)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":36227,"name":"Katarina Strenkova","email":"kstrenko@redhat.com","username":"kstrenko"},"change_message_id":"eb09cb434d86b66f9ca0134979c477a85e2833c3","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"a4526d2e_43a6ea4b","updated":"2025-07-30 11:55:01.000000000","message":"I have tested this change locally and it seems to be setting the password correctly. Create must be set to true to change the password and the password length parameter should reflect the one in the regex. I didn\u0027t want to get the length from the regex because there could be multiple lengths and it could be tricky to pick the correct one. This way user can also choose the length of the password.\n\nCommand I used:\ndiscover-tempest-config --create --password-regex \u0027^(?\u003d.*\\d)(?\u003d.*[a-zA-Z]).{{7,}}$\u0027 --password-length 7\n\nI am curious what do you think about this patch logic-wise. I tried to make as little changes as I could while making the code work.","commit_id":"652d1e8c3696960d2bffce056e4c7be24a72d37d"},{"author":{"_account_id":10459,"name":"Luigi Toscano","email":"ltoscano@redhat.com","username":"ltoscano"},"change_message_id":"6bb9ccc46ba72d4b2cb7ffedab7c699709324a48","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"f3972a7d_85234d90","updated":"2025-07-31 10:41:03.000000000","message":"Thanks. This needs a release note. Also, please see a few comments inline.","commit_id":"652d1e8c3696960d2bffce056e4c7be24a72d37d"},{"author":{"_account_id":36227,"name":"Katarina Strenkova","email":"kstrenko@redhat.com","username":"kstrenko"},"change_message_id":"876e3243539055e308bbdf162ad820cfb51b10bb","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"743894df_c7db36c5","in_reply_to":"8629ea90_24a1be89","updated":"2025-07-31 12:44:49.000000000","message":"I agree with what you are saying. Then maybe the password length could be separate from password regex (currently password-length doesn\u0027t work on its own), although I don\u0027t see a use case for that.\n\nAdditionally, I would say the case when a user sets a wrong length of the password, is covered enough with the error message.","commit_id":"652d1e8c3696960d2bffce056e4c7be24a72d37d"},{"author":{"_account_id":10459,"name":"Luigi Toscano","email":"ltoscano@redhat.com","username":"ltoscano"},"change_message_id":"41ec57e89e5d7706977a404632afad588be52909","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"8629ea90_24a1be89","in_reply_to":"a4526d2e_43a6ea4b","updated":"2025-07-31 10:43:36.000000000","message":"I\u0027ve commented separately but to address your questions I agree that regexp and password should be separate, also because the length may be bigger than the specified limit in the regexp. Also, the limit in the regex may not be set, so the two parameters are not fully completely related (or at least, they are partially: bad for the user if they specify a regex with at least 7 characters and then they request 6 as a length).","commit_id":"652d1e8c3696960d2bffce056e4c7be24a72d37d"},{"author":{"_account_id":36227,"name":"Katarina Strenkova","email":"kstrenko@redhat.com","username":"kstrenko"},"change_message_id":"876e3243539055e308bbdf162ad820cfb51b10bb","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"aa11f845_adf1fb39","in_reply_to":"f3972a7d_85234d90","updated":"2025-07-31 12:44:49.000000000","message":"Thank you for your review! I will add a release note in my next patchset.","commit_id":"652d1e8c3696960d2bffce056e4c7be24a72d37d"},{"author":{"_account_id":10459,"name":"Luigi Toscano","email":"ltoscano@redhat.com","username":"ltoscano"},"change_message_id":"0a02bbd5114a3661f956e6ee516771a9dbef51f9","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"17ebf5bc_e2d69618","updated":"2025-08-19 12:02:53.000000000","message":"Thank you!\n\nArx, how does it look to you?","commit_id":"8515371b7cceebd4282e09f1d8f0cc842df82855"},{"author":{"_account_id":10459,"name":"Luigi Toscano","email":"ltoscano@redhat.com","username":"ltoscano"},"change_message_id":"999d7c8fb9c1b229d54d4d32f8410ce7ec3dc358","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"2812f530_ea34da31","updated":"2025-08-13 11:52:41.000000000","message":"recheck\n\nunrelated error in python-tempestconf-tempest-devstack-enforce-scope-new-defaults-admin","commit_id":"8515371b7cceebd4282e09f1d8f0cc842df82855"},{"author":{"_account_id":36227,"name":"Katarina Strenkova","email":"kstrenko@redhat.com","username":"kstrenko"},"change_message_id":"b7bd243e16dc652ba6e257d4d8db502c3ff87296","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"21dc3638_d04873d7","updated":"2025-08-13 11:22:59.000000000","message":"recheck\nI think the failure was not caused by the patch.","commit_id":"8515371b7cceebd4282e09f1d8f0cc842df82855"}],"config_tempest/main.py":[{"author":{"_account_id":10459,"name":"Luigi Toscano","email":"ltoscano@redhat.com","username":"ltoscano"},"change_message_id":"6bb9ccc46ba72d4b2cb7ffedab7c699709324a48","unresolved":true,"context_lines":[{"line_number":476,"context_line":"    regex \u003d regex.replace(\u0027{{\u0027, \u0027{\u0027).replace(\u0027}}\u0027, \u0027}\u0027)"},{"line_number":477,"context_line":"    regex_object \u003d re.compile(regex)"},{"line_number":478,"context_line":""},{"line_number":479,"context_line":"    for _ in range(100):"},{"line_number":480,"context_line":"        password \u003d \u0027\u0027.join(secrets.choice(characters) for i in range(length))"},{"line_number":481,"context_line":"        if regex_object.fullmatch(password):"},{"line_number":482,"context_line":"            return password"}],"source_content_type":"text/x-python","patch_set":7,"id":"5ffb9d0e_084fc2c7","line":479,"updated":"2025-07-31 10:41:03.000000000","message":"Can you please try some light benchmarking on this, to see how long it takes to run, say, max 1000 iterations or more?\nAnd similary, could you get some data on how many iterations does it take for a match to happen? Let\u0027s say with different password sizes, 8, 12, 16, 20, and various (randomly generated? Maybe an LLM can help) regexps.\n\nIf we have, let\u0027s say, a 95% of confidence that with a maximum one or two seconds of execution we get the results, for example, it would be worth extending the number of loops.\n\nWith the results found from that investigation it could be possible to see if we can add a small unit test, even for a simple regexp and a very short password (right, unit tests should always pass, but maybe if the regexp is simple enough we can technically get a 100% percent?). Not sure though.","commit_id":"652d1e8c3696960d2bffce056e4c7be24a72d37d"},{"author":{"_account_id":36227,"name":"Katarina Strenkova","email":"kstrenko@redhat.com","username":"kstrenko"},"change_message_id":"90ee31f74ea7784c1ab6c74a67142567f4f2abc1","unresolved":true,"context_lines":[{"line_number":476,"context_line":"    regex \u003d regex.replace(\u0027{{\u0027, \u0027{\u0027).replace(\u0027}}\u0027, \u0027}\u0027)"},{"line_number":477,"context_line":"    regex_object \u003d re.compile(regex)"},{"line_number":478,"context_line":""},{"line_number":479,"context_line":"    for _ in range(100):"},{"line_number":480,"context_line":"        password \u003d \u0027\u0027.join(secrets.choice(characters) for i in range(length))"},{"line_number":481,"context_line":"        if regex_object.fullmatch(password):"},{"line_number":482,"context_line":"            return password"}],"source_content_type":"text/x-python","patch_set":7,"id":"8a5949b9_e165e5e9","line":479,"in_reply_to":"1b6fa295_0dd7845e","updated":"2025-08-14 11:02:12.000000000","message":"I tried to add basic test cases. Do the new tests look good to you?","commit_id":"652d1e8c3696960d2bffce056e4c7be24a72d37d"},{"author":{"_account_id":10459,"name":"Luigi Toscano","email":"ltoscano@redhat.com","username":"ltoscano"},"change_message_id":"b312a2ae579cf7508a8285b93645ed6561005163","unresolved":true,"context_lines":[{"line_number":476,"context_line":"    regex \u003d regex.replace(\u0027{{\u0027, \u0027{\u0027).replace(\u0027}}\u0027, \u0027}\u0027)"},{"line_number":477,"context_line":"    regex_object \u003d re.compile(regex)"},{"line_number":478,"context_line":""},{"line_number":479,"context_line":"    for _ in range(100):"},{"line_number":480,"context_line":"        password \u003d \u0027\u0027.join(secrets.choice(characters) for i in range(length))"},{"line_number":481,"context_line":"        if regex_object.fullmatch(password):"},{"line_number":482,"context_line":"            return password"}],"source_content_type":"text/x-python","patch_set":7,"id":"1b6fa295_0dd7845e","line":479,"in_reply_to":"25e3f1f1_67ead8ed","updated":"2025-08-12 16:44:00.000000000","message":"Thanks for the detailed analysis (and the meaningful usage of an LLM) and sorry for the delay.\n\nI see you set to 200 iterations. With that value, the success for simple regex and relatively short string seems to be always guaranteed, so what about one or two test cases?","commit_id":"652d1e8c3696960d2bffce056e4c7be24a72d37d"},{"author":{"_account_id":36227,"name":"Katarina Strenkova","email":"kstrenko@redhat.com","username":"kstrenko"},"change_message_id":"141cb04daa1bed01b5426e3e953078854210f8b5","unresolved":true,"context_lines":[{"line_number":476,"context_line":"    regex \u003d regex.replace(\u0027{{\u0027, \u0027{\u0027).replace(\u0027}}\u0027, \u0027}\u0027)"},{"line_number":477,"context_line":"    regex_object \u003d re.compile(regex)"},{"line_number":478,"context_line":""},{"line_number":479,"context_line":"    for _ in range(100):"},{"line_number":480,"context_line":"        password \u003d \u0027\u0027.join(secrets.choice(characters) for i in range(length))"},{"line_number":481,"context_line":"        if regex_object.fullmatch(password):"},{"line_number":482,"context_line":"            return password"}],"source_content_type":"text/x-python","patch_set":7,"id":"25e3f1f1_67ead8ed","line":479,"in_reply_to":"2641a5e9_432a30bf","updated":"2025-08-05 09:04:44.000000000","message":"I have looked into it and here are my results.\n\nBenchmarking with timeit library (MAX_TRIES, AVG_TIME):\nA) Correct more difficult regex with length 16\n100:   0.000042 seconds per call\n1000:  0.000043 seconds per call\n10000: 0.000042 seconds per call\n\nB) Incorrect regex with required length 16, but given length 15\n100:   0.003280 seconds per call\n1000:  0.032033 seconds per call\n10000: 0.320941 seconds per call\n\nNext I used AI to generate a script for getting detailed results for multiple test runs. It seems 100 iterations are enough for simple passwords and even regular Openstack password regexes, but randomly generated regexes sometimes fail. For 200 iterations only one test fails on average, even when I run it multiple times. Then the 1000 iterations all tests pass, but the time starts to go up, so I would lean towards a lower number.\n\n100:  https://paste.opendev.org/show/bLkp5r7ccVtoYQ33PmF1/\n200:  https://paste.opendev.org/show/biepTGZBtfoyv0ISZa22/\n1000: https://paste.opendev.org/show/bRqRrnorXYQfLlYr3ypH/","commit_id":"652d1e8c3696960d2bffce056e4c7be24a72d37d"},{"author":{"_account_id":36227,"name":"Katarina Strenkova","email":"kstrenko@redhat.com","username":"kstrenko"},"change_message_id":"876e3243539055e308bbdf162ad820cfb51b10bb","unresolved":true,"context_lines":[{"line_number":476,"context_line":"    regex \u003d regex.replace(\u0027{{\u0027, \u0027{\u0027).replace(\u0027}}\u0027, \u0027}\u0027)"},{"line_number":477,"context_line":"    regex_object \u003d re.compile(regex)"},{"line_number":478,"context_line":""},{"line_number":479,"context_line":"    for _ in range(100):"},{"line_number":480,"context_line":"        password \u003d \u0027\u0027.join(secrets.choice(characters) for i in range(length))"},{"line_number":481,"context_line":"        if regex_object.fullmatch(password):"},{"line_number":482,"context_line":"            return password"}],"source_content_type":"text/x-python","patch_set":7,"id":"2641a5e9_432a30bf","line":479,"in_reply_to":"5ffb9d0e_084fc2c7","updated":"2025-07-31 12:44:49.000000000","message":"Alright, I could try to do it. Your concerns seem valid and it is true that 100 iterations could be too little for a more specific regex or a longer password.\n\nHeads up, that I haven\u0027t tried benchmarking before, but I could find some tutorial online. I will let you know the results later.","commit_id":"652d1e8c3696960d2bffce056e4c7be24a72d37d"}]}