)]}'
{"nova/conf/service_token.py":[{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"9c327d836e2a4b78838b990afe3270f3f6f45dcd","unresolved":false,"context_lines":[{"line_number":22,"context_line":"    SERVICE_USER_GROUP,"},{"line_number":23,"context_line":"    title \u003d \u0027Service token authentication type options\u0027,"},{"line_number":24,"context_line":"    help \u003d \"\"\""},{"line_number":25,"context_line":"Configuration options for service to service authentication using"},{"line_number":26,"context_line":"service token."},{"line_number":27,"context_line":"\"\"\""},{"line_number":28,"context_line":")"},{"line_number":29,"context_line":""}],"source_content_type":"text/x-python","patch_set":5,"id":"1a6eadb0_eee60cb3","line":26,"range":{"start_line":25,"start_character":0,"end_line":26,"end_character":14},"updated":"2016-12-14 17:40:23.000000000","message":"I think we should give a little more context here. Something like:\n\nOptions relating to sending a service token along with the user\u0027s token when contacting external REST APIs?","commit_id":"dbd2c9670976adcb492c70bb4855cc5d938c5c95"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"a6bab2a25908a3ff2054415b0eb7443069e86569","unresolved":false,"context_lines":[{"line_number":22,"context_line":"    SERVICE_USER_GROUP,"},{"line_number":23,"context_line":"    title \u003d \u0027Service token authentication type options\u0027,"},{"line_number":24,"context_line":"    help \u003d \"\"\""},{"line_number":25,"context_line":"Configuration options for service to service authentication using"},{"line_number":26,"context_line":"service token."},{"line_number":27,"context_line":"\"\"\""},{"line_number":28,"context_line":")"},{"line_number":29,"context_line":""}],"source_content_type":"text/x-python","patch_set":5,"id":"1a6eadb0_3833ddac","line":26,"range":{"start_line":25,"start_character":0,"end_line":26,"end_character":14},"in_reply_to":"1a6eadb0_eee60cb3","updated":"2016-12-14 21:43:57.000000000","message":"Done","commit_id":"dbd2c9670976adcb492c70bb4855cc5d938c5c95"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"9c327d836e2a4b78838b990afe3270f3f6f45dcd","unresolved":false,"context_lines":[{"line_number":31,"context_line":"    cfg.BoolOpt(\u0027send_service_user_token\u0027,"},{"line_number":32,"context_line":"                default\u003dFalse,"},{"line_number":33,"context_line":"                help\u003d\"\"\""},{"line_number":34,"context_line":"Allows validating request with service token for interservice"},{"line_number":35,"context_line":"communication."},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"OpenStack services only communicate with each other over the public REST APIs."},{"line_number":38,"context_line":"While making service to service requests, Keystone auth_token middleware"},{"line_number":39,"context_line":"provides a way to add both the user and service token."},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"If True, Keystoneauth checks if a expired token is submitted to it along with"},{"line_number":42,"context_line":"an \"X-Service-Token\" with an service role. It will validate that token and"}],"source_content_type":"text/x-python","patch_set":5,"id":"1a6eadb0_8e1038aa","line":39,"range":{"start_line":34,"start_character":0,"end_line":39,"end_character":54},"updated":"2016-12-14 17:40:23.000000000","message":"I don\u0027t really get what you are trying to say here. Operators will need to read this, think about what they need to know. this is a bit tricky to explain to users, but I think we want something that talks about these things:\n\n\nWhen True, if sending a user token to an REST API, also send a service token.\n\nNova often reuses the user token provided to the nova-api to talk to other REST APIs, such as Glance, Cinder and Neutron. If possible that while the user token was valid when the request was made to Nova, the token may have expired before it reaches the other service. To avoid any failures, and to make it clear it is Nova calling the service on the users behalf, we include a server token along with the user token. Should the user\u0027s token have expired, a valid service token ensures the REST API request will still be accepted by the keystone middleware.\n\nThis feature is currently experimental, and as such is turned off by default while full testing and performance tuning of this feature is completed.","commit_id":"dbd2c9670976adcb492c70bb4855cc5d938c5c95"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"a6bab2a25908a3ff2054415b0eb7443069e86569","unresolved":false,"context_lines":[{"line_number":31,"context_line":"    cfg.BoolOpt(\u0027send_service_user_token\u0027,"},{"line_number":32,"context_line":"                default\u003dFalse,"},{"line_number":33,"context_line":"                help\u003d\"\"\""},{"line_number":34,"context_line":"Allows validating request with service token for interservice"},{"line_number":35,"context_line":"communication."},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"OpenStack services only communicate with each other over the public REST APIs."},{"line_number":38,"context_line":"While making service to service requests, Keystone auth_token middleware"},{"line_number":39,"context_line":"provides a way to add both the user and service token."},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"If True, Keystoneauth checks if a expired token is submitted to it along with"},{"line_number":42,"context_line":"an \"X-Service-Token\" with an service role. It will validate that token and"}],"source_content_type":"text/x-python","patch_set":5,"id":"1a6eadb0_5824195f","line":39,"range":{"start_line":34,"start_character":0,"end_line":39,"end_character":54},"in_reply_to":"1a6eadb0_8e1038aa","updated":"2016-12-14 21:43:57.000000000","message":"Done","commit_id":"dbd2c9670976adcb492c70bb4855cc5d938c5c95"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"9c327d836e2a4b78838b990afe3270f3f6f45dcd","unresolved":false,"context_lines":[{"line_number":38,"context_line":"While making service to service requests, Keystone auth_token middleware"},{"line_number":39,"context_line":"provides a way to add both the user and service token."},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"If True, Keystoneauth checks if a expired token is submitted to it along with"},{"line_number":42,"context_line":"an \"X-Service-Token\" with an service role. It will validate that token and"},{"line_number":43,"context_line":"ignore the expiration on the user token."},{"line_number":44,"context_line":"\"\"\"),"},{"line_number":45,"context_line":"]"},{"line_number":46,"context_line":""}],"source_content_type":"text/x-python","patch_set":5,"id":"1a6eadb0_ce695027","line":43,"range":{"start_line":41,"start_character":0,"end_line":43,"end_character":40},"updated":"2016-12-14 17:40:23.000000000","message":"Thats is not quite what happens, see my note above.","commit_id":"dbd2c9670976adcb492c70bb4855cc5d938c5c95"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"a6bab2a25908a3ff2054415b0eb7443069e86569","unresolved":false,"context_lines":[{"line_number":38,"context_line":"While making service to service requests, Keystone auth_token middleware"},{"line_number":39,"context_line":"provides a way to add both the user and service token."},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"If True, Keystoneauth checks if a expired token is submitted to it along with"},{"line_number":42,"context_line":"an \"X-Service-Token\" with an service role. It will validate that token and"},{"line_number":43,"context_line":"ignore the expiration on the user token."},{"line_number":44,"context_line":"\"\"\"),"},{"line_number":45,"context_line":"]"},{"line_number":46,"context_line":""}],"source_content_type":"text/x-python","patch_set":5,"id":"1a6eadb0_b81fed06","line":43,"range":{"start_line":41,"start_character":0,"end_line":43,"end_character":40},"in_reply_to":"1a6eadb0_ce695027","updated":"2016-12-14 21:43:57.000000000","message":"Done","commit_id":"dbd2c9670976adcb492c70bb4855cc5d938c5c95"},{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"f53fb5115690de97da3b4a03e22f7957c44f047b","unresolved":false,"context_lines":[{"line_number":35,"context_line":"When True, if sending a user token to an REST API, also send a service token."},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"Nova often reuses the user token provided to the nova-api to talk to other"},{"line_number":38,"context_line":"REST APIs, such as Glance, Cinder and Neutron. If possible that while the"},{"line_number":39,"context_line":"user token was valid when the request was made to Nova, the token may have"},{"line_number":40,"context_line":"expired before it reaches the other service. To avoid any failures, and to"},{"line_number":41,"context_line":"make it clear it is Nova calling the service on the users behalf, we include"}],"source_content_type":"text/x-python","patch_set":7,"id":"da4df55a_7cbc4dbb","line":38,"range":{"start_line":38,"start_character":47,"end_line":38,"end_character":49},"updated":"2016-12-28 20:45:24.000000000","message":"It is possible?","commit_id":"9825123d322ec071e753e095acaa7e91c143af67"},{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"f53fb5115690de97da3b4a03e22f7957c44f047b","unresolved":false,"context_lines":[{"line_number":36,"context_line":""},{"line_number":37,"context_line":"Nova often reuses the user token provided to the nova-api to talk to other"},{"line_number":38,"context_line":"REST APIs, such as Glance, Cinder and Neutron. If possible that while the"},{"line_number":39,"context_line":"user token was valid when the request was made to Nova, the token may have"},{"line_number":40,"context_line":"expired before it reaches the other service. To avoid any failures, and to"},{"line_number":41,"context_line":"make it clear it is Nova calling the service on the users behalf, we include"},{"line_number":42,"context_line":"a server token along with the user token. Should the user\u0027s token have"}],"source_content_type":"text/x-python","patch_set":7,"id":"da4df55a_9caf317c","line":39,"range":{"start_line":39,"start_character":70,"end_line":39,"end_character":74},"updated":"2016-12-28 20:45:24.000000000","message":"I\u0027d probably drop \u0027have\u0027 so this reads as:\n\n\"It is possible that while the user token was valid when the request was made to Nova, the token may expire before it reaches the other service.\"","commit_id":"9825123d322ec071e753e095acaa7e91c143af67"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"8790ab85e73b7b8581058c2e75219eff4105e572","unresolved":false,"context_lines":[{"line_number":36,"context_line":""},{"line_number":37,"context_line":"Nova often reuses the user token provided to the nova-api to talk to other"},{"line_number":38,"context_line":"REST APIs, such as Glance, Cinder and Neutron. If possible that while the"},{"line_number":39,"context_line":"user token was valid when the request was made to Nova, the token may have"},{"line_number":40,"context_line":"expired before it reaches the other service. To avoid any failures, and to"},{"line_number":41,"context_line":"make it clear it is Nova calling the service on the users behalf, we include"},{"line_number":42,"context_line":"a server token along with the user token. Should the user\u0027s token have"}],"source_content_type":"text/x-python","patch_set":7,"id":"ba5201f7_05202bf6","line":39,"range":{"start_line":39,"start_character":70,"end_line":39,"end_character":74},"in_reply_to":"da4df55a_9caf317c","updated":"2017-01-06 20:22:02.000000000","message":"Done","commit_id":"9825123d322ec071e753e095acaa7e91c143af67"},{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"84a70705fa0b09dc834561403786c5bbe65b0efb","unresolved":false,"context_lines":[{"line_number":1,"context_line":"# Copyright 2016 OpenStack Foundation"},{"line_number":2,"context_line":"# All Rights Reserved."},{"line_number":3,"context_line":"#"},{"line_number":4,"context_line":"#    Licensed under the Apache License, Version 2.0 (the \"License\"); you may"},{"line_number":5,"context_line":"#    not use this file except in compliance with the License. You may obtain"}],"source_content_type":"text/x-python","patch_set":11,"id":"ba5201f7_f6803b8d","line":2,"range":{"start_line":1,"start_character":0,"end_line":2,"end_character":22},"updated":"2017-01-06 22:34:03.000000000","message":"nit: we don\u0027t need these headers","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"79e59241de1eecaf6211d78e4b7b950e89fc9f5e","unresolved":false,"context_lines":[{"line_number":1,"context_line":"# Copyright 2016 OpenStack Foundation"},{"line_number":2,"context_line":"# All Rights Reserved."},{"line_number":3,"context_line":"#"},{"line_number":4,"context_line":"#    Licensed under the Apache License, Version 2.0 (the \"License\"); you may"},{"line_number":5,"context_line":"#    not use this file except in compliance with the License. You may obtain"}],"source_content_type":"text/x-python","patch_set":11,"id":"ba5201f7_4c6ce208","line":2,"range":{"start_line":1,"start_character":0,"end_line":2,"end_character":22},"in_reply_to":"ba5201f7_f6803b8d","updated":"2017-01-09 18:21:33.000000000","message":"Done","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"84a70705fa0b09dc834561403786c5bbe65b0efb","unresolved":false,"context_lines":[{"line_number":23,"context_line":"    title \u003d \u0027Service token authentication type options\u0027,"},{"line_number":24,"context_line":"    help \u003d \"\"\""},{"line_number":25,"context_line":"Configuration options for service to service authentication using"},{"line_number":26,"context_line":"service token. These options allow to send a service token along with the"},{"line_number":27,"context_line":"user\u0027s token when contacting external REST APIs."},{"line_number":28,"context_line":"\"\"\""},{"line_number":29,"context_line":")"}],"source_content_type":"text/x-python","patch_set":11,"id":"ba5201f7_76436b6c","line":26,"range":{"start_line":26,"start_character":8,"end_line":26,"end_character":13},"updated":"2017-01-06 22:34:03.000000000","message":"Either say \u0027using a service token\u0027 or \u0027using service tokens\u0027.","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"79e59241de1eecaf6211d78e4b7b950e89fc9f5e","unresolved":false,"context_lines":[{"line_number":23,"context_line":"    title \u003d \u0027Service token authentication type options\u0027,"},{"line_number":24,"context_line":"    help \u003d \"\"\""},{"line_number":25,"context_line":"Configuration options for service to service authentication using"},{"line_number":26,"context_line":"service token. These options allow to send a service token along with the"},{"line_number":27,"context_line":"user\u0027s token when contacting external REST APIs."},{"line_number":28,"context_line":"\"\"\""},{"line_number":29,"context_line":")"}],"source_content_type":"text/x-python","patch_set":11,"id":"ba5201f7_6c71a6e0","line":26,"range":{"start_line":26,"start_character":8,"end_line":26,"end_character":13},"in_reply_to":"ba5201f7_76436b6c","updated":"2017-01-09 18:21:33.000000000","message":"Done","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"d7a6257a2126d3931d25cbf24aa9e5f732890eda","unresolved":false,"context_lines":[{"line_number":35,"context_line":"When True, if sending a user token to an REST API, also send a service token."},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"Nova often reuses the user token provided to the nova-api to talk to other"},{"line_number":38,"context_line":"REST APIs, such as Glance, Cinder and Neutron. It is possible that while the"},{"line_number":39,"context_line":"user token was valid when the request was made to Nova, the token may expire"},{"line_number":40,"context_line":"before it reaches the other service. To avoid any failures, and to"},{"line_number":41,"context_line":"make it clear it is Nova calling the service on the users behalf, we include"}],"source_content_type":"text/x-python","patch_set":11,"id":"ba5201f7_f30f4a86","line":38,"range":{"start_line":38,"start_character":19,"end_line":38,"end_character":25},"updated":"2017-01-09 09:56:43.000000000","message":"Lets drop glance to stop any confusion.","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"79e59241de1eecaf6211d78e4b7b950e89fc9f5e","unresolved":false,"context_lines":[{"line_number":35,"context_line":"When True, if sending a user token to an REST API, also send a service token."},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"Nova often reuses the user token provided to the nova-api to talk to other"},{"line_number":38,"context_line":"REST APIs, such as Glance, Cinder and Neutron. It is possible that while the"},{"line_number":39,"context_line":"user token was valid when the request was made to Nova, the token may expire"},{"line_number":40,"context_line":"before it reaches the other service. To avoid any failures, and to"},{"line_number":41,"context_line":"make it clear it is Nova calling the service on the users behalf, we include"}],"source_content_type":"text/x-python","patch_set":11,"id":"ba5201f7_ec7d96b2","line":38,"range":{"start_line":38,"start_character":19,"end_line":38,"end_character":25},"in_reply_to":"ba5201f7_f30f4a86","updated":"2017-01-09 18:21:33.000000000","message":"Done","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"d7a6257a2126d3931d25cbf24aa9e5f732890eda","unresolved":false,"context_lines":[{"line_number":44,"context_line":"accepted by the keystone middleware."},{"line_number":45,"context_line":""},{"line_number":46,"context_line":"This feature is currently experimental, and as such is turned off by default"},{"line_number":47,"context_line":"while full testing and performance tuning of this feature is completed."},{"line_number":48,"context_line":"\"\"\"),"},{"line_number":49,"context_line":"]"},{"line_number":50,"context_line":""}],"source_content_type":"text/x-python","patch_set":11,"id":"ba5201f7_9310bead","line":47,"updated":"2017-01-09 09:56:43.000000000","message":"We should probably also note it currently only works with neutron and cinder, well I guess in this patch only cinder.","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"79e59241de1eecaf6211d78e4b7b950e89fc9f5e","unresolved":false,"context_lines":[{"line_number":44,"context_line":"accepted by the keystone middleware."},{"line_number":45,"context_line":""},{"line_number":46,"context_line":"This feature is currently experimental, and as such is turned off by default"},{"line_number":47,"context_line":"while full testing and performance tuning of this feature is completed."},{"line_number":48,"context_line":"\"\"\"),"},{"line_number":49,"context_line":"]"},{"line_number":50,"context_line":""}],"source_content_type":"text/x-python","patch_set":11,"id":"ba5201f7_8c240ac7","line":47,"in_reply_to":"ba5201f7_9310bead","updated":"2017-01-09 18:21:33.000000000","message":"So I mentioned this in release notes, Do we need to add this here as well? If yes then I will add a TODO to remove when we support Glance.","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"a25fed6393fd1106c25f0dd0342f9fcdd899cc72","unresolved":false,"context_lines":[{"line_number":32,"context_line":"When True, if sending a user token to an REST API, also send a service token."},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"Nova often reuses the user token provided to the nova-api to talk to other"},{"line_number":35,"context_line":"REST APIs, such as Cinder and Neutron. It is possible that while the"},{"line_number":36,"context_line":"user token was valid when the request was made to Nova, the token may expire"},{"line_number":37,"context_line":"before it reaches the other service. To avoid any failures, and to"},{"line_number":38,"context_line":"make it clear it is Nova calling the service on the users behalf, we include"}],"source_content_type":"text/x-python","patch_set":13,"id":"ba5201f7_69c76d98","line":35,"range":{"start_line":35,"start_character":26,"end_line":35,"end_character":37},"updated":"2017-01-11 15:17:27.000000000","message":"I think John mentioned this earlier, but until we support sending a service token to Neutron we might not want to mention it here.","commit_id":"6cd7ad699857febde95f272077c7ef33af443d7a"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"5a99e066b293b5f9b8b95e8ceb2dd87793e140f4","unresolved":false,"context_lines":[{"line_number":32,"context_line":"When True, if sending a user token to an REST API, also send a service token."},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"Nova often reuses the user token provided to the nova-api to talk to other"},{"line_number":35,"context_line":"REST APIs, such as Cinder and Neutron. It is possible that while the"},{"line_number":36,"context_line":"user token was valid when the request was made to Nova, the token may expire"},{"line_number":37,"context_line":"before it reaches the other service. To avoid any failures, and to"},{"line_number":38,"context_line":"make it clear it is Nova calling the service on the users behalf, we include"}],"source_content_type":"text/x-python","patch_set":13,"id":"ba5201f7_0fbfc1aa","line":35,"range":{"start_line":35,"start_character":26,"end_line":35,"end_character":37},"in_reply_to":"ba5201f7_69c76d98","updated":"2017-01-11 15:50:09.000000000","message":"Done","commit_id":"6cd7ad699857febde95f272077c7ef33af443d7a"}],"nova/service_auth.py":[{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"a25fed6393fd1106c25f0dd0342f9fcdd899cc72","unresolved":false,"context_lines":[{"line_number":22,"context_line":"_SERVICE_AUTH \u003d None"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":""},{"line_number":25,"context_line":"def reset_globals():"},{"line_number":26,"context_line":"    \"\"\"Testing method to reset globals."},{"line_number":27,"context_line":"    \"\"\""},{"line_number":28,"context_line":"    global _SERVICE_AUTH"},{"line_number":29,"context_line":"    _SERVICE_AUTH \u003d None"},{"line_number":30,"context_line":""},{"line_number":31,"context_line":""},{"line_number":32,"context_line":"def get_auth_plugin(context):"}],"source_content_type":"text/x-python","patch_set":13,"id":"ba5201f7_e9527ddd","line":29,"range":{"start_line":25,"start_character":0,"end_line":29,"end_character":24},"updated":"2017-01-11 15:17:27.000000000","message":"We should not repeat this pattern, it\u0027s only caused issues in testing. Tests should properly mock out the _SERVICE_AUTH variable in this module when testing, they shouldn\u0027t rely on the global.\n\nSee https://review.openstack.org/#/c/417206/ for an example of where this can go wrong.\n\nBTW, this isn\u0027t even leveraged in the test so we don\u0027t need it anyway.","commit_id":"6cd7ad699857febde95f272077c7ef33af443d7a"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"5a99e066b293b5f9b8b95e8ceb2dd87793e140f4","unresolved":false,"context_lines":[{"line_number":22,"context_line":"_SERVICE_AUTH \u003d None"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":""},{"line_number":25,"context_line":"def reset_globals():"},{"line_number":26,"context_line":"    \"\"\"Testing method to reset globals."},{"line_number":27,"context_line":"    \"\"\""},{"line_number":28,"context_line":"    global _SERVICE_AUTH"},{"line_number":29,"context_line":"    _SERVICE_AUTH \u003d None"},{"line_number":30,"context_line":""},{"line_number":31,"context_line":""},{"line_number":32,"context_line":"def get_auth_plugin(context):"}],"source_content_type":"text/x-python","patch_set":13,"id":"ba5201f7_8fb2d1e3","line":29,"range":{"start_line":25,"start_character":0,"end_line":29,"end_character":24},"in_reply_to":"ba5201f7_e9527ddd","updated":"2017-01-11 15:50:09.000000000","message":"Done","commit_id":"6cd7ad699857febde95f272077c7ef33af443d7a"},{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"a25fed6393fd1106c25f0dd0342f9fcdd899cc72","unresolved":false,"context_lines":[{"line_number":30,"context_line":""},{"line_number":31,"context_line":""},{"line_number":32,"context_line":"def get_auth_plugin(context):"},{"line_number":33,"context_line":"    global _SERVICE_AUTH"},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"    user_auth \u003d context.get_auth_plugin()"},{"line_number":36,"context_line":""}],"source_content_type":"text/x-python","patch_set":13,"id":"ba5201f7_89ad719d","line":33,"updated":"2017-01-11 15:17:27.000000000","message":"nit: you could wait to declare this until before it\u0027s used on L38, so between L37 and L38.","commit_id":"6cd7ad699857febde95f272077c7ef33af443d7a"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"5a99e066b293b5f9b8b95e8ceb2dd87793e140f4","unresolved":false,"context_lines":[{"line_number":30,"context_line":""},{"line_number":31,"context_line":""},{"line_number":32,"context_line":"def get_auth_plugin(context):"},{"line_number":33,"context_line":"    global _SERVICE_AUTH"},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"    user_auth \u003d context.get_auth_plugin()"},{"line_number":36,"context_line":""}],"source_content_type":"text/x-python","patch_set":13,"id":"ba5201f7_afcb1552","line":33,"in_reply_to":"ba5201f7_89ad719d","updated":"2017-01-11 15:50:09.000000000","message":"Done","commit_id":"6cd7ad699857febde95f272077c7ef33af443d7a"}],"nova/tests/unit/volume/test_cinder.py":[{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"0d2c9db25edbf1ed17c5ee0f3229c5a57ab58f90","unresolved":false,"context_lines":[{"line_number":80,"context_line":"        mock_get_auth_plugin.return_value \u003d None"},{"line_number":81,"context_line":"        self.assertRaises(exception.Unauthorized, cinder.cinderclient, self.ctx)"},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"    def test_cinderclient_with_service_user(self):"},{"line_number":84,"context_line":"        CONF.set_override(\u0027send_service_user_token\u0027, True, group\u003d\u0027service_user\u0027)"},{"line_number":85,"context_line":"        cinder.cinderclient(self.ctx)"},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"class CinderApiTestCase(test.NoDBTestCase):"},{"line_number":88,"context_line":"    def setUp(self):"}],"source_content_type":"text/x-python","patch_set":8,"id":"ba5201f7_e21504e5","line":85,"range":{"start_line":83,"start_character":8,"end_line":85,"end_character":37},"updated":"2017-01-05 20:37:53.000000000","message":"Need to improve on these tests.","commit_id":"5f2a064b8d9564b36447259302d9415fc5a26ca8"}],"nova/volume/cinder.py":[{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"68e9f6fb79d93da1e4705cb8d4893251214add78","unresolved":false,"context_lines":[{"line_number":50,"context_line":"_SESSION \u003d None"},{"line_number":51,"context_line":"_V1_ERROR_RAISED \u003d False"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"service_group \u003d \u0027keystone_authtoken\u0027"},{"line_number":54,"context_line":"ks_loading.register_auth_conf_options(CONF, group\u003dservice_group)"},{"line_number":55,"context_line":""},{"line_number":56,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"7a77a97e_4e084229","line":53,"range":{"start_line":53,"start_character":17,"end_line":53,"end_character":35},"updated":"2016-11-21 15:57:36.000000000","message":"I think we said service_token in here.","commit_id":"070a0c6274842fc87563c966505219798502ec55"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"68e9f6fb79d93da1e4705cb8d4893251214add78","unresolved":false,"context_lines":[{"line_number":51,"context_line":"_V1_ERROR_RAISED \u003d False"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"service_group \u003d \u0027keystone_authtoken\u0027"},{"line_number":54,"context_line":"ks_loading.register_auth_conf_options(CONF, group\u003dservice_group)"},{"line_number":55,"context_line":""},{"line_number":56,"context_line":""},{"line_number":57,"context_line":"def reset_globals():"}],"source_content_type":"text/x-python","patch_set":2,"id":"7a77a97e_0e4c8a75","line":54,"updated":"2016-11-21 15:57:36.000000000","message":"This should live in nova/conf/","commit_id":"070a0c6274842fc87563c966505219798502ec55"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"5de20a7a506581ecf7dac6626d413066bd9b7387","unresolved":false,"context_lines":[{"line_number":67,"context_line":""},{"line_number":68,"context_line":"    service_auth \u003d ks_loading.load_auth_from_conf_options(CONF,"},{"line_number":69,"context_line":"                                                          group\u003dservice_group)"},{"line_number":70,"context_line":"    auth \u003d context.get_auth_plugin()"},{"line_number":71,"context_line":"    wrapper \u003d service_token.ServiceTokenAuthWrapper(user_auth\u003dauth,"},{"line_number":72,"context_line":"                                                    service_auth\u003dservice_auth)"},{"line_number":73,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"7a77a97e_eb73c013","line":70,"range":{"start_line":70,"start_character":4,"end_line":70,"end_character":8},"updated":"2016-11-21 15:54:17.000000000","message":"I would call this user_auth","commit_id":"070a0c6274842fc87563c966505219798502ec55"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"5de20a7a506581ecf7dac6626d413066bd9b7387","unresolved":false,"context_lines":[{"line_number":68,"context_line":"    service_auth \u003d ks_loading.load_auth_from_conf_options(CONF,"},{"line_number":69,"context_line":"                                                          group\u003dservice_group)"},{"line_number":70,"context_line":"    auth \u003d context.get_auth_plugin()"},{"line_number":71,"context_line":"    wrapper \u003d service_token.ServiceTokenAuthWrapper(user_auth\u003dauth,"},{"line_number":72,"context_line":"                                                    service_auth\u003dservice_auth)"},{"line_number":73,"context_line":""},{"line_number":74,"context_line":"    if not _SESSION:"}],"source_content_type":"text/x-python","patch_set":2,"id":"7a77a97e_2b64d847","line":71,"range":{"start_line":71,"start_character":4,"end_line":71,"end_character":11},"updated":"2016-11-21 15:54:17.000000000","message":"Maybe just call this auth?","commit_id":"070a0c6274842fc87563c966505219798502ec55"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"5de20a7a506581ecf7dac6626d413066bd9b7387","unresolved":false,"context_lines":[{"line_number":73,"context_line":""},{"line_number":74,"context_line":"    if not _SESSION:"},{"line_number":75,"context_line":"        _SESSION \u003d ks_loading.load_session_from_conf_options("},{"line_number":76,"context_line":"            CONF, nova.conf.cinder.cinder_group.name, auth\u003dwrapper)"},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"    url \u003d None"},{"line_number":79,"context_line":"    endpoint_override \u003d None"}],"source_content_type":"text/x-python","patch_set":2,"id":"7a77a97e_ebe1009c","line":76,"range":{"start_line":76,"start_character":52,"end_line":76,"end_character":66},"updated":"2016-11-21 15:54:17.000000000","message":"Not sure if want this here, we pass auth separately below. I believe thats OK, but I am not sure.","commit_id":"070a0c6274842fc87563c966505219798502ec55"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"5de20a7a506581ecf7dac6626d413066bd9b7387","unresolved":false,"context_lines":[{"line_number":89,"context_line":"        url \u003d CONF.cinder.endpoint_template % context.to_dict()"},{"line_number":90,"context_line":"        endpoint_override \u003d url"},{"line_number":91,"context_line":"    else:"},{"line_number":92,"context_line":"        url \u003d _SESSION.get_endpoint(auth, **service_parameters)"},{"line_number":93,"context_line":""},{"line_number":94,"context_line":"    # TODO(jamielennox): This should be using proper version discovery from"},{"line_number":95,"context_line":"    # the cinder service rather than just inspecting the URL for certain string"}],"source_content_type":"text/x-python","patch_set":2,"id":"7a77a97e_8b6c0c38","line":92,"range":{"start_line":92,"start_character":36,"end_line":92,"end_character":40},"updated":"2016-11-21 15:54:17.000000000","message":"I think you want wrapper here?","commit_id":"070a0c6274842fc87563c966505219798502ec55"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"5de20a7a506581ecf7dac6626d413066bd9b7387","unresolved":false,"context_lines":[{"line_number":106,"context_line":""},{"line_number":107,"context_line":"    return cinder_client.Client(version,"},{"line_number":108,"context_line":"                                session\u003d_SESSION,"},{"line_number":109,"context_line":"                                auth\u003dauth,"},{"line_number":110,"context_line":"                                endpoint_override\u003dendpoint_override,"},{"line_number":111,"context_line":"                                connect_retries\u003dCONF.cinder.http_retries,"},{"line_number":112,"context_line":"                                **service_parameters)"}],"source_content_type":"text/x-python","patch_set":2,"id":"7a77a97e_2b7db8e7","line":109,"updated":"2016-11-21 15:54:17.000000000","message":"I think auth\u003dwrapper is what you want with the current variable names.","commit_id":"070a0c6274842fc87563c966505219798502ec55"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"98259dfe35ace71333637203bfbd239af79e353a","unresolved":false,"context_lines":[{"line_number":62,"context_line":"    global _SESSION"},{"line_number":63,"context_line":"    global _V1_ERROR_RAISED"},{"line_number":64,"context_line":""},{"line_number":65,"context_line":"    service_auth \u003d ks_loading.load_auth_from_conf_options("},{"line_number":66,"context_line":"                       CONF,"},{"line_number":67,"context_line":"                       group\u003dnova.conf.service_token.SERVICE_TOKEN_GROUP)"},{"line_number":68,"context_line":""}],"source_content_type":"text/x-python","patch_set":3,"id":"3a71b18c_a16f2791","line":65,"updated":"2016-12-01 15:55:12.000000000","message":"We need to skip apply the wrapper and loading the service auth based on a CONF that says whether we should use a service token or not. We need to default to False for this cycle.\n\nThat should fix the tests.","commit_id":"cf977c9957321e2c8cb4da794b74aea75020d2f3"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"98259dfe35ace71333637203bfbd239af79e353a","unresolved":false,"context_lines":[{"line_number":72,"context_line":""},{"line_number":73,"context_line":"    if not _SESSION:"},{"line_number":74,"context_line":"        _SESSION \u003d ks_loading.load_session_from_conf_options("},{"line_number":75,"context_line":"            CONF, nova.conf.cinder.cinder_group.name, auth\u003dauth)"},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"    url \u003d None"},{"line_number":78,"context_line":"    endpoint_override \u003d None"}],"source_content_type":"text/x-python","patch_set":3,"id":"3a71b18c_21eeb722","line":75,"range":{"start_line":75,"start_character":52,"end_line":75,"end_character":64},"updated":"2016-12-01 15:55:12.000000000","message":"Why did you add auth here? Is that needed?","commit_id":"cf977c9957321e2c8cb4da794b74aea75020d2f3"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"9c327d836e2a4b78838b990afe3270f3f6f45dcd","unresolved":false,"context_lines":[{"line_number":68,"context_line":"        service_auth \u003d ks_loading.load_auth_from_conf_options("},{"line_number":69,"context_line":"                           CONF,"},{"line_number":70,"context_line":"                           group\u003dnova.conf.service_token.SERVICE_USER_GROUP)"},{"line_number":71,"context_line":""},{"line_number":72,"context_line":"        user_auth \u003d context.get_auth_plugin()"},{"line_number":73,"context_line":"        auth \u003d service_token.ServiceTokenAuthWrapper("},{"line_number":74,"context_line":"                   user_auth\u003duser_auth,"}],"source_content_type":"text/x-python","patch_set":5,"id":"1a6eadb0_8ebaf86c","line":71,"updated":"2016-12-14 17:40:23.000000000","message":"Nit: I would remove this blank line.","commit_id":"dbd2c9670976adcb492c70bb4855cc5d938c5c95"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"a6bab2a25908a3ff2054415b0eb7443069e86569","unresolved":false,"context_lines":[{"line_number":68,"context_line":"        service_auth \u003d ks_loading.load_auth_from_conf_options("},{"line_number":69,"context_line":"                           CONF,"},{"line_number":70,"context_line":"                           group\u003dnova.conf.service_token.SERVICE_USER_GROUP)"},{"line_number":71,"context_line":""},{"line_number":72,"context_line":"        user_auth \u003d context.get_auth_plugin()"},{"line_number":73,"context_line":"        auth \u003d service_token.ServiceTokenAuthWrapper("},{"line_number":74,"context_line":"                   user_auth\u003duser_auth,"}],"source_content_type":"text/x-python","patch_set":5,"id":"1a6eadb0_f815e5e4","line":71,"in_reply_to":"1a6eadb0_8ebaf86c","updated":"2016-12-14 21:43:57.000000000","message":"Done","commit_id":"dbd2c9670976adcb492c70bb4855cc5d938c5c95"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"9c327d836e2a4b78838b990afe3270f3f6f45dcd","unresolved":false,"context_lines":[{"line_number":76,"context_line":"    else:"},{"line_number":77,"context_line":"        auth \u003d context.get_auth_plugin()"},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"    if not auth:"},{"line_number":80,"context_line":"        raise exception.Unauthorized()"},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"    if not _SESSION:"},{"line_number":83,"context_line":"        _SESSION \u003d ks_loading.load_session_from_conf_options("}],"source_content_type":"text/x-python","patch_set":5,"id":"1a6eadb0_6ee91c80","line":80,"range":{"start_line":79,"start_character":0,"end_line":80,"end_character":38},"updated":"2016-12-14 17:40:23.000000000","message":"How is this possible? Not sure why we are checking this here.","commit_id":"dbd2c9670976adcb492c70bb4855cc5d938c5c95"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"bec8325437794c2a2d7758681cee25afb29b1f42","unresolved":false,"context_lines":[{"line_number":76,"context_line":"    else:"},{"line_number":77,"context_line":"        auth \u003d context.get_auth_plugin()"},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"    if not auth:"},{"line_number":80,"context_line":"        raise exception.Unauthorized()"},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"    if not _SESSION:"},{"line_number":83,"context_line":"        _SESSION \u003d ks_loading.load_session_from_conf_options("}],"source_content_type":"text/x-python","patch_set":5,"id":"1a6eadb0_e93526da","line":80,"range":{"start_line":79,"start_character":0,"end_line":80,"end_character":38},"in_reply_to":"1a6eadb0_6ee91c80","updated":"2016-12-14 17:43:25.000000000","message":"Oh wait... I kinda see what you mean now from the neutron side of things.\n\nIts possible a periodic task calls into here, and in that case there is no user token in the context, and we should error out.\n\nI think really this is a separate change, and should happen on line 66 here, with something like this:\n\nuser_auth \u003d context.get_auth_plugin()\nif not user_auth:\n    raise exception.Unauthorized()","commit_id":"dbd2c9670976adcb492c70bb4855cc5d938c5c95"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"a6bab2a25908a3ff2054415b0eb7443069e86569","unresolved":false,"context_lines":[{"line_number":76,"context_line":"    else:"},{"line_number":77,"context_line":"        auth \u003d context.get_auth_plugin()"},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"    if not auth:"},{"line_number":80,"context_line":"        raise exception.Unauthorized()"},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"    if not _SESSION:"},{"line_number":83,"context_line":"        _SESSION \u003d ks_loading.load_session_from_conf_options("}],"source_content_type":"text/x-python","patch_set":5,"id":"1a6eadb0_38dafd4c","line":80,"range":{"start_line":79,"start_character":0,"end_line":80,"end_character":38},"in_reply_to":"1a6eadb0_e93526da","updated":"2016-12-14 21:43:57.000000000","message":"Done","commit_id":"dbd2c9670976adcb492c70bb4855cc5d938c5c95"},{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"cf249daa3b4d9fe41298fdabe4c4b2aeed719d22","unresolved":false,"context_lines":[{"line_number":72,"context_line":"        service_auth \u003d ks_loading.load_auth_from_conf_options("},{"line_number":73,"context_line":"                           CONF,"},{"line_number":74,"context_line":"                           group\u003dnova.conf.service_token.SERVICE_USER_GROUP)"},{"line_number":75,"context_line":"        auth \u003d service_token.ServiceTokenAuthWrapper("},{"line_number":76,"context_line":"                   user_auth\u003duser_auth,"},{"line_number":77,"context_line":"                   service_auth\u003dservice_auth)"},{"line_number":78,"context_line":"    else:"}],"source_content_type":"text/x-python","patch_set":7,"id":"da4df55a_bce955b9","line":75,"range":{"start_line":75,"start_character":29,"end_line":75,"end_character":52},"updated":"2016-12-28 20:48:57.000000000","message":"Just a note to myself, this was added in keystoneauth1 2.16.0:\n\nhttps://github.com/openstack/keystoneauth/commit/e69cff86548771256b62c156bbd0c237e3ebca0e\n\nWhich is also the minimum for ksa in global-requirements:\n\nhttp://git.openstack.org/cgit/openstack/requirements/tree/global-requirements.txt#n80\n\nSo we\u0027re good there.","commit_id":"9825123d322ec071e753e095acaa7e91c143af67"},{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"84a70705fa0b09dc834561403786c5bbe65b0efb","unresolved":false,"context_lines":[{"line_number":58,"context_line":""},{"line_number":59,"context_line":"def _get_auth_plugin(context):"},{"line_number":60,"context_line":"    user_auth \u003d context.get_auth_plugin()"},{"line_number":61,"context_line":"    if not user_auth:"},{"line_number":62,"context_line":"        raise exception.Unauthorized()"},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"    if CONF.service_user.send_service_user_token:"}],"source_content_type":"text/x-python","patch_set":11,"id":"ba5201f7_361ba382","line":61,"range":{"start_line":61,"start_character":4,"end_line":61,"end_character":21},"updated":"2017-01-06 22:34:03.000000000","message":"nit: I\u0027m not really sure why we need to have a specific check for this, we didn\u0027t before. KSA will fail if there is no auth plugin.","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"79e59241de1eecaf6211d78e4b7b950e89fc9f5e","unresolved":false,"context_lines":[{"line_number":58,"context_line":""},{"line_number":59,"context_line":"def _get_auth_plugin(context):"},{"line_number":60,"context_line":"    user_auth \u003d context.get_auth_plugin()"},{"line_number":61,"context_line":"    if not user_auth:"},{"line_number":62,"context_line":"        raise exception.Unauthorized()"},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"    if CONF.service_user.send_service_user_token:"}],"source_content_type":"text/x-python","patch_set":11,"id":"ba5201f7_ec2bd692","line":61,"range":{"start_line":61,"start_character":4,"end_line":61,"end_character":21},"in_reply_to":"ba5201f7_361ba382","updated":"2017-01-09 18:21:33.000000000","message":"Done","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"d7a6257a2126d3931d25cbf24aa9e5f732890eda","unresolved":false,"context_lines":[{"line_number":58,"context_line":""},{"line_number":59,"context_line":"def _get_auth_plugin(context):"},{"line_number":60,"context_line":"    user_auth \u003d context.get_auth_plugin()"},{"line_number":61,"context_line":"    if not user_auth:"},{"line_number":62,"context_line":"        raise exception.Unauthorized()"},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"    if CONF.service_user.send_service_user_token:"}],"source_content_type":"text/x-python","patch_set":11,"id":"ba5201f7_53c3b638","line":61,"range":{"start_line":61,"start_character":4,"end_line":61,"end_character":21},"in_reply_to":"ba5201f7_361ba382","updated":"2017-01-09 09:56:43.000000000","message":"This is to make it consistent with Neutron I think, but honestly, we are better dropping this here and in the neutron bit.","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"79e59241de1eecaf6211d78e4b7b950e89fc9f5e","unresolved":false,"context_lines":[{"line_number":58,"context_line":""},{"line_number":59,"context_line":"def _get_auth_plugin(context):"},{"line_number":60,"context_line":"    user_auth \u003d context.get_auth_plugin()"},{"line_number":61,"context_line":"    if not user_auth:"},{"line_number":62,"context_line":"        raise exception.Unauthorized()"},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"    if CONF.service_user.send_service_user_token:"}],"source_content_type":"text/x-python","patch_set":11,"id":"ba5201f7_0c173a55","line":61,"range":{"start_line":61,"start_character":4,"end_line":61,"end_character":21},"in_reply_to":"ba5201f7_53c3b638","updated":"2017-01-09 18:21:33.000000000","message":"Done","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"77330d5986813dd3f37c2acf4594bf6240c83f8b","unresolved":false,"context_lines":[{"line_number":60,"context_line":"    user_auth \u003d context.get_auth_plugin()"},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"    if CONF.service_user.send_service_user_token:"},{"line_number":63,"context_line":"        service_auth \u003d ks_loading.load_auth_from_conf_options("},{"line_number":64,"context_line":"                           CONF,"},{"line_number":65,"context_line":"                           group\u003dnova.conf.service_token.SERVICE_USER_GROUP)"},{"line_number":66,"context_line":"        return service_token.ServiceTokenAuthWrapper("},{"line_number":67,"context_line":"                   user_auth\u003duser_auth,"},{"line_number":68,"context_line":"                   service_auth\u003dservice_auth)"}],"source_content_type":"text/x-python","patch_set":12,"id":"ba5201f7_d32a102c","line":65,"range":{"start_line":63,"start_character":0,"end_line":65,"end_character":76},"updated":"2017-01-10 09:56:04.000000000","message":"I think we have to cache this, just like the _SESSION object, to ensure we cache the tokens correctly.","commit_id":"dd7e3b4d731bcc3e87a2630009b3dee166c10497"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"e9cc7a3f5a0e935d2380fd626d89a0a378f61595","unresolved":false,"context_lines":[{"line_number":60,"context_line":"    user_auth \u003d context.get_auth_plugin()"},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"    if CONF.service_user.send_service_user_token:"},{"line_number":63,"context_line":"        service_auth \u003d ks_loading.load_auth_from_conf_options("},{"line_number":64,"context_line":"                           CONF,"},{"line_number":65,"context_line":"                           group\u003dnova.conf.service_token.SERVICE_USER_GROUP)"},{"line_number":66,"context_line":"        return service_token.ServiceTokenAuthWrapper("},{"line_number":67,"context_line":"                   user_auth\u003duser_auth,"},{"line_number":68,"context_line":"                   service_auth\u003dservice_auth)"}],"source_content_type":"text/x-python","patch_set":12,"id":"ba5201f7_f33e3428","line":65,"range":{"start_line":63,"start_character":0,"end_line":65,"end_character":76},"in_reply_to":"ba5201f7_d32a102c","updated":"2017-01-10 09:59:13.000000000","message":"Thinking about it, we will want to put this code in some shared location where we can keep a single cache of this object.\n\nI am tempted to say we put this in a new nova/service_auth.py maybe?","commit_id":"dd7e3b4d731bcc3e87a2630009b3dee166c10497"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"7bfbf2a80b21e1672d897caf546dc37eb25d2ae0","unresolved":false,"context_lines":[{"line_number":60,"context_line":"    user_auth \u003d context.get_auth_plugin()"},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"    if CONF.service_user.send_service_user_token:"},{"line_number":63,"context_line":"        service_auth \u003d ks_loading.load_auth_from_conf_options("},{"line_number":64,"context_line":"                           CONF,"},{"line_number":65,"context_line":"                           group\u003dnova.conf.service_token.SERVICE_USER_GROUP)"},{"line_number":66,"context_line":"        return service_token.ServiceTokenAuthWrapper("},{"line_number":67,"context_line":"                   user_auth\u003duser_auth,"},{"line_number":68,"context_line":"                   service_auth\u003dservice_auth)"}],"source_content_type":"text/x-python","patch_set":12,"id":"ba5201f7_b59aadc3","line":65,"range":{"start_line":63,"start_character":0,"end_line":65,"end_character":76},"in_reply_to":"ba5201f7_f33e3428","updated":"2017-01-10 22:19:22.000000000","message":"Done","commit_id":"dd7e3b4d731bcc3e87a2630009b3dee166c10497"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"56507efeaf677476e604c37501db357f167dab47","unresolved":false,"context_lines":[{"line_number":60,"context_line":"    user_auth \u003d context.get_auth_plugin()"},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"    if CONF.service_user.send_service_user_token:"},{"line_number":63,"context_line":"        service_auth \u003d ks_loading.load_auth_from_conf_options("},{"line_number":64,"context_line":"                           CONF,"},{"line_number":65,"context_line":"                           group\u003dnova.conf.service_token.SERVICE_USER_GROUP)"},{"line_number":66,"context_line":"        return service_token.ServiceTokenAuthWrapper("},{"line_number":67,"context_line":"                   user_auth\u003duser_auth,"},{"line_number":68,"context_line":"                   service_auth\u003dservice_auth)"}],"source_content_type":"text/x-python","patch_set":12,"id":"ba5201f7_7afe7faf","line":65,"range":{"start_line":63,"start_character":0,"end_line":65,"end_character":76},"in_reply_to":"ba5201f7_f33e3428","updated":"2017-01-10 17:20:36.000000000","message":"Yea nova/service_auth.py seems reasonable location.","commit_id":"dd7e3b4d731bcc3e87a2630009b3dee166c10497"}],"releasenotes/notes/validate-expired-user-tokens-57a265cb4ee4ba6f.yaml":[{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"0d2c9db25edbf1ed17c5ee0f3229c5a57ab58f90","unresolved":false,"context_lines":[{"line_number":3,"context_line":"  - Added support for Keystone feature where if service token is sent along"},{"line_number":4,"context_line":"    with the user token,then it will ignore the expiration of user token. It"},{"line_number":5,"context_line":"    stop issues with user tokens expiring during long running operations, such"},{"line_number":6,"context_line":"    as live-migration and snapshots."},{"line_number":7,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":8,"id":"ba5201f7_4224105f","line":6,"range":{"start_line":6,"start_character":26,"end_line":6,"end_character":35},"updated":"2017-01-05 20:37:53.000000000","message":"This is not supported yet. Maybe I should add a reno with last patch in the series explaining where we can send the service tokens and delete it from here?","commit_id":"5f2a064b8d9564b36447259302d9415fc5a26ca8"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"d7a6257a2126d3931d25cbf24aa9e5f732890eda","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - Added support for Keystone feature where if service token is sent along"},{"line_number":4,"context_line":"    with the user token,then it will ignore the expiration of user token. It"},{"line_number":5,"context_line":"    stop issues with user tokens expiring during long running operations."},{"line_number":6,"context_line":"    In order to use this functionality a service user need to be created"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"ba5201f7_33ac7235","line":3,"range":{"start_line":3,"start_character":22,"end_line":3,"end_character":30},"updated":"2017-01-09 09:56:43.000000000","message":"Keystone middlewear feature?","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"79e59241de1eecaf6211d78e4b7b950e89fc9f5e","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - Added support for Keystone feature where if service token is sent along"},{"line_number":4,"context_line":"    with the user token,then it will ignore the expiration of user token. It"},{"line_number":5,"context_line":"    stop issues with user tokens expiring during long running operations."},{"line_number":6,"context_line":"    In order to use this functionality a service user need to be created"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"ba5201f7_4c11425d","line":3,"range":{"start_line":3,"start_character":22,"end_line":3,"end_character":30},"in_reply_to":"ba5201f7_33ac7235","updated":"2017-01-09 18:21:33.000000000","message":"Done","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"84a70705fa0b09dc834561403786c5bbe65b0efb","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - Added support for Keystone feature where if service token is sent along"},{"line_number":4,"context_line":"    with the user token,then it will ignore the expiration of user token. It"},{"line_number":5,"context_line":"    stop issues with user tokens expiring during long running operations."},{"line_number":6,"context_line":"    In order to use this functionality a service user need to be created"},{"line_number":7,"context_line":"    in. Add service user configurations in ``nova.conf`` under"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"ba5201f7_96d36fd4","line":4,"range":{"start_line":4,"start_character":24,"end_line":4,"end_character":28},"updated":"2017-01-06 22:34:03.000000000","message":"need a space before this","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"79e59241de1eecaf6211d78e4b7b950e89fc9f5e","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - Added support for Keystone feature where if service token is sent along"},{"line_number":4,"context_line":"    with the user token,then it will ignore the expiration of user token. It"},{"line_number":5,"context_line":"    stop issues with user tokens expiring during long running operations."},{"line_number":6,"context_line":"    In order to use this functionality a service user need to be created"},{"line_number":7,"context_line":"    in. Add service user configurations in ``nova.conf`` under"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"ba5201f7_6c160657","line":4,"range":{"start_line":4,"start_character":24,"end_line":4,"end_character":28},"in_reply_to":"ba5201f7_96d36fd4","updated":"2017-01-09 18:21:33.000000000","message":"Done","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"84a70705fa0b09dc834561403786c5bbe65b0efb","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - Added support for Keystone feature where if service token is sent along"},{"line_number":4,"context_line":"    with the user token,then it will ignore the expiration of user token. It"},{"line_number":5,"context_line":"    stop issues with user tokens expiring during long running operations."},{"line_number":6,"context_line":"    In order to use this functionality a service user need to be created"},{"line_number":7,"context_line":"    in. Add service user configurations in ``nova.conf`` under"},{"line_number":8,"context_line":"    ``service_user`` group and set ``send_service_user_token`` flag to"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"ba5201f7_96ea8f72","line":5,"range":{"start_line":4,"start_character":74,"end_line":5,"end_character":8},"updated":"2017-01-06 22:34:03.000000000","message":"We should reword this, maybe \u0027This helps deal with issues of user tokens expiring during long running operations, such as...\u0027.\n\nAlthough in this particular patch I\u0027m not sure what the \u0027such as\u0027 example would be for nova/cinder interaction - maybe boot from volume where nova is creating the volume for the root disk and waiting for it to become available before attaching it?","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"79e59241de1eecaf6211d78e4b7b950e89fc9f5e","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - Added support for Keystone feature where if service token is sent along"},{"line_number":4,"context_line":"    with the user token,then it will ignore the expiration of user token. It"},{"line_number":5,"context_line":"    stop issues with user tokens expiring during long running operations."},{"line_number":6,"context_line":"    In order to use this functionality a service user need to be created"},{"line_number":7,"context_line":"    in. Add service user configurations in ``nova.conf`` under"},{"line_number":8,"context_line":"    ``service_user`` group and set ``send_service_user_token`` flag to"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"ba5201f7_8c0b2a2b","line":5,"range":{"start_line":4,"start_character":74,"end_line":5,"end_character":8},"in_reply_to":"ba5201f7_96ea8f72","updated":"2017-01-09 18:21:33.000000000","message":"Done","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"d7a6257a2126d3931d25cbf24aa9e5f732890eda","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - Added support for Keystone feature where if service token is sent along"},{"line_number":4,"context_line":"    with the user token,then it will ignore the expiration of user token. It"},{"line_number":5,"context_line":"    stop issues with user tokens expiring during long running operations."},{"line_number":6,"context_line":"    In order to use this functionality a service user need to be created"},{"line_number":7,"context_line":"    in. Add service user configurations in ``nova.conf`` under"},{"line_number":8,"context_line":"    ``service_user`` group and set ``send_service_user_token`` flag to"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"ba5201f7_f3a2ea4a","line":5,"range":{"start_line":4,"start_character":74,"end_line":5,"end_character":8},"in_reply_to":"ba5201f7_96ea8f72","updated":"2017-01-09 09:56:43.000000000","message":"Yeah, polling is a reasonable example.\n\nAn example people hit in production is during a long live-migration, you need to access Cinder at the end of the operation using the user\u0027s token, (particularly when doing block migration), its very possible for that user token to have expired.","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"79e59241de1eecaf6211d78e4b7b950e89fc9f5e","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - Added support for Keystone feature where if service token is sent along"},{"line_number":4,"context_line":"    with the user token,then it will ignore the expiration of user token. It"},{"line_number":5,"context_line":"    stop issues with user tokens expiring during long running operations."},{"line_number":6,"context_line":"    In order to use this functionality a service user need to be created"},{"line_number":7,"context_line":"    in. Add service user configurations in ``nova.conf`` under"},{"line_number":8,"context_line":"    ``service_user`` group and set ``send_service_user_token`` flag to"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"ba5201f7_ac08ee2e","line":5,"range":{"start_line":4,"start_character":74,"end_line":5,"end_character":8},"in_reply_to":"ba5201f7_f3a2ea4a","updated":"2017-01-09 18:21:33.000000000","message":"Done","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"84a70705fa0b09dc834561403786c5bbe65b0efb","unresolved":false,"context_lines":[{"line_number":3,"context_line":"  - Added support for Keystone feature where if service token is sent along"},{"line_number":4,"context_line":"    with the user token,then it will ignore the expiration of user token. It"},{"line_number":5,"context_line":"    stop issues with user tokens expiring during long running operations."},{"line_number":6,"context_line":"    In order to use this functionality a service user need to be created"},{"line_number":7,"context_line":"    in. Add service user configurations in ``nova.conf`` under"},{"line_number":8,"context_line":"    ``service_user`` group and set ``send_service_user_token`` flag to"},{"line_number":9,"context_line":"    ``True``. Minimum Keytone API version that support this functionality is"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"ba5201f7_d6009736","line":6,"range":{"start_line":6,"start_character":54,"end_line":6,"end_character":58},"updated":"2017-01-06 22:34:03.000000000","message":"needs","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"79e59241de1eecaf6211d78e4b7b950e89fc9f5e","unresolved":false,"context_lines":[{"line_number":3,"context_line":"  - Added support for Keystone feature where if service token is sent along"},{"line_number":4,"context_line":"    with the user token,then it will ignore the expiration of user token. It"},{"line_number":5,"context_line":"    stop issues with user tokens expiring during long running operations."},{"line_number":6,"context_line":"    In order to use this functionality a service user need to be created"},{"line_number":7,"context_line":"    in. Add service user configurations in ``nova.conf`` under"},{"line_number":8,"context_line":"    ``service_user`` group and set ``send_service_user_token`` flag to"},{"line_number":9,"context_line":"    ``True``. Minimum Keytone API version that support this functionality is"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"ba5201f7_cc053215","line":6,"range":{"start_line":6,"start_character":54,"end_line":6,"end_character":58},"in_reply_to":"ba5201f7_d6009736","updated":"2017-01-09 18:21:33.000000000","message":"Done","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"84a70705fa0b09dc834561403786c5bbe65b0efb","unresolved":false,"context_lines":[{"line_number":4,"context_line":"    with the user token,then it will ignore the expiration of user token. It"},{"line_number":5,"context_line":"    stop issues with user tokens expiring during long running operations."},{"line_number":6,"context_line":"    In order to use this functionality a service user need to be created"},{"line_number":7,"context_line":"    in. Add service user configurations in ``nova.conf`` under"},{"line_number":8,"context_line":"    ``service_user`` group and set ``send_service_user_token`` flag to"},{"line_number":9,"context_line":"    ``True``. Minimum Keytone API version that support this functionality is"},{"line_number":10,"context_line":"    3.8."}],"source_content_type":"text/x-yaml","patch_set":11,"id":"ba5201f7_f6fbdb44","line":7,"range":{"start_line":7,"start_character":4,"end_line":7,"end_character":6},"updated":"2017-01-06 22:34:03.000000000","message":"drop \u0027in\u0027?","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"79e59241de1eecaf6211d78e4b7b950e89fc9f5e","unresolved":false,"context_lines":[{"line_number":4,"context_line":"    with the user token,then it will ignore the expiration of user token. It"},{"line_number":5,"context_line":"    stop issues with user tokens expiring during long running operations."},{"line_number":6,"context_line":"    In order to use this functionality a service user need to be created"},{"line_number":7,"context_line":"    in. Add service user configurations in ``nova.conf`` under"},{"line_number":8,"context_line":"    ``service_user`` group and set ``send_service_user_token`` flag to"},{"line_number":9,"context_line":"    ``True``. Minimum Keytone API version that support this functionality is"},{"line_number":10,"context_line":"    3.8."}],"source_content_type":"text/x-yaml","patch_set":11,"id":"ba5201f7_ec02f60a","line":7,"range":{"start_line":7,"start_character":4,"end_line":7,"end_character":6},"in_reply_to":"ba5201f7_f6fbdb44","updated":"2017-01-09 18:21:33.000000000","message":"Done","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"84a70705fa0b09dc834561403786c5bbe65b0efb","unresolved":false,"context_lines":[{"line_number":6,"context_line":"    In order to use this functionality a service user need to be created"},{"line_number":7,"context_line":"    in. Add service user configurations in ``nova.conf`` under"},{"line_number":8,"context_line":"    ``service_user`` group and set ``send_service_user_token`` flag to"},{"line_number":9,"context_line":"    ``True``. Minimum Keytone API version that support this functionality is"},{"line_number":10,"context_line":"    3.8."},{"line_number":11,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":11,"id":"ba5201f7_36bf2362","line":9,"range":{"start_line":9,"start_character":14,"end_line":9,"end_character":21},"updated":"2017-01-06 22:34:03.000000000","message":"The minimum Keystone API version...\n\n--\n\nWe might to also point out that it\u0027s not a failure if you configure nova to use this and Keystone isn\u0027t upgraded yet, it\u0027s just that the feature doesn\u0027t work until Keystone is upgraded.","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"84a70705fa0b09dc834561403786c5bbe65b0efb","unresolved":false,"context_lines":[{"line_number":6,"context_line":"    In order to use this functionality a service user need to be created"},{"line_number":7,"context_line":"    in. Add service user configurations in ``nova.conf`` under"},{"line_number":8,"context_line":"    ``service_user`` group and set ``send_service_user_token`` flag to"},{"line_number":9,"context_line":"    ``True``. Minimum Keytone API version that support this functionality is"},{"line_number":10,"context_line":"    3.8."},{"line_number":11,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":11,"id":"ba5201f7_569bc717","line":9,"range":{"start_line":9,"start_character":47,"end_line":9,"end_character":54},"updated":"2017-01-06 22:34:03.000000000","message":"supports","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"79e59241de1eecaf6211d78e4b7b950e89fc9f5e","unresolved":false,"context_lines":[{"line_number":6,"context_line":"    In order to use this functionality a service user need to be created"},{"line_number":7,"context_line":"    in. Add service user configurations in ``nova.conf`` under"},{"line_number":8,"context_line":"    ``service_user`` group and set ``send_service_user_token`` flag to"},{"line_number":9,"context_line":"    ``True``. Minimum Keytone API version that support this functionality is"},{"line_number":10,"context_line":"    3.8."},{"line_number":11,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":11,"id":"ba5201f7_1f03da0e","line":9,"range":{"start_line":9,"start_character":14,"end_line":9,"end_character":21},"in_reply_to":"ba5201f7_36bf2362","updated":"2017-01-09 18:21:33.000000000","message":"Done","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"d7a6257a2126d3931d25cbf24aa9e5f732890eda","unresolved":false,"context_lines":[{"line_number":6,"context_line":"    In order to use this functionality a service user need to be created"},{"line_number":7,"context_line":"    in. Add service user configurations in ``nova.conf`` under"},{"line_number":8,"context_line":"    ``service_user`` group and set ``send_service_user_token`` flag to"},{"line_number":9,"context_line":"    ``True``. Minimum Keytone API version that support this functionality is"},{"line_number":10,"context_line":"    3.8."},{"line_number":11,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":11,"id":"ba5201f7_33cd525e","line":9,"range":{"start_line":9,"start_character":47,"end_line":9,"end_character":54},"in_reply_to":"ba5201f7_569bc717","updated":"2017-01-09 09:56:43.000000000","message":"Good point, its only a requirement when you turn this feature on.","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"2b67d3075d67f1966bf21fe55dae0064cddeae0a","unresolved":false,"context_lines":[{"line_number":7,"context_line":"    in. Add service user configurations in ``nova.conf`` under"},{"line_number":8,"context_line":"    ``service_user`` group and set ``send_service_user_token`` flag to"},{"line_number":9,"context_line":"    ``True``. Minimum Keytone API version that support this functionality is"},{"line_number":10,"context_line":"    3.8."},{"line_number":11,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":11,"id":"ba5201f7_16391cd9","line":10,"updated":"2017-01-09 09:59:18.000000000","message":"Oh, we should probably mention you need to upgrade to keystone middleware version 4.12.0 or later.","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"79e59241de1eecaf6211d78e4b7b950e89fc9f5e","unresolved":false,"context_lines":[{"line_number":7,"context_line":"    in. Add service user configurations in ``nova.conf`` under"},{"line_number":8,"context_line":"    ``service_user`` group and set ``send_service_user_token`` flag to"},{"line_number":9,"context_line":"    ``True``. Minimum Keytone API version that support this functionality is"},{"line_number":10,"context_line":"    3.8."},{"line_number":11,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":11,"id":"ba5201f7_3f089e28","line":10,"in_reply_to":"ba5201f7_16391cd9","updated":"2017-01-09 18:21:33.000000000","message":"Done","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"d7a6257a2126d3931d25cbf24aa9e5f732890eda","unresolved":false,"context_lines":[{"line_number":8,"context_line":"    ``service_user`` group and set ``send_service_user_token`` flag to"},{"line_number":9,"context_line":"    ``True``. Minimum Keytone API version that support this functionality is"},{"line_number":10,"context_line":"    3.8."},{"line_number":11,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":11,"id":"ba5201f7_13884ec6","line":11,"updated":"2017-01-09 09:56:43.000000000","message":"We should note this is only used for Cinder currently, follow on patch can update that.","commit_id":"585964be2c77c29d6e9a5dd6811bbec439601e5b"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"77330d5986813dd3f37c2acf4594bf6240c83f8b","unresolved":false,"context_lines":[{"line_number":9,"context_line":"    Add service user configurations in ``nova.conf`` under"},{"line_number":10,"context_line":"    ``service_user`` group and set ``send_service_user_token`` flag to"},{"line_number":11,"context_line":"    ``True``. The minimum Keytone API version 3.8 and Keystone middleware"},{"line_number":12,"context_line":"    version 4.12.0 is required to use this functionality."},{"line_number":13,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":12,"id":"ba5201f7_53ee20ed","line":12,"updated":"2017-01-10 09:56:04.000000000","message":"We should note this currently only works when calling the Cinder API.","commit_id":"dd7e3b4d731bcc3e87a2630009b3dee166c10497"},{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"a25fed6393fd1106c25f0dd0342f9fcdd899cc72","unresolved":false,"context_lines":[{"line_number":8,"context_line":"    In order to use this functionality a service user needs to be created."},{"line_number":9,"context_line":"    Add service user configurations in ``nova.conf`` under"},{"line_number":10,"context_line":"    ``service_user`` group and set ``send_service_user_token`` flag to"},{"line_number":11,"context_line":"    ``True``. The minimum Keytone API version 3.8 and Keystone middleware"},{"line_number":12,"context_line":"    version 4.12.0 is required to use this functionality."},{"line_number":13,"context_line":"    This only works with Nova - Cinder API interactions."},{"line_number":14,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":13,"id":"ba5201f7_a9cb1552","line":12,"range":{"start_line":11,"start_character":50,"end_line":12,"end_character":57},"updated":"2017-01-11 15:17:27.000000000","message":"nit: we don\u0027t need to really mention this since nova already requires keystonemiddleware\u003e\u003d4.12.0:\n\nhttps://github.com/openstack/nova/blob/master/requirements.txt#L10\n\nBut it\u0027s fine to leave this in.","commit_id":"6cd7ad699857febde95f272077c7ef33af443d7a"},{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"a25fed6393fd1106c25f0dd0342f9fcdd899cc72","unresolved":false,"context_lines":[{"line_number":10,"context_line":"    ``service_user`` group and set ``send_service_user_token`` flag to"},{"line_number":11,"context_line":"    ``True``. The minimum Keytone API version 3.8 and Keystone middleware"},{"line_number":12,"context_line":"    version 4.12.0 is required to use this functionality."},{"line_number":13,"context_line":"    This only works with Nova - Cinder API interactions."},{"line_number":14,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":13,"id":"ba5201f7_69e4cddf","line":13,"range":{"start_line":13,"start_character":4,"end_line":13,"end_character":56},"updated":"2017-01-11 15:17:27.000000000","message":"I would say this only currently works with nova - cinder API interactions - the \u0027currently\u0027 is the key word.","commit_id":"6cd7ad699857febde95f272077c7ef33af443d7a"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"5a99e066b293b5f9b8b95e8ceb2dd87793e140f4","unresolved":false,"context_lines":[{"line_number":10,"context_line":"    ``service_user`` group and set ``send_service_user_token`` flag to"},{"line_number":11,"context_line":"    ``True``. The minimum Keytone API version 3.8 and Keystone middleware"},{"line_number":12,"context_line":"    version 4.12.0 is required to use this functionality."},{"line_number":13,"context_line":"    This only works with Nova - Cinder API interactions."},{"line_number":14,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":13,"id":"ba5201f7_0fa8a176","line":13,"range":{"start_line":13,"start_character":4,"end_line":13,"end_character":56},"in_reply_to":"ba5201f7_69e4cddf","updated":"2017-01-11 15:50:09.000000000","message":"Done","commit_id":"6cd7ad699857febde95f272077c7ef33af443d7a"},{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"22e6903620cf1de5ed0b4ba091fa9d173654e933","unresolved":false,"context_lines":[{"line_number":10,"context_line":"    ``service_user`` group and set ``send_service_user_token`` flag to"},{"line_number":11,"context_line":"    ``True``. The minimum Keytone API version 3.8 and Keystone middleware"},{"line_number":12,"context_line":"    version 4.12.0 is required to use this functionality."},{"line_number":13,"context_line":"    This only currently works with nova - cinder API interactions."},{"line_number":14,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":14,"id":"ba5201f7_d53d462c","line":13,"range":{"start_line":13,"start_character":35,"end_line":13,"end_character":48},"updated":"2017-01-11 16:24:43.000000000","message":"nit: if you have to respin I\u0027d go back to capitalizing these, sorry for the confusion.","commit_id":"9e54b29c4f0e3841a33106cb681dbea6afd99f02"}]}