)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":33487,"name":"João Victor Portal","display_name":"J. Portal","email":"Joao.VictorPortal@windriver.com","username":"jvportal"},"change_message_id":"5f1445a2b6c5d9cfa6bf6b71cfdc99945ac87a8d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"73da255f_5ab6f08e","updated":"2024-02-07 12:37:20.000000000","message":"Both starlingx and partner uses \"ca.crt\" for OIDC configuration. Only an older version of partner uses \"tls.crt\". I believe this change should be abandoned.","commit_id":"631b0bc140151bf7ed047a626ab92f677a1a6572"}],"doc/source/security/kubernetes/configure-oidc-auth-applications.rst":[{"author":{"_account_id":33487,"name":"João Victor Portal","display_name":"J. Portal","email":"Joao.VictorPortal@windriver.com","username":"jvportal"},"change_message_id":"8bef64ffef2831b3b241f99cd3f68086f427610c","unresolved":true,"context_lines":[{"line_number":115,"context_line":""},{"line_number":116,"context_line":"         Create a secret with the certificate of the root |CA| that signed the"},{"line_number":117,"context_line":"         |OIDC| client and identity provider\u0027s server certificate.  In this"},{"line_number":118,"context_line":"         example, it will be the ``tls.crt`` of the ``system-local-ca``"},{"line_number":119,"context_line":"         ClusterIssuer)."},{"line_number":120,"context_line":""},{"line_number":121,"context_line":"         .. code-block:: none"}],"source_content_type":"text/x-rst","patch_set":1,"id":"fef31741_716a6e4a","line":118,"updated":"2024-01-23 19:43:48.000000000","message":"According to what was discussed in https://review.opendev.org/c/starlingx/docs/+/902603/8..9/doc/source/security/kubernetes/configure-oidc-auth-applications.rst#b121 , for current master version of StarlingX, the correct field to be used is indeed \"ca.crt\" instead of \"tls.crt\". In some older versions of StarlingX, the correct is \"tls.crt\".","commit_id":"aebd641fc418906a57ec689b4dac34153078fa7f"},{"author":{"_account_id":36041,"name":"Dinesh Neelapu","display_name":"Dinesh","email":"dinesh.neelapu@windriver.com","username":"dineshneelapu"},"change_message_id":"2074a0ed0c72346dbe248856b387ac5194ad00ac","unresolved":false,"context_lines":[{"line_number":115,"context_line":""},{"line_number":116,"context_line":"         Create a secret with the certificate of the root |CA| that signed the"},{"line_number":117,"context_line":"         |OIDC| client and identity provider\u0027s server certificate.  In this"},{"line_number":118,"context_line":"         example, it will be the ``tls.crt`` of the ``system-local-ca``"},{"line_number":119,"context_line":"         ClusterIssuer)."},{"line_number":120,"context_line":""},{"line_number":121,"context_line":"         .. code-block:: none"}],"source_content_type":"text/x-rst","patch_set":1,"id":"66bcda5e_c5ea0b2a","line":118,"in_reply_to":"fef31741_716a6e4a","updated":"2024-02-07 09:47:06.000000000","message":"Done","commit_id":"aebd641fc418906a57ec689b4dac34153078fa7f"},{"author":{"_account_id":28439,"name":"Matt Peters","email":"matt.peters@windriver.com","username":"mpeters-wrs"},"change_message_id":"77a9deadd0bc7a315966ca94ce1fb62f22d5b79c","unresolved":true,"context_lines":[{"line_number":121,"context_line":"         .. code-block:: none"},{"line_number":122,"context_line":""},{"line_number":123,"context_line":"            ~(keystone_admin)]$ mkdir /home/sysadmin/ssl"},{"line_number":124,"context_line":"            ~(keystone_admin)]$ kubectl get secret system-local-ca -n cert-manager -o\u003djsonpath\u003d\u0027{.data.ca\\.crt}\u0027 | base64 --decode \u003e /home/sysadmin/ssl/dex-ca-cert.crt"},{"line_number":125,"context_line":""},{"line_number":126,"context_line":"            ~(keystone_admin)]$ kubectl create secret generic dex-ca-cert --from-file\u003d/home/sysadmin/ssl/dex-ca-cert.crt  -n kube-system"},{"line_number":127,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"52241054_12f78978","line":124,"range":{"start_line":124,"start_character":103,"end_line":124,"end_character":110},"updated":"2024-01-24 12:37:09.000000000","message":"The example command needs to align to the description once confirmed if this should be ca.crt or tls.crt for the current release.","commit_id":"aebd641fc418906a57ec689b4dac34153078fa7f"},{"author":{"_account_id":36041,"name":"Dinesh Neelapu","display_name":"Dinesh","email":"dinesh.neelapu@windriver.com","username":"dineshneelapu"},"change_message_id":"2074a0ed0c72346dbe248856b387ac5194ad00ac","unresolved":false,"context_lines":[{"line_number":121,"context_line":"         .. code-block:: none"},{"line_number":122,"context_line":""},{"line_number":123,"context_line":"            ~(keystone_admin)]$ mkdir /home/sysadmin/ssl"},{"line_number":124,"context_line":"            ~(keystone_admin)]$ kubectl get secret system-local-ca -n cert-manager -o\u003djsonpath\u003d\u0027{.data.ca\\.crt}\u0027 | base64 --decode \u003e /home/sysadmin/ssl/dex-ca-cert.crt"},{"line_number":125,"context_line":""},{"line_number":126,"context_line":"            ~(keystone_admin)]$ kubectl create secret generic dex-ca-cert --from-file\u003d/home/sysadmin/ssl/dex-ca-cert.crt  -n kube-system"},{"line_number":127,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"e937aded_b8f7012c","line":124,"range":{"start_line":124,"start_character":103,"end_line":124,"end_character":110},"in_reply_to":"52241054_12f78978","updated":"2024-02-07 09:47:06.000000000","message":"Done","commit_id":"aebd641fc418906a57ec689b4dac34153078fa7f"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"15e843347c826fcafc127e073b26235f10096c5c","unresolved":true,"context_lines":[{"line_number":122,"context_line":""},{"line_number":123,"context_line":"         .. only:: partner"},{"line_number":124,"context_line":""},{"line_number":125,"context_line":"             Create a secret with the certificate of the root |CA| that signed"},{"line_number":126,"context_line":"             the |OIDC| client and identity provider\u0027s server certificate.  In"},{"line_number":127,"context_line":"             this example, it will be the ``tls.crt`` of the"},{"line_number":128,"context_line":"             ``system-local-ca`` ClusterIssuer)."},{"line_number":129,"context_line":""},{"line_number":130,"context_line":"         .. code-block:: none"},{"line_number":131,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"d9715c9b_2bfd6a07","line":128,"range":{"start_line":125,"start_character":13,"end_line":128,"end_character":48},"updated":"2024-02-07 14:09:21.000000000","message":"Hey Dinesh, here use ..include and add the .rest file to each branch as requested. \nWe need this upstream to add the include....so no need to abandon","commit_id":"631b0bc140151bf7ed047a626ab92f677a1a6572"},{"author":{"_account_id":36041,"name":"Dinesh Neelapu","display_name":"Dinesh","email":"dinesh.neelapu@windriver.com","username":"dineshneelapu"},"change_message_id":"78fd52911bb0d4494b627087bb28665f5c737e5a","unresolved":false,"context_lines":[{"line_number":122,"context_line":""},{"line_number":123,"context_line":"         .. only:: partner"},{"line_number":124,"context_line":""},{"line_number":125,"context_line":"             Create a secret with the certificate of the root |CA| that signed"},{"line_number":126,"context_line":"             the |OIDC| client and identity provider\u0027s server certificate.  In"},{"line_number":127,"context_line":"             this example, it will be the ``tls.crt`` of the"},{"line_number":128,"context_line":"             ``system-local-ca`` ClusterIssuer)."},{"line_number":129,"context_line":""},{"line_number":130,"context_line":"         .. code-block:: none"},{"line_number":131,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"531e6083_f4242609","line":128,"range":{"start_line":125,"start_character":13,"end_line":128,"end_character":48},"in_reply_to":"2a24eb82_1769c367","updated":"2024-02-08 15:43:34.000000000","message":"Done","commit_id":"631b0bc140151bf7ed047a626ab92f677a1a6572"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"da2f540c5f4e0bfd0dfd37c3fd51cb0c2e294aa3","unresolved":true,"context_lines":[{"line_number":122,"context_line":""},{"line_number":123,"context_line":"         .. only:: partner"},{"line_number":124,"context_line":""},{"line_number":125,"context_line":"             Create a secret with the certificate of the root |CA| that signed"},{"line_number":126,"context_line":"             the |OIDC| client and identity provider\u0027s server certificate.  In"},{"line_number":127,"context_line":"             this example, it will be the ``tls.crt`` of the"},{"line_number":128,"context_line":"             ``system-local-ca`` ClusterIssuer)."},{"line_number":129,"context_line":""},{"line_number":130,"context_line":"         .. code-block:: none"},{"line_number":131,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"2a24eb82_1769c367","line":128,"range":{"start_line":125,"start_character":13,"end_line":128,"end_character":48},"in_reply_to":"d9715c9b_2bfd6a07","updated":"2024-02-08 13:57:27.000000000","message":"Delete this paragraph and the the ..include::","commit_id":"631b0bc140151bf7ed047a626ab92f677a1a6572"},{"author":{"_account_id":33487,"name":"João Victor Portal","display_name":"J. Portal","email":"Joao.VictorPortal@windriver.com","username":"jvportal"},"change_message_id":"9ca7845245205d107367e79c62ecf4ed65c00023","unresolved":true,"context_lines":[{"line_number":129,"context_line":"         .. code-block:: none"},{"line_number":130,"context_line":""},{"line_number":131,"context_line":"            ~(keystone_admin)]$ mkdir /home/sysadmin/ssl"},{"line_number":132,"context_line":"            ~(keystone_admin)]$ kubectl get secret system-local-ca -n cert-manager -o\u003djsonpath\u003d\u0027{.data.ca\\.crt}\u0027 | base64 --decode \u003e /home/sysadmin/ssl/dex-ca-cert.crt"},{"line_number":133,"context_line":""},{"line_number":134,"context_line":"            ~(keystone_admin)]$ kubectl create secret generic dex-ca-cert --from-file\u003d/home/sysadmin/ssl/dex-ca-cert.crt  -n kube-system"},{"line_number":135,"context_line":""}],"source_content_type":"text/x-rst","patch_set":7,"id":"c21a633a_0f8556cc","line":132,"range":{"start_line":132,"start_character":95,"end_line":132,"end_character":112},"updated":"2024-02-20 14:34:00.000000000","message":"It is also needed to change here from \"\u0027{.data.ca\\\\.crt}\u0027\" to \"\u0027{.data.tls\\\\.crt}\u0027\".","commit_id":"5a0adb9ef32620bc44c0dd918d65447140c50f2b"},{"author":{"_account_id":32187,"name":"Juanita-Balaraj","email":"juanita.balaraj@windriver.com","username":"jbalaraj"},"change_message_id":"e25956f0ab316163a1e7bd718c6eb3f954c35e28","unresolved":false,"context_lines":[{"line_number":129,"context_line":"         .. code-block:: none"},{"line_number":130,"context_line":""},{"line_number":131,"context_line":"            ~(keystone_admin)]$ mkdir /home/sysadmin/ssl"},{"line_number":132,"context_line":"            ~(keystone_admin)]$ kubectl get secret system-local-ca -n cert-manager -o\u003djsonpath\u003d\u0027{.data.ca\\.crt}\u0027 | base64 --decode \u003e /home/sysadmin/ssl/dex-ca-cert.crt"},{"line_number":133,"context_line":""},{"line_number":134,"context_line":"            ~(keystone_admin)]$ kubectl create secret generic dex-ca-cert --from-file\u003d/home/sysadmin/ssl/dex-ca-cert.crt  -n kube-system"},{"line_number":135,"context_line":""}],"source_content_type":"text/x-rst","patch_set":7,"id":"4d431e01_b82b959c","line":132,"range":{"start_line":132,"start_character":95,"end_line":132,"end_character":112},"in_reply_to":"c21a633a_0f8556cc","updated":"2024-02-20 21:08:26.000000000","message":"Done","commit_id":"5a0adb9ef32620bc44c0dd918d65447140c50f2b"},{"author":{"_account_id":33487,"name":"João Victor Portal","display_name":"J. Portal","email":"Joao.VictorPortal@windriver.com","username":"jvportal"},"change_message_id":"ebc11a066dfb41ea925d9554c3dcf51444dc4d2f","unresolved":true,"context_lines":[{"line_number":171,"context_line":"             certificate, presented below as file ``local-ldap-ca-cert.crt``, can"},{"line_number":172,"context_line":"             be extracted from the controller where the Local |LDAP| server is"},{"line_number":173,"context_line":"             running (the SystemController in DC environments) using the command"},{"line_number":174,"context_line":"             `kubectl get secret system-local-ca -n cert-manager"},{"line_number":175,"context_line":"             -o\u003djsonpath\u003d\u0027{.data.ca\\.crt}\u0027 | base64 --decode \u003e"},{"line_number":176,"context_line":"             local-ldap-ca-cert.crt`."},{"line_number":177,"context_line":""},{"line_number":178,"context_line":"         .. only:: partner"},{"line_number":179,"context_line":""}],"source_content_type":"text/x-rst","patch_set":11,"id":"b7f321be_6fa60719","line":176,"range":{"start_line":174,"start_character":13,"end_line":176,"end_character":36},"updated":"2024-02-22 12:44:41.000000000","message":"The extra escapes removed in this change are needed because the command is outside of a code-block, otherwise the command is not correctly rendered.","commit_id":"3b5478cc52161ca0f88cbba89d9bca0802c16b5d"},{"author":{"_account_id":36019,"name":"Ngairangbam Mili","display_name":"Mili","email":"ngairangbam.mili@windriver.com","username":"miling08"},"change_message_id":"e1aa2ec1c6a7bc038ef0a54a94565023ecb5de7e","unresolved":false,"context_lines":[{"line_number":171,"context_line":"             certificate, presented below as file ``local-ldap-ca-cert.crt``, can"},{"line_number":172,"context_line":"             be extracted from the controller where the Local |LDAP| server is"},{"line_number":173,"context_line":"             running (the SystemController in DC environments) using the command"},{"line_number":174,"context_line":"             `kubectl get secret system-local-ca -n cert-manager"},{"line_number":175,"context_line":"             -o\u003djsonpath\u003d\u0027{.data.ca\\.crt}\u0027 | base64 --decode \u003e"},{"line_number":176,"context_line":"             local-ldap-ca-cert.crt`."},{"line_number":177,"context_line":""},{"line_number":178,"context_line":"         .. only:: partner"},{"line_number":179,"context_line":""}],"source_content_type":"text/x-rst","patch_set":11,"id":"e66c697d_38d00053","line":176,"range":{"start_line":174,"start_character":13,"end_line":176,"end_character":36},"in_reply_to":"b7f321be_6fa60719","updated":"2024-02-23 06:35:07.000000000","message":"Done","commit_id":"3b5478cc52161ca0f88cbba89d9bca0802c16b5d"},{"author":{"_account_id":33487,"name":"João Victor Portal","display_name":"J. Portal","email":"Joao.VictorPortal@windriver.com","username":"jvportal"},"change_message_id":"ebc11a066dfb41ea925d9554c3dcf51444dc4d2f","unresolved":true,"context_lines":[{"line_number":320,"context_line":"              certificate, presented below as file ``local-ldap-ca-cert.crt``, can"},{"line_number":321,"context_line":"              be extracted from the controller where the Local |LDAP| server is"},{"line_number":322,"context_line":"              running (the SystemController in DC environments) using the command"},{"line_number":323,"context_line":"              `kubectl get secret system-local-ca -n cert-manager"},{"line_number":324,"context_line":"              -o\u003djsonpath\u003d\u0027{.data.ca\\.crt}\u0027 | base64 --decode \u003e"},{"line_number":325,"context_line":"              local-ldap-ca-cert.crt`."},{"line_number":326,"context_line":""},{"line_number":327,"context_line":"          .. only:: partner"},{"line_number":328,"context_line":""}],"source_content_type":"text/x-rst","patch_set":11,"id":"eacda5f4_6fdeac89","line":325,"range":{"start_line":323,"start_character":14,"end_line":325,"end_character":37},"updated":"2024-02-22 12:44:41.000000000","message":"See comment above.","commit_id":"3b5478cc52161ca0f88cbba89d9bca0802c16b5d"},{"author":{"_account_id":36019,"name":"Ngairangbam Mili","display_name":"Mili","email":"ngairangbam.mili@windriver.com","username":"miling08"},"change_message_id":"e1aa2ec1c6a7bc038ef0a54a94565023ecb5de7e","unresolved":false,"context_lines":[{"line_number":320,"context_line":"              certificate, presented below as file ``local-ldap-ca-cert.crt``, can"},{"line_number":321,"context_line":"              be extracted from the controller where the Local |LDAP| server is"},{"line_number":322,"context_line":"              running (the SystemController in DC environments) using the command"},{"line_number":323,"context_line":"              `kubectl get secret system-local-ca -n cert-manager"},{"line_number":324,"context_line":"              -o\u003djsonpath\u003d\u0027{.data.ca\\.crt}\u0027 | base64 --decode \u003e"},{"line_number":325,"context_line":"              local-ldap-ca-cert.crt`."},{"line_number":326,"context_line":""},{"line_number":327,"context_line":"          .. only:: partner"},{"line_number":328,"context_line":""}],"source_content_type":"text/x-rst","patch_set":11,"id":"ab702f36_873874f6","line":325,"range":{"start_line":323,"start_character":14,"end_line":325,"end_character":37},"in_reply_to":"eacda5f4_6fdeac89","updated":"2024-02-23 06:35:07.000000000","message":"Done","commit_id":"3b5478cc52161ca0f88cbba89d9bca0802c16b5d"}]}