)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":14250,"name":"Grzegorz Grasza","email":"xek@redhat.com","username":"xek"},"change_message_id":"8c1925802adc14635727ba587aa5b699b6381395","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"4269a0c2_b4170409","updated":"2022-06-28 09:42:12.000000000","message":"This should merge before the sql: Integrate alembic patch \nhttps://review.opendev.org/c/openstack/keystone/+/825844","commit_id":"bfc37ddabb4afb8fe50a2376595fdebfac6e91be"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"4536bc8e046ffc6b92fc763efb902434895a60b5","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"964bda42_16ba12e7","in_reply_to":"3940567e_f414fd5d","updated":"2023-12-12 20:07:22.000000000","message":"Done","commit_id":"bfc37ddabb4afb8fe50a2376595fdebfac6e91be"},{"author":{"_account_id":14250,"name":"Grzegorz Grasza","email":"xek@redhat.com","username":"xek"},"change_message_id":"b05b8d0c31bd58838c9d9357f0ce9d889ea29e03","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":9,"id":"3940567e_f414fd5d","in_reply_to":"4269a0c2_b4170409","updated":"2022-07-01 15:18:28.000000000","message":"Actually, the keystone/common/sql/*/versions/ directories are already empty","commit_id":"bfc37ddabb4afb8fe50a2376595fdebfac6e91be"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"8129ef41bdb5fe4ca409a406bdb9fd6ac4bdf1f0","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":10,"id":"81a7eb36_c5524400","updated":"2023-12-12 20:08:34.000000000","message":"Hello guys, the code here is updated to address the spec that was merged at: https://review.opendev.org/c/openstack/keystone-specs/+/748042","commit_id":"4e79f3f8f6ab1f400c06122b45d5325d7470f716"},{"author":{"_account_id":30695,"name":"Pedro Henrique Pereira Martins","email":"phpm13@gmail.com","username":"pedrohpmartins"},"change_message_id":"7b51ad31dba7d172adc9973ff124f8682d50d133","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"a658fdd0_267cff5f","updated":"2023-12-12 22:48:08.000000000","message":"Hi Rafael, I have only a few suggestions, everything else seems to be good to me.","commit_id":"f23b2df6ee5d92cf115c70da60f67fef0435a216"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"b7e939e4036fa0266f1968dcba37e33cabe39555","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":13,"id":"23d416eb_0489f9fc","updated":"2023-12-14 12:54:49.000000000","message":"Artem, \nDo you have any takes on this one? I mean, would you prefer to add the support for the group override at the user level with this patch as well.","commit_id":"313cc43b4d6b66f5844b51816f3bc20e9d48c52e"},{"author":{"_account_id":36300,"name":"Juan Pedro Torres Muñoz","display_name":"JuanPTM","email":"juan.torres-munoz@univention.de","username":"jtorres95"},"change_message_id":"6ff4dbcbb59a5992cc95755fbb980b655db66c26","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":13,"id":"81afe355_d0f69765","updated":"2023-12-14 11:01:29.000000000","message":"Hello Rafael,\nGlad to see you continue working on the patch. I tested your patch earlier this year and encountered the problem that in the case of federated/ephemeral users they are still assigned to the domain where the IdP is created instead of the domain specified in the mapping. A test case for this could also be useful.\n\nThis would go against the behavior specified in the blueprint, AFAIU. I tried to propose a merge request to solve that, you could check it [here](https://review.opendev.org/c/openstack/keystone/+/896072). I hope that saves you some time.","commit_id":"313cc43b4d6b66f5844b51816f3bc20e9d48c52e"},{"author":{"_account_id":30695,"name":"Pedro Henrique Pereira Martins","email":"phpm13@gmail.com","username":"pedrohpmartins"},"change_message_id":"a148a11778f9697fa6bef2cbc2d05f4fa6979234","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":13,"id":"6abbb9a3_d9873d59","updated":"2023-12-13 12:19:54.000000000","message":"Thanks Rafael for your patch. It looks good to me.","commit_id":"313cc43b4d6b66f5844b51816f3bc20e9d48c52e"},{"author":{"_account_id":36300,"name":"Juan Pedro Torres Muñoz","display_name":"JuanPTM","email":"juan.torres-munoz@univention.de","username":"jtorres95"},"change_message_id":"3c39078444a54aeec5bc8adafbfe929f83c0181f","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":13,"id":"c499be46_b4b85a8a","in_reply_to":"1f4be54a_4e40f66a","updated":"2023-12-14 12:38:55.000000000","message":"I\u0027m completely fine with both, let\u0027s see if someone has a different opinion.","commit_id":"313cc43b4d6b66f5844b51816f3bc20e9d48c52e"},{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"41cbd0b55dd4908ae18785e7018e75097296662e","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":13,"id":"71e77c2f_2107d7b8","in_reply_to":"23d416eb_0489f9fc","updated":"2023-12-14 13:04:13.000000000","message":"yes, otherwise implementation is not doing what user is actually expecting","commit_id":"313cc43b4d6b66f5844b51816f3bc20e9d48c52e"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"f8c73d5713e82a1fc44ea518ab3ab411260d0306","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":13,"id":"b7fdc3ca_cb816641","in_reply_to":"71e77c2f_2107d7b8","updated":"2023-12-14 13:08:14.000000000","message":"Ok, I will work on this one then. I will update the patch as soon as possible here.\n\nThank you very much for your support on this matter!","commit_id":"313cc43b4d6b66f5844b51816f3bc20e9d48c52e"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"b54d259e6b7cf3b3153195cc5d1e6546e7e88a90","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":13,"id":"1f4be54a_4e40f66a","in_reply_to":"81afe355_d0f69765","updated":"2023-12-14 11:25:50.000000000","message":"Hello Juan, \nThat is a good point. According to the spec, we would address at the project and group level. However, users (entity) can also be addressed with the same approach. What do you guys think would be better? \n\n- Merge this one as the spec was approved, and introduce the schema version. Afterwards, we create a minor version, let\u0027s say, 2.1, which expands the idea to the users elements as well?\n- Address the domain definition as for projects and groups in this code as well?\n\nI am fine with both methods.","commit_id":"313cc43b4d6b66f5844b51816f3bc20e9d48c52e"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"487e74ab8ba8c3fa3c732c459e549de58d5f947c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":13,"id":"fb3064a3_54cc0c58","in_reply_to":"b7fdc3ca_cb816641","updated":"2023-12-19 15:13:43.000000000","message":"done. Can you guys review it?","commit_id":"313cc43b4d6b66f5844b51816f3bc20e9d48c52e"},{"author":{"_account_id":36300,"name":"Juan Pedro Torres Muñoz","display_name":"JuanPTM","email":"juan.torres-munoz@univention.de","username":"jtorres95"},"change_message_id":"d5cf649dd9b633f9adaa8482653c98399b0e2fd1","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":13,"id":"74003e51_b9bf8efa","in_reply_to":"c499be46_b4b85a8a","updated":"2023-12-14 13:01:26.000000000","message":"Probably doing it here would be the faster way.","commit_id":"313cc43b4d6b66f5844b51816f3bc20e9d48c52e"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"90ba04fd1ca1d6a5f15d3833363822803e21469b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":16,"id":"80519884_14a76ea1","updated":"2024-01-03 18:49:17.000000000","message":"thanks for the review!","commit_id":"dadbc5b09568003f270fdbe11439933f6a6e9b3f"},{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"e8b7f6f29664761a41b698c6bdc40d1b91fca026","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":17,"id":"34fbd6c5_5225892c","updated":"2024-01-04 09:30:03.000000000","message":"Hey Rafael. I added an explicit test to verify user was created in the domain as set by the assertion and suggested small change in the logic I pointed earlier to make sure it passes. Feel free to redo it.","commit_id":"f0235456112a9997938a106d2823efbbda17b8be"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"451952f3138b69858445b39746ed40f90aeba1a8","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":17,"id":"fe139a47_28310498","updated":"2024-01-04 10:53:50.000000000","message":"Thanks for the help, but the core was already prepared for such situation.","commit_id":"f0235456112a9997938a106d2823efbbda17b8be"},{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"aa05343a1c7656ce42eff65c7a21b20ccbfe2847","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":17,"id":"9857015f_5c08d44b","updated":"2024-01-04 11:08:16.000000000","message":"new unittest just verifies what real test showed (as well as what Juan was also reporting):\n- create mapping with OIDC-user-domain-name attr used as user domain\n- create new domain in keystone\n- add user-domain-name attribute in keycloak\n- attempt to login with the new keycloak user\n- `openstack user list` shows users was created in the IDP domain and not in the specified domain","commit_id":"f0235456112a9997938a106d2823efbbda17b8be"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"dc05911fb251da42eca88d6f7fcf988b649f6765","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":17,"id":"f1c1024f_74d5e722","in_reply_to":"9857015f_5c08d44b","updated":"2024-01-04 11:20:35.000000000","message":"I see. Done. The code was changed. Can you check it?","commit_id":"f0235456112a9997938a106d2823efbbda17b8be"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"381d1f2f0ee565999a33dee8327b2d1848f566e3","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":18,"id":"cce6ba1e_4e5f0821","updated":"2024-01-04 15:15:54.000000000","message":"The test that is failing does not seem do be related to the changeset. Do you guys know if there is some sort of structural problem with the tempest tests?","commit_id":"97f6e92a300e672bb842bc44d55aab745f5dbc06"},{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"6ee7aba14a1271d4be02a2084119997c3d19ca2a","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":18,"id":"1c0cd712_104da3f4","updated":"2024-01-04 15:24:50.000000000","message":"btw, since I do not really know what keystone-manage itself is used for I can imagine your change in last patchset to replace print with logging may be exactly what currupts the start","commit_id":"97f6e92a300e672bb842bc44d55aab745f5dbc06"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"7f09d2ff9a7183dbb69cb11304a0230bbbe9223b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":18,"id":"9f1bb7f1_9bf32f86","updated":"2024-01-04 12:43:56.000000000","message":"recheck","commit_id":"97f6e92a300e672bb842bc44d55aab745f5dbc06"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"671ebcb671001d8e13acbacbcdfeb79ac6bd22c6","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":18,"id":"85e8e10a_b677f96b","in_reply_to":"0fba838e_20ec8df7","updated":"2024-01-04 15:32:23.000000000","message":"I will do so.","commit_id":"97f6e92a300e672bb842bc44d55aab745f5dbc06"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"671ebcb671001d8e13acbacbcdfeb79ac6bd22c6","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":18,"id":"74839e8b_c73bedf8","in_reply_to":"1c0cd712_104da3f4","updated":"2024-01-04 15:32:23.000000000","message":"Me neither. I just changed to make it consistent. It was using LOG sometimes, and sometime print.","commit_id":"97f6e92a300e672bb842bc44d55aab745f5dbc06"},{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"60ef053f6091b33e69e8d52e0bc7c3c3dff07ae6","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":18,"id":"0fba838e_20ec8df7","in_reply_to":"cce6ba1e_4e5f0821","updated":"2024-01-04 15:21:06.000000000","message":"I am not sure it is really unrelated, but can\u0027t find the reason so far. Comparing last successful run https://88d7e0c140b2b7046387-cdf523d3b16150ab0b9ddc512a79d512.ssl.cf5.rackcdn.com/739966/17/check/keystone-dsvm-py3-functional-federation-ubuntu-jammy-k2k/b8d0675/controller/logs/shibboleth/shibboleth/shibd_log.txt shidb log is \"ok\", while taking the failed ones (https://abc0c299b8d76e9606ff-88f13fe1d2cd9b64afb4d1818492b226.ssl.cf2.rackcdn.com/739966/18/check/keystone-dsvm-py3-functional-federation-ubuntu-jammy-k2k/d5c05a4/controller/logs/shibboleth/shibboleth/shibd_log.txt) you can see there \"error while loading resource (http://158.69.66.74/identity/v3/OS-FEDERATION/saml2/metadata): XML error(s) during parsing, check log for specifics\". Sadly the xml itself is not visible in the logs\n\nFeels like the metadata is corrupted for some reason and therefore shidb itself fails (no related errors visible in keystone logs).\n\nWhat if just to verify you revert changes to patchlevel 17 and if it passes there is something wrong in the change","commit_id":"97f6e92a300e672bb842bc44d55aab745f5dbc06"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"5b31331f3491f3be1d6aa350663ecc8da95a9578","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":19,"id":"0c62d252_185625e8","updated":"2024-01-04 16:00:39.000000000","message":"I reverted the changes. Let\u0027s see what happens. Looking at the logs I found the following:\n```\nhttps://zuul.opendev.org/t/openstack/build/d5c05a40463a4b28bf950b9536d58fe2/log/controller/logs/screen-keystone.txt#23803\n```\n\nI am not sure how that could be related to the changes, though.","commit_id":"f4fcbcf6b326da67e7cfe5da5ba75d8847475542"},{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"2caa112c1292d1125ff2a19c0cbbe61472b7c29d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":19,"id":"229960fb_b1a6026f","in_reply_to":"0c62d252_185625e8","updated":"2024-01-04 16:02:38.000000000","message":"https://review.opendev.org/c/openstack/keystone/+/739966/18/keystone/cmd/cli.py#1114 is most likely the reason.\nI suggest you drop all logging changes to the cli file - those are anyway not related while the change is already very big","commit_id":"f4fcbcf6b326da67e7cfe5da5ba75d8847475542"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"a88cb34535d2bb26cc08352af5848899ad6be551","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":19,"id":"44ccc94c_22e75634","in_reply_to":"229960fb_b1a6026f","updated":"2024-01-04 16:04:26.000000000","message":"I did that. If everything works, I will then revert only the changes you did in the domain usage for the create user method in the SQL backend.","commit_id":"f4fcbcf6b326da67e7cfe5da5ba75d8847475542"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"17d494abbc6bbe62296a189b0e481897eef1ae93","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":20,"id":"2062547a_9c13b14b","updated":"2024-01-04 18:53:41.000000000","message":"Yes, it seems that the problem was the logs I changed in the CLI. I will test it again.","commit_id":"c58ae1abc5a13f4447f7ad188ccf75348dd0b1ef"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"77c2dfbbfae8b39ea94f3984e9c1006e869db062","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":23,"id":"550a89eb_1125ea14","updated":"2024-01-16 11:55:33.000000000","message":"Artem, and Juan, \nI added the configuration you guys requested. Can you review the patch?","commit_id":"226288c518b046aa62766e236fa5764161276823"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"7e363d9636b5c85f8243a3d88d8d571eef7685fc","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":23,"id":"bb1b02f6_214950f3","updated":"2024-01-04 23:34:20.000000000","message":"Everything seems fine now. I just added the new logs I used to troubleshoot the CLI module.","commit_id":"226288c518b046aa62766e236fa5764161276823"},{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"244845a9285bc6a800c8d7fa7c539f24051b441d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":23,"id":"47102394_ed0ebc3c","updated":"2024-01-15 14:14:37.000000000","message":"I suggest to change the \"DEFAULT\" handling in favor of adding config option:\n```\ndiff --git a/keystone/api/os_federation.py b/keystone/api/os_federation.py\nindex b1f7fa37e..6f81c10e0 100644\n--- a/keystone/api/os_federation.py\n+++ b/keystone/api/os_federation.py\n@@ -281,7 +281,7 @@ class MappingResource(_ResourceBase):\n         mapping \u003d self.request_body_json.get(\u0027mapping\u0027, {})\n         mapping \u003d self._normalize_dict(mapping)\n \n-        mapping.setdefault(\u0027schema_version\u0027, utils.DEFAULT_SCHEMA_VERSION)\n+        mapping.setdefault(\u0027schema_version\u0027, CONF.federation.default_mapping_schema_version)\n         utils.validate_mapping_structure(mapping)\n \n         mapping_ref \u003d PROVIDERS.federation_api.create_mapping(\n@@ -297,7 +297,7 @@ class MappingResource(_ResourceBase):\n         mapping \u003d self.request_body_json.get(\u0027mapping\u0027, {})\n         mapping \u003d self._normalize_dict(mapping)\n \n-        mapping.setdefault(\u0027schema_version\u0027, utils.DEFAULT_SCHEMA_VERSION)\n+        mapping.setdefault(\u0027schema_version\u0027, CONF.federation.default_mapping_schema_version)\n         utils.validate_mapping_structure(mapping)\n \n         mapping_ref \u003d PROVIDERS.federation_api.update_mapping(\ndiff --git a/keystone/conf/federation.py b/keystone/conf/federation.py\nindex f99aef9b5..8d202ee7a 100644\n--- a/keystone/conf/federation.py\n+++ b/keystone/conf/federation.py\n@@ -103,6 +103,14 @@ from a mapping. Default is 0, which means disabled.\n \"\"\"))\n \n \n+default_mapping_schema_version \u003d cfg.StrOpt(\n+    \u0027default_mapping_schema_version\u0027,\n+    default\u003d\"1.0\",\n+    help\u003dutils.fmt(\"\"\"\n+Default mapping rules schema version. Default is `1.0`\n+\"\"\"))\n+\n+\n GROUP_NAME \u003d __name__.split(\u0027.\u0027)[-1]\n ALL_OPTS \u003d [\n     driver,\n@@ -113,6 +121,7 @@ ALL_OPTS \u003d [\n     sso_callback_template,\n     caching,\n     default_authorization_ttl,\n+    default_mapping_schema_version,\n ]\n \n \ndiff --git a/keystone/federation/utils.py b/keystone/federation/utils.py\nindex b2ef35610..f89d19d1a 100644\n\n--- a/keystone/federation/utils.py\n+++ b/keystone/federation/utils.py\n@@ -41,8 +41,6 @@ class UserType(object):\n     LOCAL \u003d \u0027local\u0027\n-DEFAULT_SCHEMA_VERSION \u003d \"1.0\"\n-\n ROLE_PROPERTIES \u003d {\n     \"type\": \"array\",\n     \"items\": {\n@@ -291,7 +289,7 @@ class DirectMaps(object):\n \n \n def validate_mapping_structure(ref):\n-    version \u003d ref.get(\u0027schema_version\u0027, DEFAULT_SCHEMA_VERSION)\n+    version \u003d ref.get(\u0027schema_version\u0027, CONF.federation.default_mapping_schema_version)\n \n     v \u003d jsonschema.Draft4Validator(\n         IDP_ATTRIBUTE_MAPPING_SCHEMAS[version][\u0027schema\u0027])\n@@ -1018,15 +1016,15 @@ class RuleProcessorToHonorDomainOption(RuleProcessor):\n \n \n IDP_ATTRIBUTE_MAPPING_SCHEMAS \u003d {\n-    DEFAULT_SCHEMA_VERSION: {\"schema\": IDP_ATTRIBUTE_MAPPING_SCHEMA_1_0,\n-                             \"processor\": RuleProcessor},\n+    \"1.0\": {\"schema\": IDP_ATTRIBUTE_MAPPING_SCHEMA_1_0,\n+            \"processor\": RuleProcessor},\n     \"2.0\": {\"schema\": IDP_ATTRIBUTE_MAPPING_SCHEMA_2_0,\n             \"processor\": RuleProcessorToHonorDomainOption}\n }\n \n \n def create_attribute_mapping_rules_processor(mapping):\n-    version \u003d mapping.get(\u0027schema_version\u0027, DEFAULT_SCHEMA_VERSION)\n+    version \u003d mapping.get(\u0027schema_version\u0027, CONF.federation.default_mapping_schema_version)\n \n     return IDP_ATTRIBUTE_MAPPING_SCHEMAS[version][\u0027processor\u0027](\n         mapping[\u0027id\u0027], mapping[\u0027rules\u0027])\n```\n\nthis allow flexibility for cloud operators to stick to whichever version they want to have (with easy rollback and activation) and let people here easily test it. @Rafael, If you are ok I can push this patch directly (tried to reach you view IRC and email with no luck)","commit_id":"226288c518b046aa62766e236fa5764161276823"},{"author":{"_account_id":36300,"name":"Juan Pedro Torres Muñoz","display_name":"JuanPTM","email":"juan.torres-munoz@univention.de","username":"jtorres95"},"change_message_id":"62738bef8a88cdba79b88dbca652af075d3f91d7","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":23,"id":"a2a37dcb_1ca8c0e7","updated":"2024-01-09 18:49:48.000000000","message":"I\u0027ve tested the creation of federated users into a designated domain. There is a problem with roles, even if I pre provision the project and the roles. The following error get returned.\n\n```\n2024-01-09 18:28:05.612170 2024-01-09 18:28:05.609 735 ERROR keystone.server.flask.application [None req-248249bc-3408-4b1d-a134-a40b5df8c289 - - - - - -] role: member must be within the same domain as the identity provider: keycloak.: keystone.exception.DomainSpecificRoleNotWithinIdPDomain: role: member must be within the same domain as the identity provider: keycloak.\n\n```","commit_id":"226288c518b046aa62766e236fa5764161276823"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"78416eb83f2b96cc137ebbffb00f7fb029f9d14a","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":23,"id":"0a75b5ce_7629090d","in_reply_to":"08778cfd_0ce5bb70","updated":"2024-01-15 16:39:26.000000000","message":"It seems that we found the issue. I will mark this thread as resolved then.","commit_id":"226288c518b046aa62766e236fa5764161276823"},{"author":{"_account_id":36300,"name":"Juan Pedro Torres Muñoz","display_name":"JuanPTM","email":"juan.torres-munoz@univention.de","username":"jtorres95"},"change_message_id":"5a1be18b8c030617fdab6e26b6b95cc245935194","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":23,"id":"70810b2d_0afcf8f3","in_reply_to":"0a75b5ce_7629090d","updated":"2024-01-19 08:44:07.000000000","message":"After testing this, I can confirm it works.","commit_id":"226288c518b046aa62766e236fa5764161276823"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"ae3b9ac4c058abc8827bb1e219037d9bbe49da8c","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":23,"id":"a246c9ba_ab4cac48","in_reply_to":"1222e3a8_7bdb10b1","updated":"2024-01-12 16:13:45.000000000","message":"I see, can you add into that link [1], the following information?\n- openstack mapping list\n- openstack mapping show \u003cmapping_name\u003e\n- Check if the message \"Configuring the domain\" or \"was configured with a domain\" appear in the logs. They will appear in DEBUG log level.","commit_id":"226288c518b046aa62766e236fa5764161276823"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"4d38846e97ad64e4e20b697a9ac394fe9e25540c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":23,"id":"fd44ea69_ed8bb4de","in_reply_to":"47102394_ed0ebc3c","updated":"2024-01-15 14:21:00.000000000","message":"Hello Artem, \nI just replied your e-mail.\n\nRegarding your suggestion, I guess you are proposing it because of the tests Juan is doing, and he did not configure the schema_version for the attribute mapping, as the current CLI does not support it, because the current patch has not been merged yet. However, one can always use CURL to achieve that.\n\nAlso, the proposal you have seems to create more confusion. For instance, it is a backend parameter that will change the way some APIs behave. Therefore, users can notice unexpected behavior without necessarily changing anything about how they call the APIs.\n\nFor instance, one can set the default schema_version to 2.0; then, they can register some attribute mapping, which will receive the schema_version as 2.0, if they are not defined by the user creating them. Afterward, if one changes that property to 1.0 or some future version (e.g. 3.0). One might expect the previously created to be using the default as well, but they will not. They will be using the \"old default\"\n\nWe discussed this proposal here, and we see the potential for it to cause more confusion than benefits. However, as this patch has been stuck for a while if that is an imposed requirement, I would add it to the code base. Let me know what you guys think.","commit_id":"226288c518b046aa62766e236fa5764161276823"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"49b32c0bb4f1e24b45585cf7bc13699e66aeefcf","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":23,"id":"87bfcfbe_5a4aec46","in_reply_to":"70810b2d_0afcf8f3","updated":"2024-01-23 10:44:21.000000000","message":"Thanks for the help on testing this one as well!","commit_id":"226288c518b046aa62766e236fa5764161276823"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"78416eb83f2b96cc137ebbffb00f7fb029f9d14a","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":23,"id":"687dc4c6_61f658b5","in_reply_to":"8cafc003_d6086527","updated":"2024-01-15 16:39:26.000000000","message":"Well, it is not a speculating test that somebody needs to do. One just needs to read the specs (which is important to understand what is being tested) and check the patch to understand what is implemented that is going to be tested. Anyway, I expect developers to be able to use/consume spec and use CURL to a newly created API that does not have a CLI command yet.\n\nI see no point in continuing to argue; even though I disagree, I will add the change you suggested. However, I think this can bring more problems than help. Probably tomorrow or later on Wednesday I will send the patch.","commit_id":"226288c518b046aa62766e236fa5764161276823"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"3be2e1c0b721075a41930996d50263f85aeefe34","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":23,"id":"08778cfd_0ce5bb70","in_reply_to":"9868dc54_c26c9961","updated":"2024-01-15 14:05:24.000000000","message":"The CLI depends on this other patch [*], but the problem is that it depends on this one to get merged. Therefore, you need to test configuring the attribute mapping via a CURL call as the CLI is still not prepared for it.\n\n[*] https://review.opendev.org/c/openstack/python-openstackclient/+/749572","commit_id":"226288c518b046aa62766e236fa5764161276823"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"1995943afa015e7ff09f1a0b376d6caa0541336f","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":23,"id":"9868dc54_c26c9961","in_reply_to":"a246c9ba_ab4cac48","updated":"2024-01-15 13:44:56.000000000","message":"Juan, you did not post an update here, but I see that you updated the link in [1].\n\nregarding your message:\n```\nRegarding the “Configuring the domain” or “was configured with a domain” in the logs, there is no such message on the logs.\n```\n\nThat means you are using the default processor. Also looking at your output, you probably registered the attribute mapping uisng the CLI, but the CLI has not been updated to support these new APIs here. Therefore, you are using the attribute mapping with schema 1.0, which is not the one that introduced the behavior you want.\n\nYou will need to either update the attribute mapping schema version via CURL or register a new one with CURL and using the schema_version 2.0.","commit_id":"226288c518b046aa62766e236fa5764161276823"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"b7c1fd55f57e264b7770bf5ad053b8eba8f68bc9","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":23,"id":"c42fe273_5cf7a839","in_reply_to":"a2a37dcb_1ca8c0e7","updated":"2024-01-09 19:36:20.000000000","message":"The error message has nothing to do with this patch. You can check the code at [1]. This behavior is already there implemented. It is implemented since its initial code was pushed upstream. You will need roles that are not domain specific.\n\n[1] https://github.com/openstack/keystone/blob/adfa92b40d11f94a03af5202da1fc3858bbccbb5/keystone/auth/plugins/mapped.py#L112","commit_id":"226288c518b046aa62766e236fa5764161276823"},{"author":{"_account_id":36300,"name":"Juan Pedro Torres Muñoz","display_name":"JuanPTM","email":"juan.torres-munoz@univention.de","username":"jtorres95"},"change_message_id":"0be2460196a4a910e3ecf4681521d8bda03b31fe","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":23,"id":"1222e3a8_7bdb10b1","in_reply_to":"c42fe273_5cf7a839","updated":"2024-01-12 16:01:59.000000000","message":"Hello Rafael, thanks for your response. It\u0027s true what you said. \nBut, we repeated the experiment using a non domain specific role (reader) and we were able to login. But, the federated was placed on the IdP domain, instead of the domain specified on the claim.\n\nYou can check more info in [1], there you can find the assertion from the keystone log, and different info from openstack.\n\n[1] https://input.scs.community/opendev-keystone-issue-739966?view","commit_id":"226288c518b046aa62766e236fa5764161276823"},{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"d9abc004235c45d0f9301bccb879bd88fb0c6e5e","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":23,"id":"8cafc003_d6086527","in_reply_to":"fd44ea69_ed8bb4de","updated":"2024-01-15 14:54:40.000000000","message":"OpenStack is full of things where config parameter influences API behavior dramatically (even just adding new AZ lead to unexpected behavior when provisioning new VM). This is a \"provider\" issue how to communicate this.\n\nWhat you say can be rephrased in the following way: doesn\u0027t matter which way the default is set it can be screwed. Right. But in that case it is less mess to delete DEFAULT as such, because THIS is what is creating confusion. Basically in a programmer and operator eyes a \"default\" is something what he can influence on. Here it is not really the case. It is implemented now like a \"unversioned_schema\" rather then default_schema_version\n\nMy main problem is that with this hardcoded to 1.0 there is no possibility for anybody to test the change reasonably without speculatively testing some other dependent (and unlinked) changes or going curl with not properly documented API (as SDK/CLI maintainer I would rather say: undocumented)\n\nI am not insisting on that, was just thinking it would make testing and operating easier once there is a config option.\n\nbtw, normally we accept OSC changes once related service change is merged, what would mean here a infinite loop since it is not possible to test feature otherwise. Anyway, we can make an exception here. It is just making testing a lot more comlpex.","commit_id":"226288c518b046aa62766e236fa5764161276823"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"49b32c0bb4f1e24b45585cf7bc13699e66aeefcf","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":24,"id":"e1956c3e_1bb3e1eb","updated":"2024-01-23 10:44:21.000000000","message":"If you guys need anything else here, just let me know. Whatever help to merge it as soon as possible, I will be ready here \u003d)","commit_id":"14ac08431f22705a242073ffe2c362b3aa5d9b71"},{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"aa206f95c79c539d0c82ec480c334d6b2b6991ff","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":24,"id":"d716206e_4abab20b","updated":"2024-01-16 16:04:36.000000000","message":"Is ok for me to proceed with further improvements","commit_id":"14ac08431f22705a242073ffe2c362b3aa5d9b71"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"e2e0b3215ee17973e0eba343fa9cffa85447e8c6","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":24,"id":"c5d57243_46f65ae5","updated":"2024-01-26 10:55:01.000000000","message":"Thank you all for your reviews!","commit_id":"14ac08431f22705a242073ffe2c362b3aa5d9b71"},{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"4c441e447ad54035e47cd7fe60d38c69b180d051","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":24,"id":"6dc02b9e_4230e64d","in_reply_to":"2dc523a0_f4ffc641","updated":"2024-01-18 08:40:03.000000000","message":"I mean all the followup changes and specs (all other further improvement) that waits for this change to land","commit_id":"14ac08431f22705a242073ffe2c362b3aa5d9b71"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"15ba4ab9cab94d162b5e9aea388a63aa5e83fb30","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":24,"id":"2dc523a0_f4ffc641","in_reply_to":"d716206e_4abab20b","updated":"2024-01-16 16:18:47.000000000","message":"Thanks for the help on this one! I am not sure I follow. What are the further improvements you are talking about? Is there something else that we need to change here?","commit_id":"14ac08431f22705a242073ffe2c362b3aa5d9b71"}],"keystone/api/os_federation.py":[{"author":{"_account_id":30695,"name":"Pedro Henrique Pereira Martins","email":"phpm13@gmail.com","username":"pedrohpmartins"},"change_message_id":"7b51ad31dba7d172adc9973ff124f8682d50d133","unresolved":true,"context_lines":[{"line_number":289,"context_line":"        return self.wrap_member(mapping_ref), http.client.CREATED"},{"line_number":290,"context_line":""},{"line_number":291,"context_line":"    @staticmethod"},{"line_number":292,"context_line":"    def configure_default_mapping_schema_version(mapping):"},{"line_number":293,"context_line":"        if not mapping.get(\u0027schema_version\u0027):"},{"line_number":294,"context_line":"            mapping[\u0027schema_version\u0027] \u003d utils.DEFAULT_SCHEMA_VERSION"},{"line_number":295,"context_line":""}],"source_content_type":"text/x-python","patch_set":10,"id":"77669608_95b4498f","line":292,"updated":"2023-12-12 22:48:08.000000000","message":"you could use the `setdefault` function from dict instead of creating this method to set a default value for `schema_version`:\n\n```python\nmapping.setdefault(\u0027schema_version\u0027, utils.DEFAULT_SCHEMA_VERSION)\n```","commit_id":"4e79f3f8f6ab1f400c06122b45d5325d7470f716"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"b949fe1c04d06c342db88fcc285b41503a9bc743","unresolved":false,"context_lines":[{"line_number":289,"context_line":"        return self.wrap_member(mapping_ref), http.client.CREATED"},{"line_number":290,"context_line":""},{"line_number":291,"context_line":"    @staticmethod"},{"line_number":292,"context_line":"    def configure_default_mapping_schema_version(mapping):"},{"line_number":293,"context_line":"        if not mapping.get(\u0027schema_version\u0027):"},{"line_number":294,"context_line":"            mapping[\u0027schema_version\u0027] \u003d utils.DEFAULT_SCHEMA_VERSION"},{"line_number":295,"context_line":""}],"source_content_type":"text/x-python","patch_set":10,"id":"c2d7dfd9_af668430","line":292,"in_reply_to":"77669608_95b4498f","updated":"2023-12-13 10:45:10.000000000","message":"I have sour eyes and a slow brain. Therefore, the traditional IF/else coding style is easier for me \u003d).\n\nI updated the code as you suggested.","commit_id":"4e79f3f8f6ab1f400c06122b45d5325d7470f716"},{"author":{"_account_id":30695,"name":"Pedro Henrique Pereira Martins","email":"phpm13@gmail.com","username":"pedrohpmartins"},"change_message_id":"b25d25f0be7a294a173dc5a4d81b499be1e2631c","unresolved":true,"context_lines":[{"line_number":281,"context_line":"        mapping \u003d self.request_body_json.get(\u0027mapping\u0027, {})"},{"line_number":282,"context_line":"        mapping \u003d self._normalize_dict(mapping)"},{"line_number":283,"context_line":""},{"line_number":284,"context_line":"        MappingResource.configure_default_mapping_schema_version(mapping)"},{"line_number":285,"context_line":"        utils.validate_mapping_structure(mapping)"},{"line_number":286,"context_line":""},{"line_number":287,"context_line":"        mapping_ref \u003d PROVIDERS.federation_api.create_mapping("}],"source_content_type":"text/x-python","patch_set":12,"id":"e34bec50_53a19902","line":284,"updated":"2023-12-13 11:43:41.000000000","message":"I meant that you dont need creating the new method, as the setting default for dicts are quite explanatory.","commit_id":"bcc5cccd4213b37369d4f0f3cf76570d699e37a6"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"b1006c53d9f05c1a3b70070fc6d268bdacbfccc4","unresolved":false,"context_lines":[{"line_number":281,"context_line":"        mapping \u003d self.request_body_json.get(\u0027mapping\u0027, {})"},{"line_number":282,"context_line":"        mapping \u003d self._normalize_dict(mapping)"},{"line_number":283,"context_line":""},{"line_number":284,"context_line":"        MappingResource.configure_default_mapping_schema_version(mapping)"},{"line_number":285,"context_line":"        utils.validate_mapping_structure(mapping)"},{"line_number":286,"context_line":""},{"line_number":287,"context_line":"        mapping_ref \u003d PROVIDERS.federation_api.create_mapping("}],"source_content_type":"text/x-python","patch_set":12,"id":"a858ece7_baf1a653","line":284,"in_reply_to":"e34bec50_53a19902","updated":"2023-12-13 12:04:56.000000000","message":"Done","commit_id":"bcc5cccd4213b37369d4f0f3cf76570d699e37a6"}],"keystone/auth/plugins/mapped.py":[{"author":{"_account_id":30695,"name":"Pedro Henrique Pereira Martins","email":"phpm13@gmail.com","username":"pedrohpmartins"},"change_message_id":"7b51ad31dba7d172adc9973ff124f8682d50d133","unresolved":true,"context_lines":[{"line_number":123,"context_line":"              shadow_project[\u0027name\u0027], shadow_project[\u0027domain\u0027][\u0027id\u0027])"},{"line_number":124,"context_line":""},{"line_number":125,"context_line":""},{"line_number":126,"context_line":"def handle_projects_from_mapping(shadow_projects, idp_domain_id,"},{"line_number":127,"context_line":"                                 existing_roles, user, assignment_api,"},{"line_number":128,"context_line":"                                 resource_api):"},{"line_number":129,"context_line":"    for shadow_project in shadow_projects:"}],"source_content_type":"text/x-python","patch_set":10,"id":"8249c1a4_1082acc5","line":126,"range":{"start_line":126,"start_character":4,"end_line":126,"end_character":10},"updated":"2023-12-12 22:48:08.000000000","message":"Any reason to change the function\u0027s name?","commit_id":"4e79f3f8f6ab1f400c06122b45d5325d7470f716"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"b949fe1c04d06c342db88fcc285b41503a9bc743","unresolved":false,"context_lines":[{"line_number":123,"context_line":"              shadow_project[\u0027name\u0027], shadow_project[\u0027domain\u0027][\u0027id\u0027])"},{"line_number":124,"context_line":""},{"line_number":125,"context_line":""},{"line_number":126,"context_line":"def handle_projects_from_mapping(shadow_projects, idp_domain_id,"},{"line_number":127,"context_line":"                                 existing_roles, user, assignment_api,"},{"line_number":128,"context_line":"                                 resource_api):"},{"line_number":129,"context_line":"    for shadow_project in shadow_projects:"}],"source_content_type":"text/x-python","patch_set":10,"id":"a44c9bcc_2a718319","line":126,"range":{"start_line":126,"start_character":4,"end_line":126,"end_character":10},"in_reply_to":"8249c1a4_1082acc5","updated":"2023-12-13 10:45:10.000000000","message":"Yes. The method now does not create the project. We do much more. We control project assignments, and so on. That is why the \"handle\" prefix felt a little bit better than the \"create\" one.\n\nMoreover, I created the function from scratch, and just then I deleted the old one. That is why the names are also different.","commit_id":"4e79f3f8f6ab1f400c06122b45d5325d7470f716"},{"author":{"_account_id":30695,"name":"Pedro Henrique Pereira Martins","email":"phpm13@gmail.com","username":"pedrohpmartins"},"change_message_id":"b25d25f0be7a294a173dc5a4d81b499be1e2631c","unresolved":false,"context_lines":[{"line_number":123,"context_line":"              shadow_project[\u0027name\u0027], shadow_project[\u0027domain\u0027][\u0027id\u0027])"},{"line_number":124,"context_line":""},{"line_number":125,"context_line":""},{"line_number":126,"context_line":"def handle_projects_from_mapping(shadow_projects, idp_domain_id,"},{"line_number":127,"context_line":"                                 existing_roles, user, assignment_api,"},{"line_number":128,"context_line":"                                 resource_api):"},{"line_number":129,"context_line":"    for shadow_project in shadow_projects:"}],"source_content_type":"text/x-python","patch_set":10,"id":"aed8d674_e9f8dbe0","line":126,"range":{"start_line":126,"start_character":4,"end_line":126,"end_character":10},"in_reply_to":"a44c9bcc_2a718319","updated":"2023-12-13 11:43:41.000000000","message":"ah, ok, I thought you did some changes and moved it outside the nested functions definition to be able to test it in unit tests, but you rewritten it","commit_id":"4e79f3f8f6ab1f400c06122b45d5325d7470f716"},{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"5eb1bbc0ac8809fe647fc4ad22040aba5161e4e3","unresolved":true,"context_lines":[{"line_number":119,"context_line":"        db_domain \u003d resource_api.get_domain_by_name(domain[\u0027name\u0027])"},{"line_number":120,"context_line":"        domain \u003d {\"id\": db_domain.get(\u0027id\u0027)}"},{"line_number":121,"context_line":"    shadow_project[\u0027domain\u0027] \u003d domain"},{"line_number":122,"context_line":"    LOG.debug(\u0027Project [%s] domain ID was solved to [%s]\u0027,"},{"line_number":123,"context_line":"              shadow_project[\u0027name\u0027], shadow_project[\u0027domain\u0027][\u0027id\u0027])"},{"line_number":124,"context_line":""},{"line_number":125,"context_line":""}],"source_content_type":"text/x-python","patch_set":15,"id":"0663d87a_052eb412","line":122,"updated":"2024-01-03 13:36:18.000000000","message":"let\u0027s better name it \"resolved\" for consistency and clearness","commit_id":"fc4b6a6b4f7f579839110176beed3ec1d61254b1"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"8fd15a5b8a9af79c1493ef1678e77f95409280cf","unresolved":false,"context_lines":[{"line_number":119,"context_line":"        db_domain \u003d resource_api.get_domain_by_name(domain[\u0027name\u0027])"},{"line_number":120,"context_line":"        domain \u003d {\"id\": db_domain.get(\u0027id\u0027)}"},{"line_number":121,"context_line":"    shadow_project[\u0027domain\u0027] \u003d domain"},{"line_number":122,"context_line":"    LOG.debug(\u0027Project [%s] domain ID was solved to [%s]\u0027,"},{"line_number":123,"context_line":"              shadow_project[\u0027name\u0027], shadow_project[\u0027domain\u0027][\u0027id\u0027])"},{"line_number":124,"context_line":""},{"line_number":125,"context_line":""}],"source_content_type":"text/x-python","patch_set":15,"id":"2ce79cb0_2560fa5f","line":122,"in_reply_to":"0663d87a_052eb412","updated":"2024-01-03 14:09:56.000000000","message":"Done","commit_id":"fc4b6a6b4f7f579839110176beed3ec1d61254b1"}],"keystone/cmd/cli.py":[{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"5eb1bbc0ac8809fe647fc4ad22040aba5161e4e3","unresolved":true,"context_lines":[{"line_number":1189,"context_line":""},{"line_number":1190,"context_line":"        attribute_mapping \u003d tester.rules.copy()"},{"line_number":1191,"context_line":"        attribute_mapping["},{"line_number":1192,"context_line":"            \u0027schema_version\u0027] \u003d CONF.command.mapping_schema_version"},{"line_number":1193,"context_line":"        mapping_engine.validate_mapping_structure(attribute_mapping)"},{"line_number":1194,"context_line":""},{"line_number":1195,"context_line":"        tester.read_assertion(CONF.command.input)"}],"source_content_type":"text/x-python","patch_set":15,"id":"29fb2b52_e4fe021e","line":1192,"updated":"2024-01-03 13:36:18.000000000","message":"that doesn\u0027t seem to work since new variable has not been added to the config","commit_id":"fc4b6a6b4f7f579839110176beed3ec1d61254b1"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"8fd15a5b8a9af79c1493ef1678e77f95409280cf","unresolved":false,"context_lines":[{"line_number":1189,"context_line":""},{"line_number":1190,"context_line":"        attribute_mapping \u003d tester.rules.copy()"},{"line_number":1191,"context_line":"        attribute_mapping["},{"line_number":1192,"context_line":"            \u0027schema_version\u0027] \u003d CONF.command.mapping_schema_version"},{"line_number":1193,"context_line":"        mapping_engine.validate_mapping_structure(attribute_mapping)"},{"line_number":1194,"context_line":""},{"line_number":1195,"context_line":"        tester.read_assertion(CONF.command.input)"}],"source_content_type":"text/x-python","patch_set":15,"id":"dfbaf9b4_6a4fedf1","line":1192,"in_reply_to":"29fb2b52_e4fe021e","updated":"2024-01-03 14:09:56.000000000","message":"Good catch! Done.","commit_id":"fc4b6a6b4f7f579839110176beed3ec1d61254b1"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"90ba04fd1ca1d6a5f15d3833363822803e21469b","unresolved":false,"context_lines":[{"line_number":1189,"context_line":""},{"line_number":1190,"context_line":"        attribute_mapping \u003d tester.rules.copy()"},{"line_number":1191,"context_line":"        attribute_mapping["},{"line_number":1192,"context_line":"            \u0027schema_version\u0027] \u003d CONF.command.mapping_schema_version"},{"line_number":1193,"context_line":"        mapping_engine.validate_mapping_structure(attribute_mapping)"},{"line_number":1194,"context_line":""},{"line_number":1195,"context_line":"        tester.read_assertion(CONF.command.input)"}],"source_content_type":"text/x-python","patch_set":15,"id":"8553a89a_ef03b01c","line":1192,"in_reply_to":"929e8dbe_66178a06","updated":"2024-01-03 18:49:17.000000000","message":"I added the configuration here: https://review.opendev.org/c/openstack/keystone/+/739966/16/keystone/cmd/cli.py#1251.","commit_id":"fc4b6a6b4f7f579839110176beed3ec1d61254b1"},{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"b0a46b3fe7b26fd7e7b8d6fc81f7bd6e6ed0dc52","unresolved":false,"context_lines":[{"line_number":1189,"context_line":""},{"line_number":1190,"context_line":"        attribute_mapping \u003d tester.rules.copy()"},{"line_number":1191,"context_line":"        attribute_mapping["},{"line_number":1192,"context_line":"            \u0027schema_version\u0027] \u003d CONF.command.mapping_schema_version"},{"line_number":1193,"context_line":"        mapping_engine.validate_mapping_structure(attribute_mapping)"},{"line_number":1194,"context_line":""},{"line_number":1195,"context_line":"        tester.read_assertion(CONF.command.input)"}],"source_content_type":"text/x-python","patch_set":15,"id":"929e8dbe_66178a06","line":1192,"in_reply_to":"dfbaf9b4_6a4fedf1","updated":"2024-01-03 14:26:59.000000000","message":"well, not done. keystone-manage complains that config option is not registered at all, thus CONF.command has no attribute mapping_schema_version at all. My suggestion would be to actually add new config value, otherwise as I mentioned above it is currently not possible to start using new functionality at all","commit_id":"fc4b6a6b4f7f579839110176beed3ec1d61254b1"}],"keystone/common/sql/contract_repo/versions/079_contract_add_attribute_mapping_schema_version.py":[{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"d69cc6e7bac2c09a5ce95de8a68b98d4f255d9db","unresolved":false,"context_lines":[{"line_number":10,"context_line":"#    License for the specific language governing permissions and limitations"},{"line_number":11,"context_line":"#    under the License."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"def upgrade(migrate_engine):"},{"line_number":14,"context_line":"    pass"},{"line_number":15,"context_line":""}],"source_content_type":"text/x-python","patch_set":6,"id":"9f560f44_494d43c3","line":13,"updated":"2020-08-28 16:58:24.000000000","message":"pep8: E302 expected 2 blank lines, found 1","commit_id":"054ebec60795e07c491d98fdc97a2022d35024b4"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"d69cc6e7bac2c09a5ce95de8a68b98d4f255d9db","unresolved":false,"context_lines":[{"line_number":12,"context_line":""},{"line_number":13,"context_line":"def upgrade(migrate_engine):"},{"line_number":14,"context_line":"    pass"},{"line_number":15,"context_line":""}],"source_content_type":"text/x-python","patch_set":6,"id":"9f560f44_294a8fab","line":15,"updated":"2020-08-28 16:58:24.000000000","message":"pep8: W391 blank line at end of file","commit_id":"054ebec60795e07c491d98fdc97a2022d35024b4"}],"keystone/common/sql/data_migration_repo/versions/079_migrate_add_attribute_mapping_schema_version.py":[{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"d69cc6e7bac2c09a5ce95de8a68b98d4f255d9db","unresolved":false,"context_lines":[{"line_number":10,"context_line":"#    License for the specific language governing permissions and limitations"},{"line_number":11,"context_line":"#    under the License."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"import sqlalchemy as sql"},{"line_number":14,"context_line":""},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"def upgrade(migrate_engine):"}],"source_content_type":"text/x-python","patch_set":6,"id":"9f560f44_09534b6e","line":13,"updated":"2020-08-28 16:58:24.000000000","message":"pep8: F401 \u0027sqlalchemy as sql\u0027 imported but unused","commit_id":"054ebec60795e07c491d98fdc97a2022d35024b4"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"d69cc6e7bac2c09a5ce95de8a68b98d4f255d9db","unresolved":false,"context_lines":[{"line_number":15,"context_line":""},{"line_number":16,"context_line":"def upgrade(migrate_engine):"},{"line_number":17,"context_line":"    pass"},{"line_number":18,"context_line":""}],"source_content_type":"text/x-python","patch_set":6,"id":"9f560f44_e94ff7bb","line":18,"updated":"2020-08-28 16:58:24.000000000","message":"pep8: W391 blank line at end of file","commit_id":"054ebec60795e07c491d98fdc97a2022d35024b4"}],"keystone/common/sql/upgrades.py":[{"author":{"_account_id":30695,"name":"Pedro Henrique Pereira Martins","email":"phpm13@gmail.com","username":"pedrohpmartins"},"change_message_id":"7b51ad31dba7d172adc9973ff124f8682d50d133","unresolved":true,"context_lines":[{"line_number":41,"context_line":"    \u0027bobcat\u0027,"},{"line_number":42,"context_line":"    \u00272024.01\u0027,"},{"line_number":43,"context_line":")"},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"MILESTONES \u003d ("},{"line_number":46,"context_line":"    \u0027yoga\u0027,"},{"line_number":47,"context_line":"    # Do not add the milestone until the end of the release"}],"source_content_type":"text/x-python","patch_set":10,"id":"31b3fa7a_09138652","line":44,"updated":"2023-12-12 22:48:08.000000000","message":"don\u0027t need this new line","commit_id":"4e79f3f8f6ab1f400c06122b45d5325d7470f716"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"b949fe1c04d06c342db88fcc285b41503a9bc743","unresolved":false,"context_lines":[{"line_number":41,"context_line":"    \u0027bobcat\u0027,"},{"line_number":42,"context_line":"    \u00272024.01\u0027,"},{"line_number":43,"context_line":")"},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"MILESTONES \u003d ("},{"line_number":46,"context_line":"    \u0027yoga\u0027,"},{"line_number":47,"context_line":"    # Do not add the milestone until the end of the release"}],"source_content_type":"text/x-python","patch_set":10,"id":"988eff04_8f461091","line":44,"in_reply_to":"31b3fa7a_09138652","updated":"2023-12-13 10:45:10.000000000","message":"Done","commit_id":"4e79f3f8f6ab1f400c06122b45d5325d7470f716"}],"keystone/federation/utils.py":[{"author":{"_account_id":30695,"name":"Pedro Henrique Pereira Martins","email":"phpm13@gmail.com","username":"pedrohpmartins"},"change_message_id":"ae28d7fdf7993a159bdb4ed54dfdefcba7a0239e","unresolved":false,"context_lines":[{"line_number":944,"context_line":"        raise exception.Forbidden(tr_msg)"},{"line_number":945,"context_line":""},{"line_number":946,"context_line":""},{"line_number":947,"context_line":"class RuleProcessorToHonourDomainOption(RuleProcessor):"},{"line_number":948,"context_line":"    \"\"\"Handles the default domain configured in the attribute mapping"},{"line_number":949,"context_line":""},{"line_number":950,"context_line":"    This rule processor is designed to handle the `domain` attribute"}],"source_content_type":"text/x-python","patch_set":2,"id":"bf51134e_2ec6aa4a","line":947,"range":{"start_line":947,"start_character":25,"end_line":947,"end_character":26},"updated":"2020-07-08 13:38:48.000000000","message":"I think you should use American English here (Honor) as you are using it in others files and in the commit message.","commit_id":"9a49c5ea81b54f592f1291b9fdff42e358e81c85"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"b16bb7fb54f5ed6441118d4b53fb742aa2224edb","unresolved":false,"context_lines":[{"line_number":944,"context_line":"        raise exception.Forbidden(tr_msg)"},{"line_number":945,"context_line":""},{"line_number":946,"context_line":""},{"line_number":947,"context_line":"class RuleProcessorToHonourDomainOption(RuleProcessor):"},{"line_number":948,"context_line":"    \"\"\"Handles the default domain configured in the attribute mapping"},{"line_number":949,"context_line":""},{"line_number":950,"context_line":"    This rule processor is designed to handle the `domain` attribute"}],"source_content_type":"text/x-python","patch_set":2,"id":"bf51134e_0b5d9146","line":947,"range":{"start_line":947,"start_character":25,"end_line":947,"end_character":26},"in_reply_to":"bf51134e_2ec6aa4a","updated":"2020-07-08 17:22:50.000000000","message":"Done","commit_id":"9a49c5ea81b54f592f1291b9fdff42e358e81c85"},{"author":{"_account_id":30695,"name":"Pedro Henrique Pereira Martins","email":"phpm13@gmail.com","username":"pedrohpmartins"},"change_message_id":"7b51ad31dba7d172adc9973ff124f8682d50d133","unresolved":true,"context_lines":[{"line_number":711,"context_line":"                                identity_value.get(\u0027user\u0027))"},{"line_number":712,"context_line":"                else:"},{"line_number":713,"context_line":"                    user \u003d identity_value.get(\u0027user\u0027)"},{"line_number":714,"context_line":""},{"line_number":715,"context_line":"            if \u0027group\u0027 in identity_value:"},{"line_number":716,"context_line":"                group \u003d identity_value[\u0027group\u0027]"},{"line_number":717,"context_line":"                if \u0027id\u0027 in group:"}],"source_content_type":"text/x-python","patch_set":10,"id":"1bf95303_1529631b","line":714,"updated":"2023-12-12 22:48:08.000000000","message":"could remove this change?","commit_id":"4e79f3f8f6ab1f400c06122b45d5325d7470f716"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"b949fe1c04d06c342db88fcc285b41503a9bc743","unresolved":false,"context_lines":[{"line_number":711,"context_line":"                                identity_value.get(\u0027user\u0027))"},{"line_number":712,"context_line":"                else:"},{"line_number":713,"context_line":"                    user \u003d identity_value.get(\u0027user\u0027)"},{"line_number":714,"context_line":""},{"line_number":715,"context_line":"            if \u0027group\u0027 in identity_value:"},{"line_number":716,"context_line":"                group \u003d identity_value[\u0027group\u0027]"},{"line_number":717,"context_line":"                if \u0027id\u0027 in group:"}],"source_content_type":"text/x-python","patch_set":10,"id":"98dcf989_5770112e","line":714,"in_reply_to":"1bf95303_1529631b","updated":"2023-12-13 10:45:10.000000000","message":"I added the new line to give a bit of space for a cluttered code block.","commit_id":"4e79f3f8f6ab1f400c06122b45d5325d7470f716"},{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"d9abc004235c45d0f9301bccb879bd88fb0c6e5e","unresolved":true,"context_lines":[{"line_number":1018,"context_line":""},{"line_number":1019,"context_line":""},{"line_number":1020,"context_line":"IDP_ATTRIBUTE_MAPPING_SCHEMAS \u003d {"},{"line_number":1021,"context_line":"    DEFAULT_SCHEMA_VERSION: {\"schema\": IDP_ATTRIBUTE_MAPPING_SCHEMA_1_0,"},{"line_number":1022,"context_line":"                             \"processor\": RuleProcessor},"},{"line_number":1023,"context_line":"    \"2.0\": {\"schema\": IDP_ATTRIBUTE_MAPPING_SCHEMA_2_0,"},{"line_number":1024,"context_line":"            \"processor\": RuleProcessorToHonorDomainOption}"}],"source_content_type":"text/x-python","patch_set":23,"id":"4843a75a_1d8ae255","line":1021,"updated":"2024-01-15 14:54:40.000000000","message":"please use \"1.0\" here and not the constant value, since changing the default without touching this place will immediately cause unexpected issues.","commit_id":"226288c518b046aa62766e236fa5764161276823"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"15ba4ab9cab94d162b5e9aea388a63aa5e83fb30","unresolved":false,"context_lines":[{"line_number":1018,"context_line":""},{"line_number":1019,"context_line":""},{"line_number":1020,"context_line":"IDP_ATTRIBUTE_MAPPING_SCHEMAS \u003d {"},{"line_number":1021,"context_line":"    DEFAULT_SCHEMA_VERSION: {\"schema\": IDP_ATTRIBUTE_MAPPING_SCHEMA_1_0,"},{"line_number":1022,"context_line":"                             \"processor\": RuleProcessor},"},{"line_number":1023,"context_line":"    \"2.0\": {\"schema\": IDP_ATTRIBUTE_MAPPING_SCHEMA_2_0,"},{"line_number":1024,"context_line":"            \"processor\": RuleProcessorToHonorDomainOption}"}],"source_content_type":"text/x-python","patch_set":23,"id":"cee891ad_3a7b2607","line":1021,"in_reply_to":"4843a75a_1d8ae255","updated":"2024-01-16 16:18:47.000000000","message":"Done","commit_id":"226288c518b046aa62766e236fa5764161276823"}],"keystone/identity/core.py":[{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"5eb1bbc0ac8809fe647fc4ad22040aba5161e4e3","unresolved":true,"context_lines":[{"line_number":1505,"context_line":"            LOG.debug(\"Creating federated user [%s].\", user)"},{"line_number":1506,"context_line":"            user_dict \u003d ("},{"line_number":1507,"context_line":"                PROVIDERS.shadow_users_api.create_federated_user("},{"line_number":1508,"context_line":"                    idp[\u0027domain_id\u0027], federated_dict, email\u003demail"},{"line_number":1509,"context_line":"                )"},{"line_number":1510,"context_line":"            )"},{"line_number":1511,"context_line":"        PROVIDERS.shadow_users_api.set_last_active_at(user_dict[\u0027id\u0027])"}],"source_content_type":"text/x-python","patch_set":15,"id":"d620a410_bcd50858","line":1508,"updated":"2024-01-03 13:36:18.000000000","message":"I guess actually exactly here we discard resolved user domain info and use instead IDP domain. This is exactly what we want to change with the whole change, isn\u0027t it?","commit_id":"fc4b6a6b4f7f579839110176beed3ec1d61254b1"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"90ba04fd1ca1d6a5f15d3833363822803e21469b","unresolved":false,"context_lines":[{"line_number":1505,"context_line":"            LOG.debug(\"Creating federated user [%s].\", user)"},{"line_number":1506,"context_line":"            user_dict \u003d ("},{"line_number":1507,"context_line":"                PROVIDERS.shadow_users_api.create_federated_user("},{"line_number":1508,"context_line":"                    idp[\u0027domain_id\u0027], federated_dict, email\u003demail"},{"line_number":1509,"context_line":"                )"},{"line_number":1510,"context_line":"            )"},{"line_number":1511,"context_line":"        PROVIDERS.shadow_users_api.set_last_active_at(user_dict[\u0027id\u0027])"}],"source_content_type":"text/x-python","patch_set":15,"id":"c28a6dfa_41a6d138","line":1508,"in_reply_to":"bc825988_f38d6ee3","updated":"2024-01-03 18:49:17.000000000","message":"Sorry, I missed that. During my rebase I missed this one.","commit_id":"fc4b6a6b4f7f579839110176beed3ec1d61254b1"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"8fd15a5b8a9af79c1493ef1678e77f95409280cf","unresolved":true,"context_lines":[{"line_number":1505,"context_line":"            LOG.debug(\"Creating federated user [%s].\", user)"},{"line_number":1506,"context_line":"            user_dict \u003d ("},{"line_number":1507,"context_line":"                PROVIDERS.shadow_users_api.create_federated_user("},{"line_number":1508,"context_line":"                    idp[\u0027domain_id\u0027], federated_dict, email\u003demail"},{"line_number":1509,"context_line":"                )"},{"line_number":1510,"context_line":"            )"},{"line_number":1511,"context_line":"        PROVIDERS.shadow_users_api.set_last_active_at(user_dict[\u0027id\u0027])"}],"source_content_type":"text/x-python","patch_set":15,"id":"ff094cf0_5c5fe381","line":1508,"in_reply_to":"d620a410_bcd50858","updated":"2024-01-03 14:09:56.000000000","message":"I am not sure I follow your question. The user object is already normalized at \"https://review.opendev.org/c/openstack/keystone/+/739966/15/keystone/auth/plugins/mapped.py#347\".  Therefore, if the user does not come with the domain ID, we will use the IdP domain ID.\n\nBefore the user object reaches that part of the code, it is already pre-processed at https://review.opendev.org/c/openstack/keystone/+/739966/15/keystone/federation/utils.py#1008. At this point, we have the opportunity to normalize the user either by the domain ID being defined at the user level, or using the domain defined at the top level of the attribute mapping rule. If none is defined, we then reach the code \"https://review.opendev.org/c/openstack/keystone/+/739966/15/keystone/auth/plugins/mapped.py#347\".\n\nTherefore, we will be able to achieve what you guys want. Is it clear?","commit_id":"fc4b6a6b4f7f579839110176beed3ec1d61254b1"},{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"b0a46b3fe7b26fd7e7b8d6fc81f7bd6e6ed0dc52","unresolved":true,"context_lines":[{"line_number":1505,"context_line":"            LOG.debug(\"Creating federated user [%s].\", user)"},{"line_number":1506,"context_line":"            user_dict \u003d ("},{"line_number":1507,"context_line":"                PROVIDERS.shadow_users_api.create_federated_user("},{"line_number":1508,"context_line":"                    idp[\u0027domain_id\u0027], federated_dict, email\u003demail"},{"line_number":1509,"context_line":"                )"},{"line_number":1510,"context_line":"            )"},{"line_number":1511,"context_line":"        PROVIDERS.shadow_users_api.set_last_active_at(user_dict[\u0027id\u0027])"}],"source_content_type":"text/x-python","patch_set":15,"id":"bc825988_f38d6ee3","line":1508,"in_reply_to":"ff094cf0_5c5fe381","updated":"2024-01-03 14:26:59.000000000","message":"well, my test showed that even the upper debug message stating creating user in the correct domain the user is still being created in the IDP domain and not in the domain that the debug message above claims. The issue is not in the resolving the domain_id, but apparently here in the actuall call to create user which ignores resolved domain id. I would tip on https://opendev.org/openstack/keystone/src/branch/master/keystone/identity/shadow_backends/sql.py#L44 where the domain_id passed into the create call (which here is set to the IDP domain) is used directly.\nIt is really confusing that the project was created in the correct domain, but the user was created in the IDP domain while every debug message names the domain you would expect","commit_id":"fc4b6a6b4f7f579839110176beed3ec1d61254b1"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"451952f3138b69858445b39746ed40f90aeba1a8","unresolved":false,"context_lines":[{"line_number":1504,"context_line":"            }"},{"line_number":1505,"context_line":"            LOG.debug(\"Creating federated user [%s]. %s\", user, idp)"},{"line_number":1506,"context_line":"            user_dict \u003d ("},{"line_number":1507,"context_line":"                PROVIDERS.shadow_users_api.create_federated_user("},{"line_number":1508,"context_line":"                    user.get(\"domain\", {}).get(\"id\", idp[\u0027domain_id\u0027]),"},{"line_number":1509,"context_line":"                    federated_dict, email\u003demail"},{"line_number":1510,"context_line":"                )"},{"line_number":1511,"context_line":"            )"},{"line_number":1512,"context_line":"        PROVIDERS.shadow_users_api.set_last_active_at(user_dict[\u0027id\u0027])"},{"line_number":1513,"context_line":"        return user_dict"}],"source_content_type":"text/x-python","patch_set":17,"id":"b5ab95ff_dd687f09","line":1510,"range":{"start_line":1507,"start_character":1,"end_line":1510,"end_character":17},"updated":"2024-01-04 10:53:50.000000000","message":"We do not need this. As it is already executed before when we prepare the \"user\" object. You can take a look at https://review.opendev.org/c/openstack/keystone/+/739966/17/keystone/auth/plugins/mapped.py#403. The user object is expected to reach this part of the code already prepared with a domain set either via the mapping processing or when executing the \"validate_and_prepare_federated_user\" method.\n\nTherefore, I will revert this code here.","commit_id":"f0235456112a9997938a106d2823efbbda17b8be"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"dc05911fb251da42eca88d6f7fcf988b649f6765","unresolved":false,"context_lines":[{"line_number":1504,"context_line":"            }"},{"line_number":1505,"context_line":"            LOG.debug(\"Creating federated user [%s]. %s\", user, idp)"},{"line_number":1506,"context_line":"            user_dict \u003d ("},{"line_number":1507,"context_line":"                PROVIDERS.shadow_users_api.create_federated_user("},{"line_number":1508,"context_line":"                    user.get(\"domain\", {}).get(\"id\", idp[\u0027domain_id\u0027]),"},{"line_number":1509,"context_line":"                    federated_dict, email\u003demail"},{"line_number":1510,"context_line":"                )"},{"line_number":1511,"context_line":"            )"},{"line_number":1512,"context_line":"        PROVIDERS.shadow_users_api.set_last_active_at(user_dict[\u0027id\u0027])"},{"line_number":1513,"context_line":"        return user_dict"}],"source_content_type":"text/x-python","patch_set":17,"id":"a2b6047d_c07db1ad","line":1510,"range":{"start_line":1507,"start_character":1,"end_line":1510,"end_character":17},"in_reply_to":"36c9f3ae_ca67c44a","updated":"2024-01-04 11:20:35.000000000","message":"done.","commit_id":"f0235456112a9997938a106d2823efbbda17b8be"},{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"a8416b669c990fc2d18e503b44064ff55b826d3e","unresolved":false,"context_lines":[{"line_number":1504,"context_line":"            }"},{"line_number":1505,"context_line":"            LOG.debug(\"Creating federated user [%s]. %s\", user, idp)"},{"line_number":1506,"context_line":"            user_dict \u003d ("},{"line_number":1507,"context_line":"                PROVIDERS.shadow_users_api.create_federated_user("},{"line_number":1508,"context_line":"                    user.get(\"domain\", {}).get(\"id\", idp[\u0027domain_id\u0027]),"},{"line_number":1509,"context_line":"                    federated_dict, email\u003demail"},{"line_number":1510,"context_line":"                )"},{"line_number":1511,"context_line":"            )"},{"line_number":1512,"context_line":"        PROVIDERS.shadow_users_api.set_last_active_at(user_dict[\u0027id\u0027])"},{"line_number":1513,"context_line":"        return user_dict"}],"source_content_type":"text/x-python","patch_set":17,"id":"36c9f3ae_ca67c44a","line":1510,"range":{"start_line":1507,"start_character":1,"end_line":1510,"end_character":17},"in_reply_to":"b5ab95ff_dd687f09","updated":"2024-01-04 10:55:58.000000000","message":"revert the code here and see the added unittest failing. Issues is not with the userdict preparation, but with the fact that shadowuser creation function ignores domain information in the user object","commit_id":"f0235456112a9997938a106d2823efbbda17b8be"},{"author":{"_account_id":14250,"name":"Grzegorz Grasza","email":"xek@redhat.com","username":"xek"},"change_message_id":"c65a1711da9eda1bfebf0916942dffafdf102061","unresolved":true,"context_lines":[{"line_number":1482,"context_line":"        except exception.UserNotFound:"},{"line_number":1483,"context_line":"            return PROVIDERS.shadow_users_api.create_nonlocal_user(user)"},{"line_number":1484,"context_line":""},{"line_number":1485,"context_line":"    @MEMOIZE"},{"line_number":1486,"context_line":"    def _shadow_federated_user(self, idp_id, protocol_id, unique_id,"},{"line_number":1487,"context_line":"                               display_name, email\u003dNone):"},{"line_number":1488,"context_line":"        user_dict \u003d {}"}],"source_content_type":"text/x-python","patch_set":24,"id":"409958c5_7b5d8fd4","side":"PARENT","line":1485,"updated":"2024-01-24 17:39:17.000000000","message":"Why is the memoization removed?","commit_id":"262d763f79a9b97996ec51dca3399994b97bf4e0"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"e2e0b3215ee17973e0eba343fa9cffa85447e8c6","unresolved":false,"context_lines":[{"line_number":1482,"context_line":"        except exception.UserNotFound:"},{"line_number":1483,"context_line":"            return PROVIDERS.shadow_users_api.create_nonlocal_user(user)"},{"line_number":1484,"context_line":""},{"line_number":1485,"context_line":"    @MEMOIZE"},{"line_number":1486,"context_line":"    def _shadow_federated_user(self, idp_id, protocol_id, unique_id,"},{"line_number":1487,"context_line":"                               display_name, email\u003dNone):"},{"line_number":1488,"context_line":"        user_dict \u003d {}"}],"source_content_type":"text/x-python","patch_set":24,"id":"590b4e3a_671e18ea","side":"PARENT","line":1485,"in_reply_to":"2b358c1a_0222295a","updated":"2024-01-26 10:55:01.000000000","message":"Done","commit_id":"262d763f79a9b97996ec51dca3399994b97bf4e0"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"ce3f47f7b527fbb25023ac3b2e1977b8a1c9a568","unresolved":true,"context_lines":[{"line_number":1482,"context_line":"        except exception.UserNotFound:"},{"line_number":1483,"context_line":"            return PROVIDERS.shadow_users_api.create_nonlocal_user(user)"},{"line_number":1484,"context_line":""},{"line_number":1485,"context_line":"    @MEMOIZE"},{"line_number":1486,"context_line":"    def _shadow_federated_user(self, idp_id, protocol_id, unique_id,"},{"line_number":1487,"context_line":"                               display_name, email\u003dNone):"},{"line_number":1488,"context_line":"        user_dict \u003d {}"}],"source_content_type":"text/x-python","patch_set":24,"id":"2b358c1a_0222295a","side":"PARENT","line":1485,"in_reply_to":"409958c5_7b5d8fd4","updated":"2024-01-24 18:24:45.000000000","message":"because the @MEMOIZE, uses the parameters signature to generate the key for the map where it stores the cache. As we changed the signature to use a user object, this was causing more problems than helping; even though the attributes we use are the same (inside the user object), sometimes we might have more or less attributes there, and this would lead the method \"_shadow_federated_user\" to not work properly.\n\nThis process is not a very recurrent one; I mean, it is not execute for a user e every minute or so. Therefore, the use of @MEMOIZE does not seem to bring much benefits.","commit_id":"262d763f79a9b97996ec51dca3399994b97bf4e0"}],"keystone/tests/unit/auth/plugins/test_mapped.py":[{"author":{"_account_id":30695,"name":"Pedro Henrique Pereira Martins","email":"phpm13@gmail.com","username":"pedrohpmartins"},"change_message_id":"ae28d7fdf7993a159bdb4ed54dfdefcba7a0239e","unresolved":false,"context_lines":[{"line_number":21,"context_line":""},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"class TestMappedPlugin(unit.TestCase):"},{"line_number":24,"context_line":"    "},{"line_number":25,"context_line":"    def __init__(self,  *args, **kwargs):"},{"line_number":26,"context_line":"        super(TestMappedPlugin, self).__init__(*args, **kwargs)"},{"line_number":27,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"bf51134e_4ef95e7e","line":24,"range":{"start_line":24,"start_character":0,"end_line":24,"end_character":4},"updated":"2020-07-08 13:38:48.000000000","message":"I think you should remove these spaces.","commit_id":"9a49c5ea81b54f592f1291b9fdff42e358e81c85"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"b16bb7fb54f5ed6441118d4b53fb742aa2224edb","unresolved":false,"context_lines":[{"line_number":21,"context_line":""},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"class TestMappedPlugin(unit.TestCase):"},{"line_number":24,"context_line":"    "},{"line_number":25,"context_line":"    def __init__(self,  *args, **kwargs):"},{"line_number":26,"context_line":"        super(TestMappedPlugin, self).__init__(*args, **kwargs)"},{"line_number":27,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"bf51134e_8b36c102","line":24,"range":{"start_line":24,"start_character":0,"end_line":24,"end_character":4},"in_reply_to":"bf51134e_4ef95e7e","updated":"2020-07-08 17:22:50.000000000","message":"Done","commit_id":"9a49c5ea81b54f592f1291b9fdff42e358e81c85"}],"keystone/tests/unit/federation/test_utils.py":[{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"d69cc6e7bac2c09a5ce95de8a68b98d4f255d9db","unresolved":false,"context_lines":[{"line_number":31,"context_line":"            \"schema_version\": \u00271.0\u0027,"},{"line_number":32,"context_line":"            \"rules\": ["},{"line_number":33,"context_line":"                {"},{"line_number":34,"context_line":"                \"remote\": ["},{"line_number":35,"context_line":"                    {"},{"line_number":36,"context_line":"                        \"type\": \"OIDC-preferred_username\""},{"line_number":37,"context_line":"                    },"}],"source_content_type":"text/x-python","patch_set":6,"id":"9f560f44_89c47b10","line":34,"updated":"2020-08-28 16:58:24.000000000","message":"pep8: E122 continuation line missing indentation or outdented","commit_id":"054ebec60795e07c491d98fdc97a2022d35024b4"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"d69cc6e7bac2c09a5ce95de8a68b98d4f255d9db","unresolved":false,"context_lines":[{"line_number":51,"context_line":"                        ]"},{"line_number":52,"context_line":"                    },"},{"line_number":53,"context_line":"                ],"},{"line_number":54,"context_line":"                \"local\": ["},{"line_number":55,"context_line":"                    {"},{"line_number":56,"context_line":"                        \"domain\": {"},{"line_number":57,"context_line":"                            \"name\": \"{2}\""}],"source_content_type":"text/x-python","patch_set":6,"id":"9f560f44_69c92724","line":54,"updated":"2020-08-28 16:58:24.000000000","message":"pep8: E122 continuation line missing indentation or outdented","commit_id":"054ebec60795e07c491d98fdc97a2022d35024b4"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"d69cc6e7bac2c09a5ce95de8a68b98d4f255d9db","unresolved":false,"context_lines":[{"line_number":76,"context_line":"                        ]"},{"line_number":77,"context_line":"                    }"},{"line_number":78,"context_line":"                ]"},{"line_number":79,"context_line":"            }]"},{"line_number":80,"context_line":"        }"},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"        self.attribute_mapping_schema_1_1 \u003d copy.deepcopy("}],"source_content_type":"text/x-python","patch_set":6,"id":"9f560f44_c9ce732c","line":79,"updated":"2020-08-28 16:58:24.000000000","message":"pep8: E122 continuation line missing indentation or outdented","commit_id":"054ebec60795e07c491d98fdc97a2022d35024b4"}],"keystone/tests/unit/test_config.py":[{"author":{"_account_id":30695,"name":"Pedro Henrique Pereira Martins","email":"phpm13@gmail.com","username":"pedrohpmartins"},"change_message_id":"7b51ad31dba7d172adc9973ff124f8682d50d133","unresolved":true,"context_lines":[{"line_number":31,"context_line":"        sample_file \u003d \u0027keystone.conf.sample\u0027"},{"line_number":32,"context_line":"        args \u003d [\u0027--namespace\u0027, \u0027keystone\u0027, \u0027--output-file\u0027,"},{"line_number":33,"context_line":"                unit.dirs.etc(sample_file)]"},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"        generator.main(args\u003dargs)"},{"line_number":36,"context_line":"        config_files.insert(0, unit.dirs.etc(sample_file))"},{"line_number":37,"context_line":"        self.addCleanup(os.remove, unit.dirs.etc(sample_file))"}],"source_content_type":"text/x-python","patch_set":11,"id":"3df1fe28_62f4e16d","line":34,"updated":"2023-12-12 22:48:08.000000000","message":"you could remove this new line.","commit_id":"f23b2df6ee5d92cf115c70da60f67fef0435a216"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"b949fe1c04d06c342db88fcc285b41503a9bc743","unresolved":false,"context_lines":[{"line_number":31,"context_line":"        sample_file \u003d \u0027keystone.conf.sample\u0027"},{"line_number":32,"context_line":"        args \u003d [\u0027--namespace\u0027, \u0027keystone\u0027, \u0027--output-file\u0027,"},{"line_number":33,"context_line":"                unit.dirs.etc(sample_file)]"},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"        generator.main(args\u003dargs)"},{"line_number":36,"context_line":"        config_files.insert(0, unit.dirs.etc(sample_file))"},{"line_number":37,"context_line":"        self.addCleanup(os.remove, unit.dirs.etc(sample_file))"}],"source_content_type":"text/x-python","patch_set":11,"id":"31f23558_717fa226","line":34,"in_reply_to":"3df1fe28_62f4e16d","updated":"2023-12-13 10:45:10.000000000","message":"I added the new line to give a bit of space for a cluttered code block.","commit_id":"f23b2df6ee5d92cf115c70da60f67fef0435a216"},{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"5eb1bbc0ac8809fe647fc4ad22040aba5161e4e3","unresolved":true,"context_lines":[{"line_number":31,"context_line":"        sample_file \u003d \u0027keystone.conf.sample\u0027"},{"line_number":32,"context_line":"        args \u003d [\u0027--namespace\u0027, \u0027keystone\u0027, \u0027--output-file\u0027,"},{"line_number":33,"context_line":"                unit.dirs.etc(sample_file)]"},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"        generator.main(args\u003dargs)"},{"line_number":36,"context_line":"        config_files.insert(0, unit.dirs.etc(sample_file))"},{"line_number":37,"context_line":"        self.addCleanup(os.remove, unit.dirs.etc(sample_file))"}],"source_content_type":"text/x-python","patch_set":15,"id":"ad5d8bbb_e1063f8a","line":34,"updated":"2024-01-03 13:36:18.000000000","message":"empty change in here. I assume you missed to actually add config changes themselves, sine currently there is no possibility to actually use new schema version (api defaults to 1.0 while OSC does not support param yet and `keystone-manage mapping_engine` is failing (oslo_config.cfg.NoSuchOptError: no such option mapping_schema_version in group [DEFAULT])","commit_id":"fc4b6a6b4f7f579839110176beed3ec1d61254b1"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"90ba04fd1ca1d6a5f15d3833363822803e21469b","unresolved":false,"context_lines":[{"line_number":31,"context_line":"        sample_file \u003d \u0027keystone.conf.sample\u0027"},{"line_number":32,"context_line":"        args \u003d [\u0027--namespace\u0027, \u0027keystone\u0027, \u0027--output-file\u0027,"},{"line_number":33,"context_line":"                unit.dirs.etc(sample_file)]"},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"        generator.main(args\u003dargs)"},{"line_number":36,"context_line":"        config_files.insert(0, unit.dirs.etc(sample_file))"},{"line_number":37,"context_line":"        self.addCleanup(os.remove, unit.dirs.etc(sample_file))"}],"source_content_type":"text/x-python","patch_set":15,"id":"1853a5ba_91a2b569","line":34,"in_reply_to":"1285d2ee_d110ecd8","updated":"2024-01-03 18:49:17.000000000","message":"Done","commit_id":"fc4b6a6b4f7f579839110176beed3ec1d61254b1"},{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"b0a46b3fe7b26fd7e7b8d6fc81f7bd6e6ed0dc52","unresolved":true,"context_lines":[{"line_number":31,"context_line":"        sample_file \u003d \u0027keystone.conf.sample\u0027"},{"line_number":32,"context_line":"        args \u003d [\u0027--namespace\u0027, \u0027keystone\u0027, \u0027--output-file\u0027,"},{"line_number":33,"context_line":"                unit.dirs.etc(sample_file)]"},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"        generator.main(args\u003dargs)"},{"line_number":36,"context_line":"        config_files.insert(0, unit.dirs.etc(sample_file))"},{"line_number":37,"context_line":"        self.addCleanup(os.remove, unit.dirs.etc(sample_file))"}],"source_content_type":"text/x-python","patch_set":15,"id":"1285d2ee_d110ecd8","line":34,"in_reply_to":"5860b01b_8873e61c","updated":"2024-01-03 14:26:59.000000000","message":"me neither, but testing mapping with `keystone-manage mapping_engine --rules rules.json --input some_data` appeared to be helpful to debug misconfiguration without continuous restarting of KS","commit_id":"fc4b6a6b4f7f579839110176beed3ec1d61254b1"},{"author":{"_account_id":28356,"name":"Rafael Weingartner","email":"rafael@apache.org","username":"rafaelweingartner"},"change_message_id":"8fd15a5b8a9af79c1493ef1678e77f95409280cf","unresolved":true,"context_lines":[{"line_number":31,"context_line":"        sample_file \u003d \u0027keystone.conf.sample\u0027"},{"line_number":32,"context_line":"        args \u003d [\u0027--namespace\u0027, \u0027keystone\u0027, \u0027--output-file\u0027,"},{"line_number":33,"context_line":"                unit.dirs.etc(sample_file)]"},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"        generator.main(args\u003dargs)"},{"line_number":36,"context_line":"        config_files.insert(0, unit.dirs.etc(sample_file))"},{"line_number":37,"context_line":"        self.addCleanup(os.remove, unit.dirs.etc(sample_file))"}],"source_content_type":"text/x-python","patch_set":15,"id":"5860b01b_8873e61c","line":34,"in_reply_to":"ad5d8bbb_e1063f8a","updated":"2024-01-03 14:09:56.000000000","message":"I guess this is achieved with the latest patchset I did for \"keystone/cmd/cli.py\", right?\n\nP.S. I never used these Keystone CLI tools.","commit_id":"fc4b6a6b4f7f579839110176beed3ec1d61254b1"}]}