)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"afb36d3c9481d3141ecc31c2d6641003435db207","unresolved":true,"context_lines":[{"line_number":12,"context_line":"are asking for project scope now."},{"line_number":13,"context_line":"At least we don\u0027t have domain scope."},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"TODO: tests"},{"line_number":16,"context_line":"Change-Id: If7d39ac0dfbe991d835b76eb79ae978fc2fd3520"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"d5dad585_0321f069","line":15,"updated":"2021-07-28 23:01:41.000000000","message":"+1","commit_id":"9867e4b4089b027a13e66bcbaa053f403d30b90d"}],"swift/common/middleware/keystoneauth.py":[{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"afb36d3c9481d3141ecc31c2d6641003435db207","unresolved":true,"context_lines":[{"line_number":179,"context_line":"                                         dict(operator_roles\u003d[\u0027admin\u0027,"},{"line_number":180,"context_line":"                                                              \u0027swiftoperator\u0027],"},{"line_number":181,"context_line":"                                              service_roles\u003d[],"},{"line_number":182,"context_line":"                                              project_reader_roles\u003d[]))"},{"line_number":183,"context_line":"        self.reseller_admin_role \u003d conf.get(\u0027reseller_admin_role\u0027,"},{"line_number":184,"context_line":"                                            \u0027ResellerAdmin\u0027).lower()"},{"line_number":185,"context_line":"        self.system_reader_roles \u003d {role.lower() for role in list_from_csv("}],"source_content_type":"text/x-python","patch_set":1,"id":"9ec2cf2b_a98086ec","line":182,"updated":"2021-07-28 23:01:41.000000000","message":"I\u0027m a little torn about the default -- I seem to remember keystone having a \"reader\" role that\u0027s generally expected to be present and have this semantic, but OTOH this preserves existing behavior, ensuring there isn\u0027t an accidental privilege escalation.\n\nKeeping it empty seems safest.\n\n(I\u0027ve had this idea of rolling up keystoneauth and auth_token [and s3token?] kind of like how we compose the encrypter and decrypter filters into a single encryption middleware -- maybe with that sort of a transition we could get a better default, since it\u0027d have a new name. The big one I\u0027d like to fix is delay_auth_decision, though.)","commit_id":"9867e4b4089b027a13e66bcbaa053f403d30b90d"}],"test/unit/common/middleware/test_keystoneauth.py":[{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"6631f2ed9b9fc3f6c9a7a0b54bf607bfef7fb3af","unresolved":true,"context_lines":[{"line_number":1600,"context_line":"        self._check_authenticate(exception\u003dHTTP_FORBIDDEN,"},{"line_number":1601,"context_line":"                                 identity\u003didentity,"},{"line_number":1602,"context_line":"                                 env\u003d{\u0027REQUEST_METHOD\u0027: \u0027POST\u0027})"},{"line_number":1603,"context_line":""},{"line_number":1604,"context_line":""},{"line_number":1605,"context_line":"class ResellerInInfo(unittest.TestCase):"},{"line_number":1606,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"de7ecc61_4bc78142","line":1603,"updated":"2021-08-04 22:29:04.000000000","message":"No test_reader_put_to_own? WDYT about something like https://paste.opendev.org/show/807897/ ?","commit_id":"6198284839374faed6df884bc9246d72075a6b56"}]}