)]}'
{"tempest/config.py":[{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"81f90fd55d934df171986459312d6aa9e8bec17d","unresolved":false,"context_lines":[{"line_number":106,"context_line":"                    \"admin_project_name (Keystone V3). May be different from \""},{"line_number":107,"context_line":"                    \"admin_user_domain_name and admin_domain_name\"),"},{"line_number":108,"context_line":"    cfg.BoolOpt(\u0027admin_system\u0027,"},{"line_number":109,"context_line":"                default\u003dFalse,"},{"line_number":110,"context_line":"                help\u003d\"Whether the admin user has an admin role assignment on \""},{"line_number":111,"context_line":"                     \"the system, as opposed to on a domain or an admin \""},{"line_number":112,"context_line":"                     \"project. This must be set to true if using the \""}],"source_content_type":"text/x-python","patch_set":4,"id":"bf51134e_40698989","line":109,"range":{"start_line":109,"start_character":16,"end_line":109,"end_character":30},"updated":"2020-07-01 14:21:20.000000000","message":"I wonder if we should use `all` here?\n\nIf/when we get to the point where we break the system authorization target into services, we won\u0027t have to convert from a boolean to a string.","commit_id":"c356408cfaae050e621ea9d8add6630533efef6f"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"109214c26d721ee3eddee08fe03249c0221edb36","unresolved":false,"context_lines":[{"line_number":106,"context_line":"                    \"admin_project_name (Keystone V3). May be different from \""},{"line_number":107,"context_line":"                    \"admin_user_domain_name and admin_domain_name\"),"},{"line_number":108,"context_line":"    cfg.BoolOpt(\u0027admin_system\u0027,"},{"line_number":109,"context_line":"                default\u003dFalse,"},{"line_number":110,"context_line":"                help\u003d\"Whether the admin user has an admin role assignment on \""},{"line_number":111,"context_line":"                     \"the system, as opposed to on a domain or an admin \""},{"line_number":112,"context_line":"                     \"project. This must be set to true if using the \""}],"source_content_type":"text/x-python","patch_set":4,"id":"bf51134e_e3e084fb","line":109,"range":{"start_line":109,"start_character":16,"end_line":109,"end_character":30},"in_reply_to":"bf51134e_40698989","updated":"2020-07-03 17:45:47.000000000","message":"Done","commit_id":"c356408cfaae050e621ea9d8add6630533efef6f"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"2a6d9449fe6b08304403ee970d43d7e35f0fc802","unresolved":true,"context_lines":[{"line_number":103,"context_line":"               help\u003d\"Domain name that contains the project given by \""},{"line_number":104,"context_line":"                    \"admin_project_name (Keystone V3). May be different from \""},{"line_number":105,"context_line":"                    \"admin_user_domain_name and admin_domain_name\"),"},{"line_number":106,"context_line":"    cfg.StrOpt(\u0027admin_system\u0027,"},{"line_number":107,"context_line":"               default\u003dNone,"},{"line_number":108,"context_line":"               help\u003d\"The system scope on which an admin user has an admin \""},{"line_number":109,"context_line":"                    \"role assignment, if any. Valid values are \u0027all\u0027 or None. \""},{"line_number":110,"context_line":"                    \"This must be set to \u0027all\u0027 if using the \""},{"line_number":111,"context_line":"                    \"[oslo_policy]/enforce_scope\u003dtrue option for the \""},{"line_number":112,"context_line":"                    \"identity service.\"),"},{"line_number":113,"context_line":"]"},{"line_number":114,"context_line":""},{"line_number":115,"context_line":"identity_group \u003d cfg.OptGroup(name\u003d\u0027identity\u0027,"}],"source_content_type":"text/x-python","patch_set":10,"id":"b815202b_9a40ec4e","line":112,"range":{"start_line":106,"start_character":0,"end_line":112,"end_character":41},"updated":"2021-01-19 22:49:31.000000000","message":"so this is only used when dynamic credential prepare the admin service clients for creating the test user/projects right? what happen if the admin token is not scoped to system (mean this config option is None) and test try to create the system scoped user ?\n\nIn my testing patch, it pass without any issue- https://review.opendev.org/c/openstack/devstack/+/614486/11//COMMIT_MSG#18","commit_id":"cd0bbbdad37a31248d479ef78df948da0a1e850e"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"6199a62ae66eb26920d9ad6f3756206135b99936","unresolved":true,"context_lines":[{"line_number":103,"context_line":"               help\u003d\"Domain name that contains the project given by \""},{"line_number":104,"context_line":"                    \"admin_project_name (Keystone V3). May be different from \""},{"line_number":105,"context_line":"                    \"admin_user_domain_name and admin_domain_name\"),"},{"line_number":106,"context_line":"    cfg.StrOpt(\u0027admin_system\u0027,"},{"line_number":107,"context_line":"               default\u003dNone,"},{"line_number":108,"context_line":"               help\u003d\"The system scope on which an admin user has an admin \""},{"line_number":109,"context_line":"                    \"role assignment, if any. Valid values are \u0027all\u0027 or None. \""},{"line_number":110,"context_line":"                    \"This must be set to \u0027all\u0027 if using the \""},{"line_number":111,"context_line":"                    \"[oslo_policy]/enforce_scope\u003dtrue option for the \""},{"line_number":112,"context_line":"                    \"identity service.\"),"},{"line_number":113,"context_line":"]"},{"line_number":114,"context_line":""},{"line_number":115,"context_line":"identity_group \u003d cfg.OptGroup(name\u003d\u0027identity\u0027,"}],"source_content_type":"text/x-python","patch_set":10,"id":"dca9c3be_3eb600c0","line":112,"range":{"start_line":106,"start_character":0,"end_line":112,"end_character":41},"in_reply_to":"b815202b_9a40ec4e","updated":"2021-01-19 23:05:27.000000000","message":"Yes this is only for dynamically creating other credentials, it doesn\u0027t anything about how the tests will run. It\u0027s the same as the admin_project_name option above, it\u0027s just the credentials of a preexisting admin user that has the ability to create other users. The purpose is to be able to run on a cloud where the admin user that tempest is configured to use only has a system-scoped role assignment and not a project-scoped role assignment. Tests could still create dynamic users that have project-scoped role assignments.\n\nHere\u0027s an example of how it\u0027s used in the keystone tests: https://opendev.org/openstack/keystone/src/branch/master/devstack/lib/scope.sh#L22-L26\n\nenforce_scope is turned on in oslo_policy, the admin credentials are set to system scope and the project name is unset so that the user can only used the system-scoped credentials.","commit_id":"cd0bbbdad37a31248d479ef78df948da0a1e850e"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"c195b3f96aa352ddcc92c5b004e2c0bbf0bb3d98","unresolved":false,"context_lines":[{"line_number":103,"context_line":"               help\u003d\"Domain name that contains the project given by \""},{"line_number":104,"context_line":"                    \"admin_project_name (Keystone V3). May be different from \""},{"line_number":105,"context_line":"                    \"admin_user_domain_name and admin_domain_name\"),"},{"line_number":106,"context_line":"    cfg.StrOpt(\u0027admin_system\u0027,"},{"line_number":107,"context_line":"               default\u003dNone,"},{"line_number":108,"context_line":"               help\u003d\"The system scope on which an admin user has an admin \""},{"line_number":109,"context_line":"                    \"role assignment, if any. Valid values are \u0027all\u0027 or None. \""},{"line_number":110,"context_line":"                    \"This must be set to \u0027all\u0027 if using the \""},{"line_number":111,"context_line":"                    \"[oslo_policy]/enforce_scope\u003dtrue option for the \""},{"line_number":112,"context_line":"                    \"identity service.\"),"},{"line_number":113,"context_line":"]"},{"line_number":114,"context_line":""},{"line_number":115,"context_line":"identity_group \u003d cfg.OptGroup(name\u003d\u0027identity\u0027,"}],"source_content_type":"text/x-python","patch_set":10,"id":"57f4d0d7_24abdd27","line":112,"range":{"start_line":106,"start_character":0,"end_line":112,"end_character":41},"in_reply_to":"dca9c3be_3eb600c0","updated":"2021-01-19 23:14:15.000000000","message":"ah got it, thanks for clarification. this use case I did not consider \u0027 cloud where the admin user that tempest is configured to use only has a system-scoped role assignment\u0027","commit_id":"cd0bbbdad37a31248d479ef78df948da0a1e850e"}],"tempest/lib/auth.py":[{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"81f90fd55d934df171986459312d6aa9e8bec17d","unresolved":false,"context_lines":[{"line_number":466,"context_line":"                domain_name\u003dself.credentials.domain_name)"},{"line_number":467,"context_line":""},{"line_number":468,"context_line":"        if self.scope \u003d\u003d \u0027system\u0027:"},{"line_number":469,"context_line":"            auth_params.update(system\u003dTrue)"},{"line_number":470,"context_line":""},{"line_number":471,"context_line":"        return auth_params"},{"line_number":472,"context_line":""}],"source_content_type":"text/x-python","patch_set":4,"id":"bf51134e_c012b909","line":469,"range":{"start_line":469,"start_character":12,"end_line":469,"end_character":43},"updated":"2020-07-01 14:21:20.000000000","message":"Same comment here.\n\nI wonder if we should use `all`?","commit_id":"c356408cfaae050e621ea9d8add6630533efef6f"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"109214c26d721ee3eddee08fe03249c0221edb36","unresolved":false,"context_lines":[{"line_number":466,"context_line":"                domain_name\u003dself.credentials.domain_name)"},{"line_number":467,"context_line":""},{"line_number":468,"context_line":"        if self.scope \u003d\u003d \u0027system\u0027:"},{"line_number":469,"context_line":"            auth_params.update(system\u003dTrue)"},{"line_number":470,"context_line":""},{"line_number":471,"context_line":"        return auth_params"},{"line_number":472,"context_line":""}],"source_content_type":"text/x-python","patch_set":4,"id":"bf51134e_23eb9cdc","line":469,"range":{"start_line":469,"start_character":12,"end_line":469,"end_character":43},"in_reply_to":"bf51134e_c012b909","updated":"2020-07-03 17:45:47.000000000","message":"Done","commit_id":"c356408cfaae050e621ea9d8add6630533efef6f"}],"tempest/lib/common/cred_client.py":[{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"c26cca0d9f535c68098cd654fefec6f07f9eb1bf","unresolved":false,"context_lines":[{"line_number":82,"context_line":"            LOG.debug(\"Role %s already assigned on project %s for user %s\","},{"line_number":83,"context_line":"                      role[\u0027id\u0027], project[\u0027id\u0027], user[\u0027id\u0027])"},{"line_number":84,"context_line":""},{"line_number":85,"context_line":"    @abc.abstractmethod"},{"line_number":86,"context_line":"    def get_credentials(self, user, project, password):"},{"line_number":87,"context_line":"        \"\"\"Produces a Credentials object from the details provided"},{"line_number":88,"context_line":""},{"line_number":89,"context_line":"        :param user: a user dict"}],"source_content_type":"text/x-python","patch_set":5,"id":"bf51134e_e2583a32","line":86,"range":{"start_line":85,"start_character":0,"end_line":86,"end_character":55},"updated":"2020-07-08 21:34:41.000000000","message":"you need to change the function signature in this abstract method also","commit_id":"76e4b398cb4aa8f0e173dd7c5f21f7fdb6ab9b3b"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"c26cca0d9f535c68098cd654fefec6f07f9eb1bf","unresolved":false,"context_lines":[{"line_number":116,"context_line":"    def delete_project(self, project_id):"},{"line_number":117,"context_line":"        self.projects_client.delete_tenant(project_id)"},{"line_number":118,"context_line":""},{"line_number":119,"context_line":"    def get_credentials(self, user, project, password):"},{"line_number":120,"context_line":"        # User and project already include both ID and name here,"},{"line_number":121,"context_line":"        # so there\u0027s no need to use the fill_in mode"},{"line_number":122,"context_line":"        return auth.get_credentials("}],"source_content_type":"text/x-python","patch_set":5,"id":"bf51134e_42412639","line":119,"range":{"start_line":119,"start_character":8,"end_line":119,"end_character":55},"updated":"2020-07-08 21:34:41.000000000","message":"ditto","commit_id":"76e4b398cb4aa8f0e173dd7c5f21f7fdb6ab9b3b"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"bc8400f6006fb1f9f173ec092a7f1a49054f848f","unresolved":false,"context_lines":[{"line_number":156,"context_line":"    def delete_project(self, project_id):"},{"line_number":157,"context_line":"        self.projects_client.delete_project(project_id)"},{"line_number":158,"context_line":""},{"line_number":159,"context_line":"    def get_credentials("},{"line_number":160,"context_line":"            self, user, project, password, domain\u003dNone, system\u003dNone):"},{"line_number":161,"context_line":"        # User, project and domain already include both ID and name here,"},{"line_number":162,"context_line":"        # so there\u0027s no need to use the fill_in mode."}],"source_content_type":"text/x-python","patch_set":5,"id":"bf51134e_bc7949fd","line":159,"range":{"start_line":159,"start_character":23,"end_line":159,"end_character":24},"updated":"2020-07-08 20:06:18.000000000","message":"it will be good to write test for this also like we None the project_name/id and pass the system.","commit_id":"76e4b398cb4aa8f0e173dd7c5f21f7fdb6ab9b3b"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"97cad6d19bbf3e7dc288fbe39799936fd66774ec","unresolved":false,"context_lines":[{"line_number":156,"context_line":"    def delete_project(self, project_id):"},{"line_number":157,"context_line":"        self.projects_client.delete_project(project_id)"},{"line_number":158,"context_line":""},{"line_number":159,"context_line":"    def get_credentials("},{"line_number":160,"context_line":"            self, user, project, password, domain\u003dNone, system\u003dNone):"},{"line_number":161,"context_line":"        # User, project and domain already include both ID and name here,"},{"line_number":162,"context_line":"        # so there\u0027s no need to use the fill_in mode."}],"source_content_type":"text/x-python","patch_set":5,"id":"9f560f44_827264af","line":159,"range":{"start_line":159,"start_character":23,"end_line":159,"end_character":24},"in_reply_to":"9f560f44_f815d24d","updated":"2020-10-01 20:51:12.000000000","message":"Done","commit_id":"76e4b398cb4aa8f0e173dd7c5f21f7fdb6ab9b3b"},{"author":{"_account_id":22873,"name":"Martin Kopec","email":"mkopec@redhat.com","username":"mkopec"},"change_message_id":"172d47d143e6f8fe7c2f66fa617ee94168e4e3e2","unresolved":false,"context_lines":[{"line_number":156,"context_line":"    def delete_project(self, project_id):"},{"line_number":157,"context_line":"        self.projects_client.delete_project(project_id)"},{"line_number":158,"context_line":""},{"line_number":159,"context_line":"    def get_credentials("},{"line_number":160,"context_line":"            self, user, project, password, domain\u003dNone, system\u003dNone):"},{"line_number":161,"context_line":"        # User, project and domain already include both ID and name here,"},{"line_number":162,"context_line":"        # so there\u0027s no need to use the fill_in mode."}],"source_content_type":"text/x-python","patch_set":5,"id":"9f560f44_f815d24d","line":159,"range":{"start_line":159,"start_character":23,"end_line":159,"end_character":24},"in_reply_to":"bf51134e_04a37eb3","updated":"2020-10-01 18:38:03.000000000","message":"yeah, this method doesn\u0027t have a unit test yet, but maybe you could add a simple one? just to check the method returns domain creds when domain is set and etc .. - https://opendev.org/openstack/tempest/src/commit/ccd164694e6208ce42d9ad96f019114a458b522a/tempest/tests/lib/common/test_cred_client.py","commit_id":"76e4b398cb4aa8f0e173dd7c5f21f7fdb6ab9b3b"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"8ae7750fb2d6536cc949b97d59bb51d9b249dadd","unresolved":false,"context_lines":[{"line_number":156,"context_line":"    def delete_project(self, project_id):"},{"line_number":157,"context_line":"        self.projects_client.delete_project(project_id)"},{"line_number":158,"context_line":""},{"line_number":159,"context_line":"    def get_credentials("},{"line_number":160,"context_line":"            self, user, project, password, domain\u003dNone, system\u003dNone):"},{"line_number":161,"context_line":"        # User, project and domain already include both ID and name here,"},{"line_number":162,"context_line":"        # so there\u0027s no need to use the fill_in mode."}],"source_content_type":"text/x-python","patch_set":5,"id":"bf51134e_04a37eb3","line":159,"range":{"start_line":159,"start_character":23,"end_line":159,"end_character":24},"in_reply_to":"bf51134e_bc7949fd","updated":"2020-07-13 22:25:02.000000000","message":"where? I don\u0027t see the current test for this","commit_id":"76e4b398cb4aa8f0e173dd7c5f21f7fdb6ab9b3b"},{"author":{"_account_id":22873,"name":"Martin Kopec","email":"mkopec@redhat.com","username":"mkopec"},"change_message_id":"172d47d143e6f8fe7c2f66fa617ee94168e4e3e2","unresolved":false,"context_lines":[{"line_number":84,"context_line":""},{"line_number":85,"context_line":"    @abc.abstractmethod"},{"line_number":86,"context_line":"    def get_credentials("},{"line_number":87,"context_line":"            self, user, project, password, domain\u003dNone, system\u003dNone):"},{"line_number":88,"context_line":"        \"\"\"Produces a Credentials object from the details provided"},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"        :param user: a user dict"}],"source_content_type":"text/x-python","patch_set":7,"id":"9f560f44_2271dda9","line":87,"range":{"start_line":87,"start_character":43,"end_line":87,"end_character":67},"updated":"2020-10-01 18:38:03.000000000","message":"could you please mention these new arguments in the docstring below? similarly like user, project and password arguments are","commit_id":"91bf5d6a6820ae8071253df5bb2485c9db16ecc3"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"97cad6d19bbf3e7dc288fbe39799936fd66774ec","unresolved":false,"context_lines":[{"line_number":84,"context_line":""},{"line_number":85,"context_line":"    @abc.abstractmethod"},{"line_number":86,"context_line":"    def get_credentials("},{"line_number":87,"context_line":"            self, user, project, password, domain\u003dNone, system\u003dNone):"},{"line_number":88,"context_line":"        \"\"\"Produces a Credentials object from the details provided"},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"        :param user: a user dict"}],"source_content_type":"text/x-python","patch_set":7,"id":"9f560f44_026654ef","line":87,"range":{"start_line":87,"start_character":43,"end_line":87,"end_character":67},"in_reply_to":"9f560f44_2271dda9","updated":"2020-10-01 20:51:12.000000000","message":"Done","commit_id":"91bf5d6a6820ae8071253df5bb2485c9db16ecc3"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"f7ce9743ffa5d08776befe00595907da45f845e5","unresolved":false,"context_lines":[{"line_number":84,"context_line":""},{"line_number":85,"context_line":"    @abc.abstractmethod"},{"line_number":86,"context_line":"    def get_credentials("},{"line_number":87,"context_line":"            self, user, project, password, domain\u003dNone, system\u003dNone):"},{"line_number":88,"context_line":"        \"\"\"Produces a Credentials object from the details provided"},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"        :param user: a user dict"}],"source_content_type":"text/x-python","patch_set":8,"id":"1f621f24_b80d3639","line":87,"range":{"start_line":87,"start_character":24,"end_line":87,"end_character":31},"updated":"2020-10-29 18:39:01.000000000","message":"Are we allowed to change the method signature so this is optional?","commit_id":"13219f6dc930ceb8306c51a7daa9d454d9c47ecb"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"41a319a02fed3136041d228c547ee0cc12bdbc5f","unresolved":false,"context_lines":[{"line_number":84,"context_line":""},{"line_number":85,"context_line":"    @abc.abstractmethod"},{"line_number":86,"context_line":"    def get_credentials("},{"line_number":87,"context_line":"            self, user, project, password, domain\u003dNone, system\u003dNone):"},{"line_number":88,"context_line":"        \"\"\"Produces a Credentials object from the details provided"},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"        :param user: a user dict"}],"source_content_type":"text/x-python","patch_set":8,"id":"1f621f24_f32071b3","line":87,"range":{"start_line":87,"start_character":24,"end_line":87,"end_character":31},"in_reply_to":"1f621f24_b80d3639","updated":"2020-10-29 21:19:24.000000000","message":"I am not sure what kind of contract this module has with its users but I assumed that changing the interface in a backwards incompatible way would not be allowed.","commit_id":"13219f6dc930ceb8306c51a7daa9d454d9c47ecb"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"cdb75c8f9f7a66398b18785c6cde0fe3b1838ddb","unresolved":false,"context_lines":[{"line_number":84,"context_line":""},{"line_number":85,"context_line":"    @abc.abstractmethod"},{"line_number":86,"context_line":"    def get_credentials("},{"line_number":87,"context_line":"            self, user, project, password, domain\u003dNone, system\u003dNone):"},{"line_number":88,"context_line":"        \"\"\"Produces a Credentials object from the details provided"},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"        :param user: a user dict"}],"source_content_type":"text/x-python","patch_set":8,"id":"1f621f24_3dbbc1e2","line":87,"range":{"start_line":87,"start_character":24,"end_line":87,"end_character":31},"in_reply_to":"1f621f24_f32071b3","updated":"2020-10-31 18:01:44.000000000","message":"this is an internal interface for tempest and not supposed to be used directly outside of tempest but we have many tempest plugins which does not follow these policies so adding in a compatible way is a much safe option.","commit_id":"13219f6dc930ceb8306c51a7daa9d454d9c47ecb"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"0be25b8f9710313a27a375b0ed4717f67a977491","unresolved":false,"context_lines":[{"line_number":88,"context_line":"        \"\"\"Produces a Credentials object from the details provided"},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"        :param user: a user dict"},{"line_number":91,"context_line":"        :param project: a project dict or None if using domain or system scope"},{"line_number":92,"context_line":"        :param password: the password as a string"},{"line_number":93,"context_line":"        :param domain: a domain dict"},{"line_number":94,"context_line":"        :param system: a system dict"}],"source_content_type":"text/x-python","patch_set":9,"id":"1f621f24_be7be6bb","line":91,"range":{"start_line":91,"start_character":8,"end_line":91,"end_character":78},"updated":"2020-11-09 18:44:57.000000000","message":"the user still has a project even if they are domain or system users right. becasue fi not that problematic for services nova assumes all user have a project and much of our code relies on that. nova also has no real understanding of domain at the api level.","commit_id":"5c0af10d1d11f9bc9883d46913bead5f642b951c"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"a02d72d757660ec7f4cc0d90c49e690ad6112bc3","unresolved":false,"context_lines":[{"line_number":88,"context_line":"        \"\"\"Produces a Credentials object from the details provided"},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"        :param user: a user dict"},{"line_number":91,"context_line":"        :param project: a project dict or None if using domain or system scope"},{"line_number":92,"context_line":"        :param password: the password as a string"},{"line_number":93,"context_line":"        :param domain: a domain dict"},{"line_number":94,"context_line":"        :param system: a system dict"}],"source_content_type":"text/x-python","patch_set":9,"id":"1f621f24_c04021a8","line":91,"range":{"start_line":91,"start_character":8,"end_line":91,"end_character":78},"in_reply_to":"1f621f24_7d9d7eba","updated":"2020-11-17 14:57:10.000000000","message":"right so that means that domain scoped users are not usable with nova today.\n\nfundemetally all servers created by nova are owned by a project not the user. so user that only have a domain cannot interact with nova. \n\ni discussed this breifly with lance and we might be able to add some middel ware layer wehre we woudl pretend a domain scoped user is a memebr of all projects in that domain for some actions but booting a vm would still require them to actully be a memebr of a proejct.\n\ndomain today basically only exist in keystone as far as i am aware. i could be wrong but i dont kwno fo any service outside of keystoen tant use the user as the owner of resouce exclusively that would enabel a user to interact with that service without also being a member of a proejct.\n\nif we want to support that it has large impacts on our exiting apis and implemenation. things as simple as the request tracing with print the request id project and user will break.","commit_id":"5c0af10d1d11f9bc9883d46913bead5f642b951c"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"67134876eb6874e1b636c639906b5acebd1f8dcc","unresolved":false,"context_lines":[{"line_number":88,"context_line":"        \"\"\"Produces a Credentials object from the details provided"},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"        :param user: a user dict"},{"line_number":91,"context_line":"        :param project: a project dict or None if using domain or system scope"},{"line_number":92,"context_line":"        :param password: the password as a string"},{"line_number":93,"context_line":"        :param domain: a domain dict"},{"line_number":94,"context_line":"        :param system: a system dict"}],"source_content_type":"text/x-python","patch_set":9,"id":"1f621f24_7d9d7eba","line":91,"range":{"start_line":91,"start_character":8,"end_line":91,"end_character":78},"in_reply_to":"1f621f24_be7be6bb","updated":"2020-11-16 23:26:09.000000000","message":"No, they do not have a project if they are using domain or system scope. That is the whole point.","commit_id":"5c0af10d1d11f9bc9883d46913bead5f642b951c"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"7362662bbc2532bf8092c1201d75d0334a8c1660","unresolved":false,"context_lines":[{"line_number":88,"context_line":"        \"\"\"Produces a Credentials object from the details provided"},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"        :param user: a user dict"},{"line_number":91,"context_line":"        :param project: a project dict or None if using domain or system scope"},{"line_number":92,"context_line":"        :param password: the password as a string"},{"line_number":93,"context_line":"        :param domain: a domain dict"},{"line_number":94,"context_line":"        :param system: a system dict"}],"source_content_type":"text/x-python","patch_set":9,"id":"fffc6b78_40488ccb","line":91,"range":{"start_line":91,"start_character":8,"end_line":91,"end_character":78},"in_reply_to":"1f621f24_c04021a8","updated":"2020-11-19 18:14:23.000000000","message":"There\u0027s nothing that forces nova or any openstack project to adopt domains. Project scope will still work. We\u0027ve talked in the past about nova adopting system scope which is the real benefit of this RBAC initiative. If you don\u0027t want to use domains you don\u0027t have to.","commit_id":"5c0af10d1d11f9bc9883d46913bead5f642b951c"}],"tempest/lib/common/dynamic_creds.py":[{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"bc8400f6006fb1f9f173ec092a7f1a49054f848f","unresolved":false,"context_lines":[{"line_number":150,"context_line":"                scope \u003d \u0027domain\u0027"},{"line_number":151,"context_line":"            else:"},{"line_number":152,"context_line":"                scope \u003d \u0027project\u0027"},{"line_number":153,"context_line":"            identity_os \u003d clients.ServiceClients(self.default_admin_creds,"},{"line_number":154,"context_line":"                                                 self.identity_uri,"},{"line_number":155,"context_line":"                                                 scope\u003dscope)"},{"line_number":156,"context_line":"            return (identity_os.identity_v3.IdentityClient(**params),"},{"line_number":157,"context_line":"                    identity_os.identity_v3.ProjectsClient(**params),"},{"line_number":158,"context_line":"                    identity_os.identity_v3.UsersClient(**params),"}],"source_content_type":"text/x-python","patch_set":5,"id":"bf51134e_9c2d6597","line":155,"range":{"start_line":153,"start_character":0,"end_line":155,"end_character":61},"updated":"2020-07-08 20:06:18.000000000","message":"we are passing scope for identity clients only not networks so we are good which can be controlled via CONF.auth.admin_system.","commit_id":"76e4b398cb4aa8f0e173dd7c5f21f7fdb6ab9b3b"},{"author":{"_account_id":13861,"name":"yatin","email":"ykarel@redhat.com","username":"yatinkarel"},"change_message_id":"83821f7ccdff6a79721f8b05c477899ffddfda45","unresolved":true,"context_lines":[{"line_number":150,"context_line":"                scope \u003d \u0027domain\u0027"},{"line_number":151,"context_line":"            else:"},{"line_number":152,"context_line":"                scope \u003d \u0027project\u0027"},{"line_number":153,"context_line":"            identity_os \u003d clients.ServiceClients(self.default_admin_creds,"},{"line_number":154,"context_line":"                                                 self.identity_uri,"},{"line_number":155,"context_line":"                                                 scope\u003dscope)"},{"line_number":156,"context_line":"            return (identity_os.identity_v3.IdentityClient(**params),"}],"source_content_type":"text/x-python","patch_set":10,"id":"992bdcb4_8a97e696","line":153,"updated":"2021-01-21 13:49:11.000000000","message":"so i checked further this part has caused the issues in our job before this change it used to be project scope as identity_admin_domain_scope is False by default. but now due to other or conditions it\u0027s being changed to domain scope, is this change was intentionally done?\n\nshouldn\u0027t the condition be changed to self.identity_admin_domain_scope and (self.default_admin_creds.domain_id or\nself.default_admin_creds.domain_name) so config value be kept into consideration?","commit_id":"cd0bbbdad37a31248d479ef78df948da0a1e850e"},{"author":{"_account_id":13861,"name":"yatin","email":"ykarel@redhat.com","username":"yatinkarel"},"change_message_id":"4f96330cda11a6c82f284e31fbe38e9b826a3952","unresolved":true,"context_lines":[{"line_number":150,"context_line":"                scope \u003d \u0027domain\u0027"},{"line_number":151,"context_line":"            else:"},{"line_number":152,"context_line":"                scope \u003d \u0027project\u0027"},{"line_number":153,"context_line":"            identity_os \u003d clients.ServiceClients(self.default_admin_creds,"},{"line_number":154,"context_line":"                                                 self.identity_uri,"},{"line_number":155,"context_line":"                                                 scope\u003dscope)"},{"line_number":156,"context_line":"            return (identity_os.identity_v3.IdentityClient(**params),"}],"source_content_type":"text/x-python","patch_set":10,"id":"feea0286_6abf0c7b","line":153,"in_reply_to":"2a1f33d3_b059d6e3","updated":"2021-01-21 15:08:17.000000000","message":"Thanks for sending the patch, LGTM.","commit_id":"cd0bbbdad37a31248d479ef78df948da0a1e850e"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"3ce1ca742c8fa0e2a6def759498ffbcf42edb094","unresolved":true,"context_lines":[{"line_number":150,"context_line":"                scope \u003d \u0027domain\u0027"},{"line_number":151,"context_line":"            else:"},{"line_number":152,"context_line":"                scope \u003d \u0027project\u0027"},{"line_number":153,"context_line":"            identity_os \u003d clients.ServiceClients(self.default_admin_creds,"},{"line_number":154,"context_line":"                                                 self.identity_uri,"},{"line_number":155,"context_line":"                                                 scope\u003dscope)"},{"line_number":156,"context_line":"            return (identity_os.identity_v3.IdentityClient(**params),"}],"source_content_type":"text/x-python","patch_set":10,"id":"0c641d6b_1a772f79","line":153,"in_reply_to":"2a1f33d3_b059d6e3","updated":"2021-01-21 16:26:35.000000000","message":"yeah we should add it in \u0027and\u0027 condition. or later we can remove this config option in favor of admin_domain_name or so but need to check if it need for more decision making in auth.py","commit_id":"cd0bbbdad37a31248d479ef78df948da0a1e850e"},{"author":{"_account_id":13861,"name":"yatin","email":"ykarel@redhat.com","username":"yatinkarel"},"change_message_id":"2b941d18b03674c798e0c81d845be6521318ef4c","unresolved":true,"context_lines":[{"line_number":150,"context_line":"                scope \u003d \u0027domain\u0027"},{"line_number":151,"context_line":"            else:"},{"line_number":152,"context_line":"                scope \u003d \u0027project\u0027"},{"line_number":153,"context_line":"            identity_os \u003d clients.ServiceClients(self.default_admin_creds,"},{"line_number":154,"context_line":"                                                 self.identity_uri,"},{"line_number":155,"context_line":"                                                 scope\u003dscope)"},{"line_number":156,"context_line":"            return (identity_os.identity_v3.IdentityClient(**params),"}],"source_content_type":"text/x-python","patch_set":10,"id":"9bec21cc_32874812","line":153,"in_reply_to":"992bdcb4_8a97e696","updated":"2021-01-21 13:51:28.000000000","message":"and the reason why issue is not seen in devstack jobs is because admin role is granted to admin user on Domain scope https://github.com/openstack/devstack/blob/8e74a617df7d53732c1ef395a97479ce58122731/lib/keystone#L321 while in our jobs it\u0027s associated at project level.","commit_id":"cd0bbbdad37a31248d479ef78df948da0a1e850e"},{"author":{"_account_id":22873,"name":"Martin Kopec","email":"mkopec@redhat.com","username":"mkopec"},"change_message_id":"285ec5fa6b166669aa32211cfc130f741950abca","unresolved":true,"context_lines":[{"line_number":150,"context_line":"                scope \u003d \u0027domain\u0027"},{"line_number":151,"context_line":"            else:"},{"line_number":152,"context_line":"                scope \u003d \u0027project\u0027"},{"line_number":153,"context_line":"            identity_os \u003d clients.ServiceClients(self.default_admin_creds,"},{"line_number":154,"context_line":"                                                 self.identity_uri,"},{"line_number":155,"context_line":"                                                 scope\u003dscope)"},{"line_number":156,"context_line":"            return (identity_os.identity_v3.IdentityClient(**params),"}],"source_content_type":"text/x-python","patch_set":10,"id":"2a1f33d3_b059d6e3","line":153,"in_reply_to":"9bec21cc_32874812","updated":"2021-01-21 14:21:03.000000000","message":"yeah, seems you\u0027re right, identity_admin_domain_scope var should be the only var which decides whether domain scope will be set or not, no matter whether domain_id/domain_name are set at all.\n\nI proposed the change: https://review.opendev.org/c/openstack/tempest/+/771817","commit_id":"cd0bbbdad37a31248d479ef78df948da0a1e850e"}],"tempest/lib/services/identity/v3/token_client.py":[{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"ac46f6c77dd2c1b6f38fcb0ba662e8dc76d6d27c","unresolved":false,"context_lines":[{"line_number":138,"context_line":"        elif domain_name:"},{"line_number":139,"context_line":"            creds[\u0027auth\u0027][\u0027scope\u0027] \u003d dict(domain\u003d{\u0027name\u0027: domain_name})"},{"line_number":140,"context_line":"        elif system:"},{"line_number":141,"context_line":"            creds[\u0027auth\u0027][\u0027scope\u0027] \u003d dict(system\u003d{system: True})"},{"line_number":142,"context_line":""},{"line_number":143,"context_line":"        body \u003d json.dumps(creds, sort_keys\u003dTrue)"},{"line_number":144,"context_line":"        resp, body \u003d self.post(self.auth_url, body\u003dbody)"}],"source_content_type":"text/x-python","patch_set":5,"id":"bf51134e_cccabd4d","line":141,"range":{"start_line":141,"start_character":50,"end_line":141,"end_character":56},"updated":"2020-07-06 17:24:44.000000000","message":"is this supposed to be `all`? \n\nhttps://docs.openstack.org/api-ref/identity/v3/?expanded\u003dpassword-authentication-with-scoped-authorization-detail#authentication-and-token-management","commit_id":"76e4b398cb4aa8f0e173dd7c5f21f7fdb6ab9b3b"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"d497c86ac09ed07b098c28e49730cc6b7e5cb423","unresolved":false,"context_lines":[{"line_number":138,"context_line":"        elif domain_name:"},{"line_number":139,"context_line":"            creds[\u0027auth\u0027][\u0027scope\u0027] \u003d dict(domain\u003d{\u0027name\u0027: domain_name})"},{"line_number":140,"context_line":"        elif system:"},{"line_number":141,"context_line":"            creds[\u0027auth\u0027][\u0027scope\u0027] \u003d dict(system\u003d{system: True})"},{"line_number":142,"context_line":""},{"line_number":143,"context_line":"        body \u003d json.dumps(creds, sort_keys\u003dTrue)"},{"line_number":144,"context_line":"        resp, body \u003d self.post(self.auth_url, body\u003dbody)"}],"source_content_type":"text/x-python","patch_set":5,"id":"bf51134e_1c450044","line":141,"range":{"start_line":141,"start_character":50,"end_line":141,"end_character":56},"in_reply_to":"bf51134e_79d24e36","updated":"2020-07-06 19:31:31.000000000","message":"Oh - nevermind. Yes, this looks good.\n\nThanks for updating.","commit_id":"76e4b398cb4aa8f0e173dd7c5f21f7fdb6ab9b3b"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"d591553080139c5f9d4f06f85c9a23e25033174d","unresolved":false,"context_lines":[{"line_number":138,"context_line":"        elif domain_name:"},{"line_number":139,"context_line":"            creds[\u0027auth\u0027][\u0027scope\u0027] \u003d dict(domain\u003d{\u0027name\u0027: domain_name})"},{"line_number":140,"context_line":"        elif system:"},{"line_number":141,"context_line":"            creds[\u0027auth\u0027][\u0027scope\u0027] \u003d dict(system\u003d{system: True})"},{"line_number":142,"context_line":""},{"line_number":143,"context_line":"        body \u003d json.dumps(creds, sort_keys\u003dTrue)"},{"line_number":144,"context_line":"        resp, body \u003d self.post(self.auth_url, body\u003dbody)"}],"source_content_type":"text/x-python","patch_set":5,"id":"bf51134e_79d24e36","line":141,"range":{"start_line":141,"start_character":50,"end_line":141,"end_character":56},"in_reply_to":"bf51134e_cccabd4d","updated":"2020-07-06 19:03:16.000000000","message":"Your feedback from the last review was to use a string instead of a boolean for the admin_system option in the tempest config, so using the variable here instead of hardcoding \u0027all\u0027 opens the possibility that something other than \u0027all\u0027 could be set here. In practice this is the same as it was on the previous patchset.","commit_id":"76e4b398cb4aa8f0e173dd7c5f21f7fdb6ab9b3b"}]}