)]}'
{"keystone/models/token_model.py":[{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"9b47ade4782bf58ce088fa5d671fc62a5c7b61ab","unresolved":false,"context_lines":[{"line_number":318,"context_line":"            if trust_role_id in current_effective_trustor_roles:"},{"line_number":319,"context_line":"                role \u003d PROVIDERS.role_api.get_role(trust_role_id)"},{"line_number":320,"context_line":"                if role[\u0027domain_id\u0027] is None:"},{"line_number":321,"context_line":"                    roles.append({\u0027id\u0027: role[\u0027id\u0027], \u0027name\u0027: role[\u0027name\u0027]})"},{"line_number":322,"context_line":"            else:"},{"line_number":323,"context_line":"                raise exception.Forbidden("},{"line_number":324,"context_line":"                    _(\u0027Trustee has no delegated roles.\u0027))"}],"source_content_type":"text/x-python","patch_set":3,"id":"ffb9cba7_9746397c","line":321,"updated":"2019-04-26 18:34:18.000000000","message":"Doesn\u0027t this also need the domain_id if there is one?","commit_id":"09bb40154da96aa56a6189889dfde850538cd5b8"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"09921a77435b885004c460c47fcafbf165ada946","unresolved":false,"context_lines":[{"line_number":318,"context_line":"            if trust_role_id in current_effective_trustor_roles:"},{"line_number":319,"context_line":"                role \u003d PROVIDERS.role_api.get_role(trust_role_id)"},{"line_number":320,"context_line":"                if role[\u0027domain_id\u0027] is None:"},{"line_number":321,"context_line":"                    roles.append({\u0027id\u0027: role[\u0027id\u0027], \u0027name\u0027: role[\u0027name\u0027]})"},{"line_number":322,"context_line":"            else:"},{"line_number":323,"context_line":"                raise exception.Forbidden("},{"line_number":324,"context_line":"                    _(\u0027Trustee has no delegated roles.\u0027))"}],"source_content_type":"text/x-python","patch_set":3,"id":"ffb9cba7_6b75cb31","line":321,"in_reply_to":"ffb9cba7_6643c3b0","updated":"2019-04-28 22:22:30.000000000","message":"Yeah. Technically, I don\u0027t think we intended to leak the domain_id via the token response at all, but we accidentally did when support for domain-specific roles was added to the role object. Then, we never filtered that attribute from our token response. We just passed the object through from the role API.\n\nUltimately, we\u0027re making sure we don\u0027t populate domain_id in the token response period. Based on how this works, it\u0027s actually not possible to have anything *but* None as a domain_id in this case (making it less than useful, anyway).","commit_id":"09bb40154da96aa56a6189889dfde850538cd5b8"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"d6f9c77640b7e2286b425689e3e449cccbb70cb7","unresolved":false,"context_lines":[{"line_number":318,"context_line":"            if trust_role_id in current_effective_trustor_roles:"},{"line_number":319,"context_line":"                role \u003d PROVIDERS.role_api.get_role(trust_role_id)"},{"line_number":320,"context_line":"                if role[\u0027domain_id\u0027] is None:"},{"line_number":321,"context_line":"                    roles.append({\u0027id\u0027: role[\u0027id\u0027], \u0027name\u0027: role[\u0027name\u0027]})"},{"line_number":322,"context_line":"            else:"},{"line_number":323,"context_line":"                raise exception.Forbidden("},{"line_number":324,"context_line":"                    _(\u0027Trustee has no delegated roles.\u0027))"}],"source_content_type":"text/x-python","patch_set":3,"id":"ffb9cba7_a6969b92","line":321,"in_reply_to":"ffb9cba7_9746397c","updated":"2019-04-28 15:50:25.000000000","message":"We only hit this case if there isn\u0027t a domain ID. If that\u0027s what you\u0027re asking?","commit_id":"09bb40154da96aa56a6189889dfde850538cd5b8"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"2ce5a6884e692f2e2a447512f5786c32f85cb4e8","unresolved":false,"context_lines":[{"line_number":318,"context_line":"            if trust_role_id in current_effective_trustor_roles:"},{"line_number":319,"context_line":"                role \u003d PROVIDERS.role_api.get_role(trust_role_id)"},{"line_number":320,"context_line":"                if role[\u0027domain_id\u0027] is None:"},{"line_number":321,"context_line":"                    roles.append({\u0027id\u0027: role[\u0027id\u0027], \u0027name\u0027: role[\u0027name\u0027]})"},{"line_number":322,"context_line":"            else:"},{"line_number":323,"context_line":"                raise exception.Forbidden("},{"line_number":324,"context_line":"                    _(\u0027Trustee has no delegated roles.\u0027))"}],"source_content_type":"text/x-python","patch_set":3,"id":"ffb9cba7_6643c3b0","line":321,"in_reply_to":"ffb9cba7_a6969b92","updated":"2019-04-28 16:52:35.000000000","message":"Oh, I missed that. So we don\u0027t include domain-specific roles in the token at all for trusts?","commit_id":"09bb40154da96aa56a6189889dfde850538cd5b8"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"2ce5a6884e692f2e2a447512f5786c32f85cb4e8","unresolved":false,"context_lines":[{"line_number":338,"context_line":"                )"},{"line_number":339,"context_line":"            )"},{"line_number":340,"context_line":"            for role in group_roles:"},{"line_number":341,"context_line":"                federated_roles.append(role)"},{"line_number":342,"context_line":"        user_roles \u003d PROVIDERS.assignment_api.list_system_grants_for_user("},{"line_number":343,"context_line":"            self.user_id"},{"line_number":344,"context_line":"        )"}],"source_content_type":"text/x-python","patch_set":3,"id":"ffb9cba7_061687a9","line":341,"range":{"start_line":341,"start_character":39,"end_line":341,"end_character":43},"updated":"2019-04-28 16:52:35.000000000","message":"We should fix these too","commit_id":"09bb40154da96aa56a6189889dfde850538cd5b8"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"09921a77435b885004c460c47fcafbf165ada946","unresolved":false,"context_lines":[{"line_number":338,"context_line":"                )"},{"line_number":339,"context_line":"            )"},{"line_number":340,"context_line":"            for role in group_roles:"},{"line_number":341,"context_line":"                federated_roles.append(role)"},{"line_number":342,"context_line":"        user_roles \u003d PROVIDERS.assignment_api.list_system_grants_for_user("},{"line_number":343,"context_line":"            self.user_id"},{"line_number":344,"context_line":"        )"}],"source_content_type":"text/x-python","patch_set":3,"id":"ffb9cba7_cb7cf720","line":341,"range":{"start_line":341,"start_character":39,"end_line":341,"end_character":43},"in_reply_to":"ffb9cba7_061687a9","updated":"2019-04-28 22:22:30.000000000","message":"++ I\u0027ll investigate","commit_id":"09bb40154da96aa56a6189889dfde850538cd5b8"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"2ce5a6884e692f2e2a447512f5786c32f85cb4e8","unresolved":false,"context_lines":[{"line_number":343,"context_line":"            self.user_id"},{"line_number":344,"context_line":"        )"},{"line_number":345,"context_line":"        for role in user_roles:"},{"line_number":346,"context_line":"            federated_roles.append(role)"},{"line_number":347,"context_line":"        if self.domain_id:"},{"line_number":348,"context_line":"            domain_roles \u003d ("},{"line_number":349,"context_line":"                PROVIDERS.assignment_api.get_roles_for_user_and_domain("}],"source_content_type":"text/x-python","patch_set":3,"id":"ffb9cba7_261b8bd0","line":346,"range":{"start_line":346,"start_character":35,"end_line":346,"end_character":39},"updated":"2019-04-28 16:52:35.000000000","message":"and here","commit_id":"09bb40154da96aa56a6189889dfde850538cd5b8"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"2ce5a6884e692f2e2a447512f5786c32f85cb4e8","unresolved":false,"context_lines":[{"line_number":359,"context_line":"                )"},{"line_number":360,"context_line":"            )"},{"line_number":361,"context_line":"            for role in project_roles:"},{"line_number":362,"context_line":"                federated_roles.append(role)"},{"line_number":363,"context_line":"        # NOTE(lbragstad): Remove duplicate role references from a list of"},{"line_number":364,"context_line":"        # roles. It is often suggested that this be done with:"},{"line_number":365,"context_line":"        #"}],"source_content_type":"text/x-python","patch_set":3,"id":"ffb9cba7_e61013ab","line":362,"range":{"start_line":362,"start_character":39,"end_line":362,"end_character":43},"updated":"2019-04-28 16:52:35.000000000","message":"and here","commit_id":"09bb40154da96aa56a6189889dfde850538cd5b8"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"2ce5a6884e692f2e2a447512f5786c32f85cb4e8","unresolved":false,"context_lines":[{"line_number":376,"context_line":"            if not isinstance(role, dict):"},{"line_number":377,"context_line":"                role \u003d PROVIDERS.role_api.get_role(role)"},{"line_number":378,"context_line":"            if role not in roles:"},{"line_number":379,"context_line":"                roles.append(role)"},{"line_number":380,"context_line":""},{"line_number":381,"context_line":"        return roles"},{"line_number":382,"context_line":""}],"source_content_type":"text/x-python","patch_set":3,"id":"ffb9cba7_862917e7","line":379,"range":{"start_line":379,"start_character":29,"end_line":379,"end_character":33},"updated":"2019-04-28 16:52:35.000000000","message":"and here","commit_id":"09bb40154da96aa56a6189889dfde850538cd5b8"}]}