)]}'
{"oslo_utils/strutils.py":[{"author":{"_account_id":28522,"name":"Hervé Beraud","email":"herveberaud.pro@gmail.com","username":"hberaud"},"change_message_id":"715abaf2974304e6e872a79e8549f22fd4c4d597","unresolved":false,"context_lines":[{"line_number":330,"context_line":"    # specified in _SANITIZE_KEYS, if not then just return the message since"},{"line_number":331,"context_line":"    # we don\u0027t have to mask any passwords."},{"line_number":332,"context_line":"    for key in _SANITIZE_KEYS:"},{"line_number":333,"context_line":"        if key.lower() in message.lower():"},{"line_number":334,"context_line":"            for pattern in _SANITIZE_PATTERNS_2[key]:"},{"line_number":335,"context_line":"                message \u003d re.sub(pattern, substitute2, message)"},{"line_number":336,"context_line":"            for pattern in _SANITIZE_PATTERNS_1[key]:"}],"source_content_type":"text/x-python","patch_set":5,"id":"3fa7e38b_d7bcae6d","side":"PARENT","line":333,"range":{"start_line":333,"start_character":11,"end_line":333,"end_character":22},"updated":"2019-11-15 15:40:32.000000000","message":"Can be more safer to leave that in the case where someone re add some uppercase keys in the future...","commit_id":"704fdfdf790b4d2e923f91a3dd5483630f784ad2"},{"author":{"_account_id":9712,"name":"Dougal Matthews","email":"dougal.matthews@canonical.com","username":"dougal"},"change_message_id":"ae3ca991c798e0cc2c3ce9c37907ab5553cb955b","unresolved":false,"context_lines":[{"line_number":330,"context_line":"    # specified in _SANITIZE_KEYS, if not then just return the message since"},{"line_number":331,"context_line":"    # we don\u0027t have to mask any passwords."},{"line_number":332,"context_line":"    for key in _SANITIZE_KEYS:"},{"line_number":333,"context_line":"        if key.lower() in message.lower():"},{"line_number":334,"context_line":"            for pattern in _SANITIZE_PATTERNS_2[key]:"},{"line_number":335,"context_line":"                message \u003d re.sub(pattern, substitute2, message)"},{"line_number":336,"context_line":"            for pattern in _SANITIZE_PATTERNS_1[key]:"}],"source_content_type":"text/x-python","patch_set":5,"id":"3fa7e38b_ba6c7907","side":"PARENT","line":333,"range":{"start_line":333,"start_character":11,"end_line":333,"end_character":22},"in_reply_to":"3fa7e38b_d7bcae6d","updated":"2019-11-15 16:13:29.000000000","message":"Good idea. Thanks Cedric for doing the update!","commit_id":"704fdfdf790b4d2e923f91a3dd5483630f784ad2"},{"author":{"_account_id":6928,"name":"Ben Nemec","email":"openstack@nemebean.com","username":"bnemec"},"change_message_id":"c8d0893dc95164d5fb2b63678675954126ab9ace","unresolved":false,"context_lines":[{"line_number":61,"context_line":"                  \u0027secret\u0027, \u0027sys_pswd\u0027, \u0027token\u0027, \u0027configdrive\u0027,"},{"line_number":62,"context_line":"                  \u0027chappassword\u0027, \u0027encrypted_key\u0027, \u0027private_key\u0027,"},{"line_number":63,"context_line":"                  \u0027encryption_key_id\u0027, \u0027fernetkey\u0027, \u0027sslkey\u0027, \u0027passphrase\u0027,"},{"line_number":64,"context_line":"                  \u0027cephclusterfsid\u0027, \u0027octaviaheartbeatkey\u0027, \u0027rabbitcookie\u0027,"},{"line_number":65,"context_line":"                  \u0027cephmanilaclientkey\u0027, \u0027pacemakerremoteauthkey\u0027,"},{"line_number":66,"context_line":"                  \u0027designaterndckey\u0027, \u0027cephadminkey\u0027, \u0027heatauthencryptionkey\u0027,"},{"line_number":67,"context_line":"                  \u0027cephclientkey\u0027, \u0027keystonecredential\u0027,"}],"source_content_type":"text/x-python","patch_set":6,"id":"3fa7e38b_838ca380","line":64,"updated":"2019-11-18 21:22:08.000000000","message":"I\u0027m half tempted to suggest we just add \u0027key\u0027 as a key since a lot of these include that. That\u0027s so broad though. :-/\n\nIt\u0027s just that this is essentially doubling the number of keys we need to check each time, and most of them are highly TripleO-specific. I don\u0027t know if that will have a meaningful performance impact, but it would be interesting to profile a service before and after this change.","commit_id":"ed70bd3cd10eae2a34a5e9bd5d1fe0a6791ab3de"},{"author":{"_account_id":6928,"name":"Ben Nemec","email":"openstack@nemebean.com","username":"bnemec"},"change_message_id":"517d4e1b52f989bf5186dc778437c36468c16e8b","unresolved":false,"context_lines":[{"line_number":61,"context_line":"                  \u0027secret\u0027, \u0027sys_pswd\u0027, \u0027token\u0027, \u0027configdrive\u0027,"},{"line_number":62,"context_line":"                  \u0027chappassword\u0027, \u0027encrypted_key\u0027, \u0027private_key\u0027,"},{"line_number":63,"context_line":"                  \u0027encryption_key_id\u0027, \u0027fernetkey\u0027, \u0027sslkey\u0027, \u0027passphrase\u0027,"},{"line_number":64,"context_line":"                  \u0027cephclusterfsid\u0027, \u0027octaviaheartbeatkey\u0027, \u0027rabbitcookie\u0027,"},{"line_number":65,"context_line":"                  \u0027cephmanilaclientkey\u0027, \u0027pacemakerremoteauthkey\u0027,"},{"line_number":66,"context_line":"                  \u0027designaterndckey\u0027, \u0027cephadminkey\u0027, \u0027heatauthencryptionkey\u0027,"},{"line_number":67,"context_line":"                  \u0027cephclientkey\u0027, \u0027keystonecredential\u0027,"}],"source_content_type":"text/x-python","patch_set":6,"id":"3fa7e38b_26993d6c","line":64,"in_reply_to":"3fa7e38b_235a8ff1","updated":"2019-11-18 22:45:39.000000000","message":"We\u0027ve historically tried really hard to avoid that. So far successfully. :-)\n\nThe reason being that we want the behavior across projects to be consistent, and if projects are able to add their own custom keys then you can end up in a weird situation where something gets sanitized in one project but not another. Even if we did make this list extensible, you\u0027ve still got the problem that the list has to live in Mistral even if it\u0027s TripleO-specific so you still have the same problem on a smaller scale, and now the inconsistency problem too.\n\nSo I guess the TLDR is that I don\u0027t want to do that unless someone provides hard numbers that show this is causing an unacceptable performance problem in other services.","commit_id":"ed70bd3cd10eae2a34a5e9bd5d1fe0a6791ab3de"},{"author":{"_account_id":9712,"name":"Dougal Matthews","email":"dougal.matthews@canonical.com","username":"dougal"},"change_message_id":"ff58fde82c07e337560bc796516dbb6dc34d01e1","unresolved":false,"context_lines":[{"line_number":61,"context_line":"                  \u0027secret\u0027, \u0027sys_pswd\u0027, \u0027token\u0027, \u0027configdrive\u0027,"},{"line_number":62,"context_line":"                  \u0027chappassword\u0027, \u0027encrypted_key\u0027, \u0027private_key\u0027,"},{"line_number":63,"context_line":"                  \u0027encryption_key_id\u0027, \u0027fernetkey\u0027, \u0027sslkey\u0027, \u0027passphrase\u0027,"},{"line_number":64,"context_line":"                  \u0027cephclusterfsid\u0027, \u0027octaviaheartbeatkey\u0027, \u0027rabbitcookie\u0027,"},{"line_number":65,"context_line":"                  \u0027cephmanilaclientkey\u0027, \u0027pacemakerremoteauthkey\u0027,"},{"line_number":66,"context_line":"                  \u0027designaterndckey\u0027, \u0027cephadminkey\u0027, \u0027heatauthencryptionkey\u0027,"},{"line_number":67,"context_line":"                  \u0027cephclientkey\u0027, \u0027keystonecredential\u0027,"}],"source_content_type":"text/x-python","patch_set":6,"id":"3fa7e38b_a228ab97","line":64,"in_reply_to":"3fa7e38b_26993d6c","updated":"2019-11-19 19:14:49.000000000","message":"Makes sense, that sounds like good reasoning. Thanks.","commit_id":"ed70bd3cd10eae2a34a5e9bd5d1fe0a6791ab3de"},{"author":{"_account_id":9712,"name":"Dougal Matthews","email":"dougal.matthews@canonical.com","username":"dougal"},"change_message_id":"ae5ea7f7e66e24f58656ad5c68e9e6de45f54ac6","unresolved":false,"context_lines":[{"line_number":61,"context_line":"                  \u0027secret\u0027, \u0027sys_pswd\u0027, \u0027token\u0027, \u0027configdrive\u0027,"},{"line_number":62,"context_line":"                  \u0027chappassword\u0027, \u0027encrypted_key\u0027, \u0027private_key\u0027,"},{"line_number":63,"context_line":"                  \u0027encryption_key_id\u0027, \u0027fernetkey\u0027, \u0027sslkey\u0027, \u0027passphrase\u0027,"},{"line_number":64,"context_line":"                  \u0027cephclusterfsid\u0027, \u0027octaviaheartbeatkey\u0027, \u0027rabbitcookie\u0027,"},{"line_number":65,"context_line":"                  \u0027cephmanilaclientkey\u0027, \u0027pacemakerremoteauthkey\u0027,"},{"line_number":66,"context_line":"                  \u0027designaterndckey\u0027, \u0027cephadminkey\u0027, \u0027heatauthencryptionkey\u0027,"},{"line_number":67,"context_line":"                  \u0027cephclientkey\u0027, \u0027keystonecredential\u0027,"}],"source_content_type":"text/x-python","patch_set":6,"id":"3fa7e38b_235a8ff1","line":64,"in_reply_to":"3fa7e38b_838ca380","updated":"2019-11-18 21:25:55.000000000","message":"I had wondered about this too. Another option would be to make it configurable? Then we can only take the hit for the more obscure keys that we need.","commit_id":"ed70bd3cd10eae2a34a5e9bd5d1fe0a6791ab3de"},{"author":{"_account_id":28223,"name":"Cedric Jeanneret","display_name":"cjeanner (Tengu)","email":"cjeanner@redhat.com","username":"cjeanner"},"change_message_id":"208bcbfd1ae80bcddf05a8e1ba6f41a0149e4383","unresolved":false,"context_lines":[{"line_number":61,"context_line":"                  \u0027secret\u0027, \u0027sys_pswd\u0027, \u0027token\u0027, \u0027configdrive\u0027,"},{"line_number":62,"context_line":"                  \u0027chappassword\u0027, \u0027encrypted_key\u0027, \u0027private_key\u0027,"},{"line_number":63,"context_line":"                  \u0027encryption_key_id\u0027, \u0027fernetkey\u0027, \u0027sslkey\u0027, \u0027passphrase\u0027,"},{"line_number":64,"context_line":"                  \u0027cephclusterfsid\u0027, \u0027octaviaheartbeatkey\u0027, \u0027rabbitcookie\u0027,"},{"line_number":65,"context_line":"                  \u0027cephmanilaclientkey\u0027, \u0027pacemakerremoteauthkey\u0027,"},{"line_number":66,"context_line":"                  \u0027designaterndckey\u0027, \u0027cephadminkey\u0027, \u0027heatauthencryptionkey\u0027,"},{"line_number":67,"context_line":"                  \u0027cephclientkey\u0027, \u0027keystonecredential\u0027,"}],"source_content_type":"text/x-python","patch_set":6,"id":"3fa7e38b_a44993b8","line":64,"in_reply_to":"3fa7e38b_a228ab97","updated":"2019-11-20 07:06:07.000000000","message":"Small note as for \"use key as a key\":\n- the current way strings are matched will break, especially for xml and json.\nWhile \"non-xml/non-json\" will match if key ends with \"key\", we might have some risk in masking unrelated things. Thus I tend to be against this simplification.","commit_id":"ed70bd3cd10eae2a34a5e9bd5d1fe0a6791ab3de"},{"author":{"_account_id":6928,"name":"Ben Nemec","email":"openstack@nemebean.com","username":"bnemec"},"change_message_id":"c8d0893dc95164d5fb2b63678675954126ab9ace","unresolved":false,"context_lines":[{"line_number":66,"context_line":"                  \u0027designaterndckey\u0027, \u0027cephadminkey\u0027, \u0027heatauthencryptionkey\u0027,"},{"line_number":67,"context_line":"                  \u0027cephclientkey\u0027, \u0027keystonecredential\u0027,"},{"line_number":68,"context_line":"                  \u0027barbicansimplecryptokek\u0027, \u0027cephrgwkey\u0027, \u0027swifthashsuffix\u0027,"},{"line_number":69,"context_line":"                  \u0027migrationsshkey\u0027, \u0027cephmdskey\u0027, \u0027cephmonkey\u0027]"},{"line_number":70,"context_line":""},{"line_number":71,"context_line":"# NOTE(ldbragst): Let\u0027s build a list of regex objects using the list of"},{"line_number":72,"context_line":"# _SANITIZE_KEYS we already have. This way, we only have to add the new key"}],"source_content_type":"text/x-python","patch_set":6,"id":"3fa7e38b_43e8eb14","line":69,"range":{"start_line":69,"start_character":52,"end_line":69,"end_character":62},"updated":"2019-11-18 21:22:08.000000000","message":"Heh. :-)","commit_id":"ed70bd3cd10eae2a34a5e9bd5d1fe0a6791ab3de"},{"author":{"_account_id":6928,"name":"Ben Nemec","email":"openstack@nemebean.com","username":"bnemec"},"change_message_id":"c8d0893dc95164d5fb2b63678675954126ab9ace","unresolved":false,"context_lines":[{"line_number":413,"context_line":"        k_matched \u003d False"},{"line_number":414,"context_line":"        if isinstance(k, six.string_types):"},{"line_number":415,"context_line":"            for sani_key in _SANITIZE_KEYS:"},{"line_number":416,"context_line":"                if sani_key.lower() in k.lower():"},{"line_number":417,"context_line":"                    out[k] \u003d secret"},{"line_number":418,"context_line":"                    k_matched \u003d True"},{"line_number":419,"context_line":"                    break"}],"source_content_type":"text/x-python","patch_set":6,"id":"3fa7e38b_43830b57","line":416,"range":{"start_line":416,"start_character":19,"end_line":416,"end_character":35},"updated":"2019-11-18 21:22:08.000000000","message":"I\u0027m not going to block this on something that might be premature optimization, but I\u0027d like to see the key list pre-processed when the list is created so we aren\u0027t doing this lower() operation on every key every time this gets called. It\u0027s pretty inefficient to do this in the inner loop.","commit_id":"ed70bd3cd10eae2a34a5e9bd5d1fe0a6791ab3de"},{"author":{"_account_id":6928,"name":"Ben Nemec","email":"openstack@nemebean.com","username":"bnemec"},"change_message_id":"517d4e1b52f989bf5186dc778437c36468c16e8b","unresolved":false,"context_lines":[{"line_number":413,"context_line":"        k_matched \u003d False"},{"line_number":414,"context_line":"        if isinstance(k, six.string_types):"},{"line_number":415,"context_line":"            for sani_key in _SANITIZE_KEYS:"},{"line_number":416,"context_line":"                if sani_key.lower() in k.lower():"},{"line_number":417,"context_line":"                    out[k] \u003d secret"},{"line_number":418,"context_line":"                    k_matched \u003d True"},{"line_number":419,"context_line":"                    break"}],"source_content_type":"text/x-python","patch_set":6,"id":"3fa7e38b_66bc15bb","line":416,"range":{"start_line":416,"start_character":19,"end_line":416,"end_character":35},"in_reply_to":"3fa7e38b_435f8be4","updated":"2019-11-18 22:45:39.000000000","message":"I think we can do both. Leave the existing list as-is, then create a new one:\n\n_LOWER_SANITIZE_KEYS \u003d [k.lower() for k in _SANITIZE_KEYS]\n\nThen use that new list for this loop. If someone accidentally adds an uppercase key to the hard-coded list, it gets handled appropriately, but we don\u0027t have to do the lower a huge number of times.\n\nHonestly, there should be unit tests added for new keys that would catch if someone incorrectly capitalized one, but I realize we\u0027re not perfect about test coverage so I\u0027m fine with the belt-and-suspenders approach.","commit_id":"ed70bd3cd10eae2a34a5e9bd5d1fe0a6791ab3de"},{"author":{"_account_id":9712,"name":"Dougal Matthews","email":"dougal.matthews@canonical.com","username":"dougal"},"change_message_id":"ae5ea7f7e66e24f58656ad5c68e9e6de45f54ac6","unresolved":false,"context_lines":[{"line_number":413,"context_line":"        k_matched \u003d False"},{"line_number":414,"context_line":"        if isinstance(k, six.string_types):"},{"line_number":415,"context_line":"            for sani_key in _SANITIZE_KEYS:"},{"line_number":416,"context_line":"                if sani_key.lower() in k.lower():"},{"line_number":417,"context_line":"                    out[k] \u003d secret"},{"line_number":418,"context_line":"                    k_matched \u003d True"},{"line_number":419,"context_line":"                    break"}],"source_content_type":"text/x-python","patch_set":6,"id":"3fa7e38b_435f8be4","line":416,"range":{"start_line":416,"start_character":19,"end_line":416,"end_character":35},"in_reply_to":"3fa7e38b_43830b57","updated":"2019-11-18 21:25:55.000000000","message":"I lowered the list in the patch. Note adminPass and CHAPPASSWORD changed. I had removed the lower() here but was asked to put it back in as a precaution on a previous patchset","commit_id":"ed70bd3cd10eae2a34a5e9bd5d1fe0a6791ab3de"},{"author":{"_account_id":9712,"name":"Dougal Matthews","email":"dougal.matthews@canonical.com","username":"dougal"},"change_message_id":"ff58fde82c07e337560bc796516dbb6dc34d01e1","unresolved":false,"context_lines":[{"line_number":413,"context_line":"        k_matched \u003d False"},{"line_number":414,"context_line":"        if isinstance(k, six.string_types):"},{"line_number":415,"context_line":"            for sani_key in _SANITIZE_KEYS:"},{"line_number":416,"context_line":"                if sani_key.lower() in k.lower():"},{"line_number":417,"context_line":"                    out[k] \u003d secret"},{"line_number":418,"context_line":"                    k_matched \u003d True"},{"line_number":419,"context_line":"                    break"}],"source_content_type":"text/x-python","patch_set":6,"id":"3fa7e38b_c2fe0705","line":416,"range":{"start_line":416,"start_character":19,"end_line":416,"end_character":35},"in_reply_to":"3fa7e38b_66bc15bb","updated":"2019-11-19 19:14:49.000000000","message":"Sounds good. I can go ahead and do that.","commit_id":"ed70bd3cd10eae2a34a5e9bd5d1fe0a6791ab3de"},{"author":{"_account_id":28223,"name":"Cedric Jeanneret","display_name":"cjeanner (Tengu)","email":"cjeanner@redhat.com","username":"cjeanner"},"change_message_id":"208bcbfd1ae80bcddf05a8e1ba6f41a0149e4383","unresolved":false,"context_lines":[{"line_number":413,"context_line":"        k_matched \u003d False"},{"line_number":414,"context_line":"        if isinstance(k, six.string_types):"},{"line_number":415,"context_line":"            for sani_key in _SANITIZE_KEYS:"},{"line_number":416,"context_line":"                if sani_key.lower() in k.lower():"},{"line_number":417,"context_line":"                    out[k] \u003d secret"},{"line_number":418,"context_line":"                    k_matched \u003d True"},{"line_number":419,"context_line":"                    break"}],"source_content_type":"text/x-python","patch_set":6,"id":"3fa7e38b_84ca5717","line":416,"range":{"start_line":416,"start_character":19,"end_line":416,"end_character":35},"in_reply_to":"3fa7e38b_c2fe0705","updated":"2019-11-20 07:06:07.000000000","message":"I should have thought about that, sorry -.-\u0027.\n+1 for a pre-processing, especially since we\u0027re doing it twice.","commit_id":"ed70bd3cd10eae2a34a5e9bd5d1fe0a6791ab3de"}]}