)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"b997cbeff64998f6ab977b7b399b6929c6da3909","unresolved":true,"context_lines":[{"line_number":4,"context_line":"Commit:     LEDUC Florian aka \u0027flo \u003cflorian.leduc@socgen.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2023-12-21 10:48:17 +0000"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Add the ability to set the project UUID"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This patch add the ability to set the project_id by"},{"line_number":10,"context_line":"setting a specific tag without modifying the keystone"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"d8106c75_3bc6a302","line":7,"range":{"start_line":7,"start_character":27,"end_line":7,"end_character":39},"updated":"2023-12-22 03:03:53.000000000","message":"this feature has a system-wide impact but in fact the create project api is allowed for domain admin as well[1]\n\n[1] https://github.com/openstack/keystone/blob/9e4a3157dd326801b9ae0ef2b7934c982259b3dd/keystone/common/policies/project.py#L172\n\nThis feature should be restricted to system admin so that any domain admin can not steal the id used in a different keystone.","commit_id":"ae7203f577d6f36badab126329031cdf3f5c85e0"},{"author":{"_account_id":31357,"name":"LEDUC Florian","display_name":"Florian LEDUC","email":"florian.leduc@socgen.com","username":"leducflorian","status":"Société Générale"},"change_message_id":"1901ca3bf7466e81c8eed7157113eb3617457641","unresolved":true,"context_lines":[{"line_number":4,"context_line":"Commit:     LEDUC Florian aka \u0027flo \u003cflorian.leduc@socgen.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2023-12-21 10:48:17 +0000"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Add the ability to set the project UUID"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This patch add the ability to set the project_id by"},{"line_number":10,"context_line":"setting a specific tag without modifying the keystone"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"3cac34fc_4dc5ce14","line":7,"range":{"start_line":7,"start_character":27,"end_line":7,"end_character":39},"in_reply_to":"d8106c75_3bc6a302","updated":"2023-12-22 10:11:08.000000000","message":"I agree this is a admin/system wide feature.","commit_id":"ae7203f577d6f36badab126329031cdf3f5c85e0"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"b997cbeff64998f6ab977b7b399b6929c6da3909","unresolved":true,"context_lines":[{"line_number":7,"context_line":"Add the ability to set the project UUID"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This patch add the ability to set the project_id by"},{"line_number":10,"context_line":"setting a specific tag without modifying the keystone"},{"line_number":11,"context_line":"API during project creation."},{"line_number":12,"context_line":"Setting the project_id offers the ability to have"},{"line_number":13,"context_line":"a consistent UUID over multiple instances of keystone"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"bb53f454_96f2c121","line":10,"range":{"start_line":10,"start_character":19,"end_line":10,"end_character":23},"updated":"2023-12-22 03:03:53.000000000","message":"wondering if options is a better field for this.","commit_id":"ae7203f577d6f36badab126329031cdf3f5c85e0"},{"author":{"_account_id":31357,"name":"LEDUC Florian","display_name":"Florian LEDUC","email":"florian.leduc@socgen.com","username":"leducflorian","status":"Société Générale"},"change_message_id":"1901ca3bf7466e81c8eed7157113eb3617457641","unresolved":true,"context_lines":[{"line_number":7,"context_line":"Add the ability to set the project UUID"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This patch add the ability to set the project_id by"},{"line_number":10,"context_line":"setting a specific tag without modifying the keystone"},{"line_number":11,"context_line":"API during project creation."},{"line_number":12,"context_line":"Setting the project_id offers the ability to have"},{"line_number":13,"context_line":"a consistent UUID over multiple instances of keystone"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"c927f9c1_bac2b944","line":10,"range":{"start_line":10,"start_character":19,"end_line":10,"end_character":23},"in_reply_to":"bb53f454_96f2c121","updated":"2023-12-22 10:11:08.000000000","message":"Maybe project tag would be more appropriate in that case. Let us know what would be the right terminology.","commit_id":"ae7203f577d6f36badab126329031cdf3f5c85e0"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"cc4c62ba29d111c8612b5f3e847df8cf079f9cac","unresolved":true,"context_lines":[{"line_number":7,"context_line":"Add the ability to set the project UUID"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This patch add the ability to set the project_id by"},{"line_number":10,"context_line":"setting a specific tag without modifying the keystone"},{"line_number":11,"context_line":"API during project creation."},{"line_number":12,"context_line":"Setting the project_id offers the ability to have"},{"line_number":13,"context_line":"a consistent UUID over multiple instances of keystone"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"1a299afc_289b0f4b","line":10,"range":{"start_line":10,"start_character":19,"end_line":10,"end_character":23},"in_reply_to":"c927f9c1_bac2b944","updated":"2023-12-22 12:46:30.000000000","message":"Keystone provides two interfaces in project creation to inject arbitrary things. The first one is tag and the other is option. Tag is for classification and the option is used to determine the property actually affecting the behavior.\n\nhttps://docs.openstack.org/api-ref/identity/v3/#create-project\n```\nThe resource options for the project. Available resource options are immutable.\n```\n\nBecause this is not for query but to override the behavior about the project creation, I think the options is a more suitable field for this feature. Though we have to decide how we allow update of this field (probably we should reject any update or even hide this after the initial creation)","commit_id":"ae7203f577d6f36badab126329031cdf3f5c85e0"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":31357,"name":"LEDUC Florian","display_name":"Florian LEDUC","email":"florian.leduc@socgen.com","username":"leducflorian","status":"Société Générale"},"change_message_id":"1901ca3bf7466e81c8eed7157113eb3617457641","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"87c4141a_4e471dc9","updated":"2023-12-22 10:11:08.000000000","message":"Thank you Takashi for your quick review. A bit of context can help to understand this approach. We use this patch internally at Société Générale since 2018. It\u0027s been around since the primary deployment of openstack (queens release) up to ussuri (our current release). The project_id are based on an internal API application catalog. This API provides the uniqueness of UUID accross all regions and all keystone instances in each regions are independant. All projects are onboarded (seperatly on each region/keystone and in different keystone domains) using the project_id given by the app catalog API. This approach offers a great flexibility in term of operability because we can operate individually on each keystone without disrupting production on the others. Moreover, it\u0027s easier to scale keystone in each regions.","commit_id":"ae7203f577d6f36badab126329031cdf3f5c85e0"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"44c170dec076d464f39d6df950d1dddba950afe5","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"9ee3289b_7804d6ae","updated":"2023-12-27 14:52:46.000000000","message":"Leaving -1 because of the remaining comments.","commit_id":"d5c74bf189260dec9b6141c318a0c89af632a01b"}],"keystone/resource/backends/sql.py":[{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"b997cbeff64998f6ab977b7b399b6929c6da3909","unresolved":true,"context_lines":[{"line_number":37,"context_line":"        else:"},{"line_number":38,"context_line":"            return ref"},{"line_number":39,"context_line":""},{"line_number":40,"context_line":"    def _override_project_id(self, project):"},{"line_number":41,"context_line":"        if \u0027tags\u0027 in project:"},{"line_number":42,"context_line":"            for tag in project[\u0027tags\u0027]:"},{"line_number":43,"context_line":"                try:"}],"source_content_type":"text/x-python","patch_set":1,"id":"a40d5af5_21513852","line":40,"range":{"start_line":40,"start_character":8,"end_line":40,"end_character":28},"updated":"2023-12-22 03:03:53.000000000","message":"If this is not heavily dependent on the feature in db then I think it\u0027s better to implement this in an upper, common place.","commit_id":"ae7203f577d6f36badab126329031cdf3f5c85e0"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"b997cbeff64998f6ab977b7b399b6929c6da3909","unresolved":true,"context_lines":[{"line_number":41,"context_line":"        if \u0027tags\u0027 in project:"},{"line_number":42,"context_line":"            for tag in project[\u0027tags\u0027]:"},{"line_number":43,"context_line":"                try:"},{"line_number":44,"context_line":"                    project[\"id\"] \u003d uuid.UUID(tag.split(\"account_id:\")[1]).hex"},{"line_number":45,"context_line":"                except (ValueError, IndexError):"},{"line_number":46,"context_line":"                    pass"},{"line_number":47,"context_line":"        return project"}],"source_content_type":"text/x-python","patch_set":1,"id":"69014e7a_f6f9571d","line":44,"range":{"start_line":44,"start_character":57,"end_line":44,"end_character":67},"updated":"2023-12-22 03:03:53.000000000","message":"project_id ?","commit_id":"ae7203f577d6f36badab126329031cdf3f5c85e0"},{"author":{"_account_id":31357,"name":"LEDUC Florian","display_name":"Florian LEDUC","email":"florian.leduc@socgen.com","username":"leducflorian","status":"Société Générale"},"change_message_id":"1901ca3bf7466e81c8eed7157113eb3617457641","unresolved":true,"context_lines":[{"line_number":41,"context_line":"        if \u0027tags\u0027 in project:"},{"line_number":42,"context_line":"            for tag in project[\u0027tags\u0027]:"},{"line_number":43,"context_line":"                try:"},{"line_number":44,"context_line":"                    project[\"id\"] \u003d uuid.UUID(tag.split(\"account_id:\")[1]).hex"},{"line_number":45,"context_line":"                except (ValueError, IndexError):"},{"line_number":46,"context_line":"                    pass"},{"line_number":47,"context_line":"        return project"}],"source_content_type":"text/x-python","patch_set":1,"id":"945ad0fc_de20ec58","line":44,"range":{"start_line":44,"start_character":57,"end_line":44,"end_character":67},"in_reply_to":"69014e7a_f6f9571d","updated":"2023-12-22 10:11:08.000000000","message":"Agreed, I will fix it.","commit_id":"ae7203f577d6f36badab126329031cdf3f5c85e0"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"44c170dec076d464f39d6df950d1dddba950afe5","unresolved":false,"context_lines":[{"line_number":41,"context_line":"        if \u0027tags\u0027 in project:"},{"line_number":42,"context_line":"            for tag in project[\u0027tags\u0027]:"},{"line_number":43,"context_line":"                try:"},{"line_number":44,"context_line":"                    project[\"id\"] \u003d uuid.UUID(tag.split(\"account_id:\")[1]).hex"},{"line_number":45,"context_line":"                except (ValueError, IndexError):"},{"line_number":46,"context_line":"                    pass"},{"line_number":47,"context_line":"        return project"}],"source_content_type":"text/x-python","patch_set":1,"id":"aea93ab6_472703fa","line":44,"range":{"start_line":44,"start_character":57,"end_line":44,"end_character":67},"in_reply_to":"945ad0fc_de20ec58","updated":"2023-12-27 14:52:46.000000000","message":"Done","commit_id":"ae7203f577d6f36badab126329031cdf3f5c85e0"}]}