)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":15197,"name":"Pierre Riteau","email":"pierre@stackhpc.com","username":"priteau","status":"StackHPC"},"change_message_id":"f94cb30140fd467a713e1bdf3e87e31a4315160e","unresolved":true,"context_lines":[{"line_number":4,"context_line":"Commit:     Michael Sherman \u003cshermanm@uchicago.edu\u003e"},{"line_number":5,"context_line":"CommitDate: 2025-05-08 12:25:18 -0500"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"[keystone]: allow use of OIDCProviderMetadataURL"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"When only a single provider is used,  OIDCProviderMetadataURL allows"},{"line_number":10,"context_line":"mod_auth_openidc to look up the provider metadata, instead of needing"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"177bdc08_7148dda7","line":7,"range":{"start_line":7,"start_character":0,"end_line":7,"end_character":11},"updated":"2025-05-09 07:05:40.000000000","message":"Nit: we would normally use `keystone:` or `[keystone]`, but not both markers","commit_id":"bedcde0b010d8d30c02cf3bbd377de33938ee3a1"},{"author":{"_account_id":35366,"name":"Michael Sherman","email":"shermanm@uchicago.edu","username":"shermanm"},"change_message_id":"d72c33c432a59302b06e3aef24cd0c211384ea26","unresolved":false,"context_lines":[{"line_number":4,"context_line":"Commit:     Michael Sherman \u003cshermanm@uchicago.edu\u003e"},{"line_number":5,"context_line":"CommitDate: 2025-05-08 12:25:18 -0500"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"[keystone]: allow use of OIDCProviderMetadataURL"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"When only a single provider is used,  OIDCProviderMetadataURL allows"},{"line_number":10,"context_line":"mod_auth_openidc to look up the provider metadata, instead of needing"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"2bf05a95_a9b500e1","line":7,"range":{"start_line":7,"start_character":0,"end_line":7,"end_character":11},"in_reply_to":"177bdc08_7148dda7","updated":"2025-05-09 15:13:51.000000000","message":"Done","commit_id":"bedcde0b010d8d30c02cf3bbd377de33938ee3a1"},{"author":{"_account_id":15197,"name":"Pierre Riteau","email":"pierre@stackhpc.com","username":"priteau","status":"StackHPC"},"change_message_id":"f94cb30140fd467a713e1bdf3e87e31a4315160e","unresolved":true,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"[keystone]: allow use of OIDCProviderMetadataURL"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"When only a single provider is used,  OIDCProviderMetadataURL allows"},{"line_number":10,"context_line":"mod_auth_openidc to look up the provider metadata, instead of needing"},{"line_number":11,"context_line":"to pre-populate the metadata directory."},{"line_number":12,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"d73fbd43_bf976526","line":9,"range":{"start_line":9,"start_character":36,"end_line":9,"end_character":38},"updated":"2025-05-09 07:05:40.000000000","message":"Nit: remove double space","commit_id":"bedcde0b010d8d30c02cf3bbd377de33938ee3a1"},{"author":{"_account_id":35366,"name":"Michael Sherman","email":"shermanm@uchicago.edu","username":"shermanm"},"change_message_id":"d72c33c432a59302b06e3aef24cd0c211384ea26","unresolved":false,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"[keystone]: allow use of OIDCProviderMetadataURL"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"When only a single provider is used,  OIDCProviderMetadataURL allows"},{"line_number":10,"context_line":"mod_auth_openidc to look up the provider metadata, instead of needing"},{"line_number":11,"context_line":"to pre-populate the metadata directory."},{"line_number":12,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"2bd27d33_1b51b870","line":9,"range":{"start_line":9,"start_character":36,"end_line":9,"end_character":38},"in_reply_to":"d73fbd43_bf976526","updated":"2025-05-09 15:13:51.000000000","message":"Done","commit_id":"bedcde0b010d8d30c02cf3bbd377de33938ee3a1"},{"author":{"_account_id":15197,"name":"Pierre Riteau","email":"pierre@stackhpc.com","username":"priteau","status":"StackHPC"},"change_message_id":"f94cb30140fd467a713e1bdf3e87e31a4315160e","unresolved":true,"context_lines":[{"line_number":10,"context_line":"mod_auth_openidc to look up the provider metadata, instead of needing"},{"line_number":11,"context_line":"to pre-populate the metadata directory."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Closes-Bug: 2101870"},{"line_number":14,"context_line":"Change-Id: Id3c829825b7d48c2d2ee0fee244d747638678507"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"df83b29b_9efffd72","line":13,"range":{"start_line":13,"start_character":12,"end_line":13,"end_character":19},"updated":"2025-05-09 07:05:40.000000000","message":"Nit: `#2101870`","commit_id":"bedcde0b010d8d30c02cf3bbd377de33938ee3a1"},{"author":{"_account_id":35366,"name":"Michael Sherman","email":"shermanm@uchicago.edu","username":"shermanm"},"change_message_id":"d72c33c432a59302b06e3aef24cd0c211384ea26","unresolved":false,"context_lines":[{"line_number":10,"context_line":"mod_auth_openidc to look up the provider metadata, instead of needing"},{"line_number":11,"context_line":"to pre-populate the metadata directory."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Closes-Bug: 2101870"},{"line_number":14,"context_line":"Change-Id: Id3c829825b7d48c2d2ee0fee244d747638678507"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"956d3b56_dfb16972","line":13,"range":{"start_line":13,"start_character":12,"end_line":13,"end_character":19},"in_reply_to":"df83b29b_9efffd72","updated":"2025-05-09 15:13:51.000000000","message":"Done","commit_id":"bedcde0b010d8d30c02cf3bbd377de33938ee3a1"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":35366,"name":"Michael Sherman","email":"shermanm@uchicago.edu","username":"shermanm"},"change_message_id":"56b3951e601e951a3cd723790105263e99862822","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":1,"id":"9bb58baa_a28b58ab","updated":"2025-04-08 13:36:46.000000000","message":"I\u0027d appreciate feedback on \"best practices\" here, especially how to configure this cleanly.","commit_id":"a5e3e23038a5991405c17687a412c8998f88a5bf"},{"author":{"_account_id":35366,"name":"Michael Sherman","email":"shermanm@uchicago.edu","username":"shermanm"},"change_message_id":"b58fcbb2998bc231442b4578061f6bead5645093","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"c5d5fc95_dbe097b0","updated":"2025-04-22 20:09:52.000000000","message":"recheck due to disk full in zuul?","commit_id":"a5e3e23038a5991405c17687a412c8998f88a5bf"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"ae790da2d28e1c161b0588fb24451dec74af5df0","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"090b5ec8_31477898","updated":"2025-04-23 05:42:59.000000000","message":"shoudn\u0027t we need update documentation?","commit_id":"a5e3e23038a5991405c17687a412c8998f88a5bf"},{"author":{"_account_id":35366,"name":"Michael Sherman","email":"shermanm@uchicago.edu","username":"shermanm"},"change_message_id":"7ed9f4af07a93faefe113a2cbb6f20183195eca9","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"8ee134ed_07318a8e","in_reply_to":"0864c0aa_4b08aa15","updated":"2025-05-08 17:27:58.000000000","message":"Docs added.","commit_id":"a5e3e23038a5991405c17687a412c8998f88a5bf"},{"author":{"_account_id":35366,"name":"Michael Sherman","email":"shermanm@uchicago.edu","username":"shermanm"},"change_message_id":"064f7782b38d4faec6d96cd9c20495155c18253d","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":1,"id":"0864c0aa_4b08aa15","in_reply_to":"090b5ec8_31477898","updated":"2025-04-28 17:58:49.000000000","message":"you\u0027re totally right, I guess this deserves both docs and a changelog blurb.","commit_id":"a5e3e23038a5991405c17687a412c8998f88a5bf"},{"author":{"_account_id":35366,"name":"Michael Sherman","email":"shermanm@uchicago.edu","username":"shermanm"},"change_message_id":"56673e3ce0a26fc3a6a38c4d93e6b99a504c6145","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"311e85c0_1fd169ed","in_reply_to":"9bb58baa_a28b58ab","updated":"2025-04-22 20:09:05.000000000","message":"Done","commit_id":"a5e3e23038a5991405c17687a412c8998f88a5bf"}],"ansible/roles/keystone/tasks/config-federation-oidc.yml":[{"author":{"_account_id":35366,"name":"Michael Sherman","email":"shermanm@uchicago.edu","username":"shermanm"},"change_message_id":"064f7782b38d4faec6d96cd9c20495155c18253d","unresolved":true,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"- name: Remove OpenID certificate and metadata files"},{"line_number":3,"context_line":"  become: true"},{"line_number":4,"context_line":"  vars:"},{"line_number":5,"context_line":"    keystone: \"{{ keystone_services[\u0027keystone\u0027] }}\""}],"source_content_type":"text/x-yaml","patch_set":1,"id":"1f2cb9af_8b8a7166","line":2,"updated":"2025-04-28 17:58:49.000000000","message":"when OIDCProviderMetadataURL is in use, it may be possible to skip the deletion,creation,population of these metadata directories entirely, except for the attribute mappings.\n\nIs that something that should be included here, or left out for later work?","commit_id":"a5e3e23038a5991405c17687a412c8998f88a5bf"},{"author":{"_account_id":35366,"name":"Michael Sherman","email":"shermanm@uchicago.edu","username":"shermanm"},"change_message_id":"7ed9f4af07a93faefe113a2cbb6f20183195eca9","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"- name: Remove OpenID certificate and metadata files"},{"line_number":3,"context_line":"  become: true"},{"line_number":4,"context_line":"  vars:"},{"line_number":5,"context_line":"    keystone: \"{{ keystone_services[\u0027keystone\u0027] }}\""}],"source_content_type":"text/x-yaml","patch_set":1,"id":"cda10fa4_b863b03c","line":2,"in_reply_to":"1f2cb9af_8b8a7166","updated":"2025-05-08 17:27:58.000000000","message":"Done","commit_id":"a5e3e23038a5991405c17687a412c8998f88a5bf"}],"doc/source/reference/shared-services/keystone-guide.rst":[{"author":{"_account_id":15197,"name":"Pierre Riteau","email":"pierre@stackhpc.com","username":"priteau","status":"StackHPC"},"change_message_id":"f94cb30140fd467a713e1bdf3e87e31a4315160e","unresolved":true,"context_lines":[{"line_number":104,"context_line":"    keystone_federation_oidc_additional_options:"},{"line_number":105,"context_line":"      OIDCTokenBindingPolicy: disabled"},{"line_number":106,"context_line":""},{"line_number":107,"context_line":"Per the OIDC discovery spec: https://openid.net/specs/openid-connect-discovery-1_0.html "},{"line_number":108,"context_line":"Providers make metadata discoverable via a `well-known` endpoint. Instead of providing a"},{"line_number":109,"context_line":"metadata_folder, this well-known endpoint can be used by setting `keystone_federation_oidc_metadata_url`"},{"line_number":110,"context_line":""},{"line_number":111,"context_line":"Note 1: This is only applicable in the case where only one identity provider is in use."},{"line_number":112,"context_line":""},{"line_number":113,"context_line":"Note 2: keystone_federation_oidc_jwks_uri must also be set, as mod_auth_openidc does not use the "},{"line_number":114,"context_line":"  jwks_uri value from the .well-known endpoint for auth-openidc."},{"line_number":115,"context_line":""},{"line_number":116,"context_line":"Example configuration:"},{"line_number":117,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"58122cd3_8cf9d4c1","line":114,"range":{"start_line":107,"start_character":0,"end_line":114,"end_character":64},"updated":"2025-05-09 07:05:40.000000000","message":"Please remove trailing white space and wrap lines.","commit_id":"bedcde0b010d8d30c02cf3bbd377de33938ee3a1"},{"author":{"_account_id":35366,"name":"Michael Sherman","email":"shermanm@uchicago.edu","username":"shermanm"},"change_message_id":"d72c33c432a59302b06e3aef24cd0c211384ea26","unresolved":false,"context_lines":[{"line_number":104,"context_line":"    keystone_federation_oidc_additional_options:"},{"line_number":105,"context_line":"      OIDCTokenBindingPolicy: disabled"},{"line_number":106,"context_line":""},{"line_number":107,"context_line":"Per the OIDC discovery spec: https://openid.net/specs/openid-connect-discovery-1_0.html "},{"line_number":108,"context_line":"Providers make metadata discoverable via a `well-known` endpoint. Instead of providing a"},{"line_number":109,"context_line":"metadata_folder, this well-known endpoint can be used by setting `keystone_federation_oidc_metadata_url`"},{"line_number":110,"context_line":""},{"line_number":111,"context_line":"Note 1: This is only applicable in the case where only one identity provider is in use."},{"line_number":112,"context_line":""},{"line_number":113,"context_line":"Note 2: keystone_federation_oidc_jwks_uri must also be set, as mod_auth_openidc does not use the "},{"line_number":114,"context_line":"  jwks_uri value from the .well-known endpoint for auth-openidc."},{"line_number":115,"context_line":""},{"line_number":116,"context_line":"Example configuration:"},{"line_number":117,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"65d8b39e_94b0a12d","line":114,"range":{"start_line":107,"start_character":0,"end_line":114,"end_character":64},"in_reply_to":"58122cd3_8cf9d4c1","updated":"2025-05-09 15:13:51.000000000","message":"Done, also reworded to fit within line length better.","commit_id":"bedcde0b010d8d30c02cf3bbd377de33938ee3a1"}]}
