)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"c284d90708fd286488441c9d9b090a9fdf04aae5","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"aa6e843e_8762ce57","updated":"2022-04-21 09:26:07.000000000","message":"Thank you for submitting the patch.\n\nPlease fix the points I commented on.","commit_id":"31f90ca8dde865ceae17aef6976ce9372f944f82"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"cd0ae5fa1ae07e7a20e29f879e67a5d32717e870","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"eae97b43_43e59685","updated":"2022-07-04 09:30:25.000000000","message":"Thank you for re-work!\n\nSorry for the late response.\nPlease kindly find the additional comments below.","commit_id":"4b360836e30d77f27c1bbf213f1a7c0568e80c9d"},{"author":{"_account_id":33920,"name":"Yusuke Niimi","email":"niimi.yusuke@fujitsu.com","username":"yniimi"},"change_message_id":"0c1e2665b38418c6017218a71154d3c3a92e51f7","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"18d47856_89805b82","updated":"2023-04-17 08:09:24.000000000","message":"Thank you for comment. I replied to your comment.","commit_id":"3fec3b863e144573dc4d9c17b541cf606d271561"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"1a042bd75a01e4cdefae598c3bd64573dd4b5aae","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"6002ecac_12fa3567","updated":"2023-06-14 18:02:26.000000000","message":"I do strongly believe my recommendations would make this guide more readable and understandable, but I would like to see this merged as soon as possible and I\u0027m willing to accept my changes being implemented in a follow-up patch.","commit_id":"b438bf1efe587fb57f2e92ee11779625f2f3da39"},{"author":{"_account_id":597,"name":"Pete Zaitcev","email":"zaitcev@kotori.zaitcev.us","username":"zaitcev"},"change_message_id":"bd59fcd8aa70d00219cac3f1a60d728b98c76170","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"09cdd21d_ee46ca26","updated":"2023-04-25 23:36:16.000000000","message":"I\u0027m not entirely onboard with the ultra-long lines of the sample output in the document (in admin/auth2-usage-guide.rst). Is there nothing to be done? What\u0027s the existing consensus?\n\n[zaitcev@lebethron keystone-work]$ find doc -type f | xargs wc -L | sort -n -r | head\n  1501 total\n  1501 doc/source/admin/figures/keystone-federation.svg\n   816 doc/source/admin/oauth2-usage-guide.rst\n   491 doc/source/admin/figures/keystone-federation.png\n   200 doc/source/admin/federation/introduction.rst\n   199 doc/source/contributor/how-can-i-help.rst\n   187 doc/source/admin/configure_tokenless_x509.rst\n   185 doc/source/_static/horizon-login-idp.png\n   170 doc/source/admin/federation/configure_federation.rst","commit_id":"b438bf1efe587fb57f2e92ee11779625f2f3da39"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"2908746237d24b4057b344958c308b36c7446580","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"efab354a_59c3db7a","updated":"2023-06-27 14:57:54.000000000","message":"Thank you for your comments.\n\nI\u0027ll fix them in the next patch [1].\n\n[1] https://review.opendev.org/c/openstack/keystone/+/887071/1","commit_id":"b438bf1efe587fb57f2e92ee11779625f2f3da39"}],"api-ref/source/v3-ext/oauth2.inc":[{"author":{"_account_id":597,"name":"Pete Zaitcev","email":"zaitcev@kotori.zaitcev.us","username":"zaitcev"},"change_message_id":"96a679be55a47fddb55173948b1081fd4e8692d8","unresolved":true,"context_lines":[{"line_number":41,"context_line":""},{"line_number":42,"context_line":"#. Keystone Middleware validates the Access Token in an API request to obtain"},{"line_number":43,"context_line":"   its metadata and validity, and forwards the request to the OpenStack service"},{"line_number":44,"context_line":"   if the token is active."},{"line_number":45,"context_line":""},{"line_number":46,"context_line":".. _application credential: https://docs.openstack.org/api-ref/identity/v3/index.html?expanded\u003dcreate-application-credential-detail#create-application-credential"},{"line_number":47,"context_line":""}],"source_content_type":"text/x-c++src","patch_set":3,"id":"262fdbb9_8816d8cf","line":44,"updated":"2023-04-07 23:19:13.000000000","message":"Is it just me, or do these steps correspond to normal use of App. Credentials without OAuth2? Where is the difference?","commit_id":"3fec3b863e144573dc4d9c17b541cf606d271561"},{"author":{"_account_id":33920,"name":"Yusuke Niimi","email":"niimi.yusuke@fujitsu.com","username":"yniimi"},"change_message_id":"0c1e2665b38418c6017218a71154d3c3a92e51f7","unresolved":true,"context_lines":[{"line_number":41,"context_line":""},{"line_number":42,"context_line":"#. Keystone Middleware validates the Access Token in an API request to obtain"},{"line_number":43,"context_line":"   its metadata and validity, and forwards the request to the OpenStack service"},{"line_number":44,"context_line":"   if the token is active."},{"line_number":45,"context_line":""},{"line_number":46,"context_line":".. _application credential: https://docs.openstack.org/api-ref/identity/v3/index.html?expanded\u003dcreate-application-credential-detail#create-application-credential"},{"line_number":47,"context_line":""}],"source_content_type":"text/x-c++src","patch_set":3,"id":"095b8a01_b49cf877","line":44,"in_reply_to":"262fdbb9_8816d8cf","updated":"2023-04-17 08:09:24.000000000","message":"The processing logic for obtaining and validating OAuth2.0 Access Tokens is consistent with the Application credential.\nThe difference is that when providing an OAuth 2.0 Access Token API, keystonemiddleware authentication, the request header must specify the Authorization field containing OAuth2.0 Access Token information.","commit_id":"3fec3b863e144573dc4d9c17b541cf606d271561"}],"doc/source/admin/oauth2-usage-guide.rst":[{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"c284d90708fd286488441c9d9b090a9fdf04aae5","unresolved":true,"context_lines":[{"line_number":4,"context_line":""},{"line_number":5,"context_line":"Overview"},{"line_number":6,"context_line":"~~~~~~~~"},{"line_number":7,"context_line":"Support for OAuth2.0 Client Credentials Grant is implemented as an extension"},{"line_number":8,"context_line":"of keystone and adds the `OAuth 2.0 API`_. This extension uses the"},{"line_number":9,"context_line":"application credentials as its back-end because they have some similar"},{"line_number":10,"context_line":"features. Users can use ``application_credentials_id`` and"},{"line_number":11,"context_line":"``application_credentials_secret`` as client credentials to obtain the"}],"source_content_type":"text/x-rst","patch_set":1,"id":"412278d5_51b448d5","line":8,"range":{"start_line":7,"start_character":0,"end_line":8,"end_character":42},"updated":"2022-04-21 09:26:07.000000000","message":"nits.\nPlease simplify a little bit.\n\n```\nOAuth2.0 Client Credentials Grant based on `RFC6749`_ is implemented as an extension of keystone.\n```","commit_id":"31f90ca8dde865ceae17aef6976ce9372f944f82"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"cd0ae5fa1ae07e7a20e29f879e67a5d32717e870","unresolved":false,"context_lines":[{"line_number":4,"context_line":""},{"line_number":5,"context_line":"Overview"},{"line_number":6,"context_line":"~~~~~~~~"},{"line_number":7,"context_line":"Support for OAuth2.0 Client Credentials Grant is implemented as an extension"},{"line_number":8,"context_line":"of keystone and adds the `OAuth 2.0 API`_. This extension uses the"},{"line_number":9,"context_line":"application credentials as its back-end because they have some similar"},{"line_number":10,"context_line":"features. Users can use ``application_credentials_id`` and"},{"line_number":11,"context_line":"``application_credentials_secret`` as client credentials to obtain the"}],"source_content_type":"text/x-rst","patch_set":1,"id":"b8d7d761_eef2c08a","line":8,"range":{"start_line":7,"start_character":0,"end_line":8,"end_character":42},"in_reply_to":"0a8526dc_e4258734","updated":"2022-07-04 09:30:25.000000000","message":"Done","commit_id":"31f90ca8dde865ceae17aef6976ce9372f944f82"},{"author":{"_account_id":33920,"name":"Yusuke Niimi","email":"niimi.yusuke@fujitsu.com","username":"yniimi"},"change_message_id":"97c52f198732ee8530d0e06395f9e5a5dcf1e58a","unresolved":true,"context_lines":[{"line_number":4,"context_line":""},{"line_number":5,"context_line":"Overview"},{"line_number":6,"context_line":"~~~~~~~~"},{"line_number":7,"context_line":"Support for OAuth2.0 Client Credentials Grant is implemented as an extension"},{"line_number":8,"context_line":"of keystone and adds the `OAuth 2.0 API`_. This extension uses the"},{"line_number":9,"context_line":"application credentials as its back-end because they have some similar"},{"line_number":10,"context_line":"features. Users can use ``application_credentials_id`` and"},{"line_number":11,"context_line":"``application_credentials_secret`` as client credentials to obtain the"}],"source_content_type":"text/x-rst","patch_set":1,"id":"0a8526dc_e4258734","line":8,"range":{"start_line":7,"start_character":0,"end_line":8,"end_character":42},"in_reply_to":"412278d5_51b448d5","updated":"2022-06-28 00:51:31.000000000","message":"I fixed it according to the comment.\n(Patchset 2)","commit_id":"31f90ca8dde865ceae17aef6976ce9372f944f82"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"c284d90708fd286488441c9d9b090a9fdf04aae5","unresolved":true,"context_lines":[{"line_number":6,"context_line":"~~~~~~~~"},{"line_number":7,"context_line":"Support for OAuth2.0 Client Credentials Grant is implemented as an extension"},{"line_number":8,"context_line":"of keystone and adds the `OAuth 2.0 API`_. This extension uses the"},{"line_number":9,"context_line":"application credentials as its back-end because they have some similar"},{"line_number":10,"context_line":"features. Users can use ``application_credentials_id`` and"},{"line_number":11,"context_line":"``application_credentials_secret`` as client credentials to obtain the"},{"line_number":12,"context_line":"OAuth2.0 access token. The access token can then be used to access the"}],"source_content_type":"text/x-rst","patch_set":1,"id":"23855975_c5cf036d","line":9,"range":{"start_line":9,"start_character":0,"end_line":9,"end_character":23},"updated":"2022-04-21 09:26:07.000000000","message":"nits. \nPlease add a link.\n\n```\n`application credentials`_\n```\n\nPlease don\u0027t forget to add the reference.\n\n```\n.. _application credentials: https://docs.openstack.org/api-ref/identity/v3/index.html#application-credentials\n```","commit_id":"31f90ca8dde865ceae17aef6976ce9372f944f82"},{"author":{"_account_id":33920,"name":"Yusuke Niimi","email":"niimi.yusuke@fujitsu.com","username":"yniimi"},"change_message_id":"97c52f198732ee8530d0e06395f9e5a5dcf1e58a","unresolved":true,"context_lines":[{"line_number":6,"context_line":"~~~~~~~~"},{"line_number":7,"context_line":"Support for OAuth2.0 Client Credentials Grant is implemented as an extension"},{"line_number":8,"context_line":"of keystone and adds the `OAuth 2.0 API`_. This extension uses the"},{"line_number":9,"context_line":"application credentials as its back-end because they have some similar"},{"line_number":10,"context_line":"features. Users can use ``application_credentials_id`` and"},{"line_number":11,"context_line":"``application_credentials_secret`` as client credentials to obtain the"},{"line_number":12,"context_line":"OAuth2.0 access token. The access token can then be used to access the"}],"source_content_type":"text/x-rst","patch_set":1,"id":"7eed2ff1_6aa806d1","line":9,"range":{"start_line":9,"start_character":0,"end_line":9,"end_character":23},"in_reply_to":"23855975_c5cf036d","updated":"2022-06-28 00:51:31.000000000","message":"I fixed it according to the comment.\n(Patchset 2)","commit_id":"31f90ca8dde865ceae17aef6976ce9372f944f82"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"cd0ae5fa1ae07e7a20e29f879e67a5d32717e870","unresolved":false,"context_lines":[{"line_number":6,"context_line":"~~~~~~~~"},{"line_number":7,"context_line":"Support for OAuth2.0 Client Credentials Grant is implemented as an extension"},{"line_number":8,"context_line":"of keystone and adds the `OAuth 2.0 API`_. This extension uses the"},{"line_number":9,"context_line":"application credentials as its back-end because they have some similar"},{"line_number":10,"context_line":"features. Users can use ``application_credentials_id`` and"},{"line_number":11,"context_line":"``application_credentials_secret`` as client credentials to obtain the"},{"line_number":12,"context_line":"OAuth2.0 access token. The access token can then be used to access the"}],"source_content_type":"text/x-rst","patch_set":1,"id":"f2f20a71_510c4107","line":9,"range":{"start_line":9,"start_character":0,"end_line":9,"end_character":23},"in_reply_to":"7eed2ff1_6aa806d1","updated":"2022-07-04 09:30:25.000000000","message":"Done","commit_id":"31f90ca8dde865ceae17aef6976ce9372f944f82"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"c284d90708fd286488441c9d9b090a9fdf04aae5","unresolved":true,"context_lines":[{"line_number":12,"context_line":"OAuth2.0 access token. The access token can then be used to access the"},{"line_number":13,"context_line":"protected resources of the OpenStack API, which uses keystone middleware"},{"line_number":14,"context_line":"supporting the OAuth2.0 Client Credentials Grant."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Guide"},{"line_number":17,"context_line":"~~~~~"},{"line_number":18,"context_line":"Enable keystone identity server to support OAuth2.0 Client Credentials"}],"source_content_type":"text/x-rst","patch_set":1,"id":"a0a388dc_6c072137","line":15,"updated":"2022-04-21 09:26:07.000000000","message":"This might be a good place to refer the API reference.\n\n```\nSee the `Identity API reference`_ for more information on generating OAuth2.0 access token.\n```","commit_id":"31f90ca8dde865ceae17aef6976ce9372f944f82"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"cd0ae5fa1ae07e7a20e29f879e67a5d32717e870","unresolved":false,"context_lines":[{"line_number":12,"context_line":"OAuth2.0 access token. The access token can then be used to access the"},{"line_number":13,"context_line":"protected resources of the OpenStack API, which uses keystone middleware"},{"line_number":14,"context_line":"supporting the OAuth2.0 Client Credentials Grant."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Guide"},{"line_number":17,"context_line":"~~~~~"},{"line_number":18,"context_line":"Enable keystone identity server to support OAuth2.0 Client Credentials"}],"source_content_type":"text/x-rst","patch_set":1,"id":"d927058d_029f8e90","line":15,"in_reply_to":"49b4b8f8_1c60a2cf","updated":"2022-07-04 09:30:25.000000000","message":"Done","commit_id":"31f90ca8dde865ceae17aef6976ce9372f944f82"},{"author":{"_account_id":33920,"name":"Yusuke Niimi","email":"niimi.yusuke@fujitsu.com","username":"yniimi"},"change_message_id":"97c52f198732ee8530d0e06395f9e5a5dcf1e58a","unresolved":true,"context_lines":[{"line_number":12,"context_line":"OAuth2.0 access token. The access token can then be used to access the"},{"line_number":13,"context_line":"protected resources of the OpenStack API, which uses keystone middleware"},{"line_number":14,"context_line":"supporting the OAuth2.0 Client Credentials Grant."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Guide"},{"line_number":17,"context_line":"~~~~~"},{"line_number":18,"context_line":"Enable keystone identity server to support OAuth2.0 Client Credentials"}],"source_content_type":"text/x-rst","patch_set":1,"id":"49b4b8f8_1c60a2cf","line":15,"in_reply_to":"a0a388dc_6c072137","updated":"2022-06-28 00:51:31.000000000","message":"I fixed it according to the comment.\n(Patchset 2)","commit_id":"31f90ca8dde865ceae17aef6976ce9372f944f82"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"c284d90708fd286488441c9d9b090a9fdf04aae5","unresolved":true,"context_lines":[{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Guide"},{"line_number":17,"context_line":"~~~~~"},{"line_number":18,"context_line":"Enable keystone identity server to support OAuth2.0 Client Credentials"},{"line_number":19,"context_line":"Grant by the following steps in this guide. In this example, the domain name"},{"line_number":20,"context_line":"used by the keystone identity server is keystone.host."},{"line_number":21,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"d71a7091_a3c0bb7d","line":18,"range":{"start_line":18,"start_character":7,"end_line":18,"end_character":15},"updated":"2022-04-21 09:26:07.000000000","message":"nits\n\n```\nKeystone\n```","commit_id":"31f90ca8dde865ceae17aef6976ce9372f944f82"},{"author":{"_account_id":33920,"name":"Yusuke Niimi","email":"niimi.yusuke@fujitsu.com","username":"yniimi"},"change_message_id":"97c52f198732ee8530d0e06395f9e5a5dcf1e58a","unresolved":true,"context_lines":[{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Guide"},{"line_number":17,"context_line":"~~~~~"},{"line_number":18,"context_line":"Enable keystone identity server to support OAuth2.0 Client Credentials"},{"line_number":19,"context_line":"Grant by the following steps in this guide. In this example, the domain name"},{"line_number":20,"context_line":"used by the keystone identity server is keystone.host."},{"line_number":21,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"e63d0008_12132a3f","line":18,"range":{"start_line":18,"start_character":7,"end_line":18,"end_character":15},"in_reply_to":"d71a7091_a3c0bb7d","updated":"2022-06-28 00:51:31.000000000","message":"I fixed it according to the comment. (including other similar parts)\n(Patchset 2)","commit_id":"31f90ca8dde865ceae17aef6976ce9372f944f82"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"cd0ae5fa1ae07e7a20e29f879e67a5d32717e870","unresolved":false,"context_lines":[{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Guide"},{"line_number":17,"context_line":"~~~~~"},{"line_number":18,"context_line":"Enable keystone identity server to support OAuth2.0 Client Credentials"},{"line_number":19,"context_line":"Grant by the following steps in this guide. In this example, the domain name"},{"line_number":20,"context_line":"used by the keystone identity server is keystone.host."},{"line_number":21,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"b9c6e975_f03e7182","line":18,"range":{"start_line":18,"start_character":7,"end_line":18,"end_character":15},"in_reply_to":"e63d0008_12132a3f","updated":"2022-07-04 09:30:25.000000000","message":"Done","commit_id":"31f90ca8dde865ceae17aef6976ce9372f944f82"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"c284d90708fd286488441c9d9b090a9fdf04aae5","unresolved":true,"context_lines":[{"line_number":16,"context_line":"Guide"},{"line_number":17,"context_line":"~~~~~"},{"line_number":18,"context_line":"Enable keystone identity server to support OAuth2.0 Client Credentials"},{"line_number":19,"context_line":"Grant by the following steps in this guide. In this example, the domain name"},{"line_number":20,"context_line":"used by the keystone identity server is keystone.host."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":".. _OAuth 2.0 API: https://docs.openstack.org/api-ref/identity/v3/index.html#os-oauth2-api"},{"line_number":23,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"634b7449_a727983f","line":20,"range":{"start_line":19,"start_character":61,"end_line":20,"end_character":53},"updated":"2022-04-21 09:26:07.000000000","message":"``keystone.host`` is the domain name used by the keystone identity server.","commit_id":"31f90ca8dde865ceae17aef6976ce9372f944f82"},{"author":{"_account_id":33920,"name":"Yusuke Niimi","email":"niimi.yusuke@fujitsu.com","username":"yniimi"},"change_message_id":"97c52f198732ee8530d0e06395f9e5a5dcf1e58a","unresolved":true,"context_lines":[{"line_number":16,"context_line":"Guide"},{"line_number":17,"context_line":"~~~~~"},{"line_number":18,"context_line":"Enable keystone identity server to support OAuth2.0 Client Credentials"},{"line_number":19,"context_line":"Grant by the following steps in this guide. In this example, the domain name"},{"line_number":20,"context_line":"used by the keystone identity server is keystone.host."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":".. _OAuth 2.0 API: https://docs.openstack.org/api-ref/identity/v3/index.html#os-oauth2-api"},{"line_number":23,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"ad1da28f_67003f03","line":20,"range":{"start_line":19,"start_character":61,"end_line":20,"end_character":53},"in_reply_to":"634b7449_a727983f","updated":"2022-06-28 00:51:31.000000000","message":"I fixed it according to the comment.\n(Patchset 2)","commit_id":"31f90ca8dde865ceae17aef6976ce9372f944f82"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"cd0ae5fa1ae07e7a20e29f879e67a5d32717e870","unresolved":false,"context_lines":[{"line_number":16,"context_line":"Guide"},{"line_number":17,"context_line":"~~~~~"},{"line_number":18,"context_line":"Enable keystone identity server to support OAuth2.0 Client Credentials"},{"line_number":19,"context_line":"Grant by the following steps in this guide. In this example, the domain name"},{"line_number":20,"context_line":"used by the keystone identity server is keystone.host."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":".. _OAuth 2.0 API: https://docs.openstack.org/api-ref/identity/v3/index.html#os-oauth2-api"},{"line_number":23,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"1bdf2232_5f8f615b","line":20,"range":{"start_line":19,"start_character":61,"end_line":20,"end_character":53},"in_reply_to":"ad1da28f_67003f03","updated":"2022-07-04 09:30:25.000000000","message":"Done","commit_id":"31f90ca8dde865ceae17aef6976ce9372f944f82"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"c284d90708fd286488441c9d9b090a9fdf04aae5","unresolved":true,"context_lines":[{"line_number":19,"context_line":"Grant by the following steps in this guide. In this example, the domain name"},{"line_number":20,"context_line":"used by the keystone identity server is keystone.host."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":".. _OAuth 2.0 API: https://docs.openstack.org/api-ref/identity/v3/index.html#os-oauth2-api"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"Enable the keystone HTTPS service"},{"line_number":25,"context_line":"---------------------------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"b72af4c2_9ab9e3f1","line":22,"range":{"start_line":22,"start_character":4,"end_line":22,"end_character":17},"updated":"2022-04-21 09:26:07.000000000","message":"According to the above comment, please change this\n\n```\n`Identity API reference`\n```","commit_id":"31f90ca8dde865ceae17aef6976ce9372f944f82"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"cd0ae5fa1ae07e7a20e29f879e67a5d32717e870","unresolved":false,"context_lines":[{"line_number":19,"context_line":"Grant by the following steps in this guide. In this example, the domain name"},{"line_number":20,"context_line":"used by the keystone identity server is keystone.host."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":".. _OAuth 2.0 API: https://docs.openstack.org/api-ref/identity/v3/index.html#os-oauth2-api"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"Enable the keystone HTTPS service"},{"line_number":25,"context_line":"---------------------------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"2760c81f_b2f153ef","line":22,"range":{"start_line":22,"start_character":4,"end_line":22,"end_character":17},"in_reply_to":"4f8800fe_d451c43b","updated":"2022-07-04 09:30:25.000000000","message":"Done","commit_id":"31f90ca8dde865ceae17aef6976ce9372f944f82"},{"author":{"_account_id":33920,"name":"Yusuke Niimi","email":"niimi.yusuke@fujitsu.com","username":"yniimi"},"change_message_id":"97c52f198732ee8530d0e06395f9e5a5dcf1e58a","unresolved":true,"context_lines":[{"line_number":19,"context_line":"Grant by the following steps in this guide. In this example, the domain name"},{"line_number":20,"context_line":"used by the keystone identity server is keystone.host."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":".. _OAuth 2.0 API: https://docs.openstack.org/api-ref/identity/v3/index.html#os-oauth2-api"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"Enable the keystone HTTPS service"},{"line_number":25,"context_line":"---------------------------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"4f8800fe_d451c43b","line":22,"range":{"start_line":22,"start_character":4,"end_line":22,"end_character":17},"in_reply_to":"b72af4c2_9ab9e3f1","updated":"2022-06-28 00:51:31.000000000","message":"I fixed it according to the comment.\n(Patchset 2)","commit_id":"31f90ca8dde865ceae17aef6976ce9372f944f82"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"c284d90708fd286488441c9d9b090a9fdf04aae5","unresolved":true,"context_lines":[{"line_number":21,"context_line":""},{"line_number":22,"context_line":".. _OAuth 2.0 API: https://docs.openstack.org/api-ref/identity/v3/index.html#os-oauth2-api"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"Enable the keystone HTTPS service"},{"line_number":25,"context_line":"---------------------------------"},{"line_number":26,"context_line":"According to `RFC6749`_ , HTTPS **must** be enabled in the authorization"},{"line_number":27,"context_line":"server since requests include sensitive information, e.g., a client secret,"}],"source_content_type":"text/x-rst","patch_set":1,"id":"12641b7c_cb087c78","line":24,"updated":"2022-04-21 09:26:07.000000000","message":"nits.\n\n```\nEnable Keystone HTTPS Service\n```","commit_id":"31f90ca8dde865ceae17aef6976ce9372f944f82"},{"author":{"_account_id":33920,"name":"Yusuke Niimi","email":"niimi.yusuke@fujitsu.com","username":"yniimi"},"change_message_id":"97c52f198732ee8530d0e06395f9e5a5dcf1e58a","unresolved":true,"context_lines":[{"line_number":21,"context_line":""},{"line_number":22,"context_line":".. _OAuth 2.0 API: https://docs.openstack.org/api-ref/identity/v3/index.html#os-oauth2-api"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"Enable the keystone HTTPS service"},{"line_number":25,"context_line":"---------------------------------"},{"line_number":26,"context_line":"According to `RFC6749`_ , HTTPS **must** be enabled in the authorization"},{"line_number":27,"context_line":"server since requests include sensitive information, e.g., a client secret,"}],"source_content_type":"text/x-rst","patch_set":1,"id":"b896749e_eee3318c","line":24,"in_reply_to":"12641b7c_cb087c78","updated":"2022-06-28 00:51:31.000000000","message":"I fixed it according to the comment.\n(Patchset 2)","commit_id":"31f90ca8dde865ceae17aef6976ce9372f944f82"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"cd0ae5fa1ae07e7a20e29f879e67a5d32717e870","unresolved":false,"context_lines":[{"line_number":21,"context_line":""},{"line_number":22,"context_line":".. _OAuth 2.0 API: https://docs.openstack.org/api-ref/identity/v3/index.html#os-oauth2-api"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"Enable the keystone HTTPS service"},{"line_number":25,"context_line":"---------------------------------"},{"line_number":26,"context_line":"According to `RFC6749`_ , HTTPS **must** be enabled in the authorization"},{"line_number":27,"context_line":"server since requests include sensitive information, e.g., a client secret,"}],"source_content_type":"text/x-rst","patch_set":1,"id":"3dcc55a9_8b65276c","line":24,"in_reply_to":"b896749e_eee3318c","updated":"2022-07-04 09:30:25.000000000","message":"Done","commit_id":"31f90ca8dde865ceae17aef6976ce9372f944f82"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"c284d90708fd286488441c9d9b090a9fdf04aae5","unresolved":true,"context_lines":[{"line_number":25,"context_line":"---------------------------------"},{"line_number":26,"context_line":"According to `RFC6749`_ , HTTPS **must** be enabled in the authorization"},{"line_number":27,"context_line":"server since requests include sensitive information, e.g., a client secret,"},{"line_number":28,"context_line":"in plain text. Considering that there are many third-party applications that"},{"line_number":29,"context_line":"use the keystone identity server as an authentication server, it is necessary"},{"line_number":30,"context_line":"to make keystone support both HTTP and HTTPS protocols through the following"},{"line_number":31,"context_line":"steps."},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"1. Generate an RSA private key."},{"line_number":34,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"08d72a2c_780fad0e","line":31,"range":{"start_line":28,"start_character":15,"end_line":31,"end_character":6},"updated":"2022-04-21 09:26:07.000000000","message":"Could you change this sentence as follows?\n\nI think an ideal way is to enable only HTTPS (without HTTP). Guiding users to enable both HTTP and HTTPS in an official document sounds a bit unreasonable. It\u0027s better to elaborate on the background of this description and to show the way to enable only HTTPS like the following.\nAlso, it\u0027s better to mention this guide assumes the use of a self-signed certificate.\n\n```\nNote that you might have to enable both HTTP and HTTPS as some other OpenStack services or third-party applications don\u0027t use OAuth2.0 and need HTTP for the authentication with the Keystone identity server. Assuming such a situation, the following part describes steps to enable both HTTP and HTTPS with a self-signed certificate. If your environment doesn\u0027t need HTTP, skip the steps {PLEASE FILL OUT}. Also, if you use PKI certificate (i.e., not self-signed certificate), skip the steps {PLEASE FILL OUT}.\n```","commit_id":"31f90ca8dde865ceae17aef6976ce9372f944f82"},{"author":{"_account_id":33920,"name":"Yusuke Niimi","email":"niimi.yusuke@fujitsu.com","username":"yniimi"},"change_message_id":"97c52f198732ee8530d0e06395f9e5a5dcf1e58a","unresolved":true,"context_lines":[{"line_number":25,"context_line":"---------------------------------"},{"line_number":26,"context_line":"According to `RFC6749`_ , HTTPS **must** be enabled in the authorization"},{"line_number":27,"context_line":"server since requests include sensitive information, e.g., a client secret,"},{"line_number":28,"context_line":"in plain text. Considering that there are many third-party applications that"},{"line_number":29,"context_line":"use the keystone identity server as an authentication server, it is necessary"},{"line_number":30,"context_line":"to make keystone support both HTTP and HTTPS protocols through the following"},{"line_number":31,"context_line":"steps."},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"1. Generate an RSA private key."},{"line_number":34,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"bbd1a41d_0822395f","line":31,"range":{"start_line":28,"start_character":15,"end_line":31,"end_character":6},"in_reply_to":"08d72a2c_780fad0e","updated":"2022-06-28 00:51:31.000000000","message":"This procedure only describes how keystone supports http and https at the same time when using a self-signed certificate.\nIf it is necessary to describe the procedure for cases in which HTTP is not required or in which self-signed certificate is not used, we believe that it is necessary to describe additionally, rather than omitting any step.\n(To disable HTTP, you must remove the http related configuration of keystone from apache and also modify the endpoint related information in DB.)\nIn each case, I would like to omit the description of \"skip the steps ...\", but is there any problem?","commit_id":"31f90ca8dde865ceae17aef6976ce9372f944f82"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"cd0ae5fa1ae07e7a20e29f879e67a5d32717e870","unresolved":false,"context_lines":[{"line_number":25,"context_line":"---------------------------------"},{"line_number":26,"context_line":"According to `RFC6749`_ , HTTPS **must** be enabled in the authorization"},{"line_number":27,"context_line":"server since requests include sensitive information, e.g., a client secret,"},{"line_number":28,"context_line":"in plain text. Considering that there are many third-party applications that"},{"line_number":29,"context_line":"use the keystone identity server as an authentication server, it is necessary"},{"line_number":30,"context_line":"to make keystone support both HTTP and HTTPS protocols through the following"},{"line_number":31,"context_line":"steps."},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"1. Generate an RSA private key."},{"line_number":34,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"4f2f0781_22d99ae6","line":31,"range":{"start_line":28,"start_character":15,"end_line":31,"end_character":6},"in_reply_to":"bbd1a41d_0822395f","updated":"2022-07-04 09:30:25.000000000","message":"\u003e If it is necessary to describe the procedure for cases in which HTTP is not required or in which self-signed certificate is not used, we believe that it is necessary to describe additionally, rather than omitting any step.\n\u003e In each case, I would like to omit the description of \"skip the steps ...\", but is there any problem?\n\nThanks. I understand. I think there\u0027s no problem. Just noting that this document doesn\u0027t assume the situation where PKI is used and only HTTPS is configured is enough.","commit_id":"31f90ca8dde865ceae17aef6976ce9372f944f82"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"cd0ae5fa1ae07e7a20e29f879e67a5d32717e870","unresolved":true,"context_lines":[{"line_number":25,"context_line":""},{"line_number":26,"context_line":"Enable Keystone HTTPS Service"},{"line_number":27,"context_line":"---------------------------------"},{"line_number":28,"context_line":"According to `RFC6749`_ , HTTPS **must** be enabled in the authorization"},{"line_number":29,"context_line":"server since requests include sensitive information, e.g., a client secret,"},{"line_number":30,"context_line":"in plain text. Note that you might have to enable both HTTP and HTTPS as some"},{"line_number":31,"context_line":"other OpenStack services or third-party applications don\u0027t use OAuth2.0 and"},{"line_number":32,"context_line":"need HTTP for the authentication with the Keystone identity server. Assuming"},{"line_number":33,"context_line":"such a situation, the following part describes steps to enable both HTTP and"},{"line_number":34,"context_line":"HTTPS with a self-signed certificate. "},{"line_number":35,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"ba855929_68a123b4","line":32,"range":{"start_line":28,"start_character":0,"end_line":32,"end_character":68},"updated":"2022-07-04 09:30:25.000000000","message":"Maybe, this sentence should be a warning block.","commit_id":"4b360836e30d77f27c1bbf213f1a7c0568e80c9d"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"8c886a0f5111b6ab6646b2a160b33f28bc9b8e67","unresolved":false,"context_lines":[{"line_number":25,"context_line":""},{"line_number":26,"context_line":"Enable Keystone HTTPS Service"},{"line_number":27,"context_line":"---------------------------------"},{"line_number":28,"context_line":"According to `RFC6749`_ , HTTPS **must** be enabled in the authorization"},{"line_number":29,"context_line":"server since requests include sensitive information, e.g., a client secret,"},{"line_number":30,"context_line":"in plain text. Note that you might have to enable both HTTP and HTTPS as some"},{"line_number":31,"context_line":"other OpenStack services or third-party applications don\u0027t use OAuth2.0 and"},{"line_number":32,"context_line":"need HTTP for the authentication with the Keystone identity server. Assuming"},{"line_number":33,"context_line":"such a situation, the following part describes steps to enable both HTTP and"},{"line_number":34,"context_line":"HTTPS with a self-signed certificate. "},{"line_number":35,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"48de7dc7_c5116bf8","line":32,"range":{"start_line":28,"start_character":0,"end_line":32,"end_character":68},"in_reply_to":"6d973762_c5e526c8","updated":"2022-09-13 03:22:12.000000000","message":"Done","commit_id":"4b360836e30d77f27c1bbf213f1a7c0568e80c9d"},{"author":{"_account_id":33920,"name":"Yusuke Niimi","email":"niimi.yusuke@fujitsu.com","username":"yniimi"},"change_message_id":"e0e12e043ca7bcef1dc15562208721cd678cfeb7","unresolved":true,"context_lines":[{"line_number":25,"context_line":""},{"line_number":26,"context_line":"Enable Keystone HTTPS Service"},{"line_number":27,"context_line":"---------------------------------"},{"line_number":28,"context_line":"According to `RFC6749`_ , HTTPS **must** be enabled in the authorization"},{"line_number":29,"context_line":"server since requests include sensitive information, e.g., a client secret,"},{"line_number":30,"context_line":"in plain text. Note that you might have to enable both HTTP and HTTPS as some"},{"line_number":31,"context_line":"other OpenStack services or third-party applications don\u0027t use OAuth2.0 and"},{"line_number":32,"context_line":"need HTTP for the authentication with the Keystone identity server. Assuming"},{"line_number":33,"context_line":"such a situation, the following part describes steps to enable both HTTP and"},{"line_number":34,"context_line":"HTTPS with a self-signed certificate. "},{"line_number":35,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"6d973762_c5e526c8","line":32,"range":{"start_line":28,"start_character":0,"end_line":32,"end_character":68},"in_reply_to":"ba855929_68a123b4","updated":"2022-07-21 05:20:53.000000000","message":"I fixed it according to the comment.\n(Patchset 3)","commit_id":"4b360836e30d77f27c1bbf213f1a7c0568e80c9d"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"cd0ae5fa1ae07e7a20e29f879e67a5d32717e870","unresolved":true,"context_lines":[{"line_number":29,"context_line":"server since requests include sensitive information, e.g., a client secret,"},{"line_number":30,"context_line":"in plain text. Note that you might have to enable both HTTP and HTTPS as some"},{"line_number":31,"context_line":"other OpenStack services or third-party applications don\u0027t use OAuth2.0 and"},{"line_number":32,"context_line":"need HTTP for the authentication with the Keystone identity server. Assuming"},{"line_number":33,"context_line":"such a situation, the following part describes steps to enable both HTTP and"},{"line_number":34,"context_line":"HTTPS with a self-signed certificate. "},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"1. Generate an RSA private key."}],"source_content_type":"text/x-rst","patch_set":2,"id":"c1719a88_37f6bff0","line":33,"range":{"start_line":32,"start_character":68,"end_line":33,"end_character":19},"updated":"2022-07-04 09:30:25.000000000","message":"If you agree with the above comment, please change this sentence as follows:\n\n\"Assuming such a situation, t\" -\u003e \"T\"","commit_id":"4b360836e30d77f27c1bbf213f1a7c0568e80c9d"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"8c886a0f5111b6ab6646b2a160b33f28bc9b8e67","unresolved":false,"context_lines":[{"line_number":29,"context_line":"server since requests include sensitive information, e.g., a client secret,"},{"line_number":30,"context_line":"in plain text. Note that you might have to enable both HTTP and HTTPS as some"},{"line_number":31,"context_line":"other OpenStack services or third-party applications don\u0027t use OAuth2.0 and"},{"line_number":32,"context_line":"need HTTP for the authentication with the Keystone identity server. Assuming"},{"line_number":33,"context_line":"such a situation, the following part describes steps to enable both HTTP and"},{"line_number":34,"context_line":"HTTPS with a self-signed certificate. "},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"1. Generate an RSA private key."}],"source_content_type":"text/x-rst","patch_set":2,"id":"eb483fa7_847f2455","line":33,"range":{"start_line":32,"start_character":68,"end_line":33,"end_character":19},"in_reply_to":"8911aaee_12ef918a","updated":"2022-09-13 03:22:12.000000000","message":"Done","commit_id":"4b360836e30d77f27c1bbf213f1a7c0568e80c9d"},{"author":{"_account_id":33920,"name":"Yusuke Niimi","email":"niimi.yusuke@fujitsu.com","username":"yniimi"},"change_message_id":"e0e12e043ca7bcef1dc15562208721cd678cfeb7","unresolved":true,"context_lines":[{"line_number":29,"context_line":"server since requests include sensitive information, e.g., a client secret,"},{"line_number":30,"context_line":"in plain text. Note that you might have to enable both HTTP and HTTPS as some"},{"line_number":31,"context_line":"other OpenStack services or third-party applications don\u0027t use OAuth2.0 and"},{"line_number":32,"context_line":"need HTTP for the authentication with the Keystone identity server. Assuming"},{"line_number":33,"context_line":"such a situation, the following part describes steps to enable both HTTP and"},{"line_number":34,"context_line":"HTTPS with a self-signed certificate. "},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"1. Generate an RSA private key."}],"source_content_type":"text/x-rst","patch_set":2,"id":"8911aaee_12ef918a","line":33,"range":{"start_line":32,"start_character":68,"end_line":33,"end_character":19},"in_reply_to":"c1719a88_37f6bff0","updated":"2022-07-21 05:20:53.000000000","message":"I fixed it according to the comment.\n(Patchset 3)","commit_id":"4b360836e30d77f27c1bbf213f1a7c0568e80c9d"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"cd0ae5fa1ae07e7a20e29f879e67a5d32717e870","unresolved":true,"context_lines":[{"line_number":31,"context_line":"other OpenStack services or third-party applications don\u0027t use OAuth2.0 and"},{"line_number":32,"context_line":"need HTTP for the authentication with the Keystone identity server. Assuming"},{"line_number":33,"context_line":"such a situation, the following part describes steps to enable both HTTP and"},{"line_number":34,"context_line":"HTTPS with a self-signed certificate. "},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"1. Generate an RSA private key."},{"line_number":37,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"bea9f700_c059eb09","line":34,"range":{"start_line":34,"start_character":37,"end_line":34,"end_character":38},"updated":"2022-07-04 09:30:25.000000000","message":"Please remove the trailing space.\n\nYou can replace it with a regex pattern like ``/ +$//g`` or ``/\\s+$//g``.","commit_id":"4b360836e30d77f27c1bbf213f1a7c0568e80c9d"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"8c886a0f5111b6ab6646b2a160b33f28bc9b8e67","unresolved":false,"context_lines":[{"line_number":31,"context_line":"other OpenStack services or third-party applications don\u0027t use OAuth2.0 and"},{"line_number":32,"context_line":"need HTTP for the authentication with the Keystone identity server. Assuming"},{"line_number":33,"context_line":"such a situation, the following part describes steps to enable both HTTP and"},{"line_number":34,"context_line":"HTTPS with a self-signed certificate. "},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"1. Generate an RSA private key."},{"line_number":37,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"af4ad653_5f204475","line":34,"range":{"start_line":34,"start_character":37,"end_line":34,"end_character":38},"in_reply_to":"5d69d211_d2c4d7f8","updated":"2022-09-13 03:22:12.000000000","message":"Done","commit_id":"4b360836e30d77f27c1bbf213f1a7c0568e80c9d"},{"author":{"_account_id":33920,"name":"Yusuke Niimi","email":"niimi.yusuke@fujitsu.com","username":"yniimi"},"change_message_id":"e0e12e043ca7bcef1dc15562208721cd678cfeb7","unresolved":true,"context_lines":[{"line_number":31,"context_line":"other OpenStack services or third-party applications don\u0027t use OAuth2.0 and"},{"line_number":32,"context_line":"need HTTP for the authentication with the Keystone identity server. Assuming"},{"line_number":33,"context_line":"such a situation, the following part describes steps to enable both HTTP and"},{"line_number":34,"context_line":"HTTPS with a self-signed certificate. "},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"1. Generate an RSA private key."},{"line_number":37,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"5d69d211_d2c4d7f8","line":34,"range":{"start_line":34,"start_character":37,"end_line":34,"end_character":38},"in_reply_to":"bea9f700_c059eb09","updated":"2022-07-21 05:20:53.000000000","message":"I fixed it according to the comment.\n(Patchset 3)","commit_id":"4b360836e30d77f27c1bbf213f1a7c0568e80c9d"},{"author":{"_account_id":14250,"name":"Grzegorz Grasza","email":"xek@redhat.com","username":"xek"},"change_message_id":"2ee6b3866467c4bb853520b7bdba5b3f73566cdb","unresolved":true,"context_lines":[{"line_number":32,"context_line":""},{"line_number":33,"context_line":"   According to `RFC6749`_ , HTTPS **must** be enabled in the authorization"},{"line_number":34,"context_line":"   server since requests include sensitive information, e.g., a client secret,"},{"line_number":35,"context_line":"   in plain text. Note that you might have to enable both HTTP and HTTPS as"},{"line_number":36,"context_line":"   some other OpenStack services or third-party applications don\u0027t use"},{"line_number":37,"context_line":"   OAuth2.0 and need HTTP for the authentication with the Keystone identity"},{"line_number":38,"context_line":"   server."},{"line_number":39,"context_line":""},{"line_number":40,"context_line":"1. Generate an RSA private key."},{"line_number":41,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"dcc5ba22_fbdd5e24","line":38,"range":{"start_line":35,"start_character":18,"end_line":38,"end_character":10},"updated":"2022-08-05 15:49:18.000000000","message":"I would recommend HTTPS in both cases. I\u0027m not aware of any issues connecting to HTTPS endpoints using openstack clients. But it\u0027s just a nit.","commit_id":"3fec3b863e144573dc4d9c17b541cf606d271561"},{"author":{"_account_id":33920,"name":"Yusuke Niimi","email":"niimi.yusuke@fujitsu.com","username":"yniimi"},"change_message_id":"0c1e2665b38418c6017218a71154d3c3a92e51f7","unresolved":true,"context_lines":[{"line_number":32,"context_line":""},{"line_number":33,"context_line":"   According to `RFC6749`_ , HTTPS **must** be enabled in the authorization"},{"line_number":34,"context_line":"   server since requests include sensitive information, e.g., a client secret,"},{"line_number":35,"context_line":"   in plain text. Note that you might have to enable both HTTP and HTTPS as"},{"line_number":36,"context_line":"   some other OpenStack services or third-party applications don\u0027t use"},{"line_number":37,"context_line":"   OAuth2.0 and need HTTP for the authentication with the Keystone identity"},{"line_number":38,"context_line":"   server."},{"line_number":39,"context_line":""},{"line_number":40,"context_line":"1. Generate an RSA private key."},{"line_number":41,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"f5dc3c6d_e058b70a","line":38,"range":{"start_line":35,"start_character":18,"end_line":38,"end_character":10},"in_reply_to":"dcc5ba22_fbdd5e24","updated":"2023-04-17 08:09:24.000000000","message":"HTTPS is recommended, but in actual deployment, users may only use HTTPS on the Internet and HTTP on the intranet.\n\nExamples are as follows:\nopenstack endpoint list\n+----------------------------------+-----------+--------------+-------------------+---------+-----------+---------------------------------+\n| ID                               | Region    | Service Name | Service Type      | Enabled | Interface | URL                             |\n+----------------------------------+-----------+--------------+-------------------+---------+-----------+---------------------------------+\n| 4b4c7134f2bc4e409321ebfb1b20e629 | RegionOne | keystone     | identity          | True    | admin     | http://192.168.2.100/identity   |\n| 98b2512aa41b4112bb6563976554a2fd | RegionOne | keystone     | identity          | True    | public    | https://192.168.2.100/identity  |\n| ccec323760944f6c9d0bbe136f8e5ec4 | RegionOne | keystone     | identity          | True    | internal  | http://192.168.2.100/identity   |\n+----------------------------------+-----------+--------------+-------------------+---------+-----------+---------------------------------+","commit_id":"3fec3b863e144573dc4d9c17b541cf606d271561"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"1a042bd75a01e4cdefae598c3bd64573dd4b5aae","unresolved":true,"context_lines":[{"line_number":10,"context_line":"``application_credentials_id`` and ``application_credentials_secret`` as"},{"line_number":11,"context_line":"client credentials to obtain the OAuth2.0 access token. The access token can"},{"line_number":12,"context_line":"then be used to access the protected resources of the OpenStack API, which"},{"line_number":13,"context_line":"uses Keystone middleware supporting the OAuth2.0 Client Credentials Grant."},{"line_number":14,"context_line":"See the `Identity API reference`_ for more information on generating OAuth2.0"},{"line_number":15,"context_line":"access token."},{"line_number":16,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"aa552dd2_b87298b6","line":13,"updated":"2023-06-14 18:02:26.000000000","message":"Keystonemiddleware by itself does not support the Client Credentials grant, what it supports is receiving the token in the \"Authorization\" header.","commit_id":"b438bf1efe587fb57f2e92ee11779625f2f3da39"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"2908746237d24b4057b344958c308b36c7446580","unresolved":false,"context_lines":[{"line_number":10,"context_line":"``application_credentials_id`` and ``application_credentials_secret`` as"},{"line_number":11,"context_line":"client credentials to obtain the OAuth2.0 access token. The access token can"},{"line_number":12,"context_line":"then be used to access the protected resources of the OpenStack API, which"},{"line_number":13,"context_line":"uses Keystone middleware supporting the OAuth2.0 Client Credentials Grant."},{"line_number":14,"context_line":"See the `Identity API reference`_ for more information on generating OAuth2.0"},{"line_number":15,"context_line":"access token."},{"line_number":16,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"daff007f_a5657f29","line":13,"in_reply_to":"aa552dd2_b87298b6","updated":"2023-06-27 14:57:54.000000000","message":"I agree.","commit_id":"b438bf1efe587fb57f2e92ee11779625f2f3da39"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"1a042bd75a01e4cdefae598c3bd64573dd4b5aae","unresolved":true,"context_lines":[{"line_number":23,"context_line":".. _application credentials: https://docs.openstack.org/api-ref/identity/v3/index.html#application-credentials"},{"line_number":24,"context_line":".. _`Identity API reference`: https://docs.openstack.org/api-ref/identity/v3/index.html#os-oauth2-api"},{"line_number":25,"context_line":""},{"line_number":26,"context_line":"Enable Keystone HTTPS Service"},{"line_number":27,"context_line":"---------------------------------"},{"line_number":28,"context_line":"The following part describes steps to enable both HTTP and HTTPS with a"},{"line_number":29,"context_line":"self-signed certificate."}],"source_content_type":"text/x-rst","patch_set":4,"id":"9aad2042_484aac50","line":26,"updated":"2023-06-14 18:02:26.000000000","message":"While I agree that configuring Keystone to use HTTPS can be considered a security requirement in production systems, a guide on how to do that is beyond the scope of this document. It would be better as its own page in the Keystone documentation, if we don\u0027t already have one.","commit_id":"b438bf1efe587fb57f2e92ee11779625f2f3da39"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"2908746237d24b4057b344958c308b36c7446580","unresolved":true,"context_lines":[{"line_number":23,"context_line":".. _application credentials: https://docs.openstack.org/api-ref/identity/v3/index.html#application-credentials"},{"line_number":24,"context_line":".. _`Identity API reference`: https://docs.openstack.org/api-ref/identity/v3/index.html#os-oauth2-api"},{"line_number":25,"context_line":""},{"line_number":26,"context_line":"Enable Keystone HTTPS Service"},{"line_number":27,"context_line":"---------------------------------"},{"line_number":28,"context_line":"The following part describes steps to enable both HTTP and HTTPS with a"},{"line_number":29,"context_line":"self-signed certificate."}],"source_content_type":"text/x-rst","patch_set":4,"id":"895252cf_ffcc264e","line":26,"in_reply_to":"9aad2042_484aac50","updated":"2023-06-27 14:57:54.000000000","message":"Agree. I\u0027ll add another document.","commit_id":"b438bf1efe587fb57f2e92ee11779625f2f3da39"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"1a042bd75a01e4cdefae598c3bd64573dd4b5aae","unresolved":true,"context_lines":[{"line_number":143,"context_line":""},{"line_number":144,"context_line":"    stack@oauth2-0-server:/$ sudo systemctl restart devstack@keystone.service"},{"line_number":145,"context_line":""},{"line_number":146,"context_line":"Try to access the Keystone APIs"},{"line_number":147,"context_line":"-------------------------------"},{"line_number":148,"context_line":"At last, try to access the Keystone APIs to confirm that the server is working"},{"line_number":149,"context_line":"properly."}],"source_content_type":"text/x-rst","patch_set":4,"id":"e0c53853_83a9c108","line":146,"updated":"2023-06-14 18:02:26.000000000","message":"Instead of talking to the API directly, why is this section of the guide not written using the openstackclient? I think it would make it more readable and undestandable by end users so please write it using that.","commit_id":"b438bf1efe587fb57f2e92ee11779625f2f3da39"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"2908746237d24b4057b344958c308b36c7446580","unresolved":true,"context_lines":[{"line_number":143,"context_line":""},{"line_number":144,"context_line":"    stack@oauth2-0-server:/$ sudo systemctl restart devstack@keystone.service"},{"line_number":145,"context_line":""},{"line_number":146,"context_line":"Try to access the Keystone APIs"},{"line_number":147,"context_line":"-------------------------------"},{"line_number":148,"context_line":"At last, try to access the Keystone APIs to confirm that the server is working"},{"line_number":149,"context_line":"properly."}],"source_content_type":"text/x-rst","patch_set":4,"id":"e60824f3_5178bbda","line":146,"in_reply_to":"e0c53853_83a9c108","updated":"2023-06-27 14:57:54.000000000","message":"OAuth2.0 API doesn\u0027t have CLI support, so I only replaced the creating application credentials part.","commit_id":"b438bf1efe587fb57f2e92ee11779625f2f3da39"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"1a042bd75a01e4cdefae598c3bd64573dd4b5aae","unresolved":true,"context_lines":[{"line_number":148,"context_line":"At last, try to access the Keystone APIs to confirm that the server is working"},{"line_number":149,"context_line":"properly."},{"line_number":150,"context_line":""},{"line_number":151,"context_line":"1. Through the HTTP protocol, access the Keystone token API to confirm that the"},{"line_number":152,"context_line":"   X-Auth-Token can be obtained normally."},{"line_number":153,"context_line":""},{"line_number":154,"context_line":".. code-block:: console"}],"source_content_type":"text/x-rst","patch_set":4,"id":"cfa8a676_505773de","line":151,"updated":"2023-06-14 18:02:26.000000000","message":"Thank you for the amount of detail in the usage guide. I think it would simplify the guide removing this step as it relates to differences between HTTP and HTTPS which I think are beyond the scope of this document. Please remove this step 1.","commit_id":"b438bf1efe587fb57f2e92ee11779625f2f3da39"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"2908746237d24b4057b344958c308b36c7446580","unresolved":true,"context_lines":[{"line_number":148,"context_line":"At last, try to access the Keystone APIs to confirm that the server is working"},{"line_number":149,"context_line":"properly."},{"line_number":150,"context_line":""},{"line_number":151,"context_line":"1. Through the HTTP protocol, access the Keystone token API to confirm that the"},{"line_number":152,"context_line":"   X-Auth-Token can be obtained normally."},{"line_number":153,"context_line":""},{"line_number":154,"context_line":".. code-block:: console"}],"source_content_type":"text/x-rst","patch_set":4,"id":"fff0021f_b0094977","line":151,"in_reply_to":"cfa8a676_505773de","updated":"2023-06-27 14:57:54.000000000","message":"Overall, the cuurent document is terribly specific for Tacker\u0027s use cases, I\u0027ll remove them with complete agreement.","commit_id":"b438bf1efe587fb57f2e92ee11779625f2f3da39"}]}