)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"4045e70682ef95b40aa3006833b6db31903b204f","unresolved":false,"context_lines":[{"line_number":11,"context_line":""},{"line_number":12,"context_line":"This change addresses adding service_token to the request when nova"},{"line_number":13,"context_line":"requests neutron session."},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"Change-Id: I5e6d6dfeda3673d38bab0bc692c50ca74eb90fc1"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"1a6eadb0_a9216e4f","line":14,"updated":"2016-12-14 17:50:00.000000000","message":"We are missing the blueprint here.","commit_id":"b16feaf0e00e06708fd6701c27d4defec42ce210"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"4d72aece24403ca027f498f952aef77c64b14a43","unresolved":false,"context_lines":[{"line_number":11,"context_line":""},{"line_number":12,"context_line":"This change addresses adding service_token to the request when nova"},{"line_number":13,"context_line":"requests neutron session."},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"Change-Id: I5e6d6dfeda3673d38bab0bc692c50ca74eb90fc1"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"1a6eadb0_a2d94d24","line":14,"in_reply_to":"1a6eadb0_a9216e4f","updated":"2016-12-15 18:07:23.000000000","message":"Done","commit_id":"b16feaf0e00e06708fd6701c27d4defec42ce210"}],"nova/network/neutronv2/api.py":[{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"4045e70682ef95b40aa3006833b6db31903b204f","unresolved":false,"context_lines":[{"line_number":137,"context_line":"        auth_plugin \u003d _ADMIN_AUTH"},{"line_number":138,"context_line":""},{"line_number":139,"context_line":"    elif context.auth_token:"},{"line_number":140,"context_line":"        if CONF.service_user.send_service_user_token:"},{"line_number":141,"context_line":"            service_auth \u003d ks_loading.load_auth_from_conf_options("},{"line_number":142,"context_line":"                CONF,"},{"line_number":143,"context_line":"                group\u003dnova.conf.service_token.SERVICE_USER_GROUP)"}],"source_content_type":"text/x-python","patch_set":1,"id":"1a6eadb0_a9732e7f","line":140,"updated":"2016-12-14 17:50:00.000000000","message":"Nit: This is correct, but I think the intent is clearer if we refactor it to something like this (makes it clear its about if we wrap the user_auth or not:\n\n   user_auth \u003d context.get_auth_plugin()\n   if CONF.service_user.send_service_user_token:\n            service_auth \u003d ks_loading.load_auth_from_conf_options(\n                CONF,\n                group\u003dnova.conf.service_token.SERVICE_USER_GROUP)\n            auth_plugin \u003d service_token.ServiceTokenAuthWrapper(\n                user_auth\u003duser_auth,\n                service_auth\u003dservice_auth)\n    else:\n            auth_plugin \u003d user_auth\n\nAlthough thats a bit more ugly, so maybe thats the wrong way to go.","commit_id":"b16feaf0e00e06708fd6701c27d4defec42ce210"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"4d72aece24403ca027f498f952aef77c64b14a43","unresolved":false,"context_lines":[{"line_number":137,"context_line":"        auth_plugin \u003d _ADMIN_AUTH"},{"line_number":138,"context_line":""},{"line_number":139,"context_line":"    elif context.auth_token:"},{"line_number":140,"context_line":"        if CONF.service_user.send_service_user_token:"},{"line_number":141,"context_line":"            service_auth \u003d ks_loading.load_auth_from_conf_options("},{"line_number":142,"context_line":"                CONF,"},{"line_number":143,"context_line":"                group\u003dnova.conf.service_token.SERVICE_USER_GROUP)"}],"source_content_type":"text/x-python","patch_set":1,"id":"1a6eadb0_c2d649f0","line":140,"in_reply_to":"1a6eadb0_a9732e7f","updated":"2016-12-15 18:07:23.000000000","message":"Done","commit_id":"b16feaf0e00e06708fd6701c27d4defec42ce210"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"4045e70682ef95b40aa3006833b6db31903b204f","unresolved":false,"context_lines":[{"line_number":149,"context_line":"        else:"},{"line_number":150,"context_line":"            auth_plugin \u003d context.get_auth_plugin()"},{"line_number":151,"context_line":""},{"line_number":152,"context_line":"    if not auth_plugin:"},{"line_number":153,"context_line":"        # We did not get a user token and we should not be using"},{"line_number":154,"context_line":"        # an admin token so log an error"},{"line_number":155,"context_line":"        raise exception.Unauthorized()"},{"line_number":156,"context_line":""},{"line_number":157,"context_line":"    return ClientWrapper("},{"line_number":158,"context_line":"        clientv20.Client(session\u003d_SESSION,"}],"source_content_type":"text/x-python","patch_set":1,"id":"1a6eadb0_c9d94a85","line":155,"range":{"start_line":152,"start_character":0,"end_line":155,"end_character":38},"updated":"2016-12-14 17:50:00.000000000","message":"Something tells me this actually only relates to the \"if not context.auth_token\" case.\n\nWe have lost that clear link here, as it gets more complicated.\n\nCan we do:\n\n  elif not context.auth_token:\n        # We did not get a user token and we should not be using\n        # an admin token so log an error\n        raise exception.Unauthorized()\n  else:\n      ...","commit_id":"b16feaf0e00e06708fd6701c27d4defec42ce210"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"4d72aece24403ca027f498f952aef77c64b14a43","unresolved":false,"context_lines":[{"line_number":149,"context_line":"        else:"},{"line_number":150,"context_line":"            auth_plugin \u003d context.get_auth_plugin()"},{"line_number":151,"context_line":""},{"line_number":152,"context_line":"    if not auth_plugin:"},{"line_number":153,"context_line":"        # We did not get a user token and we should not be using"},{"line_number":154,"context_line":"        # an admin token so log an error"},{"line_number":155,"context_line":"        raise exception.Unauthorized()"},{"line_number":156,"context_line":""},{"line_number":157,"context_line":"    return ClientWrapper("},{"line_number":158,"context_line":"        clientv20.Client(session\u003d_SESSION,"}],"source_content_type":"text/x-python","patch_set":1,"id":"1a6eadb0_e22c2504","line":155,"range":{"start_line":152,"start_character":0,"end_line":155,"end_character":38},"in_reply_to":"1a6eadb0_c9d94a85","updated":"2016-12-15 18:07:23.000000000","message":"This should work fine as it is, but I don\u0027t have any preference so will change it.","commit_id":"b16feaf0e00e06708fd6701c27d4defec42ce210"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"174f76936c50ebffd88d394830c0a156bc452a52","unresolved":false,"context_lines":[{"line_number":121,"context_line":"    user_auth \u003d context.get_auth_plugin()"},{"line_number":122,"context_line":""},{"line_number":123,"context_line":"    if CONF.service_user.send_service_user_token:"},{"line_number":124,"context_line":"        service_auth \u003d ks_loading.load_auth_from_conf_options("},{"line_number":125,"context_line":"                           CONF,"},{"line_number":126,"context_line":"                           group\u003dnova.conf.service_token.SERVICE_USER_GROUP)"},{"line_number":127,"context_line":"        return service_token.ServiceTokenAuthWrapper("},{"line_number":128,"context_line":"                   user_auth\u003duser_auth,"},{"line_number":129,"context_line":"                   service_auth\u003dservice_auth)"}],"source_content_type":"text/x-python","patch_set":8,"id":"ba5201f7_f3947445","line":126,"range":{"start_line":124,"start_character":0,"end_line":126,"end_character":76},"updated":"2017-01-10 09:57:39.000000000","message":"I think we need to cache this, and re-use what we have cached for the Cinder work. To stop generating too many token.s","commit_id":"df6d148cb2b51a92deb1b22fda7e85660d2e03e2"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"6e1fa2c8dca5094d3f369de5265fea8e8fd11b07","unresolved":false,"context_lines":[{"line_number":121,"context_line":"    user_auth \u003d context.get_auth_plugin()"},{"line_number":122,"context_line":""},{"line_number":123,"context_line":"    if CONF.service_user.send_service_user_token:"},{"line_number":124,"context_line":"        service_auth \u003d ks_loading.load_auth_from_conf_options("},{"line_number":125,"context_line":"                           CONF,"},{"line_number":126,"context_line":"                           group\u003dnova.conf.service_token.SERVICE_USER_GROUP)"},{"line_number":127,"context_line":"        return service_token.ServiceTokenAuthWrapper("},{"line_number":128,"context_line":"                   user_auth\u003duser_auth,"},{"line_number":129,"context_line":"                   service_auth\u003dservice_auth)"}],"source_content_type":"text/x-python","patch_set":8,"id":"ba5201f7_f556f504","line":126,"range":{"start_line":124,"start_character":0,"end_line":126,"end_character":76},"in_reply_to":"ba5201f7_f3947445","updated":"2017-01-10 22:19:02.000000000","message":"Done","commit_id":"df6d148cb2b51a92deb1b22fda7e85660d2e03e2"},{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"28c748273a1e0e7a558b0f4dccd0938e9013448b","unresolved":false,"context_lines":[{"line_number":134,"context_line":"        if not _ADMIN_AUTH:"},{"line_number":135,"context_line":"            _ADMIN_AUTH \u003d _load_auth_plugin(CONF)"},{"line_number":136,"context_line":"        auth_plugin \u003d _ADMIN_AUTH"},{"line_number":137,"context_line":""},{"line_number":138,"context_line":"    elif context.auth_token:"},{"line_number":139,"context_line":"        auth_plugin \u003d context.get_auth_plugin()"},{"line_number":140,"context_line":""}],"source_content_type":"text/x-python","patch_set":11,"id":"ba5201f7_dcd8f955","side":"PARENT","line":137,"updated":"2017-01-12 02:05:25.000000000","message":"nit: unrelated change","commit_id":"9e54b29c4f0e3841a33106cb681dbea6afd99f02"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"0a37f32503bf05e25768b6ddecd44637c5faead7","unresolved":false,"context_lines":[{"line_number":134,"context_line":"        if not _ADMIN_AUTH:"},{"line_number":135,"context_line":"            _ADMIN_AUTH \u003d _load_auth_plugin(CONF)"},{"line_number":136,"context_line":"        auth_plugin \u003d _ADMIN_AUTH"},{"line_number":137,"context_line":""},{"line_number":138,"context_line":"    elif context.auth_token:"},{"line_number":139,"context_line":"        auth_plugin \u003d context.get_auth_plugin()"},{"line_number":140,"context_line":""}],"source_content_type":"text/x-python","patch_set":11,"id":"7a3c09a3_4e907396","side":"PARENT","line":137,"in_reply_to":"ba5201f7_dcd8f955","updated":"2017-01-12 20:46:17.000000000","message":"Done","commit_id":"9e54b29c4f0e3841a33106cb681dbea6afd99f02"},{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"28c748273a1e0e7a558b0f4dccd0938e9013448b","unresolved":false,"context_lines":[{"line_number":138,"context_line":"    elif context.auth_token:"},{"line_number":139,"context_line":"        auth_plugin \u003d context.get_auth_plugin()"},{"line_number":140,"context_line":""},{"line_number":141,"context_line":"    if not auth_plugin:"},{"line_number":142,"context_line":"        # We did not get a user token and we should not be using"},{"line_number":143,"context_line":"        # an admin token so log an error"},{"line_number":144,"context_line":"        raise exception.Unauthorized()"}],"source_content_type":"text/x-python","patch_set":11,"id":"ba5201f7_fcd93d57","side":"PARENT","line":141,"updated":"2017-01-12 02:05:25.000000000","message":"nit: this probably didn\u0027t need to change either","commit_id":"9e54b29c4f0e3841a33106cb681dbea6afd99f02"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"0a37f32503bf05e25768b6ddecd44637c5faead7","unresolved":false,"context_lines":[{"line_number":138,"context_line":"    elif context.auth_token:"},{"line_number":139,"context_line":"        auth_plugin \u003d context.get_auth_plugin()"},{"line_number":140,"context_line":""},{"line_number":141,"context_line":"    if not auth_plugin:"},{"line_number":142,"context_line":"        # We did not get a user token and we should not be using"},{"line_number":143,"context_line":"        # an admin token so log an error"},{"line_number":144,"context_line":"        raise exception.Unauthorized()"}],"source_content_type":"text/x-python","patch_set":11,"id":"7a3c09a3_8ee89b18","side":"PARENT","line":141,"in_reply_to":"ba5201f7_fcd93d57","updated":"2017-01-12 20:46:17.000000000","message":"Done","commit_id":"9e54b29c4f0e3841a33106cb681dbea6afd99f02"},{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"28c748273a1e0e7a558b0f4dccd0938e9013448b","unresolved":false,"context_lines":[{"line_number":137,"context_line":"            _ADMIN_AUTH \u003d _load_auth_plugin(CONF)"},{"line_number":138,"context_line":"        auth_plugin \u003d _ADMIN_AUTH"},{"line_number":139,"context_line":"    elif context.auth_token:"},{"line_number":140,"context_line":"        auth_plugin \u003d service_auth.get_auth_plugin(context)"},{"line_number":141,"context_line":"    else:"},{"line_number":142,"context_line":"        # We did not get a user token and we should not be using"},{"line_number":143,"context_line":"        # an admin token so log an error"}],"source_content_type":"text/x-python","patch_set":11,"id":"ba5201f7_5ccc0989","line":140,"updated":"2017-01-12 02:05:25.000000000","message":"Hmm, I\u0027m sort of torn on adding a test for this such that if esnd_service_user_token\u003dTrue in the neutronclient tests that hit this code we know we\u0027re using this method - do we have existing tests that mock out context.get_auth_plugin() which should now mock out service_auth.get_auth_plugin()?","commit_id":"7f59ca1dfd29c642c40653e0a8f32c04359b2447"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"0a37f32503bf05e25768b6ddecd44637c5faead7","unresolved":false,"context_lines":[{"line_number":137,"context_line":"            _ADMIN_AUTH \u003d _load_auth_plugin(CONF)"},{"line_number":138,"context_line":"        auth_plugin \u003d _ADMIN_AUTH"},{"line_number":139,"context_line":"    elif context.auth_token:"},{"line_number":140,"context_line":"        auth_plugin \u003d service_auth.get_auth_plugin(context)"},{"line_number":141,"context_line":"    else:"},{"line_number":142,"context_line":"        # We did not get a user token and we should not be using"},{"line_number":143,"context_line":"        # an admin token so log an error"}],"source_content_type":"text/x-python","patch_set":11,"id":"7a3c09a3_aeed5727","line":140,"in_reply_to":"ba5201f7_5ccc0989","updated":"2017-01-12 20:46:17.000000000","message":"Done","commit_id":"7f59ca1dfd29c642c40653e0a8f32c04359b2447"}],"releasenotes/notes/validate-expired-user-tokens-57a265cb4ee4ba6f.yaml":[{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"174f76936c50ebffd88d394830c0a156bc452a52","unresolved":false,"context_lines":[{"line_number":9,"context_line":"    be created. Add service user configurations in ``nova.conf`` under"},{"line_number":10,"context_line":"    ``service_user`` group and set ``send_service_user_token`` flag to"},{"line_number":11,"context_line":"    ``True``. The minimum Keytone API version 3.8 and Keystone middleware"},{"line_number":12,"context_line":"    version 4.12.0 is required to use this functionality."},{"line_number":13,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":8,"id":"ba5201f7_d3b4d0d2","line":12,"updated":"2017-01-10 09:57:39.000000000","message":"I think its clearer to list what services this is currently used for down the bottom here.\n\nThe above looks like just an example (its a good example though).","commit_id":"df6d148cb2b51a92deb1b22fda7e85660d2e03e2"},{"author":{"_account_id":19590,"name":"Sarafraj Singh","email":"Sarafraj.Singh@intel.com","username":"sarafrajsingh"},"change_message_id":"6e1fa2c8dca5094d3f369de5265fea8e8fd11b07","unresolved":false,"context_lines":[{"line_number":9,"context_line":"    be created. Add service user configurations in ``nova.conf`` under"},{"line_number":10,"context_line":"    ``service_user`` group and set ``send_service_user_token`` flag to"},{"line_number":11,"context_line":"    ``True``. The minimum Keytone API version 3.8 and Keystone middleware"},{"line_number":12,"context_line":"    version 4.12.0 is required to use this functionality."},{"line_number":13,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":8,"id":"ba5201f7_d57651a2","line":12,"in_reply_to":"ba5201f7_d3b4d0d2","updated":"2017-01-10 22:19:02.000000000","message":"Done","commit_id":"df6d148cb2b51a92deb1b22fda7e85660d2e03e2"}]}