)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":34120,"name":"Andre Aranha","display_name":"afariasa","email":"afariasa@redhat.com","username":"afariasa"},"change_message_id":"f8f3ead4965e899ba98f56320aa6cb768a01bace","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"54c9f38a_cb5e10c4","updated":"2022-03-08 15:43:29.000000000","message":"recheck","commit_id":"25af5096506186c02516393d9c81735422e0e91e"},{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"e9731615a26be093989a3e8127bbdefb1c605a48","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"4dc9b9a2_d10fa62c","updated":"2022-03-10 12:16:45.000000000","message":"In principle this makes sense. Some of the doc still needs to be updated, and we should probably update swiftclient to use sha256 before deprecating sha1.","commit_id":"246aeb3f49fec6fd1cefdb2a3e64eae344e51a1d"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"f9467159fb3e16e8421040bc4380b9f653d66cda","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"73d8c182_d6a89df3","updated":"2022-03-09 21:52:33.000000000","message":"Those DSVM failures are weird... not sure what\u0027s up with them. I was thinking it was just eventual consistency issues at first, but that seems less likely given how frequently they\u0027re failing.\n\nWe should probably update the algorithm used by the func tests so we don\u0027t skip *quite* so many tempurl tests.","commit_id":"246aeb3f49fec6fd1cefdb2a3e64eae344e51a1d"},{"author":{"_account_id":34120,"name":"Andre Aranha","display_name":"afariasa","email":"afariasa@redhat.com","username":"afariasa"},"change_message_id":"ff8495ae12aa5888d58839a16ee3c94931124574","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"922ed591_0ed53850","updated":"2022-03-10 11:36:38.000000000","message":"recheck","commit_id":"246aeb3f49fec6fd1cefdb2a3e64eae344e51a1d"},{"author":{"_account_id":597,"name":"Pete Zaitcev","email":"zaitcev@kotori.zaitcev.us","username":"zaitcev"},"change_message_id":"ecba02b0226a81e44a5cac9935d450e4ac2f11e2","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"6593a82b_fc089b98","in_reply_to":"73d8c182_d6a89df3","updated":"2022-03-23 03:51:47.000000000","message":"\u003e Those DSVM failures are weird... not sure what\u0027s up with them. I was thinking it was just eventual consistency issues at first, but that seems less likely given how frequently they\u0027re failing.\n\nAmazingly enough Zuul kept the failed console log long enough for me to examine today. The log seems to indicate to me that the difference grows for each failed test. All tests fail where the assert expects 10 elements, but gets more and more and more. So, I suspect, something is not being reset properly between tests and the new ones run over dirty containers.\n\nRemember that functests do not start and stop services - I used to run functests over a production cluster. They literally go and delete all containers and objects.\n\nIt\u0027s possible that eventual consistency of container listings is what we\u0027re seeing. Maybe someone forgot to start an updater.","commit_id":"246aeb3f49fec6fd1cefdb2a3e64eae344e51a1d"},{"author":{"_account_id":597,"name":"Pete Zaitcev","email":"zaitcev@kotori.zaitcev.us","username":"zaitcev"},"change_message_id":"ecba02b0226a81e44a5cac9935d450e4ac2f11e2","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":8,"id":"655fb3d3_6df90e5b","updated":"2022-03-23 03:51:47.000000000","message":"I agree with all of Alistair\u0027s comments.\n\nAde, do you mind if I update this? I\u0027m a little busy otherwise, but I can do this much.","commit_id":"b1fc91f4f4fa2a7518f72e713f8da07afa14dca8"},{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"37dbd6b7fee9cc35bc360650b80c42b41b0858c5","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":8,"id":"310ea4f6_6a574c72","in_reply_to":"655fb3d3_6df90e5b","updated":"2022-03-23 13:50:16.000000000","message":"Please feel free to update.  I\u0027m out for the rest of the week, but afariasa is keeping track of things.","commit_id":"b1fc91f4f4fa2a7518f72e713f8da07afa14dca8"},{"author":{"_account_id":597,"name":"Pete Zaitcev","email":"zaitcev@kotori.zaitcev.us","username":"zaitcev"},"change_message_id":"14140b4b69b35ec20a0f4b6a9041829dda489846","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":12,"id":"7011d963_e9815fcc","updated":"2022-03-31 11:00:35.000000000","message":"recheck","commit_id":"c8aad9b87a60dfff701f31cdee74748172a06669"},{"author":{"_account_id":597,"name":"Pete Zaitcev","email":"zaitcev@kotori.zaitcev.us","username":"zaitcev"},"change_message_id":"68007f889debce46a39677f46522980d7b8e2ad2","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":12,"id":"e1bf755a_b4a9632f","updated":"2022-03-31 03:20:09.000000000","message":"recheck","commit_id":"c8aad9b87a60dfff701f31cdee74748172a06669"},{"author":{"_account_id":597,"name":"Pete Zaitcev","email":"zaitcev@kotori.zaitcev.us","username":"zaitcev"},"change_message_id":"e7342075bf220b50d29ba0529e7ecb549ed0114f","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":12,"id":"05065515_e34636a2","updated":"2022-03-31 01:28:30.000000000","message":"recheck\n\nI fixed DVSM Functests, but it\u0027s Grenade this time.","commit_id":"c8aad9b87a60dfff701f31cdee74748172a06669"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"d03b59be2f4a772b2509e596c65d2ed604edb1ad","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":13,"id":"dbcd68cb_a1e60383","updated":"2022-05-27 05:27:13.000000000","message":"LGTM, but one small question about passing the digestmod as a str on py3.","commit_id":"118cf2ba8af97dbbd78271126e22cb80f18f9adc"},{"author":{"_account_id":6968,"name":"Christian Schwede","email":"cschwede@redhat.com","username":"cschwede"},"change_message_id":"e3be49a2fc20feb454cef27af3b0e803bfe9d60b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":13,"id":"a8c79e0b_45f16db0","updated":"2022-05-24 07:32:00.000000000","message":"LGTM. Tested this on my local SAIO, does what it says and wfm.\n\nWe should ensure that the deprecation (and disablement) of sha1 as default pops up in a changelog in the next Swift release, otherwise people might miss this until it breaks things.","commit_id":"118cf2ba8af97dbbd78271126e22cb80f18f9adc"},{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"3ef9e8d8ac7291d043eb3cf1a4aa3b77a50e6503","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":13,"id":"cc84a15d_cc3443d4","updated":"2022-05-17 07:39:06.000000000","message":"Thanks Andre.\n\nI\u0027ll pop this on the meeting for this week and let\u0027s see if we can finally get it landed!","commit_id":"118cf2ba8af97dbbd78271126e22cb80f18f9adc"},{"author":{"_account_id":1179,"name":"Clay Gerrard","email":"clay.gerrard@gmail.com","username":"clay-gerrard"},"change_message_id":"fcd90d428e711c871b54d6d9956b2438ba4e703c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":13,"id":"c20337e4_424714ca","updated":"2022-06-07 15:57:02.000000000","message":"swiftclient does not support this new signature format\n\nhttps://bugs.launchpad.net/python-swiftclient/+bug/1977867\n\nWhen you upgrade to a version of swift that includes this change you break your clients (unless you change your config according to UpgradeImpact)\n\nI don\u0027t think this is how we should be rolling out deprecations in general - IMHO it\u0027s going to cause a fire drill for a bunch of ops people (who we claim we like!) for no good reason.  So why\u0027d we do it like this?","commit_id":"118cf2ba8af97dbbd78271126e22cb80f18f9adc"}],"doc/source/api/temporary_url_middleware.rst":[{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"e9731615a26be093989a3e8127bbdefb1c605a48","unresolved":true,"context_lines":[{"line_number":38,"context_line":".. code::"},{"line_number":39,"context_line":""},{"line_number":40,"context_line":"    https://swift-cluster.example.com/v1/my_account/container/object"},{"line_number":41,"context_line":"    ?temp_url_sig\u003dda39a3ee5e6b4b0d3255bfef95601890afd80709"},{"line_number":42,"context_line":"    \u0026temp_url_expires\u003d1323479485"},{"line_number":43,"context_line":"    \u0026filename\u003dMy+Test+File.pdf"},{"line_number":44,"context_line":""}],"source_content_type":"text/x-rst","patch_set":7,"id":"05927cdb_5de818b5","line":41,"updated":"2022-03-10 12:16:45.000000000","message":"this signature should be updated for consistency","commit_id":"246aeb3f49fec6fd1cefdb2a3e64eae344e51a1d"},{"author":{"_account_id":597,"name":"Pete Zaitcev","email":"zaitcev@kotori.zaitcev.us","username":"zaitcev"},"change_message_id":"56bdd7ea2ce394e6fbf41e57933099c775926bd3","unresolved":false,"context_lines":[{"line_number":38,"context_line":".. code::"},{"line_number":39,"context_line":""},{"line_number":40,"context_line":"    https://swift-cluster.example.com/v1/my_account/container/object"},{"line_number":41,"context_line":"    ?temp_url_sig\u003dda39a3ee5e6b4b0d3255bfef95601890afd80709"},{"line_number":42,"context_line":"    \u0026temp_url_expires\u003d1323479485"},{"line_number":43,"context_line":"    \u0026filename\u003dMy+Test+File.pdf"},{"line_number":44,"context_line":""}],"source_content_type":"text/x-rst","patch_set":7,"id":"43c07d78_b4b72965","line":41,"in_reply_to":"05927cdb_5de818b5","updated":"2022-03-24 04:39:37.000000000","message":"Done","commit_id":"246aeb3f49fec6fd1cefdb2a3e64eae344e51a1d"},{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"e9731615a26be093989a3e8127bbdefb1c605a48","unresolved":true,"context_lines":[{"line_number":127,"context_line":""},{"line_number":128,"context_line":"-  The allowed method. Typically, **GET** or **PUT**."},{"line_number":129,"context_line":""},{"line_number":130,"context_line":"-  Expiry time. In the example for the HMAC-SHA1 signature for temporary"},{"line_number":131,"context_line":"   URLs below, the expiry time is set to ``86400`` seconds (or 1 day)"},{"line_number":132,"context_line":"   into the future. Please be aware that you have to use a UNIX timestamp"},{"line_number":133,"context_line":"   for generating the signature (in the API request it is also allowed to"}],"source_content_type":"text/x-rst","patch_set":7,"id":"9faba6f6_5cee0d6e","line":130,"range":{"start_line":130,"start_character":39,"end_line":130,"end_character":48},"updated":"2022-03-10 12:16:45.000000000","message":"update to not refer to SHA1 (the examples are now 256 and 512)","commit_id":"246aeb3f49fec6fd1cefdb2a3e64eae344e51a1d"},{"author":{"_account_id":597,"name":"Pete Zaitcev","email":"zaitcev@kotori.zaitcev.us","username":"zaitcev"},"change_message_id":"56bdd7ea2ce394e6fbf41e57933099c775926bd3","unresolved":false,"context_lines":[{"line_number":127,"context_line":""},{"line_number":128,"context_line":"-  The allowed method. Typically, **GET** or **PUT**."},{"line_number":129,"context_line":""},{"line_number":130,"context_line":"-  Expiry time. In the example for the HMAC-SHA1 signature for temporary"},{"line_number":131,"context_line":"   URLs below, the expiry time is set to ``86400`` seconds (or 1 day)"},{"line_number":132,"context_line":"   into the future. Please be aware that you have to use a UNIX timestamp"},{"line_number":133,"context_line":"   for generating the signature (in the API request it is also allowed to"}],"source_content_type":"text/x-rst","patch_set":7,"id":"8f62ee0b_c647a8d7","line":130,"range":{"start_line":130,"start_character":39,"end_line":130,"end_character":48},"in_reply_to":"9faba6f6_5cee0d6e","updated":"2022-03-24 04:39:37.000000000","message":"Done","commit_id":"246aeb3f49fec6fd1cefdb2a3e64eae344e51a1d"},{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"e9731615a26be093989a3e8127bbdefb1c605a48","unresolved":true,"context_lines":[{"line_number":191,"context_line":"    import time"},{"line_number":192,"context_line":"    time.strftime(\u0027%Y-%m-%dT%H:%M:%SZ\u0027, time.gmtime(timestamp))"},{"line_number":193,"context_line":""},{"line_number":194,"context_line":"Using the ``swift`` tool to generate a Temporary URL"},{"line_number":195,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":196,"context_line":""},{"line_number":197,"context_line":"The ``swift`` tool provides the  tempurl_ option that"}],"source_content_type":"text/x-rst","patch_set":7,"id":"d63dcae7_fcf25aaf","line":194,"updated":"2022-03-10 12:16:45.000000000","message":"We ought to update swiftclient to use SHA256. For now, we should at least add a note here that the example is using SHA1.","commit_id":"246aeb3f49fec6fd1cefdb2a3e64eae344e51a1d"},{"author":{"_account_id":597,"name":"Pete Zaitcev","email":"zaitcev@kotori.zaitcev.us","username":"zaitcev"},"change_message_id":"56bdd7ea2ce394e6fbf41e57933099c775926bd3","unresolved":false,"context_lines":[{"line_number":191,"context_line":"    import time"},{"line_number":192,"context_line":"    time.strftime(\u0027%Y-%m-%dT%H:%M:%SZ\u0027, time.gmtime(timestamp))"},{"line_number":193,"context_line":""},{"line_number":194,"context_line":"Using the ``swift`` tool to generate a Temporary URL"},{"line_number":195,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":196,"context_line":""},{"line_number":197,"context_line":"The ``swift`` tool provides the  tempurl_ option that"}],"source_content_type":"text/x-rst","patch_set":7,"id":"a67a98d5_e20de158","line":194,"in_reply_to":"d63dcae7_fcf25aaf","updated":"2022-03-24 04:39:37.000000000","message":"Done","commit_id":"246aeb3f49fec6fd1cefdb2a3e64eae344e51a1d"}],"swift/common/middleware/tempurl.py":[{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"e9731615a26be093989a3e8127bbdefb1c605a48","unresolved":true,"context_lines":[{"line_number":125,"context_line":"You may also use ISO 8601 UTC timestamps with the format"},{"line_number":126,"context_line":"``\"%Y-%m-%dT%H:%M:%SZ\"`` instead of UNIX timestamps in the URL"},{"line_number":127,"context_line":"(but NOT in the code above for generating the signature!)."},{"line_number":128,"context_line":"So, the above HMAC-SHA1 URL could also be formulated as::"},{"line_number":129,"context_line":""},{"line_number":130,"context_line":"    https://swift-cluster.example.com/v1/AUTH_account/container/object?"},{"line_number":131,"context_line":"    temp_url_sig\u003d732fcac368abb10c78a4cbe95c3fab7f311584532bf779abd5074e13cbe8b88b\u0026"}],"source_content_type":"text/x-python","patch_set":7,"id":"8c081390_d80e2a55","line":128,"range":{"start_line":128,"start_character":14,"end_line":128,"end_character":23},"updated":"2022-03-10 12:16:45.000000000","message":"HMAC-SHA256","commit_id":"246aeb3f49fec6fd1cefdb2a3e64eae344e51a1d"},{"author":{"_account_id":597,"name":"Pete Zaitcev","email":"zaitcev@kotori.zaitcev.us","username":"zaitcev"},"change_message_id":"56bdd7ea2ce394e6fbf41e57933099c775926bd3","unresolved":false,"context_lines":[{"line_number":125,"context_line":"You may also use ISO 8601 UTC timestamps with the format"},{"line_number":126,"context_line":"``\"%Y-%m-%dT%H:%M:%SZ\"`` instead of UNIX timestamps in the URL"},{"line_number":127,"context_line":"(but NOT in the code above for generating the signature!)."},{"line_number":128,"context_line":"So, the above HMAC-SHA1 URL could also be formulated as::"},{"line_number":129,"context_line":""},{"line_number":130,"context_line":"    https://swift-cluster.example.com/v1/AUTH_account/container/object?"},{"line_number":131,"context_line":"    temp_url_sig\u003d732fcac368abb10c78a4cbe95c3fab7f311584532bf779abd5074e13cbe8b88b\u0026"}],"source_content_type":"text/x-python","patch_set":7,"id":"91cd06d3_a4591de0","line":128,"range":{"start_line":128,"start_character":14,"end_line":128,"end_character":23},"in_reply_to":"8c081390_d80e2a55","updated":"2022-03-24 04:39:37.000000000","message":"Done","commit_id":"246aeb3f49fec6fd1cefdb2a3e64eae344e51a1d"},{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"e9731615a26be093989a3e8127bbdefb1c605a48","unresolved":true,"context_lines":[{"line_number":165,"context_line":"    ip_range \u003d \u00271.2.3.4\u0027"},{"line_number":166,"context_line":"    key \u003d \u0027mykey\u0027"},{"line_number":167,"context_line":"    hmac_body \u003d \u0027ip\u003d%s\\n%s\\n%s\\n%s\u0027 % (ip_range, method, expires, path)"},{"line_number":168,"context_line":"    sig \u003d hmac.new(key, hmac_body, sha1).hexdigest()"},{"line_number":169,"context_line":""},{"line_number":170,"context_line":"The generated signature would only be valid from the ip ``1.2.3.4``. The"},{"line_number":171,"context_line":"middleware detects an ip-based temporary URL by a query parameter called"}],"source_content_type":"text/x-python","patch_set":7,"id":"e394afe4_1cd890da","line":168,"updated":"2022-03-10 12:16:45.000000000","message":"needs updating","commit_id":"246aeb3f49fec6fd1cefdb2a3e64eae344e51a1d"},{"author":{"_account_id":597,"name":"Pete Zaitcev","email":"zaitcev@kotori.zaitcev.us","username":"zaitcev"},"change_message_id":"56bdd7ea2ce394e6fbf41e57933099c775926bd3","unresolved":false,"context_lines":[{"line_number":165,"context_line":"    ip_range \u003d \u00271.2.3.4\u0027"},{"line_number":166,"context_line":"    key \u003d \u0027mykey\u0027"},{"line_number":167,"context_line":"    hmac_body \u003d \u0027ip\u003d%s\\n%s\\n%s\\n%s\u0027 % (ip_range, method, expires, path)"},{"line_number":168,"context_line":"    sig \u003d hmac.new(key, hmac_body, sha1).hexdigest()"},{"line_number":169,"context_line":""},{"line_number":170,"context_line":"The generated signature would only be valid from the ip ``1.2.3.4``. The"},{"line_number":171,"context_line":"middleware detects an ip-based temporary URL by a query parameter called"}],"source_content_type":"text/x-python","patch_set":7,"id":"312ae581_1781d30a","line":168,"in_reply_to":"e394afe4_1cd890da","updated":"2022-03-24 04:39:37.000000000","message":"Done","commit_id":"246aeb3f49fec6fd1cefdb2a3e64eae344e51a1d"},{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"e9731615a26be093989a3e8127bbdefb1c605a48","unresolved":true,"context_lines":[{"line_number":189,"context_line":"    ip_range \u003d \u00271.2.3.0/24\u0027"},{"line_number":190,"context_line":"    key \u003d \u0027mykey\u0027"},{"line_number":191,"context_line":"    hmac_body \u003d \u0027ip\u003d%s\\n%s\\n%s\\n%s\u0027 % (ip_range, method, expires, path)"},{"line_number":192,"context_line":"    sig \u003d hmac.new(key, hmac_body, sha1).hexdigest()"},{"line_number":193,"context_line":""},{"line_number":194,"context_line":"Then the following url would be valid::"},{"line_number":195,"context_line":""}],"source_content_type":"text/x-python","patch_set":7,"id":"e4ecf0d6_518efc67","line":192,"updated":"2022-03-10 12:16:45.000000000","message":"needs updating","commit_id":"246aeb3f49fec6fd1cefdb2a3e64eae344e51a1d"},{"author":{"_account_id":597,"name":"Pete Zaitcev","email":"zaitcev@kotori.zaitcev.us","username":"zaitcev"},"change_message_id":"56bdd7ea2ce394e6fbf41e57933099c775926bd3","unresolved":false,"context_lines":[{"line_number":189,"context_line":"    ip_range \u003d \u00271.2.3.0/24\u0027"},{"line_number":190,"context_line":"    key \u003d \u0027mykey\u0027"},{"line_number":191,"context_line":"    hmac_body \u003d \u0027ip\u003d%s\\n%s\\n%s\\n%s\u0027 % (ip_range, method, expires, path)"},{"line_number":192,"context_line":"    sig \u003d hmac.new(key, hmac_body, sha1).hexdigest()"},{"line_number":193,"context_line":""},{"line_number":194,"context_line":"Then the following url would be valid::"},{"line_number":195,"context_line":""}],"source_content_type":"text/x-python","patch_set":7,"id":"cac41f1e_edd5780e","line":192,"in_reply_to":"e4ecf0d6_518efc67","updated":"2022-03-24 04:39:37.000000000","message":"Done","commit_id":"246aeb3f49fec6fd1cefdb2a3e64eae344e51a1d"},{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"05bbf1c4114098f8234b8f6dfc1eef2fbc8ec506","unresolved":true,"context_lines":[{"line_number":343,"context_line":"#: \u0027*\u0027 to indicate a prefix match."},{"line_number":344,"context_line":"DEFAULT_OUTGOING_ALLOW_HEADERS \u003d \u0027x-object-meta-public-*\u0027"},{"line_number":345,"context_line":""},{"line_number":346,"context_line":"DEFAULT_ALLOWED_DIGESTS \u003d \u0027sha256 sha512\u0027"},{"line_number":347,"context_line":"DEPRECATED_DIGESTS \u003d {\u0027sha1\u0027}"},{"line_number":348,"context_line":"SUPPORTED_DIGESTS \u003d set(DEFAULT_ALLOWED_DIGESTS.split()) | DEPRECATED_DIGESTS"},{"line_number":349,"context_line":""}],"source_content_type":"text/x-python","patch_set":7,"id":"3f9ce668_23746a07","line":346,"updated":"2022-03-11 04:13:46.000000000","message":"Does sha1 still need to be in allowed_digests so it\u0027ll send a deprecate warning. As it isn\u0027t, we just get an unauthed response if we try sha1 (well when I\u0027m attempting to do the same to formpost that is).","commit_id":"246aeb3f49fec6fd1cefdb2a3e64eae344e51a1d"},{"author":{"_account_id":597,"name":"Pete Zaitcev","email":"zaitcev@kotori.zaitcev.us","username":"zaitcev"},"change_message_id":"56bdd7ea2ce394e6fbf41e57933099c775926bd3","unresolved":true,"context_lines":[{"line_number":343,"context_line":"#: \u0027*\u0027 to indicate a prefix match."},{"line_number":344,"context_line":"DEFAULT_OUTGOING_ALLOW_HEADERS \u003d \u0027x-object-meta-public-*\u0027"},{"line_number":345,"context_line":""},{"line_number":346,"context_line":"DEFAULT_ALLOWED_DIGESTS \u003d \u0027sha256 sha512\u0027"},{"line_number":347,"context_line":"DEPRECATED_DIGESTS \u003d {\u0027sha1\u0027}"},{"line_number":348,"context_line":"SUPPORTED_DIGESTS \u003d set(DEFAULT_ALLOWED_DIGESTS.split()) | DEPRECATED_DIGESTS"},{"line_number":349,"context_line":""}],"source_content_type":"text/x-python","patch_set":7,"id":"26b7d1fd_39a248f6","line":346,"in_reply_to":"3f9ce668_23746a07","updated":"2022-03-24 04:39:37.000000000","message":"Indeed the experience is not smooth.\n\nSuppose a cluster existed that had all the middlewares, but with null configuration (all defaults). If nobody even used tempurl, then this warning is pointless: the cluster is automatically sound after upgrade. But if someone did use tempurl, then the new cluster disallows it, and they\u0027ll know once their client scripts fail.\n\nIn fact I think this deprecation warning may actually be pointless. Operator will know what happens from reading the code anyway. User has no access to logs and cannot see the warning.\n\nI\u0027m going to leave it as Adie did it.","commit_id":"246aeb3f49fec6fd1cefdb2a3e64eae344e51a1d"},{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"e9731615a26be093989a3e8127bbdefb1c605a48","unresolved":true,"context_lines":[{"line_number":871,"context_line":"    if deprecated:"},{"line_number":872,"context_line":"        logger.warning(\u0027The following digest algorithms are configured but \u0027"},{"line_number":873,"context_line":"                       \u0027deprecated: %s. Support will be removed in a future \u0027"},{"line_number":874,"context_line":"                       \u0027release.\u0027, \u0027, \u0027.join(deprecated))"},{"line_number":875,"context_line":"    if not allowed_digests:"},{"line_number":876,"context_line":"        raise ValueError(\u0027No valid digest algorithms are configured \u0027"},{"line_number":877,"context_line":"                         \u0027for tempurls\u0027)"}],"source_content_type":"text/x-python","patch_set":7,"id":"2787edea_06fe1fee","line":874,"updated":"2022-03-10 12:16:45.000000000","message":"AFAICT this isn\u0027t covered by a unit test","commit_id":"246aeb3f49fec6fd1cefdb2a3e64eae344e51a1d"},{"author":{"_account_id":597,"name":"Pete Zaitcev","email":"zaitcev@kotori.zaitcev.us","username":"zaitcev"},"change_message_id":"56bdd7ea2ce394e6fbf41e57933099c775926bd3","unresolved":false,"context_lines":[{"line_number":871,"context_line":"    if deprecated:"},{"line_number":872,"context_line":"        logger.warning(\u0027The following digest algorithms are configured but \u0027"},{"line_number":873,"context_line":"                       \u0027deprecated: %s. Support will be removed in a future \u0027"},{"line_number":874,"context_line":"                       \u0027release.\u0027, \u0027, \u0027.join(deprecated))"},{"line_number":875,"context_line":"    if not allowed_digests:"},{"line_number":876,"context_line":"        raise ValueError(\u0027No valid digest algorithms are configured \u0027"},{"line_number":877,"context_line":"                         \u0027for tempurls\u0027)"}],"source_content_type":"text/x-python","patch_set":7,"id":"b6f8a4f3_23e87abb","line":874,"in_reply_to":"2787edea_06fe1fee","updated":"2022-03-24 04:39:37.000000000","message":"Done","commit_id":"246aeb3f49fec6fd1cefdb2a3e64eae344e51a1d"},{"author":{"_account_id":6968,"name":"Christian Schwede","email":"cschwede@redhat.com","username":"cschwede"},"change_message_id":"e3be49a2fc20feb454cef27af3b0e803bfe9d60b","unresolved":true,"context_lines":[{"line_number":520,"context_line":"        elif len(temp_url_sig) \u003d\u003d 40:"},{"line_number":521,"context_line":"            hash_algorithm \u003d \u0027sha1\u0027"},{"line_number":522,"context_line":"        elif len(temp_url_sig) \u003d\u003d 64:"},{"line_number":523,"context_line":"            hash_algorithm \u003d \u0027sha256\u0027"},{"line_number":524,"context_line":"        else:"},{"line_number":525,"context_line":"            return self._invalid(env, start_response)"},{"line_number":526,"context_line":"        if hash_algorithm not in self.allowed_digests:"}],"source_content_type":"text/x-python","patch_set":13,"id":"f6ea8386_3464aaef","line":523,"updated":"2022-05-24 07:32:00.000000000","message":"nit: we\u0027re missing some \"auto-detection\" for sha512 here, but that\u0027s somewhat unrelated to this patch.","commit_id":"118cf2ba8af97dbbd78271126e22cb80f18f9adc"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"d03b59be2f4a772b2509e596c65d2ed604edb1ad","unresolved":true,"context_lines":[{"line_number":520,"context_line":"        elif len(temp_url_sig) \u003d\u003d 40:"},{"line_number":521,"context_line":"            hash_algorithm \u003d \u0027sha1\u0027"},{"line_number":522,"context_line":"        elif len(temp_url_sig) \u003d\u003d 64:"},{"line_number":523,"context_line":"            hash_algorithm \u003d \u0027sha256\u0027"},{"line_number":524,"context_line":"        else:"},{"line_number":525,"context_line":"            return self._invalid(env, start_response)"},{"line_number":526,"context_line":"        if hash_algorithm not in self.allowed_digests:"}],"source_content_type":"text/x-python","patch_set":13,"id":"da0ef255_b683665c","line":523,"in_reply_to":"d8a9ea76_2cd0727a","updated":"2022-05-27 05:27:13.000000000","message":"FWIW, the sha256 detection was only added to not needlessly break from what Cloud Files was already doing when I looked into https://bugs.launchpad.net/swift/+bug/1733634. My intention was that clients should specify the algo used.","commit_id":"118cf2ba8af97dbbd78271126e22cb80f18f9adc"},{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"6dae31771136c1101705b16286e0367bbea78990","unresolved":true,"context_lines":[{"line_number":520,"context_line":"        elif len(temp_url_sig) \u003d\u003d 40:"},{"line_number":521,"context_line":"            hash_algorithm \u003d \u0027sha1\u0027"},{"line_number":522,"context_line":"        elif len(temp_url_sig) \u003d\u003d 64:"},{"line_number":523,"context_line":"            hash_algorithm \u003d \u0027sha256\u0027"},{"line_number":524,"context_line":"        else:"},{"line_number":525,"context_line":"            return self._invalid(env, start_response)"},{"line_number":526,"context_line":"        if hash_algorithm not in self.allowed_digests:"}],"source_content_type":"text/x-python","patch_set":13,"id":"d8a9ea76_2cd0727a","line":523,"in_reply_to":"f6ea8386_3464aaef","updated":"2022-05-26 07:15:58.000000000","message":"yeah, I can add this in a follow up. I belive I ended adding it in the formpost case.","commit_id":"118cf2ba8af97dbbd78271126e22cb80f18f9adc"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"d03b59be2f4a772b2509e596c65d2ed604edb1ad","unresolved":true,"context_lines":[{"line_number":753,"context_line":"        return ["},{"line_number":754,"context_line":"            (get_hmac("},{"line_number":755,"context_line":"                request_method, path, expires, key,"},{"line_number":756,"context_line":"                digest\u003dhash_algorithm, ip_range\u003dip_range"},{"line_number":757,"context_line":"            ), scope)"},{"line_number":758,"context_line":"            for (key, scope) in scoped_keys]"},{"line_number":759,"context_line":""}],"source_content_type":"text/x-python","patch_set":13,"id":"662a382e_288871b1","line":756,"updated":"2022-05-27 05:27:13.000000000","message":"Are we sure we want to back out the getattr stuff? Passing a str seems to put us down a code path like https://github.com/python/cpython/blob/v3.9.10/Lib/hmac.py#L60-L61, which feels suspiciously like what we were doing before https://github.com/openstack/swift/commit/471a559a\n\nNo skin off my back, and maybe the partial was causing trouble in a way that the lambda wouldn\u0027t, but thought it\u0027s worth mentioning since it was done with FIPS in mind.","commit_id":"118cf2ba8af97dbbd78271126e22cb80f18f9adc"}],"swift/common/utils.py":[{"author":{"_account_id":34120,"name":"Andre Aranha","display_name":"afariasa","email":"afariasa@redhat.com","username":"afariasa"},"change_message_id":"b2097bdd3604adc38e753163bf4b431edbccf2b8","unresolved":true,"context_lines":[{"line_number":282,"context_line":"    pass"},{"line_number":283,"context_line":""},{"line_number":284,"context_line":""},{"line_number":285,"context_line":"def get_hmac(request_method, path, expires, key, digest\u003d\"sha1\","},{"line_number":286,"context_line":"             ip_range\u003dNone):"},{"line_number":287,"context_line":"    \"\"\""},{"line_number":288,"context_line":"    Returns the hexdigest string of the HMAC (see RFC 2104) for"}],"source_content_type":"text/x-python","patch_set":13,"id":"006de0cb_3a028d09","line":285,"updated":"2022-05-13 12:39:00.000000000","message":"Should we default this parameter to a deprecated digest? Is it due to swift tools?","commit_id":"118cf2ba8af97dbbd78271126e22cb80f18f9adc"},{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"3ef9e8d8ac7291d043eb3cf1a4aa3b77a50e6503","unresolved":true,"context_lines":[{"line_number":282,"context_line":"    pass"},{"line_number":283,"context_line":""},{"line_number":284,"context_line":""},{"line_number":285,"context_line":"def get_hmac(request_method, path, expires, key, digest\u003d\"sha1\","},{"line_number":286,"context_line":"             ip_range\u003dNone):"},{"line_number":287,"context_line":"    \"\"\""},{"line_number":288,"context_line":"    Returns the hexdigest string of the HMAC (see RFC 2104) for"}],"source_content_type":"text/x-python","patch_set":13,"id":"4d2b11ff_29f11d52","line":285,"in_reply_to":"006de0cb_3a028d09","updated":"2022-05-17 07:39:06.000000000","message":"My guess would be backwards compatibility. Both for legecy 3rd party and upstream,. It\u0027s hard to support legacy tools out there that we don\u0027t even know exist. But also for upgrades, when you\u0027re upgrading a legecy cluster that has many nodes you will tend at somepoint to have a mix of nodes. Older ones are probably not sending the digest at all and assuming sha1.\n\nI hope we start to explictly start using a better digest with all new swift nodes (and defaults). Then maybe in a release or 2 we can deprecate it completely and change this to something more reasonable.\n\nHmm, The get hmac method is also used in the proxy in particular admin requests. I don\u0027t see it providing the digest to use, so looks like that can be another patch to make that start using something better too!","commit_id":"118cf2ba8af97dbbd78271126e22cb80f18f9adc"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"d03b59be2f4a772b2509e596c65d2ed604edb1ad","unresolved":true,"context_lines":[{"line_number":321,"context_line":"        for fmt, part in zip(formats, parts))"},{"line_number":322,"context_line":""},{"line_number":323,"context_line":"    if six.PY2 and isinstance(digest, six.string_types):"},{"line_number":324,"context_line":"        digest \u003d getattr(hashlib, digest)"},{"line_number":325,"context_line":""},{"line_number":326,"context_line":"    return hmac.new(key, message, digest).hexdigest()"},{"line_number":327,"context_line":""}],"source_content_type":"text/x-python","patch_set":13,"id":"ef29a772_bfd68a22","line":324,"updated":"2022-05-27 05:27:13.000000000","message":"OIC, we moved the getattr() here. But what\u0027s this about py2? Why\u0027s py3 exempted?","commit_id":"118cf2ba8af97dbbd78271126e22cb80f18f9adc"},{"author":{"_account_id":6968,"name":"Christian Schwede","email":"cschwede@redhat.com","username":"cschwede"},"change_message_id":"5e03bac3fd14bf81ca6407cb901e68cd600ad4e2","unresolved":true,"context_lines":[{"line_number":321,"context_line":"        for fmt, part in zip(formats, parts))"},{"line_number":322,"context_line":""},{"line_number":323,"context_line":"    if six.PY2 and isinstance(digest, six.string_types):"},{"line_number":324,"context_line":"        digest \u003d getattr(hashlib, digest)"},{"line_number":325,"context_line":""},{"line_number":326,"context_line":"    return hmac.new(key, message, digest).hexdigest()"},{"line_number":327,"context_line":""}],"source_content_type":"text/x-python","patch_set":13,"id":"f4f79868_140b6d1d","line":324,"in_reply_to":"ef29a772_bfd68a22","updated":"2022-05-27 09:59:12.000000000","message":"I stumbled upon this as well - hmac.new() in py2 requires a constructor or module as digest arg, in py3 it can be just the algo name (but it could still be the module as well).","commit_id":"118cf2ba8af97dbbd78271126e22cb80f18f9adc"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"dbb2f0afbd735f1fda04ad674f194bc321cd7e4d","unresolved":true,"context_lines":[{"line_number":321,"context_line":"        for fmt, part in zip(formats, parts))"},{"line_number":322,"context_line":""},{"line_number":323,"context_line":"    if six.PY2 and isinstance(digest, six.string_types):"},{"line_number":324,"context_line":"        digest \u003d getattr(hashlib, digest)"},{"line_number":325,"context_line":""},{"line_number":326,"context_line":"    return hmac.new(key, message, digest).hexdigest()"},{"line_number":327,"context_line":""}],"source_content_type":"text/x-python","patch_set":13,"id":"d48c3bf2_2e09335c","line":324,"in_reply_to":"f4f79868_140b6d1d","updated":"2022-05-31 19:14:09.000000000","message":"Tested on centos8s in FIPS mode, with both Python 2.7.18 and 3.6.8 -- this seems to work fine.\n\n(Curiously, I wasn\u0027t able to reproduce the trouble with functools that spurred me to write https://github.com/openstack/swift/commit/471a559a, but that\u0027s neither here nor there.)","commit_id":"118cf2ba8af97dbbd78271126e22cb80f18f9adc"}],"test/unit/common/middleware/test_tempurl.py":[{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"e9731615a26be093989a3e8127bbdefb1c605a48","unresolved":true,"context_lines":[{"line_number":158,"context_line":"        key \u003d b\u0027abc\u0027"},{"line_number":159,"context_line":"        hmac_body \u003d (\u0027%s\\n%i\\n%s\u0027 % (method, expires, path)).encode(\u0027utf-8\u0027)"},{"line_number":160,"context_line":"        sig \u003d hmac.new(key, hmac_body, hashlib.sha1).hexdigest()"},{"line_number":161,"context_line":"        self.assert_valid_sig(expires, path, [key], sig)"},{"line_number":162,"context_line":""},{"line_number":163,"context_line":"        sig \u003d hmac.new(key, hmac_body, hashlib.sha256).hexdigest()"},{"line_number":164,"context_line":"        self.assert_valid_sig(expires, path, [key], sig)"}],"source_content_type":"text/x-python","patch_set":7,"id":"55318f1b_2305f25c","side":"PARENT","line":161,"updated":"2022-03-10 12:16:45.000000000","message":"we should retain some test that verifies sha1 works while it is still supported","commit_id":"3ff3076ce6648937993e90334b7a9f532b06806c"},{"author":{"_account_id":597,"name":"Pete Zaitcev","email":"zaitcev@kotori.zaitcev.us","username":"zaitcev"},"change_message_id":"56bdd7ea2ce394e6fbf41e57933099c775926bd3","unresolved":false,"context_lines":[{"line_number":158,"context_line":"        key \u003d b\u0027abc\u0027"},{"line_number":159,"context_line":"        hmac_body \u003d (\u0027%s\\n%i\\n%s\u0027 % (method, expires, path)).encode(\u0027utf-8\u0027)"},{"line_number":160,"context_line":"        sig \u003d hmac.new(key, hmac_body, hashlib.sha1).hexdigest()"},{"line_number":161,"context_line":"        self.assert_valid_sig(expires, path, [key], sig)"},{"line_number":162,"context_line":""},{"line_number":163,"context_line":"        sig \u003d hmac.new(key, hmac_body, hashlib.sha256).hexdigest()"},{"line_number":164,"context_line":"        self.assert_valid_sig(expires, path, [key], sig)"}],"source_content_type":"text/x-python","patch_set":7,"id":"54b1e0e4_9f93431e","side":"PARENT","line":161,"in_reply_to":"55318f1b_2305f25c","updated":"2022-03-24 04:39:37.000000000","message":"Done","commit_id":"3ff3076ce6648937993e90334b7a9f532b06806c"},{"author":{"_account_id":34120,"name":"Andre Aranha","display_name":"afariasa","email":"afariasa@redhat.com","username":"afariasa"},"change_message_id":"b60873d40f7fc671468f6d93604e4c36857598b0","unresolved":true,"context_lines":[{"line_number":183,"context_line":"        key1 \u003d b\u0027abc123\u0027"},{"line_number":184,"context_line":"        key2 \u003d b\u0027def456\u0027"},{"line_number":185,"context_line":"        hmac_body \u003d (\u0027%s\\n%i\\n%s\u0027 % (method, expires, path)).encode(\u0027utf-8\u0027)"},{"line_number":186,"context_line":"        sig1 \u003d hmac.new(key1, hmac_body, hashlib.sha256).hexdigest()"},{"line_number":187,"context_line":"        sig2 \u003d hmac.new(key2, hmac_body, hashlib.sha256).hexdigest()"},{"line_number":188,"context_line":"        for sig in (sig1, sig2):"},{"line_number":189,"context_line":"            self.assert_valid_sig(expires, path, [key1, key2], sig)"}],"source_content_type":"text/x-python","patch_set":13,"id":"58cd0ca7_b2fd7901","line":186,"updated":"2022-05-13 12:56:13.000000000","message":"I\u0027m not sure if this suggestion is better to go on another patch, so you may ignore it.\nWe are changing the \u0027hashlib.sha1\u0027 in a lot of places, shouldn\u0027t we save it in a variable and just call that variable? In that case, if we need to change this again, we only need to change in one place.","commit_id":"118cf2ba8af97dbbd78271126e22cb80f18f9adc"},{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"3ef9e8d8ac7291d043eb3cf1a4aa3b77a50e6503","unresolved":true,"context_lines":[{"line_number":183,"context_line":"        key1 \u003d b\u0027abc123\u0027"},{"line_number":184,"context_line":"        key2 \u003d b\u0027def456\u0027"},{"line_number":185,"context_line":"        hmac_body \u003d (\u0027%s\\n%i\\n%s\u0027 % (method, expires, path)).encode(\u0027utf-8\u0027)"},{"line_number":186,"context_line":"        sig1 \u003d hmac.new(key1, hmac_body, hashlib.sha256).hexdigest()"},{"line_number":187,"context_line":"        sig2 \u003d hmac.new(key2, hmac_body, hashlib.sha256).hexdigest()"},{"line_number":188,"context_line":"        for sig in (sig1, sig2):"},{"line_number":189,"context_line":"            self.assert_valid_sig(expires, path, [key1, key2], sig)"}],"source_content_type":"text/x-python","patch_set":13,"id":"330fb26b_ecc3f3f3","line":186,"in_reply_to":"58cd0ca7_b2fd7901","updated":"2022-05-17 07:39:06.000000000","message":"Great suggestion! Adding the variable to the base tempurl unittest class as an instance variable would be a great improvement!\nIf it was in the main code I\u0027d totally block (-1) on that, in the test code it\u0027s not so bad. We want to test a known expected thing so being specific in alot of these cases help prove that it works.\n\nAnother thing to note, is here we are mostly using the hashlib.\u003cdigest\u003e methods because thats what python2 needs, this allows us to backport.\nGoing forward we\u0027ll be py3 only which means we can use the digest name as a string directly to hmac, so I wonder if we\u0027d end up changing all this again soon anyway. That\u0027ll be a string so definitely should be a varaible.","commit_id":"118cf2ba8af97dbbd78271126e22cb80f18f9adc"}]}