repository))"},{"line_number":47,"context_line":"        return False"},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"    # ensure the directory cannot be read by anyone"},{"line_number":50,"context_line":"    stat_info \u003d os.stat(CONF.klw_tokens.key_repository)"},{"line_number":51,"context_line":"    if stat_info.st_mode \u0026 stat.S_IROTH or stat_info.st_mode \u0026 stat.S_IXOTH:"}],"source_content_type":"text/x-python","patch_set":13,"id":"da86d52c_fb79c993","line":48,"updated":"2015-02-18 05:16:06.000000000","message":"Do we really need these checks?  I think these are deployer\u0027s job.  If some one has access to this system, they can do much more harm.","commit_id":"ee4e68f10d5b9f987a4f812dc2a5adb32b1d7af1"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"04d3594327d63e7dfb1d028445a7c163863c59b8","unresolved":false,"context_lines":[{"line_number":45,"context_line":"            _(\u0027Insufficient permissions on [klw_tokens] key_repository: %s\u0027) %"},{"line_number":46,"context_line":"            (CONF.klw_tokens.key_repository))"},{"line_number":47,"context_line":"        return False"},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"    # ensure the directory cannot be read by anyone"},{"line_number":50,"context_line":"    stat_info \u003d os.stat(CONF.klw_tokens.key_repository)"},{"line_number":51,"context_line":"    if stat_info.st_mode \u0026 stat.S_IROTH or stat_info.st_mode \u0026 stat.S_IXOTH:"}],"source_content_type":"text/x-python","patch_set":13,"id":"da86d52c_b4f4ad87","line":48,"in_reply_to":"da86d52c_fb79c993","updated":"2015-02-18 15:49:34.000000000","message":"Yes, we do need these because we use them for setting up key repositories for testing. Deployers don\u0027t have to use these tools if they don\u0027t want to but they are nice to have from a developer/tester perspective.","commit_id":"ee4e68f10d5b9f987a4f812dc2a5adb32b1d7af1"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"3dc7fdda2c159e546d910f59fd9f03c73ac5e000","unresolved":false,"context_lines":[{"line_number":1,"context_line":"# Copyright 2012 OpenStack Foundation"},{"line_number":2,"context_line":"#"},{"line_number":3,"context_line":"# Licensed under the Apache License, Version 2.0 (the \"License\"); you may"},{"line_number":4,"context_line":"# not use this file except in compliance with the License. You may obtain"}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_4ffcaab5","line":1,"updated":"2015-02-18 21:05:28.000000000","message":"Was this from an existing file?","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":4,"name":"Dolph Mathews","email":"dolph.mathews@gmail.com","username":"dolph"},"change_message_id":"28929e93c77602fe1e20c3c0f277a7db1ea970f2","unresolved":false,"context_lines":[{"line_number":1,"context_line":"# Copyright 2012 OpenStack Foundation"},{"line_number":2,"context_line":"#"},{"line_number":3,"context_line":"# Licensed under the Apache License, Version 2.0 (the \"License\"); you may"},{"line_number":4,"context_line":"# not use this file except in compliance with the License. You may obtain"}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_a2e45da8","line":1,"in_reply_to":"da86d52c_4ffcaab5","updated":"2015-02-18 21:34:16.000000000","message":"++","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"cbcb07182fd56dd4fed8761cd15127126ed05ac6","unresolved":false,"context_lines":[{"line_number":1,"context_line":"# Copyright 2012 OpenStack Foundation"},{"line_number":2,"context_line":"#"},{"line_number":3,"context_line":"# Licensed under the Apache License, Version 2.0 (the \"License\"); you may"},{"line_number":4,"context_line":"# not use this file except in compliance with the License. You may obtain"}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_c20dd190","line":1,"in_reply_to":"da86d52c_4ffcaab5","updated":"2015-02-18 21:32:20.000000000","message":"Done","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"3dc7fdda2c159e546d910f59fd9f03c73ac5e000","unresolved":false,"context_lines":[{"line_number":41,"context_line":"    if (not os.access(CONF.klw_tokens.key_repository, os.R_OK) or not"},{"line_number":42,"context_line":"            os.access(CONF.klw_tokens.key_repository, os.W_OK) or not"},{"line_number":43,"context_line":"            os.access(CONF.klw_tokens.key_repository, os.X_OK)):"},{"line_number":44,"context_line":"        LOG.error("},{"line_number":45,"context_line":"            _(\u0027Insufficient permissions on [klw_tokens] key_repository: %s\u0027) %"},{"line_number":46,"context_line":"            (CONF.klw_tokens.key_repository))"},{"line_number":47,"context_line":"        return False"}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_4f13ca00","line":44,"updated":"2015-02-18 21:05:28.000000000","message":"don\u0027t use the % operator in log statements","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"af916cd05e6b7e8602d491386a5bf64c9e4df867","unresolved":false,"context_lines":[{"line_number":41,"context_line":"    if (not os.access(CONF.klw_tokens.key_repository, os.R_OK) or not"},{"line_number":42,"context_line":"            os.access(CONF.klw_tokens.key_repository, os.W_OK) or not"},{"line_number":43,"context_line":"            os.access(CONF.klw_tokens.key_repository, os.X_OK)):"},{"line_number":44,"context_line":"        LOG.error("},{"line_number":45,"context_line":"            _(\u0027Insufficient permissions on [klw_tokens] key_repository: %s\u0027) %"},{"line_number":46,"context_line":"            (CONF.klw_tokens.key_repository))"},{"line_number":47,"context_line":"        return False"}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_20d785ef","line":44,"in_reply_to":"da86d52c_4589eb6d","updated":"2015-02-18 23:03:25.000000000","message":"Done","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":4,"name":"Dolph Mathews","email":"dolph.mathews@gmail.com","username":"dolph"},"change_message_id":"28929e93c77602fe1e20c3c0f277a7db1ea970f2","unresolved":false,"context_lines":[{"line_number":41,"context_line":"    if (not os.access(CONF.klw_tokens.key_repository, os.R_OK) or not"},{"line_number":42,"context_line":"            os.access(CONF.klw_tokens.key_repository, os.W_OK) or not"},{"line_number":43,"context_line":"            os.access(CONF.klw_tokens.key_repository, os.X_OK)):"},{"line_number":44,"context_line":"        LOG.error("},{"line_number":45,"context_line":"            _(\u0027Insufficient permissions on [klw_tokens] key_repository: %s\u0027) %"},{"line_number":46,"context_line":"            (CONF.klw_tokens.key_repository))"},{"line_number":47,"context_line":"        return False"}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_82f3d971","line":44,"in_reply_to":"da86d52c_4f13ca00","updated":"2015-02-18 21:34:16.000000000","message":"i thought that was only if you have more than one formatted string (when they become ambiguous post-translation). is there another reason to avoid them?","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"f345c248b5859d90b2ca16fe826a41a242b11314","unresolved":false,"context_lines":[{"line_number":41,"context_line":"    if (not os.access(CONF.klw_tokens.key_repository, os.R_OK) or not"},{"line_number":42,"context_line":"            os.access(CONF.klw_tokens.key_repository, os.W_OK) or not"},{"line_number":43,"context_line":"            os.access(CONF.klw_tokens.key_repository, os.X_OK)):"},{"line_number":44,"context_line":"        LOG.error("},{"line_number":45,"context_line":"            _(\u0027Insufficient permissions on [klw_tokens] key_repository: %s\u0027) %"},{"line_number":46,"context_line":"            (CONF.klw_tokens.key_repository))"},{"line_number":47,"context_line":"        return False"}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_4589eb6d","line":44,"in_reply_to":"da86d52c_82f3d971","updated":"2015-02-18 21:49:06.000000000","message":"If you use the % it will always be rendered to a string. Using a comma instead makes it lazy. It usually results is better performance in some situations, but if we always do it as logging documents then we\u0027ll never have to care.","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"3dc7fdda2c159e546d910f59fd9f03c73ac5e000","unresolved":false,"context_lines":[{"line_number":49,"context_line":"    # ensure the directory cannot be read by anyone"},{"line_number":50,"context_line":"    stat_info \u003d os.stat(CONF.klw_tokens.key_repository)"},{"line_number":51,"context_line":"    if stat_info.st_mode \u0026 stat.S_IROTH or stat_info.st_mode \u0026 stat.S_IXOTH:"},{"line_number":52,"context_line":"        LOG.warning(_LW(\u0027[klw_tokens] key_repository is world readable: %s\u0027) %"},{"line_number":53,"context_line":"                    (CONF.klw_tokens.key_repository))"},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"    return True"}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_cfdeda3d","line":52,"updated":"2015-02-18 21:05:28.000000000","message":"here too","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"af916cd05e6b7e8602d491386a5bf64c9e4df867","unresolved":false,"context_lines":[{"line_number":49,"context_line":"    # ensure the directory cannot be read by anyone"},{"line_number":50,"context_line":"    stat_info \u003d os.stat(CONF.klw_tokens.key_repository)"},{"line_number":51,"context_line":"    if stat_info.st_mode \u0026 stat.S_IROTH or stat_info.st_mode \u0026 stat.S_IXOTH:"},{"line_number":52,"context_line":"        LOG.warning(_LW(\u0027[klw_tokens] key_repository is world readable: %s\u0027) %"},{"line_number":53,"context_line":"                    (CONF.klw_tokens.key_repository))"},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"    return True"}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_40d479e8","line":52,"in_reply_to":"da86d52c_cfdeda3d","updated":"2015-02-18 23:03:25.000000000","message":"Done","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"3dc7fdda2c159e546d910f59fd9f03c73ac5e000","unresolved":false,"context_lines":[{"line_number":67,"context_line":""},{"line_number":68,"context_line":"    # FIXME(dolph): race condition where a primary key is added but not"},{"line_number":69,"context_line":"    # readable by the running keystone user"},{"line_number":70,"context_line":"    for dirpath, dirnames, fnames in os.walk(CONF.klw_tokens.key_repository):"},{"line_number":71,"context_line":"        for f in fnames:"},{"line_number":72,"context_line":"            os.chown("},{"line_number":73,"context_line":"                os.path.join(dirpath, f), keystone_user_id, keystone_group_id)"}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_8fbf82cf","line":70,"updated":"2015-02-18 21:05:28.000000000","message":"Do you have to do this recursively or just at the first level?","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":4,"name":"Dolph Mathews","email":"dolph.mathews@gmail.com","username":"dolph"},"change_message_id":"28929e93c77602fe1e20c3c0f277a7db1ea970f2","unresolved":false,"context_lines":[{"line_number":67,"context_line":""},{"line_number":68,"context_line":"    # FIXME(dolph): race condition where a primary key is added but not"},{"line_number":69,"context_line":"    # readable by the running keystone user"},{"line_number":70,"context_line":"    for dirpath, dirnames, fnames in os.walk(CONF.klw_tokens.key_repository):"},{"line_number":71,"context_line":"        for f in fnames:"},{"line_number":72,"context_line":"            os.chown("},{"line_number":73,"context_line":"                os.path.join(dirpath, f), keystone_user_id, keystone_group_id)"}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_c2a07144","line":70,"in_reply_to":"da86d52c_8fbf82cf","updated":"2015-02-18 21:34:16.000000000","message":"just at the first level - i could have sworn there was a more efficient way to do it, but couldn\u0027t recall it?","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"f345c248b5859d90b2ca16fe826a41a242b11314","unresolved":false,"context_lines":[{"line_number":67,"context_line":""},{"line_number":68,"context_line":"    # FIXME(dolph): race condition where a primary key is added but not"},{"line_number":69,"context_line":"    # readable by the running keystone user"},{"line_number":70,"context_line":"    for dirpath, dirnames, fnames in os.walk(CONF.klw_tokens.key_repository):"},{"line_number":71,"context_line":"        for f in fnames:"},{"line_number":72,"context_line":"            os.chown("},{"line_number":73,"context_line":"                os.path.join(dirpath, f), keystone_user_id, keystone_group_id)"}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_a50b87d3","line":70,"in_reply_to":"da86d52c_c2a07144","updated":"2015-02-18 21:49:06.000000000","message":"you can os.listdir and then os.path.isfile. I don\u0027t know if that is any more efficient, but it may be clearer.","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"3dc7fdda2c159e546d910f59fd9f03c73ac5e000","unresolved":false,"context_lines":[{"line_number":143,"context_line":"    finally:"},{"line_number":144,"context_line":"        os.umask(old_umask)"},{"line_number":145,"context_line":""},{"line_number":146,"context_line":"    # demote excess active keys"},{"line_number":147,"context_line":"    active_keys.sort()"},{"line_number":148,"context_line":"    while len(active_keys) \u003e\u003d CONF.klw_tokens.max_active_keys:"},{"line_number":149,"context_line":"        version \u003d active_keys.pop(0)"}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_8f306257","line":146,"updated":"2015-02-18 21:05:28.000000000","message":"Why do the active keys have to be sorted?","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"f345c248b5859d90b2ca16fe826a41a242b11314","unresolved":false,"context_lines":[{"line_number":143,"context_line":"    finally:"},{"line_number":144,"context_line":"        os.umask(old_umask)"},{"line_number":145,"context_line":""},{"line_number":146,"context_line":"    # demote excess active keys"},{"line_number":147,"context_line":"    active_keys.sort()"},{"line_number":148,"context_line":"    while len(active_keys) \u003e\u003d CONF.klw_tokens.max_active_keys:"},{"line_number":149,"context_line":"        version \u003d active_keys.pop(0)"}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_05e4530b","line":146,"in_reply_to":"da86d52c_6263451a","updated":"2015-02-18 21:49:06.000000000","message":"Ah, I see what you are doing there. The \u0027while\u0027 short circuits based on being under the max. I read that as always looping over all of the keys.","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":4,"name":"Dolph Mathews","email":"dolph.mathews@gmail.com","username":"dolph"},"change_message_id":"28929e93c77602fe1e20c3c0f277a7db1ea970f2","unresolved":false,"context_lines":[{"line_number":143,"context_line":"    finally:"},{"line_number":144,"context_line":"        os.umask(old_umask)"},{"line_number":145,"context_line":""},{"line_number":146,"context_line":"    # demote excess active keys"},{"line_number":147,"context_line":"    active_keys.sort()"},{"line_number":148,"context_line":"    while len(active_keys) \u003e\u003d CONF.klw_tokens.max_active_keys:"},{"line_number":149,"context_line":"        version \u003d active_keys.pop(0)"}],"source_content_type":"text/x-python","patch_set":16,"id":"da86d52c_6263451a","line":146,"in_reply_to":"da86d52c_8f306257","updated":"2015-02-18 21:34:16.000000000","message":"to demote the oldest active keys. the code based on cryptography.fernet might make this a tiny bit more clear since it uses slicing instead of a while loop to achieve the same behavior:\n\n  https://review.openstack.org/#/c/156657/8/keystone/token/providers/klwt/utils.py","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":13152,"name":"Jorge Munoz","email":"elkidster@gmail.com","username":"jmunoz"},"change_message_id":"23dc5b64f9133c8feb8af77cbe53d825ba69dd42","unresolved":false,"context_lines":[{"line_number":75,"context_line":"                keystone_group_id)"},{"line_number":76,"context_line":""},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"def _create_new_key(keystone_user_id, keystone_group_id):"},{"line_number":79,"context_line":"    \"\"\"Securely create a new encryption key.\"\"\""},{"line_number":80,"context_line":"    key \u003d fernet.Fernet.generate_key()"},{"line_number":81,"context_line":""}],"source_content_type":"text/x-python","patch_set":21,"id":"ba7be1f8_d83a8033","line":78,"updated":"2015-02-23 17:32:24.000000000","message":"Can you please elaborate in the doc string on how the key is created? Ex: \nHow umask is set to with 0o177  to set permissions for writing the new key to the key file.","commit_id":"a53a622706c89d537f87175c80f0fb1f2287f82e"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"1dd9b480cf52de12e9a8f6657cc64e0fa04abd77","unresolved":false,"context_lines":[{"line_number":75,"context_line":"                keystone_group_id)"},{"line_number":76,"context_line":""},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"def _create_new_key(keystone_user_id, keystone_group_id):"},{"line_number":79,"context_line":"    \"\"\"Securely create a new encryption key.\"\"\""},{"line_number":80,"context_line":"    key \u003d fernet.Fernet.generate_key()"},{"line_number":81,"context_line":""}],"source_content_type":"text/x-python","patch_set":21,"id":"ba7be1f8_06b832c7","line":78,"in_reply_to":"ba7be1f8_d83a8033","updated":"2015-02-23 21:45:44.000000000","message":"Done","commit_id":"a53a622706c89d537f87175c80f0fb1f2287f82e"},{"author":{"_account_id":11045,"name":"Bob Thyne","email":"bob.thyne@hp.com","username":"bobt"},"change_message_id":"a32a56f61e4cf80843e69dc557941bb8a3fcd86f","unresolved":false,"context_lines":[{"line_number":28,"context_line":"def validate_key_repository():"},{"line_number":29,"context_line":"    \"\"\"Validate permissions on the key repository directory.\"\"\""},{"line_number":30,"context_line":"    # we need a key directory to proceed at all"},{"line_number":31,"context_line":"    if CONF.klw_tokens.key_repository is None:"},{"line_number":32,"context_line":"        LOG.error(_LE("},{"line_number":33,"context_line":"            \u0027Set [klw_tokens] key_repository to the directory where \u0027"},{"line_number":34,"context_line":"            \u0027Keystone should store encryption keys.\u0027))"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_8643d4ad","line":31,"updated":"2015-02-25 23:41:05.000000000","message":"Are we calling it KLWT or klw_tokens or are these terms referring to completing different things?","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"fc1b18cb392b67f389d6b291d1700dfb5d6e5e5a","unresolved":false,"context_lines":[{"line_number":28,"context_line":"def validate_key_repository():"},{"line_number":29,"context_line":"    \"\"\"Validate permissions on the key repository directory.\"\"\""},{"line_number":30,"context_line":"    # we need a key directory to proceed at all"},{"line_number":31,"context_line":"    if CONF.klw_tokens.key_repository is None:"},{"line_number":32,"context_line":"        LOG.error(_LE("},{"line_number":33,"context_line":"            \u0027Set [klw_tokens] key_repository to the directory where \u0027"},{"line_number":34,"context_line":"            \u0027Keystone should store encryption keys.\u0027))"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_d27e4d69","line":31,"in_reply_to":"ba7be1f8_8643d4ad","updated":"2015-02-26 12:41:32.000000000","message":"No, they are referring to the same time. I\u0027d like to wait to figure out what we\u0027re going to officially call this. I\u0027d be happy to rename though once we do.","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":1916,"name":"Guang Yee","email":"gyee@suse.com","username":"guang-yee"},"change_message_id":"96712b83f7298934b9518c303248123d54f6969c","unresolved":false,"context_lines":[{"line_number":37,"context_line":"    # ensure current user has full access to the key repository"},{"line_number":38,"context_line":"    if (not os.access(CONF.klw_tokens.key_repository, os.R_OK) or not"},{"line_number":39,"context_line":"            os.access(CONF.klw_tokens.key_repository, os.W_OK) or not"},{"line_number":40,"context_line":"            os.access(CONF.klw_tokens.key_repository, os.X_OK)):"},{"line_number":41,"context_line":"        LOG.error("},{"line_number":42,"context_line":"            _(\u0027Either [klw_tokens] key_repository does not exist or Keystone \u0027"},{"line_number":43,"context_line":"              \u0027does not have sufficient permission to access it: %s\u0027),"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_9ef6b05b","line":40,"updated":"2015-02-26 06:47:58.000000000","message":"why X_OK? Are we executing anything in that dir?","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":2903,"name":"Morgan Fainberg","email":"morgan.fainberg@gmail.com","username":"mdrnstm"},"change_message_id":"feaebc4dfb2bfe487cd682a5e5f30bc5c2cd0828","unresolved":false,"context_lines":[{"line_number":37,"context_line":"    # ensure current user has full access to the key repository"},{"line_number":38,"context_line":"    if (not os.access(CONF.klw_tokens.key_repository, os.R_OK) or not"},{"line_number":39,"context_line":"            os.access(CONF.klw_tokens.key_repository, os.W_OK) or not"},{"line_number":40,"context_line":"            os.access(CONF.klw_tokens.key_repository, os.X_OK)):"},{"line_number":41,"context_line":"        LOG.error("},{"line_number":42,"context_line":"            _(\u0027Either [klw_tokens] key_repository does not exist or Keystone \u0027"},{"line_number":43,"context_line":"              \u0027does not have sufficient permission to access it: %s\u0027),"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_dcccb1bd","line":40,"in_reply_to":"ba7be1f8_9ef6b05b","updated":"2015-02-26 06:59:03.000000000","message":"It depends on how you access the dir:\n\n    nullptr:keystone morgan$ cd test\n    nullptr:test morgan$ touch a\n    nullptr:test morgan$ cd ..\n    nullptr:keystone morgan$ chmod -x test\n    nullptr:keystone morgan$ ls test\n    a\n    nullptr:keystone morgan$ \n    nullptr:keystone morgan$ ls test/*\n    ls: test/a: Permission denied\n    nullptr:keystone morgan$ ls -al test/\n    ls: .: Permission denied\n    ls: ..: Permission denied\n    ls: a: Permission denied\n    nullptr:keystone morgan$ ls -l test\n    ls: a: Permission denied\n\n\nLets just make it easy to work with in the various modes here.","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":11045,"name":"Bob Thyne","email":"bob.thyne@hp.com","username":"bobt"},"change_message_id":"a32a56f61e4cf80843e69dc557941bb8a3fcd86f","unresolved":false,"context_lines":[{"line_number":106,"context_line":"    LOG.info(_LI(\u0027Created a new key: %s\u0027), key_file)"},{"line_number":107,"context_line":""},{"line_number":108,"context_line":""},{"line_number":109,"context_line":"def initialize_key_repository(keystone_user_id\u003dNone, keystone_group_id\u003dNone):"},{"line_number":110,"context_line":"    \"\"\"Create a key repository and bootstrap it with a key.\"\"\""},{"line_number":111,"context_line":"    # make sure we have work to do before proceeding"},{"line_number":112,"context_line":"    if os.access(os.path.join(CONF.klw_tokens.key_repository, \u00270\u0027), os.F_OK):"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_a6637840","line":109,"updated":"2015-02-25 23:41:05.000000000","message":"doc string for parameters?","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"fc1b18cb392b67f389d6b291d1700dfb5d6e5e5a","unresolved":false,"context_lines":[{"line_number":106,"context_line":"    LOG.info(_LI(\u0027Created a new key: %s\u0027), key_file)"},{"line_number":107,"context_line":""},{"line_number":108,"context_line":""},{"line_number":109,"context_line":"def initialize_key_repository(keystone_user_id\u003dNone, keystone_group_id\u003dNone):"},{"line_number":110,"context_line":"    \"\"\"Create a key repository and bootstrap it with a key.\"\"\""},{"line_number":111,"context_line":"    # make sure we have work to do before proceeding"},{"line_number":112,"context_line":"    if os.access(os.path.join(CONF.klw_tokens.key_repository, \u00270\u0027), os.F_OK):"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_923db591","line":109,"in_reply_to":"ba7be1f8_a6637840","updated":"2015-02-26 12:41:32.000000000","message":"Done","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":11045,"name":"Bob Thyne","email":"bob.thyne@hp.com","username":"bobt"},"change_message_id":"a32a56f61e4cf80843e69dc557941bb8a3fcd86f","unresolved":false,"context_lines":[{"line_number":117,"context_line":"    _create_new_key(keystone_user_id, keystone_group_id)"},{"line_number":118,"context_line":""},{"line_number":119,"context_line":""},{"line_number":120,"context_line":"def rotate_keys(keystone_user_id\u003dNone, keystone_group_id\u003dNone):"},{"line_number":121,"context_line":"    \"\"\"Create a new primary key and revoke excess active keys."},{"line_number":122,"context_line":""},{"line_number":123,"context_line":"    Key rotation utilizes the following behaviors:"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_4652bc67","line":120,"updated":"2015-02-25 23:41:05.000000000","message":"doc string","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"fc1b18cb392b67f389d6b291d1700dfb5d6e5e5a","unresolved":false,"context_lines":[{"line_number":117,"context_line":"    _create_new_key(keystone_user_id, keystone_group_id)"},{"line_number":118,"context_line":""},{"line_number":119,"context_line":""},{"line_number":120,"context_line":"def rotate_keys(keystone_user_id\u003dNone, keystone_group_id\u003dNone):"},{"line_number":121,"context_line":"    \"\"\"Create a new primary key and revoke excess active keys."},{"line_number":122,"context_line":""},{"line_number":123,"context_line":"    Key rotation utilizes the following behaviors:"}],"source_content_type":"text/x-python","patch_set":24,"id":"ba7be1f8_b240f907","line":120,"in_reply_to":"ba7be1f8_4652bc67","updated":"2015-02-26 12:41:32.000000000","message":"Done","commit_id":"8f7b0825fa3b573ad358e4052de37c167bd709c4"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"90a8346768915f715ad8bef703d9ecefc77df7bc","unresolved":false,"context_lines":[{"line_number":16,"context_line":"from cryptography import fernet"},{"line_number":17,"context_line":"from oslo_log import log"},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"from keystone import config"},{"line_number":20,"context_line":"from keystone.i18n import _, _LE, _LW, _LI"},{"line_number":21,"context_line":""},{"line_number":22,"context_line":""}],"source_content_type":"text/x-python","patch_set":25,"id":"ba7be1f8_28ac9c8b","line":19,"updated":"2015-02-26 15:04:02.000000000","message":"Should be \"from oslo_config import cfg\". See I60c8d2c577d37b9b8a367b46596154ce6c49fff4","commit_id":"1858739d368fff8e0d22f17ad9d22f95c92b76e9"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"f6f98d21e20651916a5b4a1d301c09cae25e32b9","unresolved":false,"context_lines":[{"line_number":16,"context_line":"from cryptography import fernet"},{"line_number":17,"context_line":"from oslo_log import log"},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"from keystone import config"},{"line_number":20,"context_line":"from keystone.i18n import _, _LE, _LW, _LI"},{"line_number":21,"context_line":""},{"line_number":22,"context_line":""}],"source_content_type":"text/x-python","patch_set":25,"id":"ba7be1f8_e2da9c76","line":19,"in_reply_to":"ba7be1f8_28ac9c8b","updated":"2015-02-26 15:49:44.000000000","message":"Done","commit_id":"1858739d368fff8e0d22f17ad9d22f95c92b76e9"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"90a8346768915f715ad8bef703d9ecefc77df7bc","unresolved":false,"context_lines":[{"line_number":39,"context_line":"            os.access(CONF.klw_tokens.key_repository, os.W_OK) or not"},{"line_number":40,"context_line":"            os.access(CONF.klw_tokens.key_repository, os.X_OK)):"},{"line_number":41,"context_line":"        LOG.error("},{"line_number":42,"context_line":"            _(\u0027Either [klw_tokens] key_repository does not exist or Keystone \u0027"},{"line_number":43,"context_line":"              \u0027does not have sufficient permission to access it: %s\u0027),"},{"line_number":44,"context_line":"            CONF.klw_tokens.key_repository)"},{"line_number":45,"context_line":"        return False"}],"source_content_type":"text/x-python","patch_set":25,"id":"ba7be1f8_88e3c8d7","line":42,"updated":"2015-02-26 15:04:02.000000000","message":"Why not _LE here?","commit_id":"1858739d368fff8e0d22f17ad9d22f95c92b76e9"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"f6f98d21e20651916a5b4a1d301c09cae25e32b9","unresolved":false,"context_lines":[{"line_number":39,"context_line":"            os.access(CONF.klw_tokens.key_repository, os.W_OK) or not"},{"line_number":40,"context_line":"            os.access(CONF.klw_tokens.key_repository, os.X_OK)):"},{"line_number":41,"context_line":"        LOG.error("},{"line_number":42,"context_line":"            _(\u0027Either [klw_tokens] key_repository does not exist or Keystone \u0027"},{"line_number":43,"context_line":"              \u0027does not have sufficient permission to access it: %s\u0027),"},{"line_number":44,"context_line":"            CONF.klw_tokens.key_repository)"},{"line_number":45,"context_line":"        return False"}],"source_content_type":"text/x-python","patch_set":25,"id":"ba7be1f8_82c9e0ad","line":42,"in_reply_to":"ba7be1f8_88e3c8d7","updated":"2015-02-26 15:49:44.000000000","message":"Done","commit_id":"1858739d368fff8e0d22f17ad9d22f95c92b76e9"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"90a8346768915f715ad8bef703d9ecefc77df7bc","unresolved":false,"context_lines":[{"line_number":68,"context_line":"                \u0027already exists or you don\\\u0027t have sufficient permissions to \u0027"},{"line_number":69,"context_line":"                \u0027create it\u0027))"},{"line_number":70,"context_line":""},{"line_number":71,"context_line":"        if keystone_user_id or keystone_group_id:"},{"line_number":72,"context_line":"            os.chown("},{"line_number":73,"context_line":"                CONF.klw_tokens.key_repository,"},{"line_number":74,"context_line":"                keystone_user_id,"}],"source_content_type":"text/x-python","patch_set":25,"id":"ba7be1f8_51f17869","line":71,"updated":"2015-02-26 15:04:02.000000000","message":"The problem here is that the user_id and group_id must both have integer values or chown() will raise a TypeError.","commit_id":"1858739d368fff8e0d22f17ad9d22f95c92b76e9"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"f6f98d21e20651916a5b4a1d301c09cae25e32b9","unresolved":false,"context_lines":[{"line_number":68,"context_line":"                \u0027already exists or you don\\\u0027t have sufficient permissions to \u0027"},{"line_number":69,"context_line":"                \u0027create it\u0027))"},{"line_number":70,"context_line":""},{"line_number":71,"context_line":"        if keystone_user_id or keystone_group_id:"},{"line_number":72,"context_line":"            os.chown("},{"line_number":73,"context_line":"                CONF.klw_tokens.key_repository,"},{"line_number":74,"context_line":"                keystone_user_id,"}],"source_content_type":"text/x-python","patch_set":25,"id":"ba7be1f8_fd7f9da8","line":71,"in_reply_to":"ba7be1f8_51f17869","updated":"2015-02-26 15:49:44.000000000","message":"Done","commit_id":"1858739d368fff8e0d22f17ad9d22f95c92b76e9"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"90a8346768915f715ad8bef703d9ecefc77df7bc","unresolved":false,"context_lines":[{"line_number":87,"context_line":"    if keystone_user_id or keystone_group_id:"},{"line_number":88,"context_line":"        old_egid \u003d os.getegid()"},{"line_number":89,"context_line":"        old_euid \u003d os.geteuid()"},{"line_number":90,"context_line":"        os.setegid(keystone_group_id)"},{"line_number":91,"context_line":"        os.seteuid(keystone_user_id)"},{"line_number":92,"context_line":"    # Determine the file name of the new key"},{"line_number":93,"context_line":"    key_file \u003d os.path.join(CONF.klw_tokens.key_repository, \u00270\u0027)"}],"source_content_type":"text/x-python","patch_set":25,"id":"ba7be1f8_b16f14fb","line":90,"updated":"2015-02-26 15:04:02.000000000","message":"setegid() and seteuid() will raise a TypeError if an integer is not provided.","commit_id":"1858739d368fff8e0d22f17ad9d22f95c92b76e9"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"f6f98d21e20651916a5b4a1d301c09cae25e32b9","unresolved":false,"context_lines":[{"line_number":87,"context_line":"    if keystone_user_id or keystone_group_id:"},{"line_number":88,"context_line":"        old_egid \u003d os.getegid()"},{"line_number":89,"context_line":"        old_euid \u003d os.geteuid()"},{"line_number":90,"context_line":"        os.setegid(keystone_group_id)"},{"line_number":91,"context_line":"        os.seteuid(keystone_user_id)"},{"line_number":92,"context_line":"    # Determine the file name of the new key"},{"line_number":93,"context_line":"    key_file \u003d os.path.join(CONF.klw_tokens.key_repository, \u00270\u0027)"}],"source_content_type":"text/x-python","patch_set":25,"id":"ba7be1f8_083351f6","line":90,"in_reply_to":"ba7be1f8_b16f14fb","updated":"2015-02-26 15:49:44.000000000","message":"Done","commit_id":"1858739d368fff8e0d22f17ad9d22f95c92b76e9"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"90a8346768915f715ad8bef703d9ecefc77df7bc","unresolved":false,"context_lines":[{"line_number":122,"context_line":"    _create_new_key(keystone_user_id, keystone_group_id)"},{"line_number":123,"context_line":""},{"line_number":124,"context_line":""},{"line_number":125,"context_line":"def rotate_keys(keystone_user_id\u003dNone, keystone_group_id\u003dNone):"},{"line_number":126,"context_line":"    \"\"\"Create a new primary key and revoke excess active keys."},{"line_number":127,"context_line":""},{"line_number":128,"context_line":"    :param keystone_user_id: User ID of the Keystone user."}],"source_content_type":"text/x-python","patch_set":25,"id":"ba7be1f8_572ec8fb","line":125,"updated":"2015-02-26 15:04:02.000000000","message":"I realize it\u0027s a long way out, but what happens when a deployer gets to sys.maxint?","commit_id":"1858739d368fff8e0d22f17ad9d22f95c92b76e9"},{"author":{"_account_id":4,"name":"Dolph Mathews","email":"dolph.mathews@gmail.com","username":"dolph"},"change_message_id":"1eff855d6c724db28e311f5d09cfb17b244556c5","unresolved":false,"context_lines":[{"line_number":122,"context_line":"    _create_new_key(keystone_user_id, keystone_group_id)"},{"line_number":123,"context_line":""},{"line_number":124,"context_line":""},{"line_number":125,"context_line":"def rotate_keys(keystone_user_id\u003dNone, keystone_group_id\u003dNone):"},{"line_number":126,"context_line":"    \"\"\"Create a new primary key and revoke excess active keys."},{"line_number":127,"context_line":""},{"line_number":128,"context_line":"    :param keystone_user_id: User ID of the Keystone user."}],"source_content_type":"text/x-python","patch_set":25,"id":"ba7be1f8_2b93a550","line":125,"in_reply_to":"ba7be1f8_572ec8fb","updated":"2015-02-26 19:46:21.000000000","message":"deployer needs an intervention?","commit_id":"1858739d368fff8e0d22f17ad9d22f95c92b76e9"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"90a8346768915f715ad8bef703d9ecefc77df7bc","unresolved":false,"context_lines":[{"line_number":143,"context_line":"    \"\"\""},{"line_number":144,"context_line":"    # read the list of key files"},{"line_number":145,"context_line":"    key_files \u003d dict()"},{"line_number":146,"context_line":"    # TODO(dolph): use os.listdir and then os.path.isfile (courtesy dstanek)"},{"line_number":147,"context_line":"    for dirpath, dirnames, fnames in os.walk(CONF.klw_tokens.key_repository):"},{"line_number":148,"context_line":"        for filename in fnames:"},{"line_number":149,"context_line":"            key_files[int(filename)] \u003d os.path.join(dirpath, str(filename))"}],"source_content_type":"text/x-python","patch_set":25,"id":"ba7be1f8_34995279","line":146,"updated":"2015-02-26 15:04:02.000000000","message":"Look ma, I\u0027m OpenStack famous!","commit_id":"1858739d368fff8e0d22f17ad9d22f95c92b76e9"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"f6f98d21e20651916a5b4a1d301c09cae25e32b9","unresolved":false,"context_lines":[{"line_number":143,"context_line":"    \"\"\""},{"line_number":144,"context_line":"    # read the list of key files"},{"line_number":145,"context_line":"    key_files \u003d dict()"},{"line_number":146,"context_line":"    # TODO(dolph): use os.listdir and then os.path.isfile (courtesy dstanek)"},{"line_number":147,"context_line":"    for dirpath, dirnames, fnames in os.walk(CONF.klw_tokens.key_repository):"},{"line_number":148,"context_line":"        for filename in fnames:"},{"line_number":149,"context_line":"            key_files[int(filename)] \u003d os.path.join(dirpath, str(filename))"}],"source_content_type":"text/x-python","patch_set":25,"id":"ba7be1f8_82400008","line":146,"in_reply_to":"ba7be1f8_34995279","updated":"2015-02-26 15:49:44.000000000","message":"++","commit_id":"1858739d368fff8e0d22f17ad9d22f95c92b76e9"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"90a8346768915f715ad8bef703d9ecefc77df7bc","unresolved":false,"context_lines":[{"line_number":152,"context_line":"        \u0027count\u0027: len(key_files),"},{"line_number":153,"context_line":"        \u0027list\u0027: key_files.values()})"},{"line_number":154,"context_line":""},{"line_number":155,"context_line":"    # determine the number of the new primary key"},{"line_number":156,"context_line":"    current_primary_key \u003d max(key_files.keys())"},{"line_number":157,"context_line":"    LOG.info(_LI(\u0027Current primary key is: %s\u0027), current_primary_key)"},{"line_number":158,"context_line":"    new_primary_key \u003d current_primary_key + 1"}],"source_content_type":"text/x-python","patch_set":25,"id":"ba7be1f8_f45b3a51","line":155,"updated":"2015-02-26 15:04:02.000000000","message":"the current_primary_key and new_primary_key names don\u0027t make sense to me because as i understand the primary key is always 0","commit_id":"1858739d368fff8e0d22f17ad9d22f95c92b76e9"},{"author":{"_account_id":4,"name":"Dolph Mathews","email":"dolph.mathews@gmail.com","username":"dolph"},"change_message_id":"1eff855d6c724db28e311f5d09cfb17b244556c5","unresolved":false,"context_lines":[{"line_number":152,"context_line":"        \u0027count\u0027: len(key_files),"},{"line_number":153,"context_line":"        \u0027list\u0027: key_files.values()})"},{"line_number":154,"context_line":""},{"line_number":155,"context_line":"    # determine the number of the new primary key"},{"line_number":156,"context_line":"    current_primary_key \u003d max(key_files.keys())"},{"line_number":157,"context_line":"    LOG.info(_LI(\u0027Current primary key is: %s\u0027), current_primary_key)"},{"line_number":158,"context_line":"    new_primary_key \u003d current_primary_key + 1"}],"source_content_type":"text/x-python","patch_set":25,"id":"ba7be1f8_ebed0db9","line":155,"in_reply_to":"ba7be1f8_a4cc296b","updated":"2015-02-26 19:46:21.000000000","message":"the explanation in L183 explains the pre-generation. in a multinode setup, you need to recognize a new key before promoting it to be the primary. else, a node will start issuing tokens with a new key before other nodes are aware of the key, so you\u0027ll run into transient errors in a load balanced environment: token A is valid! token A is valid! token A is INVALID! token A is valid!","commit_id":"1858739d368fff8e0d22f17ad9d22f95c92b76e9"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"d3c62802d1399848a4c318e18e24fea770c291be","unresolved":false,"context_lines":[{"line_number":152,"context_line":"        \u0027count\u0027: len(key_files),"},{"line_number":153,"context_line":"        \u0027list\u0027: key_files.values()})"},{"line_number":154,"context_line":""},{"line_number":155,"context_line":"    # determine the number of the new primary key"},{"line_number":156,"context_line":"    current_primary_key \u003d max(key_files.keys())"},{"line_number":157,"context_line":"    LOG.info(_LI(\u0027Current primary key is: %s\u0027), current_primary_key)"},{"line_number":158,"context_line":"    new_primary_key \u003d current_primary_key + 1"}],"source_content_type":"text/x-python","patch_set":25,"id":"ba7be1f8_a4cc296b","line":155,"in_reply_to":"ba7be1f8_bd28c5e2","updated":"2015-02-26 18:02:53.000000000","message":"Hmm... So we are pre-generating the next primary key instead of doing it at rotation time? Doesn\u0027t that make the first rotation useless?","commit_id":"1858739d368fff8e0d22f17ad9d22f95c92b76e9"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"f6f98d21e20651916a5b4a1d301c09cae25e32b9","unresolved":false,"context_lines":[{"line_number":152,"context_line":"        \u0027count\u0027: len(key_files),"},{"line_number":153,"context_line":"        \u0027list\u0027: key_files.values()})"},{"line_number":154,"context_line":""},{"line_number":155,"context_line":"    # determine the number of the new primary key"},{"line_number":156,"context_line":"    current_primary_key \u003d max(key_files.keys())"},{"line_number":157,"context_line":"    LOG.info(_LI(\u0027Current primary key is: %s\u0027), current_primary_key)"},{"line_number":158,"context_line":"    new_primary_key \u003d current_primary_key + 1"}],"source_content_type":"text/x-python","patch_set":25,"id":"ba7be1f8_bd28c5e2","line":155,"in_reply_to":"ba7be1f8_f45b3a51","updated":"2015-02-26 15:49:44.000000000","message":"David, I was wrong when I explained this to you the first time. In fact, it\u0027s the opposite of what I initially explained. The primary key is always the highest index and 0 is reserved as a placeholder (see docstring).","commit_id":"1858739d368fff8e0d22f17ad9d22f95c92b76e9"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"90a8346768915f715ad8bef703d9ecefc77df7bc","unresolved":false,"context_lines":[{"line_number":162,"context_line":"    os.rename("},{"line_number":163,"context_line":"        os.path.join(CONF.klw_tokens.key_repository, \u00270\u0027),"},{"line_number":164,"context_line":"        os.path.join(CONF.klw_tokens.key_repository, str(new_primary_key)))"},{"line_number":165,"context_line":"    key_files.pop(0)"},{"line_number":166,"context_line":"    key_files[new_primary_key] \u003d os.path.join("},{"line_number":167,"context_line":"        CONF.klw_tokens.key_repository,"},{"line_number":168,"context_line":"        str(new_primary_key))"}],"source_content_type":"text/x-python","patch_set":25,"id":"ba7be1f8_74374aff","line":165,"updated":"2015-02-26 15:04:02.000000000","message":"I missed this hidden gem the first time through this function. I got to the end and wondered how you were not deleting the key that you just created.","commit_id":"1858739d368fff8e0d22f17ad9d22f95c92b76e9"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"90a8346768915f715ad8bef703d9ecefc77df7bc","unresolved":false,"context_lines":[{"line_number":197,"context_line":"    if not validate_key_repository():"},{"line_number":198,"context_line":"        return []"},{"line_number":199,"context_line":""},{"line_number":200,"context_line":"    # build a dictionary of key_number:encryption_key pairs"},{"line_number":201,"context_line":"    keys \u003d dict()"},{"line_number":202,"context_line":"    # TODO(dolph): use os.listdir and then os.path.isfile (courtesy dstanek)"},{"line_number":203,"context_line":"    for dirpath, dirnames, fnames in os.walk(CONF.klw_tokens.key_repository):"}],"source_content_type":"text/x-python","patch_set":25,"id":"ba7be1f8_d76ab8b1","line":200,"updated":"2015-02-26 15:04:02.000000000","message":"I think you can replace lines 200 - 206 with something like:\n\n    keys \u003d list(sorted(f for f in os.listdir(CONF.klw_tokens.key_repository) if os.path.isfile(f), reverse\u003dTrue))\n\nand then you can just return keys.","commit_id":"1858739d368fff8e0d22f17ad9d22f95c92b76e9"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"f6f98d21e20651916a5b4a1d301c09cae25e32b9","unresolved":false,"context_lines":[{"line_number":197,"context_line":"    if not validate_key_repository():"},{"line_number":198,"context_line":"        return []"},{"line_number":199,"context_line":""},{"line_number":200,"context_line":"    # build a dictionary of key_number:encryption_key pairs"},{"line_number":201,"context_line":"    keys \u003d dict()"},{"line_number":202,"context_line":"    # TODO(dolph): use os.listdir and then os.path.isfile (courtesy dstanek)"},{"line_number":203,"context_line":"    for dirpath, dirnames, fnames in os.walk(CONF.klw_tokens.key_repository):"}],"source_content_type":"text/x-python","patch_set":25,"id":"ba7be1f8_e2861cb8","line":200,"in_reply_to":"ba7be1f8_d76ab8b1","updated":"2015-02-26 15:49:44.000000000","message":"I think we\u0027ll still need to have the part that reads and stores the value of the key.","commit_id":"1858739d368fff8e0d22f17ad9d22f95c92b76e9"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"f2db3e28f117e4e23c17f5fa25f04791a8aa5e8a","unresolved":false,"context_lines":[{"line_number":53,"context_line":"    return True"},{"line_number":54,"context_line":""},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"def _convert_to_integers(keystone_user_id, keystone_group_id):"},{"line_number":57,"context_line":"    \"\"\"Cast user and group system identifiers to integers.\"\"\""},{"line_number":58,"context_line":"    # NOTE(lbragstad) os.chown() will raise a TypeError here if"},{"line_number":59,"context_line":"    # keystone_user_id and keystone_group_id are not integer. Let\u0027s"}],"source_content_type":"text/x-python","patch_set":27,"id":"ba7be1f8_1f9e1eb9","line":56,"updated":"2015-02-26 18:17:15.000000000","message":"Should this catch the error to give the operator a friendly message?","commit_id":"86c0053b08dafb3cbd66a2cf6f4850b2909e4aa9"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"0d59dcd260b44074f39c14950821d14377d06357","unresolved":false,"context_lines":[{"line_number":53,"context_line":"    return True"},{"line_number":54,"context_line":""},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"def _convert_to_integers(keystone_user_id, keystone_group_id):"},{"line_number":57,"context_line":"    \"\"\"Cast user and group system identifiers to integers.\"\"\""},{"line_number":58,"context_line":"    # NOTE(lbragstad) os.chown() will raise a TypeError here if"},{"line_number":59,"context_line":"    # keystone_user_id and keystone_group_id are not integer. Let\u0027s"}],"source_content_type":"text/x-python","patch_set":27,"id":"ba7be1f8_685be32e","line":56,"in_reply_to":"ba7be1f8_1f9e1eb9","updated":"2015-02-26 19:00:54.000000000","message":"This catch is already done in keystone/cli.py get_user_group()","commit_id":"86c0053b08dafb3cbd66a2cf6f4850b2909e4aa9"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"9b1ecdac7ead751ebcf5890846b543e12686de44","unresolved":false,"context_lines":[{"line_number":53,"context_line":"    return True"},{"line_number":54,"context_line":""},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"def _convert_to_integers(keystone_user_id, keystone_group_id):"},{"line_number":57,"context_line":"    \"\"\"Cast user and group system identifiers to integers.\"\"\""},{"line_number":58,"context_line":"    # NOTE(lbragstad) os.chown() will raise a TypeError here if"},{"line_number":59,"context_line":"    # keystone_user_id and keystone_group_id are not integer. Let\u0027s"}],"source_content_type":"text/x-python","patch_set":27,"id":"ba7be1f8_cb6049d2","line":56,"in_reply_to":"ba7be1f8_6845a316","updated":"2015-02-26 19:31:32.000000000","message":"Done","commit_id":"86c0053b08dafb3cbd66a2cf6f4850b2909e4aa9"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"c6104e5f54c8e138c46cefea0758adeef2239fa9","unresolved":false,"context_lines":[{"line_number":53,"context_line":"    return True"},{"line_number":54,"context_line":""},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"def _convert_to_integers(keystone_user_id, keystone_group_id):"},{"line_number":57,"context_line":"    \"\"\"Cast user and group system identifiers to integers.\"\"\""},{"line_number":58,"context_line":"    # NOTE(lbragstad) os.chown() will raise a TypeError here if"},{"line_number":59,"context_line":"    # keystone_user_id and keystone_group_id are not integer. Let\u0027s"}],"source_content_type":"text/x-python","patch_set":27,"id":"ba7be1f8_c8f04f94","line":56,"in_reply_to":"ba7be1f8_6845a316","updated":"2015-02-26 19:18:04.000000000","message":"I can\u0027t seem to get this to come through as None: \n\nhttp://cdn.pasteraw.com/lkyhe8ad696pudnmy73mx1sjcjp10tf\n\nI could be doing something wrong with how cli.py works too through.","commit_id":"86c0053b08dafb3cbd66a2cf6f4850b2909e4aa9"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"629e455ef68dfdc6e2837c4d6f5f155805798f86","unresolved":false,"context_lines":[{"line_number":53,"context_line":"    return True"},{"line_number":54,"context_line":""},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"def _convert_to_integers(keystone_user_id, keystone_group_id):"},{"line_number":57,"context_line":"    \"\"\"Cast user and group system identifiers to integers.\"\"\""},{"line_number":58,"context_line":"    # NOTE(lbragstad) os.chown() will raise a TypeError here if"},{"line_number":59,"context_line":"    # keystone_user_id and keystone_group_id are not integer. Let\u0027s"}],"source_content_type":"text/x-python","patch_set":27,"id":"ba7be1f8_6845a316","line":56,"in_reply_to":"ba7be1f8_685be32e","updated":"2015-02-26 19:05:21.000000000","message":"That doesn\u0027t seem to be true. get_user_group() can return None for user_id or group_id and then this function would break. It seem to only be checking if the value is int-able if it exists.","commit_id":"86c0053b08dafb3cbd66a2cf6f4850b2909e4aa9"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"f2db3e28f117e4e23c17f5fa25f04791a8aa5e8a","unresolved":false,"context_lines":[{"line_number":63,"context_line":"    return (keystone_user_id, keystone_group_id)"},{"line_number":64,"context_line":""},{"line_number":65,"context_line":""},{"line_number":66,"context_line":"def create_key_directory(keystone_user_id\u003dNone, keystone_group_id\u003dNone):"},{"line_number":67,"context_line":"    \"\"\"If the configured key directory does not exist, attempt to create it.\"\"\""},{"line_number":68,"context_line":"    if not os.access(CONF.klw_tokens.key_repository, os.F_OK):"},{"line_number":69,"context_line":"        LOG.info(_LI("}],"source_content_type":"text/x-python","patch_set":27,"id":"ba7be1f8_3f7a0288","line":66,"updated":"2015-02-26 18:17:15.000000000","message":"Is there any reason these are optional still? Same comment for all the functions here...","commit_id":"86c0053b08dafb3cbd66a2cf6f4850b2909e4aa9"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"0d59dcd260b44074f39c14950821d14377d06357","unresolved":false,"context_lines":[{"line_number":63,"context_line":"    return (keystone_user_id, keystone_group_id)"},{"line_number":64,"context_line":""},{"line_number":65,"context_line":""},{"line_number":66,"context_line":"def create_key_directory(keystone_user_id\u003dNone, keystone_group_id\u003dNone):"},{"line_number":67,"context_line":"    \"\"\"If the configured key directory does not exist, attempt to create it.\"\"\""},{"line_number":68,"context_line":"    if not os.access(CONF.klw_tokens.key_repository, os.F_OK):"},{"line_number":69,"context_line":"        LOG.info(_LI("}],"source_content_type":"text/x-python","patch_set":27,"id":"ba7be1f8_9a6f7c2a","line":66,"in_reply_to":"ba7be1f8_3f7a0288","updated":"2015-02-26 19:00:54.000000000","message":"I\u0027m pretty sure this was because they weren\u0027t originally required. I\u0027d have to double check with Dolph.","commit_id":"86c0053b08dafb3cbd66a2cf6f4850b2909e4aa9"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"218e8ebb0cec074e76e133875c70a44474853487","unresolved":false,"context_lines":[{"line_number":1,"context_line":"# Licensed under the Apache License, Version 2.0 (the \"License\"); you may"},{"line_number":2,"context_line":"# not use this file except in compliance with the License. You may obtain"},{"line_number":3,"context_line":"# a copy of the License at"},{"line_number":4,"context_line":"#"}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_d43a9933","line":1,"updated":"2015-02-27 02:16:18.000000000","message":"coverage report shows that pretty much this whole file is untested.","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"218e8ebb0cec074e76e133875c70a44474853487","unresolved":false,"context_lines":[{"line_number":14,"context_line":"import stat"},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"from cryptography import fernet"},{"line_number":17,"context_line":"from oslo_config import cfg"},{"line_number":18,"context_line":"from oslo_log import log"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"from keystone.i18n import _LE, _LW, _LI"}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_7481edfa","line":17,"updated":"2015-02-27 02:16:18.000000000","message":"nice!","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"4ca5b44bda716c8721b6a31ba1abdff30b75e711","unresolved":false,"context_lines":[{"line_number":14,"context_line":"import stat"},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"from cryptography import fernet"},{"line_number":17,"context_line":"from oslo_config import cfg"},{"line_number":18,"context_line":"from oslo_log import log"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"from keystone.i18n import _LE, _LW, _LI"}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_10cdfd86","line":17,"in_reply_to":"ba7be1f8_7481edfa","updated":"2015-02-27 16:29:27.000000000","message":"\\o/","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"218e8ebb0cec074e76e133875c70a44474853487","unresolved":false,"context_lines":[{"line_number":28,"context_line":"def validate_key_repository():"},{"line_number":29,"context_line":"    \"\"\"Validate permissions on the key repository directory.\"\"\""},{"line_number":30,"context_line":"    # we need a key directory to proceed at all"},{"line_number":31,"context_line":"    if CONF.klw_tokens.key_repository is None:"},{"line_number":32,"context_line":"        LOG.error(_LE("},{"line_number":33,"context_line":"            \u0027Set [klw_tokens] key_repository to the directory where \u0027"},{"line_number":34,"context_line":"            \u0027Keystone should store encryption keys.\u0027))"}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_94b4a1d2","line":31,"updated":"2015-02-27 02:16:18.000000000","message":"There\u0027s no way this can be None.","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"4ca5b44bda716c8721b6a31ba1abdff30b75e711","unresolved":false,"context_lines":[{"line_number":28,"context_line":"def validate_key_repository():"},{"line_number":29,"context_line":"    \"\"\"Validate permissions on the key repository directory.\"\"\""},{"line_number":30,"context_line":"    # we need a key directory to proceed at all"},{"line_number":31,"context_line":"    if CONF.klw_tokens.key_repository is None:"},{"line_number":32,"context_line":"        LOG.error(_LE("},{"line_number":33,"context_line":"            \u0027Set [klw_tokens] key_repository to the directory where \u0027"},{"line_number":34,"context_line":"            \u0027Keystone should store encryption keys.\u0027))"}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_d69b5e70","line":31,"in_reply_to":"ba7be1f8_94b4a1d2","updated":"2015-02-27 16:29:27.000000000","message":"Done","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"218e8ebb0cec074e76e133875c70a44474853487","unresolved":false,"context_lines":[{"line_number":35,"context_line":"        return False"},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"    # ensure current user has full access to the key repository"},{"line_number":38,"context_line":"    if (not os.access(CONF.klw_tokens.key_repository, os.R_OK) or not"},{"line_number":39,"context_line":"            os.access(CONF.klw_tokens.key_repository, os.W_OK) or not"},{"line_number":40,"context_line":"            os.access(CONF.klw_tokens.key_repository, os.X_OK)):"},{"line_number":41,"context_line":"        LOG.error("}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_14a9917b","line":38,"updated":"2015-02-27 02:16:18.000000000","message":"why does this need to be checked? isn\u0027t it just going to fail if the user doesn\u0027t have access?","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"4ca5b44bda716c8721b6a31ba1abdff30b75e711","unresolved":false,"context_lines":[{"line_number":35,"context_line":"        return False"},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"    # ensure current user has full access to the key repository"},{"line_number":38,"context_line":"    if (not os.access(CONF.klw_tokens.key_repository, os.R_OK) or not"},{"line_number":39,"context_line":"            os.access(CONF.klw_tokens.key_repository, os.W_OK) or not"},{"line_number":40,"context_line":"            os.access(CONF.klw_tokens.key_repository, os.X_OK)):"},{"line_number":41,"context_line":"        LOG.error("}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_b030b19f","line":38,"in_reply_to":"ba7be1f8_14a9917b","updated":"2015-02-27 16:29:27.000000000","message":"Yes, that\u0027s the idea because since these keys are used to sign/encrypt the tokens, we don\u0027t want any to just change them whenever.","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"218e8ebb0cec074e76e133875c70a44474853487","unresolved":false,"context_lines":[{"line_number":44,"context_line":"            CONF.klw_tokens.key_repository)"},{"line_number":45,"context_line":"        return False"},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"    # ensure the directory cannot be read by anyone"},{"line_number":48,"context_line":"    stat_info \u003d os.stat(CONF.klw_tokens.key_repository)"},{"line_number":49,"context_line":"    if stat_info.st_mode \u0026 stat.S_IROTH or stat_info.st_mode \u0026 stat.S_IXOTH:"},{"line_number":50,"context_line":"        LOG.warning(_LW(\u0027[klw_tokens] key_repository is world readable: %s\u0027),"}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_14c0b129","line":47,"updated":"2015-02-27 02:16:18.000000000","message":"why?","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"4ca5b44bda716c8721b6a31ba1abdff30b75e711","unresolved":false,"context_lines":[{"line_number":44,"context_line":"            CONF.klw_tokens.key_repository)"},{"line_number":45,"context_line":"        return False"},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"    # ensure the directory cannot be read by anyone"},{"line_number":48,"context_line":"    stat_info \u003d os.stat(CONF.klw_tokens.key_repository)"},{"line_number":49,"context_line":"    if stat_info.st_mode \u0026 stat.S_IROTH or stat_info.st_mode \u0026 stat.S_IXOTH:"},{"line_number":50,"context_line":"        LOG.warning(_LW(\u0027[klw_tokens] key_repository is world readable: %s\u0027),"}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_50bdb501","line":47,"in_reply_to":"ba7be1f8_14c0b129","updated":"2015-02-27 16:29:27.000000000","message":"Done","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"218e8ebb0cec074e76e133875c70a44474853487","unresolved":false,"context_lines":[{"line_number":56,"context_line":"def _convert_to_integers(id_value):"},{"line_number":57,"context_line":"    \"\"\"Cast user and group system identifiers to integers.\"\"\""},{"line_number":58,"context_line":"    # NOTE(lbragstad) os.chown() will raise a TypeError here if"},{"line_number":59,"context_line":"    # keystone_user_id and keystone_group_id are not integer. Let\u0027s"},{"line_number":60,"context_line":"    # cast them to integers if we can."},{"line_number":61,"context_line":"    try:"},{"line_number":62,"context_line":"        id_int \u003d int(id_value)"}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_74e64dea","line":59,"updated":"2015-02-27 02:16:18.000000000","message":"change \"integer\" to \"integers\"... why would a user or group id not be an integer?","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"4ca5b44bda716c8721b6a31ba1abdff30b75e711","unresolved":false,"context_lines":[{"line_number":56,"context_line":"def _convert_to_integers(id_value):"},{"line_number":57,"context_line":"    \"\"\"Cast user and group system identifiers to integers.\"\"\""},{"line_number":58,"context_line":"    # NOTE(lbragstad) os.chown() will raise a TypeError here if"},{"line_number":59,"context_line":"    # keystone_user_id and keystone_group_id are not integer. Let\u0027s"},{"line_number":60,"context_line":"    # cast them to integers if we can."},{"line_number":61,"context_line":"    try:"},{"line_number":62,"context_line":"        id_int \u003d int(id_value)"}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_70e39933","line":59,"in_reply_to":"ba7be1f8_74e64dea","updated":"2015-02-27 16:29:27.000000000","message":"Done","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"218e8ebb0cec074e76e133875c70a44474853487","unresolved":false,"context_lines":[{"line_number":63,"context_line":"    except ValueError as e:"},{"line_number":64,"context_line":"        msg \u003d _LE(\u0027Unable to convert Keystone user or group ID. Error: %s\u0027)"},{"line_number":65,"context_line":"        LOG.error(msg, e)"},{"line_number":66,"context_line":"        raise ValueError"},{"line_number":67,"context_line":""},{"line_number":68,"context_line":"    return id_int"},{"line_number":69,"context_line":""}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_3403f577","line":66,"updated":"2015-02-27 02:16:18.000000000","message":"why not just raise?","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"4ca5b44bda716c8721b6a31ba1abdff30b75e711","unresolved":false,"context_lines":[{"line_number":63,"context_line":"    except ValueError as e:"},{"line_number":64,"context_line":"        msg \u003d _LE(\u0027Unable to convert Keystone user or group ID. Error: %s\u0027)"},{"line_number":65,"context_line":"        LOG.error(msg, e)"},{"line_number":66,"context_line":"        raise ValueError"},{"line_number":67,"context_line":""},{"line_number":68,"context_line":"    return id_int"},{"line_number":69,"context_line":""}],"source_content_type":"text/x-python","patch_set":29,"id":"ba7be1f8_90872d12","line":66,"in_reply_to":"ba7be1f8_3403f577","updated":"2015-02-27 16:29:27.000000000","message":"Done","commit_id":"20462241d1cd5b977c659f2e4fe3a436cf6a146e"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"fc8b492d54a337183619d866f5eed92c9fff413a","unresolved":false,"context_lines":[{"line_number":35,"context_line":"            os.access(CONF.klw_tokens.key_repository, os.W_OK) or not"},{"line_number":36,"context_line":"            os.access(CONF.klw_tokens.key_repository, os.X_OK)):"},{"line_number":37,"context_line":"        LOG.error("},{"line_number":38,"context_line":"            _LE(\u0027Either [klw_tokens] key_repository does not exist or Keystone\u0027"},{"line_number":39,"context_line":"                \u0027 does not have sufficient permission to access it: %s\u0027),"},{"line_number":40,"context_line":"            CONF.klw_tokens.key_repository)"},{"line_number":41,"context_line":"        return False"}],"source_content_type":"text/x-python","patch_set":31,"id":"ba7be1f8_4ed6ca28","line":38,"updated":"2015-03-02 08:31:14.000000000","message":"you could check that it exists first, and split this into 2 checks/messages. not that big of a deal","commit_id":"a605e2e4c41636bbd02f75db061b31e6d8177f73"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"9d7f5760cf26456d9436c1ce91dead6bbf510954","unresolved":false,"context_lines":[{"line_number":184,"context_line":"    LOG.info(_LI(\u0027Next primary key will be: %s\u0027), new_primary_key)"},{"line_number":185,"context_line":""},{"line_number":186,"context_line":"    # promote the next primary key to be the primary"},{"line_number":187,"context_line":"    os.rename("},{"line_number":188,"context_line":"        os.path.join(CONF.klw_tokens.key_repository, \u00270\u0027),"},{"line_number":189,"context_line":"        os.path.join(CONF.klw_tokens.key_repository, str(new_primary_key)))"},{"line_number":190,"context_line":"    key_files.pop(0)"}],"source_content_type":"text/x-python","patch_set":31,"id":"ba7be1f8_01757c97","line":187,"updated":"2015-03-02 11:27:39.000000000","message":"(hint) handle OSError exception, just in case, , or at least log there was a problem with permissions/reading the file.","commit_id":"a605e2e4c41636bbd02f75db061b31e6d8177f73"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"e49689ab3f41c2ba8f289870e16a8fc26afbb96e","unresolved":false,"context_lines":[{"line_number":184,"context_line":"    LOG.info(_LI(\u0027Next primary key will be: %s\u0027), new_primary_key)"},{"line_number":185,"context_line":""},{"line_number":186,"context_line":"    # promote the next primary key to be the primary"},{"line_number":187,"context_line":"    os.rename("},{"line_number":188,"context_line":"        os.path.join(CONF.klw_tokens.key_repository, \u00270\u0027),"},{"line_number":189,"context_line":"        os.path.join(CONF.klw_tokens.key_repository, str(new_primary_key)))"},{"line_number":190,"context_line":"    key_files.pop(0)"}],"source_content_type":"text/x-python","patch_set":31,"id":"ba7be1f8_ede84f7e","line":187,"in_reply_to":"ba7be1f8_01757c97","updated":"2015-03-02 16:22:34.000000000","message":"It seems that this is already done in the _create_new_key and create_key_directory methods.","commit_id":"a605e2e4c41636bbd02f75db061b31e6d8177f73"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"9d7f5760cf26456d9436c1ce91dead6bbf510954","unresolved":false,"context_lines":[{"line_number":227,"context_line":"    for filename in os.listdir(CONF.klw_tokens.key_repository):"},{"line_number":228,"context_line":"        path \u003d os.path.join(CONF.klw_tokens.key_repository, str(filename))"},{"line_number":229,"context_line":"        if os.path.isfile(path):"},{"line_number":230,"context_line":"            with open(path, \u0027r\u0027) as key_file:"},{"line_number":231,"context_line":"                keys[int(filename)] \u003d key_file.read()"},{"line_number":232,"context_line":""},{"line_number":233,"context_line":"    LOG.info(_LI("}],"source_content_type":"text/x-python","patch_set":31,"id":"ba7be1f8_c190c497","line":230,"updated":"2015-03-02 11:27:39.000000000","message":"(hint) handle OSError exception, just in case, or at least log there was a problem with permissions/reading the file.","commit_id":"a605e2e4c41636bbd02f75db061b31e6d8177f73"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"e49689ab3f41c2ba8f289870e16a8fc26afbb96e","unresolved":false,"context_lines":[{"line_number":227,"context_line":"    for filename in os.listdir(CONF.klw_tokens.key_repository):"},{"line_number":228,"context_line":"        path \u003d os.path.join(CONF.klw_tokens.key_repository, str(filename))"},{"line_number":229,"context_line":"        if os.path.isfile(path):"},{"line_number":230,"context_line":"            with open(path, \u0027r\u0027) as key_file:"},{"line_number":231,"context_line":"                keys[int(filename)] \u003d key_file.read()"},{"line_number":232,"context_line":""},{"line_number":233,"context_line":"    LOG.info(_LI("}],"source_content_type":"text/x-python","patch_set":31,"id":"ba7be1f8_0decc38e","line":230,"in_reply_to":"ba7be1f8_c190c497","updated":"2015-03-02 16:22:34.000000000","message":"same comment as above.","commit_id":"a605e2e4c41636bbd02f75db061b31e6d8177f73"}],"requirements.txt":[{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"589321917ac05a9f47b17be89ff928c8cbc38730","unresolved":false,"context_lines":[{"line_number":31,"context_line":"jsonschema\u003e\u003d2.0.0,\u003c3.0.0"},{"line_number":32,"context_line":"pycadf\u003e\u003d0.6.0"},{"line_number":33,"context_line":"posix_ipc"},{"line_number":34,"context_line":"python-keyczar"},{"line_number":35,"context_line":"msgpack-python"}],"source_content_type":"text/plain","patch_set":2,"id":"da86d52c_0e26a216","line":34,"updated":"2015-02-09 21:43:58.000000000","message":"are these in global req?","commit_id":"8fff2ca452c5b6affd3e5d4bdd06e56fb2a39f37"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"ba6219b4e5945a80125eb9ba7e1384cf669771b2","unresolved":false,"context_lines":[{"line_number":31,"context_line":"jsonschema\u003e\u003d2.0.0,\u003c3.0.0"},{"line_number":32,"context_line":"pycadf\u003e\u003d0.6.0"},{"line_number":33,"context_line":"posix_ipc"},{"line_number":34,"context_line":"python-keyczar"},{"line_number":35,"context_line":"msgpack-python"}],"source_content_type":"text/plain","patch_set":2,"id":"da86d52c_5d62e4d8","line":34,"in_reply_to":"da86d52c_0e26a216","updated":"2015-02-10 18:12:03.000000000","message":"yes, python-keyczar has been proposed https://review.openstack.org/#/c/154590/ and msgpack-python is already included in global-requirements.txt","commit_id":"8fff2ca452c5b6affd3e5d4bdd06e56fb2a39f37"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"1fdbbd4604e47d65a04929834cb9ae9061b48ee5","unresolved":false,"context_lines":[{"line_number":31,"context_line":"jsonschema\u003e\u003d2.0.0,\u003c3.0.0"},{"line_number":32,"context_line":"pycadf\u003e\u003d0.6.0"},{"line_number":33,"context_line":"posix_ipc"},{"line_number":34,"context_line":"python-keyczar"},{"line_number":35,"context_line":"msgpack-python"}],"source_content_type":"text/plain","patch_set":11,"id":"da86d52c_b8068e83","line":34,"updated":"2015-02-17 17:21:17.000000000","message":"remove this if we are going to build on cryptography.fernet \n\nsee https://review.openstack.org/#/c/156657/","commit_id":"c70411e6b5d6d9ae34e40fa35dd9b5b70df687e5"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"3dc7fdda2c159e546d910f59fd9f03c73ac5e000","unresolved":false,"context_lines":[{"line_number":33,"context_line":"jsonschema\u003e\u003d2.0.0,\u003c3.0.0"},{"line_number":34,"context_line":"pycadf\u003e\u003d0.8.0"},{"line_number":35,"context_line":"posix_ipc"},{"line_number":36,"context_line":"python-keyczar"},{"line_number":37,"context_line":"msgpack-python"}],"source_content_type":"text/plain","patch_set":16,"id":"da86d52c_0fd8f2ed","line":36,"updated":"2015-02-18 21:05:28.000000000","message":"is there a review to submit this to the global requirements or is this really an optional dep?","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"cbcb07182fd56dd4fed8761cd15127126ed05ac6","unresolved":false,"context_lines":[{"line_number":33,"context_line":"jsonschema\u003e\u003d2.0.0,\u003c3.0.0"},{"line_number":34,"context_line":"pycadf\u003e\u003d0.8.0"},{"line_number":35,"context_line":"posix_ipc"},{"line_number":36,"context_line":"python-keyczar"},{"line_number":37,"context_line":"msgpack-python"}],"source_content_type":"text/plain","patch_set":16,"id":"da86d52c_228f8dce","line":36,"in_reply_to":"da86d52c_0fd8f2ed","updated":"2015-02-18 21:32:20.000000000","message":"https://review.openstack.org/#/c/154590/","commit_id":"adb6d780a159bde3fd6384eece27b521ba93aa45"},{"author":{"_account_id":4,"name":"Dolph Mathews","email":"dolph.mathews@gmail.com","username":"dolph"},"change_message_id":"8e3a7e8c19a4048ae2d6493e055284ec548dc7a1","unresolved":false,"context_lines":[{"line_number":34,"context_line":"pycadf\u003e\u003d0.8.0"},{"line_number":35,"context_line":"posix_ipc"},{"line_number":36,"context_line":"python-keyczar"},{"line_number":37,"context_line":"msgpack-python"}],"source_content_type":"text/plain","patch_set":17,"id":"da86d52c_b141eda7","line":37,"updated":"2015-02-19 15:52:06.000000000","message":"you need to specify the exact requirements as they appear in global requirements\n\n  https://review.openstack.org/#/c/156657/9/requirements.txt","commit_id":"b6d659c41da1a79decdcd79bc7e35d66a66b1ab6"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"0c691bb5c5b1f33c2ffe8e60726ac2936fc3b4ee","unresolved":false,"context_lines":[{"line_number":34,"context_line":"pycadf\u003e\u003d0.8.0"},{"line_number":35,"context_line":"posix_ipc"},{"line_number":36,"context_line":"python-keyczar"},{"line_number":37,"context_line":"msgpack-python"}],"source_content_type":"text/plain","patch_set":17,"id":"da86d52c_a0bef0d1","line":37,"in_reply_to":"da86d52c_b141eda7","updated":"2015-02-19 17:48:10.000000000","message":"With this commit are we going to switch to cryptography?","commit_id":"b6d659c41da1a79decdcd79bc7e35d66a66b1ab6"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"fc8b492d54a337183619d866f5eed92c9fff413a","unresolved":false,"context_lines":[{"line_number":34,"context_line":"pycadf\u003e\u003d0.8.0"},{"line_number":35,"context_line":"posix_ipc"},{"line_number":36,"context_line":"cryptography\u003e\u003d0.4 # Apache-2.0"},{"line_number":37,"context_line":"msgpack-python\u003e\u003d0.4.0"}],"source_content_type":"text/plain","patch_set":31,"id":"ba7be1f8_ae4ae624","line":37,"updated":"2015-03-02 08:31:14.000000000","message":"alphabetize these\n\ndo they need to be added to req-v3?","commit_id":"a605e2e4c41636bbd02f75db061b31e6d8177f73"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"bbe603629605858a8a24d1a6c452d6460a97c52c","unresolved":false,"context_lines":[{"line_number":34,"context_line":"pycadf\u003e\u003d0.8.0"},{"line_number":35,"context_line":"posix_ipc"},{"line_number":36,"context_line":"cryptography\u003e\u003d0.4 # Apache-2.0"},{"line_number":37,"context_line":"msgpack-python\u003e\u003d0.4.0"}],"source_content_type":"text/plain","patch_set":31,"id":"ba7be1f8_673abe35","line":37,"in_reply_to":"ba7be1f8_ae4ae624","updated":"2015-03-02 15:46:52.000000000","message":"I thought we weren\u0027t suppose to alphabetize dependencies? See note at the top of this file.","commit_id":"a605e2e4c41636bbd02f75db061b31e6d8177f73"}]}