)]}'
{"id":"openstack%2Fkeystone~985922","triplet_id":"openstack%2Fkeystone~stable%2F2025.1~Idb192a2fd370fc26c7d76788e9ad1856483d3239","project":"openstack/keystone","branch":"stable/2025.1","attention_set":{"14250":{"account":{"_account_id":14250,"name":"Grzegorz Grasza","email":"xek@redhat.com","username":"xek"},"last_update":"2026-04-24 14:02:45.000000000","reason":"\u003cGERRIT_ACCOUNT_37598\u003e replied on the change","reason_account":{"_account_id":37598,"name":"Ivan Anfimov","display_name":"Ivan Anfimov","email":"lazekteam@gmail.com","username":"anfimovir"}},"7414":{"account":{"_account_id":7414,"name":"David Wilde","email":"dwilde@redhat.com","username":"d34dh0r53"},"last_update":"2026-04-24 14:02:45.000000000","reason":"\u003cGERRIT_ACCOUNT_37598\u003e replied on the change","reason_account":{"_account_id":37598,"name":"Ivan Anfimov","display_name":"Ivan Anfimov","email":"lazekteam@gmail.com","username":"anfimovir"}}},"removed_from_attention_set":{"37598":{"account":{"_account_id":37598,"name":"Ivan Anfimov","display_name":"Ivan Anfimov","email":"lazekteam@gmail.com","username":"anfimovir"},"last_update":"2026-05-07 11:55:42.000000000","reason":"Removed by \u003cGERRIT_ACCOUNT_37598\u003e by clicking the attention icon","reason_account":{"_account_id":37598,"name":"Ivan Anfimov","display_name":"Ivan Anfimov","email":"lazekteam@gmail.com","username":"anfimovir"}}},"hashtags":[],"change_id":"Idb192a2fd370fc26c7d76788e9ad1856483d3239","subject":"Block restricted app creds from creating EC2 credentials via /credentials","status":"NEW","created":"2026-04-23 07:49:33.000000000","updated":"2026-05-07 11:55:42.000000000","submit_type":"MERGE_IF_NECESSARY","mergeable":true,"submittable":false,"total_comment_count":0,"unresolved_comment_count":0,"has_review_started":true,"cherry_pick_of_change":985921,"cherry_pick_of_patch_set":1,"meta_rev_id":"88e20ab91802b55fc1930315a4a12c11d891f111","_number":985922,"virtual_id_number":985922,"owner":{"_account_id":37598,"name":"Ivan Anfimov","display_name":"Ivan Anfimov","email":"lazekteam@gmail.com","username":"anfimovir"},"actions":{},"labels":{"Verified":{"recommended":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"all":[{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},{"tag":"autogenerated:zuul:check","value":1,"date":"2026-04-23 09:54:03.000000000","permitted_voting_range":{"min":-2,"max":2},"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},{"_account_id":14250,"name":"Grzegorz Grasza","email":"xek@redhat.com","username":"xek"},{"_account_id":7414,"name":"David Wilde","email":"dwilde@redhat.com","username":"d34dh0r53"}],"values":{"-2":"Fails","-1":"Doesn\u0027t seem to work"," 0":"No score","+1":"Works for me","+2":"Verified"},"description":"","value":1,"default_value":0,"optional":true},"Code-Review":{"approved":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"all":[{"value":2,"date":"2026-04-24 10:46:06.000000000","permitted_voting_range":{"min":-2,"max":2},"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},{"value":0,"permitted_voting_range":{"min":-1,"max":1},"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},{"value":0,"permitted_voting_range":{"min":-2,"max":2},"_account_id":14250,"name":"Grzegorz Grasza","email":"xek@redhat.com","username":"xek"},{"value":0,"permitted_voting_range":{"min":-2,"max":2},"_account_id":7414,"name":"David Wilde","email":"dwilde@redhat.com","username":"d34dh0r53"}],"values":{"-2":"Do not merge","-1":"This patch needs further work before it can be merged"," 0":"No score","+1":"Looks good to me, but someone else must approve","+2":"Looks good to me (core reviewer)"},"description":"","default_value":0,"optional":true},"Workflow":{"approved":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"all":[{"value":1,"date":"2026-05-06 08:47:03.000000000","permitted_voting_range":{"min":-1,"max":1},"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},{"value":0,"permitted_voting_range":{"min":-1,"max":1},"_account_id":14250,"name":"Grzegorz Grasza","email":"xek@redhat.com","username":"xek"},{"value":0,"permitted_voting_range":{"min":-1,"max":1},"_account_id":7414,"name":"David Wilde","email":"dwilde@redhat.com","username":"d34dh0r53"}],"values":{"-1":"Work in progress"," 0":"Ready for reviews","+1":"Approved"},"description":"","default_value":0,"optional":true}},"removable_reviewers":[],"reviewers":{"CC":[{"_account_id":13478,"name":"Boris Bobrov","email":"b.bobrov@sap.com","username":"bbobrov"}],"REVIEWER":[{"_account_id":7414,"name":"David Wilde","email":"dwilde@redhat.com","username":"d34dh0r53"},{"_account_id":14250,"name":"Grzegorz Grasza","email":"xek@redhat.com","username":"xek"},{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"}]},"pending_reviewers":{},"reviewer_updates":[{"updated":"2026-04-23 07:49:33.000000000","updated_by":{"_account_id":37598,"name":"Ivan Anfimov","display_name":"Ivan Anfimov","email":"lazekteam@gmail.com","username":"anfimovir"},"reviewer":{"_account_id":13478,"name":"Boris Bobrov","email":"b.bobrov@sap.com","username":"bbobrov"},"state":"CC"},{"updated":"2026-04-23 09:54:03.000000000","updated_by":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"reviewer":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"state":"REVIEWER"},{"updated":"2026-04-24 10:46:06.000000000","updated_by":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"reviewer":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"state":"REVIEWER"},{"updated":"2026-04-24 14:02:45.000000000","updated_by":{"_account_id":37598,"name":"Ivan Anfimov","display_name":"Ivan Anfimov","email":"lazekteam@gmail.com","username":"anfimovir"},"reviewer":{"_account_id":14250,"name":"Grzegorz Grasza","email":"xek@redhat.com","username":"xek"},"state":"REVIEWER"},{"updated":"2026-04-24 14:02:45.000000000","updated_by":{"_account_id":37598,"name":"Ivan Anfimov","display_name":"Ivan Anfimov","email":"lazekteam@gmail.com","username":"anfimovir"},"reviewer":{"_account_id":7414,"name":"David Wilde","email":"dwilde@redhat.com","username":"d34dh0r53"},"state":"REVIEWER"}],"messages":[{"id":"2cb5e1b74c53bc400c1b2896dc746b5aede7bba9","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":37598,"name":"Ivan Anfimov","display_name":"Ivan Anfimov","email":"lazekteam@gmail.com","username":"anfimovir"},"date":"2026-04-23 07:49:33.000000000","message":"Patch Set 1: Cherry Picked from branch stable/2025.2.","accounts_in_message":[],"_revision_number":1},{"id":"0a0d198cc18cecd486fa1bba783197aa4a90aa06","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":37598,"name":"Ivan Anfimov","display_name":"Ivan Anfimov","email":"lazekteam@gmail.com","username":"anfimovir"},"date":"2026-04-23 07:55:16.000000000","message":"Patch Set 2: Patch Set 1 was rebased","accounts_in_message":[],"_revision_number":2},{"id":"149945c6698bb34a525f0bc3c4be02bd06fbeec1","tag":"autogenerated:zuul:check","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2026-04-23 09:54:03.000000000","message":"Patch Set 2: Verified+1\n\nBuild succeeded (check pipeline).\nhttps://zuul.opendev.org/t/openstack/buildset/5f17ac9b4f3c4513a58ce67b06d30273\n\n- openstack-tox-cover https://zuul.opendev.org/t/openstack/build/e22315c48efd4ca682f3fb6d5b07e7cb : SUCCESS in 16m 29s\n- openstack-tox-pep8 https://zuul.opendev.org/t/openstack/build/2e71813ba58f4e3bb163c1db93f72950 : SUCCESS in 6m 23s\n- openstack-tox-py39 https://zuul.opendev.org/t/openstack/build/cc40a3187fba4b92b08f3443688a4c8f : SUCCESS in 10m 28s\n- openstack-tox-py312 https://zuul.opendev.org/t/openstack/build/a81e2ffc38a040c8b5f0e489bba51a7a : SUCCESS in 12m 16s\n- openstack-tox-docs https://zuul.opendev.org/t/openstack/build/98e9448d4e4645a08195fd1bd42484b7 : SUCCESS in 13m 06s\n- grenade https://zuul.opendev.org/t/openstack/build/45dc8f09ce0646869b73f451f3b2ed24 : SUCCESS in 40m 59s\n- tempest-full-py3 https://zuul.opendev.org/t/openstack/build/dc67ecab97494e3fade65386936efd30 : SUCCESS in 1h 42m 39s\n- keystone-dsvm-py3-functional https://zuul.opendev.org/t/openstack/build/85765e58f08344d488037d8b43d8f5a0 : SUCCESS in 30m 46s\n- keystone-dsvm-py3-functional-fips https://zuul.opendev.org/t/openstack/build/110bdf4705f445188f26bae9d383ff4c : FAILURE in 36m 51s (non-voting)\n- keystone-dsvm-py3-functional-federation-ubuntu-jammy https://zuul.opendev.org/t/openstack/build/1b4cddba94074c22bd8fd467a43b2d24 : FAILURE in 23m 54s (non-voting)\n- keystone-dsvm-py3-functional-federation-ubuntu-jammy-k2k https://zuul.opendev.org/t/openstack/build/61fa5d0692894a6a9495aa1d87a0bd41 : SUCCESS in 28m 43s\n- keystoneclient-devstack-functional https://zuul.opendev.org/t/openstack/build/d94b94be79ce4ab589cd82e45ac290e9 : FAILURE in 9m 53s (non-voting)\n- keystone-dsvm-ldap-domain-specific-driver https://zuul.opendev.org/t/openstack/build/d584b2cd4e7e46e1b4d96e198640b70d : SUCCESS in 38m 54s (non-voting)\n- tempest-ipv6-only https://zuul.opendev.org/t/openstack/build/a58a1972ff5641498a1ba9c9d376d3d5 : SUCCESS in 56m 08s\n- codegenerator-openapi-identity-tips-with-api-ref https://zuul.opendev.org/t/openstack/build/0424c5682ee24ab697df698222942076 : FAILURE in 5m 29s (non-voting)\n- keystone-dsvm-functional-oidc-federation https://zuul.opendev.org/t/openstack/build/b247fcf5d0464eaf9b4d8bf53cea31dc : SUCCESS in 14m 49s","accounts_in_message":[],"_revision_number":2},{"id":"b1ab29ecb56622bfc488f11827d6b04b593087d7","author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"date":"2026-04-24 10:46:06.000000000","message":"Patch Set 2: Code-Review+2","accounts_in_message":[],"_revision_number":2},{"id":"f543b8c4d6d9d823f26ade180b5c32db085b41f5","author":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"},"date":"2026-05-06 08:47:03.000000000","message":"Patch Set 2: Workflow+1","accounts_in_message":[],"_revision_number":2}],"current_revision_number":2,"current_revision":"c33033594b87c37d858efba312dcf15f34afc3e9","revisions":{"87153e3fbe618a3bd5c6a65f4b046fb393e33790":{"kind":"REWORK","_number":1,"created":"2026-04-23 07:49:33.000000000","uploader":{"_account_id":37598,"name":"Ivan Anfimov","display_name":"Ivan Anfimov","email":"lazekteam@gmail.com","username":"anfimovir"},"ref":"refs/changes/22/985922/1","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/keystone","ref":"refs/changes/22/985922/1","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/keystone refs/changes/22/985922/1 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/keystone refs/changes/22/985922/1 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/keystone refs/changes/22/985922/1 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/keystone refs/changes/22/985922/1"}}},"commit":{"parents":[{"commit":"125efe4b59ca7de4089d188d549fde0fbcc989b3","subject":"Merge \"Fix OIDC federation UTF-8 double-encoding of non-ASCII characters\" into stable/2025.1","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/keystone/commit/125efe4b59ca7de4089d188d549fde0fbcc989b3"}]}],"author":{"name":"Boris Bobrov","email":"b.bobrov@sap.com","date":"2026-04-07 21:45:15.000000000","tz":120},"committer":{"name":"Ivan Anfimov","email":"lazekteam@gmail.com","date":"2026-04-23 07:49:33.000000000","tz":0},"subject":"Block restricted app creds from creating EC2 credentials via /credentials","message":"Block restricted app creds from creating EC2 credentials via /credentials\n\nThe POST /v3/credentials endpoint accepted EC2 credential creation\nfrom restricted application credential tokens, bypassing the guard\non the dedicated OS-EC2 endpoint. Add the same unrestricted\napplication credential check to the generic credentials API for\nEC2-type credentials, and update the existing test to use an\nunrestricted application credential.\n\nRelated-Bug: #2142138\nGenerated-By: claude-opus-4-6 (OpenCode)\nSigned-off-by: Boris Bobrov \u003cb.bobrov@sap.com\u003e\nChange-Id: Idb192a2fd370fc26c7d76788e9ad1856483d3239\n(cherry picked from commit d6a3dc511057d6ac25bd2d75776a4233c5608684)\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/keystone/commit/87153e3fbe618a3bd5c6a65f4b046fb393e33790"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/keystone/commit/87153e3fbe618a3bd5c6a65f4b046fb393e33790"}]},"branch":"refs/heads/stable/2025.1","conflicts":{"ours":"125efe4b59ca7de4089d188d549fde0fbcc989b3","theirs":"d722bc50302242e37b291fa177c85e60e2408da2","contains_conflicts":false}},"c33033594b87c37d858efba312dcf15f34afc3e9":{"kind":"TRIVIAL_REBASE","_number":2,"created":"2026-04-23 07:55:16.000000000","uploader":{"_account_id":37598,"name":"Ivan Anfimov","display_name":"Ivan Anfimov","email":"lazekteam@gmail.com","username":"anfimovir"},"ref":"refs/changes/22/985922/2","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/keystone","ref":"refs/changes/22/985922/2","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/keystone refs/changes/22/985922/2 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/keystone refs/changes/22/985922/2 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/keystone refs/changes/22/985922/2 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/keystone refs/changes/22/985922/2"}}},"commit":{"parents":[{"commit":"52e47439688f320befb49514570cc5ac707931f5","subject":"Add tests for restricted app cred guard","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/keystone/commit/52e47439688f320befb49514570cc5ac707931f5"}]}],"author":{"name":"Boris Bobrov","email":"b.bobrov@sap.com","date":"2026-04-07 21:45:15.000000000","tz":120},"committer":{"name":"Ivan Anfimov","email":"lazekteam@gmail.com","date":"2026-04-23 07:55:16.000000000","tz":0},"subject":"Block restricted app creds from creating EC2 credentials via /credentials","message":"Block restricted app creds from creating EC2 credentials via /credentials\n\nThe POST /v3/credentials endpoint accepted EC2 credential creation\nfrom restricted application credential tokens, bypassing the guard\non the dedicated OS-EC2 endpoint. Add the same unrestricted\napplication credential check to the generic credentials API for\nEC2-type credentials, and update the existing test to use an\nunrestricted application credential.\n\nRelated-Bug: #2142138\nGenerated-By: claude-opus-4-6 (OpenCode)\nSigned-off-by: Boris Bobrov \u003cb.bobrov@sap.com\u003e\nChange-Id: Idb192a2fd370fc26c7d76788e9ad1856483d3239\n(cherry picked from commit d6a3dc511057d6ac25bd2d75776a4233c5608684)\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/keystone/commit/c33033594b87c37d858efba312dcf15f34afc3e9"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/keystone/commit/c33033594b87c37d858efba312dcf15f34afc3e9"}]},"branch":"refs/heads/stable/2025.1","description":"Rebase","conflicts":{"ours":"87153e3fbe618a3bd5c6a65f4b046fb393e33790","theirs":"52e47439688f320befb49514570cc5ac707931f5","contains_conflicts":false}}},"requirements":[],"submit_records":[{"rule_name":"gerrit~DefaultSubmitRule","status":"OK","labels":[{"label":"Verified","status":"MAY","applied_by":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]}},{"label":"Code-Review","status":"MAY","applied_by":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"}},{"label":"Workflow","status":"MAY","applied_by":{"_account_id":27900,"name":"Artem Goncharov","email":"artem.goncharov@gmail.com","username":"gtema"}}]}],"submit_requirements":[{"name":"Verified","description":"Verified in gate by CI","status":"UNSATISFIED","is_legacy":false,"submittability_expression_result":{"expression":"label:Verified\u003dMAX AND -label:Verified\u003dMIN","fulfilled":false,"status":"FAIL","passing_atoms":[],"failing_atoms":["label:Verified\u003dMAX","label:Verified\u003dMIN"],"atom_explanations":{"label:Verified\u003dMAX":"","label:Verified\u003dMIN":""}}},{"name":"Code-Review","description":"Code reviewed by core reviewer","status":"SATISFIED","is_legacy":false,"submittability_expression_result":{"expression":"label:Code-Review\u003dMAX AND -label:Code-Review\u003dMIN","fulfilled":true,"status":"PASS","passing_atoms":["label:Code-Review\u003dMAX"],"failing_atoms":["label:Code-Review\u003dMIN"],"atom_explanations":{"label:Code-Review\u003dMAX":"","label:Code-Review\u003dMIN":""}}},{"name":"Workflow","description":"Approved for gate by core reviewer","status":"SATISFIED","is_legacy":false,"submittability_expression_result":{"expression":"label:Workflow\u003dMAX AND -label:Workflow\u003dMIN","fulfilled":true,"status":"PASS","passing_atoms":["label:Workflow\u003dMAX"],"failing_atoms":["label:Workflow\u003dMIN"],"atom_explanations":{"label:Workflow\u003dMAX":"","label:Workflow\u003dMIN":""}}}]}