)]}'
{"id":"openstack%2Fkeystone~345083","triplet_id":"openstack%2Fkeystone~master~I062a220471009b53ed6e24ee571feca9158fb650","project":"openstack/keystone","branch":"master","hashtags":[],"change_id":"I062a220471009b53ed6e24ee571feca9158fb650","subject":"Increase the default token lifespan","status":"ABANDONED","created":"2016-07-20 22:44:21.000000000","updated":"2016-11-12 06:06:19.000000000","total_comment_count":3,"unresolved_comment_count":0,"has_review_started":true,"meta_rev_id":"55750e0c978cf942166255133d1dd8e8a3fab70b","_number":345083,"virtual_id_number":345083,"owner":{"_account_id":4,"name":"Dolph Mathews","email":"dolph.mathews@gmail.com","username":"dolph"},"actions":{},"labels":{"Verified":{"disliked":{"_account_id":3,"name":"Jenkins","username":"jenkins"},"all":[{"_account_id":17860,"name":"Samuel de Medeiros Queiroz","email":"samueldmq@gmail.com","username":"samueldmq"},{"date":"2016-08-03 11:56:57.000000000","_account_id":13478,"name":"Boris Bobrov","email":"b.bobrov@sap.com","username":"bbobrov"},{"date":"2016-07-21 04:06:54.000000000","_account_id":8119,"name":"Eric Brown","email":"eric_wade_brown@yahoo.com","username":"ericwb"},{"value":-1,"date":"2016-08-30 15:02:35.000000000","_account_id":3,"name":"Jenkins","username":"jenkins"}],"values":{"-2":"Fails","-1":"Doesn\u0027t seem to work"," 0":"No score","+1":"Works for me","+2":"Verified"},"description":"","value":-1,"default_value":0,"optional":true},"Code-Review":{"disliked":{"_account_id":17860,"name":"Samuel de Medeiros Queiroz","email":"samueldmq@gmail.com","username":"samueldmq"},"all":[{"value":-1,"date":"2016-09-07 02:59:26.000000000","permitted_voting_range":{"min":-1,"max":1},"_account_id":17860,"name":"Samuel de Medeiros Queiroz","email":"samueldmq@gmail.com","username":"samueldmq"},{"value":0,"permitted_voting_range":{"min":-1,"max":1},"_account_id":13478,"name":"Boris Bobrov","email":"b.bobrov@sap.com","username":"bbobrov"},{"value":0,"permitted_voting_range":{"min":-1,"max":1},"_account_id":8119,"name":"Eric Brown","email":"eric_wade_brown@yahoo.com","username":"ericwb"},{"value":0,"permitted_voting_range":{"min":-1,"max":1},"_account_id":3,"name":"Jenkins","username":"jenkins"}],"values":{"-2":"Do not merge","-1":"This patch needs further work before it can be merged"," 0":"No score","+1":"Looks good to me, but someone else must approve","+2":"Looks good to me (core reviewer)"},"description":"","value":-1,"default_value":0,"optional":true},"Workflow":{"all":[{"_account_id":17860,"name":"Samuel de Medeiros Queiroz","email":"samueldmq@gmail.com","username":"samueldmq"},{"_account_id":13478,"name":"Boris Bobrov","email":"b.bobrov@sap.com","username":"bbobrov"},{"_account_id":8119,"name":"Eric Brown","email":"eric_wade_brown@yahoo.com","username":"ericwb"},{"_account_id":3,"name":"Jenkins","username":"jenkins"}],"values":{"-1":"Work in progress"," 0":"Ready for reviews","+1":"Approved"},"description":"","default_value":0,"optional":true}},"removable_reviewers":[],"reviewers":{"REVIEWER":[{"_account_id":3,"name":"Jenkins","username":"jenkins"},{"_account_id":8119,"name":"Eric Brown","email":"eric_wade_brown@yahoo.com","username":"ericwb"},{"_account_id":13478,"name":"Boris Bobrov","email":"b.bobrov@sap.com","username":"bbobrov"},{"_account_id":17860,"name":"Samuel de Medeiros Queiroz","email":"samueldmq@gmail.com","username":"samueldmq"}]},"pending_reviewers":{},"reviewer_updates":[{"updated":"2016-07-21 04:06:54.000000000","updated_by":{"_account_id":8119,"name":"Eric Brown","email":"eric_wade_brown@yahoo.com","username":"ericwb"},"reviewer":{"_account_id":8119,"name":"Eric Brown","email":"eric_wade_brown@yahoo.com","username":"ericwb"},"state":"REVIEWER"},{"updated":"2016-08-03 11:56:57.000000000","updated_by":{"_account_id":13478,"name":"Boris Bobrov","email":"b.bobrov@sap.com","username":"bbobrov"},"reviewer":{"_account_id":13478,"name":"Boris Bobrov","email":"b.bobrov@sap.com","username":"bbobrov"},"state":"REVIEWER"},{"updated":"2016-08-30 15:02:35.000000000","updated_by":{"_account_id":3,"name":"Jenkins","username":"jenkins"},"reviewer":{"_account_id":3,"name":"Jenkins","username":"jenkins"},"state":"REVIEWER"},{"updated":"2016-09-07 02:59:26.000000000","updated_by":{"_account_id":17860,"name":"Samuel de Medeiros Queiroz","email":"samueldmq@gmail.com","username":"samueldmq"},"reviewer":{"_account_id":17860,"name":"Samuel de Medeiros Queiroz","email":"samueldmq@gmail.com","username":"samueldmq"},"state":"REVIEWER"}],"messages":[{"id":"4f45560fccc5e21f89359821318307cdb4969e0c","author":{"_account_id":4,"name":"Dolph Mathews","email":"dolph.mathews@gmail.com","username":"dolph"},"date":"2016-07-20 22:44:21.000000000","message":"Uploaded patch set 1.","accounts_in_message":[],"_revision_number":1},{"id":"d83435d8dd7c636fe5b41467702b1faa00f8fb3c","author":{"_account_id":3,"name":"Jenkins","username":"jenkins"},"date":"2016-07-20 23:59:41.000000000","message":"Patch Set 1: Verified+1\n\nBuild succeeded (check pipeline).\n\n- gate-keystone-docs http://docs-draft.openstack.org/83/345083/1/check/gate-keystone-docs/19256dc//doc/build/html/ : SUCCESS in 5m 20s\n- gate-keystone-pep8 http://logs.openstack.org/83/345083/1/check/gate-keystone-pep8/dc4308b/ : SUCCESS in 4m 29s\n- gate-keystone-python27-db http://logs.openstack.org/83/345083/1/check/gate-keystone-python27-db/68c8cbc/ : SUCCESS in 15m 58s\n- gate-keystone-python34-db http://logs.openstack.org/83/345083/1/check/gate-keystone-python34-db/29424aa/ : SUCCESS in 11m 25s\n- gate-keystone-python35-db-nv http://logs.openstack.org/83/345083/1/check/gate-keystone-python35-db-nv/bc5892e/ : SUCCESS in 13m 54s (non-voting)\n- gate-tempest-dsvm-full http://logs.openstack.org/83/345083/1/check/gate-tempest-dsvm-full/9d77b4b/ : SUCCESS in 51m 46s\n- gate-tempest-dsvm-postgres-full http://logs.openstack.org/83/345083/1/check/gate-tempest-dsvm-postgres-full/bb7df0a/ : SUCCESS in 44m 51s\n- gate-tempest-dsvm-neutron-full http://logs.openstack.org/83/345083/1/check/gate-tempest-dsvm-neutron-full/f7905e5/ : SUCCESS in 1h 05m 02s\n- gate-grenade-dsvm http://logs.openstack.org/83/345083/1/check/gate-grenade-dsvm/c573523/ : SUCCESS in 1h 00m 37s\n- gate-keystone-tox-db-legacy_drivers http://logs.openstack.org/83/345083/1/check/gate-keystone-tox-db-legacy_drivers/033bbad/ : SUCCESS in 7m 41s\n- gate-keystone-dsvm-functional http://logs.openstack.org/83/345083/1/check/gate-keystone-dsvm-functional/c51ff5a/ : SUCCESS in 24m 34s\n- gate-keystone-dsvm-functional-v3-only-nv http://logs.openstack.org/83/345083/1/check/gate-keystone-dsvm-functional-v3-only-nv/0d4897b/ : SUCCESS in 23m 41s (non-voting)\n- gate-tempest-dsvm-keystone-uwsgi-full-nv http://logs.openstack.org/83/345083/1/check/gate-tempest-dsvm-keystone-uwsgi-full-nv/ecb08cb/ : SUCCESS in 1h 11m 09s (non-voting)\n- gate-tempest-dsvm-neutron-identity-v3-only-full-nv http://logs.openstack.org/83/345083/1/check/gate-tempest-dsvm-neutron-identity-v3-only-full-nv/8eb57fc/ : SUCCESS in 57m 11s (non-voting)\n- keystone-coverage-db http://logs.openstack.org/83/345083/1/check/keystone-coverage-db/9568191/ : SUCCESS in 15m 01s","accounts_in_message":[],"_revision_number":1},{"id":"37e4803767d073af8ffa6c3df16ad8120044070c","author":{"_account_id":8119,"name":"Eric Brown","email":"eric_wade_brown@yahoo.com","username":"ericwb"},"date":"2016-07-21 04:06:54.000000000","message":"Patch Set 1:\n\n(1 comment)","accounts_in_message":[],"_revision_number":1},{"id":"6700e09f682d9516b3b648fb1784fce7d5107dee","author":{"_account_id":13478,"name":"Boris Bobrov","email":"b.bobrov@sap.com","username":"bbobrov"},"date":"2016-08-03 11:56:57.000000000","message":"Patch Set 1:\n\n\u003e Isn\u0027t one of the alternatives to use the x.509 client certificates (token-less auth)?  I haven\u0027t tried it myself, so not sure how complicated it is, but thought it allows services to authentication with certs and without tokens.\n\nIt does. But the problem is with tokens owned by users. A user obtains token, passes it to a service, a service passes it to another service that performs long-running operation and the token expires.","accounts_in_message":[],"_revision_number":1},{"id":"51ef000e5135c5e8e0938333430f89bab46dc9cd","author":{"_account_id":13478,"name":"Boris Bobrov","email":"b.bobrov@sap.com","username":"bbobrov"},"date":"2016-08-03 11:58:36.000000000","message":"Patch Set 1:\n\n(1 comment)","accounts_in_message":[],"_revision_number":1},{"id":"f2fd2fb4c702c98f7577c1e89fd4b41f94ea65dd","author":{"_account_id":3,"name":"Jenkins","username":"jenkins"},"date":"2016-08-30 15:02:35.000000000","message":"Patch Set 1: Verified-1\n\nMerge Failed.\n\nThis change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset.","accounts_in_message":[],"_revision_number":1},{"id":"020dcdc09e9a7cb54b6331f34185a4126d976230","author":{"_account_id":17860,"name":"Samuel de Medeiros Queiroz","email":"samueldmq@gmail.com","username":"samueldmq"},"date":"2016-09-07 02:59:26.000000000","message":"Patch Set 1: Code-Review-1\n\n(1 comment)\n\nComment inline. Also needs a rebase","accounts_in_message":[],"_revision_number":1},{"id":"55750e0c978cf942166255133d1dd8e8a3fab70b","author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"date":"2016-11-12 06:06:19.000000000","message":"Abandoned\n\nabandon in favor of using the new allow-expired spec","accounts_in_message":[],"_revision_number":1}],"current_revision_number":1,"current_revision":"26243ed8d1610d4689696fcef7d2a5509568436d","revisions":{"26243ed8d1610d4689696fcef7d2a5509568436d":{"kind":"REWORK","_number":1,"created":"2016-07-20 22:44:21.000000000","uploader":{"_account_id":4,"name":"Dolph Mathews","email":"dolph.mathews@gmail.com","username":"dolph"},"ref":"refs/changes/83/345083/1","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/keystone","ref":"refs/changes/83/345083/1","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/keystone refs/changes/83/345083/1 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/keystone refs/changes/83/345083/1 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/keystone refs/changes/83/345083/1 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/keystone refs/changes/83/345083/1"}}},"commit":{"parents":[{"commit":"c70e69b317902162d5fd2322e30b5758f35ce16b","subject":"Merge \"Remove get_user_id in trust controller\"","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/keystone/commit/c70e69b317902162d5fd2322e30b5758f35ce16b"}]}],"author":{"name":"Dolph Mathews","email":"dolph.mathews@gmail.com","date":"2016-07-20 22:31:37.000000000","tz":-420},"committer":{"name":"Dolph Mathews","email":"dolph.mathews@gmail.com","date":"2016-07-20 22:44:15.000000000","tz":-420},"subject":"Increase the default token lifespan","message":"Increase the default token lifespan\n\nReasons for the current (short) token lifespan:\n\n- (Performance) A short token lifespan reduces the number of\n  simultaneously-valid UUID, PKI, and PKIZ tokens in the database (or in\n  memcached). This is not an issue for Fernet tokens, which are not\n  persisted, anyway.\n\n- (Security) We used to not be great about hiding bearer tokens from\n  logs, HTTP requests, etc. We\u0027ve gotten better, to say the least.\n\nProblems with the current (short) token lifespan:\n\n- (Use case) They break long-running processes when the token expires\n  before the process completes. Alternative solutions to addressing this\n  use case without increasing the expiration are complicated.\n\n- (Performance) Users have to re-authenticate more frequently.\n\nDrawbacks to increasing the token lifespan:\n\n- (Security) Increased exposure for compromised bearer tokens.\n\nChange-Id: I062a220471009b53ed6e24ee571feca9158fb650\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/keystone/commit/26243ed8d1610d4689696fcef7d2a5509568436d"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/keystone/commit/26243ed8d1610d4689696fcef7d2a5509568436d"}]},"parents_data":[{"branch_name":"refs/heads/master","commit_id":"c70e69b317902162d5fd2322e30b5758f35ce16b","is_merged_in_target_branch":true}],"branch":"refs/heads/master"}},"requirements":[],"submit_records":[],"submit_requirements":[]}