)]}'
{"etc/rbac-persona-accounts.yaml.sample":[{"author":{"_account_id":23186,"name":"Felipe Monteiro","email":"felipe.carneiro.monteiro@gmail.com","username":"felipe.monteiro"},"change_message_id":"923ecf6099ca41e5c1c2cbca588847f5afd70400","unresolved":false,"context_lines":[{"line_number":68,"context_line":"  password: password"},{"line_number":69,"context_line":"  system: all"},{"line_number":70,"context_line":"  username: tempest-system-reader-2"},{"line_number":71,"context_line":"  roles:"},{"line_number":72,"context_line":"    - reader"},{"line_number":73,"context_line":"- user_domain_name: Default"},{"line_number":74,"context_line":"  password: password"},{"line_number":75,"context_line":"  domain_name: tempest-test-domain"}],"source_content_type":"application/octet-stream","patch_set":9,"id":"bf51134e_b56169ab","line":72,"range":{"start_line":71,"start_character":0,"end_line":72,"end_character":12},"updated":"2020-07-24 04:47:17.000000000","message":"Missing system: all here","commit_id":"079430951c89ac8b98bcdad80f98e44773d4c6b2"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"11c34580113cf4450b1a8a403755c64b346298d2","unresolved":false,"context_lines":[{"line_number":68,"context_line":"  password: password"},{"line_number":69,"context_line":"  system: all"},{"line_number":70,"context_line":"  username: tempest-system-reader-2"},{"line_number":71,"context_line":"  roles:"},{"line_number":72,"context_line":"    - reader"},{"line_number":73,"context_line":"- user_domain_name: Default"},{"line_number":74,"context_line":"  password: password"},{"line_number":75,"context_line":"  domain_name: tempest-test-domain"}],"source_content_type":"application/octet-stream","patch_set":9,"id":"9f560f44_3192b64c","line":72,"range":{"start_line":71,"start_character":0,"end_line":72,"end_character":12},"in_reply_to":"bf51134e_b56169ab","updated":"2020-07-30 06:06:16.000000000","message":"line 69","commit_id":"079430951c89ac8b98bcdad80f98e44773d4c6b2"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"d2740d298416a45948c24aad7edc12500921ce88","unresolved":false,"context_lines":[{"line_number":16,"context_line":"  roles:"},{"line_number":17,"context_line":"    - reader"},{"line_number":18,"context_line":"  system: all"},{"line_number":19,"context_line":"- user_domain_name: Default"},{"line_number":20,"context_line":"  password: password"},{"line_number":21,"context_line":"  domain_name: tempest-test-domain"},{"line_number":22,"context_line":"  username: tempest-domain-admin-1"},{"line_number":23,"context_line":"  roles:"},{"line_number":24,"context_line":"    - admin"},{"line_number":25,"context_line":"- user_domain_name: Default"},{"line_number":26,"context_line":"  password: password"},{"line_number":27,"context_line":"  domain_name: tempest-test-domain"}],"source_content_type":"application/octet-stream","patch_set":14,"id":"1f621f24_5eb0d2dd","line":24,"range":{"start_line":19,"start_character":1,"end_line":24,"end_character":11},"updated":"2020-11-09 18:40:51.000000000","message":"what projects is this and the other domain users a members of?\n\nat least form a nova perspective all user need to be a member of a proejct for quotas to work or to be able to to interface with out apis since domains dont exist outside of keystone for the most part.\n\ne.g. i dont think nova, neutron, cinder have a concept fo a domain in there apis/implemations today.","commit_id":"88f4b2a7077de422338e86e141f49dd2f1f7ddfb"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"6aaae7f06ebd1fa93a76afa6cfd4ea9fad7355a8","unresolved":false,"context_lines":[{"line_number":16,"context_line":"  roles:"},{"line_number":17,"context_line":"    - reader"},{"line_number":18,"context_line":"  system: all"},{"line_number":19,"context_line":"- user_domain_name: Default"},{"line_number":20,"context_line":"  password: password"},{"line_number":21,"context_line":"  domain_name: tempest-test-domain"},{"line_number":22,"context_line":"  username: tempest-domain-admin-1"},{"line_number":23,"context_line":"  roles:"},{"line_number":24,"context_line":"    - admin"},{"line_number":25,"context_line":"- user_domain_name: Default"},{"line_number":26,"context_line":"  password: password"},{"line_number":27,"context_line":"  domain_name: tempest-test-domain"}],"source_content_type":"application/octet-stream","patch_set":14,"id":"fffc6b78_201e28ba","line":24,"range":{"start_line":19,"start_character":1,"end_line":24,"end_character":11},"in_reply_to":"1f621f24_432a5b7e","updated":"2020-11-19 18:16:21.000000000","message":"There\u0027s nothing forcing service projects to adopt domain users or system users. This just makes it available if and when they do.","commit_id":"88f4b2a7077de422338e86e141f49dd2f1f7ddfb"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"3e9e5692315e3f9cceec5388a6763c305d92f3c6","unresolved":false,"context_lines":[{"line_number":16,"context_line":"  roles:"},{"line_number":17,"context_line":"    - reader"},{"line_number":18,"context_line":"  system: all"},{"line_number":19,"context_line":"- user_domain_name: Default"},{"line_number":20,"context_line":"  password: password"},{"line_number":21,"context_line":"  domain_name: tempest-test-domain"},{"line_number":22,"context_line":"  username: tempest-domain-admin-1"},{"line_number":23,"context_line":"  roles:"},{"line_number":24,"context_line":"    - admin"},{"line_number":25,"context_line":"- user_domain_name: Default"},{"line_number":26,"context_line":"  password: password"},{"line_number":27,"context_line":"  domain_name: tempest-test-domain"}],"source_content_type":"application/octet-stream","patch_set":14,"id":"1f621f24_dd0ad223","line":24,"range":{"start_line":19,"start_character":1,"end_line":24,"end_character":11},"in_reply_to":"1f621f24_5eb0d2dd","updated":"2020-11-17 01:31:41.000000000","message":"There is no project, this is for domain admins.","commit_id":"88f4b2a7077de422338e86e141f49dd2f1f7ddfb"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"3fb3350643f801610f001e45bb7c8a7c023d56c2","unresolved":false,"context_lines":[{"line_number":16,"context_line":"  roles:"},{"line_number":17,"context_line":"    - reader"},{"line_number":18,"context_line":"  system: all"},{"line_number":19,"context_line":"- user_domain_name: Default"},{"line_number":20,"context_line":"  password: password"},{"line_number":21,"context_line":"  domain_name: tempest-test-domain"},{"line_number":22,"context_line":"  username: tempest-domain-admin-1"},{"line_number":23,"context_line":"  roles:"},{"line_number":24,"context_line":"    - admin"},{"line_number":25,"context_line":"- user_domain_name: Default"},{"line_number":26,"context_line":"  password: password"},{"line_number":27,"context_line":"  domain_name: tempest-test-domain"}],"source_content_type":"application/octet-stream","patch_set":14,"id":"1f621f24_c1688788","line":24,"range":{"start_line":19,"start_character":1,"end_line":24,"end_character":11},"in_reply_to":"1f621f24_5eb0d2dd","updated":"2021-01-20 19:42:17.000000000","message":"right, this is user given as admin role on domain. Nova, cinder etc which does not have domain concept does tho use this for their tests.-","commit_id":"88f4b2a7077de422338e86e141f49dd2f1f7ddfb"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"bb5561b6c0fbf13e51bbc1bb88a5c6b1b3d9053a","unresolved":false,"context_lines":[{"line_number":16,"context_line":"  roles:"},{"line_number":17,"context_line":"    - reader"},{"line_number":18,"context_line":"  system: all"},{"line_number":19,"context_line":"- user_domain_name: Default"},{"line_number":20,"context_line":"  password: password"},{"line_number":21,"context_line":"  domain_name: tempest-test-domain"},{"line_number":22,"context_line":"  username: tempest-domain-admin-1"},{"line_number":23,"context_line":"  roles:"},{"line_number":24,"context_line":"    - admin"},{"line_number":25,"context_line":"- user_domain_name: Default"},{"line_number":26,"context_line":"  password: password"},{"line_number":27,"context_line":"  domain_name: tempest-test-domain"}],"source_content_type":"application/octet-stream","patch_set":14,"id":"1f621f24_432a5b7e","line":24,"range":{"start_line":19,"start_character":1,"end_line":24,"end_character":11},"in_reply_to":"1f621f24_dd0ad223","updated":"2020-11-17 15:08:21.000000000","message":"right so this likely wont work with any api other then keystone then.\n\nmost other services asume all users have a proejct assocaited with the token they use and check that that project matches the project the resouce they are managinge belongs too.\n\nthis is pretty fundemetal to how most openstack apis are made.\nservers,images,ports,volumes are all owned by a project not a user and we  do quotas the same way even in the unified limits proposals..\n\nso fundememntally a user that is just part of a domain is not usable with existing apis in nova and im sure other project unless we add midelware to assocate the user with all proejct in the domain or alther the project to check if the resouce that is being modifed belongs to a project that is a member of the domain.\n\nso with code changes this just wont work.\ni think that also applies to the system user above.\n\nif they are not a member of a project they wont be able to do some operations.","commit_id":"88f4b2a7077de422338e86e141f49dd2f1f7ddfb"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"d2740d298416a45948c24aad7edc12500921ce88","unresolved":false,"context_lines":[{"line_number":22,"context_line":"  username: tempest-domain-admin-1"},{"line_number":23,"context_line":"  roles:"},{"line_number":24,"context_line":"    - admin"},{"line_number":25,"context_line":"- user_domain_name: Default"},{"line_number":26,"context_line":"  password: password"},{"line_number":27,"context_line":"  domain_name: tempest-test-domain"},{"line_number":28,"context_line":"  username: tempest-domain-member-1"},{"line_number":29,"context_line":"  roles:"},{"line_number":30,"context_line":"    - member"},{"line_number":31,"context_line":"- user_domain_name: Default"},{"line_number":32,"context_line":"  password: password"},{"line_number":33,"context_line":"  domain_name: tempest-test-domain"}],"source_content_type":"application/octet-stream","patch_set":14,"id":"1f621f24_bec0062c","line":30,"range":{"start_line":25,"start_character":0,"end_line":30,"end_character":12},"updated":"2020-11-09 18:40:51.000000000","message":"what makes this different form a project \nboth will have a domain and project.\n\nthe main difference i see is\n\nuser_domain_name: Default\ndomain_name: tempest-test-domain\n\nvs just \n\nuser_domain_name: Default\n\nfor project.\n\nbut i dont really see why that is diffrent then \n\njust user_domain_name tempest-test-domain\n\n\ndo we have examples of how service will consume this via keystone moddelware or oslo.policy?","commit_id":"88f4b2a7077de422338e86e141f49dd2f1f7ddfb"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"bb5561b6c0fbf13e51bbc1bb88a5c6b1b3d9053a","unresolved":false,"context_lines":[{"line_number":22,"context_line":"  username: tempest-domain-admin-1"},{"line_number":23,"context_line":"  roles:"},{"line_number":24,"context_line":"    - admin"},{"line_number":25,"context_line":"- user_domain_name: Default"},{"line_number":26,"context_line":"  password: password"},{"line_number":27,"context_line":"  domain_name: tempest-test-domain"},{"line_number":28,"context_line":"  username: tempest-domain-member-1"},{"line_number":29,"context_line":"  roles:"},{"line_number":30,"context_line":"    - member"},{"line_number":31,"context_line":"- user_domain_name: Default"},{"line_number":32,"context_line":"  password: password"},{"line_number":33,"context_line":"  domain_name: tempest-test-domain"}],"source_content_type":"application/octet-stream","patch_set":14,"id":"1f621f24_201f556c","line":30,"range":{"start_line":25,"start_character":0,"end_line":30,"end_character":12},"in_reply_to":"1f621f24_810ab81c","updated":"2020-11-17 15:08:21.000000000","message":"ok so it sound like that would work in keystone but it wont work in other openstack services.\n\nother than key pairs i dont know of any resouces that are owned by users. barbican secrets may be owned by user i think but by default i think they are owned by projects too.\n\nso this domain member without a project would not wown anything in nova neutron or cinder and would not be able to interact with there apis correctly.","commit_id":"88f4b2a7077de422338e86e141f49dd2f1f7ddfb"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"3e9e5692315e3f9cceec5388a6763c305d92f3c6","unresolved":false,"context_lines":[{"line_number":22,"context_line":"  username: tempest-domain-admin-1"},{"line_number":23,"context_line":"  roles:"},{"line_number":24,"context_line":"    - admin"},{"line_number":25,"context_line":"- user_domain_name: Default"},{"line_number":26,"context_line":"  password: password"},{"line_number":27,"context_line":"  domain_name: tempest-test-domain"},{"line_number":28,"context_line":"  username: tempest-domain-member-1"},{"line_number":29,"context_line":"  roles:"},{"line_number":30,"context_line":"    - member"},{"line_number":31,"context_line":"- user_domain_name: Default"},{"line_number":32,"context_line":"  password: password"},{"line_number":33,"context_line":"  domain_name: tempest-test-domain"}],"source_content_type":"application/octet-stream","patch_set":14,"id":"1f621f24_810ab81c","line":30,"range":{"start_line":25,"start_character":0,"end_line":30,"end_character":12},"in_reply_to":"1f621f24_bec0062c","updated":"2020-11-17 01:31:41.000000000","message":"user_domain_name is what I would liken to a \"namespace\", it\u0027s the domain where you look up a user by their username. The user_domain_name has nothing to do with RBAC, it\u0027s just to allow namespacing of usernames. domain_name here is the domain on which the user has a role assignment. So I could have a user with username \u0027bob\u0027 in domain \u0027acme\u0027 who has a role assignment \u0027member\u0027 on domain \u0027team-a\u0027, and that means that \u0027bob\u0027 can be looked up in \u0027acme\u0027 but has no permission to read or write anything in \u0027acme\u0027, but can read or write on \u0027team-a\u0027.","commit_id":"88f4b2a7077de422338e86e141f49dd2f1f7ddfb"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"d2740d298416a45948c24aad7edc12500921ce88","unresolved":false,"context_lines":[{"line_number":40,"context_line":"  username: tempest-project-admin-1"},{"line_number":41,"context_line":"  roles:"},{"line_number":42,"context_line":"    - admin"},{"line_number":43,"context_line":"- user_domain_name: Default"},{"line_number":44,"context_line":"  password: password"},{"line_number":45,"context_line":"  project_name: tempest-test-project"},{"line_number":46,"context_line":"  username: tempest-project-member-1"},{"line_number":47,"context_line":"  roles:"},{"line_number":48,"context_line":"    - member"},{"line_number":49,"context_line":"- user_domain_name: Default"},{"line_number":50,"context_line":"  password: password"},{"line_number":51,"context_line":"  project_name: tempest-test-project"}],"source_content_type":"application/octet-stream","patch_set":14,"id":"1f621f24_3eea36ab","line":48,"range":{"start_line":43,"start_character":0,"end_line":48,"end_character":12},"updated":"2020-11-09 18:40:51.000000000","message":"this looks identical to a domain member to me","commit_id":"88f4b2a7077de422338e86e141f49dd2f1f7ddfb"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"3e9e5692315e3f9cceec5388a6763c305d92f3c6","unresolved":false,"context_lines":[{"line_number":40,"context_line":"  username: tempest-project-admin-1"},{"line_number":41,"context_line":"  roles:"},{"line_number":42,"context_line":"    - admin"},{"line_number":43,"context_line":"- user_domain_name: Default"},{"line_number":44,"context_line":"  password: password"},{"line_number":45,"context_line":"  project_name: tempest-test-project"},{"line_number":46,"context_line":"  username: tempest-project-member-1"},{"line_number":47,"context_line":"  roles:"},{"line_number":48,"context_line":"    - member"},{"line_number":49,"context_line":"- user_domain_name: Default"},{"line_number":50,"context_line":"  password: password"},{"line_number":51,"context_line":"  project_name: tempest-test-project"}],"source_content_type":"application/octet-stream","patch_set":14,"id":"1f621f24_211be472","line":48,"range":{"start_line":43,"start_character":0,"end_line":48,"end_character":12},"in_reply_to":"1f621f24_3eea36ab","updated":"2020-11-17 01:31:41.000000000","message":"It\u0027s not, see comment above. This user has the \u0027member\u0027 role assignment on project \u0027tempest-test-project\u0027, where the user above has the \u0027member\u0027 role assignment on domain \u0027tempest-test-domain\u0027.","commit_id":"88f4b2a7077de422338e86e141f49dd2f1f7ddfb"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"d2740d298416a45948c24aad7edc12500921ce88","unresolved":false,"context_lines":[{"line_number":46,"context_line":"  username: tempest-project-member-1"},{"line_number":47,"context_line":"  roles:"},{"line_number":48,"context_line":"    - member"},{"line_number":49,"context_line":"- user_domain_name: Default"},{"line_number":50,"context_line":"  password: password"},{"line_number":51,"context_line":"  project_name: tempest-test-project"},{"line_number":52,"context_line":"  username: tempest-project-reader-1"},{"line_number":53,"context_line":"  roles:"},{"line_number":54,"context_line":"    - reader"},{"line_number":55,"context_line":"- user_domain_name: Default"},{"line_number":56,"context_line":"  password: password"},{"line_number":57,"context_line":"  username: tempest-system-admin-2"}],"source_content_type":"application/octet-stream","patch_set":14,"id":"1f621f24_3e035675","line":54,"range":{"start_line":49,"start_character":0,"end_line":54,"end_character":12},"updated":"2020-11-09 18:40:51.000000000","message":"again i dont see a difference between this and a domain reader","commit_id":"88f4b2a7077de422338e86e141f49dd2f1f7ddfb"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"3e9e5692315e3f9cceec5388a6763c305d92f3c6","unresolved":false,"context_lines":[{"line_number":46,"context_line":"  username: tempest-project-member-1"},{"line_number":47,"context_line":"  roles:"},{"line_number":48,"context_line":"    - member"},{"line_number":49,"context_line":"- user_domain_name: Default"},{"line_number":50,"context_line":"  password: password"},{"line_number":51,"context_line":"  project_name: tempest-test-project"},{"line_number":52,"context_line":"  username: tempest-project-reader-1"},{"line_number":53,"context_line":"  roles:"},{"line_number":54,"context_line":"    - reader"},{"line_number":55,"context_line":"- user_domain_name: Default"},{"line_number":56,"context_line":"  password: password"},{"line_number":57,"context_line":"  username: tempest-system-admin-2"}],"source_content_type":"application/octet-stream","patch_set":14,"id":"1f621f24_0116a849","line":54,"range":{"start_line":49,"start_character":0,"end_line":54,"end_character":12},"in_reply_to":"1f621f24_3e035675","updated":"2020-11-17 01:31:41.000000000","message":"see comments above","commit_id":"88f4b2a7077de422338e86e141f49dd2f1f7ddfb"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"d2740d298416a45948c24aad7edc12500921ce88","unresolved":false,"context_lines":[{"line_number":58,"context_line":"  roles:"},{"line_number":59,"context_line":"    - admin"},{"line_number":60,"context_line":"  system: all"},{"line_number":61,"context_line":"- user_domain_name: Default"},{"line_number":62,"context_line":"  password: password"},{"line_number":63,"context_line":"  username: tempest-system-member-2"},{"line_number":64,"context_line":"  roles:"},{"line_number":65,"context_line":"    - member"},{"line_number":66,"context_line":"  system: all"},{"line_number":67,"context_line":"- user_domain_name: Default"},{"line_number":68,"context_line":"  password: password"},{"line_number":69,"context_line":"  system: all"}],"source_content_type":"application/octet-stream","patch_set":14,"id":"1f621f24_9efb8a77","line":66,"range":{"start_line":61,"start_character":0,"end_line":66,"end_character":13},"updated":"2020-11-09 18:40:51.000000000","message":"this looks like a project member + system: all\n\nbut i dont think its really a seperate concept.\n\na system member i think really only make sense for modelling a service like nova or neutron but i am not sure why you would not make them an system admin. service dont tent to call there own apis so it wont really matter but the usecase for this seam strange\n\n\njust as an aside fi you hasd a scope: system it woudl be eiaser to follow\n\ne.g.\n\nscope: system\nscope: domain\nscope: project\n\ninfering the scope form the present and absence of keys in the yaml section is quite hard to do without the full set of keys listed somewhere first.","commit_id":"88f4b2a7077de422338e86e141f49dd2f1f7ddfb"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"3e9e5692315e3f9cceec5388a6763c305d92f3c6","unresolved":false,"context_lines":[{"line_number":58,"context_line":"  roles:"},{"line_number":59,"context_line":"    - admin"},{"line_number":60,"context_line":"  system: all"},{"line_number":61,"context_line":"- user_domain_name: Default"},{"line_number":62,"context_line":"  password: password"},{"line_number":63,"context_line":"  username: tempest-system-member-2"},{"line_number":64,"context_line":"  roles:"},{"line_number":65,"context_line":"    - member"},{"line_number":66,"context_line":"  system: all"},{"line_number":67,"context_line":"- user_domain_name: Default"},{"line_number":68,"context_line":"  password: password"},{"line_number":69,"context_line":"  system: all"}],"source_content_type":"application/octet-stream","patch_set":14,"id":"1f621f24_c13830d4","line":66,"range":{"start_line":61,"start_character":0,"end_line":66,"end_character":13},"in_reply_to":"1f621f24_9efb8a77","updated":"2020-11-17 01:31:41.000000000","message":"see comments above, this user has a role assignment on the \u0027system\u0027 scope, no role assignments in any project or any domain.\n\nSystem member probably has limited use, but system reader is something people ask for and for the sake of symmetry of how scopes are used we allow the concept of a system member.\n\n \u003e \n \u003e just as an aside fi you hasd a scope: system it woudl be eiaser to\n \u003e follow\n \u003e \n\nYeah I think I played with a format like that in earlier drafts but this is a smaller departure from how it currently works. Honestly I wrote this months ago and would prefer not to refactor it at this point, I see your point though.","commit_id":"88f4b2a7077de422338e86e141f49dd2f1f7ddfb"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"bb5561b6c0fbf13e51bbc1bb88a5c6b1b3d9053a","unresolved":false,"context_lines":[{"line_number":58,"context_line":"  roles:"},{"line_number":59,"context_line":"    - admin"},{"line_number":60,"context_line":"  system: all"},{"line_number":61,"context_line":"- user_domain_name: Default"},{"line_number":62,"context_line":"  password: password"},{"line_number":63,"context_line":"  username: tempest-system-member-2"},{"line_number":64,"context_line":"  roles:"},{"line_number":65,"context_line":"    - member"},{"line_number":66,"context_line":"  system: all"},{"line_number":67,"context_line":"- user_domain_name: Default"},{"line_number":68,"context_line":"  password: password"},{"line_number":69,"context_line":"  system: all"}],"source_content_type":"application/octet-stream","patch_set":14,"id":"1f621f24_c005c147","line":66,"range":{"start_line":61,"start_character":0,"end_line":66,"end_character":13},"in_reply_to":"1f621f24_c13830d4","updated":"2020-11-17 15:08:21.000000000","message":"ya im not asking for a refactoing really but it was very hard to just parse this and figure out what it ment with out just looking at the username","commit_id":"88f4b2a7077de422338e86e141f49dd2f1f7ddfb"}],"tempest/lib/common/preprov_creds.py":[{"author":{"_account_id":23186,"name":"Felipe Monteiro","email":"felipe.carneiro.monteiro@gmail.com","username":"felipe.monteiro"},"change_message_id":"923ecf6099ca41e5c1c2cbca588847f5afd70400","unresolved":false,"context_lines":[{"line_number":106,"context_line":"    @classmethod"},{"line_number":107,"context_line":"    def _append_scoped_role(cls, scope, role, account_hash, hash_dict):"},{"line_number":108,"context_line":"        key \u003d \"%s_%s\" % (scope, role)"},{"line_number":109,"context_line":"        if key in hash_dict[\u0027scoped_roles\u0027]:"},{"line_number":110,"context_line":"            hash_dict[\u0027scoped_roles\u0027][key].append(account_hash)"},{"line_number":111,"context_line":"        else:"},{"line_number":112,"context_line":"            hash_dict[\u0027scoped_roles\u0027][key] \u003d [account_hash]"},{"line_number":113,"context_line":"        return hash_dict"},{"line_number":114,"context_line":""},{"line_number":115,"context_line":"    @classmethod"}],"source_content_type":"text/x-python","patch_set":9,"id":"bf51134e_d574dd9e","line":112,"range":{"start_line":109,"start_character":0,"end_line":112,"end_character":59},"updated":"2020-07-24 04:47:17.000000000","message":"Could refactor to fewer LOC using:\n\n    hash_dict[\u0027scoped_roles\u0027][key].setdefault([])\n    hash_dict[\u0027scoped_roles\u0027][key].append(account_hash)","commit_id":"079430951c89ac8b98bcdad80f98e44773d4c6b2"},{"author":{"_account_id":23186,"name":"Felipe Monteiro","email":"felipe.carneiro.monteiro@gmail.com","username":"felipe.monteiro"},"change_message_id":"e809ad4ab64850659e696c2bae42a54b36d20883","unresolved":false,"context_lines":[{"line_number":106,"context_line":"    @classmethod"},{"line_number":107,"context_line":"    def _append_scoped_role(cls, scope, role, account_hash, hash_dict):"},{"line_number":108,"context_line":"        key \u003d \"%s_%s\" % (scope, role)"},{"line_number":109,"context_line":"        if key in hash_dict[\u0027scoped_roles\u0027]:"},{"line_number":110,"context_line":"            hash_dict[\u0027scoped_roles\u0027][key].append(account_hash)"},{"line_number":111,"context_line":"        else:"},{"line_number":112,"context_line":"            hash_dict[\u0027scoped_roles\u0027][key] \u003d [account_hash]"},{"line_number":113,"context_line":"        return hash_dict"},{"line_number":114,"context_line":""},{"line_number":115,"context_line":"    @classmethod"}],"source_content_type":"text/x-python","patch_set":9,"id":"9f560f44_274c0a41","line":112,"range":{"start_line":109,"start_character":0,"end_line":112,"end_character":59},"in_reply_to":"9f560f44_91990270","updated":"2020-08-01 14:08:30.000000000","message":"Oh, because my example was wrong syntactically: hash_dict[\u0027scoped_roles\u0027].setdefault(key, [])","commit_id":"079430951c89ac8b98bcdad80f98e44773d4c6b2"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"11c34580113cf4450b1a8a403755c64b346298d2","unresolved":false,"context_lines":[{"line_number":106,"context_line":"    @classmethod"},{"line_number":107,"context_line":"    def _append_scoped_role(cls, scope, role, account_hash, hash_dict):"},{"line_number":108,"context_line":"        key \u003d \"%s_%s\" % (scope, role)"},{"line_number":109,"context_line":"        if key in hash_dict[\u0027scoped_roles\u0027]:"},{"line_number":110,"context_line":"            hash_dict[\u0027scoped_roles\u0027][key].append(account_hash)"},{"line_number":111,"context_line":"        else:"},{"line_number":112,"context_line":"            hash_dict[\u0027scoped_roles\u0027][key] \u003d [account_hash]"},{"line_number":113,"context_line":"        return hash_dict"},{"line_number":114,"context_line":""},{"line_number":115,"context_line":"    @classmethod"}],"source_content_type":"text/x-python","patch_set":9,"id":"9f560f44_91990270","line":112,"range":{"start_line":109,"start_character":0,"end_line":112,"end_character":59},"in_reply_to":"bf51134e_d574dd9e","updated":"2020-07-30 06:06:16.000000000","message":"That would not work on the first addition:\n\n \u003e\u003e\u003e hash_dict\n {\u0027scoped_roles\u0027: {}}\n \u003e\u003e\u003e key \u003d \u0027system_admin\u0027\n \u003e\u003e\u003e hash_dict[\u0027scoped_roles\u0027][key].setdefault([])\n Traceback (most recent call last):\n   File \"\u003cstdin\u003e\", line 1, in \u003cmodule\u003e\n KeyError: \u0027system_admin\u0027","commit_id":"079430951c89ac8b98bcdad80f98e44773d4c6b2"},{"author":{"_account_id":23186,"name":"Felipe Monteiro","email":"felipe.carneiro.monteiro@gmail.com","username":"felipe.monteiro"},"change_message_id":"923ecf6099ca41e5c1c2cbca588847f5afd70400","unresolved":false,"context_lines":[{"line_number":234,"context_line":"                    if not temp_hashes:"},{"line_number":235,"context_line":"                        raise lib_exc.InvalidCredentials("},{"line_number":236,"context_line":"                            \"No credentials matching role: %s, scope: %s \""},{"line_number":237,"context_line":"                            \"specified in the accounts \"\"file\" % (role, scope))"},{"line_number":238,"context_line":"                else:"},{"line_number":239,"context_line":"                    temp_hashes \u003d self.hash_dict[\u0027roles\u0027].get(role, None)"},{"line_number":240,"context_line":"                    if not temp_hashes:"}],"source_content_type":"text/x-python","patch_set":9,"id":"bf51134e_f57f6163","line":237,"range":{"start_line":237,"start_character":55,"end_line":237,"end_character":57},"updated":"2020-07-24 04:47:17.000000000","message":"This looks like a typo?","commit_id":"079430951c89ac8b98bcdad80f98e44773d4c6b2"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"11c34580113cf4450b1a8a403755c64b346298d2","unresolved":false,"context_lines":[{"line_number":234,"context_line":"                    if not temp_hashes:"},{"line_number":235,"context_line":"                        raise lib_exc.InvalidCredentials("},{"line_number":236,"context_line":"                            \"No credentials matching role: %s, scope: %s \""},{"line_number":237,"context_line":"                            \"specified in the accounts \"\"file\" % (role, scope))"},{"line_number":238,"context_line":"                else:"},{"line_number":239,"context_line":"                    temp_hashes \u003d self.hash_dict[\u0027roles\u0027].get(role, None)"},{"line_number":240,"context_line":"                    if not temp_hashes:"}],"source_content_type":"text/x-python","patch_set":9,"id":"9f560f44_51b80ac7","line":237,"range":{"start_line":237,"start_character":55,"end_line":237,"end_character":57},"in_reply_to":"bf51134e_f57f6163","updated":"2020-07-30 06:06:16.000000000","message":"Done","commit_id":"079430951c89ac8b98bcdad80f98e44773d4c6b2"},{"author":{"_account_id":23186,"name":"Felipe Monteiro","email":"felipe.carneiro.monteiro@gmail.com","username":"felipe.monteiro"},"change_message_id":"923ecf6099ca41e5c1c2cbca588847f5afd70400","unresolved":false,"context_lines":[{"line_number":240,"context_line":"                    if not temp_hashes:"},{"line_number":241,"context_line":"                        raise lib_exc.InvalidCredentials("},{"line_number":242,"context_line":"                            \"No credentials with role: %s specified in the \""},{"line_number":243,"context_line":"                            \"accounts \"\"file\" % role)"},{"line_number":244,"context_line":"                hashes.append(temp_hashes)"},{"line_number":245,"context_line":"            # Take the list of lists and do a boolean and between each list to"},{"line_number":246,"context_line":"            # find the creds which fall under all the specified roles"}],"source_content_type":"text/x-python","patch_set":9,"id":"bf51134e_15f2d506","line":243,"range":{"start_line":243,"start_character":38,"end_line":243,"end_character":40},"updated":"2020-07-24 04:47:17.000000000","message":"Ditto.","commit_id":"079430951c89ac8b98bcdad80f98e44773d4c6b2"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"11c34580113cf4450b1a8a403755c64b346298d2","unresolved":false,"context_lines":[{"line_number":240,"context_line":"                    if not temp_hashes:"},{"line_number":241,"context_line":"                        raise lib_exc.InvalidCredentials("},{"line_number":242,"context_line":"                            \"No credentials with role: %s specified in the \""},{"line_number":243,"context_line":"                            \"accounts \"\"file\" % role)"},{"line_number":244,"context_line":"                hashes.append(temp_hashes)"},{"line_number":245,"context_line":"            # Take the list of lists and do a boolean and between each list to"},{"line_number":246,"context_line":"            # find the creds which fall under all the specified roles"}],"source_content_type":"text/x-python","patch_set":9,"id":"9f560f44_31bbd6c4","line":243,"range":{"start_line":243,"start_character":38,"end_line":243,"end_character":40},"in_reply_to":"bf51134e_15f2d506","updated":"2020-07-30 06:06:16.000000000","message":"Done","commit_id":"079430951c89ac8b98bcdad80f98e44773d4c6b2"},{"author":{"_account_id":23186,"name":"Felipe Monteiro","email":"felipe.carneiro.monteiro@gmail.com","username":"felipe.monteiro"},"change_message_id":"923ecf6099ca41e5c1c2cbca588847f5afd70400","unresolved":false,"context_lines":[{"line_number":354,"context_line":"        return domain_admin"},{"line_number":355,"context_line":""},{"line_number":356,"context_line":"    def get_domain_member_creds(self):"},{"line_number":357,"context_line":"        if self._creds.get(\u0027domain_reader\u0027):"},{"line_number":358,"context_line":"            return self._creds.get(\u0027domain_reader\u0027)"},{"line_number":359,"context_line":"        domain_reader \u003d self._get_creds([\u0027reader\u0027], scope\u003d\u0027domain\u0027)"},{"line_number":360,"context_line":"        self._creds[\u0027domain_reader\u0027] \u003d domain_reader"}],"source_content_type":"text/x-python","patch_set":9,"id":"bf51134e_b538499f","line":357,"range":{"start_line":357,"start_character":28,"end_line":357,"end_character":41},"updated":"2020-07-24 04:47:17.000000000","message":"domain_member, ditto elsewhere in here","commit_id":"079430951c89ac8b98bcdad80f98e44773d4c6b2"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"11c34580113cf4450b1a8a403755c64b346298d2","unresolved":false,"context_lines":[{"line_number":354,"context_line":"        return domain_admin"},{"line_number":355,"context_line":""},{"line_number":356,"context_line":"    def get_domain_member_creds(self):"},{"line_number":357,"context_line":"        if self._creds.get(\u0027domain_reader\u0027):"},{"line_number":358,"context_line":"            return self._creds.get(\u0027domain_reader\u0027)"},{"line_number":359,"context_line":"        domain_reader \u003d self._get_creds([\u0027reader\u0027], scope\u003d\u0027domain\u0027)"},{"line_number":360,"context_line":"        self._creds[\u0027domain_reader\u0027] \u003d domain_reader"}],"source_content_type":"text/x-python","patch_set":9,"id":"9f560f44_d1cb7a50","line":357,"range":{"start_line":357,"start_character":28,"end_line":357,"end_character":41},"in_reply_to":"bf51134e_b538499f","updated":"2020-07-30 06:06:16.000000000","message":"oops, thanks","commit_id":"079430951c89ac8b98bcdad80f98e44773d4c6b2"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"3ea5f72c8d862c74e80f537dc5745cc16a404e6a","unresolved":false,"context_lines":[{"line_number":358,"context_line":"            return self._creds.get(\u0027domain_member\u0027)"},{"line_number":359,"context_line":"        domain_member \u003d self._get_creds([\u0027member\u0027], scope\u003d\u0027domain\u0027)"},{"line_number":360,"context_line":"        self._creds[\u0027domain_member\u0027] \u003d domain_member"},{"line_number":361,"context_line":"        return domain_reader"},{"line_number":362,"context_line":""},{"line_number":363,"context_line":"    def get_domain_reader_creds(self):"},{"line_number":364,"context_line":"        if self._creds.get(\u0027domain_reader\u0027):"}],"source_content_type":"text/x-python","patch_set":10,"id":"9f560f44_540598c1","line":361,"updated":"2020-07-30 04:46:51.000000000","message":"pep8: F821 undefined name \u0027domain_reader\u0027","commit_id":"0a65b6ce7909814cc148cad4bad10e411e5b6748"},{"author":{"_account_id":23186,"name":"Felipe Monteiro","email":"felipe.carneiro.monteiro@gmail.com","username":"felipe.monteiro"},"change_message_id":"da505dd962db756d9d9b13e57355979b692b75a4","unresolved":false,"context_lines":[{"line_number":254,"context_line":"        # privilege set which could potentially cause issues on tests where"},{"line_number":255,"context_line":"        # that is not expected. So unless the admin role isn\u0027t specified do"},{"line_number":256,"context_line":"        # not allocate admin."},{"line_number":257,"context_line":"        admin_hashes \u003d self.hash_dict[\u0027roles\u0027].get(self.admin_role,"},{"line_number":258,"context_line":"                                                   None)"},{"line_number":259,"context_line":"        if ((not roles or self.admin_role not in roles) and"},{"line_number":260,"context_line":"                admin_hashes):"},{"line_number":261,"context_line":"            useable_hashes \u003d [x for x in hashes if x not in admin_hashes]"}],"source_content_type":"text/x-python","patch_set":11,"id":"9f560f44_8766b6c0","line":258,"range":{"start_line":257,"start_character":8,"end_line":258,"end_character":56},"updated":"2020-08-01 14:18:12.000000000","message":"Does this also need to handle \u0027scoped_roles\u0027 logic for system admin?","commit_id":"2610cfad9a7344475d919f1249c646b4036c56fa"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"709c81ca13e5c8ffa7e27e4e74dd4645da499b4f","unresolved":false,"context_lines":[{"line_number":254,"context_line":"        # privilege set which could potentially cause issues on tests where"},{"line_number":255,"context_line":"        # that is not expected. So unless the admin role isn\u0027t specified do"},{"line_number":256,"context_line":"        # not allocate admin."},{"line_number":257,"context_line":"        admin_hashes \u003d self.hash_dict[\u0027roles\u0027].get(self.admin_role,"},{"line_number":258,"context_line":"                                                   None)"},{"line_number":259,"context_line":"        if ((not roles or self.admin_role not in roles) and"},{"line_number":260,"context_line":"                admin_hashes):"},{"line_number":261,"context_line":"            useable_hashes \u003d [x for x in hashes if x not in admin_hashes]"}],"source_content_type":"text/x-python","patch_set":11,"id":"9f560f44_f6811efd","line":258,"range":{"start_line":257,"start_character":8,"end_line":258,"end_character":56},"in_reply_to":"9f560f44_8766b6c0","updated":"2020-08-03 01:07:37.000000000","message":"I think that would change the behavior for projects still using the old project admin logic.","commit_id":"2610cfad9a7344475d919f1249c646b4036c56fa"},{"author":{"_account_id":23186,"name":"Felipe Monteiro","email":"felipe.carneiro.monteiro@gmail.com","username":"felipe.monteiro"},"change_message_id":"da505dd962db756d9d9b13e57355979b692b75a4","unresolved":false,"context_lines":[{"line_number":328,"context_line":"    def get_system_admin_creds(self):"},{"line_number":329,"context_line":"        if self._creds.get(\u0027system_admin\u0027):"},{"line_number":330,"context_line":"            return self._creds.get(\u0027system_admin\u0027)"},{"line_number":331,"context_line":"        system_admin \u003d self._get_creds([\u0027admin\u0027], scope\u003d\u0027system\u0027)"},{"line_number":332,"context_line":"        self._creds[\u0027system_admin\u0027] \u003d system_admin"},{"line_number":333,"context_line":"        return system_admin"},{"line_number":334,"context_line":""}],"source_content_type":"text/x-python","patch_set":11,"id":"9f560f44_e757b2c9","line":331,"range":{"start_line":331,"start_character":57,"end_line":331,"end_character":63},"updated":"2020-08-01 14:18:12.000000000","message":"nit: If Tempest is pure py3 now, then enums can be implemented for these scopes: https://docs.python.org/3/library/enum.html","commit_id":"2610cfad9a7344475d919f1249c646b4036c56fa"}]}