)]}'
{"etc/octavia.conf":[{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"fd6afc37ad742e6f38cf7cf2b2e946f9acbbd6a5","unresolved":false,"context_lines":[{"line_number":77,"context_line":"# default_pool_tls_versions \u003d TLSv1.2, TLSv1.3"},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"# Minimum TLS version to allow for listeners, pools, or the defaults for"},{"line_number":80,"context_line":"# either.  Available versions: SSLv3, TLSv1, TLSv1.1, TLSv1.2"},{"line_number":81,"context_line":"# minimum_tls_version \u003d TLSv1.2"},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"[database]"}],"source_content_type":"text/plain","patch_set":2,"id":"ff570b3c_bab47fd2","line":80,"updated":"2020-05-18 22:20:09.000000000","message":"We should update this as TLSv1.3 could be a minimum as well, i.e. 1.3 only.","commit_id":"65eeb423b05c8e3c2aa1f51f2dac2015c9bf4ef7"}],"octavia/api/v2/controllers/pool.py":[{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"cbc675d161d37096a6b72aa96945bd1374d0242a","unresolved":false,"context_lines":[{"line_number":497,"context_line":"            if remainder:"},{"line_number":498,"context_line":"                return member.MemberController(pool_id\u003ddb_pool.id), remainder"},{"line_number":499,"context_line":"            return member.MembersController(pool_id\u003ddb_pool.id), remainder"},{"line_number":500,"context_line":"        return None"}],"source_content_type":"text/x-python","patch_set":1,"id":"1f493fa4_7a00a235","line":500,"updated":"2020-04-22 20:10:41.000000000","message":"pep8: W292 no newline at end of file","commit_id":"0ccb8268f2e9bfcebb155fc9eb5fe7c0a5a519c7"}],"octavia/common/config.py":[{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"fd6afc37ad742e6f38cf7cf2b2e946f9acbbd6a5","unresolved":false,"context_lines":[{"line_number":123,"context_line":"                       \u0027pools.\u0027)),"},{"line_number":124,"context_line":"    cfg.StrOpt(\u0027minimum_tls_version\u0027,"},{"line_number":125,"context_line":"               default\u003d\u0027\u0027,"},{"line_number":126,"context_line":"               help\u003d_(\u0027Minimum allowed TLS version for listeners and pools.\u0027))"},{"line_number":127,"context_line":"]"},{"line_number":128,"context_line":""},{"line_number":129,"context_line":"# Options only used by the amphora agent"}],"source_content_type":"text/x-python","patch_set":2,"id":"ff570b3c_ba02bf6d","line":126,"updated":"2020-05-18 22:20:09.000000000","message":"Hmm, we may want to split this just to give the operator flexibility. What do others think?","commit_id":"65eeb423b05c8e3c2aa1f51f2dac2015c9bf4ef7"},{"author":{"_account_id":10273,"name":"Adam Harwell","email":"flux.adam@gmail.com","username":"rm_you"},"change_message_id":"19e5693ebb5ed3e8f051e8225a04b6a8870f0016","unresolved":false,"context_lines":[{"line_number":124,"context_line":"                default\u003dconstants.TLS_VERSIONS_OWASP_SUITE_B,"},{"line_number":125,"context_line":"                help\u003d_(\u0027List of TLS versions to use for new TLS-enabled \u0027"},{"line_number":126,"context_line":"                       \u0027pools.\u0027)),"},{"line_number":127,"context_line":"    cfg.StrOpt(\u0027minimum_tls_version\u0027,"},{"line_number":128,"context_line":"               default\u003d\u0027\u0027,"},{"line_number":129,"context_line":"               help\u003d_(\u0027Minimum allowed TLS version for listeners and pools.\u0027))"},{"line_number":130,"context_line":"]"}],"source_content_type":"text/x-python","patch_set":4,"id":"ff570b3c_aac8a2a7","line":127,"updated":"2020-06-03 09:27:34.000000000","message":"This should probably be a choice from an enum of our constant for all versions...\nLike, `choices\u003dconstants.TLS_ALL_VERSIONS`?","commit_id":"a262c7b9fd3934dbb512df93c0d73c6aba2121ac"},{"author":{"_account_id":10273,"name":"Adam Harwell","email":"flux.adam@gmail.com","username":"rm_you"},"change_message_id":"3d8142cccf014dba4f35ca30a697dcaf24a0ad24","unresolved":false,"context_lines":[{"line_number":125,"context_line":"                help\u003d_(\u0027List of TLS versions to use for new TLS-enabled \u0027"},{"line_number":126,"context_line":"                       \u0027pools.\u0027)),"},{"line_number":127,"context_line":"    cfg.StrOpt(\u0027minimum_tls_version\u0027,"},{"line_number":128,"context_line":"               default\u003d\u0027\u0027,"},{"line_number":129,"context_line":"               choices\u003dconstants.TLS_ALL_VERSIONS,"},{"line_number":130,"context_line":"               help\u003d_(\u0027Minimum allowed TLS version for listeners and pools.\u0027))"},{"line_number":131,"context_line":"]"}],"source_content_type":"text/x-python","patch_set":6,"id":"ff570b3c_2652f867","line":128,"updated":"2020-06-04 07:18:30.000000000","message":"This default isn\u0027t in the choices list. Probably needs to be `None`, and possibly we have to add it to the choices array here.","commit_id":"b39db7dd63ace950fadbac83f15a77c5170e053f"}],"octavia/common/validate.py":[{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"cbc675d161d37096a6b72aa96945bd1374d0242a","unresolved":false,"context_lines":[{"line_number":447,"context_line":"    return (version_order.index(version) \u003c"},{"line_number":448,"context_line":"            version_order.index(CONF.api_settings.minimum_tls_version))"},{"line_number":449,"context_line":""},{"line_number":450,"context_line":"def check_tls_version_string(versionstring):"},{"line_number":451,"context_line":"    \"\"\"Checks a TLS version string against the configured minimum."},{"line_number":452,"context_line":"       Returns True/False for validity and a list of rejected versions."},{"line_number":453,"context_line":"    \"\"\""}],"source_content_type":"text/x-python","patch_set":1,"id":"1f493fa4_dae456af","line":450,"updated":"2020-04-22 20:10:41.000000000","message":"pep8: E302 expected 2 blank lines, found 1","commit_id":"0ccb8268f2e9bfcebb155fc9eb5fe7c0a5a519c7"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"cbc675d161d37096a6b72aa96945bd1374d0242a","unresolved":false,"context_lines":[{"line_number":448,"context_line":"            version_order.index(CONF.api_settings.minimum_tls_version))"},{"line_number":449,"context_line":""},{"line_number":450,"context_line":"def check_tls_version_string(versionstring):"},{"line_number":451,"context_line":"    \"\"\"Checks a TLS version string against the configured minimum."},{"line_number":452,"context_line":"       Returns True/False for validity and a list of rejected versions."},{"line_number":453,"context_line":"    \"\"\""},{"line_number":454,"context_line":"    if CONF.api_settings.minimum_tls_version \u003d\u003d \u0027\u0027:"}],"source_content_type":"text/x-python","patch_set":1,"id":"1f493fa4_bae18a9d","line":451,"updated":"2020-04-22 20:10:41.000000000","message":"pep8: H405: multi line docstring summary not separated with an empty line","commit_id":"0ccb8268f2e9bfcebb155fc9eb5fe7c0a5a519c7"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"cbc675d161d37096a6b72aa96945bd1374d0242a","unresolved":false,"context_lines":[{"line_number":449,"context_line":""},{"line_number":450,"context_line":"def check_tls_version_string(versionstring):"},{"line_number":451,"context_line":"    \"\"\"Checks a TLS version string against the configured minimum."},{"line_number":452,"context_line":"       Returns True/False for validity and a list of rejected versions."},{"line_number":453,"context_line":"    \"\"\""},{"line_number":454,"context_line":"    if CONF.api_settings.minimum_tls_version \u003d\u003d \u0027\u0027:"},{"line_number":455,"context_line":"        return True, None"}],"source_content_type":"text/x-python","patch_set":1,"id":"1f493fa4_1af07e67","line":452,"updated":"2020-04-22 20:10:41.000000000","message":"pep8: H405: multi line docstring summary not separated with an empty line","commit_id":"0ccb8268f2e9bfcebb155fc9eb5fe7c0a5a519c7"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"cbc675d161d37096a6b72aa96945bd1374d0242a","unresolved":false,"context_lines":[{"line_number":450,"context_line":"def check_tls_version_string(versionstring):"},{"line_number":451,"context_line":"    \"\"\"Checks a TLS version string against the configured minimum."},{"line_number":452,"context_line":"       Returns True/False for validity and a list of rejected versions."},{"line_number":453,"context_line":"    \"\"\""},{"line_number":454,"context_line":"    if CONF.api_settings.minimum_tls_version \u003d\u003d \u0027\u0027:"},{"line_number":455,"context_line":"        return True, None"},{"line_number":456,"context_line":""}],"source_content_type":"text/x-python","patch_set":1,"id":"1f493fa4_faf4b25d","line":453,"updated":"2020-04-22 20:10:41.000000000","message":"pep8: H405: multi line docstring summary not separated with an empty line","commit_id":"0ccb8268f2e9bfcebb155fc9eb5fe7c0a5a519c7"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"cbc675d161d37096a6b72aa96945bd1374d0242a","unresolved":false,"context_lines":[{"line_number":474,"context_line":""},{"line_number":475,"context_line":""},{"line_number":476,"context_line":"def check_default_tls_versions_min_conflict():"},{"line_number":477,"context_line":"    if CONF.api_settings.minimum_tls_version is \u0027\u0027:"},{"line_number":478,"context_line":"        return"},{"line_number":479,"context_line":""},{"line_number":480,"context_line":"    valid, listener_rejected \u003d check_tls_version_string("}],"source_content_type":"text/x-python","patch_set":1,"id":"1f493fa4_5aea0675","line":477,"updated":"2020-04-22 20:10:41.000000000","message":"pep8: F632 use \u003d\u003d/!\u003d to compare str, bytes, and int literals","commit_id":"0ccb8268f2e9bfcebb155fc9eb5fe7c0a5a519c7"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"cbc675d161d37096a6b72aa96945bd1374d0242a","unresolved":false,"context_lines":[{"line_number":483,"context_line":"        raise exceptions.ValidationException("},{"line_number":484,"context_line":"            detail\u003d_(\"Default listener TLS versions are less than minimum \""},{"line_number":485,"context_line":"                     \"version: \" + \u0027, \u0027.join(listener_rejected)"},{"line_number":486,"context_line":"                     + \" \u003c \" + CONF.api_settings.minimum_tls_version))"},{"line_number":487,"context_line":""},{"line_number":488,"context_line":"    valid, pool_rejected \u003d check_tls_version_string("},{"line_number":489,"context_line":"        CONF.api_settings.default_pool_tls_versions)"}],"source_content_type":"text/x-python","patch_set":1,"id":"1f493fa4_3aef3a85","line":486,"updated":"2020-04-22 20:10:41.000000000","message":"pep8: W503 line break before binary operator","commit_id":"0ccb8268f2e9bfcebb155fc9eb5fe7c0a5a519c7"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"cbc675d161d37096a6b72aa96945bd1374d0242a","unresolved":false,"context_lines":[{"line_number":491,"context_line":"        raise exceptions.ValidationException("},{"line_number":492,"context_line":"            detail\u003d_(\"Default listener TLS versions are less than minimum \""},{"line_number":493,"context_line":"                     \"version: \" + \u0027, \u0027.join(pool_rejected)"},{"line_number":494,"context_line":"                     + \" \u003c \" + CONF.api_settings.minimum_tls_version))"}],"source_content_type":"text/x-python","patch_set":1,"id":"1f493fa4_9a03ee42","line":494,"updated":"2020-04-22 20:10:41.000000000","message":"pep8: W503 line break before binary operator","commit_id":"0ccb8268f2e9bfcebb155fc9eb5fe7c0a5a519c7"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"fd6afc37ad742e6f38cf7cf2b2e946f9acbbd6a5","unresolved":false,"context_lines":[{"line_number":445,"context_line":"    if CONF.api_settings.minimum_tls_version \u003d\u003d \u0027\u0027:"},{"line_number":446,"context_line":"        return []"},{"line_number":447,"context_line":""},{"line_number":448,"context_line":"    version_order \u003d ["},{"line_number":449,"context_line":"        lib_consts.SSL_VERSION_3,"},{"line_number":450,"context_line":"        lib_consts.TLS_VERSION_1,"},{"line_number":451,"context_line":"        lib_consts.TLS_VERSION_1_1,"}],"source_content_type":"text/x-python","patch_set":2,"id":"ff570b3c_5af1e394","line":448,"updated":"2020-05-18 22:20:09.000000000","message":"nit: This could go in the constants.py. Also it could double up as the list of valid versions. Simply comment that it is an ordered list.","commit_id":"65eeb423b05c8e3c2aa1f51f2dac2015c9bf4ef7"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"fd6afc37ad742e6f38cf7cf2b2e946f9acbbd6a5","unresolved":false,"context_lines":[{"line_number":452,"context_line":"        lib_consts.TLS_VERSION_1_2,"},{"line_number":453,"context_line":"        lib_consts.TLS_VERSION_1_3"},{"line_number":454,"context_line":"    ]"},{"line_number":455,"context_line":"    min_ver_index \u003d version_order.index(CONF.api_settings.minimum_tls_version)"},{"line_number":456,"context_line":""},{"line_number":457,"context_line":"    rejected \u003d []"},{"line_number":458,"context_line":"    for ver in versions:"}],"source_content_type":"text/x-python","patch_set":2,"id":"ff570b3c_7a31475a","line":455,"updated":"2020-05-18 22:20:09.000000000","message":"smart!","commit_id":"65eeb423b05c8e3c2aa1f51f2dac2015c9bf4ef7"},{"author":{"_account_id":10273,"name":"Adam Harwell","email":"flux.adam@gmail.com","username":"rm_you"},"change_message_id":"19e5693ebb5ed3e8f051e8225a04b6a8870f0016","unresolved":false,"context_lines":[{"line_number":475,"context_line":""},{"line_number":476,"context_line":"def check_tls_version_min("},{"line_number":477,"context_line":"        versions,"},{"line_number":478,"context_line":"        message\u003d_(\"Requested TLS versions are less than minimum: \")):"},{"line_number":479,"context_line":"    \"\"\"Checks a TLS version string against the configured minimum.\"\"\""},{"line_number":480,"context_line":""},{"line_number":481,"context_line":"    if CONF.api_settings.minimum_tls_version \u003d\u003d \u0027\u0027:"}],"source_content_type":"text/x-python","patch_set":4,"id":"ff570b3c_ca47d61c","line":478,"updated":"2020-06-03 09:27:34.000000000","message":"Is it ok to do _() translations in a function definition or do we need the `message\u003dNone` and `if not message:` pattern?\n\nnit: `less than the minimum` \u003c-- *the*","commit_id":"a262c7b9fd3934dbb512df93c0d73c6aba2121ac"},{"author":{"_account_id":10273,"name":"Adam Harwell","email":"flux.adam@gmail.com","username":"rm_you"},"change_message_id":"19e5693ebb5ed3e8f051e8225a04b6a8870f0016","unresolved":false,"context_lines":[{"line_number":489,"context_line":"        if constants.TLS_ALL_VERSIONS.index(ver) \u003c min_ver_index:"},{"line_number":490,"context_line":"            rejected.append(ver)"},{"line_number":491,"context_line":"    if rejected:"},{"line_number":492,"context_line":"        raise exceptions.ValidationException(detail\u003d_("},{"line_number":493,"context_line":"            message + \u0027, \u0027.join(rejected) + \" \u003c \" +"},{"line_number":494,"context_line":"            CONF.api_settings.minimum_tls_version))"},{"line_number":495,"context_line":""}],"source_content_type":"text/x-python","patch_set":4,"id":"ff570b3c_eaf8dac4","line":492,"updated":"2020-06-03 09:27:34.000000000","message":"I don\u0027t know if this is how these translation hooks are supposed to work? I think you\u0027re only supposed to put constant strings into them. Can anyone else comment on this?\nMy understanding is they do an automatic lookup to the appropriate language\u0027s translation index, and nothing dynamic like this will ever match.","commit_id":"a262c7b9fd3934dbb512df93c0d73c6aba2121ac"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"e7131c383069f3a5b08d4b511e937f44f819b8fa","unresolved":false,"context_lines":[{"line_number":489,"context_line":"        if constants.TLS_ALL_VERSIONS.index(ver) \u003c min_ver_index:"},{"line_number":490,"context_line":"            rejected.append(ver)"},{"line_number":491,"context_line":"    if rejected:"},{"line_number":492,"context_line":"        raise exceptions.ValidationException(detail\u003d_("},{"line_number":493,"context_line":"            message + \u0027, \u0027.join(rejected) + \" \u003c \" +"},{"line_number":494,"context_line":"            CONF.api_settings.minimum_tls_version))"},{"line_number":495,"context_line":""}],"source_content_type":"text/x-python","patch_set":4,"id":"ff570b3c_6d121664","line":492,"in_reply_to":"ff570b3c_eaf8dac4","updated":"2020-06-29 20:47:32.000000000","message":"Yeah, only the message should be translated here.","commit_id":"a262c7b9fd3934dbb512df93c0d73c6aba2121ac"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"823886fa602fa7532c92fd19e21547da969e2fdd","unresolved":false,"context_lines":[{"line_number":480,"context_line":"        return"},{"line_number":481,"context_line":""},{"line_number":482,"context_line":"    if not message:"},{"line_number":483,"context_line":"        message\u003d_(\"Requested TLS versions are less than minimum: \")"},{"line_number":484,"context_line":""},{"line_number":485,"context_line":"    min_ver_index \u003d constants.TLS_ALL_VERSIONS.index("},{"line_number":486,"context_line":"        CONF.api_settings.minimum_tls_version)"}],"source_content_type":"text/x-python","patch_set":5,"id":"ff570b3c_081f086c","line":483,"updated":"2020-06-03 23:37:15.000000000","message":"pep8: E225 missing whitespace around operator","commit_id":"4cd35a08e01c8ec72f76836f5367f4e93e3b677d"},{"author":{"_account_id":10273,"name":"Adam Harwell","email":"flux.adam@gmail.com","username":"rm_you"},"change_message_id":"ba532d90cb51a70a7aa26acc36ed6adc61445ede","unresolved":false,"context_lines":[{"line_number":480,"context_line":"        return"},{"line_number":481,"context_line":""},{"line_number":482,"context_line":"    if not message:"},{"line_number":483,"context_line":"        message\u003d_(\"Requested TLS versions are less than minimum: \")"},{"line_number":484,"context_line":""},{"line_number":485,"context_line":"    min_ver_index \u003d constants.TLS_ALL_VERSIONS.index("},{"line_number":486,"context_line":"        CONF.api_settings.minimum_tls_version)"}],"source_content_type":"text/x-python","patch_set":5,"id":"ff570b3c_003fdc86","line":483,"in_reply_to":"ff570b3c_081f086c","updated":"2020-06-04 05:25:55.000000000","message":"nit: \"than the minimum\" as you fixed elsewhere\nneed a new patchset anyway for pep8","commit_id":"4cd35a08e01c8ec72f76836f5367f4e93e3b677d"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"823886fa602fa7532c92fd19e21547da969e2fdd","unresolved":false,"context_lines":[{"line_number":499,"context_line":"    if CONF.api_settings.minimum_tls_version \u003d\u003d \u0027\u0027:"},{"line_number":500,"context_line":"        return"},{"line_number":501,"context_line":""},{"line_number":502,"context_line":"    listener_message\u003d_(\"Default listener TLS versions are less than the \""},{"line_number":503,"context_line":"                       \"minimum: \")"},{"line_number":504,"context_line":"    pool_message\u003d_(\"Default pool TLS versions are less than the minimum: \")"},{"line_number":505,"context_line":""}],"source_content_type":"text/x-python","patch_set":5,"id":"ff570b3c_68120464","line":502,"updated":"2020-06-03 23:37:15.000000000","message":"pep8: E225 missing whitespace around operator","commit_id":"4cd35a08e01c8ec72f76836f5367f4e93e3b677d"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"823886fa602fa7532c92fd19e21547da969e2fdd","unresolved":false,"context_lines":[{"line_number":501,"context_line":""},{"line_number":502,"context_line":"    listener_message\u003d_(\"Default listener TLS versions are less than the \""},{"line_number":503,"context_line":"                       \"minimum: \")"},{"line_number":504,"context_line":"    pool_message\u003d_(\"Default pool TLS versions are less than the minimum: \")"},{"line_number":505,"context_line":""},{"line_number":506,"context_line":"    check_tls_version_min(CONF.api_settings.default_listener_tls_versions,"},{"line_number":507,"context_line":"                          message\u003dlistener_message)"}],"source_content_type":"text/x-python","patch_set":5,"id":"ff570b3c_48158048","line":504,"updated":"2020-06-03 23:37:15.000000000","message":"pep8: E225 missing whitespace around operator","commit_id":"4cd35a08e01c8ec72f76836f5367f4e93e3b677d"}],"releasenotes/notes/min-tls-version-8e2856fb055ece2c.yaml":[{"author":{"_account_id":10273,"name":"Adam Harwell","email":"flux.adam@gmail.com","username":"rm_you"},"change_message_id":"19e5693ebb5ed3e8f051e8225a04b6a8870f0016","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Added ``minimum_tls_version`` to ``octavia.conf``.  Listener, pools, and"},{"line_number":5,"context_line":"    the defaults for either will be blocked from using any lower TLS versions."},{"line_number":6,"context_line":"    By default, there is no minumum version."}],"source_content_type":"text/x-yaml","patch_set":4,"id":"ff570b3c_ea21fa4e","line":4,"range":{"start_line":4,"start_character":56,"end_line":4,"end_character":64},"updated":"2020-06-03 09:27:34.000000000","message":"Nit: inconsistent pluralization.","commit_id":"a262c7b9fd3934dbb512df93c0d73c6aba2121ac"}]}