diff --git a/681696cee79dfecbf9754ab466c0222ea59f1d2b b/681696cee79dfecbf9754ab466c0222ea59f1d2b index c29c7c6e..a8df7f0c 100644 --- a/681696cee79dfecbf9754ab466c0222ea59f1d2b +++ b/681696cee79dfecbf9754ab466c0222ea59f1d2b @@ -141,6 +141,30 @@ "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543", "unresolved": false }, + { + "key": { + "uuid": "5f7c97a3_6aebfb7a", + "filename": "specs/rocky/multi-cloud-support.rst", + "patchSetId": 1 + }, + "lineNbr": 47, + "author": { + "id": 4257 + }, + "writtenOn": "2018-06-27T19:35:41Z", + "side": 1, + "message": "That\u0027s horrible though. The user only needs to supply \u002755fcc88c-2926-47f3-b23b-6c5e2a818933\u0027 and we have all the other information we need from the keystone catalog to construct the URL. Just like every other resource in OpenStack.\n\nIn particular we do *not* want to allow users to specify *any* URL. The credential *must* come from Barbican, and the best way to ensure that is to construct the URL ourselves.\n\nIt appears that even the Barbican CLI works in this hideous manner though, so I guess we\u0027ll need to find some way to resolve the discrepancy :(\nhttps://github.com/openstack/python-barbicanclient/blob/master/barbicanclient/barbican_cli/v1/secrets.py#L37", + "parentUuid": "5f7c97a3_8fc78912", + "range": { + "startLine": 47, + "startChar": 14, + "endLine": 47, + "endChar": 18 + }, + "revId": "681696cee79dfecbf9754ab466c0222ea59f1d2b", + "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543", + "unresolved": false + }, { "key": { "uuid": "5f7c97a3_6426d425", @@ -334,6 +358,30 @@ "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543", "unresolved": false }, + { + "key": { + "uuid": "5f7c97a3_6a2c5bb2", + "filename": "specs/rocky/multi-cloud-support.rst", + "patchSetId": 1 + }, + "lineNbr": 92, + "author": { + "id": 4257 + }, + "writtenOn": "2018-06-27T19:35:41Z", + "side": 1, + "message": "* The proposed unit tests don\u0027t lead me to believe that we\u0027re only storing the href: https://review.openstack.org/#/c/578390/1/heat/tests/db/test_sqlalchemy_api.py\n* The href is already stored in the properties anyway.", + "parentUuid": "5f7c97a3_ea64ebe8", + "range": { + "startLine": 92, + "startChar": 0, + "endLine": 92, + "endChar": 25 + }, + "revId": "681696cee79dfecbf9754ab466c0222ea59f1d2b", + "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543", + "unresolved": false + }, { "key": { "uuid": "5f7c97a3_8fe9c91a", @@ -369,6 +417,24 @@ "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543", "unresolved": false }, + { + "key": { + "uuid": "5f7c97a3_ca26cfcc", + "filename": "specs/rocky/multi-cloud-support.rst", + "patchSetId": 1 + }, + "lineNbr": 98, + "author": { + "id": 4257 + }, + "writtenOn": "2018-06-27T19:35:41Z", + "side": 1, + "message": "Isn\u0027t that what you were describing on line 81?", + "parentUuid": "5f7c97a3_2aee6321", + "revId": "681696cee79dfecbf9754ab466c0222ea59f1d2b", + "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543", + "unresolved": false + }, { "key": { "uuid": "5f7c97a3_4ff3b10a", @@ -463,6 +529,30 @@ "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543", "unresolved": false }, + { + "key": { + "uuid": "5f7c97a3_aaa6f353", + "filename": "specs/rocky/multi-cloud-support.rst", + "patchSetId": 1 + }, + "lineNbr": 103, + "author": { + "id": 4257 + }, + "writtenOn": "2018-06-27T19:35:41Z", + "side": 1, + "message": "Ah, got it, thanks. I was not aware of that feature.\n\nI can see times when you actually might want to allow any user in the project to access. So maybe we should just remind users that whoever has access to the credential also has access to the remote stack (and, in fact, anything else in the remote tenant).", + "parentUuid": "5f7c97a3_4aab9f87", + "range": { + "startLine": 102, + "startChar": 10, + "endLine": 103, + "endChar": 16 + }, + "revId": "681696cee79dfecbf9754ab466c0222ea59f1d2b", + "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543", + "unresolved": false + }, { "key": { "uuid": "5f7c97a3_afe1252e",