)]}'
{"id":"depot~5772","triplet_id":"depot~canon~Id32bf5e09d67f0f1e883024c6e013eb342f03b05","project":"depot","branch":"canon","attention_set":{},"removed_from_attention_set":{"1000001":{"account":{"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"},"last_update":"2022-05-28 18:00:02.000000000","reason":"Change was submitted"}},"hashtags":[],"change_id":"Id32bf5e09d67f0f1e883024c6e013eb342f03b05","subject":"feat(web/panettone): Implement OAuth2-based authentication","status":"MERGED","created":"2022-05-28 16:23:48.000000000","updated":"2022-05-28 18:00:02.000000000","submitted":"2022-05-28 18:00:02.000000000","submitter":{"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"},"total_comment_count":0,"unresolved_comment_count":0,"has_review_started":true,"submission_id":"5772","meta_rev_id":"a02d7db74e1ada063b9005937a4c8fd2f296fa08","_number":5772,"virtual_id_number":5772,"owner":{"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"},"actions":{},"labels":{"Code-Review":{"approved":{"_account_id":1000010,"name":"aspen","email":"root@gws.fyi","username":"aspen"},"all":[{"value":0,"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"},{"tag":"autogenerated:gerrit:merged","value":2,"date":"2022-05-28 18:00:02.000000000","permitted_voting_range":{"min":2,"max":2},"_account_id":1000010,"name":"aspen","email":"root@gws.fyi","username":"aspen"},{"value":0,"_account_id":1000014,"name":"BuildkiteCI","username":"buildkite","tags":["SERVICE_USER"]}],"values":{"-2":"This shall not be merged","-1":"I would prefer this is not merged as is"," 0":"No score","+1":"Looks good to me, but someone else must approve","+2":"Looks good to me, approved"},"description":"","default_value":0},"Verified":{"approved":{"_account_id":1000014,"name":"BuildkiteCI","username":"buildkite","tags":["SERVICE_USER"]},"all":[{"value":0,"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"},{"value":0,"_account_id":1000010,"name":"aspen","email":"root@gws.fyi","username":"aspen"},{"tag":"autogenerated:gerrit:merged","value":1,"date":"2022-05-28 18:00:02.000000000","permitted_voting_range":{"min":1,"max":1},"_account_id":1000014,"name":"BuildkiteCI","username":"buildkite","tags":["SERVICE_USER"]}],"values":{"-1":"Fails"," 0":"No score","+1":"Verified"},"description":"","default_value":0},"Autosubmit":{"all":[{"value":0,"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"},{"value":0,"_account_id":1000010,"name":"aspen","email":"root@gws.fyi","username":"aspen"},{"value":0,"_account_id":1000014,"name":"BuildkiteCI","username":"buildkite","tags":["SERVICE_USER"]}],"values":{" 0":"Submit manually","+1":"Submit automatically"},"description":"","default_value":0,"optional":true},"All-Comments-Resolved":{"approved":{"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"},"all":[{"value":0,"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"},{"value":0,"_account_id":1000010,"name":"aspen","email":"root@gws.fyi","username":"aspen"},{"value":0,"_account_id":1000014,"name":"BuildkiteCI","username":"buildkite","tags":["SERVICE_USER"]}]},"Conformant-Commit-Message":{"approved":{"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"},"all":[{"value":0,"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"},{"value":0,"_account_id":1000010,"name":"aspen","email":"root@gws.fyi","username":"aspen"},{"value":0,"_account_id":1000014,"name":"BuildkiteCI","username":"buildkite","tags":["SERVICE_USER"]}]}},"removable_reviewers":[],"reviewers":{"REVIEWER":[{"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"},{"_account_id":1000010,"name":"aspen","email":"root@gws.fyi","username":"aspen"},{"_account_id":1000014,"name":"BuildkiteCI","username":"buildkite","tags":["SERVICE_USER"]}]},"pending_reviewers":{},"reviewer_updates":[{"updated":"2022-05-28 16:23:51.000000000","updated_by":{"_account_id":1000014,"name":"BuildkiteCI","username":"buildkite","tags":["SERVICE_USER"]},"reviewer":{"_account_id":1000014,"name":"BuildkiteCI","username":"buildkite","tags":["SERVICE_USER"]},"state":"CC"},{"updated":"2022-05-28 16:25:06.000000000","updated_by":{"_account_id":1000014,"name":"BuildkiteCI","username":"buildkite","tags":["SERVICE_USER"]},"reviewer":{"_account_id":1000014,"name":"BuildkiteCI","username":"buildkite","tags":["SERVICE_USER"]},"state":"REVIEWER"},{"updated":"2022-05-28 17:59:36.000000000","updated_by":{"_account_id":1000010,"name":"aspen","email":"root@gws.fyi","username":"aspen"},"reviewer":{"_account_id":1000010,"name":"aspen","email":"root@gws.fyi","username":"aspen"},"state":"REVIEWER"}],"messages":[{"id":"4393ba56c9918c6b274ba51eb17e84eff470d405","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"},"date":"2022-05-28 16:23:48.000000000","message":"Uploaded patch set 1.","accounts_in_message":[],"_revision_number":1},{"id":"49990fef62de9d11ca5d76ba121118fb452e8308","tag":"autogenerated:buildkite~trigger","author":{"_account_id":1000014,"name":"BuildkiteCI","username":"buildkite","tags":["SERVICE_USER"]},"date":"2022-05-28 16:23:51.000000000","message":"Patch Set 1:\n\nStarted build for patchset #1 on: https://buildkite.com/tvl/depot/builds/13945","accounts_in_message":[],"_revision_number":1},{"id":"f01b53c28d1c971fe03322841ce7025bd51a2942","tag":"autogenerated:buildkite~result","author":{"_account_id":1000014,"name":"BuildkiteCI","username":"buildkite","tags":["SERVICE_USER"]},"date":"2022-05-28 16:25:06.000000000","message":"Patch Set 1: Verified-1\n\nBuild of patchset 1 failed: https://buildkite.com/tvl/depot/builds/13945","accounts_in_message":[],"_revision_number":1},{"id":"d6ea2b31469caceeaf9511ec7627e0356d968e9c","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"},"date":"2022-05-28 16:25:49.000000000","message":"Uploaded patch set 2.","accounts_in_message":[],"_revision_number":2},{"id":"879ae069025020637c44f7de89f0795c79b71da1","tag":"autogenerated:buildkite~trigger","author":{"_account_id":1000014,"name":"BuildkiteCI","username":"buildkite","tags":["SERVICE_USER"]},"date":"2022-05-28 16:25:50.000000000","message":"Patch Set 2:\n\nStarted build for patchset #2 on: https://buildkite.com/tvl/depot/builds/13946","accounts_in_message":[],"_revision_number":2},{"id":"9d2d4e6943e37f69558d851a1dc4c21e7a405915","tag":"autogenerated:buildkite~result","author":{"_account_id":1000014,"name":"BuildkiteCI","username":"buildkite","tags":["SERVICE_USER"]},"date":"2022-05-28 16:27:07.000000000","message":"Patch Set 2: Verified-1\n\nBuild of patchset 2 failed: https://buildkite.com/tvl/depot/builds/13946","accounts_in_message":[],"_revision_number":2},{"id":"441968991d0fffb35af135ab57152139a98da797","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"},"date":"2022-05-28 16:29:46.000000000","message":"Uploaded patch set 3.","accounts_in_message":[],"_revision_number":3},{"id":"da1c6885ff9e883e205eec35febffdfb9b905dac","tag":"autogenerated:buildkite~trigger","author":{"_account_id":1000014,"name":"BuildkiteCI","username":"buildkite","tags":["SERVICE_USER"]},"date":"2022-05-28 16:29:48.000000000","message":"Patch Set 3:\n\nStarted build for patchset #3 on: https://buildkite.com/tvl/depot/builds/13947","accounts_in_message":[],"_revision_number":3},{"id":"b1de83376ad2ed1c3d9b55992c6da1b43b949723","tag":"autogenerated:buildkite~result","author":{"_account_id":1000014,"name":"BuildkiteCI","username":"buildkite","tags":["SERVICE_USER"]},"date":"2022-05-28 16:31:03.000000000","message":"Patch Set 3: Verified-1\n\nBuild of patchset 3 failed: https://buildkite.com/tvl/depot/builds/13947","accounts_in_message":[],"_revision_number":3},{"id":"6a0f1bb425c3862e5a50320aeb4f94d49eaf51da","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"},"date":"2022-05-28 16:37:00.000000000","message":"Uploaded patch set 4.","accounts_in_message":[],"_revision_number":4},{"id":"bf0206b1379660c3a6edacc5c59925378f2978cd","tag":"autogenerated:buildkite~trigger","author":{"_account_id":1000014,"name":"BuildkiteCI","username":"buildkite","tags":["SERVICE_USER"]},"date":"2022-05-28 16:37:01.000000000","message":"Patch Set 4:\n\nStarted build for patchset #4 on: https://buildkite.com/tvl/depot/builds/13948","accounts_in_message":[],"_revision_number":4},{"id":"91d7ba47c1a9d5899eea051fcf9376b7e1eee9bc","tag":"autogenerated:buildkite~result","author":{"_account_id":1000014,"name":"BuildkiteCI","username":"buildkite","tags":["SERVICE_USER"]},"date":"2022-05-28 16:38:16.000000000","message":"Patch Set 4: Verified-1\n\nBuild of patchset 4 failed: https://buildkite.com/tvl/depot/builds/13948","accounts_in_message":[],"_revision_number":4},{"id":"5bde792ad6e0ddc70d4ac2541ce3c6fd3a000a7b","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"},"date":"2022-05-28 16:40:33.000000000","message":"Uploaded patch set 5.","accounts_in_message":[],"_revision_number":5},{"id":"54f6df07bb95666cc53ed2c63a9322ff8eb5fb40","tag":"autogenerated:buildkite~trigger","author":{"_account_id":1000014,"name":"BuildkiteCI","username":"buildkite","tags":["SERVICE_USER"]},"date":"2022-05-28 16:40:34.000000000","message":"Patch Set 5:\n\nStarted build for patchset #5 on: https://buildkite.com/tvl/depot/builds/13949","accounts_in_message":[],"_revision_number":5},{"id":"bcc23928fe68eb06cfb49dbcad2137ec398262fa","tag":"autogenerated:buildkite~result","author":{"_account_id":1000014,"name":"BuildkiteCI","username":"buildkite","tags":["SERVICE_USER"]},"date":"2022-05-28 16:41:50.000000000","message":"Patch Set 5: Verified+1\n\nBuild of patchset 5 passed: https://buildkite.com/tvl/depot/builds/13949","accounts_in_message":[],"_revision_number":5},{"id":"ae4a8a5190f33dd3e87cd31b7ef6e2a5b8fded44","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"},"date":"2022-05-28 16:58:46.000000000","message":"Uploaded patch set 6.","accounts_in_message":[],"_revision_number":6},{"id":"77a24b496d3fb1a038c34779241ff4fe7ae203e7","tag":"autogenerated:buildkite~trigger","author":{"_account_id":1000014,"name":"BuildkiteCI","username":"buildkite","tags":["SERVICE_USER"]},"date":"2022-05-28 16:58:47.000000000","message":"Patch Set 6:\n\nStarted build for patchset #6 on: https://buildkite.com/tvl/depot/builds/13950","accounts_in_message":[],"_revision_number":6},{"id":"b4cebc107e862d660a41d43a26cd1d4f884c4ae2","tag":"autogenerated:buildkite~result","author":{"_account_id":1000014,"name":"BuildkiteCI","username":"buildkite","tags":["SERVICE_USER"]},"date":"2022-05-28 17:00:03.000000000","message":"Patch Set 6: Verified+1\n\nBuild of patchset 6 passed: https://buildkite.com/tvl/depot/builds/13950","accounts_in_message":[],"_revision_number":6},{"id":"fc961746d0986f950cf2b27892421fee3212a511","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"},"date":"2022-05-28 17:01:43.000000000","message":"Uploaded patch set 7: Patch Set 6 was rebased.","accounts_in_message":[],"_revision_number":7},{"id":"b2a437e65298ca8bed7d63a7c8c28b914b59d915","tag":"autogenerated:buildkite~trigger","author":{"_account_id":1000014,"name":"BuildkiteCI","username":"buildkite","tags":["SERVICE_USER"]},"date":"2022-05-28 17:01:45.000000000","message":"Patch Set 7:\n\nStarted build for patchset #7 on: https://buildkite.com/tvl/depot/builds/13953","accounts_in_message":[],"_revision_number":7},{"id":"7812c6dd714f97c804681c01307b0eed8b1f65a1","tag":"autogenerated:buildkite~result","author":{"_account_id":1000014,"name":"BuildkiteCI","username":"buildkite","tags":["SERVICE_USER"]},"date":"2022-05-28 17:03:03.000000000","message":"Patch Set 7: Verified+1\n\nBuild of patchset 7 passed: https://buildkite.com/tvl/depot/builds/13953","accounts_in_message":[],"_revision_number":7},{"id":"32f8726227a7334a4f25d5db3fb4c6a5ab336280","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"},"date":"2022-05-28 17:03:40.000000000","message":"Patch Set 8: Patch Set 7 was rebased","accounts_in_message":[],"_revision_number":8},{"id":"3d0c95628ad2c9771b7cf4277e73eb52851e1fae","author":{"_account_id":1000010,"name":"aspen","email":"root@gws.fyi","username":"aspen"},"date":"2022-05-28 17:59:36.000000000","message":"Patch Set 8: Code-Review+2","accounts_in_message":[],"_revision_number":8},{"id":"a02d7db74e1ada063b9005937a4c8fd2f296fa08","tag":"autogenerated:gerrit:merged","author":{"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"},"date":"2022-05-28 18:00:02.000000000","message":"Change has been successfully rebased and submitted as c1bddf191f0f4ca9d14d254a29dfaaa0c49149b5","accounts_in_message":[],"_revision_number":9}],"current_revision_number":9,"current_revision":"c1bddf191f0f4ca9d14d254a29dfaaa0c49149b5","revisions":{"8c85b90a34ce1c55ff0cc9e8b7988db9a3ad7354":{"kind":"REWORK","_number":1,"created":"2022-05-28 16:23:48.000000000","uploader":{"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"},"ref":"refs/changes/72/5772/1","fetch":{"anonymous http":{"url":"https://cl.tvl.fyi/depot","ref":"refs/changes/72/5772/1","commands":{"Checkout":"git fetch https://cl.tvl.fyi/depot refs/changes/72/5772/1 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://cl.tvl.fyi/depot refs/changes/72/5772/1 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://cl.tvl.fyi/depot refs/changes/72/5772/1 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://cl.tvl.fyi/depot refs/changes/72/5772/1"}}},"commit":{"parents":[{"commit":"513f9c3f93e674f2447a221f0d3507470d79082b","subject":"feat(ops/secrets): Add OAuth2 client secret for panettone","web_links":[{"name":"cgit","tooltip":"Open in GitWeb","url":"https://code.tvl.fyi/commit/?id\u003d513f9c3f93e674f2447a221f0d3507470d79082b"}]}],"author":{"name":"Vincent Ambo","email":"mail@tazj.in","date":"2022-05-28 16:20:05.000000000","tz":120},"committer":{"name":"Vincent Ambo","email":"mail@tazj.in","date":"2022-05-28 16:23:45.000000000","tz":120},"subject":"feat(web/panettone): Implement OAuth2-based authentication","message":"feat(web/panettone): Implement OAuth2-based authentication\n\nInstead of directly connecting to LDAP and attempting to bind\nusernames/password, authenticate users through an OAuth2 flow to\nKeycloak.\n\nThis has the advantage of reusing the same SSO we already have for\nGerrit, Buildkite, ...\n\nHowever, much of panettone\u0027s functionality makes assumptions about\nLDAP being used. As a result there are some warts introduced by\nthis (for now):\n\n* Since LDAP DNs are used as primary keys for users, we have to\n  construct fake DNs based on LDAP usernames\n\n  It might be sensible to migrate this to the UUIDs used by Keycloak\n  eventually.\n\n* LDAP is part of the serving path for issues (for fetching user\n  information), however panettone no longer has a way to fetch\n  arbitrary user information unless it is persisted in its database.\n\n  To work around this, we construct a \"fake\" user based only on its\n  DN (i.e. only the username is going to be \"correct\") and use that to\n  serve issues.\n\n* Email notifications no longer work (panettone can not access email\n  addresses)\n\nSome of these need to be worked around by persisting some of that\ninformation in the panettone database instead, as we don\u0027t want to\ngive the service the ability to access arbitrary user information\nanymore.\n\nWe can probably do this with the user settings feature that already\nexists and populate it on launch, but as of this commit email and\ndisplayName functionality is simply broken.\n\nChange-Id: Id32bf5e09d67f0f1e883024c6e013eb342f03b05\n","web_links":[{"name":"cgit","tooltip":"Open in GitWeb","url":"https://code.tvl.fyi/commit/?id\u003d8c85b90a34ce1c55ff0cc9e8b7988db9a3ad7354"}],"resolve_conflicts_web_links":[{"name":"cgit","tooltip":"Open in GitWeb","url":"https://code.tvl.fyi/commit/?id\u003d8c85b90a34ce1c55ff0cc9e8b7988db9a3ad7354"}]},"parents_data":[{"branch_name":"refs/heads/canon","commit_id":"513f9c3f93e674f2447a221f0d3507470d79082b","is_merged_in_target_branch":false,"change_id":"Icc53b161b260632e50b7bdc4c908912fd377bb87","change_number":5771,"patch_set_number":1,"change_status":"MERGED"}],"branch":"refs/heads/canon"},"f60dac6aac767c61d220e0d909a200119ad771f7":{"kind":"REWORK","_number":2,"created":"2022-05-28 16:25:49.000000000","uploader":{"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"},"ref":"refs/changes/72/5772/2","fetch":{"anonymous http":{"url":"https://cl.tvl.fyi/depot","ref":"refs/changes/72/5772/2","commands":{"Checkout":"git fetch https://cl.tvl.fyi/depot refs/changes/72/5772/2 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://cl.tvl.fyi/depot refs/changes/72/5772/2 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://cl.tvl.fyi/depot refs/changes/72/5772/2 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://cl.tvl.fyi/depot refs/changes/72/5772/2"}}},"commit":{"parents":[{"commit":"513f9c3f93e674f2447a221f0d3507470d79082b","subject":"feat(ops/secrets): Add OAuth2 client secret for panettone","web_links":[{"name":"cgit","tooltip":"Open in GitWeb","url":"https://code.tvl.fyi/commit/?id\u003d513f9c3f93e674f2447a221f0d3507470d79082b"}]}],"author":{"name":"Vincent Ambo","email":"mail@tazj.in","date":"2022-05-28 16:20:05.000000000","tz":120},"committer":{"name":"Vincent Ambo","email":"mail@tazj.in","date":"2022-05-28 16:25:47.000000000","tz":120},"subject":"feat(web/panettone): Implement OAuth2-based authentication","message":"feat(web/panettone): Implement OAuth2-based authentication\n\nInstead of directly connecting to LDAP and attempting to bind\nusernames/password, authenticate users through an OAuth2 flow to\nKeycloak.\n\nThis has the advantage of reusing the same SSO we already have for\nGerrit, Buildkite, ...\n\nHowever, much of panettone\u0027s functionality makes assumptions about\nLDAP being used. As a result there are some warts introduced by\nthis (for now):\n\n* Since LDAP DNs are used as primary keys for users, we have to\n  construct fake DNs based on LDAP usernames\n\n  It might be sensible to migrate this to the UUIDs used by Keycloak\n  eventually.\n\n* LDAP is part of the serving path for issues (for fetching user\n  information), however panettone no longer has a way to fetch\n  arbitrary user information unless it is persisted in its database.\n\n  To work around this, we construct a \"fake\" user based only on its\n  DN (i.e. only the username is going to be \"correct\") and use that to\n  serve issues.\n\n* Email notifications no longer work (panettone can not access email\n  addresses)\n\nSome of these need to be worked around by persisting some of that\ninformation in the panettone database instead, as we don\u0027t want to\ngive the service the ability to access arbitrary user information\nanymore.\n\nWe can probably do this with the user settings feature that already\nexists and populate it on launch, but as of this commit email and\ndisplayName functionality is simply broken.\n\nChange-Id: Id32bf5e09d67f0f1e883024c6e013eb342f03b05\n","web_links":[{"name":"cgit","tooltip":"Open in GitWeb","url":"https://code.tvl.fyi/commit/?id\u003df60dac6aac767c61d220e0d909a200119ad771f7"}],"resolve_conflicts_web_links":[{"name":"cgit","tooltip":"Open in GitWeb","url":"https://code.tvl.fyi/commit/?id\u003df60dac6aac767c61d220e0d909a200119ad771f7"}]},"parents_data":[{"branch_name":"refs/heads/canon","commit_id":"513f9c3f93e674f2447a221f0d3507470d79082b","is_merged_in_target_branch":false,"change_id":"Icc53b161b260632e50b7bdc4c908912fd377bb87","change_number":5771,"patch_set_number":1,"change_status":"MERGED"}],"branch":"refs/heads/canon"},"45599ae5a4236c708646c876d747b25d802c0105":{"kind":"REWORK","_number":3,"created":"2022-05-28 16:29:46.000000000","uploader":{"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"},"ref":"refs/changes/72/5772/3","fetch":{"anonymous http":{"url":"https://cl.tvl.fyi/depot","ref":"refs/changes/72/5772/3","commands":{"Checkout":"git fetch https://cl.tvl.fyi/depot refs/changes/72/5772/3 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://cl.tvl.fyi/depot refs/changes/72/5772/3 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://cl.tvl.fyi/depot refs/changes/72/5772/3 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://cl.tvl.fyi/depot refs/changes/72/5772/3"}}},"commit":{"parents":[{"commit":"513f9c3f93e674f2447a221f0d3507470d79082b","subject":"feat(ops/secrets): Add OAuth2 client secret for panettone","web_links":[{"name":"cgit","tooltip":"Open in GitWeb","url":"https://code.tvl.fyi/commit/?id\u003d513f9c3f93e674f2447a221f0d3507470d79082b"}]}],"author":{"name":"Vincent Ambo","email":"mail@tazj.in","date":"2022-05-28 16:20:05.000000000","tz":120},"committer":{"name":"Vincent Ambo","email":"mail@tazj.in","date":"2022-05-28 16:29:44.000000000","tz":120},"subject":"feat(web/panettone): Implement OAuth2-based authentication","message":"feat(web/panettone): Implement OAuth2-based authentication\n\nInstead of directly connecting to LDAP and attempting to bind\nusernames/password, authenticate users through an OAuth2 flow to\nKeycloak.\n\nThis has the advantage of reusing the same SSO we already have for\nGerrit, Buildkite, ...\n\nHowever, much of panettone\u0027s functionality makes assumptions about\nLDAP being used. As a result there are some warts introduced by\nthis (for now):\n\n* Since LDAP DNs are used as primary keys for users, we have to\n  construct fake DNs based on LDAP usernames\n\n  It might be sensible to migrate this to the UUIDs used by Keycloak\n  eventually.\n\n* LDAP is part of the serving path for issues (for fetching user\n  information), however panettone no longer has a way to fetch\n  arbitrary user information unless it is persisted in its database.\n\n  To work around this, we construct a \"fake\" user based only on its\n  DN (i.e. only the username is going to be \"correct\") and use that to\n  serve issues.\n\n* Email notifications no longer work (panettone can not access email\n  addresses)\n\nSome of these need to be worked around by persisting some of that\ninformation in the panettone database instead, as we don\u0027t want to\ngive the service the ability to access arbitrary user information\nanymore.\n\nWe can probably do this with the user settings feature that already\nexists and populate it on launch, but as of this commit email and\ndisplayName functionality is simply broken.\n\nChange-Id: Id32bf5e09d67f0f1e883024c6e013eb342f03b05\n","web_links":[{"name":"cgit","tooltip":"Open in GitWeb","url":"https://code.tvl.fyi/commit/?id\u003d45599ae5a4236c708646c876d747b25d802c0105"}],"resolve_conflicts_web_links":[{"name":"cgit","tooltip":"Open in GitWeb","url":"https://code.tvl.fyi/commit/?id\u003d45599ae5a4236c708646c876d747b25d802c0105"}]},"parents_data":[{"branch_name":"refs/heads/canon","commit_id":"513f9c3f93e674f2447a221f0d3507470d79082b","is_merged_in_target_branch":false,"change_id":"Icc53b161b260632e50b7bdc4c908912fd377bb87","change_number":5771,"patch_set_number":1,"change_status":"MERGED"}],"branch":"refs/heads/canon"},"f605e777e3d044111ce6efd5929809fdeb5d1f58":{"kind":"REWORK","_number":4,"created":"2022-05-28 16:37:00.000000000","uploader":{"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"},"ref":"refs/changes/72/5772/4","fetch":{"anonymous http":{"url":"https://cl.tvl.fyi/depot","ref":"refs/changes/72/5772/4","commands":{"Checkout":"git fetch https://cl.tvl.fyi/depot refs/changes/72/5772/4 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://cl.tvl.fyi/depot refs/changes/72/5772/4 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://cl.tvl.fyi/depot refs/changes/72/5772/4 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://cl.tvl.fyi/depot refs/changes/72/5772/4"}}},"commit":{"parents":[{"commit":"513f9c3f93e674f2447a221f0d3507470d79082b","subject":"feat(ops/secrets): Add OAuth2 client secret for panettone","web_links":[{"name":"cgit","tooltip":"Open in GitWeb","url":"https://code.tvl.fyi/commit/?id\u003d513f9c3f93e674f2447a221f0d3507470d79082b"}]}],"author":{"name":"Vincent Ambo","email":"mail@tazj.in","date":"2022-05-28 16:20:05.000000000","tz":120},"committer":{"name":"Vincent Ambo","email":"mail@tazj.in","date":"2022-05-28 16:36:58.000000000","tz":120},"subject":"feat(web/panettone): Implement OAuth2-based authentication","message":"feat(web/panettone): Implement OAuth2-based authentication\n\nInstead of directly connecting to LDAP and attempting to bind\nusernames/password, authenticate users through an OAuth2 flow to\nKeycloak.\n\nThis has the advantage of reusing the same SSO we already have for\nGerrit, Buildkite, ...\n\nHowever, much of panettone\u0027s functionality makes assumptions about\nLDAP being used. As a result there are some warts introduced by\nthis (for now):\n\n* Since LDAP DNs are used as primary keys for users, we have to\n  construct fake DNs based on LDAP usernames\n\n  It might be sensible to migrate this to the UUIDs used by Keycloak\n  eventually.\n\n* LDAP is part of the serving path for issues (for fetching user\n  information), however panettone no longer has a way to fetch\n  arbitrary user information unless it is persisted in its database.\n\n  To work around this, we construct a \"fake\" user based only on its\n  DN (i.e. only the username is going to be \"correct\") and use that to\n  serve issues.\n\n* Email notifications no longer work (panettone can not access email\n  addresses)\n\nSome of these need to be worked around by persisting some of that\ninformation in the panettone database instead, as we don\u0027t want to\ngive the service the ability to access arbitrary user information\nanymore.\n\nWe can probably do this with the user settings feature that already\nexists and populate it on launch, but as of this commit email and\ndisplayName functionality is simply broken.\n\nChange-Id: Id32bf5e09d67f0f1e883024c6e013eb342f03b05\n","web_links":[{"name":"cgit","tooltip":"Open in GitWeb","url":"https://code.tvl.fyi/commit/?id\u003df605e777e3d044111ce6efd5929809fdeb5d1f58"}],"resolve_conflicts_web_links":[{"name":"cgit","tooltip":"Open in GitWeb","url":"https://code.tvl.fyi/commit/?id\u003df605e777e3d044111ce6efd5929809fdeb5d1f58"}]},"parents_data":[{"branch_name":"refs/heads/canon","commit_id":"513f9c3f93e674f2447a221f0d3507470d79082b","is_merged_in_target_branch":false,"change_id":"Icc53b161b260632e50b7bdc4c908912fd377bb87","change_number":5771,"patch_set_number":1,"change_status":"MERGED"}],"branch":"refs/heads/canon"},"d46a9e05cb905c82384e0c6613d87b71d8e1d625":{"kind":"REWORK","_number":5,"created":"2022-05-28 16:40:33.000000000","uploader":{"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"},"ref":"refs/changes/72/5772/5","fetch":{"anonymous http":{"url":"https://cl.tvl.fyi/depot","ref":"refs/changes/72/5772/5","commands":{"Checkout":"git fetch https://cl.tvl.fyi/depot refs/changes/72/5772/5 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://cl.tvl.fyi/depot refs/changes/72/5772/5 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://cl.tvl.fyi/depot refs/changes/72/5772/5 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://cl.tvl.fyi/depot refs/changes/72/5772/5"}}},"commit":{"parents":[{"commit":"513f9c3f93e674f2447a221f0d3507470d79082b","subject":"feat(ops/secrets): Add OAuth2 client secret for panettone","web_links":[{"name":"cgit","tooltip":"Open in GitWeb","url":"https://code.tvl.fyi/commit/?id\u003d513f9c3f93e674f2447a221f0d3507470d79082b"}]}],"author":{"name":"Vincent Ambo","email":"mail@tazj.in","date":"2022-05-28 16:20:05.000000000","tz":120},"committer":{"name":"Vincent Ambo","email":"mail@tazj.in","date":"2022-05-28 16:40:31.000000000","tz":120},"subject":"feat(web/panettone): Implement OAuth2-based authentication","message":"feat(web/panettone): Implement OAuth2-based authentication\n\nInstead of directly connecting to LDAP and attempting to bind\nusernames/password, authenticate users through an OAuth2 flow to\nKeycloak.\n\nThis has the advantage of reusing the same SSO we already have for\nGerrit, Buildkite, ...\n\nHowever, much of panettone\u0027s functionality makes assumptions about\nLDAP being used. As a result there are some warts introduced by\nthis (for now):\n\n* Since LDAP DNs are used as primary keys for users, we have to\n  construct fake DNs based on LDAP usernames\n\n  It might be sensible to migrate this to the UUIDs used by Keycloak\n  eventually.\n\n* LDAP is part of the serving path for issues (for fetching user\n  information), however panettone no longer has a way to fetch\n  arbitrary user information unless it is persisted in its database.\n\n  To work around this, we construct a \"fake\" user based only on its\n  DN (i.e. only the username is going to be \"correct\") and use that to\n  serve issues.\n\n* Email notifications no longer work (panettone can not access email\n  addresses)\n\nSome of these need to be worked around by persisting some of that\ninformation in the panettone database instead, as we don\u0027t want to\ngive the service the ability to access arbitrary user information\nanymore.\n\nWe can probably do this with the user settings feature that already\nexists and populate it on launch, but as of this commit email and\ndisplayName functionality is simply broken.\n\nChange-Id: Id32bf5e09d67f0f1e883024c6e013eb342f03b05\n","web_links":[{"name":"cgit","tooltip":"Open in GitWeb","url":"https://code.tvl.fyi/commit/?id\u003dd46a9e05cb905c82384e0c6613d87b71d8e1d625"}],"resolve_conflicts_web_links":[{"name":"cgit","tooltip":"Open in GitWeb","url":"https://code.tvl.fyi/commit/?id\u003dd46a9e05cb905c82384e0c6613d87b71d8e1d625"}]},"parents_data":[{"branch_name":"refs/heads/canon","commit_id":"513f9c3f93e674f2447a221f0d3507470d79082b","is_merged_in_target_branch":false,"change_id":"Icc53b161b260632e50b7bdc4c908912fd377bb87","change_number":5771,"patch_set_number":1,"change_status":"MERGED"}],"branch":"refs/heads/canon"},"dd4c347f1c5497a9f8ebd402e4004a630577aa52":{"kind":"REWORK","_number":6,"created":"2022-05-28 16:58:46.000000000","uploader":{"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"},"ref":"refs/changes/72/5772/6","fetch":{"anonymous http":{"url":"https://cl.tvl.fyi/depot","ref":"refs/changes/72/5772/6","commands":{"Checkout":"git fetch https://cl.tvl.fyi/depot refs/changes/72/5772/6 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://cl.tvl.fyi/depot refs/changes/72/5772/6 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://cl.tvl.fyi/depot refs/changes/72/5772/6 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://cl.tvl.fyi/depot refs/changes/72/5772/6"}}},"commit":{"parents":[{"commit":"513f9c3f93e674f2447a221f0d3507470d79082b","subject":"feat(ops/secrets): Add OAuth2 client secret for panettone","web_links":[{"name":"cgit","tooltip":"Open in GitWeb","url":"https://code.tvl.fyi/commit/?id\u003d513f9c3f93e674f2447a221f0d3507470d79082b"}]}],"author":{"name":"Vincent Ambo","email":"mail@tazj.in","date":"2022-05-28 16:20:05.000000000","tz":120},"committer":{"name":"Vincent Ambo","email":"mail@tazj.in","date":"2022-05-28 16:58:43.000000000","tz":120},"subject":"feat(web/panettone): Implement OAuth2-based authentication","message":"feat(web/panettone): Implement OAuth2-based authentication\n\nInstead of directly connecting to LDAP and attempting to bind\nusernames/password, authenticate users through an OAuth2 flow to\nKeycloak.\n\nThis has the advantage of reusing the same SSO we already have for\nGerrit, Buildkite, ...\n\nHowever, much of panettone\u0027s functionality makes assumptions about\nLDAP being used. As a result there are some warts introduced by\nthis (for now):\n\n* Since LDAP DNs are used as primary keys for users, we have to\n  construct fake DNs based on LDAP usernames\n\n  It might be sensible to migrate this to the UUIDs used by Keycloak\n  eventually.\n\n* LDAP is part of the serving path for issues (for fetching user\n  information), however panettone no longer has a way to fetch\n  arbitrary user information unless it is persisted in its database.\n\n  To work around this, we construct a \"fake\" user based only on its\n  DN (i.e. only the username is going to be \"correct\") and use that to\n  serve issues.\n\n* Email notifications no longer work (panettone can not access email\n  addresses)\n\nSome of these need to be worked around by persisting some of that\ninformation in the panettone database instead, as we don\u0027t want to\ngive the service the ability to access arbitrary user information\nanymore.\n\nWe can probably do this with the user settings feature that already\nexists and populate it on launch, but as of this commit email and\ndisplayName functionality is simply broken.\n\nChange-Id: Id32bf5e09d67f0f1e883024c6e013eb342f03b05\n","web_links":[{"name":"cgit","tooltip":"Open in GitWeb","url":"https://code.tvl.fyi/commit/?id\u003ddd4c347f1c5497a9f8ebd402e4004a630577aa52"}],"resolve_conflicts_web_links":[{"name":"cgit","tooltip":"Open in GitWeb","url":"https://code.tvl.fyi/commit/?id\u003ddd4c347f1c5497a9f8ebd402e4004a630577aa52"}]},"parents_data":[{"branch_name":"refs/heads/canon","commit_id":"513f9c3f93e674f2447a221f0d3507470d79082b","is_merged_in_target_branch":false,"change_id":"Icc53b161b260632e50b7bdc4c908912fd377bb87","change_number":5771,"patch_set_number":1,"change_status":"MERGED"}],"branch":"refs/heads/canon"},"a4cc37a6531085abfc66a3e0825338689beda3f2":{"kind":"TRIVIAL_REBASE","_number":7,"created":"2022-05-28 17:01:43.000000000","uploader":{"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"},"ref":"refs/changes/72/5772/7","fetch":{"anonymous http":{"url":"https://cl.tvl.fyi/depot","ref":"refs/changes/72/5772/7","commands":{"Checkout":"git fetch https://cl.tvl.fyi/depot refs/changes/72/5772/7 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://cl.tvl.fyi/depot refs/changes/72/5772/7 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://cl.tvl.fyi/depot refs/changes/72/5772/7 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://cl.tvl.fyi/depot refs/changes/72/5772/7"}}},"commit":{"parents":[{"commit":"f20df04d5d37a4c86f84a80254829c0925035b31","subject":"feat(ops/secrets): Add OAuth2 client secret for panettone","web_links":[{"name":"cgit","tooltip":"Open in GitWeb","url":"https://code.tvl.fyi/commit/?id\u003df20df04d5d37a4c86f84a80254829c0925035b31"}]}],"author":{"name":"Vincent Ambo","email":"mail@tazj.in","date":"2022-05-28 16:20:05.000000000","tz":120},"committer":{"name":"Vincent Ambo","email":"mail@tazj.in","date":"2022-05-28 17:01:40.000000000","tz":120},"subject":"feat(web/panettone): Implement OAuth2-based authentication","message":"feat(web/panettone): Implement OAuth2-based authentication\n\nInstead of directly connecting to LDAP and attempting to bind\nusernames/password, authenticate users through an OAuth2 flow to\nKeycloak.\n\nThis has the advantage of reusing the same SSO we already have for\nGerrit, Buildkite, ...\n\nHowever, much of panettone\u0027s functionality makes assumptions about\nLDAP being used. As a result there are some warts introduced by\nthis (for now):\n\n* Since LDAP DNs are used as primary keys for users, we have to\n  construct fake DNs based on LDAP usernames\n\n  It might be sensible to migrate this to the UUIDs used by Keycloak\n  eventually.\n\n* LDAP is part of the serving path for issues (for fetching user\n  information), however panettone no longer has a way to fetch\n  arbitrary user information unless it is persisted in its database.\n\n  To work around this, we construct a \"fake\" user based only on its\n  DN (i.e. only the username is going to be \"correct\") and use that to\n  serve issues.\n\n* Email notifications no longer work (panettone can not access email\n  addresses)\n\nSome of these need to be worked around by persisting some of that\ninformation in the panettone database instead, as we don\u0027t want to\ngive the service the ability to access arbitrary user information\nanymore.\n\nWe can probably do this with the user settings feature that already\nexists and populate it on launch, but as of this commit email and\ndisplayName functionality is simply broken.\n\nChange-Id: Id32bf5e09d67f0f1e883024c6e013eb342f03b05\n","web_links":[{"name":"cgit","tooltip":"Open in GitWeb","url":"https://code.tvl.fyi/commit/?id\u003da4cc37a6531085abfc66a3e0825338689beda3f2"}],"resolve_conflicts_web_links":[{"name":"cgit","tooltip":"Open in GitWeb","url":"https://code.tvl.fyi/commit/?id\u003da4cc37a6531085abfc66a3e0825338689beda3f2"}]},"parents_data":[{"branch_name":"refs/heads/canon","commit_id":"f20df04d5d37a4c86f84a80254829c0925035b31","is_merged_in_target_branch":false,"change_id":"Icc53b161b260632e50b7bdc4c908912fd377bb87","change_number":5771,"patch_set_number":2,"change_status":"MERGED"}],"branch":"refs/heads/canon"},"863846f8e513ce721ddbf10f7abc9913dd1d0365":{"kind":"NO_CHANGE","_number":8,"created":"2022-05-28 17:03:40.000000000","uploader":{"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"},"ref":"refs/changes/72/5772/8","fetch":{"anonymous http":{"url":"https://cl.tvl.fyi/depot","ref":"refs/changes/72/5772/8","commands":{"Checkout":"git fetch https://cl.tvl.fyi/depot refs/changes/72/5772/8 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://cl.tvl.fyi/depot refs/changes/72/5772/8 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://cl.tvl.fyi/depot refs/changes/72/5772/8 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://cl.tvl.fyi/depot refs/changes/72/5772/8"}}},"commit":{"parents":[{"commit":"121fb136485e2f3fb5a6ed04bb3607a4dcaa8368","subject":"feat(ops/secrets): Add OAuth2 client secret for panettone","web_links":[{"name":"cgit","tooltip":"Open in GitWeb","url":"https://code.tvl.fyi/commit/?id\u003d121fb136485e2f3fb5a6ed04bb3607a4dcaa8368"}]}],"author":{"name":"Vincent Ambo","email":"mail@tazj.in","date":"2022-05-28 16:20:05.000000000","tz":120},"committer":{"name":"tazjin","email":"tazjin@tvl.su","date":"2022-05-28 17:03:40.000000000","tz":0},"subject":"feat(web/panettone): Implement OAuth2-based authentication","message":"feat(web/panettone): Implement OAuth2-based authentication\n\nInstead of directly connecting to LDAP and attempting to bind\nusernames/password, authenticate users through an OAuth2 flow to\nKeycloak.\n\nThis has the advantage of reusing the same SSO we already have for\nGerrit, Buildkite, ...\n\nHowever, much of panettone\u0027s functionality makes assumptions about\nLDAP being used. As a result there are some warts introduced by\nthis (for now):\n\n* Since LDAP DNs are used as primary keys for users, we have to\n  construct fake DNs based on LDAP usernames\n\n  It might be sensible to migrate this to the UUIDs used by Keycloak\n  eventually.\n\n* LDAP is part of the serving path for issues (for fetching user\n  information), however panettone no longer has a way to fetch\n  arbitrary user information unless it is persisted in its database.\n\n  To work around this, we construct a \"fake\" user based only on its\n  DN (i.e. only the username is going to be \"correct\") and use that to\n  serve issues.\n\n* Email notifications no longer work (panettone can not access email\n  addresses)\n\nSome of these need to be worked around by persisting some of that\ninformation in the panettone database instead, as we don\u0027t want to\ngive the service the ability to access arbitrary user information\nanymore.\n\nWe can probably do this with the user settings feature that already\nexists and populate it on launch, but as of this commit email and\ndisplayName functionality is simply broken.\n\nChange-Id: Id32bf5e09d67f0f1e883024c6e013eb342f03b05\n","web_links":[{"name":"cgit","tooltip":"Open in GitWeb","url":"https://code.tvl.fyi/commit/?id\u003d863846f8e513ce721ddbf10f7abc9913dd1d0365"}],"resolve_conflicts_web_links":[{"name":"cgit","tooltip":"Open in GitWeb","url":"https://code.tvl.fyi/commit/?id\u003d863846f8e513ce721ddbf10f7abc9913dd1d0365"}]},"parents_data":[{"branch_name":"refs/heads/canon","commit_id":"121fb136485e2f3fb5a6ed04bb3607a4dcaa8368","is_merged_in_target_branch":true,"change_id":"Icc53b161b260632e50b7bdc4c908912fd377bb87","change_number":5771,"patch_set_number":3,"change_status":"MERGED"}],"branch":"refs/heads/canon","description":"Rebase"},"c1bddf191f0f4ca9d14d254a29dfaaa0c49149b5":{"kind":"NO_CODE_CHANGE","_number":9,"created":"2022-05-28 18:00:02.000000000","uploader":{"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"},"ref":"refs/changes/72/5772/9","fetch":{"anonymous http":{"url":"https://cl.tvl.fyi/depot","ref":"refs/changes/72/5772/9","commands":{"Checkout":"git fetch https://cl.tvl.fyi/depot refs/changes/72/5772/9 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://cl.tvl.fyi/depot refs/changes/72/5772/9 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://cl.tvl.fyi/depot refs/changes/72/5772/9 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://cl.tvl.fyi/depot refs/changes/72/5772/9"}}},"commit":{"parents":[{"commit":"121fb136485e2f3fb5a6ed04bb3607a4dcaa8368","subject":"feat(ops/secrets): Add OAuth2 client secret for panettone","web_links":[{"name":"cgit","tooltip":"Open in GitWeb","url":"https://code.tvl.fyi/commit/?id\u003d121fb136485e2f3fb5a6ed04bb3607a4dcaa8368"}]}],"author":{"name":"Vincent Ambo","email":"mail@tazj.in","date":"2022-05-28 16:20:05.000000000","tz":120},"committer":{"name":"tazjin","email":"tazjin@tvl.su","date":"2022-05-28 18:00:02.000000000","tz":0},"subject":"feat(web/panettone): Implement OAuth2-based authentication","message":"feat(web/panettone): Implement OAuth2-based authentication\n\nInstead of directly connecting to LDAP and attempting to bind\nusernames/password, authenticate users through an OAuth2 flow to\nKeycloak.\n\nThis has the advantage of reusing the same SSO we already have for\nGerrit, Buildkite, ...\n\nHowever, much of panettone\u0027s functionality makes assumptions about\nLDAP being used. As a result there are some warts introduced by\nthis (for now):\n\n* Since LDAP DNs are used as primary keys for users, we have to\n  construct fake DNs based on LDAP usernames\n\n  It might be sensible to migrate this to the UUIDs used by Keycloak\n  eventually.\n\n* LDAP is part of the serving path for issues (for fetching user\n  information), however panettone no longer has a way to fetch\n  arbitrary user information unless it is persisted in its database.\n\n  To work around this, we construct a \"fake\" user based only on its\n  DN (i.e. only the username is going to be \"correct\") and use that to\n  serve issues.\n\n* Email notifications no longer work (panettone can not access email\n  addresses)\n\nSome of these need to be worked around by persisting some of that\ninformation in the panettone database instead, as we don\u0027t want to\ngive the service the ability to access arbitrary user information\nanymore.\n\nWe can probably do this with the user settings feature that already\nexists and populate it on launch, but as of this commit email and\ndisplayName functionality is simply broken.\n\nChange-Id: Id32bf5e09d67f0f1e883024c6e013eb342f03b05\nReviewed-on: https://cl.tvl.fyi/c/depot/+/5772\nReviewed-by: grfn \u003cgrfn@gws.fyi\u003e\nTested-by: BuildkiteCI\n","web_links":[{"name":"cgit","tooltip":"Open in GitWeb","url":"https://code.tvl.fyi/commit/?id\u003dc1bddf191f0f4ca9d14d254a29dfaaa0c49149b5"}],"resolve_conflicts_web_links":[{"name":"cgit","tooltip":"Open in GitWeb","url":"https://code.tvl.fyi/commit/?id\u003dc1bddf191f0f4ca9d14d254a29dfaaa0c49149b5"}]},"parents_data":[{"branch_name":"refs/heads/canon","commit_id":"121fb136485e2f3fb5a6ed04bb3607a4dcaa8368","is_merged_in_target_branch":true,"change_id":"Icc53b161b260632e50b7bdc4c908912fd377bb87","change_number":5771,"patch_set_number":3,"change_status":"MERGED"}],"branch":"refs/heads/canon"}},"requirements":[],"submit_records":[{"status":"CLOSED","labels":[{"label":"Code-Review-from-owners","status":"OK","applied_by":{"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"}},{"label":"Autosubmit","status":"MAY"},{"label":"Conformant-Commit-Message","status":"OK","applied_by":{"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"}},{"label":"All-Comments-Resolved","status":"OK","applied_by":{"_account_id":1000001,"name":"tazjin","email":"tazjin@tvl.su","username":"tazjin"}},{"label":"Verified","status":"OK","applied_by":{"_account_id":1000014,"name":"BuildkiteCI","username":"buildkite","tags":["SERVICE_USER"]}},{"label":"Code-Review","status":"OK","applied_by":{"_account_id":1000010,"name":"aspen","email":"root@gws.fyi","username":"aspen"}}]}],"submit_requirements":[{"name":"Verified","status":"SATISFIED","is_legacy":true,"submittability_expression_result":{"expression":"label:Verified\u003dCustom-Rule","fulfilled":true,"status":"PASS","passing_atoms":["label:Verified\u003dCustom-Rule"],"failing_atoms":[]}},{"name":"All-Comments-Resolved","status":"SATISFIED","is_legacy":true,"submittability_expression_result":{"expression":"label:All-Comments-Resolved\u003dCustom-Rule","fulfilled":true,"status":"PASS","passing_atoms":["label:All-Comments-Resolved\u003dCustom-Rule"],"failing_atoms":[]}},{"name":"Code-Review-from-owners","status":"SATISFIED","is_legacy":true,"submittability_expression_result":{"expression":"label:Code-Review-from-owners\u003dCustom-Rule","fulfilled":true,"status":"PASS","passing_atoms":["label:Code-Review-from-owners\u003dCustom-Rule"],"failing_atoms":[]}},{"name":"Code-Review","status":"SATISFIED","is_legacy":true,"submittability_expression_result":{"expression":"label:Code-Review\u003dCustom-Rule","fulfilled":true,"status":"PASS","passing_atoms":["label:Code-Review\u003dCustom-Rule"],"failing_atoms":[]}},{"name":"Conformant-Commit-Message","status":"SATISFIED","is_legacy":true,"submittability_expression_result":{"expression":"label:Conformant-Commit-Message\u003dCustom-Rule","fulfilled":true,"status":"PASS","passing_atoms":["label:Conformant-Commit-Message\u003dCustom-Rule"],"failing_atoms":[]}}]}