)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"f266b6b3f5547206e39e15dc300106db168c60e4","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"c3ab41aa_51f5c136","updated":"2022-10-11 02:37:45.000000000","message":"Thank you for submitting patches.\n\nCould you add the following line to commit messages?\n\n```\nImplements: blueprint support-oauth2-mtls\n```\n\nPlease do the same thing for the other patches:\nhttps://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls","commit_id":"58374f2a62b4693362b8c79b523e5ca4b057184b"},{"author":{"_account_id":34634,"name":"Yonggen Sun","email":"sunyonggen@fujitsu.com","username":"sunyonggen"},"change_message_id":"6354c4ef6ad7ac63df38db1f140b072b35728673","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"e7df3421_a73a4f49","in_reply_to":"c3ab41aa_51f5c136","updated":"2023-02-09 01:40:18.000000000","message":"Has added.","commit_id":"58374f2a62b4693362b8c79b523e5ca4b057184b"},{"author":{"_account_id":33920,"name":"Yusuke Niimi","email":"niimi.yusuke@fujitsu.com","username":"yniimi"},"change_message_id":"bb650f62ba295f2596214c0da0caef9147af13df","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"6350dc8e_38c35d29","updated":"2023-01-17 09:56:10.000000000","message":"I replied to one comment, so please check it.\nThank you.","commit_id":"16082a1ef94a7568bc74597d036901ec1445f06b"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"1ca67bf8372a35a94bae4eb1617c6fe155478678","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"37d45cbe_2933de51","updated":"2023-01-13 15:55:02.000000000","message":"Please kindly find comments below.","commit_id":"16082a1ef94a7568bc74597d036901ec1445f06b"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"7df76b7018fdaf01e884df349392b43202ac1dfa","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"5b2a7314_78196acb","updated":"2023-02-08 02:38:26.000000000","message":"Thank you for the review.\nPlease kindly check the latest PS again.","commit_id":"c3b3e3834187bded6192ebb72a469835cecbc630"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"5e3a3c9815c75d336fd22847b956b5ddf226d9cf","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":10,"id":"c1478e69_c64fe96b","updated":"2023-02-17 05:21:51.000000000","message":"Added UT for authn methods choice.\nMerged AccessTokenTests into OAuth2Tests as I couldn\u0027t find reason to separate them. For instance, OAuth2CertificateTests is completely isolated from OAuth2Tests.","commit_id":"abb9a232c9375ecddc3bb71cff10ef83321ec110"},{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"d4cddd713a83ece2a728fe8c1578fde0cf327b47","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":10,"id":"bc653b73_cf1128ce","updated":"2023-02-28 20:48:30.000000000","message":"We should only use cryptography.io for any and all cryptography work.  I\u0027ll try to work on a patch to show how to use cryptography.io to do the cert management you\u0027re doing with pyOpenSSL.","commit_id":"abb9a232c9375ecddc3bb71cff10ef83321ec110"},{"author":{"_account_id":7414,"name":"David Wilde","email":"dwilde@redhat.com","username":"d34dh0r53"},"change_message_id":"4fd9c14f7995a0408a92841bf5b1aafd7b382764","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"ff89d898_4e9bcc4a","updated":"2023-03-03 15:06:50.000000000","message":"Much better, thank you! LGTM","commit_id":"f6a0cce4409232d8ade69b7773dbabcf4c53ec0f"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"981579e8f38e8f6d7d58910e7bc9d80950960c10","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"f28e151f_e7d3b1ec","updated":"2023-03-03 02:18:15.000000000","message":"Thank you for your comments.\nI removed dependency on OpenSSL.","commit_id":"f6a0cce4409232d8ade69b7773dbabcf4c53ec0f"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"9c57e3e435d472433cb45d0250f2f1d2731740e0","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"e0fdcc9e_0d6ab54e","updated":"2023-03-03 12:58:09.000000000","message":"recheck, unrelated error [ERROR] /opt/stack/devstack/functions-common:2378 Neutron did not start","commit_id":"f6a0cce4409232d8ade69b7773dbabcf4c53ec0f"}],"keystone/api/os_oauth2.py":[{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"1681bd61ab5b6e02050e70dda276203aa4c5be0e","unresolved":true,"context_lines":[{"line_number":93,"context_line":"            LOG.info(\u0027Get OAuth2.0 Access Token API: \u0027"},{"line_number":94,"context_line":"                     f\u0027{error.message_format}\u0027)"},{"line_number":95,"context_line":"            raise error"},{"line_number":96,"context_line":"        oauth2_authn_method \u003d CONF.oauth2.oauth2_authn_method"},{"line_number":97,"context_line":"        if oauth2_authn_method \u003d\u003d \u0027certificate\u0027:"},{"line_number":98,"context_line":"            return self._tls_client_auth()"},{"line_number":99,"context_line":"        elif oauth2_authn_method \u003d\u003d \u0027secret\u0027:"}],"source_content_type":"text/x-python","patch_set":6,"id":"bfd1a46f_4d597224","line":96,"updated":"2023-01-26 18:37:11.000000000","message":"So this can only work with either credentials, or mtls, but not both at the same time? Is there a particular reason?","commit_id":"16082a1ef94a7568bc74597d036901ec1445f06b"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"7df76b7018fdaf01e884df349392b43202ac1dfa","unresolved":true,"context_lines":[{"line_number":93,"context_line":"            LOG.info(\u0027Get OAuth2.0 Access Token API: \u0027"},{"line_number":94,"context_line":"                     f\u0027{error.message_format}\u0027)"},{"line_number":95,"context_line":"            raise error"},{"line_number":96,"context_line":"        oauth2_authn_method \u003d CONF.oauth2.oauth2_authn_method"},{"line_number":97,"context_line":"        if oauth2_authn_method \u003d\u003d \u0027certificate\u0027:"},{"line_number":98,"context_line":"            return self._tls_client_auth()"},{"line_number":99,"context_line":"        elif oauth2_authn_method \u003d\u003d \u0027secret\u0027:"}],"source_content_type":"text/x-python","patch_set":6,"id":"a045e468_1d6a93ef","line":96,"in_reply_to":"bfd1a46f_4d597224","updated":"2023-02-08 02:38:26.000000000","message":"In the previous meeting, you mentioned that the authentication methods can be handled by auth_method [1]. However, I think auth_method lists the available authentication methods when users perform authentication with `/identity/v3/auth/tokens` with `methods` field in requests. Adding something like `oauth2_cert` to auth_method may fall into error as OAuth2.0 doesn\u0027t work as a plugin for `/identity/v3/auth/tokens` [2]. For that reason, I just changed oauth2_authn_method to ListOpt which is specific for the OAuth2.0. Is this in line with your thoughts? I didn\u0027t make test cases yet. If you agree with the above, I\u0027ll add test cases.\n\n[1] https://github.com/openstack/keystone/blob/420f4ff46da106b67912cecdff939f5dc0b079d0/keystone/conf/auth.py#L19-L28\n[2] https://github.com/openstack/keystone/blob/master/keystone/auth/core.py#L40-L65","commit_id":"16082a1ef94a7568bc74597d036901ec1445f06b"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"1681bd61ab5b6e02050e70dda276203aa4c5be0e","unresolved":true,"context_lines":[{"line_number":346,"context_line":"            user.get(\u0027domain_id\u0027))"},{"line_number":347,"context_line":"        self._check_mapped_properties(client_cert_dn, user, user_domain)"},{"line_number":348,"context_line":""},{"line_number":349,"context_line":"        project_id \u003d user.get(\u0027default_project_id\u0027)"},{"line_number":350,"context_line":"        domain_id \u003d None"},{"line_number":351,"context_line":"        if not project_id:"},{"line_number":352,"context_line":"            domain_id \u003d user.get(\u0027domain_id\u0027)"}],"source_content_type":"text/x-python","patch_set":6,"id":"bb512af0_25290379","line":349,"updated":"2023-01-26 18:37:11.000000000","message":"What happens if a user doesn\u0027t have a default_project_id? It seems that instead of getting a project scoped token you return a domain scoped token. I don\u0027t like that the type of token changes based on a user attribute, instead of the request being different. If we really want this to only work for 1 project for each user, the lack of default_project_id should cause this to fail.","commit_id":"16082a1ef94a7568bc74597d036901ec1445f06b"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"7df76b7018fdaf01e884df349392b43202ac1dfa","unresolved":true,"context_lines":[{"line_number":346,"context_line":"            user.get(\u0027domain_id\u0027))"},{"line_number":347,"context_line":"        self._check_mapped_properties(client_cert_dn, user, user_domain)"},{"line_number":348,"context_line":""},{"line_number":349,"context_line":"        project_id \u003d user.get(\u0027default_project_id\u0027)"},{"line_number":350,"context_line":"        domain_id \u003d None"},{"line_number":351,"context_line":"        if not project_id:"},{"line_number":352,"context_line":"            domain_id \u003d user.get(\u0027domain_id\u0027)"}],"source_content_type":"text/x-python","patch_set":6,"id":"e869372b_86712314","line":349,"in_reply_to":"bb512af0_25290379","updated":"2023-02-08 02:38:26.000000000","message":"Changed codes to fall when `default_project_id` is empty.","commit_id":"16082a1ef94a7568bc74597d036901ec1445f06b"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"1681bd61ab5b6e02050e70dda276203aa4c5be0e","unresolved":true,"context_lines":[{"line_number":358,"context_line":"                method_names\u003d[\u0027oauth2_credential\u0027],"},{"line_number":359,"context_line":"                project_id\u003dproject_id,"},{"line_number":360,"context_line":"                domain_id\u003ddomain_id,"},{"line_number":361,"context_line":"                credential_id\u003dclient_id,"},{"line_number":362,"context_line":"                thumbprint\u003dthumbprint"},{"line_number":363,"context_line":"            )"},{"line_number":364,"context_line":"        except exception.Error as error:"}],"source_content_type":"text/x-python","patch_set":6,"id":"27bd41db_faf3453f","line":361,"updated":"2023-01-26 18:37:11.000000000","message":"As Hiromu mentioned in a different comment, I don\u0027t think passing credential_id is required or desired here. You can distinguish whether this is a oauth2_credential token from the presence of thumbprint.","commit_id":"16082a1ef94a7568bc74597d036901ec1445f06b"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"7df76b7018fdaf01e884df349392b43202ac1dfa","unresolved":true,"context_lines":[{"line_number":358,"context_line":"                method_names\u003d[\u0027oauth2_credential\u0027],"},{"line_number":359,"context_line":"                project_id\u003dproject_id,"},{"line_number":360,"context_line":"                domain_id\u003ddomain_id,"},{"line_number":361,"context_line":"                credential_id\u003dclient_id,"},{"line_number":362,"context_line":"                thumbprint\u003dthumbprint"},{"line_number":363,"context_line":"            )"},{"line_number":364,"context_line":"        except exception.Error as error:"}],"source_content_type":"text/x-python","patch_set":6,"id":"e2e5209d_840e3090","line":361,"in_reply_to":"27bd41db_faf3453f","updated":"2023-02-08 02:38:26.000000000","message":"Removed credential_id among all places. In this place, `domain_id` is also removed as domain-scoped token is now out-of-scope.","commit_id":"16082a1ef94a7568bc74597d036901ec1445f06b"},{"author":{"_account_id":34634,"name":"Yonggen Sun","email":"sunyonggen@fujitsu.com","username":"sunyonggen"},"change_message_id":"af1e7db209db4e91d0c41b7b06c94ec5eb0b8157","unresolved":true,"context_lines":[{"line_number":99,"context_line":"        client_secret \u003d flask.request.form.get(\u0027client_secret\u0027)"},{"line_number":100,"context_line":"        client_cert \u003d flask.request.environ.get(\"SSL_CLIENT_CERT\")"},{"line_number":101,"context_line":"        client_auth \u003d flask.request.authorization"},{"line_number":102,"context_line":"        if client_auth and client_auth.type \u003d\u003d \u0027basic\u0027:"},{"line_number":103,"context_line":"            client_id \u003d client_auth.username"},{"line_number":104,"context_line":"            client_secret \u003d client_auth.password"},{"line_number":105,"context_line":""}],"source_content_type":"text/x-python","patch_set":7,"id":"eca4e451_2560b5d0","line":102,"range":{"start_line":102,"start_character":0,"end_line":102,"end_character":55},"updated":"2023-02-09 03:42:18.000000000","message":"It needs to be modified to:\nif not client_cert and client_auth and client_auth.type \u003d\u003d \u0027basic\u0027:\n\nCause:\n\nApplication credential ID and user ID are not the same. \nclient_certificate and authorization (basic secret) exist at the same time,\nclient_id will be replaced with the application credential ID, causing authentication to fail.","commit_id":"c3b3e3834187bded6192ebb72a469835cecbc630"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"038a40628006c29f3b69def68b8b82bdb8f48d1b","unresolved":true,"context_lines":[{"line_number":99,"context_line":"        client_secret \u003d flask.request.form.get(\u0027client_secret\u0027)"},{"line_number":100,"context_line":"        client_cert \u003d flask.request.environ.get(\"SSL_CLIENT_CERT\")"},{"line_number":101,"context_line":"        client_auth \u003d flask.request.authorization"},{"line_number":102,"context_line":"        if client_auth and client_auth.type \u003d\u003d \u0027basic\u0027:"},{"line_number":103,"context_line":"            client_id \u003d client_auth.username"},{"line_number":104,"context_line":"            client_secret \u003d client_auth.password"},{"line_number":105,"context_line":""}],"source_content_type":"text/x-python","patch_set":7,"id":"572da5a3_04002dd4","line":102,"range":{"start_line":102,"start_character":0,"end_line":102,"end_character":55},"in_reply_to":"eca4e451_2560b5d0","updated":"2023-02-10 12:32:57.000000000","message":"Thank you.\nFixed in PS8","commit_id":"c3b3e3834187bded6192ebb72a469835cecbc630"}],"keystone/common/render_token.py":[{"author":{"_account_id":34634,"name":"Yonggen Sun","email":"sunyonggen@fujitsu.com","username":"sunyonggen"},"change_message_id":"6354c4ef6ad7ac63df38db1f140b072b35728673","unresolved":true,"context_lines":[{"line_number":144,"context_line":"            )"},{"line_number":145,"context_line":"    if token.oauth2_thumbprint:"},{"line_number":146,"context_line":"        token_reference[\u0027token\u0027][\u0027oauth2_credential\u0027] \u003d {"},{"line_number":147,"context_line":"            \u0027x5t#S256\u0027: token.oauth2_thumbprint"},{"line_number":148,"context_line":"        }"},{"line_number":149,"context_line":""},{"line_number":150,"context_line":"    return token_reference"}],"source_content_type":"text/x-python","patch_set":7,"id":"1d6e31d0_0687e08a","line":147,"updated":"2023-02-09 01:40:18.000000000","message":"After this place is removed oauth2_credential_id, the token no longer contains oauth2_credential_id fields. So keystoneauth and keystonemiddleware code needs to be modified simultaneously.","commit_id":"c3b3e3834187bded6192ebb72a469835cecbc630"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"038a40628006c29f3b69def68b8b82bdb8f48d1b","unresolved":true,"context_lines":[{"line_number":144,"context_line":"            )"},{"line_number":145,"context_line":"    if token.oauth2_thumbprint:"},{"line_number":146,"context_line":"        token_reference[\u0027token\u0027][\u0027oauth2_credential\u0027] \u003d {"},{"line_number":147,"context_line":"            \u0027x5t#S256\u0027: token.oauth2_thumbprint"},{"line_number":148,"context_line":"        }"},{"line_number":149,"context_line":""},{"line_number":150,"context_line":"    return token_reference"}],"source_content_type":"text/x-python","patch_set":7,"id":"5b6e3ab3_7939cc2d","line":147,"in_reply_to":"1d6e31d0_0687e08a","updated":"2023-02-10 12:32:57.000000000","message":"I updated https://review.opendev.org/c/openstack/keystonemiddleware/+/860615 and https://review.opendev.org/c/openstack/keystoneauth/+/860614/","commit_id":"c3b3e3834187bded6192ebb72a469835cecbc630"}],"keystone/conf/oauth2.py":[{"author":{"_account_id":34634,"name":"Yonggen Sun","email":"sunyonggen@fujitsu.com","username":"sunyonggen"},"change_message_id":"463d8b191c1d0c1d127a40c8b533096113e3413e","unresolved":true,"context_lines":[{"line_number":18,"context_line":""},{"line_number":19,"context_line":"oauth2_authn_methods \u003d cfg.ListOpt("},{"line_number":20,"context_line":"    \u0027oauth2_authn_methods\u0027,"},{"line_number":21,"context_line":"    default\u003d[\u0027tls_client_auth\u0027, \u0027 client_secret_basic\u0027],"},{"line_number":22,"context_line":"    help\u003dutils.fmt(\"\"\""},{"line_number":23,"context_line":"The OAuth2.0 authentication method supported by the system when user obtains"},{"line_number":24,"context_line":"an access token through the OAuth2.0 token endpoint. This option can be set to"}],"source_content_type":"text/x-python","patch_set":8,"id":"22bbf639_37a46c00","line":21,"updated":"2023-02-14 01:15:32.000000000","message":"The space in front of \u0027 client_secret_basic\u0027 needs to be removed.","commit_id":"cc744dd055bfaf756da94025806d8e4300d09de8"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"e338d143873e87f914e904db05a26cf8f5b61143","unresolved":true,"context_lines":[{"line_number":18,"context_line":""},{"line_number":19,"context_line":"oauth2_authn_methods \u003d cfg.ListOpt("},{"line_number":20,"context_line":"    \u0027oauth2_authn_methods\u0027,"},{"line_number":21,"context_line":"    default\u003d[\u0027tls_client_auth\u0027, \u0027 client_secret_basic\u0027],"},{"line_number":22,"context_line":"    help\u003dutils.fmt(\"\"\""},{"line_number":23,"context_line":"The OAuth2.0 authentication method supported by the system when user obtains"},{"line_number":24,"context_line":"an access token through the OAuth2.0 token endpoint. This option can be set to"}],"source_content_type":"text/x-python","patch_set":8,"id":"11ed9bc3_edf2ec64","line":21,"in_reply_to":"22bbf639_37a46c00","updated":"2023-02-15 09:24:35.000000000","message":"Fixed in PS9","commit_id":"cc744dd055bfaf756da94025806d8e4300d09de8"}],"keystone/tests/unit/test_v3_oauth2.py":[{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"1ca67bf8372a35a94bae4eb1617c6fe155478678","unresolved":true,"context_lines":[{"line_number":657,"context_line":""},{"line_number":658,"context_line":"        client_cert, client_key \u003d unit.create_certificate("},{"line_number":659,"context_line":"            client_subj, ca\u003droot_cert, ca_key\u003droot_key)"},{"line_number":660,"context_line":"        return root_cert, root_key, ks_cert, ks_key, client_cert, client_key"},{"line_number":661,"context_line":""},{"line_number":662,"context_line":"    def _create_mapping(self, id\u003d\u0027oauth2_mapping\u0027, dn_rules\u003dNone):"},{"line_number":663,"context_line":"        rules \u003d []"}],"source_content_type":"text/x-python","patch_set":3,"id":"2a486838_d2b453e9","line":660,"range":{"start_line":660,"start_character":15,"end_line":660,"end_character":52},"updated":"2023-01-13 15:55:02.000000000","message":"Seems these vars are not used in this class. Could you tell me the reason for returning them?","commit_id":"6bb737c804f0cbbe6e20ae2b4316472e870ce236"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"f1511f0cdb152ea3e304126ce341432763f4f413","unresolved":false,"context_lines":[{"line_number":657,"context_line":""},{"line_number":658,"context_line":"        client_cert, client_key \u003d unit.create_certificate("},{"line_number":659,"context_line":"            client_subj, ca\u003droot_cert, ca_key\u003droot_key)"},{"line_number":660,"context_line":"        return root_cert, root_key, ks_cert, ks_key, client_cert, client_key"},{"line_number":661,"context_line":""},{"line_number":662,"context_line":"    def _create_mapping(self, id\u003d\u0027oauth2_mapping\u0027, dn_rules\u003dNone):"},{"line_number":663,"context_line":"        rules \u003d []"}],"source_content_type":"text/x-python","patch_set":3,"id":"634623dd_469071d2","line":660,"range":{"start_line":660,"start_character":15,"end_line":660,"end_character":52},"in_reply_to":"2a486838_d2b453e9","updated":"2023-02-17 16:05:01.000000000","message":"withdraw","commit_id":"6bb737c804f0cbbe6e20ae2b4316472e870ce236"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"1ca67bf8372a35a94bae4eb1617c6fe155478678","unresolved":true,"context_lines":[{"line_number":754,"context_line":"            crypto.FILETYPE_PEM, cert).decode(\u0027ascii\u0027)"},{"line_number":755,"context_line":""},{"line_number":756,"context_line":"    def assertUnauthorizedResp(self, resp):"},{"line_number":757,"context_line":"        LOG.debug(resp)"},{"line_number":758,"context_line":"        json_resp \u003d jsonutils.loads(resp.body)"},{"line_number":759,"context_line":"        self.assertEqual(\u0027invalid_client\u0027, json_resp[\u0027error\u0027])"},{"line_number":760,"context_line":"        self.assertEqual("}],"source_content_type":"text/x-python","patch_set":3,"id":"c9d1c84e_195718f4","line":757,"range":{"start_line":757,"start_character":8,"end_line":757,"end_character":23},"updated":"2023-01-13 15:55:02.000000000","message":"LOG.debug(f\u0027response: {resp}\u0027)","commit_id":"6bb737c804f0cbbe6e20ae2b4316472e870ce236"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"f1511f0cdb152ea3e304126ce341432763f4f413","unresolved":false,"context_lines":[{"line_number":754,"context_line":"            crypto.FILETYPE_PEM, cert).decode(\u0027ascii\u0027)"},{"line_number":755,"context_line":""},{"line_number":756,"context_line":"    def assertUnauthorizedResp(self, resp):"},{"line_number":757,"context_line":"        LOG.debug(resp)"},{"line_number":758,"context_line":"        json_resp \u003d jsonutils.loads(resp.body)"},{"line_number":759,"context_line":"        self.assertEqual(\u0027invalid_client\u0027, json_resp[\u0027error\u0027])"},{"line_number":760,"context_line":"        self.assertEqual("}],"source_content_type":"text/x-python","patch_set":3,"id":"9a6316a0_0c9ed6de","line":757,"range":{"start_line":757,"start_character":8,"end_line":757,"end_character":23},"in_reply_to":"c9d1c84e_195718f4","updated":"2023-02-17 16:05:01.000000000","message":"withdraw","commit_id":"6bb737c804f0cbbe6e20ae2b4316472e870ce236"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"1ca67bf8372a35a94bae4eb1617c6fe155478678","unresolved":true,"context_lines":[{"line_number":769,"context_line":"        resp \u003d self._get_access_token("},{"line_number":770,"context_line":"            client_id\u003dself.oauth2_user.get(\u0027id\u0027),"},{"line_number":771,"context_line":"            client_cert_content\u003dcert_content)"},{"line_number":772,"context_line":"        LOG.debug(resp)"},{"line_number":773,"context_line":"        json_resp \u003d jsonutils.loads(resp.body)"},{"line_number":774,"context_line":"        self.assertIn(\u0027access_token\u0027, json_resp)"},{"line_number":775,"context_line":"        self.assertEqual(\u0027Bearer\u0027, json_resp[\u0027token_type\u0027])"}],"source_content_type":"text/x-python","patch_set":3,"id":"93d00388_7c861ca2","line":772,"range":{"start_line":772,"start_character":8,"end_line":772,"end_character":23},"updated":"2023-01-13 15:55:02.000000000","message":"ditto","commit_id":"6bb737c804f0cbbe6e20ae2b4316472e870ce236"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"f1511f0cdb152ea3e304126ce341432763f4f413","unresolved":false,"context_lines":[{"line_number":769,"context_line":"        resp \u003d self._get_access_token("},{"line_number":770,"context_line":"            client_id\u003dself.oauth2_user.get(\u0027id\u0027),"},{"line_number":771,"context_line":"            client_cert_content\u003dcert_content)"},{"line_number":772,"context_line":"        LOG.debug(resp)"},{"line_number":773,"context_line":"        json_resp \u003d jsonutils.loads(resp.body)"},{"line_number":774,"context_line":"        self.assertIn(\u0027access_token\u0027, json_resp)"},{"line_number":775,"context_line":"        self.assertEqual(\u0027Bearer\u0027, json_resp[\u0027token_type\u0027])"}],"source_content_type":"text/x-python","patch_set":3,"id":"e33c1c4e_78cbfffc","line":772,"range":{"start_line":772,"start_character":8,"end_line":772,"end_character":23},"in_reply_to":"93d00388_7c861ca2","updated":"2023-02-17 16:05:01.000000000","message":"withdraw","commit_id":"6bb737c804f0cbbe6e20ae2b4316472e870ce236"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"1ca67bf8372a35a94bae4eb1617c6fe155478678","unresolved":true,"context_lines":[{"line_number":817,"context_line":"        resp \u003d self._get_access_token("},{"line_number":818,"context_line":"            client_id\u003duser.get(\u0027id\u0027),"},{"line_number":819,"context_line":"            client_cert_content\u003dcert_content)"},{"line_number":820,"context_line":"        LOG.debug(resp)"},{"line_number":821,"context_line":"        json_resp \u003d jsonutils.loads(resp.body)"},{"line_number":822,"context_line":"        self.assertIn(\u0027access_token\u0027, json_resp)"},{"line_number":823,"context_line":"        self.assertEqual(\u0027Bearer\u0027, json_resp[\u0027token_type\u0027])"}],"source_content_type":"text/x-python","patch_set":3,"id":"526b4453_795d1fd4","line":820,"range":{"start_line":820,"start_character":8,"end_line":820,"end_character":23},"updated":"2023-01-13 15:55:02.000000000","message":"ditto","commit_id":"6bb737c804f0cbbe6e20ae2b4316472e870ce236"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"f1511f0cdb152ea3e304126ce341432763f4f413","unresolved":false,"context_lines":[{"line_number":817,"context_line":"        resp \u003d self._get_access_token("},{"line_number":818,"context_line":"            client_id\u003duser.get(\u0027id\u0027),"},{"line_number":819,"context_line":"            client_cert_content\u003dcert_content)"},{"line_number":820,"context_line":"        LOG.debug(resp)"},{"line_number":821,"context_line":"        json_resp \u003d jsonutils.loads(resp.body)"},{"line_number":822,"context_line":"        self.assertIn(\u0027access_token\u0027, json_resp)"},{"line_number":823,"context_line":"        self.assertEqual(\u0027Bearer\u0027, json_resp[\u0027token_type\u0027])"}],"source_content_type":"text/x-python","patch_set":3,"id":"f9504fb4_306605ab","line":820,"range":{"start_line":820,"start_character":8,"end_line":820,"end_character":23},"in_reply_to":"526b4453_795d1fd4","updated":"2023-02-17 16:05:01.000000000","message":"withdraw","commit_id":"6bb737c804f0cbbe6e20ae2b4316472e870ce236"}],"keystone/tests/unit/token/test_fernet_provider.py":[{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"1ca67bf8372a35a94bae4eb1617c6fe155478678","unresolved":true,"context_lines":[{"line_number":326,"context_line":"        self.assertEqual(exp_audit_ids, audit_ids)"},{"line_number":327,"context_line":"        self.assertEqual(exp_federated_group_ids, federated_group_ids)"},{"line_number":328,"context_line":"        self.assertEqual(exp_idp_id, identity_provider_id)"},{"line_number":329,"context_line":"        self.assertEqual(exp_protocol_id, protocol_id)"},{"line_number":330,"context_line":""},{"line_number":331,"context_line":"    def test_create_validate_federated_scoped_token_non_uuid_user_id(self):"},{"line_number":332,"context_line":"        exp_user_id \u003d hashlib.sha256().hexdigest()"}],"source_content_type":"text/x-python","patch_set":3,"id":"df0fbf9e_6446ad35","line":329,"updated":"2023-01-13 15:55:02.000000000","message":"why don\u0027t you add an assertion for `credential_id` and `thumbprint`?","commit_id":"6bb737c804f0cbbe6e20ae2b4316472e870ce236"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"f1511f0cdb152ea3e304126ce341432763f4f413","unresolved":false,"context_lines":[{"line_number":326,"context_line":"        self.assertEqual(exp_audit_ids, audit_ids)"},{"line_number":327,"context_line":"        self.assertEqual(exp_federated_group_ids, federated_group_ids)"},{"line_number":328,"context_line":"        self.assertEqual(exp_idp_id, identity_provider_id)"},{"line_number":329,"context_line":"        self.assertEqual(exp_protocol_id, protocol_id)"},{"line_number":330,"context_line":""},{"line_number":331,"context_line":"    def test_create_validate_federated_scoped_token_non_uuid_user_id(self):"},{"line_number":332,"context_line":"        exp_user_id \u003d hashlib.sha256().hexdigest()"}],"source_content_type":"text/x-python","patch_set":3,"id":"afbfdde8_2d541526","line":329,"in_reply_to":"df0fbf9e_6446ad35","updated":"2023-02-17 16:05:01.000000000","message":"withdraw","commit_id":"6bb737c804f0cbbe6e20ae2b4316472e870ce236"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"1ca67bf8372a35a94bae4eb1617c6fe155478678","unresolved":true,"context_lines":[{"line_number":362,"context_line":"        self.assertEqual(exp_project_id, project_id)"},{"line_number":363,"context_line":"        self.assertEqual(exp_federated_group_ids, federated_group_ids)"},{"line_number":364,"context_line":"        self.assertEqual(exp_idp_id, identity_provider_id)"},{"line_number":365,"context_line":"        self.assertEqual(exp_protocol_id, protocol_id)"},{"line_number":366,"context_line":""},{"line_number":367,"context_line":""},{"line_number":368,"context_line":"class TestPayloads(unit.TestCase):"}],"source_content_type":"text/x-python","patch_set":3,"id":"5548504f_a0e60f26","line":365,"updated":"2023-01-13 15:55:02.000000000","message":"ditto","commit_id":"6bb737c804f0cbbe6e20ae2b4316472e870ce236"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"f1511f0cdb152ea3e304126ce341432763f4f413","unresolved":false,"context_lines":[{"line_number":362,"context_line":"        self.assertEqual(exp_project_id, project_id)"},{"line_number":363,"context_line":"        self.assertEqual(exp_federated_group_ids, federated_group_ids)"},{"line_number":364,"context_line":"        self.assertEqual(exp_idp_id, identity_provider_id)"},{"line_number":365,"context_line":"        self.assertEqual(exp_protocol_id, protocol_id)"},{"line_number":366,"context_line":""},{"line_number":367,"context_line":""},{"line_number":368,"context_line":"class TestPayloads(unit.TestCase):"}],"source_content_type":"text/x-python","patch_set":3,"id":"7b6ede51_21a1917f","line":365,"in_reply_to":"5548504f_a0e60f26","updated":"2023-02-17 16:05:01.000000000","message":"withdraw","commit_id":"6bb737c804f0cbbe6e20ae2b4316472e870ce236"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"1ca67bf8372a35a94bae4eb1617c6fe155478678","unresolved":true,"context_lines":[{"line_number":520,"context_line":"        self.assertEqual(exp_trust_id, trust_id)"},{"line_number":521,"context_line":"        self.assertEqual(exp_access_token_id, access_token_id)"},{"line_number":522,"context_line":"        self.assertEqual(exp_app_cred_id, app_cred_id)"},{"line_number":523,"context_line":""},{"line_number":524,"context_line":"    def test_unscoped_payload(self):"},{"line_number":525,"context_line":"        self._test_payload(token_formatters.UnscopedPayload)"},{"line_number":526,"context_line":""}],"source_content_type":"text/x-python","patch_set":3,"id":"6edf7859_9eb6ce9c","line":523,"updated":"2023-01-13 15:55:02.000000000","message":"ditto","commit_id":"6bb737c804f0cbbe6e20ae2b4316472e870ce236"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"f1511f0cdb152ea3e304126ce341432763f4f413","unresolved":false,"context_lines":[{"line_number":520,"context_line":"        self.assertEqual(exp_trust_id, trust_id)"},{"line_number":521,"context_line":"        self.assertEqual(exp_access_token_id, access_token_id)"},{"line_number":522,"context_line":"        self.assertEqual(exp_app_cred_id, app_cred_id)"},{"line_number":523,"context_line":""},{"line_number":524,"context_line":"    def test_unscoped_payload(self):"},{"line_number":525,"context_line":"        self._test_payload(token_formatters.UnscopedPayload)"},{"line_number":526,"context_line":""}],"source_content_type":"text/x-python","patch_set":3,"id":"1eb2f76b_f436b485","line":523,"in_reply_to":"6edf7859_9eb6ce9c","updated":"2023-02-17 16:05:01.000000000","message":"withdraw","commit_id":"6bb737c804f0cbbe6e20ae2b4316472e870ce236"}],"keystone/token/token_formatters.py":[{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"1ca67bf8372a35a94bae4eb1617c6fe155478678","unresolved":true,"context_lines":[{"line_number":138,"context_line":"                     project_id\u003dNone, trust_id\u003dNone, federated_group_ids\u003dNone,"},{"line_number":139,"context_line":"                     identity_provider_id\u003dNone, protocol_id\u003dNone,"},{"line_number":140,"context_line":"                     access_token_id\u003dNone, app_cred_id\u003dNone,"},{"line_number":141,"context_line":"                     credential_id\u003dNone, thumbprint\u003dNone):"},{"line_number":142,"context_line":"        \"\"\"Given a set of payload attributes, generate a Fernet token.\"\"\""},{"line_number":143,"context_line":"        version \u003d payload_class.version"},{"line_number":144,"context_line":"        payload \u003d payload_class.assemble("}],"source_content_type":"text/x-python","patch_set":3,"id":"701831a1_629d1658","line":141,"range":{"start_line":141,"start_character":21,"end_line":141,"end_character":34},"updated":"2023-01-13 15:55:02.000000000","message":"isn\u0027t it identical with ``user_id``?\nIf it is, we don\u0027t need this.","commit_id":"6bb737c804f0cbbe6e20ae2b4316472e870ce236"},{"author":{"_account_id":33920,"name":"Yusuke Niimi","email":"niimi.yusuke@fujitsu.com","username":"yniimi"},"change_message_id":"a0b7f07345c9972206628cdaec28c9561317f75f","unresolved":true,"context_lines":[{"line_number":138,"context_line":"                     project_id\u003dNone, trust_id\u003dNone, federated_group_ids\u003dNone,"},{"line_number":139,"context_line":"                     identity_provider_id\u003dNone, protocol_id\u003dNone,"},{"line_number":140,"context_line":"                     access_token_id\u003dNone, app_cred_id\u003dNone,"},{"line_number":141,"context_line":"                     credential_id\u003dNone, thumbprint\u003dNone):"},{"line_number":142,"context_line":"        \"\"\"Given a set of payload attributes, generate a Fernet token.\"\"\""},{"line_number":143,"context_line":"        version \u003d payload_class.version"},{"line_number":144,"context_line":"        payload \u003d payload_class.assemble("}],"source_content_type":"text/x-python","patch_set":3,"id":"186c457c_b5588145","line":141,"range":{"start_line":141,"start_character":21,"end_line":141,"end_character":34},"in_reply_to":"10096b7e_f020108e","updated":"2023-01-23 00:16:26.000000000","message":"The current code does not allow the user to specify credential information, so it involves code modification if needed.\nI thought it should be provided separately from the `user_id` for scalability in the future when users want to specify credentials.\nHowever, it may not be necessary as a way to achieve the current situation.","commit_id":"6bb737c804f0cbbe6e20ae2b4316472e870ce236"},{"author":{"_account_id":16465,"name":"Kristi Nikolla","email":"knikolla@bu.edu","username":"knikolla"},"change_message_id":"1681bd61ab5b6e02050e70dda276203aa4c5be0e","unresolved":true,"context_lines":[{"line_number":138,"context_line":"                     project_id\u003dNone, trust_id\u003dNone, federated_group_ids\u003dNone,"},{"line_number":139,"context_line":"                     identity_provider_id\u003dNone, protocol_id\u003dNone,"},{"line_number":140,"context_line":"                     access_token_id\u003dNone, app_cred_id\u003dNone,"},{"line_number":141,"context_line":"                     credential_id\u003dNone, thumbprint\u003dNone):"},{"line_number":142,"context_line":"        \"\"\"Given a set of payload attributes, generate a Fernet token.\"\"\""},{"line_number":143,"context_line":"        version \u003d payload_class.version"},{"line_number":144,"context_line":"        payload \u003d payload_class.assemble("}],"source_content_type":"text/x-python","patch_set":3,"id":"48f6d400_3e4f29da","line":141,"range":{"start_line":141,"start_character":21,"end_line":141,"end_character":34},"in_reply_to":"186c457c_b5588145","updated":"2023-01-26 18:37:11.000000000","message":"I don\u0027t think it makes sense to have users specify a different credential_id as it has nothing to do with the certificate that they\u0027re using to authenticate. Please remove the attribute.","commit_id":"6bb737c804f0cbbe6e20ae2b4316472e870ce236"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"7df76b7018fdaf01e884df349392b43202ac1dfa","unresolved":true,"context_lines":[{"line_number":138,"context_line":"                     project_id\u003dNone, trust_id\u003dNone, federated_group_ids\u003dNone,"},{"line_number":139,"context_line":"                     identity_provider_id\u003dNone, protocol_id\u003dNone,"},{"line_number":140,"context_line":"                     access_token_id\u003dNone, app_cred_id\u003dNone,"},{"line_number":141,"context_line":"                     credential_id\u003dNone, thumbprint\u003dNone):"},{"line_number":142,"context_line":"        \"\"\"Given a set of payload attributes, generate a Fernet token.\"\"\""},{"line_number":143,"context_line":"        version \u003d payload_class.version"},{"line_number":144,"context_line":"        payload \u003d payload_class.assemble("}],"source_content_type":"text/x-python","patch_set":3,"id":"7c2eaf40_ce48e3ce","line":141,"range":{"start_line":141,"start_character":21,"end_line":141,"end_character":34},"in_reply_to":"48f6d400_3e4f29da","updated":"2023-02-08 02:38:26.000000000","message":"Removed credential_id among all places.","commit_id":"6bb737c804f0cbbe6e20ae2b4316472e870ce236"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"400f7cb71d0d9831e30a3f7da1d460457f548eb2","unresolved":true,"context_lines":[{"line_number":138,"context_line":"                     project_id\u003dNone, trust_id\u003dNone, federated_group_ids\u003dNone,"},{"line_number":139,"context_line":"                     identity_provider_id\u003dNone, protocol_id\u003dNone,"},{"line_number":140,"context_line":"                     access_token_id\u003dNone, app_cred_id\u003dNone,"},{"line_number":141,"context_line":"                     credential_id\u003dNone, thumbprint\u003dNone):"},{"line_number":142,"context_line":"        \"\"\"Given a set of payload attributes, generate a Fernet token.\"\"\""},{"line_number":143,"context_line":"        version \u003d payload_class.version"},{"line_number":144,"context_line":"        payload \u003d payload_class.assemble("}],"source_content_type":"text/x-python","patch_set":3,"id":"10096b7e_f020108e","line":141,"range":{"start_line":141,"start_character":21,"end_line":141,"end_character":34},"in_reply_to":"5a060889_951acfd3","updated":"2023-01-17 14:56:15.000000000","message":"What does you mean by \"users can use different credentials\"?\nIn the following place, `client_id` are assigned to both `user_id` and `credential_id`. Users can\u0027t change this behavior.\n\nhttps://review.opendev.org/c/openstack/keystone/+/860613/6/keystone/api/os_oauth2.py#356\n\nI still feel this argument is unnecessary.","commit_id":"6bb737c804f0cbbe6e20ae2b4316472e870ce236"},{"author":{"_account_id":33920,"name":"Yusuke Niimi","email":"niimi.yusuke@fujitsu.com","username":"yniimi"},"change_message_id":"bb650f62ba295f2596214c0da0caef9147af13df","unresolved":true,"context_lines":[{"line_number":138,"context_line":"                     project_id\u003dNone, trust_id\u003dNone, federated_group_ids\u003dNone,"},{"line_number":139,"context_line":"                     identity_provider_id\u003dNone, protocol_id\u003dNone,"},{"line_number":140,"context_line":"                     access_token_id\u003dNone, app_cred_id\u003dNone,"},{"line_number":141,"context_line":"                     credential_id\u003dNone, thumbprint\u003dNone):"},{"line_number":142,"context_line":"        \"\"\"Given a set of payload attributes, generate a Fernet token.\"\"\""},{"line_number":143,"context_line":"        version \u003d payload_class.version"},{"line_number":144,"context_line":"        payload \u003d payload_class.assemble("}],"source_content_type":"text/x-python","patch_set":3,"id":"5a060889_951acfd3","line":141,"range":{"start_line":141,"start_character":21,"end_line":141,"end_character":34},"in_reply_to":"701831a1_629d1658","updated":"2023-01-17 09:56:10.000000000","message":"I think `credential_id` could be `user_id` or something else. It\u0027s just that this time use `user_id`.\nBy separating `user_id` and `credential_id`, users can use different credentials if they have multiple credentials.\nBut ultimately, I think it depends on the needs of users.","commit_id":"6bb737c804f0cbbe6e20ae2b4316472e870ce236"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"1ca67bf8372a35a94bae4eb1617c6fe155478678","unresolved":true,"context_lines":[{"line_number":242,"context_line":"        :param access_token_id: ID of the secret in OAuth1 authentication"},{"line_number":243,"context_line":"        :param app_cred_id: ID of the application credential in effect"},{"line_number":244,"context_line":"        :param credential_id: ID of the client credential in OAuth2 mTLS"},{"line_number":245,"context_line":"        :param thumbprint: thumbprint of the certificate in OAuth2 mTLS"},{"line_number":246,"context_line":"        :returns: the payload of a token"},{"line_number":247,"context_line":""},{"line_number":248,"context_line":"        \"\"\""}],"source_content_type":"text/x-python","patch_set":3,"id":"5644cf67_2004a422","line":245,"range":{"start_line":245,"start_character":45,"end_line":245,"end_character":56},"updated":"2023-01-13 15:55:02.000000000","message":"nits, \n```\nclient certificate\n```","commit_id":"6bb737c804f0cbbe6e20ae2b4316472e870ce236"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"f1511f0cdb152ea3e304126ce341432763f4f413","unresolved":false,"context_lines":[{"line_number":242,"context_line":"        :param access_token_id: ID of the secret in OAuth1 authentication"},{"line_number":243,"context_line":"        :param app_cred_id: ID of the application credential in effect"},{"line_number":244,"context_line":"        :param credential_id: ID of the client credential in OAuth2 mTLS"},{"line_number":245,"context_line":"        :param thumbprint: thumbprint of the certificate in OAuth2 mTLS"},{"line_number":246,"context_line":"        :returns: the payload of a token"},{"line_number":247,"context_line":""},{"line_number":248,"context_line":"        \"\"\""}],"source_content_type":"text/x-python","patch_set":3,"id":"7c433820_4577bcbb","line":245,"range":{"start_line":245,"start_character":45,"end_line":245,"end_character":56},"in_reply_to":"5644cf67_2004a422","updated":"2023-02-17 16:05:01.000000000","message":"withdraw","commit_id":"6bb737c804f0cbbe6e20ae2b4316472e870ce236"}],"requirements.txt":[{"author":{"_account_id":7973,"name":"Douglas Mendizábal","email":"dmendiza@redhat.com","username":"dougmendizabal"},"change_message_id":"d4cddd713a83ece2a728fe8c1578fde0cf327b47","unresolved":true,"context_lines":[{"line_number":40,"context_line":"msgpack\u003e\u003d0.5.0 # Apache-2.0"},{"line_number":41,"context_line":"osprofiler\u003e\u003d1.4.0 # Apache-2.0"},{"line_number":42,"context_line":"pytz\u003e\u003d2013.6 # MIT"},{"line_number":43,"context_line":"pyOpenSSL\u003e\u003d22.0.0 # Apache-2.0"}],"source_content_type":"text/plain","patch_set":10,"id":"506df93a_68821172","line":43,"range":{"start_line":43,"start_character":0,"end_line":43,"end_character":9},"updated":"2023-02-28 20:48:30.000000000","message":"I prefer not to add a new cryptography dependency to Keystone.  We should implement the features you\u0027re using from pyOpenSSL using cryptography.io instead.","commit_id":"abb9a232c9375ecddc3bb71cff10ef83321ec110"},{"author":{"_account_id":33455,"name":"Hiromu Asahina","email":"hiromu.a5a@gmail.com","username":"h_asahina"},"change_message_id":"981579e8f38e8f6d7d58910e7bc9d80950960c10","unresolved":true,"context_lines":[{"line_number":40,"context_line":"msgpack\u003e\u003d0.5.0 # Apache-2.0"},{"line_number":41,"context_line":"osprofiler\u003e\u003d1.4.0 # Apache-2.0"},{"line_number":42,"context_line":"pytz\u003e\u003d2013.6 # MIT"},{"line_number":43,"context_line":"pyOpenSSL\u003e\u003d22.0.0 # Apache-2.0"}],"source_content_type":"text/plain","patch_set":10,"id":"9a7c2584_041612a7","line":43,"range":{"start_line":43,"start_character":0,"end_line":43,"end_character":9},"in_reply_to":"506df93a_68821172","updated":"2023-03-03 02:18:15.000000000","message":"Fixed in PS11","commit_id":"abb9a232c9375ecddc3bb71cff10ef83321ec110"}]}