)]}'
{"specs/newton/approved/vnc-fernet-tokens.rst":[{"author":{"_account_id":6849,"name":"Roman Podoliaka","email":"roman.podoliaka@gmail.com","username":"rpodolyaka"},"change_message_id":"56a0b3c35ec96cfe3ebb887713813a11ab4fea0b","unresolved":false,"context_lines":[{"line_number":18,"context_line":"Problem description"},{"line_number":19,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"In HA mode tokens for vnc console are not shared actually. So user needs"},{"line_number":22,"context_line":"to reload page several times until it will be pointed to correct node with"},{"line_number":23,"context_line":"this token."},{"line_number":24,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"bab6814e_a120859c","line":21,"updated":"2016-05-25 13:29:26.000000000","message":"So this won\u0027t be true after implementation for https://review.openstack.org/#/c/301158/ is merged.","commit_id":"feed0011b5b49ec920fa88d8b0e3a70a558abb4c"},{"author":{"_account_id":12712,"name":"Gleb Stepanov","email":"gstepanov@mirantis.com","username":"stgleb"},"change_message_id":"bcfd536b7a8372798ca9dbd1b3a77026d268c451","unresolved":false,"context_lines":[{"line_number":18,"context_line":"Problem description"},{"line_number":19,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"In HA mode tokens for vnc console are not shared actually. So user needs"},{"line_number":22,"context_line":"to reload page several times until it will be pointed to correct node with"},{"line_number":23,"context_line":"this token."},{"line_number":24,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"bab6814e_75e9331a","line":21,"in_reply_to":"bab6814e_a120859c","updated":"2016-05-25 14:13:07.000000000","message":"Yep, true","commit_id":"feed0011b5b49ec920fa88d8b0e3a70a558abb4c"},{"author":{"_account_id":6849,"name":"Roman Podoliaka","email":"roman.podoliaka@gmail.com","username":"rpodolyaka"},"change_message_id":"56a0b3c35ec96cfe3ebb887713813a11ab4fea0b","unresolved":false,"context_lines":[{"line_number":25,"context_line":"Use Cases"},{"line_number":26,"context_line":"---------"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"What use cases does this address? What impact on actors does this change have?"},{"line_number":29,"context_line":"Ensure you are clear about the actors in each use case: Developer, End User,"},{"line_number":30,"context_line":"Deployer etc."},{"line_number":31,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"bab6814e_4150b90a","line":28,"updated":"2016-05-25 13:29:26.000000000","message":"this should be updated","commit_id":"feed0011b5b49ec920fa88d8b0e3a70a558abb4c"},{"author":{"_account_id":12712,"name":"Gleb Stepanov","email":"gstepanov@mirantis.com","username":"stgleb"},"change_message_id":"bcfd536b7a8372798ca9dbd1b3a77026d268c451","unresolved":false,"context_lines":[{"line_number":25,"context_line":"Use Cases"},{"line_number":26,"context_line":"---------"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"What use cases does this address? What impact on actors does this change have?"},{"line_number":29,"context_line":"Ensure you are clear about the actors in each use case: Developer, End User,"},{"line_number":30,"context_line":"Deployer etc."},{"line_number":31,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"bab6814e_d591ff9b","line":28,"in_reply_to":"bab6814e_4150b90a","updated":"2016-05-25 14:13:07.000000000","message":"Oh, sorry i\u0027ve missed that.","commit_id":"feed0011b5b49ec920fa88d8b0e3a70a558abb4c"},{"author":{"_account_id":6849,"name":"Roman Podoliaka","email":"roman.podoliaka@gmail.com","username":"rpodolyaka"},"change_message_id":"56a0b3c35ec96cfe3ebb887713813a11ab4fea0b","unresolved":false,"context_lines":[{"line_number":40,"context_line":"Alternatives"},{"line_number":41,"context_line":"------------"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"Use distributed cache for storing vnc access tokens to share it among"},{"line_number":44,"context_line":"controllers."},{"line_number":45,"context_line":""},{"line_number":46,"context_line":"Data model impact"}],"source_content_type":"text/x-rst","patch_set":1,"id":"bab6814e_a1a52505","line":43,"updated":"2016-05-25 13:29:26.000000000","message":"https://review.openstack.org/#/c/301158/ provides another alternative - you should go over pros and cons of both solutions.","commit_id":"feed0011b5b49ec920fa88d8b0e3a70a558abb4c"},{"author":{"_account_id":6849,"name":"Roman Podoliaka","email":"roman.podoliaka@gmail.com","username":"rpodolyaka"},"change_message_id":"56a0b3c35ec96cfe3ebb887713813a11ab4fea0b","unresolved":false,"context_lines":[{"line_number":55,"context_line":""},{"line_number":56,"context_line":"Security impact"},{"line_number":57,"context_line":"---------------"},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"None"},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"Notifications impact"}],"source_content_type":"text/x-rst","patch_set":1,"id":"bab6814e_21c5b53b","line":58,"updated":"2016-05-25 13:29:26.000000000","message":"You definitely should elaborate a bit more on this: what the differences between what we have now and what this spec proposes are, etc","commit_id":"feed0011b5b49ec920fa88d8b0e3a70a558abb4c"},{"author":{"_account_id":6849,"name":"Roman Podoliaka","email":"roman.podoliaka@gmail.com","username":"rpodolyaka"},"change_message_id":"56a0b3c35ec96cfe3ebb887713813a11ab4fea0b","unresolved":false,"context_lines":[{"line_number":71,"context_line":"Performance Impact"},{"line_number":72,"context_line":"------------------"},{"line_number":73,"context_line":""},{"line_number":74,"context_line":"Performance can subtly degrade due to overhead on encryption and decryption"},{"line_number":75,"context_line":"during authorizing token. But this won\u0027t affect performance very much because"},{"line_number":76,"context_line":"vnc in not used very often."},{"line_number":77,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"bab6814e_21e81510","line":74,"updated":"2016-05-25 13:29:26.000000000","message":"numbers observed on a POC implementation would be great to have, but overall, I agree, that this must not make a difference","commit_id":"feed0011b5b49ec920fa88d8b0e3a70a558abb4c"},{"author":{"_account_id":12712,"name":"Gleb Stepanov","email":"gstepanov@mirantis.com","username":"stgleb"},"change_message_id":"bcfd536b7a8372798ca9dbd1b3a77026d268c451","unresolved":false,"context_lines":[{"line_number":71,"context_line":"Performance Impact"},{"line_number":72,"context_line":"------------------"},{"line_number":73,"context_line":""},{"line_number":74,"context_line":"Performance can subtly degrade due to overhead on encryption and decryption"},{"line_number":75,"context_line":"during authorizing token. But this won\u0027t affect performance very much because"},{"line_number":76,"context_line":"vnc in not used very often."},{"line_number":77,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"bab6814e_35e84b10","line":74,"in_reply_to":"bab6814e_21e81510","updated":"2016-05-25 14:13:07.000000000","message":"Yep, but i have not POC yet.","commit_id":"feed0011b5b49ec920fa88d8b0e3a70a558abb4c"},{"author":{"_account_id":6849,"name":"Roman Podoliaka","email":"roman.podoliaka@gmail.com","username":"rpodolyaka"},"change_message_id":"56a0b3c35ec96cfe3ebb887713813a11ab4fea0b","unresolved":false,"context_lines":[{"line_number":78,"context_line":"Other deployer impact"},{"line_number":79,"context_line":"---------------------"},{"line_number":80,"context_line":""},{"line_number":81,"context_line":"In case of high available deployment keystone should be configured with fernet"},{"line_number":82,"context_line":"token provider."},{"line_number":83,"context_line":""},{"line_number":84,"context_line":"Developer impact"}],"source_content_type":"text/x-rst","patch_set":1,"id":"bab6814e_019b5173","line":81,"updated":"2016-05-25 13:29:26.000000000","message":"you should describe the upgrade case here, when you want to switch from storing tokens in memcache to fernet tokens (at least the order in which services must be upgraded/restarted as does https://review.openstack.org/#/c/301158/)","commit_id":"feed0011b5b49ec920fa88d8b0e3a70a558abb4c"},{"author":{"_account_id":6849,"name":"Roman Podoliaka","email":"roman.podoliaka@gmail.com","username":"rpodolyaka"},"change_message_id":"56a0b3c35ec96cfe3ebb887713813a11ab4fea0b","unresolved":false,"context_lines":[{"line_number":102,"context_line":"Work Items"},{"line_number":103,"context_line":"----------"},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"Work items or tasks -- break the feature up into the things that need to be"},{"line_number":106,"context_line":"done to implement it. Those parts might end up being done by different people,"},{"line_number":107,"context_line":"but we\u0027re mostly trying to understand the timeline for implementation."},{"line_number":108,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"bab6814e_01ffd1aa","line":105,"updated":"2016-05-25 13:29:26.000000000","message":"this should be updated","commit_id":"feed0011b5b49ec920fa88d8b0e3a70a558abb4c"},{"author":{"_account_id":6849,"name":"Roman Podoliaka","email":"roman.podoliaka@gmail.com","username":"rpodolyaka"},"change_message_id":"56a0b3c35ec96cfe3ebb887713813a11ab4fea0b","unresolved":false,"context_lines":[{"line_number":116,"context_line":"Testing"},{"line_number":117,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":118,"context_line":""},{"line_number":119,"context_line":"Deploy openstack in high available configuration, check that vnc console"},{"line_number":120,"context_line":"in horizon work properly even after a few page reloads (case when request is"},{"line_number":121,"context_line":"sent to another controller)."},{"line_number":122,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"bab6814e_6105fdc0","line":119,"updated":"2016-05-25 13:29:26.000000000","message":"you should also account for the case of testing this in the upstream gate, which usually has only 1-2 nodes","commit_id":"feed0011b5b49ec920fa88d8b0e3a70a558abb4c"},{"author":{"_account_id":5441,"name":"Andrew Laski","email":"andrew@lascii.com","username":"alaski"},"change_message_id":"91a74bc761a7e09e66306910c2375b632ccb9de9","unresolved":false,"context_lines":[{"line_number":36,"context_line":"Usage of fernet tokens will allow to authenticate tokens on any controller"},{"line_number":37,"context_line":"node in high available configuration. It doesn\u0027t need to share tokens between"},{"line_number":38,"context_line":"controller."},{"line_number":39,"context_line":""},{"line_number":40,"context_line":"Alternatives"},{"line_number":41,"context_line":"------------"},{"line_number":42,"context_line":"Right now it will be solved by adding new ConsoleConnection type"}],"source_content_type":"text/x-rst","patch_set":2,"id":"9abb7d3a_1e9b3f19","line":39,"updated":"2016-06-01 14:56:42.000000000","message":"This could use a lot more detail. How would a client get and use a token? How does their expiration time differ from now? What code needs to be added in order to make this work?","commit_id":"3ffaf8f06486239d19386fcc68fd419cd502571f"},{"author":{"_account_id":6804,"name":"bruce-benjamin","email":"bruce.benjamin@jhuapl.edu","username":"bruce-benjamin"},"change_message_id":"cf6a8f407b03e44e5c1edcf638d432dff81eebb8","unresolved":false,"context_lines":[{"line_number":108,"context_line":""},{"line_number":109,"context_line":"Work items or tasks -- break the feature up into the things that need to be"},{"line_number":110,"context_line":"done to implement it. Those parts might end up being done by different people,"},{"line_number":111,"context_line":"but we\u0027re mostly trying to understand the timeline for implementation."},{"line_number":112,"context_line":""},{"line_number":113,"context_line":""},{"line_number":114,"context_line":"Dependencies"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3aaa91ec_840dda39","line":111,"range":{"start_line":111,"start_character":69,"end_line":111,"end_character":70},"updated":"2016-06-27 22:37:04.000000000","message":"You need to include your plan here.  Overall, you need more detail throughout this document.","commit_id":"3ffaf8f06486239d19386fcc68fd419cd502571f"},{"author":{"_account_id":6804,"name":"bruce-benjamin","email":"bruce.benjamin@jhuapl.edu","username":"bruce-benjamin"},"change_message_id":"cf6a8f407b03e44e5c1edcf638d432dff81eebb8","unresolved":false,"context_lines":[{"line_number":130,"context_line":""},{"line_number":131,"context_line":"None"},{"line_number":132,"context_line":""},{"line_number":133,"context_line":"References"},{"line_number":134,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":135,"context_line":""},{"line_number":136,"context_line":"None"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3aaa91ec_0448ca5a","line":133,"range":{"start_line":133,"start_character":0,"end_line":133,"end_character":10},"updated":"2016-06-27 22:37:04.000000000","message":"I believe you definitely need to refer to some related fernet documentation (as a minimum.)","commit_id":"3ffaf8f06486239d19386fcc68fd419cd502571f"}]}