)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":13478,"name":"Boris Bobrov","email":"b.bobrov@sap.com","username":"bbobrov"},"change_message_id":"8907f1d13b3d81fc004dc00f1dbc802f2f24e2f1","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"83554e3c_9f32d4b9","updated":"2026-02-05 13:26:41.000000000","message":"The change itself is very good. And it is great that a protection test is added.\n\nThe problem is that the protection tests are non-voting, and nobody really looks into them. A unit test should be added for this change as well.","commit_id":"54db8340fe6488da801d7dd41019724d67d56ae2"},{"author":{"_account_id":13478,"name":"Boris Bobrov","email":"b.bobrov@sap.com","username":"bbobrov"},"change_message_id":"7148330a5939895d3402ee63e979da2eb50e155a","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"c5cfa854_aa84bd69","updated":"2026-05-22 13:04:41.000000000","message":"rebase on top of https://review.opendev.org/c/openstack/keystone/+/989615 will help with the ci","commit_id":"a122dad3478b945ddd5caa79357f8b8672ee61bf"}],"keystone/api/users.py":[{"author":{"_account_id":36393,"name":"Callum Dickinson","email":"callum.dickinson@catalystcloud.nz","username":"Callum027","status":"Catalyst Cloud"},"change_message_id":"463135c21a122425fc53889d6e12a33ab736151b","unresolved":true,"context_lines":[{"line_number":431,"context_line":"            user_id, tenant_id"},{"line_number":432,"context_line":"        )"},{"line_number":433,"context_line":"        if not roles:"},{"line_number":434,"context_line":"            raise ks_exception.Unauthorized("},{"line_number":435,"context_line":"                message\u003d_("},{"line_number":436,"context_line":"                    \u0027You are not authorized to create credentials for \u0027"},{"line_number":437,"context_line":"                    \u0027project %s.\u0027"},{"line_number":438,"context_line":"                )"},{"line_number":439,"context_line":"                % tenant_id"},{"line_number":440,"context_line":"            )"},{"line_number":441,"context_line":"        blob \u003d {"},{"line_number":442,"context_line":"            \u0027access\u0027: uuid.uuid4().hex,"},{"line_number":443,"context_line":"            \u0027secret\u0027: uuid.uuid4().hex,"}],"source_content_type":"text/x-python","patch_set":3,"id":"ccd7a951_e9efd59c","line":440,"range":{"start_line":434,"start_character":0,"end_line":440,"end_character":13},"updated":"2026-05-21 05:54:26.000000000","message":"Hi there, apologies for the drive-by comment.\n\nWe just discovered this security issue and were evaluating the bug and this changeset (and why it hasn\u0027t been merged yet), and I just wanted to point out that this is also somewhat insecure because it\u0027ll return a different result to when a project is not found (and thus confirming that project exists when a user tries to create an EC2 credential for it).\n\nThis should be changed to return the same output as if a project is not found.\n\n```\n$ curl -X POST https://api.example.com:5000/v3/users/e5d4c3b2a1e5d4c3b2a1e5d4c3b2a1e5/credentials/OS-EC2 -H \"Accept: application/json\" -H \"Content-Type: application/json\" -H \"X-Auth-Token: ${OS_AUTH_TOKEN}\" -d \u0027{\"tenant_id\": \"1a2b3c4d5e1a2b3c4d5e1a2b3c4d5e1a\"}\u0027\n{\"error\":{\"code\":404,\"message\":\"Could not find project: 1a2b3c4d5e1a2b3c4d5e1a2b3c4d5e1a.\",\"title\":\"Not Found\"}}\n```","commit_id":"737db6b420fb376c7f60f54ff7a61cc7dcddf6e6"},{"author":{"_account_id":36393,"name":"Callum Dickinson","email":"callum.dickinson@catalystcloud.nz","username":"Callum027","status":"Catalyst Cloud"},"change_message_id":"7207edf32823ee09a6f6a51449a96bcae4d46e6c","unresolved":false,"context_lines":[{"line_number":431,"context_line":"            user_id, tenant_id"},{"line_number":432,"context_line":"        )"},{"line_number":433,"context_line":"        if not roles:"},{"line_number":434,"context_line":"            raise ks_exception.Unauthorized("},{"line_number":435,"context_line":"                message\u003d_("},{"line_number":436,"context_line":"                    \u0027You are not authorized to create credentials for \u0027"},{"line_number":437,"context_line":"                    \u0027project %s.\u0027"},{"line_number":438,"context_line":"                )"},{"line_number":439,"context_line":"                % tenant_id"},{"line_number":440,"context_line":"            )"},{"line_number":441,"context_line":"        blob \u003d {"},{"line_number":442,"context_line":"            \u0027access\u0027: uuid.uuid4().hex,"},{"line_number":443,"context_line":"            \u0027secret\u0027: uuid.uuid4().hex,"}],"source_content_type":"text/x-python","patch_set":3,"id":"72bc1eab_7d2b3bb8","line":440,"range":{"start_line":434,"start_character":0,"end_line":440,"end_character":13},"in_reply_to":"860d62ab_2aa52479","updated":"2026-05-24 20:21:27.000000000","message":"Resolved","commit_id":"737db6b420fb376c7f60f54ff7a61cc7dcddf6e6"},{"author":{"_account_id":36393,"name":"Callum Dickinson","email":"callum.dickinson@catalystcloud.nz","username":"Callum027","status":"Catalyst Cloud"},"change_message_id":"d5b79c6fcc1b11a28cde59fdfa5a743a17bb3c8b","unresolved":true,"context_lines":[{"line_number":431,"context_line":"            user_id, tenant_id"},{"line_number":432,"context_line":"        )"},{"line_number":433,"context_line":"        if not roles:"},{"line_number":434,"context_line":"            raise ks_exception.Unauthorized("},{"line_number":435,"context_line":"                message\u003d_("},{"line_number":436,"context_line":"                    \u0027You are not authorized to create credentials for \u0027"},{"line_number":437,"context_line":"                    \u0027project %s.\u0027"},{"line_number":438,"context_line":"                )"},{"line_number":439,"context_line":"                % tenant_id"},{"line_number":440,"context_line":"            )"},{"line_number":441,"context_line":"        blob \u003d {"},{"line_number":442,"context_line":"            \u0027access\u0027: uuid.uuid4().hex,"},{"line_number":443,"context_line":"            \u0027secret\u0027: uuid.uuid4().hex,"}],"source_content_type":"text/x-python","patch_set":3,"id":"860d62ab_2aa52479","line":440,"range":{"start_line":434,"start_character":0,"end_line":440,"end_character":13},"in_reply_to":"ccd7a951_e9efd59c","updated":"2026-05-24 20:21:06.000000000","message":"Thanks for addressing my comment, looks good to me.","commit_id":"737db6b420fb376c7f60f54ff7a61cc7dcddf6e6"}]}