)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"7d08a09e4e7d55bdb60ee62ed08e4d1480c10061","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"70b5c7b4_7b574286","updated":"2023-11-07 08:48:47.000000000","message":"My -1 is due to the mismatch between the PTG discussion and the spec regarding the default value of the new config option","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":8864,"name":"Artom Lifshitz","email":"notartom@gmail.com","username":"artom"},"change_message_id":"f4d74c1042a09350cdc49ff7844a2de9588909df","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"f1be96a0_4808e9ad","updated":"2023-11-13 19:31:44.000000000","message":"There are already a lot of -1s here, so won\u0027t add my own. Just a note inline.","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"efb5298a8c44daa520b481f8a3a8c6800d11c782","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"30440d7e_3f7503d9","updated":"2023-12-19 16:15:02.000000000","message":"my concerns has been addressed","commit_id":"2a59cf0998deda81e8be7aa29a63f03bb5341462"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"8e35c0d0bf1ccdcd5690b7ead65f8ad31eb92af9","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"47cb7f5e_507c8666","updated":"2023-12-20 00:46:50.000000000","message":"there are still some nits but its not worth respinging to fix them","commit_id":"2a59cf0998deda81e8be7aa29a63f03bb5341462"}],"specs/2024.1/approved/enforce-remote-console-session-timeout.rst":[{"author":{"_account_id":34860,"name":"Amit Uniyal","email":"auniyal@redhat.com","username":"auniyal"},"change_message_id":"b52b77bed7763c202be2c9e94ee109ae895eb27d","unresolved":true,"context_lines":[{"line_number":73,"context_line":"  except Exception:"},{"line_number":74,"context_line":"      close_connection()"},{"line_number":75,"context_line":"      raise"},{"line_number":76,"context_line":""},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"Alternatives"},{"line_number":79,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"626296ac_90161e65","line":76,"updated":"2023-10-17 14:32:05.000000000","message":"I got some errors in logs and this example worked to some extent.\nbut it\u0027s still far from what we really want to implement.","commit_id":"579b0d9f467c3529214673717d0b0cc657f2c3ff"},{"author":{"_account_id":34860,"name":"Amit Uniyal","email":"auniyal@redhat.com","username":"auniyal"},"change_message_id":"1c1ce6c4e3eb249716ca1ec4d2b5a417840e43e5","unresolved":false,"context_lines":[{"line_number":73,"context_line":"  except Exception:"},{"line_number":74,"context_line":"      close_connection()"},{"line_number":75,"context_line":"      raise"},{"line_number":76,"context_line":""},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"Alternatives"},{"line_number":79,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"a8b65b0e_f0ba51a8","line":76,"in_reply_to":"626296ac_90161e65","updated":"2023-11-01 08:00:07.000000000","message":"Done","commit_id":"579b0d9f467c3529214673717d0b0cc657f2c3ff"},{"author":{"_account_id":34860,"name":"Amit Uniyal","email":"auniyal@redhat.com","username":"auniyal"},"change_message_id":"9611c9e44ee5f78d73c00a54b189812953b0cd88","unresolved":true,"context_lines":[{"line_number":50,"context_line":""},{"line_number":51,"context_line":"As of now, users can still access the console, even after the"},{"line_number":52,"context_line":"console authentication ttl has expired, until the console window or tab is refreshed."},{"line_number":53,"context_line":""},{"line_number":54,"context_line":"Use Cases"},{"line_number":55,"context_line":"---------"},{"line_number":56,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"851b66ac_cf844cf6","line":53,"updated":"2023-10-26 14:10:44.000000000","message":"from test, noticed `console url show` returns url for VM which do not have VNC server installed example: a VM created from ISO image, when I tried to use this URL, got Token validation failed.\n\nit did work when I tried to access from horizon.\n\nanother issue I noticed, just noting here for review comments.","commit_id":"6ba23839d8ca699bf693dc8e2aabe0b81d51356b"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"24a85c734fb494c6cc31da5493d49393cd10be4b","unresolved":false,"context_lines":[{"line_number":50,"context_line":""},{"line_number":51,"context_line":"As of now, users can still access the console, even after the"},{"line_number":52,"context_line":"console authentication ttl has expired, until the console window or tab is refreshed."},{"line_number":53,"context_line":""},{"line_number":54,"context_line":"Use Cases"},{"line_number":55,"context_line":"---------"},{"line_number":56,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"69fe5dd2_0fd2c31b","line":53,"in_reply_to":"851b66ac_cf844cf6","updated":"2023-11-07 14:54:32.000000000","message":"this is coverd by gibis comment\nthe console feature has no depency on the guest image used as its provided at the hypervior level external to the vm.","commit_id":"6ba23839d8ca699bf693dc8e2aabe0b81d51356b"},{"author":{"_account_id":34860,"name":"Amit Uniyal","email":"auniyal@redhat.com","username":"auniyal"},"change_message_id":"e16b824070f75600bf0569f3687b3e6a348ebd86","unresolved":true,"context_lines":[{"line_number":142,"context_line":"--------------"},{"line_number":143,"context_line":""},{"line_number":144,"context_line":"None"},{"line_number":145,"context_line":""},{"line_number":146,"context_line":""},{"line_number":147,"context_line":"Implementation"},{"line_number":148,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":3,"id":"b1b169fe_0716cf68","line":145,"updated":"2023-10-27 08:24:49.000000000","message":"On upgrade operator/deployer may need to consider how timer based session timeout impacts their existing configuration.","commit_id":"6ba23839d8ca699bf693dc8e2aabe0b81d51356b"},{"author":{"_account_id":34860,"name":"Amit Uniyal","email":"auniyal@redhat.com","username":"auniyal"},"change_message_id":"1c1ce6c4e3eb249716ca1ec4d2b5a417840e43e5","unresolved":false,"context_lines":[{"line_number":142,"context_line":"--------------"},{"line_number":143,"context_line":""},{"line_number":144,"context_line":"None"},{"line_number":145,"context_line":""},{"line_number":146,"context_line":""},{"line_number":147,"context_line":"Implementation"},{"line_number":148,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":3,"id":"e1d4e8d1_a1ee9678","line":145,"in_reply_to":"b1b169fe_0716cf68","updated":"2023-11-01 08:00:07.000000000","message":"this will be a optional funcitonality, so no upgrade impact.","commit_id":"6ba23839d8ca699bf693dc8e2aabe0b81d51356b"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"7d08a09e4e7d55bdb60ee62ed08e4d1480c10061","unresolved":true,"context_lines":[{"line_number":11,"context_line":"Currently providing vnc console consists 3 parts:"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"1 - Working VM Conosle."},{"line_number":14,"context_line":"  Once VM is created in the hypervisor, a VNC server is installed in it"},{"line_number":15,"context_line":"  (as per nova.conf). Operator can go to compute node and run"},{"line_number":16,"context_line":"  `virsh console instance-xxx`, and it will promt VM login console."},{"line_number":17,"context_line":"  That means we have a VM ready with working console."}],"source_content_type":"text/x-rst","patch_set":4,"id":"bb6e7bad_81b3745e","line":14,"range":{"start_line":14,"start_character":42,"end_line":14,"end_character":71},"updated":"2023-11-07 08:48:47.000000000","message":"nit: qemu itself implements and provides the VNC server. The guest VM does not aware of it and it does not need to install anything.","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"a8c6ee5d0ededb59e6e5b8cf18fd6638f41b2cf0","unresolved":false,"context_lines":[{"line_number":11,"context_line":"Currently providing vnc console consists 3 parts:"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"1 - Working VM Conosle."},{"line_number":14,"context_line":"  Once VM is created in the hypervisor, a VNC server is installed in it"},{"line_number":15,"context_line":"  (as per nova.conf). Operator can go to compute node and run"},{"line_number":16,"context_line":"  `virsh console instance-xxx`, and it will promt VM login console."},{"line_number":17,"context_line":"  That means we have a VM ready with working console."}],"source_content_type":"text/x-rst","patch_set":4,"id":"0ba75e38_7368f974","line":14,"range":{"start_line":14,"start_character":42,"end_line":14,"end_character":71},"in_reply_to":"4ebd8448_3ca8e997","updated":"2023-12-06 11:51:49.000000000","message":"Acknowledged","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":34860,"name":"Amit Uniyal","email":"auniyal@redhat.com","username":"auniyal"},"change_message_id":"fbb9ad2c9452c76e208449bfd3e7b3cf6623e90d","unresolved":true,"context_lines":[{"line_number":11,"context_line":"Currently providing vnc console consists 3 parts:"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"1 - Working VM Conosle."},{"line_number":14,"context_line":"  Once VM is created in the hypervisor, a VNC server is installed in it"},{"line_number":15,"context_line":"  (as per nova.conf). Operator can go to compute node and run"},{"line_number":16,"context_line":"  `virsh console instance-xxx`, and it will promt VM login console."},{"line_number":17,"context_line":"  That means we have a VM ready with working console."}],"source_content_type":"text/x-rst","patch_set":4,"id":"4ebd8448_3ca8e997","line":14,"range":{"start_line":14,"start_character":42,"end_line":14,"end_character":71},"in_reply_to":"bb6e7bad_81b3745e","updated":"2023-11-07 11:27:16.000000000","message":"Ack, thanks","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"7d08a09e4e7d55bdb60ee62ed08e4d1480c10061","unresolved":true,"context_lines":[{"line_number":11,"context_line":"Currently providing vnc console consists 3 parts:"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"1 - Working VM Conosle."},{"line_number":14,"context_line":"  Once VM is created in the hypervisor, a VNC server is installed in it"},{"line_number":15,"context_line":"  (as per nova.conf). Operator can go to compute node and run"},{"line_number":16,"context_line":"  `virsh console instance-xxx`, and it will promt VM login console."},{"line_number":17,"context_line":"  That means we have a VM ready with working console."},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"2 - Provide console outside compute node via browser."},{"line_number":20,"context_line":"  When user creates a console url to use it access console via web browser."}],"source_content_type":"text/x-rst","patch_set":4,"id":"4b8b3ed4_1538a392","line":17,"range":{"start_line":14,"start_character":0,"end_line":17,"end_character":53},"updated":"2023-11-07 08:48:47.000000000","message":"This is mixing the serial console and the VNC console. The virsh console command provides a serial console (a character terminal access) the virsh vncdisplay or the openstack console url show provides a VNC session (a graphical access) by default. The openstack consol url show command can be used to get a serial console if --type serial is passed to it.","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"a8c6ee5d0ededb59e6e5b8cf18fd6638f41b2cf0","unresolved":false,"context_lines":[{"line_number":11,"context_line":"Currently providing vnc console consists 3 parts:"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"1 - Working VM Conosle."},{"line_number":14,"context_line":"  Once VM is created in the hypervisor, a VNC server is installed in it"},{"line_number":15,"context_line":"  (as per nova.conf). Operator can go to compute node and run"},{"line_number":16,"context_line":"  `virsh console instance-xxx`, and it will promt VM login console."},{"line_number":17,"context_line":"  That means we have a VM ready with working console."},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"2 - Provide console outside compute node via browser."},{"line_number":20,"context_line":"  When user creates a console url to use it access console via web browser."}],"source_content_type":"text/x-rst","patch_set":4,"id":"753397f5_8f6aec05","line":17,"range":{"start_line":14,"start_character":0,"end_line":17,"end_character":53},"in_reply_to":"1f4ca9e4_c48dc831","updated":"2023-12-06 11:51:49.000000000","message":"Acknowledged","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"ebb16e0e8ada4acc4667094dbcbc47bf3ae96386","unresolved":true,"context_lines":[{"line_number":11,"context_line":"Currently providing vnc console consists 3 parts:"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"1 - Working VM Conosle."},{"line_number":14,"context_line":"  Once VM is created in the hypervisor, a VNC server is installed in it"},{"line_number":15,"context_line":"  (as per nova.conf). Operator can go to compute node and run"},{"line_number":16,"context_line":"  `virsh console instance-xxx`, and it will promt VM login console."},{"line_number":17,"context_line":"  That means we have a VM ready with working console."},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"2 - Provide console outside compute node via browser."},{"line_number":20,"context_line":"  When user creates a console url to use it access console via web browser."}],"source_content_type":"text/x-rst","patch_set":4,"id":"cf75bc13_825225a4","line":17,"range":{"start_line":14,"start_character":0,"end_line":17,"end_character":53},"in_reply_to":"3ddc4008_ddb5feab","updated":"2023-11-07 14:11:32.000000000","message":"What is unclear to me with this spec is which exact consoles will be impacted : VNC, RDP, spice and/or serial ?\nIf I remember correct, the baseproxy class is inherited for all serial, spice and novnc but rdp, so this would only apply to the three ones.\n\nAnyway, please clarify the scope here, because if we also add this for serial and spice, we shouldn\u0027t talk of VNC at all 😊","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":34860,"name":"Amit Uniyal","email":"auniyal@redhat.com","username":"auniyal"},"change_message_id":"fbb9ad2c9452c76e208449bfd3e7b3cf6623e90d","unresolved":true,"context_lines":[{"line_number":11,"context_line":"Currently providing vnc console consists 3 parts:"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"1 - Working VM Conosle."},{"line_number":14,"context_line":"  Once VM is created in the hypervisor, a VNC server is installed in it"},{"line_number":15,"context_line":"  (as per nova.conf). Operator can go to compute node and run"},{"line_number":16,"context_line":"  `virsh console instance-xxx`, and it will promt VM login console."},{"line_number":17,"context_line":"  That means we have a VM ready with working console."},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"2 - Provide console outside compute node via browser."},{"line_number":20,"context_line":"  When user creates a console url to use it access console via web browser."}],"source_content_type":"text/x-rst","patch_set":4,"id":"3ddc4008_ddb5feab","line":17,"range":{"start_line":14,"start_character":0,"end_line":17,"end_character":53},"in_reply_to":"4b8b3ed4_1538a392","updated":"2023-11-07 11:27:16.000000000","message":"Ack","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":34860,"name":"Amit Uniyal","email":"auniyal@redhat.com","username":"auniyal"},"change_message_id":"efe0718fb078428f34e8caa24e78737998700571","unresolved":true,"context_lines":[{"line_number":11,"context_line":"Currently providing vnc console consists 3 parts:"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"1 - Working VM Conosle."},{"line_number":14,"context_line":"  Once VM is created in the hypervisor, a VNC server is installed in it"},{"line_number":15,"context_line":"  (as per nova.conf). Operator can go to compute node and run"},{"line_number":16,"context_line":"  `virsh console instance-xxx`, and it will promt VM login console."},{"line_number":17,"context_line":"  That means we have a VM ready with working console."},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"2 - Provide console outside compute node via browser."},{"line_number":20,"context_line":"  When user creates a console url to use it access console via web browser."}],"source_content_type":"text/x-rst","patch_set":4,"id":"1f4ca9e4_c48dc831","line":17,"range":{"start_line":14,"start_character":0,"end_line":17,"end_character":53},"in_reply_to":"cf75bc13_825225a4","updated":"2023-11-14 09:32:01.000000000","message":"ack, thanks all for providing detailed info.\n\nhere I only meant to tell how working console for a VM is ready which nova will provide further.\nso no need to mention VNC as this is same for all console types.\n\nyes, we will be only updating baseproxy i.e NovaProxyRequestHandler.\nthanks","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"24a85c734fb494c6cc31da5493d49393cd10be4b","unresolved":true,"context_lines":[{"line_number":11,"context_line":"Currently providing vnc console consists 3 parts:"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"1 - Working VM Conosle."},{"line_number":14,"context_line":"  Once VM is created in the hypervisor, a VNC server is installed in it"},{"line_number":15,"context_line":"  (as per nova.conf). Operator can go to compute node and run"},{"line_number":16,"context_line":"  `virsh console instance-xxx`, and it will promt VM login console."},{"line_number":17,"context_line":"  That means we have a VM ready with working console."},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"2 - Provide console outside compute node via browser."},{"line_number":20,"context_line":"  When user creates a console url to use it access console via web browser."}],"source_content_type":"text/x-rst","patch_set":4,"id":"5a0b4689_636563c2","line":17,"range":{"start_line":14,"start_character":0,"end_line":17,"end_character":53},"in_reply_to":"cf75bc13_825225a4","updated":"2023-11-07 14:54:32.000000000","message":"this should apply to all console proxies supproted in tree.\nthe implemation changes should be to the base proxy class and as a result apply to all dervied classes.\n\nthat might mean we shoudl add the new config option to a seperate [ConsoleProxy] section instead of the exisitng ones since its going to apply to all of them.\n\nalternitivly the new config option coudl be added to all fo them but that makes the common logic a little more complex","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"ebb16e0e8ada4acc4667094dbcbc47bf3ae96386","unresolved":true,"context_lines":[{"line_number":21,"context_line":""},{"line_number":22,"context_line":"    $ openstack console url show \u003cvm\u003e"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"  The request goes to the compute node where the instance is launched and asks"},{"line_number":25,"context_line":"  the underlying virt driver to get the host and port. Using the same, then"},{"line_number":26,"context_line":"  the compute service creates a console authentication and authorizes it."},{"line_number":27,"context_line":"  Creates a token and token expiration time; saves the token to DB."}],"source_content_type":"text/x-rst","patch_set":4,"id":"68c5da04_a960786b","line":24,"range":{"start_line":24,"start_character":2,"end_line":24,"end_character":39},"updated":"2023-11-07 14:11:32.000000000","message":"Well, no, it calls the Nova API to create a remote console by this call :\nhttps://docs.openstack.org/api-ref/compute/#create-console\n\nThen the nova-api itself calls thru RPC the compute service to return the url (example with a RDP console)\nhttps://github.com/openstack/nova/blob/b64ecb0cc776bd3eced674b0f879bb23c8a4b486/nova/api/openstack/compute/remote_consoles.py#L111\nThe compute service itself wraps the internal url by creating a console token for identifying the request and returning the external url instead (which will point to the novnc-proxy server)\nhttps://github.com/openstack/nova/blob/b64ecb0cc776bd3eced674b0f879bb23c8a4b486/nova/compute/manager.py#L7361-L7373","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":34860,"name":"Amit Uniyal","email":"auniyal@redhat.com","username":"auniyal"},"change_message_id":"efe0718fb078428f34e8caa24e78737998700571","unresolved":true,"context_lines":[{"line_number":21,"context_line":""},{"line_number":22,"context_line":"    $ openstack console url show \u003cvm\u003e"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"  The request goes to the compute node where the instance is launched and asks"},{"line_number":25,"context_line":"  the underlying virt driver to get the host and port. Using the same, then"},{"line_number":26,"context_line":"  the compute service creates a console authentication and authorizes it."},{"line_number":27,"context_line":"  Creates a token and token expiration time; saves the token to DB."}],"source_content_type":"text/x-rst","patch_set":4,"id":"95b62054_58da3c80","line":24,"range":{"start_line":24,"start_character":2,"end_line":24,"end_character":39},"in_reply_to":"68c5da04_a960786b","updated":"2023-11-14 09:32:01.000000000","message":"ack, will upated, thanks","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"24a85c734fb494c6cc31da5493d49393cd10be4b","unresolved":true,"context_lines":[{"line_number":21,"context_line":""},{"line_number":22,"context_line":"    $ openstack console url show \u003cvm\u003e"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"  The request goes to the compute node where the instance is launched and asks"},{"line_number":25,"context_line":"  the underlying virt driver to get the host and port. Using the same, then"},{"line_number":26,"context_line":"  the compute service creates a console authentication and authorizes it."},{"line_number":27,"context_line":"  Creates a token and token expiration time; saves the token to DB."}],"source_content_type":"text/x-rst","patch_set":4,"id":"b8530a3c_9bffe3c3","line":24,"range":{"start_line":24,"start_character":2,"end_line":24,"end_character":39},"in_reply_to":"68c5da04_a960786b","updated":"2023-11-07 14:54:32.000000000","message":"i think perhaps what amit is missing is that when using the libvirt driver (or any virt drvier in genreal) the default behavior is to always add a console to the instance if one is configured in the nova.conf\n\nso when you do a server create with vnc enabled in the nova.conf for the libvirt driver, the xml for the vm will be generated with a console.\n\nwhen you are doing \"openstack console url show\" that is doing an rpc to the compute agent to generate the url that would be able to conenct to the already exisitng console and providing a token to authenticate to it via the proxy.\n\nso as sylvain note \"openstack console url show\" does not actully create the console it just gennerates a url to allow you to connect to the one that was added based on teh nova.conf on the comptue node.","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"a8c6ee5d0ededb59e6e5b8cf18fd6638f41b2cf0","unresolved":false,"context_lines":[{"line_number":21,"context_line":""},{"line_number":22,"context_line":"    $ openstack console url show \u003cvm\u003e"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"  The request goes to the compute node where the instance is launched and asks"},{"line_number":25,"context_line":"  the underlying virt driver to get the host and port. Using the same, then"},{"line_number":26,"context_line":"  the compute service creates a console authentication and authorizes it."},{"line_number":27,"context_line":"  Creates a token and token expiration time; saves the token to DB."}],"source_content_type":"text/x-rst","patch_set":4,"id":"94ddf57a_4c543b75","line":24,"range":{"start_line":24,"start_character":2,"end_line":24,"end_character":39},"in_reply_to":"95b62054_58da3c80","updated":"2023-12-06 11:51:49.000000000","message":"Acknowledged","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"ebb16e0e8ada4acc4667094dbcbc47bf3ae96386","unresolved":true,"context_lines":[{"line_number":38,"context_line":""},{"line_number":39,"context_line":"3 - Controller\u0027s Nova Proxy: Bridging Client Browser and Compute Node"},{"line_number":40,"context_line":"  When user paste the provided url to browser, it works as VNC client and"},{"line_number":41,"context_line":"  initiate a connection to the Nova Proxy. The Nova Proxy then establish"},{"line_number":42,"context_line":"  the connection between user browser and VM\u0027s VNC server using information"},{"line_number":43,"context_line":"  in URL."},{"line_number":44,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"848513c6_6fe4180d","line":41,"range":{"start_line":41,"start_character":31,"end_line":41,"end_character":41},"updated":"2023-11-07 14:11:32.000000000","message":"We don\u0027t have a \"Nova Proxy\" service, we have both a novnc-proxy HTTP service and a spice-html5-proxy HTTP service that inherit from the same base class.","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":34860,"name":"Amit Uniyal","email":"auniyal@redhat.com","username":"auniyal"},"change_message_id":"efe0718fb078428f34e8caa24e78737998700571","unresolved":true,"context_lines":[{"line_number":38,"context_line":""},{"line_number":39,"context_line":"3 - Controller\u0027s Nova Proxy: Bridging Client Browser and Compute Node"},{"line_number":40,"context_line":"  When user paste the provided url to browser, it works as VNC client and"},{"line_number":41,"context_line":"  initiate a connection to the Nova Proxy. The Nova Proxy then establish"},{"line_number":42,"context_line":"  the connection between user browser and VM\u0027s VNC server using information"},{"line_number":43,"context_line":"  in URL."},{"line_number":44,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"97d1f121_52b16457","line":41,"range":{"start_line":41,"start_character":31,"end_line":41,"end_character":41},"in_reply_to":"848513c6_6fe4180d","updated":"2023-11-14 09:32:01.000000000","message":"here I meant NovaProxyRequestHandler, which works as Proxy between client application and VM itself, so used term Nova Proxy.\nwill update.","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"a8c6ee5d0ededb59e6e5b8cf18fd6638f41b2cf0","unresolved":false,"context_lines":[{"line_number":38,"context_line":""},{"line_number":39,"context_line":"3 - Controller\u0027s Nova Proxy: Bridging Client Browser and Compute Node"},{"line_number":40,"context_line":"  When user paste the provided url to browser, it works as VNC client and"},{"line_number":41,"context_line":"  initiate a connection to the Nova Proxy. The Nova Proxy then establish"},{"line_number":42,"context_line":"  the connection between user browser and VM\u0027s VNC server using information"},{"line_number":43,"context_line":"  in URL."},{"line_number":44,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"7b3f253b_dd171f4f","line":41,"range":{"start_line":41,"start_character":31,"end_line":41,"end_character":41},"in_reply_to":"97d1f121_52b16457","updated":"2023-12-06 11:51:49.000000000","message":"Acknowledged","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"ebb16e0e8ada4acc4667094dbcbc47bf3ae96386","unresolved":true,"context_lines":[{"line_number":54,"context_line":"Problem description"},{"line_number":55,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":56,"context_line":""},{"line_number":57,"context_line":"As of now, users can still access the console, even after the console"},{"line_number":58,"context_line":"authentication TTL has expired, until the console window or tab is"},{"line_number":59,"context_line":"refreshed."},{"line_number":60,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"f251a918_8d795dc7","line":57,"range":{"start_line":57,"start_character":38,"end_line":57,"end_character":45},"updated":"2023-11-07 14:11:32.000000000","message":"are you planning to add that to *all* the consoles ?","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":34860,"name":"Amit Uniyal","email":"auniyal@redhat.com","username":"auniyal"},"change_message_id":"e5aa83d9e88e6439ee53c5f2b407cf967ee13c26","unresolved":false,"context_lines":[{"line_number":54,"context_line":"Problem description"},{"line_number":55,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":56,"context_line":""},{"line_number":57,"context_line":"As of now, users can still access the console, even after the console"},{"line_number":58,"context_line":"authentication TTL has expired, until the console window or tab is"},{"line_number":59,"context_line":"refreshed."},{"line_number":60,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"a59f1301_4e172cfb","line":57,"range":{"start_line":57,"start_character":38,"end_line":57,"end_character":45},"in_reply_to":"b964309b_161e3203","updated":"2023-12-07 08:08:53.000000000","message":"Done","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"24a85c734fb494c6cc31da5493d49393cd10be4b","unresolved":true,"context_lines":[{"line_number":54,"context_line":"Problem description"},{"line_number":55,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":56,"context_line":""},{"line_number":57,"context_line":"As of now, users can still access the console, even after the console"},{"line_number":58,"context_line":"authentication TTL has expired, until the console window or tab is"},{"line_number":59,"context_line":"refreshed."},{"line_number":60,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"e39bcc12_85161bcb","line":57,"range":{"start_line":57,"start_character":38,"end_line":57,"end_character":45},"in_reply_to":"f251a918_8d795dc7","updated":"2023-11-07 14:54:32.000000000","message":"i think that should be the intent yes.\nAnd for mutliple reasonse the default behaior should not change for any of them.\ngoing forward unless an admin opts into the new functionaly by enabling the config option in the nova.conf read by the \u003cprotocal\u003eproxy server the propsoed change should not have any effect.","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":34860,"name":"Amit Uniyal","email":"auniyal@redhat.com","username":"auniyal"},"change_message_id":"efe0718fb078428f34e8caa24e78737998700571","unresolved":true,"context_lines":[{"line_number":54,"context_line":"Problem description"},{"line_number":55,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":56,"context_line":""},{"line_number":57,"context_line":"As of now, users can still access the console, even after the console"},{"line_number":58,"context_line":"authentication TTL has expired, until the console window or tab is"},{"line_number":59,"context_line":"refreshed."},{"line_number":60,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"b964309b_161e3203","line":57,"range":{"start_line":57,"start_character":38,"end_line":57,"end_character":45},"in_reply_to":"f251a918_8d795dc7","updated":"2023-11-14 09:32:01.000000000","message":"yes, the change will be reflected to all type of consoles, which nova offer.","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"7d08a09e4e7d55bdb60ee62ed08e4d1480c10061","unresolved":true,"context_lines":[{"line_number":69,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":70,"context_line":""},{"line_number":71,"context_line":"Implement a timer mechanism to automatically close target socket connection"},{"line_number":72,"context_line":"from server side when token has expired based on exact token expireation"},{"line_number":73,"context_line":"time. This will interrupt the real time console session on client side"},{"line_number":74,"context_line":"browser or other application."},{"line_number":75,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"d11bfeb5_9ba3bcb2","line":72,"range":{"start_line":72,"start_character":61,"end_line":72,"end_character":72},"updated":"2023-11-07 08:48:47.000000000","message":"nit: expiration","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":34860,"name":"Amit Uniyal","email":"auniyal@redhat.com","username":"auniyal"},"change_message_id":"efe0718fb078428f34e8caa24e78737998700571","unresolved":false,"context_lines":[{"line_number":69,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":70,"context_line":""},{"line_number":71,"context_line":"Implement a timer mechanism to automatically close target socket connection"},{"line_number":72,"context_line":"from server side when token has expired based on exact token expireation"},{"line_number":73,"context_line":"time. This will interrupt the real time console session on client side"},{"line_number":74,"context_line":"browser or other application."},{"line_number":75,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"ddf9540d_ba89fd8d","line":72,"range":{"start_line":72,"start_character":61,"end_line":72,"end_character":72},"in_reply_to":"d11bfeb5_9ba3bcb2","updated":"2023-11-14 09:32:01.000000000","message":"Done","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"24a85c734fb494c6cc31da5493d49393cd10be4b","unresolved":true,"context_lines":[{"line_number":71,"context_line":"Implement a timer mechanism to automatically close target socket connection"},{"line_number":72,"context_line":"from server side when token has expired based on exact token expireation"},{"line_number":73,"context_line":"time. This will interrupt the real time console session on client side"},{"line_number":74,"context_line":"browser or other application."},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"Once set token_ttl is expired, refresh connection info, this also validates"},{"line_number":77,"context_line":"the assigned token, if the token is expired, close the connection socket."}],"source_content_type":"text/x-rst","patch_set":4,"id":"dbd9ac8e_a79fd7d0","line":74,"updated":"2023-11-07 14:54:32.000000000","message":"thanks for adressing this feedback form the ptg session","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":34860,"name":"Amit Uniyal","email":"auniyal@redhat.com","username":"auniyal"},"change_message_id":"efe0718fb078428f34e8caa24e78737998700571","unresolved":false,"context_lines":[{"line_number":71,"context_line":"Implement a timer mechanism to automatically close target socket connection"},{"line_number":72,"context_line":"from server side when token has expired based on exact token expireation"},{"line_number":73,"context_line":"time. This will interrupt the real time console session on client side"},{"line_number":74,"context_line":"browser or other application."},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"Once set token_ttl is expired, refresh connection info, this also validates"},{"line_number":77,"context_line":"the assigned token, if the token is expired, close the connection socket."}],"source_content_type":"text/x-rst","patch_set":4,"id":"712390c2_043ed517","line":74,"in_reply_to":"dbd9ac8e_a79fd7d0","updated":"2023-11-14 09:32:01.000000000","message":"Done","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":8864,"name":"Artom Lifshitz","email":"notartom@gmail.com","username":"artom"},"change_message_id":"f4d74c1042a09350cdc49ff7844a2de9588909df","unresolved":true,"context_lines":[{"line_number":73,"context_line":"time. This will interrupt the real time console session on client side"},{"line_number":74,"context_line":"browser or other application."},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"Once set token_ttl is expired, refresh connection info, this also validates"},{"line_number":77,"context_line":"the assigned token, if the token is expired, close the connection socket."},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"Also, introduce a new consoleauth config option `enforce_session_timeout`"}],"source_content_type":"text/x-rst","patch_set":4,"id":"b00616ab_bb07dbca","line":76,"range":{"start_line":76,"start_character":31,"end_line":76,"end_character":54},"updated":"2023-11-13 19:31:44.000000000","message":"This is probably in the real of implementation details, but I\u0027m not clear what this is referring to. If you\u0027re going to include this, I think we need more details on what you mean. Alternatively, leave this para out entirely, and have the conversation (if needed) in the implementation patch.","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":34860,"name":"Amit Uniyal","email":"auniyal@redhat.com","username":"auniyal"},"change_message_id":"efe0718fb078428f34e8caa24e78737998700571","unresolved":false,"context_lines":[{"line_number":73,"context_line":"time. This will interrupt the real time console session on client side"},{"line_number":74,"context_line":"browser or other application."},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"Once set token_ttl is expired, refresh connection info, this also validates"},{"line_number":77,"context_line":"the assigned token, if the token is expired, close the connection socket."},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"Also, introduce a new consoleauth config option `enforce_session_timeout`"}],"source_content_type":"text/x-rst","patch_set":4,"id":"7c3d108e_750b3da0","line":76,"range":{"start_line":76,"start_character":31,"end_line":76,"end_character":54},"in_reply_to":"b00616ab_bb07dbca","updated":"2023-11-14 09:32:01.000000000","message":"Ack","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"7d08a09e4e7d55bdb60ee62ed08e4d1480c10061","unresolved":true,"context_lines":[{"line_number":77,"context_line":"the assigned token, if the token is expired, close the connection socket."},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"Also, introduce a new consoleauth config option `enforce_session_timeout`"},{"line_number":80,"context_line":"that allows operator to enable or disable the token expiry check. It will"},{"line_number":81,"context_line":"be enabled by default, this gives flexibility to exisiting console users"},{"line_number":82,"context_line":"based on their specific requirements."},{"line_number":83,"context_line":""},{"line_number":84,"context_line":""},{"line_number":85,"context_line":"Alternatives"}],"source_content_type":"text/x-rst","patch_set":4,"id":"004617bc_57d5eb46","line":82,"range":{"start_line":80,"start_character":66,"end_line":82,"end_character":37},"updated":"2023-11-07 08:48:47.000000000","message":"If this will be enabled by default then we are changing existing behavior by default. Base on the PTG session notes we want to make this feature opt-in, meaning disabled by default.","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":34860,"name":"Amit Uniyal","email":"auniyal@redhat.com","username":"auniyal"},"change_message_id":"fbb9ad2c9452c76e208449bfd3e7b3cf6623e90d","unresolved":true,"context_lines":[{"line_number":77,"context_line":"the assigned token, if the token is expired, close the connection socket."},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"Also, introduce a new consoleauth config option `enforce_session_timeout`"},{"line_number":80,"context_line":"that allows operator to enable or disable the token expiry check. It will"},{"line_number":81,"context_line":"be enabled by default, this gives flexibility to exisiting console users"},{"line_number":82,"context_line":"based on their specific requirements."},{"line_number":83,"context_line":""},{"line_number":84,"context_line":""},{"line_number":85,"context_line":"Alternatives"}],"source_content_type":"text/x-rst","patch_set":4,"id":"5660cef5_6275108c","line":82,"range":{"start_line":80,"start_character":66,"end_line":82,"end_character":37},"in_reply_to":"004617bc_57d5eb46","updated":"2023-11-07 11:27:16.000000000","message":"Ack, but my intention is to enable this behavior by default so that existing operator/user can easily recognize it.\nIf we make it disabled by default, it might not receive as much visibility, and users who could benefit from it may not discover it readily.","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"ebb16e0e8ada4acc4667094dbcbc47bf3ae96386","unresolved":true,"context_lines":[{"line_number":77,"context_line":"the assigned token, if the token is expired, close the connection socket."},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"Also, introduce a new consoleauth config option `enforce_session_timeout`"},{"line_number":80,"context_line":"that allows operator to enable or disable the token expiry check. It will"},{"line_number":81,"context_line":"be enabled by default, this gives flexibility to exisiting console users"},{"line_number":82,"context_line":"based on their specific requirements."},{"line_number":83,"context_line":""},{"line_number":84,"context_line":""},{"line_number":85,"context_line":"Alternatives"}],"source_content_type":"text/x-rst","patch_set":4,"id":"d9ef05b9_ea68840e","line":82,"range":{"start_line":80,"start_character":66,"end_line":82,"end_character":37},"in_reply_to":"5660cef5_6275108c","updated":"2023-11-07 14:11:32.000000000","message":"No, for upgrade reasons, we don\u0027t want to have it enabled by default, this is a breaking change.\nOperators read the release notes, so they\u0027re free to decide whether to turn this option on or not.","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"a8c6ee5d0ededb59e6e5b8cf18fd6638f41b2cf0","unresolved":false,"context_lines":[{"line_number":77,"context_line":"the assigned token, if the token is expired, close the connection socket."},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"Also, introduce a new consoleauth config option `enforce_session_timeout`"},{"line_number":80,"context_line":"that allows operator to enable or disable the token expiry check. It will"},{"line_number":81,"context_line":"be enabled by default, this gives flexibility to exisiting console users"},{"line_number":82,"context_line":"based on their specific requirements."},{"line_number":83,"context_line":""},{"line_number":84,"context_line":""},{"line_number":85,"context_line":"Alternatives"}],"source_content_type":"text/x-rst","patch_set":4,"id":"dffd7356_81b154b5","line":82,"range":{"start_line":80,"start_character":66,"end_line":82,"end_character":37},"in_reply_to":"69be091d_86ea6269","updated":"2023-12-06 11:51:49.000000000","message":"Acknowledged","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"24a85c734fb494c6cc31da5493d49393cd10be4b","unresolved":true,"context_lines":[{"line_number":77,"context_line":"the assigned token, if the token is expired, close the connection socket."},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"Also, introduce a new consoleauth config option `enforce_session_timeout`"},{"line_number":80,"context_line":"that allows operator to enable or disable the token expiry check. It will"},{"line_number":81,"context_line":"be enabled by default, this gives flexibility to exisiting console users"},{"line_number":82,"context_line":"based on their specific requirements."},{"line_number":83,"context_line":""},{"line_number":84,"context_line":""},{"line_number":85,"context_line":"Alternatives"}],"source_content_type":"text/x-rst","patch_set":4,"id":"ee083c1f_9fc71a55","line":82,"range":{"start_line":80,"start_character":66,"end_line":82,"end_character":37},"in_reply_to":"d9ef05b9_ea68840e","updated":"2023-11-07 14:54:32.000000000","message":"i also dont  think we want it enabeld by default in general.\n\ni think more people would want the existing behvior then the terminate on token expirey behavior.","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":34860,"name":"Amit Uniyal","email":"auniyal@redhat.com","username":"auniyal"},"change_message_id":"efe0718fb078428f34e8caa24e78737998700571","unresolved":true,"context_lines":[{"line_number":77,"context_line":"the assigned token, if the token is expired, close the connection socket."},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"Also, introduce a new consoleauth config option `enforce_session_timeout`"},{"line_number":80,"context_line":"that allows operator to enable or disable the token expiry check. It will"},{"line_number":81,"context_line":"be enabled by default, this gives flexibility to exisiting console users"},{"line_number":82,"context_line":"based on their specific requirements."},{"line_number":83,"context_line":""},{"line_number":84,"context_line":""},{"line_number":85,"context_line":"Alternatives"}],"source_content_type":"text/x-rst","patch_set":4,"id":"69be091d_86ea6269","line":82,"range":{"start_line":80,"start_character":66,"end_line":82,"end_character":37},"in_reply_to":"ee083c1f_9fc71a55","updated":"2023-11-14 09:32:01.000000000","message":"Ack, will update to disable by default.","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"ebb16e0e8ada4acc4667094dbcbc47bf3ae96386","unresolved":true,"context_lines":[{"line_number":102,"context_line":"Security impact"},{"line_number":103,"context_line":"---------------"},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"This change makes console access safer as user must disconnet after a"},{"line_number":106,"context_line":"particular amount of time."},{"line_number":107,"context_line":""},{"line_number":108,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"f22be68d_c8f5f563","line":105,"range":{"start_line":105,"start_character":52,"end_line":105,"end_character":61},"updated":"2023-11-07 14:11:32.000000000","message":"disconnect","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":34860,"name":"Amit Uniyal","email":"auniyal@redhat.com","username":"auniyal"},"change_message_id":"efe0718fb078428f34e8caa24e78737998700571","unresolved":false,"context_lines":[{"line_number":102,"context_line":"Security impact"},{"line_number":103,"context_line":"---------------"},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"This change makes console access safer as user must disconnet after a"},{"line_number":106,"context_line":"particular amount of time."},{"line_number":107,"context_line":""},{"line_number":108,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"8410f986_a9cad29d","line":105,"range":{"start_line":105,"start_character":52,"end_line":105,"end_character":61},"in_reply_to":"f22be68d_c8f5f563","updated":"2023-11-14 09:32:01.000000000","message":"Done","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"24a85c734fb494c6cc31da5493d49393cd10be4b","unresolved":true,"context_lines":[{"line_number":169,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":170,"context_line":""},{"line_number":171,"context_line":"- funtional"},{"line_number":172,"context_line":"- tempests"},{"line_number":173,"context_line":""},{"line_number":174,"context_line":""},{"line_number":175,"context_line":"Documentation Impact"}],"source_content_type":"text/x-rst","patch_set":4,"id":"98e5e259_df8ae839","line":172,"updated":"2023-11-07 14:54:32.000000000","message":"tempest is doable but will be somewhat tricky in that we will need a new tempet config option for the console experation time\n\nwe will then need to configure the job with a short experation time to not slow down the test suite.\n\nthis is all doable but they may not like it in main temest\nso we can have that conversation with the tempest team when writign the tests.\nif they have no issue wiht this my approch would be to skip thte test unless the console timeout tempost potion is set and default to unset/None\n\nthat way the job will only run in jobs where we have confgured the job to enable it.","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"a8c6ee5d0ededb59e6e5b8cf18fd6638f41b2cf0","unresolved":false,"context_lines":[{"line_number":169,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":170,"context_line":""},{"line_number":171,"context_line":"- funtional"},{"line_number":172,"context_line":"- tempests"},{"line_number":173,"context_line":""},{"line_number":174,"context_line":""},{"line_number":175,"context_line":"Documentation Impact"}],"source_content_type":"text/x-rst","patch_set":4,"id":"f78ed3b3_598574b2","line":172,"in_reply_to":"4d7594d3_a63c9204","updated":"2023-12-06 11:51:49.000000000","message":"Acknowledged","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":34860,"name":"Amit Uniyal","email":"auniyal@redhat.com","username":"auniyal"},"change_message_id":"efe0718fb078428f34e8caa24e78737998700571","unresolved":true,"context_lines":[{"line_number":169,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":170,"context_line":""},{"line_number":171,"context_line":"- funtional"},{"line_number":172,"context_line":"- tempests"},{"line_number":173,"context_line":""},{"line_number":174,"context_line":""},{"line_number":175,"context_line":"Documentation Impact"}],"source_content_type":"text/x-rst","patch_set":4,"id":"4d7594d3_a63c9204","line":172,"in_reply_to":"98e5e259_df8ae839","updated":"2023-11-14 09:32:01.000000000","message":"Ack, will remove tempest.","commit_id":"3474c1140b7c8a8485258fc17bfc797d0ff240f1"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"a8c6ee5d0ededb59e6e5b8cf18fd6638f41b2cf0","unresolved":true,"context_lines":[{"line_number":11,"context_line":"Currently providing vnc console consists 3 parts:"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"1 - Working VM Conosle."},{"line_number":14,"context_line":"  Once a VM is created in the hypervisor, QEMU itself provides a console"},{"line_number":15,"context_line":"  without the need for additional installations within the VM"},{"line_number":16,"context_line":"  (as per nova.conf)."},{"line_number":17,"context_line":"  To access the console, operators can use `virsh console instance-xxx`,"}],"source_content_type":"text/x-rst","patch_set":5,"id":"bedb43cd_9a490cc0","line":14,"updated":"2023-12-06 11:51:49.000000000","message":"you really should not say vm here\n\nwe supppot concoles with contaienr (libvirt lxc) or physical servers (ironic)\n\nand the change you are proposing will work equally for that too.\n\nso you should replace VM with “nova instance” \nand QEMU with hypervisor.","commit_id":"3f6266f16365ffe76622c449f14b57c7df3c9fbb"},{"author":{"_account_id":34860,"name":"Amit Uniyal","email":"auniyal@redhat.com","username":"auniyal"},"change_message_id":"e5aa83d9e88e6439ee53c5f2b407cf967ee13c26","unresolved":false,"context_lines":[{"line_number":11,"context_line":"Currently providing vnc console consists 3 parts:"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"1 - Working VM Conosle."},{"line_number":14,"context_line":"  Once a VM is created in the hypervisor, QEMU itself provides a console"},{"line_number":15,"context_line":"  without the need for additional installations within the VM"},{"line_number":16,"context_line":"  (as per nova.conf)."},{"line_number":17,"context_line":"  To access the console, operators can use `virsh console instance-xxx`,"}],"source_content_type":"text/x-rst","patch_set":5,"id":"4e05c689_5347c3db","line":14,"in_reply_to":"bedb43cd_9a490cc0","updated":"2023-12-07 08:08:53.000000000","message":"Acknowledged","commit_id":"3f6266f16365ffe76622c449f14b57c7df3c9fbb"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"a8c6ee5d0ededb59e6e5b8cf18fd6638f41b2cf0","unresolved":true,"context_lines":[{"line_number":16,"context_line":"  (as per nova.conf)."},{"line_number":17,"context_line":"  To access the console, operators can use `virsh console instance-xxx`,"},{"line_number":18,"context_line":"  which provides a serial console (character terminal access) and prompts"},{"line_number":19,"context_line":"  the VM login console."},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"2 - Provide console outside compute node via browser."},{"line_number":22,"context_line":"  When user creates a console url to use it access console via web browser."}],"source_content_type":"text/x-rst","patch_set":5,"id":"dc8eb399_e59ceee4","line":19,"updated":"2023-12-06 11:51:49.000000000","message":"while they technially can that is not someting they ever should do\n\ndirecty runing virsh commands on the hypervior is not something allowed when the instance is managed by nova.","commit_id":"3f6266f16365ffe76622c449f14b57c7df3c9fbb"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"8e35c0d0bf1ccdcd5690b7ead65f8ad31eb92af9","unresolved":false,"context_lines":[{"line_number":16,"context_line":"  (as per nova.conf)."},{"line_number":17,"context_line":"  To access the console, operators can use `virsh console instance-xxx`,"},{"line_number":18,"context_line":"  which provides a serial console (character terminal access) and prompts"},{"line_number":19,"context_line":"  the VM login console."},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"2 - Provide console outside compute node via browser."},{"line_number":22,"context_line":"  When user creates a console url to use it access console via web browser."}],"source_content_type":"text/x-rst","patch_set":5,"id":"17387ff0_bf13c754","line":19,"in_reply_to":"71d0fba3_7639d331","updated":"2023-12-20 00:46:50.000000000","message":"from a nova point of view its not accessable via virsh\n\nwhile that is technially possible its not something that should ever be done so we should not normally refrence that in a spec like this.\n\nit can cause confution for others when they read it and belive that conencting directly si supported or encuragged.","commit_id":"3f6266f16365ffe76622c449f14b57c7df3c9fbb"},{"author":{"_account_id":34860,"name":"Amit Uniyal","email":"auniyal@redhat.com","username":"auniyal"},"change_message_id":"e5aa83d9e88e6439ee53c5f2b407cf967ee13c26","unresolved":true,"context_lines":[{"line_number":16,"context_line":"  (as per nova.conf)."},{"line_number":17,"context_line":"  To access the console, operators can use `virsh console instance-xxx`,"},{"line_number":18,"context_line":"  which provides a serial console (character terminal access) and prompts"},{"line_number":19,"context_line":"  the VM login console."},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"2 - Provide console outside compute node via browser."},{"line_number":22,"context_line":"  When user creates a console url to use it access console via web browser."}],"source_content_type":"text/x-rst","patch_set":5,"id":"71d0fba3_7639d331","line":19,"in_reply_to":"dc8eb399_e59ceee4","updated":"2023-12-07 08:08:53.000000000","message":"thanks for the clarification. \nI understand that directly running virsh commands on the hypervisor is not a recommended.\nhere only intent is to highlight the mechanism by which the console is accessible.\n\nin general operators are encouraged to use appropriate Nova commands for interacting with instances.","commit_id":"3f6266f16365ffe76622c449f14b57c7df3c9fbb"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"a8c6ee5d0ededb59e6e5b8cf18fd6638f41b2cf0","unresolved":true,"context_lines":[{"line_number":18,"context_line":"  which provides a serial console (character terminal access) and prompts"},{"line_number":19,"context_line":"  the VM login console."},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"2 - Provide console outside compute node via browser."},{"line_number":22,"context_line":"  When user creates a console url to use it access console via web browser."},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"    $ openstack console url show \u003cvm\u003e"}],"source_content_type":"text/x-rst","patch_set":5,"id":"f1c227b2_9f3cd640","line":21,"updated":"2023-12-06 11:51:49.000000000","message":"we provide it via a webserver not a browser\nyou connect via a browser","commit_id":"3f6266f16365ffe76622c449f14b57c7df3c9fbb"},{"author":{"_account_id":34860,"name":"Amit Uniyal","email":"auniyal@redhat.com","username":"auniyal"},"change_message_id":"43584d829b6fcab078cd01df630645e510b5a1e0","unresolved":false,"context_lines":[{"line_number":18,"context_line":"  which provides a serial console (character terminal access) and prompts"},{"line_number":19,"context_line":"  the VM login console."},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"2 - Provide console outside compute node via browser."},{"line_number":22,"context_line":"  When user creates a console url to use it access console via web browser."},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"    $ openstack console url show \u003cvm\u003e"}],"source_content_type":"text/x-rst","patch_set":5,"id":"a4edae32_14828d3c","line":21,"in_reply_to":"cb23b4d2_1408217c","updated":"2024-01-29 04:43:28.000000000","message":"Done","commit_id":"3f6266f16365ffe76622c449f14b57c7df3c9fbb"},{"author":{"_account_id":34860,"name":"Amit Uniyal","email":"auniyal@redhat.com","username":"auniyal"},"change_message_id":"e5aa83d9e88e6439ee53c5f2b407cf967ee13c26","unresolved":true,"context_lines":[{"line_number":18,"context_line":"  which provides a serial console (character terminal access) and prompts"},{"line_number":19,"context_line":"  the VM login console."},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"2 - Provide console outside compute node via browser."},{"line_number":22,"context_line":"  When user creates a console url to use it access console via web browser."},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"    $ openstack console url show \u003cvm\u003e"}],"source_content_type":"text/x-rst","patch_set":5,"id":"cb23b4d2_1408217c","line":21,"in_reply_to":"f1c227b2_9f3cd640","updated":"2023-12-07 08:08:53.000000000","message":"Acknowledged","commit_id":"3f6266f16365ffe76622c449f14b57c7df3c9fbb"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"a8c6ee5d0ededb59e6e5b8cf18fd6638f41b2cf0","unresolved":true,"context_lines":[{"line_number":34,"context_line":"  This url can be pasted into a browser to access the TTY (not PTY) of a"},{"line_number":35,"context_line":"  virtual machine. Here, a token is attached to the URL, once the token"},{"line_number":36,"context_line":"  expires as per the expiration time (TTL), the user session will be"},{"line_number":37,"context_line":"  terminated."},{"line_number":38,"context_line":""},{"line_number":39,"context_line":".. note::"},{"line_number":40,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"b5342f78_7e2685ff","line":37,"updated":"2023-12-06 11:51:49.000000000","message":"so this is incorrect.\n\nthis secation is explaing the context of how the console proxy works today and today the user session is not terminated when the ttl expires.\n\nagain you should avoid saying virtual machine\nthe console is aslo not just a tty it can be a graphical terminal as well so\nplease just secc\n\n\n“””\nThis url can be used to connect to the nova instance console. The console token is used to athenticate with the proxy to enable new sessions to be established until \nthe token ttl expires. existing session continue to function after token experation until the tcp connection is closed.\n“””","commit_id":"3f6266f16365ffe76622c449f14b57c7df3c9fbb"},{"author":{"_account_id":34860,"name":"Amit Uniyal","email":"auniyal@redhat.com","username":"auniyal"},"change_message_id":"e5aa83d9e88e6439ee53c5f2b407cf967ee13c26","unresolved":false,"context_lines":[{"line_number":34,"context_line":"  This url can be pasted into a browser to access the TTY (not PTY) of a"},{"line_number":35,"context_line":"  virtual machine. Here, a token is attached to the URL, once the token"},{"line_number":36,"context_line":"  expires as per the expiration time (TTL), the user session will be"},{"line_number":37,"context_line":"  terminated."},{"line_number":38,"context_line":""},{"line_number":39,"context_line":".. note::"},{"line_number":40,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"c26225f5_3e8e5e1f","line":37,"in_reply_to":"b5342f78_7e2685ff","updated":"2023-12-07 08:08:53.000000000","message":"Done","commit_id":"3f6266f16365ffe76622c449f14b57c7df3c9fbb"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"a8c6ee5d0ededb59e6e5b8cf18fd6638f41b2cf0","unresolved":true,"context_lines":[{"line_number":37,"context_line":"  terminated."},{"line_number":38,"context_line":""},{"line_number":39,"context_line":".. note::"},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"  Even after session timeout, the session stays intact until the user"},{"line_number":42,"context_line":"  refresh the browser tab."},{"line_number":43,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"949897df_3f7840e8","line":40,"updated":"2023-12-06 11:51:49.000000000","message":"i would just remove this note.","commit_id":"3f6266f16365ffe76622c449f14b57c7df3c9fbb"},{"author":{"_account_id":34860,"name":"Amit Uniyal","email":"auniyal@redhat.com","username":"auniyal"},"change_message_id":"e5aa83d9e88e6439ee53c5f2b407cf967ee13c26","unresolved":false,"context_lines":[{"line_number":37,"context_line":"  terminated."},{"line_number":38,"context_line":""},{"line_number":39,"context_line":".. note::"},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"  Even after session timeout, the session stays intact until the user"},{"line_number":42,"context_line":"  refresh the browser tab."},{"line_number":43,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"6d4be310_6ae83ab9","line":40,"in_reply_to":"949897df_3f7840e8","updated":"2023-12-07 08:08:53.000000000","message":"Done","commit_id":"3f6266f16365ffe76622c449f14b57c7df3c9fbb"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"a8c6ee5d0ededb59e6e5b8cf18fd6638f41b2cf0","unresolved":true,"context_lines":[{"line_number":41,"context_line":"  Even after session timeout, the session stays intact until the user"},{"line_number":42,"context_line":"  refresh the browser tab."},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"3 - Controller\u0027s Nova Proxy: Bridging Client Browser and Compute Node"},{"line_number":45,"context_line":"  When user paste the provided url to browser, it works as VNC client and"},{"line_number":46,"context_line":"  initiate a connection to the Nova Proxy(i.e. NovaProxyRequestHandler"},{"line_number":47,"context_line":"  class). The Nova Proxy then establish the connection between user browser"}],"source_content_type":"text/x-rst","patch_set":5,"id":"3e276cbf_dc344af4","line":44,"updated":"2023-12-06 11:51:49.000000000","message":"this is also wrong.\n\nwhen you conenct to the url using a client the nova proxy establishes a websocket conenction to the hyperviors to proxy the console to the client.\nin the case of novnc the proxy webserver serves a html page which contains markup and a javascript applciation that implements a vnc console clinet that runs in the end users browser. we do not execute the vnc client server side its run client side in your browser.\n\nin the case of the serial console we actully just provide the direct websocket connection without a html/javascirpt client and to use yit you just create your own clinet that directly interacts with the websocket.\n\n\nplease either remove this or correct it as you are explaing things incorrectly and this level of detail is not actully required in this section fo the spec.\n\nwe normally try to keep this to a short paragrap of 5-10 lines total as this is just ment to be a ver high level intoduction.","commit_id":"3f6266f16365ffe76622c449f14b57c7df3c9fbb"},{"author":{"_account_id":34860,"name":"Amit Uniyal","email":"auniyal@redhat.com","username":"auniyal"},"change_message_id":"e5aa83d9e88e6439ee53c5f2b407cf967ee13c26","unresolved":true,"context_lines":[{"line_number":41,"context_line":"  Even after session timeout, the session stays intact until the user"},{"line_number":42,"context_line":"  refresh the browser tab."},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"3 - Controller\u0027s Nova Proxy: Bridging Client Browser and Compute Node"},{"line_number":45,"context_line":"  When user paste the provided url to browser, it works as VNC client and"},{"line_number":46,"context_line":"  initiate a connection to the Nova Proxy(i.e. NovaProxyRequestHandler"},{"line_number":47,"context_line":"  class). The Nova Proxy then establish the connection between user browser"}],"source_content_type":"text/x-rst","patch_set":5,"id":"cbe8ac69_edf6fbc5","line":44,"in_reply_to":"3e276cbf_dc344af4","updated":"2023-12-07 08:08:53.000000000","message":"thanks for the detail explaination.\nI added detailed steps to understand the existing implementation and for others as well(those less familiar with it).\nI have updated the as per review comments, please have an other look.","commit_id":"3f6266f16365ffe76622c449f14b57c7df3c9fbb"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"8e35c0d0bf1ccdcd5690b7ead65f8ad31eb92af9","unresolved":false,"context_lines":[{"line_number":41,"context_line":"  Even after session timeout, the session stays intact until the user"},{"line_number":42,"context_line":"  refresh the browser tab."},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"3 - Controller\u0027s Nova Proxy: Bridging Client Browser and Compute Node"},{"line_number":45,"context_line":"  When user paste the provided url to browser, it works as VNC client and"},{"line_number":46,"context_line":"  initiate a connection to the Nova Proxy(i.e. NovaProxyRequestHandler"},{"line_number":47,"context_line":"  class). The Nova Proxy then establish the connection between user browser"}],"source_content_type":"text/x-rst","patch_set":5,"id":"5d269c44_a23ce680","line":44,"in_reply_to":"cbe8ac69_edf6fbc5","updated":"2023-12-20 00:46:50.000000000","message":"Acknowledged","commit_id":"3f6266f16365ffe76622c449f14b57c7df3c9fbb"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"a8c6ee5d0ededb59e6e5b8cf18fd6638f41b2cf0","unresolved":true,"context_lines":[{"line_number":61,"context_line":""},{"line_number":62,"context_line":"As of now, users can still access the console, even after the console"},{"line_number":63,"context_line":"authentication TTL has expired, until the console window or tab is"},{"line_number":64,"context_line":"refreshed."},{"line_number":65,"context_line":""},{"line_number":66,"context_line":"Use Cases"},{"line_number":67,"context_line":"---------"}],"source_content_type":"text/x-rst","patch_set":5,"id":"ccbb8d0e_eb0ef51b","line":64,"updated":"2023-12-06 11:51:49.000000000","message":"that is the intended behavior and not a probelm\n\n\nthe correct problems statment is \n\nToday it is not possibel to enforce temerination of console session when the the console token expires.","commit_id":"3f6266f16365ffe76622c449f14b57c7df3c9fbb"},{"author":{"_account_id":34860,"name":"Amit Uniyal","email":"auniyal@redhat.com","username":"auniyal"},"change_message_id":"e5aa83d9e88e6439ee53c5f2b407cf967ee13c26","unresolved":true,"context_lines":[{"line_number":61,"context_line":""},{"line_number":62,"context_line":"As of now, users can still access the console, even after the console"},{"line_number":63,"context_line":"authentication TTL has expired, until the console window or tab is"},{"line_number":64,"context_line":"refreshed."},{"line_number":65,"context_line":""},{"line_number":66,"context_line":"Use Cases"},{"line_number":67,"context_line":"---------"}],"source_content_type":"text/x-rst","patch_set":5,"id":"f2ed500f_25b0f4e3","line":64,"in_reply_to":"ccbb8d0e_eb0ef51b","updated":"2023-12-07 08:08:53.000000000","message":"Acknowledged","commit_id":"3f6266f16365ffe76622c449f14b57c7df3c9fbb"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"8e35c0d0bf1ccdcd5690b7ead65f8ad31eb92af9","unresolved":false,"context_lines":[{"line_number":61,"context_line":""},{"line_number":62,"context_line":"As of now, users can still access the console, even after the console"},{"line_number":63,"context_line":"authentication TTL has expired, until the console window or tab is"},{"line_number":64,"context_line":"refreshed."},{"line_number":65,"context_line":""},{"line_number":66,"context_line":"Use Cases"},{"line_number":67,"context_line":"---------"}],"source_content_type":"text/x-rst","patch_set":5,"id":"628f3f59_29a93944","line":64,"in_reply_to":"f2ed500f_25b0f4e3","updated":"2023-12-20 00:46:50.000000000","message":"Acknowledged","commit_id":"3f6266f16365ffe76622c449f14b57c7df3c9fbb"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"a8c6ee5d0ededb59e6e5b8cf18fd6638f41b2cf0","unresolved":true,"context_lines":[{"line_number":80,"context_line":""},{"line_number":81,"context_line":"Also, introduce a new consoleauth config option `enforce_session_timeout`"},{"line_number":82,"context_line":"that allows operator to enable or disable the token expiry check. It will"},{"line_number":83,"context_line":"be `disabled` by default, this gives flexibility to exisiting console users"},{"line_number":84,"context_line":"based on their specific requirements."},{"line_number":85,"context_line":""},{"line_number":86,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"0621bc48_3d064651","line":83,"range":{"start_line":83,"start_character":4,"end_line":83,"end_character":12},"updated":"2023-12-06 11:51:49.000000000","message":"this is a boolean so the default should be `False` not `disabled`","commit_id":"3f6266f16365ffe76622c449f14b57c7df3c9fbb"},{"author":{"_account_id":34860,"name":"Amit Uniyal","email":"auniyal@redhat.com","username":"auniyal"},"change_message_id":"e5aa83d9e88e6439ee53c5f2b407cf967ee13c26","unresolved":true,"context_lines":[{"line_number":80,"context_line":""},{"line_number":81,"context_line":"Also, introduce a new consoleauth config option `enforce_session_timeout`"},{"line_number":82,"context_line":"that allows operator to enable or disable the token expiry check. It will"},{"line_number":83,"context_line":"be `disabled` by default, this gives flexibility to exisiting console users"},{"line_number":84,"context_line":"based on their specific requirements."},{"line_number":85,"context_line":""},{"line_number":86,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"b829a7e9_01b7a26d","line":83,"range":{"start_line":83,"start_character":4,"end_line":83,"end_character":12},"in_reply_to":"0621bc48_3d064651","updated":"2023-12-07 08:08:53.000000000","message":"Acknowledged","commit_id":"3f6266f16365ffe76622c449f14b57c7df3c9fbb"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"8e35c0d0bf1ccdcd5690b7ead65f8ad31eb92af9","unresolved":false,"context_lines":[{"line_number":80,"context_line":""},{"line_number":81,"context_line":"Also, introduce a new consoleauth config option `enforce_session_timeout`"},{"line_number":82,"context_line":"that allows operator to enable or disable the token expiry check. It will"},{"line_number":83,"context_line":"be `disabled` by default, this gives flexibility to exisiting console users"},{"line_number":84,"context_line":"based on their specific requirements."},{"line_number":85,"context_line":""},{"line_number":86,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"a39dc8ea_9d02921f","line":83,"range":{"start_line":83,"start_character":4,"end_line":83,"end_character":12},"in_reply_to":"b829a7e9_01b7a26d","updated":"2023-12-20 00:46:50.000000000","message":"Done","commit_id":"3f6266f16365ffe76622c449f14b57c7df3c9fbb"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"a8c6ee5d0ededb59e6e5b8cf18fd6638f41b2cf0","unresolved":true,"context_lines":[{"line_number":105,"context_line":"---------------"},{"line_number":106,"context_line":""},{"line_number":107,"context_line":"This change makes console access safer as user must disconnect after a"},{"line_number":108,"context_line":"particular amount of time."},{"line_number":109,"context_line":""},{"line_number":110,"context_line":""},{"line_number":111,"context_line":"Notifications impact"}],"source_content_type":"text/x-rst","patch_set":5,"id":"c9b2e4ef_d0416aa6","line":108,"updated":"2023-12-06 11:51:49.000000000","message":"this is also incorrect it does not improve the saftey fo the console access\n\nThis change enable strict lifetimes for console access requiring reathencation on a  configurable interval.","commit_id":"3f6266f16365ffe76622c449f14b57c7df3c9fbb"},{"author":{"_account_id":34860,"name":"Amit Uniyal","email":"auniyal@redhat.com","username":"auniyal"},"change_message_id":"e5aa83d9e88e6439ee53c5f2b407cf967ee13c26","unresolved":true,"context_lines":[{"line_number":105,"context_line":"---------------"},{"line_number":106,"context_line":""},{"line_number":107,"context_line":"This change makes console access safer as user must disconnect after a"},{"line_number":108,"context_line":"particular amount of time."},{"line_number":109,"context_line":""},{"line_number":110,"context_line":""},{"line_number":111,"context_line":"Notifications impact"}],"source_content_type":"text/x-rst","patch_set":5,"id":"f0a79459_54ff89c6","line":108,"in_reply_to":"c9b2e4ef_d0416aa6","updated":"2023-12-07 08:08:53.000000000","message":"Acknowledged","commit_id":"3f6266f16365ffe76622c449f14b57c7df3c9fbb"},{"author":{"_account_id":34860,"name":"Amit Uniyal","email":"auniyal@redhat.com","username":"auniyal"},"change_message_id":"43584d829b6fcab078cd01df630645e510b5a1e0","unresolved":false,"context_lines":[{"line_number":105,"context_line":"---------------"},{"line_number":106,"context_line":""},{"line_number":107,"context_line":"This change makes console access safer as user must disconnect after a"},{"line_number":108,"context_line":"particular amount of time."},{"line_number":109,"context_line":""},{"line_number":110,"context_line":""},{"line_number":111,"context_line":"Notifications impact"}],"source_content_type":"text/x-rst","patch_set":5,"id":"486b9403_9fbfa8de","line":108,"in_reply_to":"f0a79459_54ff89c6","updated":"2024-01-29 04:43:28.000000000","message":"Done","commit_id":"3f6266f16365ffe76622c449f14b57c7df3c9fbb"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"8e35c0d0bf1ccdcd5690b7ead65f8ad31eb92af9","unresolved":true,"context_lines":[{"line_number":107,"context_line":"Security impact"},{"line_number":108,"context_line":"---------------"},{"line_number":109,"context_line":""},{"line_number":110,"context_line":"This change enable strict time span for console access requiring,"},{"line_number":111,"context_line":"While it doesn\u0027t inherently enhance the safety of console access,"},{"line_number":112,"context_line":"it ensures that users must reauthenticate after a specified time"},{"line_number":113,"context_line":"period."}],"source_content_type":"text/x-rst","patch_set":6,"id":"cf9324f3_8276fdbc","line":110,"updated":"2023-12-20 00:46:50.000000000","message":"delete requiring","commit_id":"2a59cf0998deda81e8be7aa29a63f03bb5341462"}]}