)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":28522,"name":"Hervé Beraud","email":"herveberaud.pro@gmail.com","username":"hberaud"},"change_message_id":"242c3e061d5beea8975cbf9ddab858d9196525fc","unresolved":true,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"healthcheck: Limit source IP range"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This change introduces the new [healthchecl] allowed_source_ranges"},{"line_number":10,"context_line":"option, to restrict access to healthcheck endpoint within specific"},{"line_number":11,"context_line":"network ranges. This parameter is useful to avoid access from external"},{"line_number":12,"context_line":"network, because healthcheck endpoint has no authentication usually."}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"5aa0a359_36346a8d","line":9,"range":{"start_line":9,"start_character":32,"end_line":9,"end_character":43},"updated":"2021-08-11 13:16:37.000000000","message":"nit","commit_id":"9ded2a2a35474c0c34017f5905220b41f24f2fa7"}],"oslo_middleware/healthcheck/__init__.py":[{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"71316e7431a63988e03fde0d50db55eaf1a4c2a2","unresolved":true,"context_lines":[{"line_number":556,"context_line":"            return None"},{"line_number":557,"context_line":""},{"line_number":558,"context_line":"        if self._source_ranges:"},{"line_number":559,"context_line":"            remote_addr \u003d ipaddress.ip_address(req.remote_addr)"},{"line_number":560,"context_line":"            for r in self._source_ranges:"},{"line_number":561,"context_line":"                if r.version \u003d\u003d remote_addr.version and remote_addr in r:"},{"line_number":562,"context_line":"                    break"}],"source_content_type":"text/x-python","patch_set":1,"id":"81e60267_ff5c14ce","line":559,"range":{"start_line":559,"start_character":12,"end_line":559,"end_character":63},"updated":"2021-07-12 05:51:17.000000000","message":"This might not work as expected if api service is running behind load balancer. One option is to implement the same logic as we have in http_proxy_to_wsgi but it would be too redundant and hard to maintain. Another option is to let users add http_proxy_to_wsgi BEFORE healthcheck which would be reasonable here.","commit_id":"9ded2a2a35474c0c34017f5905220b41f24f2fa7"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"4e42536b7d54842acf6f507ab87570ba33fed572","unresolved":true,"context_lines":[{"line_number":556,"context_line":"            return None"},{"line_number":557,"context_line":""},{"line_number":558,"context_line":"        if self._source_ranges:"},{"line_number":559,"context_line":"            remote_addr \u003d ipaddress.ip_address(req.remote_addr)"},{"line_number":560,"context_line":"            for r in self._source_ranges:"},{"line_number":561,"context_line":"                if r.version \u003d\u003d remote_addr.version and remote_addr in r:"},{"line_number":562,"context_line":"                    break"}],"source_content_type":"text/x-python","patch_set":1,"id":"9ff4fde7_4c1447e9","line":559,"range":{"start_line":559,"start_character":12,"end_line":559,"end_character":63},"in_reply_to":"81e60267_ff5c14ce","updated":"2021-07-12 05:59:18.000000000","message":"Another option would be to use req.client_addr which uses HTTP_X_FORWARDED_FOR if exists.\n\nhttps://docs.pylonsproject.org/projects/webob/en/stable/api/request.html","commit_id":"9ded2a2a35474c0c34017f5905220b41f24f2fa7"}]}