)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":20870,"name":"Alex Kavanagh","email":"alex@ajkavanagh.co.uk","username":"ajkavanagh"},"change_message_id":"440c2bf95b0cdbdcc3653141b6113b67c3f2e801","unresolved":true,"context_lines":[{"line_number":4,"context_line":"Commit:     Pedro Castillo \u003cpedro.castillo@canonical.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2022-03-08 16:13:17 +0000"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Add change-admin-password action"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Change-Id: I6ce69be15b11b00f804d3143d835ec3ce6515865"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"b1f7854b_83c54ef5","line":7,"range":{"start_line":7,"start_character":0,"end_line":7,"end_character":32},"updated":"2022-03-09 16:50:26.000000000","message":"There needs to be a bit more context in this commit message please.\n\ni.e. why is this being added.  Is there a bug or spec that this change refers to?","commit_id":"15801925859cbf22d99ca6d1e83ee1862247d2b8"},{"author":{"_account_id":34584,"name":"Pedro Castillo","email":"pedro.castillo@canonical.com","username":"peterctl"},"change_message_id":"81791b6cd2fb4c09139ca7aed1b96e47f39e1a3c","unresolved":false,"context_lines":[{"line_number":4,"context_line":"Commit:     Pedro Castillo \u003cpedro.castillo@canonical.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2022-03-08 16:13:17 +0000"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Add change-admin-password action"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Change-Id: I6ce69be15b11b00f804d3143d835ec3ce6515865"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"1978ee0b_06747725","line":7,"range":{"start_line":7,"start_character":0,"end_line":7,"end_character":32},"in_reply_to":"b1f7854b_83c54ef5","updated":"2022-03-10 20:42:05.000000000","message":"Done","commit_id":"15801925859cbf22d99ca6d1e83ee1862247d2b8"},{"author":{"_account_id":20634,"name":"Chris MacNaughton","email":"chris.macnaughton@canonical.com","username":"Chris.MacNaughton"},"change_message_id":"51591fa0343bcbf3a922e652085fd04641b0d107","unresolved":true,"context_lines":[{"line_number":10,"context_line":"password by replacing it with a randomly generated one."},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"Change-Id: I6ce69be15b11b00f804d3143d835ec3ce6515865"},{"line_number":13,"context_line":"Related-Bug: 1927280"},{"line_number":14,"context_line":"Func-Test-PR: https://github.com/openstack-charmers/zaza-openstack-tests/pull/720"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":8,"id":"2cd455ef_18bea9c3","line":13,"updated":"2022-03-21 07:39:44.000000000","message":"The format for this is `Related-Bug: #1927280`, note the \u0027#\u0027","commit_id":"ff15eebe9347e1063da3fb1ef8618b435b2c6501"},{"author":{"_account_id":34584,"name":"Pedro Castillo","email":"pedro.castillo@canonical.com","username":"peterctl"},"change_message_id":"1e01f7581dff781225a22a51db25d778f32806e0","unresolved":false,"context_lines":[{"line_number":10,"context_line":"password by replacing it with a randomly generated one."},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"Change-Id: I6ce69be15b11b00f804d3143d835ec3ce6515865"},{"line_number":13,"context_line":"Related-Bug: 1927280"},{"line_number":14,"context_line":"Func-Test-PR: https://github.com/openstack-charmers/zaza-openstack-tests/pull/720"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":8,"id":"026a36f8_930f4dac","line":13,"in_reply_to":"2cd455ef_18bea9c3","updated":"2022-03-21 20:05:10.000000000","message":"Done","commit_id":"ff15eebe9347e1063da3fb1ef8618b435b2c6501"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":11805,"name":"Corey Bryant","email":"corey.bryant@canonical.com","username":"coreycb"},"change_message_id":"cc37b4570253da2aecfa369348f77602251e0d89","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"4c40d057_5f04cdd6","updated":"2022-03-08 20:41:01.000000000","message":"Pedro, I think you\u0027ll want to rebase and go about this similar to Tianqi did in https://review.opendev.org/c/openstack/charm-keystone/+/831831","commit_id":"15801925859cbf22d99ca6d1e83ee1862247d2b8"},{"author":{"_account_id":20870,"name":"Alex Kavanagh","email":"alex@ajkavanagh.co.uk","username":"ajkavanagh"},"change_message_id":"440c2bf95b0cdbdcc3653141b6113b67c3f2e801","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"5abd7065_7a636dea","updated":"2022-03-09 16:50:26.000000000","message":"Thanks for this patch.  Please see the inline comments.","commit_id":"15801925859cbf22d99ca6d1e83ee1862247d2b8"},{"author":{"_account_id":34584,"name":"Pedro Castillo","email":"pedro.castillo@canonical.com","username":"peterctl"},"change_message_id":"81791b6cd2fb4c09139ca7aed1b96e47f39e1a3c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"c36d1f87_75ef2ca4","updated":"2022-03-10 20:42:05.000000000","message":"Manual testing:\n\nubuntu@peterctl-bastion:~/keystone$ ( source ~/openstack-bundles/stable/openstack-base/openrc \u0026\u0026 echo $OS_PASSWORD )\nUsing Keystone v3 API\nHk8HVCjLY63T6fcY\n\nubuntu@peterctl-bastion:~/keystone$ juju run-action keystone/leader --wait change-admin-passwo \nrd\nunit-keystone-0:\n  UnitId: keystone/0\n  id: \"380\"       \n  results:\n    Stderr: |\n      /usr/lib/python3/dist-packages/secretstorage/dhcrypto.py:15: CryptographyDeprecationWarning: int_from_bytes is deprecated, use int.from_bytes instead\n        from cryptography.utils import int_from_bytes\n      /usr/lib/python3/dist-packages/secretstorage/util.py:19: CryptographyDeprecationWarning: int_from_bytes is deprecated, use int.from_bytes instead\n        from cryptography.utils import int_from_bytes\n  status: completed\n  timing:\n    completed: 2022-03-10 20:34:45 +0000 UTC\n    enqueued: 2022-03-10 20:34:38 +0000 UTC\n    started: 2022-03-10 20:34:39 +0000 UTC\n\nubuntu@peterctl-bastion:~/keystone$ ( source ~/openstack-bundles/stable/openstack-base/openrc \u0026\u0026 echo $OS_PASSWORD )\nUsing Keystone v3 API\nXwT8BdbhnM5XH5P2\n\nubuntu@peterctl-bastion:~/keystone$ ( source ~/openstack-bundles/stable/openstack-base/openrc \u0026\u0026 openstack user show admin )\nUsing Keystone v3 API\n+----------------------------------+-------+\n| ID                               | Name  |\n+----------------------------------+-------+\n| 2f218b6e64024b1bb3bb3b23c9bd7f43 | admin |\n+----------------------------------+-------+\n","commit_id":"f3ecec94357d249829bcf1940d003f8bb46abae7"},{"author":{"_account_id":2424,"name":"Felipe Reyes","email":"felipe.reyes@canonical.com","username":"freyes"},"change_message_id":"eee327511498e7295936943a53ba01cec8dfabc8","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"9bc70e40_944c7408","updated":"2022-03-10 21:25:44.000000000","message":"hi Pedro, thanks for the patch, I believe the action should be called \"generate-admin-password\" since it receives no arguments, also this should check if the config option \"admin-password\" is set because otherwise config option will diverge from the actual state of the system.","commit_id":"059fbd7790a9aefc8dcd4b9cf7f40fdbc3285300"},{"author":{"_account_id":2424,"name":"Felipe Reyes","email":"felipe.reyes@canonical.com","username":"freyes"},"change_message_id":"fe990b96f2e595f4109585e6918227a1e3d1bc16","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":5,"id":"1578acee_1afa75ec","in_reply_to":"0a2acf63_47cc00a9","updated":"2022-03-15 14:58:31.000000000","message":"rotate-admin-password feels correct 👍\n\nThe config value can\u0027t be changed from inside the charm, and the description of the config option is advertised to be used only for testing purposes, so probably we could log a warning message when this condition is detected and move on.\n\nAnother thing I just noticed is that the description of the config option \"admin-password\" suggests to use \"juju run --unit keystone/0 leader-get admin_passwd\", this should be updated to \"juju run-action --wait keystone/leader rotate-admin-password\", even when this is not action that must be run in the leader exclusively it allows to have a command that will always work no matter the indexes of the keystone units.","commit_id":"059fbd7790a9aefc8dcd4b9cf7f40fdbc3285300"},{"author":{"_account_id":2424,"name":"Felipe Reyes","email":"felipe.reyes@canonical.com","username":"freyes"},"change_message_id":"323c8d2a5261ff7f6ccdc9953bfb40108dc21b31","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":5,"id":"78e09a26_feaf9743","in_reply_to":"1578acee_1afa75ec","updated":"2022-03-15 15:01:55.000000000","message":"disregard my last paragraph, got confused with the new action get-admin-password that was recently merged.","commit_id":"059fbd7790a9aefc8dcd4b9cf7f40fdbc3285300"},{"author":{"_account_id":34584,"name":"Pedro Castillo","email":"pedro.castillo@canonical.com","username":"peterctl"},"change_message_id":"7c17533a446544c426d9ca6e65fca4ddb43c6372","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"87ee2e68_8d8c9361","in_reply_to":"70b45b5b_d75fbf26","updated":"2022-03-21 20:05:30.000000000","message":"Done","commit_id":"059fbd7790a9aefc8dcd4b9cf7f40fdbc3285300"},{"author":{"_account_id":34584,"name":"Pedro Castillo","email":"pedro.castillo@canonical.com","username":"peterctl"},"change_message_id":"807457f1a3fb5a439c30f906b1de24429d30edb5","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":5,"id":"70b45b5b_d75fbf26","in_reply_to":"78e09a26_feaf9743","updated":"2022-03-16 15:37:16.000000000","message":"I will update the patch to continue the action regardless of the config value, just logging a warning message.\n\nI agree with regards to updating the description from `leader-get admin-passwd` to `run-action get-admin-password`. However, I think this should go on a different patch (which I am more than happy to do).","commit_id":"059fbd7790a9aefc8dcd4b9cf7f40fdbc3285300"},{"author":{"_account_id":34584,"name":"Pedro Castillo","email":"pedro.castillo@canonical.com","username":"peterctl"},"change_message_id":"17887f0d847798f2496d6a242302bfd0b6b6f52f","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":5,"id":"0a2acf63_47cc00a9","in_reply_to":"9bc70e40_944c7408","updated":"2022-03-15 02:05:55.000000000","message":"Hi Felipe, thanks for the review! I agree that the action could have a better name, and also propose \"rotate-admin-password\", since I\u0027ve seen \"rotate\" used very often in this context. Regarding the config option, what should happen when it has a value? Should the action fail, update the config value, or something else?","commit_id":"059fbd7790a9aefc8dcd4b9cf7f40fdbc3285300"},{"author":{"_account_id":8992,"name":"Billy Olsen","email":"billy.olsen@canonical.com","username":"billy-olsen"},"change_message_id":"2ae157ca56e1fa27a18a8ee23453557688e2816a","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"0ede2870_06297cf4","updated":"2022-03-14 19:19:47.000000000","message":"Functional test failure is due to https://github.com/openstack-charmers/zaza-openstack-tests/issues/721","commit_id":"4e6f8ec1283c630e27947998e1090b0d4016b1bd"},{"author":{"_account_id":8992,"name":"Billy Olsen","email":"billy.olsen@canonical.com","username":"billy-olsen"},"change_message_id":"736e9e87cd38a29279b3cd4bec6b9368865924a8","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"9166a2d8_576e9b27","updated":"2022-03-14 21:48:50.000000000","message":"charm-recheck","commit_id":"4e6f8ec1283c630e27947998e1090b0d4016b1bd"},{"author":{"_account_id":34584,"name":"Pedro Castillo","email":"pedro.castillo@canonical.com","username":"peterctl"},"change_message_id":"17887f0d847798f2496d6a242302bfd0b6b6f52f","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"9d94b142_40de2a40","updated":"2022-03-15 02:05:55.000000000","message":"charm-recheck","commit_id":"4e6f8ec1283c630e27947998e1090b0d4016b1bd"},{"author":{"_account_id":20634,"name":"Chris MacNaughton","email":"chris.macnaughton@canonical.com","username":"Chris.MacNaughton"},"change_message_id":"0d9b3c9d506ee9963f9ea8c80307372859a44a1e","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"83b24aa1_f4d4b6a9","updated":"2022-03-22 12:36:46.000000000","message":"Looks good to me, thanks!","commit_id":"ae178d74711f548fe3fd3dda0568492aafe5b216"},{"author":{"_account_id":34584,"name":"Pedro Castillo","email":"pedro.castillo@canonical.com","username":"peterctl"},"change_message_id":"51c993bbcb5f8b954f6ff48d498c1059421a4bdb","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"0fdf8d12_031701a8","updated":"2022-03-21 22:17:25.000000000","message":"charm-recheck","commit_id":"ae178d74711f548fe3fd3dda0568492aafe5b216"}],"actions.yaml":[{"author":{"_account_id":20870,"name":"Alex Kavanagh","email":"alex@ajkavanagh.co.uk","username":"ajkavanagh"},"change_message_id":"440c2bf95b0cdbdcc3653141b6113b67c3f2e801","unresolved":true,"context_lines":[{"line_number":9,"context_line":"    Resume keystone services."},{"line_number":10,"context_line":"    If the keystone deployment is clustered using the hacluster charm, the"},{"line_number":11,"context_line":"    corresponding hacluster unit on the node must be resumed as well."},{"line_number":12,"context_line":"change-admin-password:"},{"line_number":13,"context_line":"  description: |"},{"line_number":14,"context_line":"    Change the admin user\u0027s password."},{"line_number":15,"context_line":"openstack-upgrade:"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"62cf9972_88c16577","line":12,"updated":"2022-03-09 16:50:26.000000000","message":"It would be useful to add a little more explanation.  i.e. from reviewing the code, it generates a new random password.  This would be useful information here, please.","commit_id":"15801925859cbf22d99ca6d1e83ee1862247d2b8"},{"author":{"_account_id":34584,"name":"Pedro Castillo","email":"pedro.castillo@canonical.com","username":"peterctl"},"change_message_id":"81791b6cd2fb4c09139ca7aed1b96e47f39e1a3c","unresolved":false,"context_lines":[{"line_number":9,"context_line":"    Resume keystone services."},{"line_number":10,"context_line":"    If the keystone deployment is clustered using the hacluster charm, the"},{"line_number":11,"context_line":"    corresponding hacluster unit on the node must be resumed as well."},{"line_number":12,"context_line":"change-admin-password:"},{"line_number":13,"context_line":"  description: |"},{"line_number":14,"context_line":"    Change the admin user\u0027s password."},{"line_number":15,"context_line":"openstack-upgrade:"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"b52b3368_7b5d27eb","line":12,"in_reply_to":"62cf9972_88c16577","updated":"2022-03-10 20:42:05.000000000","message":"Done","commit_id":"15801925859cbf22d99ca6d1e83ee1862247d2b8"}],"hooks/keystone_utils.py":[{"author":{"_account_id":34584,"name":"Pedro Castillo","email":"pedro.castillo@canonical.com","username":"peterctl"},"change_message_id":"81791b6cd2fb4c09139ca7aed1b96e47f39e1a3c","unresolved":false,"context_lines":[{"line_number":1215,"context_line":"    return manager.list_users_for_domain(domain, domain_id)"},{"line_number":1216,"context_line":""},{"line_number":1217,"context_line":""},{"line_number":1218,"context_line":"def get_manager(api_version\u003dNone, credentials\u003dNone):"},{"line_number":1219,"context_line":"    if not credentials:"},{"line_number":1220,"context_line":"        credentials \u003d get_charm_credentials()"},{"line_number":1221,"context_line":"    return KeystoneManagerProxy(api_version\u003dapi_version,"}],"source_content_type":"text/x-python","patch_set":1,"id":"0f2512ca_9d5a978b","line":1218,"updated":"2022-03-10 20:42:05.000000000","message":"The admin password change has to happen while logged in as the admin keystone user, not the charm user, so I modified the `get_manager` code to allow passing arbitrary credentials, but the `KeystoneManagerProxy` magic methods are doing something weird with the credentials field so that, when calling the implementation in `_proxy_manager_call`, the field is not set to the credentials but rather to an instance of `KeystoneManagerProxy`.","commit_id":"15801925859cbf22d99ca6d1e83ee1862247d2b8"},{"author":{"_account_id":20870,"name":"Alex Kavanagh","email":"alex@ajkavanagh.co.uk","username":"ajkavanagh"},"change_message_id":"440c2bf95b0cdbdcc3653141b6113b67c3f2e801","unresolved":true,"context_lines":[{"line_number":1257,"context_line":""},{"line_number":1258,"context_line":"@retry_on_exception(5, base_delay\u003d3, exc_type\u003dRetryProxyManagerCall)"},{"line_number":1259,"context_line":"def _proxy_manager_call(path, api_version, credentials, args, kwargs):"},{"line_number":1260,"context_line":"    log(\"CREDENTIALS: {}\".format(credentials), level\u003dERROR)"},{"line_number":1261,"context_line":"    package \u003d dict(path\u003dpath,"},{"line_number":1262,"context_line":"                   api_version\u003dapi_version,"},{"line_number":1263,"context_line":"                   api_local_endpoint\u003dget_local_endpoint(),"}],"source_content_type":"text/x-python","patch_set":1,"id":"bee0f206_1b85238e","line":1260,"range":{"start_line":1260,"start_character":0,"end_line":1260,"end_character":59},"updated":"2022-03-09 16:50:26.000000000","message":"This almost certainly shouldn\u0027t make it though to the commit; i.e. this would be logging credentials to a plain text file which is not good security practice.","commit_id":"15801925859cbf22d99ca6d1e83ee1862247d2b8"},{"author":{"_account_id":34584,"name":"Pedro Castillo","email":"pedro.castillo@canonical.com","username":"peterctl"},"change_message_id":"81791b6cd2fb4c09139ca7aed1b96e47f39e1a3c","unresolved":false,"context_lines":[{"line_number":1257,"context_line":""},{"line_number":1258,"context_line":"@retry_on_exception(5, base_delay\u003d3, exc_type\u003dRetryProxyManagerCall)"},{"line_number":1259,"context_line":"def _proxy_manager_call(path, api_version, credentials, args, kwargs):"},{"line_number":1260,"context_line":"    log(\"CREDENTIALS: {}\".format(credentials), level\u003dERROR)"},{"line_number":1261,"context_line":"    package \u003d dict(path\u003dpath,"},{"line_number":1262,"context_line":"                   api_version\u003dapi_version,"},{"line_number":1263,"context_line":"                   api_local_endpoint\u003dget_local_endpoint(),"}],"source_content_type":"text/x-python","patch_set":1,"id":"5e6a549a_259232d6","line":1260,"range":{"start_line":1260,"start_character":0,"end_line":1260,"end_character":59},"in_reply_to":"bee0f206_1b85238e","updated":"2022-03-10 20:42:05.000000000","message":"Done","commit_id":"15801925859cbf22d99ca6d1e83ee1862247d2b8"},{"author":{"_account_id":20870,"name":"Alex Kavanagh","email":"alex@ajkavanagh.co.uk","username":"ajkavanagh"},"change_message_id":"440c2bf95b0cdbdcc3653141b6113b67c3f2e801","unresolved":true,"context_lines":[{"line_number":1511,"context_line":"    _leader_set_secret({\u0027{}_passwd\u0027.format(user): passwd})"},{"line_number":1512,"context_line":""},{"line_number":1513,"context_line":""},{"line_number":1514,"context_line":"def change_admin_passwd(user\u003dNone):"},{"line_number":1515,"context_line":"    if not user:"},{"line_number":1516,"context_line":"        user \u003d config(\u0027admin-user\u0027)"},{"line_number":1517,"context_line":"    old_passwd \u003d get_admin_passwd(user)"}],"source_content_type":"text/x-python","patch_set":1,"id":"c861aefe_55368ad1","line":1514,"range":{"start_line":1514,"start_character":0,"end_line":1514,"end_character":35},"updated":"2022-03-09 16:50:26.000000000","message":"Is this function well named?  e.g. it\u0027s called `change_admin_password`, but you can pass in any user that\u0027s on the ADMIN_PROJECT?","commit_id":"15801925859cbf22d99ca6d1e83ee1862247d2b8"},{"author":{"_account_id":34584,"name":"Pedro Castillo","email":"pedro.castillo@canonical.com","username":"peterctl"},"change_message_id":"81791b6cd2fb4c09139ca7aed1b96e47f39e1a3c","unresolved":false,"context_lines":[{"line_number":1511,"context_line":"    _leader_set_secret({\u0027{}_passwd\u0027.format(user): passwd})"},{"line_number":1512,"context_line":""},{"line_number":1513,"context_line":""},{"line_number":1514,"context_line":"def change_admin_passwd(user\u003dNone):"},{"line_number":1515,"context_line":"    if not user:"},{"line_number":1516,"context_line":"        user \u003d config(\u0027admin-user\u0027)"},{"line_number":1517,"context_line":"    old_passwd \u003d get_admin_passwd(user)"}],"source_content_type":"text/x-python","patch_set":1,"id":"6a10f204_44f9399f","line":1514,"range":{"start_line":1514,"start_character":0,"end_line":1514,"end_character":35},"in_reply_to":"c861aefe_55368ad1","updated":"2022-03-10 20:42:05.000000000","message":"Done","commit_id":"15801925859cbf22d99ca6d1e83ee1862247d2b8"},{"author":{"_account_id":20870,"name":"Alex Kavanagh","email":"alex@ajkavanagh.co.uk","username":"ajkavanagh"},"change_message_id":"440c2bf95b0cdbdcc3653141b6113b67c3f2e801","unresolved":true,"context_lines":[{"line_number":1525,"context_line":"        \u0027default\u0027,"},{"line_number":1526,"context_line":"        \u0027default\u0027,"},{"line_number":1527,"context_line":"    )"},{"line_number":1528,"context_line":"    manager \u003d get_manager(credentials\u003dcredentials)"},{"line_number":1529,"context_line":"    resp \u003d manager.update_password(user, new_passwd)"},{"line_number":1530,"context_line":"    if resp.ok:"},{"line_number":1531,"context_line":"        leader_set({\u0027admin_passwd\u0027: new_passwd})"}],"source_content_type":"text/x-python","patch_set":1,"id":"091fd198_87f132c4","line":1528,"range":{"start_line":1528,"start_character":0,"end_line":1528,"end_character":50},"updated":"2022-03-09 16:50:26.000000000","message":"As get_manager() \"eventually\" leads to a cached manager.py script running, it\u0027s probably worthwhile called \"stop_manager_instance()\" immediately before this call to get a new manager with the credentials.  And then call \"stop_manager_instance()\" again to clear it out so that the next usage is \u0027clean\u0027.","commit_id":"15801925859cbf22d99ca6d1e83ee1862247d2b8"},{"author":{"_account_id":34584,"name":"Pedro Castillo","email":"pedro.castillo@canonical.com","username":"peterctl"},"change_message_id":"81791b6cd2fb4c09139ca7aed1b96e47f39e1a3c","unresolved":false,"context_lines":[{"line_number":1525,"context_line":"        \u0027default\u0027,"},{"line_number":1526,"context_line":"        \u0027default\u0027,"},{"line_number":1527,"context_line":"    )"},{"line_number":1528,"context_line":"    manager \u003d get_manager(credentials\u003dcredentials)"},{"line_number":1529,"context_line":"    resp \u003d manager.update_password(user, new_passwd)"},{"line_number":1530,"context_line":"    if resp.ok:"},{"line_number":1531,"context_line":"        leader_set({\u0027admin_passwd\u0027: new_passwd})"}],"source_content_type":"text/x-python","patch_set":1,"id":"10d96ba1_5dde49f2","line":1528,"range":{"start_line":1528,"start_character":0,"end_line":1528,"end_character":50},"in_reply_to":"091fd198_87f132c4","updated":"2022-03-10 20:42:05.000000000","message":"I attempted this, but I am still getting a 401 unauthenticated error.","commit_id":"15801925859cbf22d99ca6d1e83ee1862247d2b8"},{"author":{"_account_id":20634,"name":"Chris MacNaughton","email":"chris.macnaughton@canonical.com","username":"Chris.MacNaughton"},"change_message_id":"51591fa0343bcbf3a922e652085fd04641b0d107","unresolved":true,"context_lines":[{"line_number":1504,"context_line":"    admin_passwd \u003d config(\u0027admin-password\u0027)"},{"line_number":1505,"context_line":"    if admin_passwd and admin_passwd.strip().lower() !\u003d \u0027none\u0027:"},{"line_number":1506,"context_line":"        log(\"The \u0027admin-password\u0027 config is present. Password rotation will \""},{"line_number":1507,"context_line":"            \"take place, but the cofig value will take presedent. To \""},{"line_number":1508,"context_line":"            \"allow randomly generated passwords, unset the config value.\")"},{"line_number":1509,"context_line":"    user \u003d config(\u0027admin-user\u0027)"},{"line_number":1510,"context_line":"    new_passwd \u003d pwgen(16)"}],"source_content_type":"text/x-python","patch_set":8,"id":"20018d28_b2dcc4ca","line":1507,"updated":"2022-03-21 07:39:44.000000000","message":"Why not just bail at this point? It seems to me that the config value being set means that we shouldn\u0027t take any action at all","commit_id":"ff15eebe9347e1063da3fb1ef8618b435b2c6501"},{"author":{"_account_id":34584,"name":"Pedro Castillo","email":"pedro.castillo@canonical.com","username":"peterctl"},"change_message_id":"1e01f7581dff781225a22a51db25d778f32806e0","unresolved":false,"context_lines":[{"line_number":1504,"context_line":"    admin_passwd \u003d config(\u0027admin-password\u0027)"},{"line_number":1505,"context_line":"    if admin_passwd and admin_passwd.strip().lower() !\u003d \u0027none\u0027:"},{"line_number":1506,"context_line":"        log(\"The \u0027admin-password\u0027 config is present. Password rotation will \""},{"line_number":1507,"context_line":"            \"take place, but the cofig value will take presedent. To \""},{"line_number":1508,"context_line":"            \"allow randomly generated passwords, unset the config value.\")"},{"line_number":1509,"context_line":"    user \u003d config(\u0027admin-user\u0027)"},{"line_number":1510,"context_line":"    new_passwd \u003d pwgen(16)"}],"source_content_type":"text/x-python","patch_set":8,"id":"fd4fd79b_73873b22","line":1507,"in_reply_to":"20018d28_b2dcc4ca","updated":"2022-03-21 20:05:10.000000000","message":"Done","commit_id":"ff15eebe9347e1063da3fb1ef8618b435b2c6501"},{"author":{"_account_id":20634,"name":"Chris MacNaughton","email":"chris.macnaughton@canonical.com","username":"Chris.MacNaughton"},"change_message_id":"51591fa0343bcbf3a922e652085fd04641b0d107","unresolved":true,"context_lines":[{"line_number":1509,"context_line":"    user \u003d config(\u0027admin-user\u0027)"},{"line_number":1510,"context_line":"    new_passwd \u003d pwgen(16)"},{"line_number":1511,"context_line":"    update_user_password(user, new_passwd, ADMIN_DOMAIN)"},{"line_number":1512,"context_line":"    leader_set({\u0027admin_passwd\u0027: new_passwd})"},{"line_number":1513,"context_line":""},{"line_number":1514,"context_line":""},{"line_number":1515,"context_line":"def get_api_version():"}],"source_content_type":"text/x-python","patch_set":8,"id":"c2b6df64_8c659430","line":1512,"updated":"2022-03-21 07:39:44.000000000","message":"This will fail on a non-leader unit, the function should bail-early if it\u0027s being run on a non-leader","commit_id":"ff15eebe9347e1063da3fb1ef8618b435b2c6501"},{"author":{"_account_id":34584,"name":"Pedro Castillo","email":"pedro.castillo@canonical.com","username":"peterctl"},"change_message_id":"1e01f7581dff781225a22a51db25d778f32806e0","unresolved":false,"context_lines":[{"line_number":1509,"context_line":"    user \u003d config(\u0027admin-user\u0027)"},{"line_number":1510,"context_line":"    new_passwd \u003d pwgen(16)"},{"line_number":1511,"context_line":"    update_user_password(user, new_passwd, ADMIN_DOMAIN)"},{"line_number":1512,"context_line":"    leader_set({\u0027admin_passwd\u0027: new_passwd})"},{"line_number":1513,"context_line":""},{"line_number":1514,"context_line":""},{"line_number":1515,"context_line":"def get_api_version():"}],"source_content_type":"text/x-python","patch_set":8,"id":"44c8d40e_89bb5100","line":1512,"in_reply_to":"c2b6df64_8c659430","updated":"2022-03-21 20:05:10.000000000","message":"Done","commit_id":"ff15eebe9347e1063da3fb1ef8618b435b2c6501"}],"unit_tests/test_actions.py":[{"author":{"_account_id":20634,"name":"Chris MacNaughton","email":"chris.macnaughton@canonical.com","username":"Chris.MacNaughton"},"change_message_id":"51591fa0343bcbf3a922e652085fd04641b0d107","unresolved":true,"context_lines":[{"line_number":31,"context_line":"        super(ChangeAdminPasswordTestCase, self).setUp("},{"line_number":32,"context_line":"            actions.actions, [\"rotate_admin_passwd\"])"},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"    def test_rotate_admin_password(self):"},{"line_number":35,"context_line":"        actions.actions.rotate_admin_password([])"},{"line_number":36,"context_line":"        self.rotate_admin_passwd.assert_called_once()"},{"line_number":37,"context_line":""}],"source_content_type":"text/x-python","patch_set":8,"id":"333504b2_2e72e8a7","line":34,"updated":"2022-03-21 07:39:44.000000000","message":"I\u0027d like this test to be a bit more in-depth, ie: assert that leader_set is called with a new value","commit_id":"ff15eebe9347e1063da3fb1ef8618b435b2c6501"},{"author":{"_account_id":34584,"name":"Pedro Castillo","email":"pedro.castillo@canonical.com","username":"peterctl"},"change_message_id":"1e01f7581dff781225a22a51db25d778f32806e0","unresolved":false,"context_lines":[{"line_number":31,"context_line":"        super(ChangeAdminPasswordTestCase, self).setUp("},{"line_number":32,"context_line":"            actions.actions, [\"rotate_admin_passwd\"])"},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"    def test_rotate_admin_password(self):"},{"line_number":35,"context_line":"        actions.actions.rotate_admin_password([])"},{"line_number":36,"context_line":"        self.rotate_admin_passwd.assert_called_once()"},{"line_number":37,"context_line":""}],"source_content_type":"text/x-python","patch_set":8,"id":"b2517417_9f06fcb3","line":34,"in_reply_to":"333504b2_2e72e8a7","updated":"2022-03-21 20:05:10.000000000","message":"This file tests the action handler, which just calls `keystone_utils.rotate_admin_passwd`. The tests under `test_keystone_utils.TestKeystoneUtils.test_rotate_admin_password_*` cover the function more in depth.","commit_id":"ff15eebe9347e1063da3fb1ef8618b435b2c6501"}]}