)]}'
{"id":"openstack%2Fkeystone~987119","triplet_id":"openstack%2Fkeystone~stable%2F2024.2~Idb192a2fd370fc26c7d76788e9ad1856483d3239","project":"openstack/keystone","branch":"stable/2024.2","attention_set":{},"removed_from_attention_set":{"13478":{"account":{"_account_id":13478,"name":"Boris Bobrov","email":"b.bobrov@sap.com","username":"bbobrov"},"last_update":"2026-05-04 08:09:29.000000000","reason":"Change was abandoned"}},"hashtags":[],"change_id":"Idb192a2fd370fc26c7d76788e9ad1856483d3239","subject":"Block restricted app creds from creating EC2 credentials via /credentials","status":"ABANDONED","created":"2026-05-04 07:08:49.000000000","updated":"2026-05-04 08:09:29.000000000","total_comment_count":0,"unresolved_comment_count":0,"has_review_started":true,"meta_rev_id":"b4b3af72ab19f7d465b6f70fac687cb40b727888","_number":987119,"virtual_id_number":987119,"owner":{"_account_id":16137,"name":"Tobias Urdin","email":"tobias.urdin@binero.com","username":"tobasco"},"actions":{},"labels":{"Verified":{"all":[{"_account_id":13478,"name":"Boris Bobrov","email":"b.bobrov@sap.com","username":"bbobrov"}],"values":{"-2":"Fails","-1":"Doesn\u0027t seem to work"," 0":"No score","+1":"Works for me","+2":"Verified"},"description":"","default_value":0,"optional":true},"Code-Review":{"all":[{"value":0,"permitted_voting_range":{"min":-1,"max":1},"_account_id":13478,"name":"Boris Bobrov","email":"b.bobrov@sap.com","username":"bbobrov"}],"values":{"-2":"Do not merge","-1":"This patch needs further work before it can be merged"," 0":"No score","+1":"Looks good to me, but someone else must approve","+2":"Looks good to me (core reviewer)"},"description":"","default_value":0,"optional":true},"Workflow":{"all":[{"_account_id":13478,"name":"Boris Bobrov","email":"b.bobrov@sap.com","username":"bbobrov"}],"values":{"-1":"Work in progress"," 0":"Ready for reviews","+1":"Approved"},"description":"","default_value":0,"optional":true}},"removable_reviewers":[],"reviewers":{"REVIEWER":[{"_account_id":13478,"name":"Boris Bobrov","email":"b.bobrov@sap.com","username":"bbobrov"}]},"pending_reviewers":{},"reviewer_updates":[{"updated":"2026-05-04 07:08:49.000000000","updated_by":{"_account_id":16137,"name":"Tobias Urdin","email":"tobias.urdin@binero.com","username":"tobasco"},"reviewer":{"_account_id":13478,"name":"Boris Bobrov","email":"b.bobrov@sap.com","username":"bbobrov"},"state":"REVIEWER"}],"messages":[{"id":"9c42d54af26739e4e65f0c73c3063e7e791da4c2","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":16137,"name":"Tobias Urdin","email":"tobias.urdin@binero.com","username":"tobasco"},"date":"2026-05-04 07:08:49.000000000","message":"Uploaded patch set 1.","accounts_in_message":[],"_revision_number":1},{"id":"b4b3af72ab19f7d465b6f70fac687cb40b727888","tag":"autogenerated:gerrit:abandon","author":{"_account_id":16137,"name":"Tobias Urdin","email":"tobias.urdin@binero.com","username":"tobasco"},"date":"2026-05-04 08:09:29.000000000","message":"Abandoned\n\ni must have missed that non-slurp goes directly into eol because i couldn\u0027t find the unmaintained branch","accounts_in_message":[],"_revision_number":1}],"current_revision_number":1,"current_revision":"3eaebcd536e67460f1ca4d15c1ec9ba32dff55e1","revisions":{"3eaebcd536e67460f1ca4d15c1ec9ba32dff55e1":{"kind":"REWORK","_number":1,"created":"2026-05-04 07:08:49.000000000","uploader":{"_account_id":16137,"name":"Tobias Urdin","email":"tobias.urdin@binero.com","username":"tobasco"},"ref":"refs/changes/19/987119/1","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/keystone","ref":"refs/changes/19/987119/1","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/keystone refs/changes/19/987119/1 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/keystone refs/changes/19/987119/1 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/keystone refs/changes/19/987119/1 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/keystone refs/changes/19/987119/1"}}},"commit":{"parents":[{"commit":"c2d6ea2d56e58800521322ed337ec5f79172d95d","subject":"Add tests for restricted app cred guard","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/keystone/commit/c2d6ea2d56e58800521322ed337ec5f79172d95d"}]}],"author":{"name":"Boris Bobrov","email":"b.bobrov@sap.com","date":"2026-04-07 21:45:15.000000000","tz":120},"committer":{"name":"Tobias Urdin","email":"tobias.urdin@binero.com","date":"2026-05-04 07:08:18.000000000","tz":120},"subject":"Block restricted app creds from creating EC2 credentials via /credentials","message":"Block restricted app creds from creating EC2 credentials via /credentials\n\nThe POST /v3/credentials endpoint accepted EC2 credential creation\nfrom restricted application credential tokens, bypassing the guard\non the dedicated OS-EC2 endpoint. Add the same unrestricted\napplication credential check to the generic credentials API for\nEC2-type credentials, and update the existing test to use an\nunrestricted application credential.\n\nRelated-Bug: #2142138\nGenerated-By: claude-opus-4-6 (OpenCode)\nSigned-off-by: Boris Bobrov \u003cb.bobrov@sap.com\u003e\nChange-Id: Idb192a2fd370fc26c7d76788e9ad1856483d3239\n(cherry picked from commit d6a3dc511057d6ac25bd2d75776a4233c5608684)\n(cherry picked from commit c33033594b87c37d858efba312dcf15f34afc3e9)\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/keystone/commit/3eaebcd536e67460f1ca4d15c1ec9ba32dff55e1"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/keystone/commit/3eaebcd536e67460f1ca4d15c1ec9ba32dff55e1"}]},"branch":"refs/heads/stable/2024.2"}},"requirements":[],"submit_records":[],"submit_requirements":[{"name":"Verified","description":"Verified in gate by CI","status":"UNSATISFIED","is_legacy":false,"submittability_expression_result":{"expression":"label:Verified\u003dMAX AND -label:Verified\u003dMIN","fulfilled":false,"status":"FAIL","passing_atoms":[],"failing_atoms":["label:Verified\u003dMAX","label:Verified\u003dMIN"],"atom_explanations":{"label:Verified\u003dMAX":"","label:Verified\u003dMIN":""}}},{"name":"Code-Review","description":"Code reviewed by core reviewer","status":"UNSATISFIED","is_legacy":false,"submittability_expression_result":{"expression":"label:Code-Review\u003dMAX AND -label:Code-Review\u003dMIN","fulfilled":false,"status":"FAIL","passing_atoms":[],"failing_atoms":["label:Code-Review\u003dMAX","label:Code-Review\u003dMIN"],"atom_explanations":{"label:Code-Review\u003dMAX":"","label:Code-Review\u003dMIN":""}}},{"name":"Workflow","description":"Approved for gate by core reviewer","status":"UNSATISFIED","is_legacy":false,"submittability_expression_result":{"expression":"label:Workflow\u003dMAX AND -label:Workflow\u003dMIN","fulfilled":false,"status":"FAIL","passing_atoms":[],"failing_atoms":["label:Workflow\u003dMAX","label:Workflow\u003dMIN"],"atom_explanations":{"label:Workflow\u003dMAX":"","label:Workflow\u003dMIN":""}}}]}