)]}'
{"doc/source/user/operating-kolla.rst":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88c3f9eb7f19040c022cdee8b3f582a4ee05a71b","unresolved":true,"context_lines":[{"line_number":231,"context_line":""},{"line_number":232,"context_line":"Hashicorp Vault can be used as an alternative to Ansible Vault for storing"},{"line_number":233,"context_line":"passwords generated by Kolla Ansible. To use Hashicorp Vault as the secrets"},{"line_number":234,"context_line":"store you will first need to generate the passwords using the steps above,"},{"line_number":235,"context_line":"then you can save them into an existing KV using the following command:"},{"line_number":236,"context_line":""},{"line_number":237,"context_line":".. code-block:: console"}],"source_content_type":"text/x-rst","patch_set":6,"id":"f661dc2d_9104ef79","line":234,"range":{"start_line":234,"start_character":62,"end_line":234,"end_character":73},"updated":"2021-06-21 14:35:16.000000000","message":"I don\u0027t see them","commit_id":"a5836a2d00ab7587e9cdc17dcef568526ed27e60"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"7697c25921c572517866f39afa4f51c2b9d69bb6","unresolved":true,"context_lines":[{"line_number":236,"context_line":"   argument when invoking ``kolla-mergepwd``."},{"line_number":237,"context_line":""},{"line_number":238,"context_line":"Hashicorp Vault"},{"line_number":239,"context_line":"^^^^^^^^^^^^^^^"},{"line_number":240,"context_line":""},{"line_number":241,"context_line":"Hashicorp Vault can be used as an alternative to Ansible Vault for storing"},{"line_number":242,"context_line":"passwords generated by Kolla Ansible. To use Hashicorp Vault as the secrets"}],"source_content_type":"text/x-rst","patch_set":23,"id":"c3043695_e0d8c650","line":239,"range":{"start_line":239,"start_character":0,"end_line":239,"end_character":15},"updated":"2021-06-29 12:03:26.000000000","message":"I don\u0027t think we need a 4th level, and it\u0027s not really recommended by the OpenStack Doc Contributor guide https://docs.openstack.org/doc-contrib-guide/rst-conv/titles.html","commit_id":"a14f2762fa1d959baea1b6f89c7ab405d96c263d"}],"kolla_ansible/cmd/readpwd.py":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88c3f9eb7f19040c022cdee8b3f582a4ee05a71b","unresolved":true,"context_lines":[{"line_number":1,"context_line":"#!/usr/bin/env python"},{"line_number":2,"context_line":""},{"line_number":3,"context_line":"# Licensed under the Apache License, Version 2.0 (the \"License\");"},{"line_number":4,"context_line":"# you may not use this file except in compliance with the License."}],"source_content_type":"text/x-python","patch_set":6,"id":"261cfb2f_28be24e5","line":1,"range":{"start_line":1,"start_character":15,"end_line":1,"end_character":21},"updated":"2021-06-21 14:35:16.000000000","message":"python3","commit_id":"a5836a2d00ab7587e9cdc17dcef568526ed27e60"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88c3f9eb7f19040c022cdee8b3f582a4ee05a71b","unresolved":true,"context_lines":[{"line_number":35,"context_line":"        print(\"ERROR: You must provide either a Vault token or role-id and \""},{"line_number":36,"context_line":"              \"secret-id\")"},{"line_number":37,"context_line":"        sys.exit(1)"},{"line_number":38,"context_line":"    if vault_role_id !\u003d \"\" and vault_token !\u003d \"\":"},{"line_number":39,"context_line":"        print(\"ERROR: Vault token and role-id cannot be used at the same time\")"},{"line_number":40,"context_line":"        sys.exit(1)"},{"line_number":41,"context_line":"    elif vault_secret_id !\u003d \"\" and vault_token !\u003d \"\":"},{"line_number":42,"context_line":"        print(\"ERROR: Vault token and secret-id cannot be used at the same \""},{"line_number":43,"context_line":"              \"time\")"},{"line_number":44,"context_line":"        sys.exit(1)"},{"line_number":45,"context_line":""},{"line_number":46,"context_line":"    # Authenticate to Hashicorp Vault"},{"line_number":47,"context_line":"    if vault_cacert !\u003d \"\":"}],"source_content_type":"text/x-python","patch_set":6,"id":"7cd54a86_54174ef7","line":44,"range":{"start_line":38,"start_character":0,"end_line":44,"end_character":19},"updated":"2021-06-21 14:35:16.000000000","message":"Another case: only one of role-id or secret-id.\n\nThis might be a bit clearer:\n\nif any(vault_role_id, vault_secret_id):\n    if vault_token:\n        ERROR\n    if not all(vault_role_id, secret_id):\n        ERROR\nelif not vault_token:\n    ERROR","commit_id":"a5836a2d00ab7587e9cdc17dcef568526ed27e60"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88c3f9eb7f19040c022cdee8b3f582a4ee05a71b","unresolved":true,"context_lines":[{"line_number":67,"context_line":"        except hvac.exceptions.InvalidPath:"},{"line_number":68,"context_line":"            # Ignore passwords that are not found in Vault"},{"line_number":69,"context_line":"            print(\"WARNING: \u0027%s\u0027 not found in Vault\" % password_key)"},{"line_number":70,"context_line":"            continue"},{"line_number":71,"context_line":"        try:"},{"line_number":72,"context_line":"            vault_kv_passwords[password_key] \u003d\\"},{"line_number":73,"context_line":"                password_data[\u0027data\u0027][\u0027data\u0027][\u0027password\u0027]"}],"source_content_type":"text/x-python","patch_set":6,"id":"5ed58d1d_02cb80c1","line":70,"range":{"start_line":70,"start_character":12,"end_line":70,"end_character":20},"updated":"2021-06-21 14:35:16.000000000","message":"The output may be a subset of the input. Does that matter? Should we set the value of missing keys to None, or use the value from the original passwords.yml file?","commit_id":"a5836a2d00ab7587e9cdc17dcef568526ed27e60"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88c3f9eb7f19040c022cdee8b3f582a4ee05a71b","unresolved":true,"context_lines":[{"line_number":98,"context_line":"        help\u003d\u0027Vault namespace (enterprise only)\u0027)"},{"line_number":99,"context_line":"    parser.add_argument("},{"line_number":100,"context_line":"        \u0027-v\u0027, \u0027--vault-addr\u0027, type\u003dstr,"},{"line_number":101,"context_line":"        default\u003d\u0027http://127.0.0.1:8200\u0027,"},{"line_number":102,"context_line":"        help\u003d\u0027Address to connect to an existing Hashicorp Vault\u0027)"},{"line_number":103,"context_line":"    parser.add_argument("},{"line_number":104,"context_line":"        \u0027-r\u0027, \u0027--vault-role-id\u0027, type\u003dstr,"}],"source_content_type":"text/x-python","patch_set":6,"id":"d3e7cea4_c98b3244","line":101,"range":{"start_line":101,"start_character":16,"end_line":101,"end_character":40},"updated":"2021-06-21 14:35:16.000000000","message":"Better leave this unset, just in case someone pushes production passwords to a dev vault server :)","commit_id":"a5836a2d00ab7587e9cdc17dcef568526ed27e60"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88c3f9eb7f19040c022cdee8b3f582a4ee05a71b","unresolved":true,"context_lines":[{"line_number":121,"context_line":""},{"line_number":122,"context_line":"    args \u003d parser.parse_args()"},{"line_number":123,"context_line":"    passwords_file \u003d os.path.expanduser(args.passwords)"},{"line_number":124,"context_line":"    vault_kv_path \u003d os.path.expanduser(args.vault_kv_path)"},{"line_number":125,"context_line":"    vault_mount_point \u003d os.path.expanduser(args.vault_mount_point)"},{"line_number":126,"context_line":"    vault_namespace \u003d os.path.expanduser(args.vault_namespace)"},{"line_number":127,"context_line":"    vault_addr \u003d os.path.expanduser(args.vault_addr)"},{"line_number":128,"context_line":"    vault_role_id \u003d os.path.expanduser(args.vault_role_id)"},{"line_number":129,"context_line":"    vault_secret_id \u003d os.path.expanduser(args.vault_secret_id)"},{"line_number":130,"context_line":"    vault_token \u003d os.path.expanduser(args.vault_token)"},{"line_number":131,"context_line":"    vault_cacert \u003d os.path.expanduser(args.vault_cacert)"},{"line_number":132,"context_line":""},{"line_number":133,"context_line":"    readpwd(passwords_file, vault_kv_path, vault_mount_point, vault_namespace,"}],"source_content_type":"text/x-python","patch_set":6,"id":"c7a8d925_046927bb","line":130,"range":{"start_line":124,"start_character":0,"end_line":130,"end_character":54},"updated":"2021-06-21 14:35:16.000000000","message":"I don\u0027t think expanduser makes sense for these","commit_id":"a5836a2d00ab7587e9cdc17dcef568526ed27e60"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"d2a20241605a382d4f5466fd002f0ad8d2735b67","unresolved":true,"context_lines":[{"line_number":77,"context_line":"        help\u003d\u0027Vault namespace (enterprise only)\u0027)"},{"line_number":78,"context_line":"    parser.add_argument("},{"line_number":79,"context_line":"        \u0027-v\u0027, \u0027--vault-addr\u0027, type\u003dstr,"},{"line_number":80,"context_line":"        default\u003d\u0027\u0027,"},{"line_number":81,"context_line":"        help\u003d\u0027Address to connect to an existing Hashicorp Vault\u0027)"},{"line_number":82,"context_line":"    parser.add_argument("},{"line_number":83,"context_line":"        \u0027-r\u0027, \u0027--vault-role-id\u0027, type\u003dstr,"}],"source_content_type":"text/x-python","patch_set":21,"id":"a826501d_05628aba","line":80,"range":{"start_line":80,"start_character":8,"end_line":80,"end_character":19},"updated":"2021-06-28 14:24:11.000000000","message":"What happens if you don\u0027t pass it? Should it just be required?","commit_id":"fea564e9828fc9d31a1581b47f8056343e4a954a"},{"author":{"_account_id":29543,"name":"Scott Solkhon","email":"scott.solkhon@gresearch.co.uk","username":"scott.solkhon"},"change_message_id":"eb3933d9c7772b41a16f2c4dbe4010d91007f5b9","unresolved":false,"context_lines":[{"line_number":77,"context_line":"        help\u003d\u0027Vault namespace (enterprise only)\u0027)"},{"line_number":78,"context_line":"    parser.add_argument("},{"line_number":79,"context_line":"        \u0027-v\u0027, \u0027--vault-addr\u0027, type\u003dstr,"},{"line_number":80,"context_line":"        default\u003d\u0027\u0027,"},{"line_number":81,"context_line":"        help\u003d\u0027Address to connect to an existing Hashicorp Vault\u0027)"},{"line_number":82,"context_line":"    parser.add_argument("},{"line_number":83,"context_line":"        \u0027-r\u0027, \u0027--vault-role-id\u0027, type\u003dstr,"}],"source_content_type":"text/x-python","patch_set":21,"id":"245f09c0_0f46277e","line":80,"range":{"start_line":80,"start_character":8,"end_line":80,"end_character":19},"in_reply_to":"a826501d_05628aba","updated":"2021-06-29 08:41:00.000000000","message":"Good point - fixed.","commit_id":"fea564e9828fc9d31a1581b47f8056343e4a954a"}],"kolla_ansible/cmd/writepwd.py":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88c3f9eb7f19040c022cdee8b3f582a4ee05a71b","unresolved":true,"context_lines":[{"line_number":1,"context_line":"#!/usr/bin/env python"},{"line_number":2,"context_line":""},{"line_number":3,"context_line":"# Licensed under the Apache License, Version 2.0 (the \"License\");"},{"line_number":4,"context_line":"# you may not use this file except in compliance with the License."}],"source_content_type":"text/x-python","patch_set":6,"id":"f9f91f06_98c85c38","line":1,"updated":"2021-06-21 14:35:16.000000000","message":"Many comments from readpwd apply here","commit_id":"a5836a2d00ab7587e9cdc17dcef568526ed27e60"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88c3f9eb7f19040c022cdee8b3f582a4ee05a71b","unresolved":true,"context_lines":[{"line_number":30,"context_line":"        print(\"ERROR: Passwords file not in expected key/value format\")"},{"line_number":31,"context_line":"        sys.exit(1)"},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"    if vault_role_id \u003d\u003d \u0027\u0027 and vault_secret_id \u003d\u003d \u0027\u0027 and vault_token \u003d\u003d \u0027\u0027:"},{"line_number":34,"context_line":"        print(\"ERROR: You must provide either a Vault token or role-id and \""},{"line_number":35,"context_line":"              \"secret-id\")"},{"line_number":36,"context_line":"        sys.exit(1)"},{"line_number":37,"context_line":"    if vault_role_id !\u003d \"\" and vault_token !\u003d \"\":"},{"line_number":38,"context_line":"        print(\"ERROR: Vault token and role-id cannot be used at the same time\")"},{"line_number":39,"context_line":"        sys.exit(1)"},{"line_number":40,"context_line":"    elif vault_secret_id !\u003d \"\" and vault_token !\u003d \"\":"},{"line_number":41,"context_line":"        print(\"ERROR: Vault token and secret-id cannot be used at the same \""},{"line_number":42,"context_line":"              \"time\")"},{"line_number":43,"context_line":"        sys.exit(1)"},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"    # Authenticate to Hashicorp Vault"},{"line_number":46,"context_line":"    if vault_cacert !\u003d \"\":"},{"line_number":47,"context_line":"        os.environ[\u0027REQUESTS_CA_BUNDLE\u0027] \u003d vault_cacert"},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"    if vault_token !\u003d \"\":"},{"line_number":50,"context_line":"        client \u003d hvac.Client(url\u003dvault_addr, token\u003dvault_token,"},{"line_number":51,"context_line":"                             namespace\u003dvault_namespace)"},{"line_number":52,"context_line":"    else:"},{"line_number":53,"context_line":"        client \u003d hvac.Client(url\u003dvault_addr, namespace\u003dvault_namespace)"},{"line_number":54,"context_line":"        client.auth_approle(vault_role_id, vault_secret_id)"},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"    if not client.is_authenticated():"},{"line_number":57,"context_line":"        print(\u0027Failed to authenticate to vault\u0027)"},{"line_number":58,"context_line":"        sys.exit(1)"},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"    for key, value in passwords.items():"},{"line_number":61,"context_line":"        # Ignore empty values"}],"source_content_type":"text/x-python","patch_set":6,"id":"2c7b6c41_c5fdc3ea","line":58,"range":{"start_line":33,"start_character":1,"end_line":58,"end_character":19},"updated":"2021-06-21 14:35:16.000000000","message":"This could all be factored out into a helper in a kolla_ansible.hashi_vault module.","commit_id":"a5836a2d00ab7587e9cdc17dcef568526ed27e60"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88c3f9eb7f19040c022cdee8b3f582a4ee05a71b","unresolved":true,"context_lines":[{"line_number":59,"context_line":""},{"line_number":60,"context_line":"    for key, value in passwords.items():"},{"line_number":61,"context_line":"        # Ignore empty values"},{"line_number":62,"context_line":"        if value is None or value \u003d\u003d \"\":"},{"line_number":63,"context_line":"            continue"},{"line_number":64,"context_line":""},{"line_number":65,"context_line":"        if isinstance(passwords[key], str):"}],"source_content_type":"text/x-python","patch_set":6,"id":"f0ee4bf2_fad00384","line":62,"range":{"start_line":62,"start_character":11,"end_line":62,"end_character":40},"updated":"2021-06-21 14:35:16.000000000","message":"if not value","commit_id":"a5836a2d00ab7587e9cdc17dcef568526ed27e60"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88c3f9eb7f19040c022cdee8b3f582a4ee05a71b","unresolved":true,"context_lines":[{"line_number":62,"context_line":"        if value is None or value \u003d\u003d \"\":"},{"line_number":63,"context_line":"            continue"},{"line_number":64,"context_line":""},{"line_number":65,"context_line":"        if isinstance(passwords[key], str):"},{"line_number":66,"context_line":"            value \u003d dict(password\u003dvalue)"},{"line_number":67,"context_line":""},{"line_number":68,"context_line":"        try:"}],"source_content_type":"text/x-python","patch_set":6,"id":"11460983_342e8790","line":65,"range":{"start_line":65,"start_character":22,"end_line":65,"end_character":36},"updated":"2021-06-21 14:35:16.000000000","message":"nit: this is just value?","commit_id":"a5836a2d00ab7587e9cdc17dcef568526ed27e60"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88c3f9eb7f19040c022cdee8b3f582a4ee05a71b","unresolved":true,"context_lines":[{"line_number":72,"context_line":"                    path\u003d\"{}/{}\".format(vault_kv_path, key))"},{"line_number":73,"context_line":"        except hvac.exceptions.InvalidPath:"},{"line_number":74,"context_line":"            # Add to KV if value does not exists"},{"line_number":75,"context_line":"            client.secrets.kv.v2.create_or_update_secret("},{"line_number":76,"context_line":"                mount_point\u003dvault_mount_point,"},{"line_number":77,"context_line":"                path\u003d\"{}/{}\".format(vault_kv_path, key),"},{"line_number":78,"context_line":"                secret\u003dvalue)"},{"line_number":79,"context_line":"            continue"},{"line_number":80,"context_line":""},{"line_number":81,"context_line":"        # Update KV is value has changed"}],"source_content_type":"text/x-python","patch_set":6,"id":"8ce1302b_d7fe68ba","line":78,"range":{"start_line":75,"start_character":11,"end_line":78,"end_character":29},"updated":"2021-06-21 14:35:16.000000000","message":"nit: you could set remote_value to None here","commit_id":"a5836a2d00ab7587e9cdc17dcef568526ed27e60"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88c3f9eb7f19040c022cdee8b3f582a4ee05a71b","unresolved":true,"context_lines":[{"line_number":79,"context_line":"            continue"},{"line_number":80,"context_line":""},{"line_number":81,"context_line":"        # Update KV is value has changed"},{"line_number":82,"context_line":"        if remote_value[\u0027data\u0027][\u0027data\u0027] !\u003d value:"},{"line_number":83,"context_line":"            client.secrets.kv.v2.create_or_update_secret("},{"line_number":84,"context_line":"                mount_point\u003dvault_mount_point,"},{"line_number":85,"context_line":"                path\u003d\"{}/{}\".format(vault_kv_path, key),"}],"source_content_type":"text/x-python","patch_set":6,"id":"bb22da75_67544007","line":82,"updated":"2021-06-21 14:35:16.000000000","message":"then here:\n\nif not remote_value or remote_value[\u0027data\u0027][\u0027data\u0027] !\u003d value","commit_id":"a5836a2d00ab7587e9cdc17dcef568526ed27e60"}],"kolla_ansible/hashi_vault.py":[{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"7697c25921c572517866f39afa4f51c2b9d69bb6","unresolved":true,"context_lines":[{"line_number":54,"context_line":"        client \u003d hvac.Client(url\u003dvault_addr, token\u003dvault_token,"},{"line_number":55,"context_line":"                             namespace\u003dvault_namespace)"},{"line_number":56,"context_line":"    else:"},{"line_number":57,"context_line":"        client \u003d hvac.Client(url\u003dvault_addr, namespace\u003dvault_namespace)"},{"line_number":58,"context_line":"        client.auth_approle(vault_role_id, vault_secret_id)"},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"    if not client.is_authenticated():"}],"source_content_type":"text/x-python","patch_set":23,"id":"c05f90c4_698af99a","line":57,"range":{"start_line":57,"start_character":8,"end_line":57,"end_character":71},"updated":"2021-06-29 12:03:26.000000000","message":"Should we do try: and print only the error - now on failure it will dump a looong trace.","commit_id":"a14f2762fa1d959baea1b6f89c7ab405d96c263d"},{"author":{"_account_id":29543,"name":"Scott Solkhon","email":"scott.solkhon@gresearch.co.uk","username":"scott.solkhon"},"change_message_id":"a3b35b057c20fe74f4a44ae829c386660d3eea14","unresolved":true,"context_lines":[{"line_number":54,"context_line":"        client \u003d hvac.Client(url\u003dvault_addr, token\u003dvault_token,"},{"line_number":55,"context_line":"                             namespace\u003dvault_namespace)"},{"line_number":56,"context_line":"    else:"},{"line_number":57,"context_line":"        client \u003d hvac.Client(url\u003dvault_addr, namespace\u003dvault_namespace)"},{"line_number":58,"context_line":"        client.auth_approle(vault_role_id, vault_secret_id)"},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"    if not client.is_authenticated():"}],"source_content_type":"text/x-python","patch_set":23,"id":"d6bbfcc4_34d1368a","line":57,"range":{"start_line":57,"start_character":8,"end_line":57,"end_character":71},"in_reply_to":"c05f90c4_698af99a","updated":"2021-06-30 12:29:48.000000000","message":"I\u0027m not sure I follow what you mean here?","commit_id":"a14f2762fa1d959baea1b6f89c7ab405d96c263d"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"6f8a425eda5b2d64cd7dbdbb510623d3999c9b2a","unresolved":false,"context_lines":[{"line_number":54,"context_line":"        client \u003d hvac.Client(url\u003dvault_addr, token\u003dvault_token,"},{"line_number":55,"context_line":"                             namespace\u003dvault_namespace)"},{"line_number":56,"context_line":"    else:"},{"line_number":57,"context_line":"        client \u003d hvac.Client(url\u003dvault_addr, namespace\u003dvault_namespace)"},{"line_number":58,"context_line":"        client.auth_approle(vault_role_id, vault_secret_id)"},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"    if not client.is_authenticated():"}],"source_content_type":"text/x-python","patch_set":23,"id":"6ab204ca_c4ceb15d","line":57,"range":{"start_line":57,"start_character":8,"end_line":57,"end_character":71},"in_reply_to":"d6bbfcc4_34d1368a","updated":"2021-06-30 15:52:04.000000000","message":"I was under the impression hvac does exceptions, but it seems not in the connection case.","commit_id":"a14f2762fa1d959baea1b6f89c7ab405d96c263d"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"30fb8c961093529db8ce828172715eb542fb8380","unresolved":true,"context_lines":[{"line_number":50,"context_line":"    if vault_cacert !\u003d \"\":"},{"line_number":51,"context_line":"        os.environ[\u0027REQUESTS_CA_BUNDLE\u0027] \u003d vault_cacert"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"    if vault_token !\u003d \"\":  # nosec"},{"line_number":54,"context_line":"        client \u003d hvac.Client(url\u003dvault_addr, token\u003dvault_token,"},{"line_number":55,"context_line":"                             namespace\u003dvault_namespace)"},{"line_number":56,"context_line":"    else:"}],"source_content_type":"text/x-python","patch_set":25,"id":"ec2098e8_7e1fb816","line":53,"range":{"start_line":53,"start_character":27,"end_line":53,"end_character":34},"updated":"2021-07-02 14:49:34.000000000","message":"wonder if it still complains if you use the pythonic\n\nif vault_token:","commit_id":"6bf74aa20d268f11f676a0e9affa92e3022b595d"}],"tests/run-hashi-vault.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"111376d140df19d1cd8fd3910ad03eb3d1b630dc","unresolved":true,"context_lines":[{"line_number":2,"context_line":"- hosts: all"},{"line_number":3,"context_line":"  any_errors_fatal: true"},{"line_number":4,"context_line":"  tasks:"},{"line_number":5,"context_line":"    # NOTE(yoctozepto): ensure we pick up fact changes from pre"},{"line_number":6,"context_line":"    - name: Refresh facts"},{"line_number":7,"context_line":"      setup:"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"    # NOTE(yoctozepto): setting vars as facts for all to have them around in all the plays"},{"line_number":10,"context_line":"    - name: set facts for commonly used variables"}],"source_content_type":"text/x-yaml","patch_set":9,"id":"091d224c_3d07a410","line":7,"range":{"start_line":5,"start_character":0,"end_line":7,"end_character":12},"updated":"2021-06-22 10:07:19.000000000","message":"not required","commit_id":"2057d139043150f9032da31fe987835e741d80bc"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"111376d140df19d1cd8fd3910ad03eb3d1b630dc","unresolved":true,"context_lines":[{"line_number":9,"context_line":"    # NOTE(yoctozepto): setting vars as facts for all to have them around in all the plays"},{"line_number":10,"context_line":"    - name: set facts for commonly used variables"},{"line_number":11,"context_line":"      set_fact:"},{"line_number":12,"context_line":"        kolla_inventory_path: \"/etc/kolla/inventory\""},{"line_number":13,"context_line":"        kolla_ansible_src_dir: \"{{ ansible_env.PWD }}/src/{{ zuul.project.canonical_hostname }}/openstack/kolla-ansible\""},{"line_number":14,"context_line":"        upper_constraints_file: \"{{ ansible_env.HOME }}/src/opendev.org/openstack/requirements/upper-constraints.txt\""},{"line_number":15,"context_line":"        pip_user_path_env:"}],"source_content_type":"text/x-yaml","patch_set":9,"id":"4caaa3b7_8d5afef0","line":12,"range":{"start_line":12,"start_character":8,"end_line":12,"end_character":52},"updated":"2021-06-22 10:07:19.000000000","message":"not required","commit_id":"2057d139043150f9032da31fe987835e741d80bc"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"111376d140df19d1cd8fd3910ad03eb3d1b630dc","unresolved":true,"context_lines":[{"line_number":38,"context_line":"      pip:"},{"line_number":39,"context_line":"        name:"},{"line_number":40,"context_line":"          - \"{{ kolla_ansible_src_dir }}\""},{"line_number":41,"context_line":"          - \"ansible\u003d\u003d2.10.*\""},{"line_number":42,"context_line":"          - \"ara\u003c1.0.0\""},{"line_number":43,"context_line":"        executable: \"pip3\""},{"line_number":44,"context_line":"        extra_args: \"-c {{ upper_constraints_file }} --user\""},{"line_number":45,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":9,"id":"05b1c648_467a8e86","line":42,"range":{"start_line":41,"start_character":0,"end_line":42,"end_character":23},"updated":"2021-06-22 10:07:19.000000000","message":"not required","commit_id":"2057d139043150f9032da31fe987835e741d80bc"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"111376d140df19d1cd8fd3910ad03eb3d1b630dc","unresolved":true,"context_lines":[{"line_number":52,"context_line":"    - name: generate passwords"},{"line_number":53,"context_line":"      command: kolla-genpwd"},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"    - name: write out kolla SSH private key"},{"line_number":56,"context_line":"      copy:"},{"line_number":57,"context_line":"        content: \"{{ (passwords_yml.content | b64decode | from_yaml).kolla_ssh_key.private_key }}\""},{"line_number":58,"context_line":"        dest: ~/.ssh/id_rsa_kolla"},{"line_number":59,"context_line":"        mode: 0600"},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"    - name: authorise kolla public key for zuul user"},{"line_number":62,"context_line":"      authorized_key:"},{"line_number":63,"context_line":"        user: \"{{ ansible_env.USER }}\""},{"line_number":64,"context_line":"        key: \"{{ (passwords_yml.content | b64decode | from_yaml).kolla_ssh_key.public_key }}\""},{"line_number":65,"context_line":"      # Delegate to each host in turn. If more tasks require execution on all"},{"line_number":66,"context_line":"      # hosts in future, break out into a separate play."},{"line_number":67,"context_line":"      with_inventory_hostnames:"},{"line_number":68,"context_line":"        - all"},{"line_number":69,"context_line":"      delegate_to: \"{{ item }}\""},{"line_number":70,"context_line":""},{"line_number":71,"context_line":"    - name: Record the running state of the environment as seen by the setup module"},{"line_number":72,"context_line":"      shell:"},{"line_number":73,"context_line":"        cmd: ansible all -i {{ kolla_inventory_path }} -e ansible_user\u003d{{ ansible_user }} -m setup \u003e /tmp/logs/ansible/initial-setup"},{"line_number":74,"context_line":""},{"line_number":75,"context_line":"    # At this point we have generated all necessary configuration, and are"},{"line_number":76,"context_line":"    # ready to test Hashicorp Vault."}],"source_content_type":"text/x-yaml","patch_set":9,"id":"8c5030ca_b8c55bab","line":73,"range":{"start_line":55,"start_character":0,"end_line":73,"end_character":132},"updated":"2021-06-22 10:07:19.000000000","message":"Not required","commit_id":"2057d139043150f9032da31fe987835e741d80bc"}],"tests/run.yml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88c3f9eb7f19040c022cdee8b3f582a4ee05a71b","unresolved":true,"context_lines":[{"line_number":470,"context_line":"          when: scenario \u003d\u003d \"prometheus-efk\""},{"line_number":471,"context_line":""},{"line_number":472,"context_line":"        - name: Run test-hashicorp-vault-passwords.sh script"},{"line_number":473,"context_line":"            script:"},{"line_number":474,"context_line":"              cmd: test-hashicorp-vault-passwords.sh"},{"line_number":475,"context_line":"              executable: /bin/bash"},{"line_number":476,"context_line":"              chdir: \"{{ kolla_ansible_src_dir }}\""},{"line_number":477,"context_line":"            when: scenario \u003d\u003d \"hashicorp-vault-passwords\""},{"line_number":478,"context_line":""},{"line_number":479,"context_line":"      when: scenario !\u003d \"bifrost\""},{"line_number":480,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":6,"id":"0b22db0c_7b1e848d","line":477,"range":{"start_line":473,"start_character":0,"end_line":477,"end_character":57},"updated":"2021-06-21 14:35:16.000000000","message":"Indentation","commit_id":"a5836a2d00ab7587e9cdc17dcef568526ed27e60"}],"tests/test-hashicorp-vault-passwords.sh":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88c3f9eb7f19040c022cdee8b3f582a4ee05a71b","unresolved":true,"context_lines":[{"line_number":18,"context_line":"}"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"function start_vault {"},{"line_number":21,"context_line":"    nohup vault server --dev \u0026"},{"line_number":22,"context_line":"    # Give Vault some time to warm up"},{"line_number":23,"context_line":"    sleep 10"},{"line_number":24,"context_line":"}"}],"source_content_type":"text/x-sh","patch_set":6,"id":"3e6749c2_2be0dbad","line":21,"updated":"2021-06-21 14:35:16.000000000","message":"Do we need to grab the root token?","commit_id":"a5836a2d00ab7587e9cdc17dcef568526ed27e60"},{"author":{"_account_id":29543,"name":"Scott Solkhon","email":"scott.solkhon@gresearch.co.uk","username":"scott.solkhon"},"change_message_id":"3259af15cf07831bfa02591e2dfe3162cf988bc8","unresolved":true,"context_lines":[{"line_number":18,"context_line":"}"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"function start_vault {"},{"line_number":21,"context_line":"    nohup vault server --dev \u0026"},{"line_number":22,"context_line":"    # Give Vault some time to warm up"},{"line_number":23,"context_line":"    sleep 10"},{"line_number":24,"context_line":"}"}],"source_content_type":"text/x-sh","patch_set":6,"id":"8f9caafc_d7e6d9ab","line":21,"in_reply_to":"3e6749c2_2be0dbad","updated":"2021-06-26 08:15:19.000000000","message":"No as we\u0027re running in dev mode we don\u0027t need to auth at all. The reason for generating tokens in the test is to mimic a real life scenario.","commit_id":"a5836a2d00ab7587e9cdc17dcef568526ed27e60"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"88c3f9eb7f19040c022cdee8b3f582a4ee05a71b","unresolved":true,"context_lines":[{"line_number":46,"context_line":"      --vault-addr \u0027http://127.0.0.1:8200\u0027 \\"},{"line_number":47,"context_line":"      --vault-token ${TOKEN} \\"},{"line_number":48,"context_line":"      --vault-mount-point secret"},{"line_number":49,"context_line":"}"},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"function teardown {"},{"line_number":52,"context_line":"    pkill vault"}],"source_content_type":"text/x-sh","patch_set":6,"id":"3ed14583_13ce784c","line":49,"updated":"2021-06-21 14:35:16.000000000","message":"Need a check here that the passwords are the same as those in /etc/kolla/passwords.yml","commit_id":"a5836a2d00ab7587e9cdc17dcef568526ed27e60"}],"tox.ini":[{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"7697c25921c572517866f39afa4f51c2b9d69bb6","unresolved":true,"context_lines":[{"line_number":120,"context_line":""},{"line_number":121,"context_line":"[testenv:bandit]"},{"line_number":122,"context_line":"# B303: Use of insecure MD2, MD4, MD5, or SHA1 hash function."},{"line_number":123,"context_line":"# B105: Test for use of hard-coded password strings."},{"line_number":124,"context_line":"deps \u003d {[testenv:linters]deps}"},{"line_number":125,"context_line":"commands \u003d bandit --skip B303,B105 -r ansible kolla_ansible tests tools"},{"line_number":126,"context_line":""}],"source_content_type":"text/x-properties","patch_set":23,"id":"3153cfa5_2ed91590","line":123,"range":{"start_line":123,"start_character":1,"end_line":123,"end_character":52},"updated":"2021-06-29 12:03:26.000000000","message":"out of curiosity, what was causing that? I would prefer adding # nosec in the failed code instead of skipping this test forever..","commit_id":"a14f2762fa1d959baea1b6f89c7ab405d96c263d"}],"zuul.d/base.yaml":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"5237f6b9c3ec9fa6eb2e75726c6dd7044e7d20c2","unresolved":true,"context_lines":[{"line_number":229,"context_line":"- job:"},{"line_number":230,"context_line":"    name: kolla-ansible-hashi-vault-base"},{"line_number":231,"context_line":"    run: tests/run-hashi-vault.yml"},{"line_number":232,"context_line":"    voting: false"},{"line_number":233,"context_line":"    irrelevant-files:"},{"line_number":234,"context_line":"      - ^.*\\.rst$"},{"line_number":235,"context_line":"      - ^doc/.*"}],"source_content_type":"text/x-yaml","patch_set":9,"id":"90e2044b_2802c3fc","line":232,"updated":"2021-06-22 10:04:06.000000000","message":"required-projects:\n      - openstack/kolla-ansible\n      - openstack/requirements","commit_id":"2057d139043150f9032da31fe987835e741d80bc"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"7697c25921c572517866f39afa4f51c2b9d69bb6","unresolved":true,"context_lines":[{"line_number":234,"context_line":"- job:"},{"line_number":235,"context_line":"    name: kolla-ansible-hashi-vault-base"},{"line_number":236,"context_line":"    run: tests/run-hashi-vault.yml"},{"line_number":237,"context_line":"    required-projects:"},{"line_number":238,"context_line":"      - openstack/kolla-ansible"},{"line_number":239,"context_line":"      - openstack/requirements"},{"line_number":240,"context_line":"    voting: false"},{"line_number":241,"context_line":"    irrelevant-files:"},{"line_number":242,"context_line":"      - ^.*\\.rst$"}],"source_content_type":"text/x-yaml","patch_set":23,"id":"1afbe71b_03148467","line":239,"range":{"start_line":237,"start_character":4,"end_line":239,"end_character":30},"updated":"2021-06-29 12:03:26.000000000","message":"we\u0027re not overriding that in any other -base definition, do we need that?","commit_id":"a14f2762fa1d959baea1b6f89c7ab405d96c263d"},{"author":{"_account_id":29543,"name":"Scott Solkhon","email":"scott.solkhon@gresearch.co.uk","username":"scott.solkhon"},"change_message_id":"a3b35b057c20fe74f4a44ae829c386660d3eea14","unresolved":false,"context_lines":[{"line_number":234,"context_line":"- job:"},{"line_number":235,"context_line":"    name: kolla-ansible-hashi-vault-base"},{"line_number":236,"context_line":"    run: tests/run-hashi-vault.yml"},{"line_number":237,"context_line":"    required-projects:"},{"line_number":238,"context_line":"      - openstack/kolla-ansible"},{"line_number":239,"context_line":"      - openstack/requirements"},{"line_number":240,"context_line":"    voting: false"},{"line_number":241,"context_line":"    irrelevant-files:"},{"line_number":242,"context_line":"      - ^.*\\.rst$"}],"source_content_type":"text/x-yaml","patch_set":23,"id":"78461d85_a980ebca","line":239,"range":{"start_line":237,"start_character":4,"end_line":239,"end_character":30},"in_reply_to":"1afbe71b_03148467","updated":"2021-06-30 12:29:48.000000000","message":"Yes, we need KA installed so that we can run the tests against the cli. This does not run the usual run.yml, instead run-hash-vault.yml as it does not require a running OpenStack to test.","commit_id":"a14f2762fa1d959baea1b6f89c7ab405d96c263d"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"7697c25921c572517866f39afa4f51c2b9d69bb6","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":23,"id":"f0e047cf_daf4ea45","line":255,"range":{"start_line":241,"start_character":4,"end_line":255,"end_character":0},"updated":"2021-06-29 12:03:26.000000000","message":"the same?","commit_id":"a14f2762fa1d959baea1b6f89c7ab405d96c263d"},{"author":{"_account_id":29543,"name":"Scott Solkhon","email":"scott.solkhon@gresearch.co.uk","username":"scott.solkhon"},"change_message_id":"a3b35b057c20fe74f4a44ae829c386660d3eea14","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":23,"id":"d0d9b160_5459244e","line":255,"range":{"start_line":241,"start_character":4,"end_line":255,"end_character":0},"in_reply_to":"f0e047cf_daf4ea45","updated":"2021-06-30 12:29:48.000000000","message":"Yes as it would be no benefit running the tests when these files are updated.","commit_id":"a14f2762fa1d959baea1b6f89c7ab405d96c263d"}],"zuul.d/jobs.yaml":[{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"7697c25921c572517866f39afa4f51c2b9d69bb6","unresolved":true,"context_lines":[{"line_number":380,"context_line":"      install_type: source"},{"line_number":381,"context_line":""},{"line_number":382,"context_line":"- job:"},{"line_number":383,"context_line":"    name: kolla-ansible-centos8s-hashi-vault"},{"line_number":384,"context_line":"    parent: kolla-ansible-hashi-vault-base"},{"line_number":385,"context_line":"    nodeset: kolla-ansible-centos8s"},{"line_number":386,"context_line":"    vars:"}],"source_content_type":"text/x-yaml","patch_set":23,"id":"b6d12855_df48f428","line":383,"range":{"start_line":383,"start_character":24,"end_line":383,"end_character":32},"updated":"2021-06-29 12:03:26.000000000","message":"What about ubuntu at least?","commit_id":"a14f2762fa1d959baea1b6f89c7ab405d96c263d"},{"author":{"_account_id":29543,"name":"Scott Solkhon","email":"scott.solkhon@gresearch.co.uk","username":"scott.solkhon"},"change_message_id":"a3b35b057c20fe74f4a44ae829c386660d3eea14","unresolved":true,"context_lines":[{"line_number":380,"context_line":"      install_type: source"},{"line_number":381,"context_line":""},{"line_number":382,"context_line":"- job:"},{"line_number":383,"context_line":"    name: kolla-ansible-centos8s-hashi-vault"},{"line_number":384,"context_line":"    parent: kolla-ansible-hashi-vault-base"},{"line_number":385,"context_line":"    nodeset: kolla-ansible-centos8s"},{"line_number":386,"context_line":"    vars:"}],"source_content_type":"text/x-yaml","patch_set":23,"id":"d86c64de_783e7afc","line":383,"range":{"start_line":383,"start_character":24,"end_line":383,"end_character":32},"in_reply_to":"b6d12855_df48f428","updated":"2021-06-30 12:29:48.000000000","message":"The only difference in these tests would be how Vault is installed (def or apt). I don\u0027t think this really adds any benefit to test as it is not platform specific but I can add it if you would prefer.","commit_id":"a14f2762fa1d959baea1b6f89c7ab405d96c263d"}]}