)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"eba9c88e1456dc3e434cbf79dfa35ac657d43e79","unresolved":true,"context_lines":[{"line_number":4,"context_line":"Commit:     headphone james \u003cheadphonejames@gmail.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2021-09-15 15:07:25 -0700"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Support for keystone scoped authorization"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Since keystone train there is now built in policy to handle scoping."},{"line_number":10,"context_line":"This means simplier relationship between"},{"line_number":11,"context_line":"* User/group"},{"line_number":12,"context_line":"* Role"},{"line_number":13,"context_line":"* Resource"},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"A resource is \"system\", \"domain\" or \"project\"."},{"line_number":16,"context_line":"A role is \"admin\", \"member\" and \"reader\"."},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"This means a user or group can be assigned the roles as below when needed:"},{"line_number":19,"context_line":"- System"},{"line_number":20,"context_line":"- * Cloud administrator"},{"line_number":21,"context_line":"- * Cloud member"},{"line_number":22,"context_line":"- * Cloud reader"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"- Domain one"},{"line_number":25,"context_line":"- * Domain one administrator"},{"line_number":26,"context_line":"- * Domain one member"},{"line_number":27,"context_line":"- * Domain one reader"},{"line_number":28,"context_line":""},{"line_number":29,"context_line":"- Domain two"},{"line_number":30,"context_line":"- * Domain two administrator"},{"line_number":31,"context_line":"- * Domain two member"},{"line_number":32,"context_line":"- * Domain two reader"},{"line_number":33,"context_line":"-"},{"line_number":34,"context_line":"- - Project alpha under Domain two"},{"line_number":35,"context_line":"- - * Project alpha administrator"},{"line_number":36,"context_line":"- - * Project alpha member"},{"line_number":37,"context_line":"- - * Project alpha reader"},{"line_number":38,"context_line":""},{"line_number":39,"context_line":"And so on.."},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"The old thinking about administrator privileges because of member in domain \"Default\" and project \"admin\" should no longer exist."},{"line_number":42,"context_line":"For a reseller this creates the possibility to give domain administrator privileges to a customers that can sell services that they manage in projects. Or a department within a bigger organization can get administrator privileges within one domain to handle own users, groups, projects, volumes, virtual machines and so on. Meaning a domain administrator can offload the cloud administrator with simplier tasks like adding users."},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"Change-Id: Ib631e2211682862296cce9ea179f2661c90fa585"},{"line_number":45,"context_line":"Signed-off-by: Niklas Hagman \u003cubuntu@post.blinkiz.com\u003e"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":60,"id":"d7b74fe9_19c4fc43","line":42,"range":{"start_line":7,"start_character":0,"end_line":42,"end_character":429},"updated":"2021-09-16 09:10:17.000000000","message":"Needs a rewrite","commit_id":"ddf1e4fc3da7869e0cf7381d0cca33c77bed8635"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"08d2e2d63237cce4732f8943d245f17f3f37024c","unresolved":true,"context_lines":[{"line_number":15,"context_line":"role to the admin user with system scope, as well as in the admin"},{"line_number":16,"context_line":"project. This patch transitions the Keystone admin user from"},{"line_number":17,"context_line":"authenticating using project scoped tokens to system scoped tokens."},{"line_number":18,"context_line":"This is a necessary step towards being able to enable the updated olso"},{"line_number":19,"context_line":"policies in services that allow finer grain access to system-level"},{"line_number":20,"context_line":"resources and APIs."},{"line_number":21,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":63,"id":"5013dc45_d90ad100","line":18,"range":{"start_line":18,"start_character":66,"end_line":18,"end_character":70},"updated":"2021-09-22 20:48:39.000000000","message":"oslo","commit_id":"e4e18fa6ba6697d5c9fa53da1b27dbc2449ac66f"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"6b948adab5bb3d68ae4890ca3bc82242ab69ae61","unresolved":false,"context_lines":[{"line_number":15,"context_line":"role to the admin user with system scope, as well as in the admin"},{"line_number":16,"context_line":"project. This patch transitions the Keystone admin user from"},{"line_number":17,"context_line":"authenticating using project scoped tokens to system scoped tokens."},{"line_number":18,"context_line":"This is a necessary step towards being able to enable the updated olso"},{"line_number":19,"context_line":"policies in services that allow finer grain access to system-level"},{"line_number":20,"context_line":"resources and APIs."},{"line_number":21,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":63,"id":"db0dbb52_065e3311","line":18,"range":{"start_line":18,"start_character":66,"end_line":18,"end_character":70},"in_reply_to":"5013dc45_d90ad100","updated":"2021-09-24 16:18:44.000000000","message":"Done","commit_id":"e4e18fa6ba6697d5c9fa53da1b27dbc2449ac66f"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"08d2e2d63237cce4732f8943d245f17f3f37024c","unresolved":true,"context_lines":[{"line_number":16,"context_line":"project. This patch transitions the Keystone admin user from"},{"line_number":17,"context_line":"authenticating using project scoped tokens to system scoped tokens."},{"line_number":18,"context_line":"This is a necessary step towards being able to enable the updated olso"},{"line_number":19,"context_line":"policies in services that allow finer grain access to system-level"},{"line_number":20,"context_line":"resources and APIs."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"An etherpad with discussion about the transition to the new olso"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":63,"id":"e5940ccc_aae25922","line":19,"range":{"start_line":19,"start_character":38,"end_line":19,"end_character":43},"updated":"2021-09-22 20:48:39.000000000","message":"grained","commit_id":"e4e18fa6ba6697d5c9fa53da1b27dbc2449ac66f"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"6b948adab5bb3d68ae4890ca3bc82242ab69ae61","unresolved":false,"context_lines":[{"line_number":16,"context_line":"project. This patch transitions the Keystone admin user from"},{"line_number":17,"context_line":"authenticating using project scoped tokens to system scoped tokens."},{"line_number":18,"context_line":"This is a necessary step towards being able to enable the updated olso"},{"line_number":19,"context_line":"policies in services that allow finer grain access to system-level"},{"line_number":20,"context_line":"resources and APIs."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"An etherpad with discussion about the transition to the new olso"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":63,"id":"9e895fca_14a30ef7","line":19,"range":{"start_line":19,"start_character":38,"end_line":19,"end_character":43},"in_reply_to":"e5940ccc_aae25922","updated":"2021-09-24 16:18:44.000000000","message":"Done","commit_id":"e4e18fa6ba6697d5c9fa53da1b27dbc2449ac66f"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"08d2e2d63237cce4732f8943d245f17f3f37024c","unresolved":true,"context_lines":[{"line_number":19,"context_line":"policies in services that allow finer grain access to system-level"},{"line_number":20,"context_line":"resources and APIs."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"An etherpad with discussion about the transition to the new olso"},{"line_number":23,"context_line":"service policies is:"},{"line_number":24,"context_line":""},{"line_number":25,"context_line":"https://etherpad.opendev.org/p/enabling-system-scope-in-kolla-ansible"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":63,"id":"7f60d561_dc374f81","line":22,"range":{"start_line":22,"start_character":60,"end_line":22,"end_character":64},"updated":"2021-09-22 20:48:39.000000000","message":"oslo","commit_id":"e4e18fa6ba6697d5c9fa53da1b27dbc2449ac66f"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"6b948adab5bb3d68ae4890ca3bc82242ab69ae61","unresolved":false,"context_lines":[{"line_number":19,"context_line":"policies in services that allow finer grain access to system-level"},{"line_number":20,"context_line":"resources and APIs."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"An etherpad with discussion about the transition to the new olso"},{"line_number":23,"context_line":"service policies is:"},{"line_number":24,"context_line":""},{"line_number":25,"context_line":"https://etherpad.opendev.org/p/enabling-system-scope-in-kolla-ansible"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":63,"id":"a6a5954f_bf97e450","line":22,"range":{"start_line":22,"start_character":60,"end_line":22,"end_character":64},"in_reply_to":"7f60d561_dc374f81","updated":"2021-09-24 16:18:44.000000000","message":"Done","commit_id":"e4e18fa6ba6697d5c9fa53da1b27dbc2449ac66f"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"5c152153109880dca235349d8d51495c818e85ab","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":66,"id":"0ac0ae83_332dab72","updated":"2021-10-13 15:27:30.000000000","message":"@James, are you able to pull out the parts of this patch that we dropped into (at least) one other patch?","commit_id":"2e933dceb591c3505f35c2c1de924f3978fb81a7"}],"ansible/group_vars/all.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"94284e484373993ca6e5695c301444a853e7d4e8","unresolved":true,"context_lines":[{"line_number":887,"context_line":"  username: \"{{ keystone_admin_user }}\""},{"line_number":888,"context_line":"  password: \"{{ keystone_admin_password }}\""},{"line_number":889,"context_line":"  user_domain_name: \"{{ default_user_domain_name }}\""},{"line_number":890,"context_line":"  system_scope: \"{{ \u0027all\u0027 if enable_system_scoped_auth | bool }}\""},{"line_number":891,"context_line":"  project_name: \"{{  keystone_admin_project if not enable_system_scoped_auth | bool }}\""},{"line_number":892,"context_line":"  domain_name: \"{{ default_project_domain_id if not enable_system_scoped_auth | bool }}\""},{"line_number":893,"context_line":""},{"line_number":894,"context_line":""},{"line_number":895,"context_line":"#######################"}],"source_content_type":"text/x-yaml","patch_set":54,"id":"047af904_ccafd33a","line":892,"range":{"start_line":890,"start_character":1,"end_line":892,"end_character":88},"updated":"2021-09-07 10:18:40.000000000","message":"This is invalid syntax - should be X if Y else Z","commit_id":"d466fd97276567d71c6471ca349233031bd15411"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"adae1fc316d9fd9ef9e3b9e6498d0185e32467c8","unresolved":false,"context_lines":[{"line_number":887,"context_line":"  username: \"{{ keystone_admin_user }}\""},{"line_number":888,"context_line":"  password: \"{{ keystone_admin_password }}\""},{"line_number":889,"context_line":"  user_domain_name: \"{{ default_user_domain_name }}\""},{"line_number":890,"context_line":"  system_scope: \"{{ \u0027all\u0027 if enable_system_scoped_auth | bool }}\""},{"line_number":891,"context_line":"  project_name: \"{{  keystone_admin_project if not enable_system_scoped_auth | bool }}\""},{"line_number":892,"context_line":"  domain_name: \"{{ default_project_domain_id if not enable_system_scoped_auth | bool }}\""},{"line_number":893,"context_line":""},{"line_number":894,"context_line":""},{"line_number":895,"context_line":"#######################"}],"source_content_type":"text/x-yaml","patch_set":54,"id":"517ad453_566ebdf8","line":892,"range":{"start_line":890,"start_character":1,"end_line":892,"end_character":88},"in_reply_to":"047af904_ccafd33a","updated":"2021-09-08 01:07:04.000000000","message":"Done","commit_id":"d466fd97276567d71c6471ca349233031bd15411"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"08d2e2d63237cce4732f8943d245f17f3f37024c","unresolved":true,"context_lines":[{"line_number":884,"context_line":"  auth_url: \"{{ keystone_admin_url }}\""},{"line_number":885,"context_line":"  username: \"{{ keystone_admin_user }}\""},{"line_number":886,"context_line":"  password: \"{{ keystone_admin_password }}\""},{"line_number":887,"context_line":"  user_domain_name: \"{{ default_user_domain_name }}\""},{"line_number":888,"context_line":"  system_scope: \"all\""},{"line_number":889,"context_line":""},{"line_number":890,"context_line":"#######################"}],"source_content_type":"text/x-yaml","patch_set":63,"id":"a821a41d_30051531","line":887,"updated":"2021-09-22 20:48:39.000000000","message":"keystone-manage bootstrap always uses \"default\" as domain, so I\u0027m not sure that this change makes sense","commit_id":"e4e18fa6ba6697d5c9fa53da1b27dbc2449ac66f"}],"ansible/post-deploy.yml":[{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"210edfe5d837b5b10337b983fa6b343166d7512d","unresolved":true,"context_lines":[{"line_number":11,"context_line":"        group: \"{{ ansible_facts.user_gid }}\""},{"line_number":12,"context_line":"        mode: 0600"},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"    - name: Template out admin-openrc-system-scope.sh"},{"line_number":15,"context_line":"      become: true"},{"line_number":16,"context_line":"      template:"},{"line_number":17,"context_line":"        src: \"roles/common/templates/admin-openrc-system-scope.sh.j2\""}],"source_content_type":"text/x-yaml","patch_set":42,"id":"ad4cf2f0_39a00c67","line":14,"updated":"2021-08-31 06:43:20.000000000","message":"Maybe this should be called admin-system-scope-openrc.sh to have same naming convention as admin-openrc.sh, this will also help to pass tests in zuul which are now failing. What do u thing ?","commit_id":"99cba430d1e9db30b191e2790cd20dcf7b13079f"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"be689a6b90f6d346c396144a355c6ab5d752cb32","unresolved":false,"context_lines":[{"line_number":11,"context_line":"        group: \"{{ ansible_facts.user_gid }}\""},{"line_number":12,"context_line":"        mode: 0600"},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"    - name: Template out admin-openrc-system-scope.sh"},{"line_number":15,"context_line":"      become: true"},{"line_number":16,"context_line":"      template:"},{"line_number":17,"context_line":"        src: \"roles/common/templates/admin-openrc-system-scope.sh.j2\""}],"source_content_type":"text/x-yaml","patch_set":42,"id":"2f8022d6_607c84ce","line":14,"in_reply_to":"ad4cf2f0_39a00c67","updated":"2021-08-31 15:37:46.000000000","message":"Done","commit_id":"99cba430d1e9db30b191e2790cd20dcf7b13079f"}],"ansible/roles/common/templates/admin-openrc.sh.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"eba9c88e1456dc3e434cbf79dfa35ac657d43e79","unresolved":true,"context_lines":[{"line_number":2,"context_line":""},{"line_number":3,"context_line":"# Clear any old environment that may conflict."},{"line_number":4,"context_line":"for key in $( set | awk \u0027{FS\u003d\"\u003d\"}  /^OS_/ {print $1}\u0027 ); do unset $key ; done"},{"line_number":5,"context_line":"export OS_USER_DOMAIN_NAME\u003dDefault"},{"line_number":6,"context_line":"export OS_PROJECT_DOMAIN_NAME\u003dDefault"},{"line_number":7,"context_line":"export OS_PROJECT_NAME\u003d{{ keystone_admin_project }}"},{"line_number":8,"context_line":"export OS_TENANT_NAME\u003d{{ keystone_admin_project }}"},{"line_number":9,"context_line":"export OS_USERNAME\u003d{{ keystone_admin_user }}"}],"source_content_type":"text/x-jinja2","patch_set":60,"id":"f032023e_5f1e26b3","line":6,"range":{"start_line":5,"start_character":0,"end_line":6,"end_character":37},"updated":"2021-09-16 09:10:17.000000000","message":"nit: unnecessary","commit_id":"ddf1e4fc3da7869e0cf7381d0cca33c77bed8635"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"6f8166d4b89c5107f1c505398cd5199c81202b5a","unresolved":false,"context_lines":[{"line_number":2,"context_line":""},{"line_number":3,"context_line":"# Clear any old environment that may conflict."},{"line_number":4,"context_line":"for key in $( set | awk \u0027{FS\u003d\"\u003d\"}  /^OS_/ {print $1}\u0027 ); do unset $key ; done"},{"line_number":5,"context_line":"export OS_USER_DOMAIN_NAME\u003dDefault"},{"line_number":6,"context_line":"export OS_PROJECT_DOMAIN_NAME\u003dDefault"},{"line_number":7,"context_line":"export OS_PROJECT_NAME\u003d{{ keystone_admin_project }}"},{"line_number":8,"context_line":"export OS_TENANT_NAME\u003d{{ keystone_admin_project }}"},{"line_number":9,"context_line":"export OS_USERNAME\u003d{{ keystone_admin_user }}"}],"source_content_type":"text/x-jinja2","patch_set":60,"id":"08bc3ed9_950fffd7","line":6,"range":{"start_line":5,"start_character":0,"end_line":6,"end_character":37},"in_reply_to":"f032023e_5f1e26b3","updated":"2021-09-16 17:54:06.000000000","message":"Done","commit_id":"ddf1e4fc3da7869e0cf7381d0cca33c77bed8635"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"08d2e2d63237cce4732f8943d245f17f3f37024c","unresolved":true,"context_lines":[{"line_number":3,"context_line":"# Clear any old environment that may conflict."},{"line_number":4,"context_line":"for key in $( set | awk \u0027{FS\u003d\"\u003d\"}  /^OS_/ {print $1}\u0027 ); do unset $key ; done"},{"line_number":5,"context_line":"export OS_USER_DOMAIN_NAME\u003dDefault"},{"line_number":6,"context_line":"export OS_PROJECT_NAME\u003d{{ keystone_admin_project }}"},{"line_number":7,"context_line":"export OS_TENANT_NAME\u003d{{ keystone_admin_project }}"},{"line_number":8,"context_line":"export OS_USERNAME\u003d{{ keystone_admin_user }}"},{"line_number":9,"context_line":"export OS_PASSWORD\u003d{{ keystone_admin_password }}"}],"source_content_type":"text/x-jinja2","patch_set":63,"id":"f671541f_86e3ef52","line":6,"updated":"2021-09-22 20:48:39.000000000","message":"As long as the project is being used here, I think the project_domain_name above should also stay.","commit_id":"e4e18fa6ba6697d5c9fa53da1b27dbc2449ac66f"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"6b948adab5bb3d68ae4890ca3bc82242ab69ae61","unresolved":false,"context_lines":[{"line_number":3,"context_line":"# Clear any old environment that may conflict."},{"line_number":4,"context_line":"for key in $( set | awk \u0027{FS\u003d\"\u003d\"}  /^OS_/ {print $1}\u0027 ); do unset $key ; done"},{"line_number":5,"context_line":"export OS_USER_DOMAIN_NAME\u003dDefault"},{"line_number":6,"context_line":"export OS_PROJECT_NAME\u003d{{ keystone_admin_project }}"},{"line_number":7,"context_line":"export OS_TENANT_NAME\u003d{{ keystone_admin_project }}"},{"line_number":8,"context_line":"export OS_USERNAME\u003d{{ keystone_admin_user }}"},{"line_number":9,"context_line":"export OS_PASSWORD\u003d{{ keystone_admin_password }}"}],"source_content_type":"text/x-jinja2","patch_set":63,"id":"7a918286_abfe1fcd","line":6,"in_reply_to":"f671541f_86e3ef52","updated":"2021-09-24 16:18:44.000000000","message":"Done","commit_id":"e4e18fa6ba6697d5c9fa53da1b27dbc2449ac66f"}],"ansible/roles/common/templates/admin-system-scope-openrc.sh.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"eba9c88e1456dc3e434cbf79dfa35ac657d43e79","unresolved":true,"context_lines":[{"line_number":1,"context_line":"# {{ ansible_managed }}"},{"line_number":2,"context_line":""},{"line_number":3,"context_line":"# Clear any old environment that may conflict."},{"line_number":4,"context_line":"for key in $( set | awk \u0027{FS\u003d\"\u003d\"}  /^OS_/ {print $1}\u0027 ); do unset $key ; done"}],"source_content_type":"text/x-jinja2","patch_set":60,"id":"50294375_f5f5c329","line":1,"updated":"2021-09-16 09:10:17.000000000","message":"File unused","commit_id":"ddf1e4fc3da7869e0cf7381d0cca33c77bed8635"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"6f8166d4b89c5107f1c505398cd5199c81202b5a","unresolved":false,"context_lines":[{"line_number":1,"context_line":"# {{ ansible_managed }}"},{"line_number":2,"context_line":""},{"line_number":3,"context_line":"# Clear any old environment that may conflict."},{"line_number":4,"context_line":"for key in $( set | awk \u0027{FS\u003d\"\u003d\"}  /^OS_/ {print $1}\u0027 ); do unset $key ; done"}],"source_content_type":"text/x-jinja2","patch_set":60,"id":"e590d461_b0e3146f","line":1,"in_reply_to":"50294375_f5f5c329","updated":"2021-09-16 17:54:06.000000000","message":"Done","commit_id":"ddf1e4fc3da7869e0cf7381d0cca33c77bed8635"}],"ansible/roles/freezer/templates/freezer.conf.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"eba9c88e1456dc3e434cbf79dfa35ac657d43e79","unresolved":true,"context_lines":[{"line_number":16,"context_line":"os_password \u003d {{ openstack_auth.password }}"},{"line_number":17,"context_line":"os_auth_url \u003d {{ openstack_auth.auth_url }}/v3"},{"line_number":18,"context_line":"os_user_domain_name \u003d {{ openstack_auth.user_domain_name }}"},{"line_number":19,"context_line":"os_system_scope \u003d all"},{"line_number":20,"context_line":"{% endif %}"},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"{% if service_name \u003d\u003d \u0027freezer-api\u0027 %}"}],"source_content_type":"text/x-jinja2","patch_set":60,"id":"ae0464e0_f97c756e","line":19,"updated":"2021-09-16 09:10:17.000000000","message":"Option doesn\u0027t exist: https://opendev.org/openstack/freezer/src/branch/master/freezer/scheduler/arguments.py\n\nSuggest we keep the old options and leave a TODO","commit_id":"ddf1e4fc3da7869e0cf7381d0cca33c77bed8635"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"6f8166d4b89c5107f1c505398cd5199c81202b5a","unresolved":false,"context_lines":[{"line_number":16,"context_line":"os_password \u003d {{ openstack_auth.password }}"},{"line_number":17,"context_line":"os_auth_url \u003d {{ openstack_auth.auth_url }}/v3"},{"line_number":18,"context_line":"os_user_domain_name \u003d {{ openstack_auth.user_domain_name }}"},{"line_number":19,"context_line":"os_system_scope \u003d all"},{"line_number":20,"context_line":"{% endif %}"},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"{% if service_name \u003d\u003d \u0027freezer-api\u0027 %}"}],"source_content_type":"text/x-jinja2","patch_set":60,"id":"4ebe03d5_a73d10ec","line":19,"in_reply_to":"ae0464e0_f97c756e","updated":"2021-09-16 17:54:06.000000000","message":"Done","commit_id":"ddf1e4fc3da7869e0cf7381d0cca33c77bed8635"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"08d2e2d63237cce4732f8943d245f17f3f37024c","unresolved":true,"context_lines":[{"line_number":15,"context_line":"os_username \u003d {{ openstack_auth.username }}"},{"line_number":16,"context_line":"os_password \u003d {{ openstack_auth.password }}"},{"line_number":17,"context_line":"os_auth_url \u003d {{ openstack_auth.auth_url }}/v3"},{"line_number":18,"context_line":"os_project_name \u003d {{ openstack_auth.project_name }}"},{"line_number":19,"context_line":"os_project_domain_name \u003d {{ openstack_auth.domain_name }}"},{"line_number":20,"context_line":"# TODO: transition to system scoped token when freezer supports that"},{"line_number":21,"context_line":"# configuration option"}],"source_content_type":"text/x-jinja2","patch_set":63,"id":"cac5e1c0_a1051075","line":18,"range":{"start_line":18,"start_character":21,"end_line":18,"end_character":48},"updated":"2021-09-22 20:48:39.000000000","message":"This needs to be \"keystone_admin_project\" now?","commit_id":"e4e18fa6ba6697d5c9fa53da1b27dbc2449ac66f"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"6b948adab5bb3d68ae4890ca3bc82242ab69ae61","unresolved":false,"context_lines":[{"line_number":15,"context_line":"os_username \u003d {{ openstack_auth.username }}"},{"line_number":16,"context_line":"os_password \u003d {{ openstack_auth.password }}"},{"line_number":17,"context_line":"os_auth_url \u003d {{ openstack_auth.auth_url }}/v3"},{"line_number":18,"context_line":"os_project_name \u003d {{ openstack_auth.project_name }}"},{"line_number":19,"context_line":"os_project_domain_name \u003d {{ openstack_auth.domain_name }}"},{"line_number":20,"context_line":"# TODO: transition to system scoped token when freezer supports that"},{"line_number":21,"context_line":"# configuration option"}],"source_content_type":"text/x-jinja2","patch_set":63,"id":"18d25b2a_eb676cb1","line":18,"range":{"start_line":18,"start_character":21,"end_line":18,"end_character":48},"in_reply_to":"cac5e1c0_a1051075","updated":"2021-09-24 16:18:44.000000000","message":"Done","commit_id":"e4e18fa6ba6697d5c9fa53da1b27dbc2449ac66f"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"08d2e2d63237cce4732f8943d245f17f3f37024c","unresolved":true,"context_lines":[{"line_number":20,"context_line":"# TODO: transition to system scoped token when freezer supports that"},{"line_number":21,"context_line":"# configuration option"},{"line_number":22,"context_line":"os_user_domain_name \u003d {{ openstack_auth.user_domain_name }}"},{"line_number":23,"context_line":"os_system_scope \u003d all"},{"line_number":24,"context_line":"{% endif %}"},{"line_number":25,"context_line":""},{"line_number":26,"context_line":"{% if service_name \u003d\u003d \u0027freezer-api\u0027 %}"}],"source_content_type":"text/x-jinja2","patch_set":63,"id":"c0f5e86c_ea77a779","line":23,"updated":"2021-09-22 20:48:39.000000000","message":"Why do you set this if the comment above states that it isn\u0027t supported? This seems inconsistent.","commit_id":"e4e18fa6ba6697d5c9fa53da1b27dbc2449ac66f"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"6b948adab5bb3d68ae4890ca3bc82242ab69ae61","unresolved":false,"context_lines":[{"line_number":20,"context_line":"# TODO: transition to system scoped token when freezer supports that"},{"line_number":21,"context_line":"# configuration option"},{"line_number":22,"context_line":"os_user_domain_name \u003d {{ openstack_auth.user_domain_name }}"},{"line_number":23,"context_line":"os_system_scope \u003d all"},{"line_number":24,"context_line":"{% endif %}"},{"line_number":25,"context_line":""},{"line_number":26,"context_line":"{% if service_name \u003d\u003d \u0027freezer-api\u0027 %}"}],"source_content_type":"text/x-jinja2","patch_set":63,"id":"7aef7baf_5345b9d0","line":23,"in_reply_to":"c0f5e86c_ea77a779","updated":"2021-09-24 16:18:44.000000000","message":"Done","commit_id":"e4e18fa6ba6697d5c9fa53da1b27dbc2449ac66f"}],"ansible/roles/keystone/tasks/register.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"eba9c88e1456dc3e434cbf79dfa35ac657d43e79","unresolved":true,"context_lines":[{"line_number":4,"context_line":"  command: \u003e"},{"line_number":5,"context_line":"    docker exec keystone kolla_keystone_bootstrap"},{"line_number":6,"context_line":"    {{ openstack_auth.username }} {{ openstack_auth.password }} {{ keystone_admin_project }}"},{"line_number":7,"context_line":"    admin {{ openstack_auth.auth_url }} {{ keystone_internal_url }} {{ keystone_public_url }} {{ item }}"},{"line_number":8,"context_line":"  register: keystone_bootstrap"},{"line_number":9,"context_line":"  changed_when: (keystone_bootstrap.stdout | from_json).changed"},{"line_number":10,"context_line":"  failed_when: (keystone_bootstrap.stdout | from_json).failed"}],"source_content_type":"text/x-yaml","patch_set":60,"id":"eec451e8_8b2634ba","line":7,"range":{"start_line":7,"start_character":13,"end_line":7,"end_character":36},"updated":"2021-09-16 09:10:17.000000000","message":"I\u0027d keep this as keystone_admin_url","commit_id":"ddf1e4fc3da7869e0cf7381d0cca33c77bed8635"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"6f8166d4b89c5107f1c505398cd5199c81202b5a","unresolved":false,"context_lines":[{"line_number":4,"context_line":"  command: \u003e"},{"line_number":5,"context_line":"    docker exec keystone kolla_keystone_bootstrap"},{"line_number":6,"context_line":"    {{ openstack_auth.username }} {{ openstack_auth.password }} {{ keystone_admin_project }}"},{"line_number":7,"context_line":"    admin {{ openstack_auth.auth_url }} {{ keystone_internal_url }} {{ keystone_public_url }} {{ item }}"},{"line_number":8,"context_line":"  register: keystone_bootstrap"},{"line_number":9,"context_line":"  changed_when: (keystone_bootstrap.stdout | from_json).changed"},{"line_number":10,"context_line":"  failed_when: (keystone_bootstrap.stdout | from_json).failed"}],"source_content_type":"text/x-yaml","patch_set":60,"id":"ca8c33f0_6016fa78","line":7,"range":{"start_line":7,"start_character":13,"end_line":7,"end_character":36},"in_reply_to":"eec451e8_8b2634ba","updated":"2021-09-16 17:54:06.000000000","message":"Done","commit_id":"ddf1e4fc3da7869e0cf7381d0cca33c77bed8635"}],"ansible/roles/keystone/templates/keystone.conf.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"27f5333c38dc91e58a11eb33a4e3df14e71eea7b","unresolved":true,"context_lines":[{"line_number":11,"context_line":"enable_proxy_headers_parsing \u003d True"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"[oslo_policy]"},{"line_number":14,"context_line":"enforce_scope \u003d True"},{"line_number":15,"context_line":"{% if keystone_policy_file is defined %}"},{"line_number":16,"context_line":"policy_file \u003d {{ keystone_policy_file }}"},{"line_number":17,"context_line":"{% endif %}"}],"source_content_type":"text/x-jinja2","patch_set":29,"id":"55ee862b_64d1f855","line":14,"range":{"start_line":14,"start_character":0,"end_line":14,"end_character":20},"updated":"2021-07-29 10:59:52.000000000","message":"This should be optional.","commit_id":"2c91e485663656bf6de20a95dd34c51ea4a3ae63"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"be689a6b90f6d346c396144a355c6ab5d752cb32","unresolved":false,"context_lines":[{"line_number":11,"context_line":"enable_proxy_headers_parsing \u003d True"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"[oslo_policy]"},{"line_number":14,"context_line":"enforce_scope \u003d True"},{"line_number":15,"context_line":"{% if keystone_policy_file is defined %}"},{"line_number":16,"context_line":"policy_file \u003d {{ keystone_policy_file }}"},{"line_number":17,"context_line":"{% endif %}"}],"source_content_type":"text/x-jinja2","patch_set":29,"id":"7203703b_cc721648","line":14,"range":{"start_line":14,"start_character":0,"end_line":14,"end_character":20},"in_reply_to":"55ee862b_64d1f855","updated":"2021-08-31 15:37:46.000000000","message":"Ack","commit_id":"2c91e485663656bf6de20a95dd34c51ea4a3ae63"}],"ansible/roles/neutron/templates/neutron.conf.j2":[{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"08d2e2d63237cce4732f8943d245f17f3f37024c","unresolved":true,"context_lines":[{"line_number":116,"context_line":"password \u003d {{ neutron_keystone_password }}"},{"line_number":117,"context_line":"cafile \u003d {{ openstack_cacert }}"},{"line_number":118,"context_line":"region_name \u003d {{ openstack_region_name }}"},{"line_number":119,"context_line":""},{"line_number":120,"context_line":"memcache_security_strategy \u003d ENCRYPT"},{"line_number":121,"context_line":"memcache_secret_key \u003d {{ memcache_secret_key }}"},{"line_number":122,"context_line":""}],"source_content_type":"text/x-jinja2","patch_set":63,"id":"019e3a2c_361b1db6","side":"PARENT","line":119,"updated":"2021-09-22 20:48:39.000000000","message":"Unrelated and unnecessary?","commit_id":"3455105321ba2e117ed3d2dbd2d5a47194cc1603"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"6b948adab5bb3d68ae4890ca3bc82242ab69ae61","unresolved":false,"context_lines":[{"line_number":116,"context_line":"password \u003d {{ neutron_keystone_password }}"},{"line_number":117,"context_line":"cafile \u003d {{ openstack_cacert }}"},{"line_number":118,"context_line":"region_name \u003d {{ openstack_region_name }}"},{"line_number":119,"context_line":""},{"line_number":120,"context_line":"memcache_security_strategy \u003d ENCRYPT"},{"line_number":121,"context_line":"memcache_secret_key \u003d {{ memcache_secret_key }}"},{"line_number":122,"context_line":""}],"source_content_type":"text/x-jinja2","patch_set":63,"id":"e1e2bc24_d7ebabfc","side":"PARENT","line":119,"in_reply_to":"019e3a2c_361b1db6","updated":"2021-09-24 16:18:44.000000000","message":"Done","commit_id":"3455105321ba2e117ed3d2dbd2d5a47194cc1603"}],"ansible/roles/octavia/templates/octavia.conf.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"435cba0e9bab10e5a81e4a09a3362f0025afe5dc","unresolved":false,"context_lines":[{"line_number":28,"context_line":"username \u003d {{ octavia_keystone_user }}"},{"line_number":29,"context_line":"password \u003d {{ octavia_keystone_password }}"},{"line_number":30,"context_line":"user_domain_name \u003d {{ default_user_domain_name }}"},{"line_number":31,"context_line":"project_name \u003d {{ keystone_admin_project }}"},{"line_number":32,"context_line":"project_domain_name \u003d {{ default_project_domain_name }}"},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"memcache_security_strategy \u003d ENCRYPT"}],"source_content_type":"text/x-jinja2","patch_set":23,"id":"ff570b3c_ceaaf583","line":31,"updated":"2020-05-11 09:33:27.000000000","message":"This makes me suspect that https://bugs.launchpad.net/kolla-ansible/+bug/1873176 was not a complete solution.","commit_id":"f8b5b91bb0171dea88abe7fcc2752178b5335cae"}],"ansible/roles/service-ks-register/tasks/main.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"94284e484373993ca6e5695c301444a853e7d4e8","unresolved":true,"context_lines":[{"line_number":132,"context_line":"        --os-user-domain-name {{ openstack_auth.user_domain_name }}"},{"line_number":133,"context_line":"        --os-system-scope {{ openstack_auth.system_scope }}"},{"line_number":134,"context_line":"        {% if openstack_cacert !\u003d \u0027\u0027 %}--os-cacert {{ openstack_cacert }}{% endif %}"},{"line_number":135,"context_line":"        role add --system all --user {{ item.user }} {{ keystone_admin_user }}"},{"line_number":136,"context_line":"      register: nova_grant_system_scope"},{"line_number":137,"context_line":"      with_items: \"{{ service_ks_register_users }}\""},{"line_number":138,"context_line":"      run_once: True"}],"source_content_type":"text/x-yaml","patch_set":54,"id":"512427a3_debebe6b","line":135,"range":{"start_line":135,"start_character":8,"end_line":135,"end_character":78},"updated":"2021-09-07 10:18:40.000000000","message":"This grants all roles with system scope, while it should be able to grant roles with project scope when a project is specified. Where roles should be granted with system scope, we\u0027ll need to update the relevant variables.\n\nIt is also granting everyone a role of {{ keystone_admin_user }}, which is admin. The role should be {{ item.role }}.","commit_id":"d466fd97276567d71c6471ca349233031bd15411"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"ce82fe1085fa6fcf0d45ec0b1ec365b7f3d59844","unresolved":true,"context_lines":[{"line_number":132,"context_line":"        --os-user-domain-name {{ openstack_auth.user_domain_name }}"},{"line_number":133,"context_line":"        --os-system-scope {{ openstack_auth.system_scope }}"},{"line_number":134,"context_line":"        {% if openstack_cacert !\u003d \u0027\u0027 %}--os-cacert {{ openstack_cacert }}{% endif %}"},{"line_number":135,"context_line":"        role add --system all --user {{ item.user }} {{ keystone_admin_user }}"},{"line_number":136,"context_line":"      register: nova_grant_system_scope"},{"line_number":137,"context_line":"      with_items: \"{{ service_ks_register_users }}\""},{"line_number":138,"context_line":"      run_once: True"}],"source_content_type":"text/x-yaml","patch_set":54,"id":"aaebae9f_239dfd79","line":135,"range":{"start_line":135,"start_character":8,"end_line":135,"end_character":78},"in_reply_to":"11ef569f_3503f3e0","updated":"2021-09-08 23:49:35.000000000","message":"How could a role use keystone with the enforce scope enabled if it has a project scoped role?","commit_id":"d466fd97276567d71c6471ca349233031bd15411"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"adae1fc316d9fd9ef9e3b9e6498d0185e32467c8","unresolved":false,"context_lines":[{"line_number":132,"context_line":"        --os-user-domain-name {{ openstack_auth.user_domain_name }}"},{"line_number":133,"context_line":"        --os-system-scope {{ openstack_auth.system_scope }}"},{"line_number":134,"context_line":"        {% if openstack_cacert !\u003d \u0027\u0027 %}--os-cacert {{ openstack_cacert }}{% endif %}"},{"line_number":135,"context_line":"        role add --system all --user {{ item.user }} {{ keystone_admin_user }}"},{"line_number":136,"context_line":"      register: nova_grant_system_scope"},{"line_number":137,"context_line":"      with_items: \"{{ service_ks_register_users }}\""},{"line_number":138,"context_line":"      run_once: True"}],"source_content_type":"text/x-yaml","patch_set":54,"id":"eb098b7f_896d1258","line":135,"range":{"start_line":135,"start_character":8,"end_line":135,"end_character":78},"in_reply_to":"512427a3_debebe6b","updated":"2021-09-08 01:07:04.000000000","message":"Done","commit_id":"d466fd97276567d71c6471ca349233031bd15411"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"40f914d0b5ed422c36c300caee511d960281b9d5","unresolved":true,"context_lines":[{"line_number":132,"context_line":"        --os-user-domain-name {{ openstack_auth.user_domain_name }}"},{"line_number":133,"context_line":"        --os-system-scope {{ openstack_auth.system_scope }}"},{"line_number":134,"context_line":"        {% if openstack_cacert !\u003d \u0027\u0027 %}--os-cacert {{ openstack_cacert }}{% endif %}"},{"line_number":135,"context_line":"        role add --system all --user {{ item.user }} {{ keystone_admin_user }}"},{"line_number":136,"context_line":"      register: nova_grant_system_scope"},{"line_number":137,"context_line":"      with_items: \"{{ service_ks_register_users }}\""},{"line_number":138,"context_line":"      run_once: True"}],"source_content_type":"text/x-yaml","patch_set":54,"id":"9a68d8b4_d7c1010e","line":135,"range":{"start_line":135,"start_character":8,"end_line":135,"end_character":78},"in_reply_to":"aaebae9f_239dfd79","updated":"2021-09-14 13:58:02.000000000","message":"Scope enforcement doesn\u0027t mean everything should use the system scope, it means everything should use the correct scope - system, domain or project. I\u0027m not sure if any of the role we assign in Kolla should use project scope, but we do need to check.\n\nThere is also the question of whether we would assign roles both with system scope and project scope for some transition period, then remove the project-scoped role assignments. In that case this code would need to support both scopes.","commit_id":"d466fd97276567d71c6471ca349233031bd15411"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"da0fbb7ca08b5acec1e794b767d2139ddb7b6f3b","unresolved":false,"context_lines":[{"line_number":132,"context_line":"        --os-user-domain-name {{ openstack_auth.user_domain_name }}"},{"line_number":133,"context_line":"        --os-system-scope {{ openstack_auth.system_scope }}"},{"line_number":134,"context_line":"        {% if openstack_cacert !\u003d \u0027\u0027 %}--os-cacert {{ openstack_cacert }}{% endif %}"},{"line_number":135,"context_line":"        role add --system all --user {{ item.user }} {{ keystone_admin_user }}"},{"line_number":136,"context_line":"      register: nova_grant_system_scope"},{"line_number":137,"context_line":"      with_items: \"{{ service_ks_register_users }}\""},{"line_number":138,"context_line":"      run_once: True"}],"source_content_type":"text/x-yaml","patch_set":54,"id":"11ef569f_3503f3e0","line":135,"range":{"start_line":135,"start_character":8,"end_line":135,"end_character":78},"in_reply_to":"eb098b7f_896d1258","updated":"2021-09-08 12:23:38.000000000","message":"Not done - it is still always granting roles with system scope. We will need to audit the users \u0026 roles to see if we need any project-scoped roles.","commit_id":"d466fd97276567d71c6471ca349233031bd15411"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"94284e484373993ca6e5695c301444a853e7d4e8","unresolved":true,"context_lines":[{"line_number":133,"context_line":"        --os-system-scope {{ openstack_auth.system_scope }}"},{"line_number":134,"context_line":"        {% if openstack_cacert !\u003d \u0027\u0027 %}--os-cacert {{ openstack_cacert }}{% endif %}"},{"line_number":135,"context_line":"        role add --system all --user {{ item.user }} {{ keystone_admin_user }}"},{"line_number":136,"context_line":"      register: nova_grant_system_scope"},{"line_number":137,"context_line":"      with_items: \"{{ service_ks_register_users }}\""},{"line_number":138,"context_line":"      run_once: True"},{"line_number":139,"context_line":"      when: enable_system_scoped_auth | bool"}],"source_content_type":"text/x-yaml","patch_set":54,"id":"267e6744_56bd7bc1","line":136,"range":{"start_line":136,"start_character":6,"end_line":136,"end_character":39},"updated":"2021-09-07 10:18:40.000000000","message":"Remove","commit_id":"d466fd97276567d71c6471ca349233031bd15411"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"adae1fc316d9fd9ef9e3b9e6498d0185e32467c8","unresolved":false,"context_lines":[{"line_number":133,"context_line":"        --os-system-scope {{ openstack_auth.system_scope }}"},{"line_number":134,"context_line":"        {% if openstack_cacert !\u003d \u0027\u0027 %}--os-cacert {{ openstack_cacert }}{% endif %}"},{"line_number":135,"context_line":"        role add --system all --user {{ item.user }} {{ keystone_admin_user }}"},{"line_number":136,"context_line":"      register: nova_grant_system_scope"},{"line_number":137,"context_line":"      with_items: \"{{ service_ks_register_users }}\""},{"line_number":138,"context_line":"      run_once: True"},{"line_number":139,"context_line":"      when: enable_system_scoped_auth | bool"}],"source_content_type":"text/x-yaml","patch_set":54,"id":"01ea51f1_01265a7f","line":136,"range":{"start_line":136,"start_character":6,"end_line":136,"end_character":39},"in_reply_to":"267e6744_56bd7bc1","updated":"2021-09-08 01:07:04.000000000","message":"Done","commit_id":"d466fd97276567d71c6471ca349233031bd15411"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"94284e484373993ca6e5695c301444a853e7d4e8","unresolved":true,"context_lines":[{"line_number":135,"context_line":"        role add --system all --user {{ item.user }} {{ keystone_admin_user }}"},{"line_number":136,"context_line":"      register: nova_grant_system_scope"},{"line_number":137,"context_line":"      with_items: \"{{ service_ks_register_users }}\""},{"line_number":138,"context_line":"      run_once: True"},{"line_number":139,"context_line":"      when: enable_system_scoped_auth | bool"},{"line_number":140,"context_line":"      loop_control:"},{"line_number":141,"context_line":"        label:"}],"source_content_type":"text/x-yaml","patch_set":54,"id":"b57dd577_18d1d482","line":138,"range":{"start_line":138,"start_character":6,"end_line":138,"end_character":20},"updated":"2021-09-07 10:18:40.000000000","message":"Not necessary","commit_id":"d466fd97276567d71c6471ca349233031bd15411"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"adae1fc316d9fd9ef9e3b9e6498d0185e32467c8","unresolved":false,"context_lines":[{"line_number":135,"context_line":"        role add --system all --user {{ item.user }} {{ keystone_admin_user }}"},{"line_number":136,"context_line":"      register: nova_grant_system_scope"},{"line_number":137,"context_line":"      with_items: \"{{ service_ks_register_users }}\""},{"line_number":138,"context_line":"      run_once: True"},{"line_number":139,"context_line":"      when: enable_system_scoped_auth | bool"},{"line_number":140,"context_line":"      loop_control:"},{"line_number":141,"context_line":"        label:"}],"source_content_type":"text/x-yaml","patch_set":54,"id":"d465d0c8_af571a24","line":138,"range":{"start_line":138,"start_character":6,"end_line":138,"end_character":20},"in_reply_to":"b57dd577_18d1d482","updated":"2021-09-08 01:07:04.000000000","message":"Done","commit_id":"d466fd97276567d71c6471ca349233031bd15411"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"94284e484373993ca6e5695c301444a853e7d4e8","unresolved":true,"context_lines":[{"line_number":141,"context_line":"        label:"},{"line_number":142,"context_line":"          user: \"{{ item.user }}\""},{"line_number":143,"context_line":"          role: \"{{ item.role }}\""},{"line_number":144,"context_line":"          project: \"{{ item.project }}\""},{"line_number":145,"context_line":""},{"line_number":146,"context_line":"  become: true"},{"line_number":147,"context_line":"  run_once: True"}],"source_content_type":"text/x-yaml","patch_set":54,"id":"adbbf87d_ee51c510","line":144,"updated":"2021-09-07 10:18:40.000000000","message":"Add retries:\n\n      register: service_ks_register_result\n      until: service_ks_register_result is success\n      retries: \"{{ service_ks_register_retries }}\"\n      delay: \"{{ service_ks_register_delay }}\"","commit_id":"d466fd97276567d71c6471ca349233031bd15411"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"adae1fc316d9fd9ef9e3b9e6498d0185e32467c8","unresolved":false,"context_lines":[{"line_number":141,"context_line":"        label:"},{"line_number":142,"context_line":"          user: \"{{ item.user }}\""},{"line_number":143,"context_line":"          role: \"{{ item.role }}\""},{"line_number":144,"context_line":"          project: \"{{ item.project }}\""},{"line_number":145,"context_line":""},{"line_number":146,"context_line":"  become: true"},{"line_number":147,"context_line":"  run_once: True"}],"source_content_type":"text/x-yaml","patch_set":54,"id":"107f50d3_ecb83239","line":144,"in_reply_to":"adbbf87d_ee51c510","updated":"2021-09-08 01:07:04.000000000","message":"Done","commit_id":"d466fd97276567d71c6471ca349233031bd15411"}],"ansible/roles/skydive/defaults/main.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"43afb54fe2d4c957dceea298b94116cf05f7a917","unresolved":true,"context_lines":[{"line_number":41,"context_line":"skydive_analyzer_tag: \"{{ skydive_tag }}\""},{"line_number":42,"context_line":"skydive_analyzer_image_full: \"{{ skydive_analyzer_image }}:{{ skydive_analyzer_tag }}\""},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"skydive_admin_tenant_name: \"{{ openstack_auth[\u0027project_name\u0027] }}\""},{"line_number":45,"context_line":"skydive_agent_image: \"{{ docker_registry ~ \u0027/\u0027 if docker_registry else \u0027\u0027 }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ skydive_install_type }}-skydive-agent\""},{"line_number":46,"context_line":"skydive_agent_tag: \"{{ skydive_tag }}\""},{"line_number":47,"context_line":"skydive_agent_image_full: \"{{ skydive_agent_image }}:{{ skydive_agent_tag }}\""}],"source_content_type":"text/x-yaml","patch_set":65,"id":"77b8d383_654fa177","line":44,"range":{"start_line":44,"start_character":31,"end_line":44,"end_character":61},"updated":"2021-09-28 08:10:13.000000000","message":"keystone_admin_project","commit_id":"11adf2b2e15d78c35831f884a0e5db981adf7b3d"}],"ansible/roles/skydive/templates/skydive-agent.conf.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"97fef1fed85dd147b0a11b28a1b164f5a79c7857","unresolved":true,"context_lines":[{"line_number":49,"context_line":"      auth_url: {{ keystone_internal_url }}/v3"},{"line_number":50,"context_line":"      username: {{ openstack_auth[\u0027username\u0027] }}"},{"line_number":51,"context_line":"      password: {{ openstack_auth[\u0027password\u0027] }}"},{"line_number":52,"context_line":"      tenant_name: {{ openstack_auth[\u0027project_name\u0027] }}"},{"line_number":53,"context_line":"      region_name: {{ openstack_region_name }}"},{"line_number":54,"context_line":"      domain_name: Default"},{"line_number":55,"context_line":"      endpoint_type: internal"}],"source_content_type":"text/x-jinja2","patch_set":64,"id":"f34397ed_9dd900b1","side":"PARENT","line":52,"range":{"start_line":52,"start_character":22,"end_line":52,"end_character":52},"updated":"2021-09-27 15:21:13.000000000","message":"Should probably be skydive_admin_tenant_name","commit_id":"3455105321ba2e117ed3d2dbd2d5a47194cc1603"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"3ace42927695217042e1192f2edd57611c7e48df","unresolved":false,"context_lines":[{"line_number":49,"context_line":"      auth_url: {{ keystone_internal_url }}/v3"},{"line_number":50,"context_line":"      username: {{ openstack_auth[\u0027username\u0027] }}"},{"line_number":51,"context_line":"      password: {{ openstack_auth[\u0027password\u0027] }}"},{"line_number":52,"context_line":"      tenant_name: {{ openstack_auth[\u0027project_name\u0027] }}"},{"line_number":53,"context_line":"      region_name: {{ openstack_region_name }}"},{"line_number":54,"context_line":"      domain_name: Default"},{"line_number":55,"context_line":"      endpoint_type: internal"}],"source_content_type":"text/x-jinja2","patch_set":64,"id":"18589d26_dc3299b7","side":"PARENT","line":52,"range":{"start_line":52,"start_character":22,"end_line":52,"end_character":52},"in_reply_to":"f34397ed_9dd900b1","updated":"2021-09-27 16:31:24.000000000","message":"Done","commit_id":"3455105321ba2e117ed3d2dbd2d5a47194cc1603"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"97fef1fed85dd147b0a11b28a1b164f5a79c7857","unresolved":true,"context_lines":[{"line_number":49,"context_line":"      auth_url: {{ keystone_internal_url }}/v3"},{"line_number":50,"context_line":"      username: {{ openstack_auth[\u0027username\u0027] }}"},{"line_number":51,"context_line":"      password: {{ openstack_auth[\u0027password\u0027] }}"},{"line_number":52,"context_line":"      system_scope: {{ openstack_auth[\u0027system_scope\u0027] }}"},{"line_number":53,"context_line":"      region_name: {{ openstack_region_name }}"},{"line_number":54,"context_line":"      domain_name: Default"},{"line_number":55,"context_line":"      endpoint_type: internal"}],"source_content_type":"text/x-jinja2","patch_set":64,"id":"4e7d572b_4dd6116a","line":52,"range":{"start_line":52,"start_character":0,"end_line":52,"end_character":56},"updated":"2021-09-27 15:21:13.000000000","message":"I don\u0027t think it\u0027s supported. Better to revert this and add a TODO.\n\nhttps://github.com/skydive-project/skydive/blob/master/etc/skydive.yml.default#L236","commit_id":"4d726f4c06e1837ab04cab192da29504a702e5c5"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"3ace42927695217042e1192f2edd57611c7e48df","unresolved":false,"context_lines":[{"line_number":49,"context_line":"      auth_url: {{ keystone_internal_url }}/v3"},{"line_number":50,"context_line":"      username: {{ openstack_auth[\u0027username\u0027] }}"},{"line_number":51,"context_line":"      password: {{ openstack_auth[\u0027password\u0027] }}"},{"line_number":52,"context_line":"      system_scope: {{ openstack_auth[\u0027system_scope\u0027] }}"},{"line_number":53,"context_line":"      region_name: {{ openstack_region_name }}"},{"line_number":54,"context_line":"      domain_name: Default"},{"line_number":55,"context_line":"      endpoint_type: internal"}],"source_content_type":"text/x-jinja2","patch_set":64,"id":"e39d8815_54f7e716","line":52,"range":{"start_line":52,"start_character":0,"end_line":52,"end_character":56},"in_reply_to":"4e7d572b_4dd6116a","updated":"2021-09-27 16:31:24.000000000","message":"Done","commit_id":"4d726f4c06e1837ab04cab192da29504a702e5c5"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"78204322afb4e22933b384374042af7b2e405c8d","unresolved":true,"context_lines":[{"line_number":45,"context_line":"      - ovsdb"},{"line_number":46,"context_line":"{% endif %}"},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"### TODO migrate from tenant_name to system_scope when supported in skydive"},{"line_number":49,"context_line":"    neutron:"},{"line_number":50,"context_line":"      auth_url: {{ keystone_internal_url }}/v3"},{"line_number":51,"context_line":"      username: {{ openstack_auth[\u0027username\u0027] }}"}],"source_content_type":"text/x-jinja2","patch_set":66,"id":"6e5a46a4_7f11d313","line":48,"range":{"start_line":48,"start_character":4,"end_line":48,"end_character":75},"updated":"2021-09-30 08:05:53.000000000","message":"is there an issue raised in their Github repo which we could reference here?","commit_id":"2e933dceb591c3505f35c2c1de924f3978fb81a7"}],"ansible/roles/skydive/templates/skydive-analyzer.conf.j2":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"97fef1fed85dd147b0a11b28a1b164f5a79c7857","unresolved":true,"context_lines":[{"line_number":5,"context_line":"    type: keystone"},{"line_number":6,"context_line":"    auth_url: {{ keystone_internal_url }}/v3"},{"line_number":7,"context_line":"    region_name: {{ openstack_region_name }}"},{"line_number":8,"context_line":"    system_scope: {{ openstack_auth[\u0027system_scope\u0027] }}"},{"line_number":9,"context_line":"    domain_name: Default"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"logging:"}],"source_content_type":"text/x-jinja2","patch_set":64,"id":"7b066f5f_cec83627","line":8,"range":{"start_line":8,"start_character":0,"end_line":8,"end_character":54},"updated":"2021-09-27 15:21:13.000000000","message":"I don\u0027t think it\u0027s supported. Better to revert and add a TODO.\n\nhttps://github.com/skydive-project/skydive/blob/master/etc/skydive.yml.default#L495","commit_id":"4d726f4c06e1837ab04cab192da29504a702e5c5"}],"doc/source/user/multi-regions.rst":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"eba9c88e1456dc3e434cbf79dfa35ac657d43e79","unresolved":true,"context_lines":[{"line_number":73,"context_line":"   keystone_internal_url: \"{{ internal_protocol }}://{{ kolla_internal_fqdn_r1 }}:{{ keystone_public_port }}\""},{"line_number":74,"context_line":""},{"line_number":75,"context_line":"   openstack_auth:"},{"line_number":76,"context_line":"       auth_url: \"{{ admin_protocol }}://{{ kolla_internal_fqdn_r1 }}:{{ keystone_admin_port }}\""},{"line_number":77,"context_line":"       username: \"{{ keystone_admin_user }}\""},{"line_number":78,"context_line":"       password: \"{{ keystone_admin_password }}\""},{"line_number":79,"context_line":"       user_domain_name: \"{{ default_user_domain_name }}\""}],"source_content_type":"text/x-rst","patch_set":60,"id":"3aabf8da_bbb7d859","line":76,"range":{"start_line":76,"start_character":18,"end_line":76,"end_character":95},"updated":"2021-09-16 09:10:17.000000000","message":"keystone_admin_url","commit_id":"ddf1e4fc3da7869e0cf7381d0cca33c77bed8635"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"6f8166d4b89c5107f1c505398cd5199c81202b5a","unresolved":false,"context_lines":[{"line_number":73,"context_line":"   keystone_internal_url: \"{{ internal_protocol }}://{{ kolla_internal_fqdn_r1 }}:{{ keystone_public_port }}\""},{"line_number":74,"context_line":""},{"line_number":75,"context_line":"   openstack_auth:"},{"line_number":76,"context_line":"       auth_url: \"{{ admin_protocol }}://{{ kolla_internal_fqdn_r1 }}:{{ keystone_admin_port }}\""},{"line_number":77,"context_line":"       username: \"{{ keystone_admin_user }}\""},{"line_number":78,"context_line":"       password: \"{{ keystone_admin_password }}\""},{"line_number":79,"context_line":"       user_domain_name: \"{{ default_user_domain_name }}\""}],"source_content_type":"text/x-rst","patch_set":60,"id":"5b3fc42a_2de4416c","line":76,"range":{"start_line":76,"start_character":18,"end_line":76,"end_character":95},"in_reply_to":"3aabf8da_bbb7d859","updated":"2021-09-16 17:54:06.000000000","message":"Done","commit_id":"ddf1e4fc3da7869e0cf7381d0cca33c77bed8635"}],"releasenotes/notes/move-keystone-user-auth-to-system-scope-900db3265861ebde.yaml":[{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"08d2e2d63237cce4732f8943d245f17f3f37024c","unresolved":true,"context_lines":[{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - Since Queens, the keystone-manage bootstrap command assigns the admin role"},{"line_number":4,"context_line":"    to the admin user with system scope as well as in the admin project. This"},{"line_number":5,"context_line":"    patch transitions the Keystone admin user from authenticating using project"},{"line_number":6,"context_line":"    scoped tokens to system scoped tokens. This is a necessary step towards"},{"line_number":7,"context_line":"    being able to enable the updated olso policies in services that allow finer"},{"line_number":8,"context_line":"    grain access to system-level resources and APIs."}],"source_content_type":"text/x-yaml","patch_set":63,"id":"29c8df27_2e682aab","line":5,"updated":"2021-09-22 20:48:39.000000000","message":"\"This patch\" has no context in the final reno. \"This release\" would seem better.","commit_id":"e4e18fa6ba6697d5c9fa53da1b27dbc2449ac66f"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"6b948adab5bb3d68ae4890ca3bc82242ab69ae61","unresolved":false,"context_lines":[{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - Since Queens, the keystone-manage bootstrap command assigns the admin role"},{"line_number":4,"context_line":"    to the admin user with system scope as well as in the admin project. This"},{"line_number":5,"context_line":"    patch transitions the Keystone admin user from authenticating using project"},{"line_number":6,"context_line":"    scoped tokens to system scoped tokens. This is a necessary step towards"},{"line_number":7,"context_line":"    being able to enable the updated olso policies in services that allow finer"},{"line_number":8,"context_line":"    grain access to system-level resources and APIs."}],"source_content_type":"text/x-yaml","patch_set":63,"id":"aa12eab3_bd0a9e12","line":5,"in_reply_to":"29c8df27_2e682aab","updated":"2021-09-24 16:18:44.000000000","message":"Done","commit_id":"e4e18fa6ba6697d5c9fa53da1b27dbc2449ac66f"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"08d2e2d63237cce4732f8943d245f17f3f37024c","unresolved":true,"context_lines":[{"line_number":4,"context_line":"    to the admin user with system scope as well as in the admin project. This"},{"line_number":5,"context_line":"    patch transitions the Keystone admin user from authenticating using project"},{"line_number":6,"context_line":"    scoped tokens to system scoped tokens. This is a necessary step towards"},{"line_number":7,"context_line":"    being able to enable the updated olso policies in services that allow finer"},{"line_number":8,"context_line":"    grain access to system-level resources and APIs."}],"source_content_type":"text/x-yaml","patch_set":63,"id":"dd039518_c0f0402a","line":7,"range":{"start_line":7,"start_character":37,"end_line":7,"end_character":41},"updated":"2021-09-22 20:48:39.000000000","message":"oslo","commit_id":"e4e18fa6ba6697d5c9fa53da1b27dbc2449ac66f"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"6b948adab5bb3d68ae4890ca3bc82242ab69ae61","unresolved":false,"context_lines":[{"line_number":4,"context_line":"    to the admin user with system scope as well as in the admin project. This"},{"line_number":5,"context_line":"    patch transitions the Keystone admin user from authenticating using project"},{"line_number":6,"context_line":"    scoped tokens to system scoped tokens. This is a necessary step towards"},{"line_number":7,"context_line":"    being able to enable the updated olso policies in services that allow finer"},{"line_number":8,"context_line":"    grain access to system-level resources and APIs."}],"source_content_type":"text/x-yaml","patch_set":63,"id":"40f4a65b_714a4389","line":7,"range":{"start_line":7,"start_character":37,"end_line":7,"end_character":41},"in_reply_to":"dd039518_c0f0402a","updated":"2021-09-24 16:18:44.000000000","message":"Done","commit_id":"e4e18fa6ba6697d5c9fa53da1b27dbc2449ac66f"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"08d2e2d63237cce4732f8943d245f17f3f37024c","unresolved":true,"context_lines":[{"line_number":5,"context_line":"    patch transitions the Keystone admin user from authenticating using project"},{"line_number":6,"context_line":"    scoped tokens to system scoped tokens. This is a necessary step towards"},{"line_number":7,"context_line":"    being able to enable the updated olso policies in services that allow finer"},{"line_number":8,"context_line":"    grain access to system-level resources and APIs."}],"source_content_type":"text/x-yaml","patch_set":63,"id":"e8201334_f92da77c","line":8,"range":{"start_line":8,"start_character":4,"end_line":8,"end_character":9},"updated":"2021-09-22 20:48:39.000000000","message":"grained","commit_id":"e4e18fa6ba6697d5c9fa53da1b27dbc2449ac66f"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"6b948adab5bb3d68ae4890ca3bc82242ab69ae61","unresolved":false,"context_lines":[{"line_number":5,"context_line":"    patch transitions the Keystone admin user from authenticating using project"},{"line_number":6,"context_line":"    scoped tokens to system scoped tokens. This is a necessary step towards"},{"line_number":7,"context_line":"    being able to enable the updated olso policies in services that allow finer"},{"line_number":8,"context_line":"    grain access to system-level resources and APIs."}],"source_content_type":"text/x-yaml","patch_set":63,"id":"2b921318_b4607e3b","line":8,"range":{"start_line":8,"start_character":4,"end_line":8,"end_character":9},"in_reply_to":"e8201334_f92da77c","updated":"2021-09-24 16:18:44.000000000","message":"Done","commit_id":"e4e18fa6ba6697d5c9fa53da1b27dbc2449ac66f"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"97fef1fed85dd147b0a11b28a1b164f5a79c7857","unresolved":true,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - Since Queens, the keystone-manage bootstrap command assigns the admin role"},{"line_number":4,"context_line":"    to the admin user with system scope as well as in the admin project. Now"},{"line_number":5,"context_line":"    the Keystone admin user will authenticate using system scoped tokens"}],"source_content_type":"text/x-yaml","patch_set":64,"id":"3431a371_36c559fe","line":2,"updated":"2021-09-27 15:21:13.000000000","message":"Ideally we\u0027d have an initial sentence that summarises the change, rather than getting bogged down in the weeds:\n\nTransitions to using system-scoped tokens when authenticating as the Keystone admin user. This is a necessary step towards being able to enable the updated oslo policies in services that allow finer grained access to system-level resources and APIs. Since Queens, the admin role is assigned to the admin user with system scope as well as in the admin project.","commit_id":"4d726f4c06e1837ab04cab192da29504a702e5c5"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"3ace42927695217042e1192f2edd57611c7e48df","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - Since Queens, the keystone-manage bootstrap command assigns the admin role"},{"line_number":4,"context_line":"    to the admin user with system scope as well as in the admin project. Now"},{"line_number":5,"context_line":"    the Keystone admin user will authenticate using system scoped tokens"}],"source_content_type":"text/x-yaml","patch_set":64,"id":"494fe0d1_10dd51e8","line":2,"in_reply_to":"3431a371_36c559fe","updated":"2021-09-27 16:31:24.000000000","message":"Done","commit_id":"4d726f4c06e1837ab04cab192da29504a702e5c5"}],"tests/test-core-openstack.sh":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"27f5333c38dc91e58a11eb33a4e3df14e71eea7b","unresolved":true,"context_lines":[{"line_number":167,"context_line":""},{"line_number":168,"context_line":"function test_openstack_logged {"},{"line_number":169,"context_line":"    # Get project scoped authorization"},{"line_number":170,"context_line":"    . /etc/kolla/admin-openrc.sh"},{"line_number":171,"context_line":"    export OS_PROJECT_DOMAIN_NAME\u003dDefault"},{"line_number":172,"context_line":"    export OS_PROJECT_NAME\u003dadmin"},{"line_number":173,"context_line":"    . ~/openstackclient-venv/bin/activate"}],"source_content_type":"text/x-sh","patch_set":29,"id":"e3dfeae4_67e49be0","line":170,"range":{"start_line":170,"start_character":6,"end_line":170,"end_character":32},"updated":"2021-07-29 10:59:52.000000000","message":"Perhaps it should accept an argument that determines the scope? Maybe check what devstack does.","commit_id":"2c91e485663656bf6de20a95dd34c51ea4a3ae63"}],"tests/test-ironic.sh":[{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"dadf9d01b1248c7a4522e8d893a53d47ae87f1e8","unresolved":false,"context_lines":[{"line_number":19,"context_line":"    curl -L -o jq https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64"},{"line_number":20,"context_line":"    chmod +x jq"},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"    # Get system scoped authorization"},{"line_number":23,"context_line":"    . /etc/kolla/admin-openrc.sh"},{"line_number":24,"context_line":""},{"line_number":25,"context_line":"    # TODO(mgoddard): switch to Placement OSC plugin, once it exists"},{"line_number":26,"context_line":"    local token"},{"line_number":27,"context_line":"    token\u003d$(openstack token issue -f value -c id)"},{"line_number":28,"context_line":"    local endpoint"},{"line_number":29,"context_line":"    endpoint\u003d$(openstack endpoint list --service placement --interface public -f value -c URL)"},{"line_number":30,"context_line":"    if [[ -z $endpoint ]]; then"},{"line_number":31,"context_line":"        echo \"Cannot find Placement API endpoint\""},{"line_number":32,"context_line":"        return 1"},{"line_number":33,"context_line":"    fi"},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"    # Get project scoped authorization again"},{"line_number":36,"context_line":"    . /etc/kolla/admin-openrc.sh"},{"line_number":37,"context_line":"    export OS_PROJECT_DOMAIN_NAME\u003dDefault"},{"line_number":38,"context_line":"    export OS_PROJECT_NAME\u003dadmin"},{"line_number":39,"context_line":""},{"line_number":40,"context_line":"    local i"},{"line_number":41,"context_line":"    local count"}],"source_content_type":"text/x-sh","patch_set":22,"id":"3fa7e38b_b50d1536","line":38,"range":{"start_line":22,"start_character":0,"end_line":38,"end_character":32},"updated":"2019-11-22 07:48:32.000000000","message":"I would prefer to just unset these variables to regain system scoping - we know what we are changing, no need to source variables again","commit_id":"d78a4b446af7c6e0f15250e70142f31b426401c3"}],"tests/test-magnum.sh":[{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"e606b92648831defb9e0cd6112e0401bbae2f773","unresolved":true,"context_lines":[{"line_number":59,"context_line":"}"},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"function test_magnum_logged {"},{"line_number":62,"context_line":"    . /etc/kolla/admin-openrc-system-scope.sh"},{"line_number":63,"context_line":"    . ~/openstackclient-venv/bin/activate"},{"line_number":64,"context_line":"    test_magnum_clusters"},{"line_number":65,"context_line":"    test_designate"}],"source_content_type":"text/x-sh","patch_set":43,"id":"b6bcb37d_c5e01462","line":62,"updated":"2021-08-31 15:42:51.000000000","message":"same here rename please","commit_id":"fbd332082b8563016b5771e6098c9a0207fd15b5"}],"tests/test-openstack.sh":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"eba9c88e1456dc3e434cbf79dfa35ac657d43e79","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":60,"id":"7910f96d_47e18a91","updated":"2021-09-16 09:10:17.000000000","message":"New file?","commit_id":"ddf1e4fc3da7869e0cf7381d0cca33c77bed8635"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"6f8166d4b89c5107f1c505398cd5199c81202b5a","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":60,"id":"79cdf5df_14630d20","in_reply_to":"7910f96d_47e18a91","updated":"2021-09-16 17:54:06.000000000","message":"Done","commit_id":"ddf1e4fc3da7869e0cf7381d0cca33c77bed8635"}],"tests/test-scenario-nfv.sh":[{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"08d2e2d63237cce4732f8943d245f17f3f37024c","unresolved":true,"context_lines":[{"line_number":6,"context_line":"# Enable unbuffered output for Ansible in Jenkins."},{"line_number":7,"context_line":"export PYTHONUNBUFFERED\u003d1"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"function test_tacker {"},{"line_number":11,"context_line":"    echo \"TESTING: Tacker VIM,VNFD and VNF creation\""},{"line_number":12,"context_line":"    sh contrib/demos/tacker/deploy-tacker-demo"}],"source_content_type":"text/x-sh","patch_set":63,"id":"dc569fbf_a9028d68","side":"PARENT","line":9,"updated":"2021-09-22 20:48:39.000000000","message":"Unrelated/unneeded?","commit_id":"3455105321ba2e117ed3d2dbd2d5a47194cc1603"},{"author":{"_account_id":30810,"name":"James Kirsch","email":"generalfuzz@gmail.com","username":"generalfuzz"},"change_message_id":"6b948adab5bb3d68ae4890ca3bc82242ab69ae61","unresolved":false,"context_lines":[{"line_number":6,"context_line":"# Enable unbuffered output for Ansible in Jenkins."},{"line_number":7,"context_line":"export PYTHONUNBUFFERED\u003d1"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"function test_tacker {"},{"line_number":11,"context_line":"    echo \"TESTING: Tacker VIM,VNFD and VNF creation\""},{"line_number":12,"context_line":"    sh contrib/demos/tacker/deploy-tacker-demo"}],"source_content_type":"text/x-sh","patch_set":63,"id":"e2defda4_0e8b56ab","side":"PARENT","line":9,"in_reply_to":"dc569fbf_a9028d68","updated":"2021-09-24 16:18:44.000000000","message":"Done","commit_id":"3455105321ba2e117ed3d2dbd2d5a47194cc1603"}],"tests/test-swift.sh":[{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"e606b92648831defb9e0cd6112e0401bbae2f773","unresolved":true,"context_lines":[{"line_number":7,"context_line":""},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"function test_swift_logged {"},{"line_number":10,"context_line":"    . /etc/kolla/admin-openrc-system-scope.sh"},{"line_number":11,"context_line":"    . ~/openstackclient-venv/bin/activate"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"    echo \"TESTING: Swift\""}],"source_content_type":"text/x-sh","patch_set":43,"id":"528b53c9_868cb8e3","line":10,"updated":"2021-08-31 15:42:51.000000000","message":"ditto","commit_id":"fbd332082b8563016b5771e6098c9a0207fd15b5"}],"tests/test-zun.sh":[{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"e606b92648831defb9e0cd6112e0401bbae2f773","unresolved":true,"context_lines":[{"line_number":6,"context_line":"export PYTHONUNBUFFERED\u003d1"},{"line_number":7,"context_line":""},{"line_number":8,"context_line":"function test_zun_logged {"},{"line_number":9,"context_line":"    . /etc/kolla/admin-openrc-system-scope.sh"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"    . ~/openstackclient-venv/bin/activate"},{"line_number":12,"context_line":""}],"source_content_type":"text/x-sh","patch_set":43,"id":"250c3a65_acfc2f61","line":9,"updated":"2021-08-31 15:42:51.000000000","message":"ditto","commit_id":"fbd332082b8563016b5771e6098c9a0207fd15b5"}],"tools/init-runonce":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"27f5333c38dc91e58a11eb33a4e3df14e71eea7b","unresolved":true,"context_lines":[{"line_number":25,"context_line":"IMAGE_TYPE\u003dlinux"},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"# Get project scoped authorization"},{"line_number":28,"context_line":". /etc/kolla/admin-openrc.sh"},{"line_number":29,"context_line":"export OS_PROJECT_DOMAIN_NAME\u003dDefault"},{"line_number":30,"context_line":"export OS_PROJECT_NAME\u003dadmin"},{"line_number":31,"context_line":""}],"source_content_type":"application/x-shellscript","patch_set":29,"id":"cfbc1feb_04c20141","line":28,"range":{"start_line":28,"start_character":2,"end_line":28,"end_character":28},"updated":"2021-07-29 10:59:52.000000000","message":"This script assumes the env vars are set already.","commit_id":"2c91e485663656bf6de20a95dd34c51ea4a3ae63"},{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"83e3b20a631f65438c03ed1f5aebece9ca0a30bb","unresolved":true,"context_lines":[{"line_number":94,"context_line":"    $KOLLA_OPENSTACK_COMMAND router set --external-gateway public1 demo-router"},{"line_number":95,"context_line":"fi"},{"line_number":96,"context_line":""},{"line_number":97,"context_line":"# Get admin user and tenant IDs"},{"line_number":98,"context_line":"ADMIN_PROJECT_ID\u003d$($KOLLA_OPENSTACK_COMMAND project list | awk \u0027/ admin / {print $2}\u0027)"},{"line_number":99,"context_line":"ADMIN_SEC_GROUP\u003d$($KOLLA_OPENSTACK_COMMAND security group list --project ${ADMIN_PROJECT_ID} | awk \u0027/ default / {print $2}\u0027)"},{"line_number":100,"context_line":""}],"source_content_type":"application/octet-stream","patch_set":66,"id":"0dfa43cb_2fa224f0","line":97,"range":{"start_line":97,"start_character":12,"end_line":97,"end_character":27},"updated":"2021-09-30 09:48:03.000000000","message":"nit: now this comment is wrong","commit_id":"2e933dceb591c3505f35c2c1de924f3978fb81a7"}]}