)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"2f0b5b606740892183fb5e2c13562550a150b273","unresolved":false,"context_lines":[{"line_number":10,"context_line":"the login is denied with 401, the log showing a \"User is disabled\"."},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"Before this changeset, local users using an federated identity for login"},{"line_number":13,"context_line":"did not get an updated last_active_at. Hence the login was denied 90"},{"line_number":14,"context_line":"after account setup."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Co-Authored-By: Vishakha Agarwal \u003cagarwalvishakha18@gmail.com\u003e"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":4,"id":"1f493fa4_80238605","line":13,"range":{"start_line":13,"start_character":59,"end_line":13,"end_character":68},"updated":"2020-05-05 16:56:14.000000000","message":"\"denied 90\" is this missing a word? can you explain more?","commit_id":"48af2e417228033a37250bd9c4ccc1a7d9f7b790"},{"author":{"_account_id":27621,"name":"Vishakha Agarwal","email":"agarwalvishakha18@gmail.com","username":"Vishakha"},"change_message_id":"299a47d1ed83361057328edb9536ff018be1647a","unresolved":false,"context_lines":[{"line_number":10,"context_line":"the login is denied with 401, the log showing a \"User is disabled\"."},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"Before this changeset, local users using an federated identity for login"},{"line_number":13,"context_line":"did not get an updated last_active_at. Hence the login was denied 90"},{"line_number":14,"context_line":"after account setup."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Co-Authored-By: Vishakha Agarwal \u003cagarwalvishakha18@gmail.com\u003e"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":4,"id":"ff570b3c_6f385c9f","line":13,"range":{"start_line":13,"start_character":59,"end_line":13,"end_character":68},"in_reply_to":"1f493fa4_80238605","updated":"2020-05-19 11:44:57.000000000","message":"Done","commit_id":"48af2e417228033a37250bd9c4ccc1a7d9f7b790"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"f7decba5909812a2f2c9a2bccc33ec71cc9c61cd","unresolved":false,"context_lines":[{"line_number":10,"context_line":"disable_user_account_days_inactive days, the login is denied"},{"line_number":11,"context_line":"with 401, the log showing a \"User is disabled\"."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Before this \"last_active_at\" for local users using keystone"},{"line_number":14,"context_line":"as IDP was not updating. If the option disable_user_account"},{"line_number":15,"context_line":"_days_inactive is set in keystone.conf, and if the user logged"},{"line_number":16,"context_line":"in for federated auth before the no. of days set in disable_user_"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":7,"id":"ff570b3c_3c5e9675","line":13,"range":{"start_line":13,"start_character":33,"end_line":13,"end_character":44},"updated":"2020-05-19 19:47:02.000000000","message":"It\u0027s a specific type of local users - local users using a federated identity, which is what the original author said. It was not broken for all local users.","commit_id":"822c5443479fac82f1b2403a4a29aa2760518d93"},{"author":{"_account_id":27621,"name":"Vishakha Agarwal","email":"agarwalvishakha18@gmail.com","username":"Vishakha"},"change_message_id":"bda54599c1b3adcd689821cad983a2a0e5b0092b","unresolved":false,"context_lines":[{"line_number":10,"context_line":"disable_user_account_days_inactive days, the login is denied"},{"line_number":11,"context_line":"with 401, the log showing a \"User is disabled\"."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Before this \"last_active_at\" for local users using keystone"},{"line_number":14,"context_line":"as IDP was not updating. If the option disable_user_account"},{"line_number":15,"context_line":"_days_inactive is set in keystone.conf, and if the user logged"},{"line_number":16,"context_line":"in for federated auth before the no. of days set in disable_user_"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":7,"id":"ff570b3c_b0857eaf","line":13,"range":{"start_line":13,"start_character":33,"end_line":13,"end_character":44},"in_reply_to":"ff570b3c_3c5e9675","updated":"2020-05-21 12:13:30.000000000","message":"Done","commit_id":"822c5443479fac82f1b2403a4a29aa2760518d93"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"f7decba5909812a2f2c9a2bccc33ec71cc9c61cd","unresolved":false,"context_lines":[{"line_number":11,"context_line":"with 401, the log showing a \"User is disabled\"."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Before this \"last_active_at\" for local users using keystone"},{"line_number":14,"context_line":"as IDP was not updating. If the option disable_user_account"},{"line_number":15,"context_line":"_days_inactive is set in keystone.conf, and if the user logged"},{"line_number":16,"context_line":"in for federated auth before the no. of days set in disable_user_"},{"line_number":17,"context_line":"account_days_inactive, the \"last_active_at\" was not updating and"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":7,"id":"ff570b3c_9c6fe229","line":14,"range":{"start_line":14,"start_character":3,"end_line":14,"end_character":23},"updated":"2020-05-19 19:47:02.000000000","message":"We\u0027re not touching the IdP here. This sentence doesn\u0027t make sense any more - the author\u0027s original sentence was correct.","commit_id":"822c5443479fac82f1b2403a4a29aa2760518d93"},{"author":{"_account_id":27621,"name":"Vishakha Agarwal","email":"agarwalvishakha18@gmail.com","username":"Vishakha"},"change_message_id":"bda54599c1b3adcd689821cad983a2a0e5b0092b","unresolved":false,"context_lines":[{"line_number":11,"context_line":"with 401, the log showing a \"User is disabled\"."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Before this \"last_active_at\" for local users using keystone"},{"line_number":14,"context_line":"as IDP was not updating. If the option disable_user_account"},{"line_number":15,"context_line":"_days_inactive is set in keystone.conf, and if the user logged"},{"line_number":16,"context_line":"in for federated auth before the no. of days set in disable_user_"},{"line_number":17,"context_line":"account_days_inactive, the \"last_active_at\" was not updating and"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":7,"id":"ff570b3c_50c062e1","line":14,"range":{"start_line":14,"start_character":3,"end_line":14,"end_character":23},"in_reply_to":"ff570b3c_9c6fe229","updated":"2020-05-21 12:13:30.000000000","message":"Thanks for pointing this out. I went too specific.","commit_id":"822c5443479fac82f1b2403a4a29aa2760518d93"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"f7decba5909812a2f2c9a2bccc33ec71cc9c61cd","unresolved":false,"context_lines":[{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Before this \"last_active_at\" for local users using keystone"},{"line_number":14,"context_line":"as IDP was not updating. If the option disable_user_account"},{"line_number":15,"context_line":"_days_inactive is set in keystone.conf, and if the user logged"},{"line_number":16,"context_line":"in for federated auth before the no. of days set in disable_user_"},{"line_number":17,"context_line":"account_days_inactive, the \"last_active_at\" was not updating and"},{"line_number":18,"context_line":"the user used to get disabled after disable_user_account_days_"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":7,"id":"ff570b3c_bc4906b8","line":15,"range":{"start_line":15,"start_character":51,"end_line":15,"end_character":55},"updated":"2020-05-19 19:47:02.000000000","message":"federated user","commit_id":"822c5443479fac82f1b2403a4a29aa2760518d93"},{"author":{"_account_id":27621,"name":"Vishakha Agarwal","email":"agarwalvishakha18@gmail.com","username":"Vishakha"},"change_message_id":"bda54599c1b3adcd689821cad983a2a0e5b0092b","unresolved":false,"context_lines":[{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Before this \"last_active_at\" for local users using keystone"},{"line_number":14,"context_line":"as IDP was not updating. If the option disable_user_account"},{"line_number":15,"context_line":"_days_inactive is set in keystone.conf, and if the user logged"},{"line_number":16,"context_line":"in for federated auth before the no. of days set in disable_user_"},{"line_number":17,"context_line":"account_days_inactive, the \"last_active_at\" was not updating and"},{"line_number":18,"context_line":"the user used to get disabled after disable_user_account_days_"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":7,"id":"ff570b3c_90b67a89","line":15,"range":{"start_line":15,"start_character":51,"end_line":15,"end_character":55},"in_reply_to":"ff570b3c_bc4906b8","updated":"2020-05-21 12:13:30.000000000","message":"Done","commit_id":"822c5443479fac82f1b2403a4a29aa2760518d93"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"f7decba5909812a2f2c9a2bccc33ec71cc9c61cd","unresolved":false,"context_lines":[{"line_number":18,"context_line":"the user used to get disabled after disable_user_account_days_"},{"line_number":19,"context_line":"inactive."},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"After this patch user can view last_active_at set in the database"},{"line_number":22,"context_line":"for local user using keystone as idp."},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"Co-Authored-By: Vishakha Agarwal \u003cagarwalvishakha18@gmail.com\u003e"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":7,"id":"ff570b3c_5cd0aac9","line":21,"range":{"start_line":21,"start_character":26,"end_line":21,"end_character":30},"updated":"2020-05-19 19:47:02.000000000","message":"Being able to view the attribute is not important. The attribute is an implementation detail. The important thing is that the user can continue to log in as long as they are refreshing their active status by logging in regularly.","commit_id":"822c5443479fac82f1b2403a4a29aa2760518d93"},{"author":{"_account_id":27621,"name":"Vishakha Agarwal","email":"agarwalvishakha18@gmail.com","username":"Vishakha"},"change_message_id":"bda54599c1b3adcd689821cad983a2a0e5b0092b","unresolved":false,"context_lines":[{"line_number":18,"context_line":"the user used to get disabled after disable_user_account_days_"},{"line_number":19,"context_line":"inactive."},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"After this patch user can view last_active_at set in the database"},{"line_number":22,"context_line":"for local user using keystone as idp."},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"Co-Authored-By: Vishakha Agarwal \u003cagarwalvishakha18@gmail.com\u003e"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":7,"id":"ff570b3c_d0b3d296","line":21,"range":{"start_line":21,"start_character":26,"end_line":21,"end_character":30},"in_reply_to":"ff570b3c_5cd0aac9","updated":"2020-05-21 12:13:30.000000000","message":"Done","commit_id":"822c5443479fac82f1b2403a4a29aa2760518d93"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"f7decba5909812a2f2c9a2bccc33ec71cc9c61cd","unresolved":false,"context_lines":[{"line_number":19,"context_line":"inactive."},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"After this patch user can view last_active_at set in the database"},{"line_number":22,"context_line":"for local user using keystone as idp."},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"Co-Authored-By: Vishakha Agarwal \u003cagarwalvishakha18@gmail.com\u003e"},{"line_number":25,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":7,"id":"ff570b3c_7cd80eee","line":22,"range":{"start_line":22,"start_character":21,"end_line":22,"end_character":36},"updated":"2020-05-19 19:47:02.000000000","message":"This is not about using keystone as an IdP, the problem existed for any federated user including external IdP users.","commit_id":"822c5443479fac82f1b2403a4a29aa2760518d93"},{"author":{"_account_id":27621,"name":"Vishakha Agarwal","email":"agarwalvishakha18@gmail.com","username":"Vishakha"},"change_message_id":"bda54599c1b3adcd689821cad983a2a0e5b0092b","unresolved":false,"context_lines":[{"line_number":19,"context_line":"inactive."},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"After this patch user can view last_active_at set in the database"},{"line_number":22,"context_line":"for local user using keystone as idp."},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"Co-Authored-By: Vishakha Agarwal \u003cagarwalvishakha18@gmail.com\u003e"},{"line_number":25,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":7,"id":"ff570b3c_b0ae1e2b","line":22,"range":{"start_line":22,"start_character":21,"end_line":22,"end_character":36},"in_reply_to":"ff570b3c_7cd80eee","updated":"2020-05-21 12:13:30.000000000","message":"Done","commit_id":"822c5443479fac82f1b2403a4a29aa2760518d93"}],"keystone/tests/unit/test_v3_federation.py":[{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"2f0b5b606740892183fb5e2c13562550a150b273","unresolved":false,"context_lines":[{"line_number":3495,"context_line":"        self.config_fixture.config(group\u003d\u0027security_compliance\u0027,"},{"line_number":3496,"context_line":"                                   disable_user_account_days_inactive\u003d90)"},{"line_number":3497,"context_line":"        now \u003d datetime.datetime.utcnow().date()"},{"line_number":3498,"context_line":"        r \u003d self._issue_unscoped_token()"},{"line_number":3499,"context_line":"        token \u003d render_token.render_token_response_from_model(r)[\u0027token\u0027]"},{"line_number":3500,"context_line":"        user_ref \u003d self._get_user_ref(token[\u0027user\u0027][\u0027id\u0027])"},{"line_number":3501,"context_line":"        self.assertGreaterEqual(now, user_ref.last_active_at)"}],"source_content_type":"text/x-python","patch_set":4,"id":"1f493fa4_6082baca","line":3498,"updated":"2020-05-05 16:56:14.000000000","message":"The commit message says that the problem is that the user is unable to log in, can you form a unit test that demonstrates that problem?","commit_id":"48af2e417228033a37250bd9c4ccc1a7d9f7b790"},{"author":{"_account_id":27621,"name":"Vishakha Agarwal","email":"agarwalvishakha18@gmail.com","username":"Vishakha"},"change_message_id":"6d45daba6c3e6fa2ffa3a63d3d632c40f3ab6311","unresolved":false,"context_lines":[{"line_number":3495,"context_line":"        self.config_fixture.config(group\u003d\u0027security_compliance\u0027,"},{"line_number":3496,"context_line":"                                   disable_user_account_days_inactive\u003d90)"},{"line_number":3497,"context_line":"        now \u003d datetime.datetime.utcnow().date()"},{"line_number":3498,"context_line":"        r \u003d self._issue_unscoped_token()"},{"line_number":3499,"context_line":"        token \u003d render_token.render_token_response_from_model(r)[\u0027token\u0027]"},{"line_number":3500,"context_line":"        user_ref \u003d self._get_user_ref(token[\u0027user\u0027][\u0027id\u0027])"},{"line_number":3501,"context_line":"        self.assertGreaterEqual(now, user_ref.last_active_at)"}],"source_content_type":"text/x-python","patch_set":4,"id":"1f493fa4_39073f1f","line":3498,"in_reply_to":"1f493fa4_0664aeb8","updated":"2020-05-06 10:33:41.000000000","message":"As per my understanding the main author of this patch wants to set the \"last_active_at\" for local user in idp whenever he logins to his service provider. \n\nSo I need to add a test case where \" disable_user_account_days_inactive\u003d90\" is set for that user and he makes a login after (For example) 89 days, the last_active_at option should be updated and the user should not be disabled after 1 day?","commit_id":"48af2e417228033a37250bd9c4ccc1a7d9f7b790"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"bf681a92a6e809fa38820dd609ca403a0b838432","unresolved":false,"context_lines":[{"line_number":3495,"context_line":"        self.config_fixture.config(group\u003d\u0027security_compliance\u0027,"},{"line_number":3496,"context_line":"                                   disable_user_account_days_inactive\u003d90)"},{"line_number":3497,"context_line":"        now \u003d datetime.datetime.utcnow().date()"},{"line_number":3498,"context_line":"        r \u003d self._issue_unscoped_token()"},{"line_number":3499,"context_line":"        token \u003d render_token.render_token_response_from_model(r)[\u0027token\u0027]"},{"line_number":3500,"context_line":"        user_ref \u003d self._get_user_ref(token[\u0027user\u0027][\u0027id\u0027])"},{"line_number":3501,"context_line":"        self.assertGreaterEqual(now, user_ref.last_active_at)"}],"source_content_type":"text/x-python","patch_set":4,"id":"1f493fa4_70da7117","line":3498,"in_reply_to":"1f493fa4_39073f1f","updated":"2020-05-06 17:56:06.000000000","message":"Yes, the way I interpret it is that if the user logs in on day 89 then they should still be able to log in on day 91 because last_active_at will have been reset. So the test needs to show that.","commit_id":"48af2e417228033a37250bd9c4ccc1a7d9f7b790"},{"author":{"_account_id":27621,"name":"Vishakha Agarwal","email":"agarwalvishakha18@gmail.com","username":"Vishakha"},"change_message_id":"203067d96116db4aceb1c24b0d4caf54412b102f","unresolved":false,"context_lines":[{"line_number":3495,"context_line":"        self.config_fixture.config(group\u003d\u0027security_compliance\u0027,"},{"line_number":3496,"context_line":"                                   disable_user_account_days_inactive\u003d90)"},{"line_number":3497,"context_line":"        now \u003d datetime.datetime.utcnow().date()"},{"line_number":3498,"context_line":"        r \u003d self._issue_unscoped_token()"},{"line_number":3499,"context_line":"        token \u003d render_token.render_token_response_from_model(r)[\u0027token\u0027]"},{"line_number":3500,"context_line":"        user_ref \u003d self._get_user_ref(token[\u0027user\u0027][\u0027id\u0027])"},{"line_number":3501,"context_line":"        self.assertGreaterEqual(now, user_ref.last_active_at)"}],"source_content_type":"text/x-python","patch_set":4,"id":"1f493fa4_cbef6fae","line":3498,"in_reply_to":"1f493fa4_6082baca","updated":"2020-05-05 17:37:30.000000000","message":"The local user using federated identity cannot login after 90 days due to the option disable_user_account_days_inactive. The test case is already present [1]. Sorry for the confusion I will update the commit message that this patch adds/updates \"last_active_at\" for local user using federated identity.  \n[1]https://github.com/openstack/keystone/blob/74b2be3a415eb1298d4d91b9c5a1ff8cac3d8def/keystone/tests/unit/identity/test_backend_sql.py#L257","commit_id":"48af2e417228033a37250bd9c4ccc1a7d9f7b790"},{"author":{"_account_id":27621,"name":"Vishakha Agarwal","email":"agarwalvishakha18@gmail.com","username":"Vishakha"},"change_message_id":"299a47d1ed83361057328edb9536ff018be1647a","unresolved":false,"context_lines":[{"line_number":3495,"context_line":"        self.config_fixture.config(group\u003d\u0027security_compliance\u0027,"},{"line_number":3496,"context_line":"                                   disable_user_account_days_inactive\u003d90)"},{"line_number":3497,"context_line":"        now \u003d datetime.datetime.utcnow().date()"},{"line_number":3498,"context_line":"        r \u003d self._issue_unscoped_token()"},{"line_number":3499,"context_line":"        token \u003d render_token.render_token_response_from_model(r)[\u0027token\u0027]"},{"line_number":3500,"context_line":"        user_ref \u003d self._get_user_ref(token[\u0027user\u0027][\u0027id\u0027])"},{"line_number":3501,"context_line":"        self.assertGreaterEqual(now, user_ref.last_active_at)"}],"source_content_type":"text/x-python","patch_set":4,"id":"ff570b3c_af5714ca","line":3498,"in_reply_to":"1f493fa4_70da7117","updated":"2020-05-19 11:44:57.000000000","message":"Do I need to make other changes then? The \"last_active_at\" is updated in the database for the user.","commit_id":"48af2e417228033a37250bd9c4ccc1a7d9f7b790"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"aef02d78b3889a0607643e8836cc91f939c828de","unresolved":false,"context_lines":[{"line_number":3495,"context_line":"        self.config_fixture.config(group\u003d\u0027security_compliance\u0027,"},{"line_number":3496,"context_line":"                                   disable_user_account_days_inactive\u003d90)"},{"line_number":3497,"context_line":"        now \u003d datetime.datetime.utcnow().date()"},{"line_number":3498,"context_line":"        r \u003d self._issue_unscoped_token()"},{"line_number":3499,"context_line":"        token \u003d render_token.render_token_response_from_model(r)[\u0027token\u0027]"},{"line_number":3500,"context_line":"        user_ref \u003d self._get_user_ref(token[\u0027user\u0027][\u0027id\u0027])"},{"line_number":3501,"context_line":"        self.assertGreaterEqual(now, user_ref.last_active_at)"}],"source_content_type":"text/x-python","patch_set":4,"id":"1f493fa4_0664aeb8","line":3498,"in_reply_to":"1f493fa4_cbef6fae","updated":"2020-05-05 18:10:38.000000000","message":"That test is already present so that is not the bug. That test has nothing to do with federated users. This test needs to show how this option breaks federated users\u0027 ability to log in and prove that the change fixes it.","commit_id":"48af2e417228033a37250bd9c4ccc1a7d9f7b790"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"f7decba5909812a2f2c9a2bccc33ec71cc9c61cd","unresolved":false,"context_lines":[{"line_number":3495,"context_line":"        self.config_fixture.config(group\u003d\u0027security_compliance\u0027,"},{"line_number":3496,"context_line":"                                   disable_user_account_days_inactive\u003d90)"},{"line_number":3497,"context_line":"        now \u003d datetime.datetime.utcnow().date()"},{"line_number":3498,"context_line":"        r \u003d self._issue_unscoped_token()"},{"line_number":3499,"context_line":"        token \u003d render_token.render_token_response_from_model(r)[\u0027token\u0027]"},{"line_number":3500,"context_line":"        user_ref \u003d self._get_user_ref(token[\u0027user\u0027][\u0027id\u0027])"},{"line_number":3501,"context_line":"        self.assertGreaterEqual(now, user_ref.last_active_at)"}],"source_content_type":"text/x-python","patch_set":4,"id":"ff570b3c_c71a2415","line":3498,"in_reply_to":"ff570b3c_af5714ca","updated":"2020-05-19 19:47:02.000000000","message":"The test needs to show that the user can log in 90 days (or any amount of time, whatever you want to configure in [security_compliance]) + 1 after they have initially logged in, because the problem now is that they can\u0027t. You can use freezegun or the oslotest timeutils fixture for this.","commit_id":"48af2e417228033a37250bd9c4ccc1a7d9f7b790"},{"author":{"_account_id":27621,"name":"Vishakha Agarwal","email":"agarwalvishakha18@gmail.com","username":"Vishakha"},"change_message_id":"8028844f2f753ebd6f7217f38550fc85602c7b12","unresolved":false,"context_lines":[{"line_number":3495,"context_line":"        self.config_fixture.config(group\u003d\u0027security_compliance\u0027,"},{"line_number":3496,"context_line":"                                   disable_user_account_days_inactive\u003d90)"},{"line_number":3497,"context_line":"        now \u003d datetime.datetime.utcnow().date()"},{"line_number":3498,"context_line":"        r \u003d self._issue_unscoped_token()"},{"line_number":3499,"context_line":"        token \u003d render_token.render_token_response_from_model(r)[\u0027token\u0027]"},{"line_number":3500,"context_line":"        user_ref \u003d self._get_user_ref(token[\u0027user\u0027][\u0027id\u0027])"},{"line_number":3501,"context_line":"        self.assertGreaterEqual(now, user_ref.last_active_at)"}],"source_content_type":"text/x-python","patch_set":4,"id":"ff570b3c_f079b6c4","line":3498,"in_reply_to":"ff570b3c_c71a2415","updated":"2020-05-21 12:15:19.000000000","message":"I updated the test case.","commit_id":"48af2e417228033a37250bd9c4ccc1a7d9f7b790"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"2f0b5b606740892183fb5e2c13562550a150b273","unresolved":false,"context_lines":[{"line_number":3509,"context_line":""},{"line_number":3510,"context_line":"    def _get_user_ref(self, user_id):"},{"line_number":3511,"context_line":"        with sql.session_for_read() as session:"},{"line_number":3512,"context_line":"            return session.query(model.User).get(user_id)"},{"line_number":3513,"context_line":""},{"line_number":3514,"context_line":""},{"line_number":3515,"context_line":"class ShadowMappingTests(test_v3.RestfulTestCase, FederatedSetupMixin):"}],"source_content_type":"text/x-python","patch_set":4,"id":"1f493fa4_e0752afc","line":3512,"updated":"2020-05-05 16:56:14.000000000","message":"Please use the PROVIDERS interface here, do not use sql directly.","commit_id":"48af2e417228033a37250bd9c4ccc1a7d9f7b790"},{"author":{"_account_id":27621,"name":"Vishakha Agarwal","email":"agarwalvishakha18@gmail.com","username":"Vishakha"},"change_message_id":"299a47d1ed83361057328edb9536ff018be1647a","unresolved":false,"context_lines":[{"line_number":3509,"context_line":""},{"line_number":3510,"context_line":"    def _get_user_ref(self, user_id):"},{"line_number":3511,"context_line":"        with sql.session_for_read() as session:"},{"line_number":3512,"context_line":"            return session.query(model.User).get(user_id)"},{"line_number":3513,"context_line":""},{"line_number":3514,"context_line":""},{"line_number":3515,"context_line":"class ShadowMappingTests(test_v3.RestfulTestCase, FederatedSetupMixin):"}],"source_content_type":"text/x-python","patch_set":4,"id":"ff570b3c_6fbdfcd6","line":3512,"in_reply_to":"1f493fa4_e0752afc","updated":"2020-05-19 11:44:57.000000000","message":"The \"last_active_at\" is updated directly in database and doesn\u0027t show when I use provider interface for showing the user details. So I queried SQL directly same as [1]. I was not able to find another way to do it.\n\n[1]https://github.com/openstack/keystone/blob/master/keystone/tests/unit/identity/shadow_users/test_backend.py#L157","commit_id":"48af2e417228033a37250bd9c4ccc1a7d9f7b790"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"f7decba5909812a2f2c9a2bccc33ec71cc9c61cd","unresolved":false,"context_lines":[{"line_number":3509,"context_line":""},{"line_number":3510,"context_line":"    def _get_user_ref(self, user_id):"},{"line_number":3511,"context_line":"        with sql.session_for_read() as session:"},{"line_number":3512,"context_line":"            return session.query(model.User).get(user_id)"},{"line_number":3513,"context_line":""},{"line_number":3514,"context_line":""},{"line_number":3515,"context_line":"class ShadowMappingTests(test_v3.RestfulTestCase, FederatedSetupMixin):"}],"source_content_type":"text/x-python","patch_set":4,"id":"ff570b3c_5c342a4a","line":3512,"in_reply_to":"ff570b3c_6fbdfcd6","updated":"2020-05-19 19:47:02.000000000","message":"You\u0027re right, that attribute isn\u0027t exposed to the manager. However if you restructure the test as requested above you won\u0027t need to inspect the user object directly so this won\u0027t be needed.","commit_id":"48af2e417228033a37250bd9c4ccc1a7d9f7b790"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"a74d4ea406f267b65b8745dc96d657fba70331ad","unresolved":false,"context_lines":[{"line_number":3490,"context_line":"        # Now we should be able to delete the protocol"},{"line_number":3491,"context_line":"        PROVIDERS.federation_api.delete_protocol(self.IDP, protocol[\u0027id\u0027])"},{"line_number":3492,"context_line":""},{"line_number":3493,"context_line":"    def test_set_last_active_for_local_user_using_idp(self):"},{"line_number":3494,"context_line":"        self.config_fixture.config(group\u003d\u0027security_compliance\u0027,"},{"line_number":3495,"context_line":"                                   disable_user_account_days_inactive\u003d90)"},{"line_number":3496,"context_line":"        user_id, unscoped_token \u003d self._authenticate_via_saml()"}],"source_content_type":"text/x-python","patch_set":10,"id":"ff570b3c_6d8e0828","line":3493,"updated":"2020-05-27 21:35:30.000000000","message":"This passes even without the change in mapped.py. It\u0027s not a valid test.","commit_id":"066606e50d5de1ef6245e222cbc4b580068c0982"}],"releasenotes/notes/update_last_active_for_ephemeral_users-24555a360168924d.yaml":[{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"f7decba5909812a2f2c9a2bccc33ec71cc9c61cd","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"fixes:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    It updates the \"last_active_at\" field for local user using keystone as idp"},{"line_number":5,"context_line":"    for federated auth."}],"source_content_type":"text/x-yaml","patch_set":7,"id":"ff570b3c_1cc112e6","line":5,"range":{"start_line":4,"start_character":4,"end_line":5,"end_character":23},"updated":"2020-05-19 19:47:02.000000000","message":"Suggest instead:\n\nFixed a bug for federated users using security compliance settings: local users using federated identity for authentication were incorrectly being locked out if ``[security_compliance]/disable_user_account_days_inactive`` was enabled. Now federated users will remain activated if they continue to refresh their logins within the configured time frame.","commit_id":"822c5443479fac82f1b2403a4a29aa2760518d93"},{"author":{"_account_id":27621,"name":"Vishakha Agarwal","email":"agarwalvishakha18@gmail.com","username":"Vishakha"},"change_message_id":"bda54599c1b3adcd689821cad983a2a0e5b0092b","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"fixes:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    It updates the \"last_active_at\" field for local user using keystone as idp"},{"line_number":5,"context_line":"    for federated auth."}],"source_content_type":"text/x-yaml","patch_set":7,"id":"ff570b3c_f0a4164d","line":5,"range":{"start_line":4,"start_character":4,"end_line":5,"end_character":23},"in_reply_to":"ff570b3c_1cc112e6","updated":"2020-05-21 12:13:30.000000000","message":"Done","commit_id":"822c5443479fac82f1b2403a4a29aa2760518d93"}]}