)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":37598,"name":"Ivan Anfimov","display_name":"Ivan Anfimov","email":"lazekteam@gmail.com","username":"anfimovir"},"change_message_id":"44b85e570629cdf87718b612be0c166b0ebc8cb2","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"91cd0deb_459ebbc5","updated":"2025-05-01 16:42:21.000000000","message":"@artem.goncharov@gmail.com Artem hello, what do you think about this change?","commit_id":"ae799911b6b634b687ae53931b1ac96066039c2b"},{"author":{"_account_id":37632,"name":"Dmitriy Chubinidze","email":"dcu995@gmail.com","username":"chubinidzedr"},"change_message_id":"390a8b81d96906e54a8aeb084e9e354fe7599691","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"68985bc9_13a3f50f","updated":"2025-04-22 20:34:06.000000000","message":"@seanmooney8202@yahoo.ie \nHello, could you please lookup to this change? What\u0027d you think about using https in that construction?","commit_id":"ae799911b6b634b687ae53931b1ac96066039c2b"},{"author":{"_account_id":37598,"name":"Ivan Anfimov","display_name":"Ivan Anfimov","email":"lazekteam@gmail.com","username":"anfimovir"},"change_message_id":"323d90eb6be71e1c328a2cafb5cd657b0746bd08","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"49a8dfb5_9178d183","in_reply_to":"68985bc9_13a3f50f","updated":"2025-04-22 21:13:46.000000000","message":"@smooney@redhat.com\n\u003e Hello, could you please lookup to this change? What\u0027d you think about using https in that construction?","commit_id":"ae799911b6b634b687ae53931b1ac96066039c2b"},{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"f7af4caa04925bc89afd30ecbfffc27e3f6303af","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":8,"id":"21e9d2d2_7eef5f67","updated":"2025-05-28 09:34:04.000000000","message":"Could you please clarify more background? It all depends on how keystone is deployed.","commit_id":"809e2de6db22604234eec6cb4979df78aa5314b1"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"e687f14ae265edfd5cfc4b2b92aa0dfdfd72fb73","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":8,"id":"f3cac63b_6336d5bc","updated":"2025-05-28 11:55:58.000000000","message":"the","commit_id":"809e2de6db22604234eec6cb4979df78aa5314b1"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"e687f14ae265edfd5cfc4b2b92aa0dfdfd72fb73","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":8,"id":"7a31e5c7_4909e262","in_reply_to":"21e9d2d2_7eef5f67","updated":"2025-05-28 11:55:58.000000000","message":"the wider context is https://review.opendev.org/c/openstack/nova/+/938680\n\nIn Nova we moved to using https instead of http when we made the service_user requried to resovle a cve with keystone.\n\nthe tl;dr is we didnt think it was reasonabelin 202X ot stil document using http by default when interacting with keystone or really any openstack service \n\nWe moved to testing with HTTPS by default in devstack many many years ago and we also moved to deploying each service endpoint as a subfolder on the same server to reduce the number of open port in devstack too.\n\nso when weadded the service user we followed the more modern way fo deploying when documenting our recomened way to deply nova with service tokens.\n\nin 2025 i don think its reaosnable to deocuemtn not being secure by default so i push back on https://review.opendev.org/c/openstack/nova/+/938680 becasue i see it as a regression in that regard but i reluctantly agree that we coudl proceed with it on consitency ground but ask that the insecure default be adressed in keyston as a follwo up. hence this patch.","commit_id":"809e2de6db22604234eec6cb4979df78aa5314b1"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"192115b4aef701488a6d33025baeac6f3f1bfb87","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":8,"id":"cd54b527_065c63b7","in_reply_to":"3b797bce_ecdc0f10","updated":"2025-05-31 12:52:10.000000000","message":"your right in devstack you have to enale the tls proxy for tls which we do by defautl in jobs\n\ni also do that locally but that because most of the time i base my local envs off something close to our standard jobs. i sometimes forget that is not the actual default in devstack when you use a minimal local.conf.","commit_id":"809e2de6db22604234eec6cb4979df78aa5314b1"},{"author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"change_message_id":"ead8116b9db559e34fa252b6ca35deb22fc7be66","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":8,"id":"d8038b85_0467f55c","in_reply_to":"7a31e5c7_4909e262","updated":"2025-05-28 14:36:08.000000000","message":"yes, I understand that. The change title doesn\u0027t explain that reasonably and in addition to that it touches the sample_data.sh script which is not used in the same way. When Keystone is bootstrapped locally for development purposes (this is where the sample data is eventually used) you have https enabled. Actually you do not currently get https enabled by default when installing devstack (I only see apache doing dummy proxy pass to the wsgi socket)\n\nI have no problem with doc changes, only with the script change.","commit_id":"809e2de6db22604234eec6cb4979df78aa5314b1"},{"author":{"_account_id":37598,"name":"Ivan Anfimov","display_name":"Ivan Anfimov","email":"lazekteam@gmail.com","username":"anfimovir"},"change_message_id":"d9d5621938e0b450b680213df4e71693ee05fd20","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":8,"id":"3b797bce_ecdc0f10","in_reply_to":"d8038b85_0467f55c","updated":"2025-05-30 18:24:19.000000000","message":"Done","commit_id":"809e2de6db22604234eec6cb4979df78aa5314b1"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"75ba9546a6ba3be46f36cf3adaabc50e76d59542","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":10,"id":"ec7aacc2_cd99c318","updated":"2025-06-01 15:37:29.000000000","message":"IMO this has broken the install guide since you nowhere say how to install the service with TLS enabled, just changing the referenced URLs will not magically perform that task","commit_id":"3c72ffb369d68861bd40e0db785c8cb860b1058a"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"526fb5cba068006e8302af4b933d97c3736592f5","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":10,"id":"174b346d_fdafbad1","in_reply_to":"ec7aacc2_cd99c318","updated":"2025-06-01 16:11:57.000000000","message":"I think this is further evidenced by the continued use of the http ports in the URLs.","commit_id":"3c72ffb369d68861bd40e0db785c8cb860b1058a"}]}