)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":15197,"name":"Pierre Riteau","email":"pierre@stackhpc.com","username":"priteau","status":"StackHPC"},"change_message_id":"e1934d5f2f24c9b725b9866658979893d6aa1f83","unresolved":true,"context_lines":[{"line_number":1,"context_line":"Parent:     f465ecdd (Merge \"ansible-lint: remove unnamed-task from skip_list\")"},{"line_number":2,"context_line":"Author:     axel.jacquet \u003caxel.jacquet@infomaniak.com\u003e"},{"line_number":3,"context_line":"AuthorDate: 2025-12-12 16:24:25 +0100"},{"line_number":4,"context_line":"Commit:     Bertrand Lanson \u003cbertrand.lanson@protonmail.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2025-12-12 20:12:00 +0100"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":4,"id":"958787e9_4bfb46f3","line":2,"range":{"start_line":2,"start_character":12,"end_line":2,"end_character":54},"updated":"2025-12-12 20:41:38.000000000","message":"Nit: you could match your Git author config with your signed-off-by footer: Axel Jacquet \u003caxel.jacquet@infomaniak.com\u003e","commit_id":"2c736910a75a718dda83da36c9985d8c4fa38182"},{"author":{"_account_id":31945,"name":"Jacquet Axel","email":"axel.jacquet@infomaniak.com","username":"lhommerares"},"change_message_id":"201650fb337fd5ba7ca90d9f752638430fb98af1","unresolved":false,"context_lines":[{"line_number":1,"context_line":"Parent:     f465ecdd (Merge \"ansible-lint: remove unnamed-task from skip_list\")"},{"line_number":2,"context_line":"Author:     axel.jacquet \u003caxel.jacquet@infomaniak.com\u003e"},{"line_number":3,"context_line":"AuthorDate: 2025-12-12 16:24:25 +0100"},{"line_number":4,"context_line":"Commit:     Bertrand Lanson \u003cbertrand.lanson@protonmail.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2025-12-12 20:12:00 +0100"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":4,"id":"fe539da7_d410b7dd","line":2,"range":{"start_line":2,"start_character":12,"end_line":2,"end_character":54},"in_reply_to":"958787e9_4bfb46f3","updated":"2025-12-13 21:00:06.000000000","message":"Done","commit_id":"2c736910a75a718dda83da36c9985d8c4fa38182"},{"author":{"_account_id":15197,"name":"Pierre Riteau","email":"pierre@stackhpc.com","username":"priteau","status":"StackHPC"},"change_message_id":"4385bef626c222587b088fbec3885a4384d6b2fa","unresolved":true,"context_lines":[{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This patch introduces setup of fernet credentials encryption keys"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"Closes-bug: #2131039"},{"line_number":12,"context_line":"Change-Id: I09b4735801a70fa9d0cbefbaf8b36605350ac308"},{"line_number":13,"context_line":"Signed-off-by: Axel Jacquet \u003caxel.jacquet@infomaniak.com\u003e"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":4,"id":"c0296cad_eb0be887","line":11,"range":{"start_line":11,"start_character":0,"end_line":11,"end_character":20},"updated":"2025-12-12 20:39:06.000000000","message":"Wrong bug number, I think you wanted 2135137? Anyway, I have marked it as duplicate of 1863643, so please replace with:\n\nCloses-Bug: #1863643","commit_id":"2c736910a75a718dda83da36c9985d8c4fa38182"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"0dc5a5592deb325c0e57caccc1a0c22f5af00653","unresolved":false,"context_lines":[{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This patch introduces setup of fernet credentials encryption keys"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"Closes-bug: #2131039"},{"line_number":12,"context_line":"Change-Id: I09b4735801a70fa9d0cbefbaf8b36605350ac308"},{"line_number":13,"context_line":"Signed-off-by: Axel Jacquet \u003caxel.jacquet@infomaniak.com\u003e"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":4,"id":"ad5c3301_08633ae3","line":11,"range":{"start_line":11,"start_character":0,"end_line":11,"end_character":20},"in_reply_to":"c0296cad_eb0be887","updated":"2025-12-12 21:10:57.000000000","message":"Done","commit_id":"2c736910a75a718dda83da36c9985d8c4fa38182"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":15197,"name":"Pierre Riteau","email":"pierre@stackhpc.com","username":"priteau","status":"StackHPC"},"change_message_id":"d597ceaac06d91166270b2d20ea38f49de34a9a5","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"99795fad_9e6b65d2","updated":"2025-12-12 15:33:27.000000000","message":"# Directory containing Fernet keys used to encrypt and decrypt credentials\n# stored in the credential backend. Fernet keys used to encrypt credentials\n# have no relationship to Fernet keys used to encrypt Fernet tokens. Both sets\n# of keys should be managed separately and require different rotation policies.\n# Do not share this repository with the repository used to manage keys for\n# Fernet tokens. (string value)\n#key_repository \u003d /etc/keystone/credential-keys/\n\nhttps://docs.openstack.org/keystone/latest/configuration/samples/keystone-conf.html","commit_id":"adf2a453b0151c9f51f82c4c774fabf7f31313e7"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"8c402cfe32e1086eb40f8c005bc89f1844ccc994","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"8bd934d7_9711a100","updated":"2025-12-12 15:32:41.000000000","message":"Just tested on our infra through config merge and it works fine.","commit_id":"828dd90af3a46e8d02b77d83c3c8a593d0fdf920"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"45abb003fa9b7edadbd47cc616638b817389e2ae","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"634216ed_118a0ce6","updated":"2025-12-12 15:39:10.000000000","message":"my bad this is terribly wrong","commit_id":"828dd90af3a46e8d02b77d83c3c8a593d0fdf920"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"dfefe0067e47e0bc83731b3e45af14fcb708c943","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"62c89d09_10e841f0","updated":"2025-12-12 22:32:23.000000000","message":"Just so I don\u0027t forget, maybe we should also think about rotating those tokens, similar to the fernet ones, but frequency should be reduced.","commit_id":"7b4fdc7dca1360a6eb5d344b2e678b111b282a79"},{"author":{"_account_id":31945,"name":"Jacquet Axel","email":"axel.jacquet@infomaniak.com","username":"lhommerares"},"change_message_id":"201650fb337fd5ba7ca90d9f752638430fb98af1","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"07a6c713_b15bfe81","updated":"2025-12-13 21:00:06.000000000","message":"Commit message fixed with footer","commit_id":"6a00984794169a15be1b72305987683c978ec4a3"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"36ff98ff9b07a6af9596921a96d751dd739605da","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":10,"id":"00f8474e_15b933c5","updated":"2025-12-18 10:56:32.000000000","message":"Fix the push stage happening to early, instead we push in the same fashion as the fernet keys, waiting for keystone-ssh container to be up.","commit_id":"21be8a27225eff63fc32c241e3eecbda10c47941"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"61b100191ab8825285d2566651daf0c884288db3","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":13,"id":"85ac5719_2ed53936","updated":"2026-01-21 14:16:34.000000000","message":"The idea would be to make volume names for fernet-keys and credentials-keys variables.\n\nThis way people could point to their own existing volumes. we could also check the volume directly (kolla module for volume check is used in ironic already I believe) and check if the mountpoint has a key 0 ? bootstrap accordingly ?","commit_id":"dbb62aa79c98e62b444b6ead0fd8d108173c301c"},{"author":{"_account_id":37306,"name":"Piotr Milewski","display_name":"Piotr Milewski","email":"vurmil@gmail.com","username":"vurmil"},"change_message_id":"a9c072dc47d91f98e1a6829d8a2dec9746ac1fe1","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":13,"id":"c444039d_797ece3e","updated":"2026-01-17 08:44:00.000000000","message":"The upgrade process is a critical point. If new keys are generated on a clean volume while the database contains data encrypted with old keys, Keystone will be unable to decrypt them, leading to service failure. We should provide documentation or a warning explaining how to handle credential key rotation on a live cluster and emphasize that this feature cannot be easily disabled once credentials are encrypted in the SQL backend","commit_id":"dbb62aa79c98e62b444b6ead0fd8d108173c301c"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"949f0eb8f2fbc67e95e6384a5547a000df713c59","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":13,"id":"98dbb7ef_ecf319f5","updated":"2026-02-06 09:02:10.000000000","message":"so if I read the linked keystone doc correctly, running \"keystone-manage credential_migrate\" is necessary after setting up the encryption. I\u0027m not sure whether that also needs to be automated, but I think at least it should be documented. the whole thing would also need a reno","commit_id":"dbb62aa79c98e62b444b6ead0fd8d108173c301c"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"be4a26cb76c06e9e1316976a89d0f7587fff9d0f","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":13,"id":"c8d88397_81ca2717","in_reply_to":"24b905f5_8e028eb6","updated":"2026-01-17 10:42:11.000000000","message":"Thanks. I have a beginning of an idea on how to make onboarding of already encrypted db possible, this implies quite a bit more code but it should allow for already encrypted credential to not get bootstrapped, and automatically encrypt newer ones. I\u0027ll try to send a patch soon, but I need a working POC yet to try it out.","commit_id":"dbb62aa79c98e62b444b6ead0fd8d108173c301c"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"0b970f391a4352dbae8f81d15e9099acbdc72b12","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":13,"id":"6a71132d_30060d85","in_reply_to":"85ac5719_2ed53936","updated":"2026-03-25 16:05:54.000000000","message":"Done","commit_id":"dbb62aa79c98e62b444b6ead0fd8d108173c301c"},{"author":{"_account_id":37306,"name":"Piotr Milewski","display_name":"Piotr Milewski","email":"vurmil@gmail.com","username":"vurmil"},"change_message_id":"2c0f9e5481b79ff2786b1295a9f639a6b4f69faf","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":13,"id":"24b905f5_8e028eb6","in_reply_to":"c444039d_797ece3e","updated":"2026-01-17 08:45:27.000000000","message":"not resolv \u003e The upgrade process is a critical point. If new keys are generated on a clean volume while the database contains data encrypted with old keys, Keystone will be unable to decrypt them, leading to service failure. We should provide documentation or a warning explaining how to handle credential key rotation on a live cluster and emphasize that this feature cannot be easily disabled once credentials are encrypted in the SQL backend","commit_id":"dbb62aa79c98e62b444b6ead0fd8d108173c301c"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"6f7d817ead31132abc056b208144488e6f545af4","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":13,"id":"c70db59d_4c41e1fe","in_reply_to":"c8d88397_81ca2717","updated":"2026-03-25 15:43:51.000000000","message":"Done","commit_id":"dbb62aa79c98e62b444b6ead0fd8d108173c301c"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"5dbea99f56ee9673efdfff7c15a2244d3411463b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":16,"id":"a8a37a1b_a4d750bd","updated":"2026-03-29 10:18:45.000000000","message":"recheck I still think isn\u0027t me, it worked the the previous run","commit_id":"a4f49c12362944431fd4ce6c4c07a70e50593c27"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"0b31045c5f2b2130f94f6aebecf00a0188058c28","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":16,"id":"c4733c4b_806ae808","updated":"2026-03-27 09:02:53.000000000","message":"recheck not my fault","commit_id":"a4f49c12362944431fd4ce6c4c07a70e50593c27"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"ee5205b2c11409b1bda5fa27e76c12be0ae0e1d4","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":18,"id":"3c3c6309_4588d91b","updated":"2026-06-23 05:51:35.000000000","message":"14d sounds reasonable as a default, it still should be configurable\n\nalso just a reminder that I still think a reno is needed for this","commit_id":"ca8675e4022afbe6abb3f2bba93bae2e8227878a"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"e828d06651bf52c8103aa70463c116ead2931872","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":18,"id":"419d81df_2cd7ea6c","updated":"2026-05-29 06:17:29.000000000","message":"Don\u0027t we need rotation of these encryption keys as well?","commit_id":"ca8675e4022afbe6abb3f2bba93bae2e8227878a"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"ce5177be325a044cbfc6baf78dc3c63498801371","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":18,"id":"c853da1c_eb8342e0","updated":"2026-06-23 11:55:04.000000000","message":"https://meetings.opendev.org/irclogs/%23openstack-keystone/%23openstack-keystone.2026-05-29.log.html","commit_id":"ca8675e4022afbe6abb3f2bba93bae2e8227878a"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"6822c64e954277c7e3d4eca46a948bb9f34bbb0c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":18,"id":"c625a9c7_56bcc1d7","updated":"2026-06-24 07:24:54.000000000","message":"https://meetings.opendev.org/irclogs/%23openstack-keystone/%23openstack-keystone.2026-05-29.log.html \n\nIRC logs for the rotation discussion with the keystone folks","commit_id":"ca8675e4022afbe6abb3f2bba93bae2e8227878a"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"78c2ce2726255c5b1a9a9b393826f4f64d4a44df","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":18,"id":"12e8a117_9f8d6d61","in_reply_to":"3c3c6309_4588d91b","updated":"2026-06-24 11:09:09.000000000","message":"Done","commit_id":"ca8675e4022afbe6abb3f2bba93bae2e8227878a"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"c4d0d83abcf631ad2f5fb3311cad89742082db71","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":18,"id":"57896fcc_f74f6768","in_reply_to":"419d81df_2cd7ea6c","updated":"2026-05-29 12:23:33.000000000","message":"I\u0027m not sure actually, documentation is not super clear about this, I can ask the keystone folks about it.","commit_id":"ca8675e4022afbe6abb3f2bba93bae2e8227878a"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"414bc49aabb506780221bc4cb751754ac62bfe87","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":18,"id":"c2bed421_52327675","in_reply_to":"57896fcc_f74f6768","updated":"2026-05-29 15:23:01.000000000","message":"people in keystone irc channel recommended 14 days rotation ?","commit_id":"ca8675e4022afbe6abb3f2bba93bae2e8227878a"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"78c2ce2726255c5b1a9a9b393826f4f64d4a44df","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":18,"id":"eb212af2_0940d1e1","in_reply_to":"c2bed421_52327675","updated":"2026-06-24 11:09:09.000000000","message":"Done","commit_id":"ca8675e4022afbe6abb3f2bba93bae2e8227878a"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"d7c244ee573db717de7c55ccbda5b351d256fcb2","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":19,"id":"32948e15_a971da77","updated":"2026-06-24 11:23:50.000000000","message":"won\u0027t block this for the var naming, but it might be better to ensure uniqueness?","commit_id":"547b24fbccf32d6d9bba8ccbb3598cc8a946a126"}],"ansible/group_vars/all/keystone.yml":[{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"d7c244ee573db717de7c55ccbda5b351d256fcb2","unresolved":true,"context_lines":[{"line_number":34,"context_line":"# expiry and allow expired window, multiple active keys will be necessary."},{"line_number":35,"context_line":"fernet_key_rotation_interval: \"{{ fernet_token_expiry + fernet_token_allow_expired_window }}\""},{"line_number":36,"context_line":"# Keystone credential key rotation interval in seconds. Default is 14 days."},{"line_number":37,"context_line":"credential_key_rotation_interval: 1209600"},{"line_number":38,"context_line":""},{"line_number":39,"context_line":"keystone_default_user_role: \"member\""},{"line_number":40,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":19,"id":"c3188dc4_b5065cc1","line":37,"range":{"start_line":37,"start_character":0,"end_line":37,"end_character":32},"updated":"2026-06-24 11:23:50.000000000","message":"```suggestion\nkeystone_credential_key_rotation_interval: 1209600\n```\nto avoid confusion with other services that might also have credential keys","commit_id":"547b24fbccf32d6d9bba8ccbb3598cc8a946a126"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"2514af3d39fa12ba3f1e90d0e0dda68a54285c73","unresolved":false,"context_lines":[{"line_number":34,"context_line":"# expiry and allow expired window, multiple active keys will be necessary."},{"line_number":35,"context_line":"fernet_key_rotation_interval: \"{{ fernet_token_expiry + fernet_token_allow_expired_window }}\""},{"line_number":36,"context_line":"# Keystone credential key rotation interval in seconds. Default is 14 days."},{"line_number":37,"context_line":"credential_key_rotation_interval: 1209600"},{"line_number":38,"context_line":""},{"line_number":39,"context_line":"keystone_default_user_role: \"member\""},{"line_number":40,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":19,"id":"8cb49967_f0c85df9","line":37,"range":{"start_line":37,"start_character":0,"end_line":37,"end_character":32},"in_reply_to":"c3188dc4_b5065cc1","updated":"2026-06-25 09:58:23.000000000","message":"Agreed, applied your suggestion. it\u0027s also better if we want to enable the ansible-lint le for variable naming later on so I\u0027m all for it.","commit_id":"547b24fbccf32d6d9bba8ccbb3598cc8a946a126"}],"ansible/roles/keystone/defaults/main.yml":[{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"2f1138b73ef3ebbdc8f6b9d35c0c17fc54e7f679","unresolved":true,"context_lines":[{"line_number":43,"context_line":"      - \"kolla_logs:/var/log/kolla/\""},{"line_number":44,"context_line":"      - \"keystone_fernet_tokens:/etc/keystone/fernet-keys\""},{"line_number":45,"context_line":"      - \"keystone_credential_keys:/etc/keystone/credential-keys\""},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"    dimensions: \"{{ keystone_fernet_dimensions }}\""},{"line_number":48,"context_line":"    healthcheck: \"{{ keystone_fernet_healthcheck }}\""},{"line_number":49,"context_line":"  keystone-httpd:"}],"source_content_type":"text/x-yaml","patch_set":7,"id":"b85a301d_638e1ad2","line":46,"updated":"2025-12-17 14:01:19.000000000","message":"nit: additional empty line","commit_id":"6a00984794169a15be1b72305987683c978ec4a3"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"eb049a4a90448665eefc513a67c6c2132d9109cd","unresolved":false,"context_lines":[{"line_number":43,"context_line":"      - \"kolla_logs:/var/log/kolla/\""},{"line_number":44,"context_line":"      - \"keystone_fernet_tokens:/etc/keystone/fernet-keys\""},{"line_number":45,"context_line":"      - \"keystone_credential_keys:/etc/keystone/credential-keys\""},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"    dimensions: \"{{ keystone_fernet_dimensions }}\""},{"line_number":48,"context_line":"    healthcheck: \"{{ keystone_fernet_healthcheck }}\""},{"line_number":49,"context_line":"  keystone-httpd:"}],"source_content_type":"text/x-yaml","patch_set":7,"id":"6bc6dd08_74b4d52b","line":46,"in_reply_to":"b85a301d_638e1ad2","updated":"2025-12-18 10:33:43.000000000","message":"Done","commit_id":"6a00984794169a15be1b72305987683c978ec4a3"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"e828d06651bf52c8103aa70463c116ead2931872","unresolved":true,"context_lines":[{"line_number":78,"context_line":"####################"},{"line_number":79,"context_line":"# Volumes"},{"line_number":80,"context_line":"####################"},{"line_number":81,"context_line":"keystone_fernet_tokens_volume: \"keystone_fernet_tokens\""},{"line_number":82,"context_line":"keystone_credential_keys_volume: \"keystone_credential_keys\""},{"line_number":83,"context_line":""},{"line_number":84,"context_line":"####################"}],"source_content_type":"text/x-yaml","patch_set":18,"id":"4a773dce_a83a6889","line":81,"updated":"2026-05-29 06:17:29.000000000","message":"Introduction of these two variables probably deserves a reno and I understand it\u0027s a nice option for people that already had this feature done manually (for migration)","commit_id":"ca8675e4022afbe6abb3f2bba93bae2e8227878a"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"78c2ce2726255c5b1a9a9b393826f4f64d4a44df","unresolved":false,"context_lines":[{"line_number":78,"context_line":"####################"},{"line_number":79,"context_line":"# Volumes"},{"line_number":80,"context_line":"####################"},{"line_number":81,"context_line":"keystone_fernet_tokens_volume: \"keystone_fernet_tokens\""},{"line_number":82,"context_line":"keystone_credential_keys_volume: \"keystone_credential_keys\""},{"line_number":83,"context_line":""},{"line_number":84,"context_line":"####################"}],"source_content_type":"text/x-yaml","patch_set":18,"id":"a6240f22_3e3166bb","line":81,"in_reply_to":"4a773dce_a83a6889","updated":"2026-06-24 11:09:09.000000000","message":"Done","commit_id":"ca8675e4022afbe6abb3f2bba93bae2e8227878a"}],"ansible/roles/keystone/tasks/bootstrap_service.yml":[{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"2f1138b73ef3ebbdc8f6b9d35c0c17fc54e7f679","unresolved":true,"context_lines":[{"line_number":75,"context_line":"  when:"},{"line_number":76,"context_line":"    - groups[\u0027keystone_fernet_running_True\u0027] is not defined"},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"- name: Running Keystone credential bootstrap container"},{"line_number":79,"context_line":"  vars:"},{"line_number":80,"context_line":"    keystone_fernet: \"{{ keystone_services[\u0027keystone-fernet\u0027] }}\""},{"line_number":81,"context_line":"  become: true"}],"source_content_type":"text/x-yaml","patch_set":7,"id":"df05902c_18f4a099","line":78,"updated":"2025-12-17 14:01:19.000000000","message":"Once again? Why?","commit_id":"6a00984794169a15be1b72305987683c978ec4a3"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"249b5957fa89110008e0a786e24963439a9e33b0","unresolved":false,"context_lines":[{"line_number":75,"context_line":"  when:"},{"line_number":76,"context_line":"    - groups[\u0027keystone_fernet_running_True\u0027] is not defined"},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"- name: Running Keystone credential bootstrap container"},{"line_number":79,"context_line":"  vars:"},{"line_number":80,"context_line":"    keystone_fernet: \"{{ keystone_services[\u0027keystone-fernet\u0027] }}\""},{"line_number":81,"context_line":"  become: true"}],"source_content_type":"text/x-yaml","patch_set":7,"id":"520800e0_53a7f79c","line":78,"in_reply_to":"df05902c_18f4a099","updated":"2025-12-19 17:15:29.000000000","message":"Added context in commit message","commit_id":"6a00984794169a15be1b72305987683c978ec4a3"},{"author":{"_account_id":37306,"name":"Piotr Milewski","display_name":"Piotr Milewski","email":"vurmil@gmail.com","username":"vurmil"},"change_message_id":"a9c072dc47d91f98e1a6829d8a2dec9746ac1fe1","unresolved":true,"context_lines":[{"line_number":98,"context_line":"  run_once: true"},{"line_number":99,"context_line":"  delegate_to: \"{{ groups[\u0027keystone\u0027][0] }}\""},{"line_number":100,"context_line":"  when:"},{"line_number":101,"context_line":"    - groups[\u0027keystone_fernet_running_True\u0027] is not defined"}],"source_content_type":"text/x-yaml","patch_set":12,"id":"9dedb84f_d70fd959","line":101,"range":{"start_line":101,"start_character":0,"end_line":101,"end_character":59},"updated":"2026-01-17 08:44:00.000000000","message":"Using groups[\u0027keystone_fernet_running_True\u0027] is not defined as a condition is risky because it only checks the container status. If this feature is added during an upgrade or reconfig to an already running cluster, the task might be skipped. A safer and more robust approach would be to explicitly check for the existence of the key file on the volume, such as /etc/keystone/credential-keys/0 (i don\u0027t remember exactly), before starting the bootstrap container? or something similar?","commit_id":"d30d98504b63ecd5fec3cd102072d46101bf3fed"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"06bc7dda20758e24ae26c93292d45bf80e7e592f","unresolved":true,"context_lines":[{"line_number":98,"context_line":"  run_once: true"},{"line_number":99,"context_line":"  delegate_to: \"{{ groups[\u0027keystone\u0027][0] }}\""},{"line_number":100,"context_line":"  when:"},{"line_number":101,"context_line":"    - groups[\u0027keystone_fernet_running_True\u0027] is not defined"}],"source_content_type":"text/x-yaml","patch_set":12,"id":"9f1fecd0_3f007506","line":101,"range":{"start_line":101,"start_character":0,"end_line":101,"end_character":59},"in_reply_to":"5548ab19_77d9b9fd","updated":"2026-01-22 09:53:41.000000000","message":"does this really need to run in yet another container or could you just add the second keystone-manage command to the task above?","commit_id":"d30d98504b63ecd5fec3cd102072d46101bf3fed"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"be4a26cb76c06e9e1316976a89d0f7587fff9d0f","unresolved":true,"context_lines":[{"line_number":98,"context_line":"  run_once: true"},{"line_number":99,"context_line":"  delegate_to: \"{{ groups[\u0027keystone\u0027][0] }}\""},{"line_number":100,"context_line":"  when:"},{"line_number":101,"context_line":"    - groups[\u0027keystone_fernet_running_True\u0027] is not defined"}],"source_content_type":"text/x-yaml","patch_set":12,"id":"5548ab19_77d9b9fd","line":101,"range":{"start_line":101,"start_character":0,"end_line":101,"end_character":59},"in_reply_to":"9dedb84f_d70fd959","updated":"2026-01-17 10:42:11.000000000","message":"Same as above, some idea on how to do it, I\u0027m trying to get a POC to work to test it.","commit_id":"d30d98504b63ecd5fec3cd102072d46101bf3fed"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"9ccf947d5af353387dbdc09f59ccfabdff089513","unresolved":true,"context_lines":[{"line_number":98,"context_line":"  run_once: true"},{"line_number":99,"context_line":"  delegate_to: \"{{ groups[\u0027keystone\u0027][0] }}\""},{"line_number":100,"context_line":"  when:"},{"line_number":101,"context_line":"    - groups[\u0027keystone_fernet_running_True\u0027] is not defined"}],"source_content_type":"text/x-yaml","patch_set":12,"id":"b3341aa4_4dd4d74c","line":101,"range":{"start_line":101,"start_character":0,"end_line":101,"end_character":59},"in_reply_to":"9f1fecd0_3f007506","updated":"2026-01-28 23:09:42.000000000","message":"hm, actually maybe we could run both in the same container.","commit_id":"d30d98504b63ecd5fec3cd102072d46101bf3fed"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"e172a36ce58f94ad47f04e3228bab59758b47cc1","unresolved":false,"context_lines":[{"line_number":98,"context_line":"  run_once: true"},{"line_number":99,"context_line":"  delegate_to: \"{{ groups[\u0027keystone\u0027][0] }}\""},{"line_number":100,"context_line":"  when:"},{"line_number":101,"context_line":"    - groups[\u0027keystone_fernet_running_True\u0027] is not defined"}],"source_content_type":"text/x-yaml","patch_set":12,"id":"c7331797_34ff5a64","line":101,"range":{"start_line":101,"start_character":0,"end_line":101,"end_character":59},"in_reply_to":"b3341aa4_4dd4d74c","updated":"2026-03-25 15:45:00.000000000","message":"I used a different container here to make integration easier, the subsequent patch is where I optimize things, currently it also use 2 containers, but I\u0027m open to changing it cause it could probbly be better","commit_id":"d30d98504b63ecd5fec3cd102072d46101bf3fed"}],"ansible/roles/keystone/tasks/config.yml":[{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"ee5205b2c11409b1bda5fa27e76c12be0ae0e1d4","unresolved":true,"context_lines":[{"line_number":234,"context_line":"    - { src: \"fernet-rotate.sh.j2\", dest: \"fernet-rotate.sh\" }"},{"line_number":235,"context_line":"    - { src: \"fernet-node-sync.sh.j2\", dest: \"fernet-node-sync.sh\" }"},{"line_number":236,"context_line":"    - { src: \"fernet-push.sh.j2\", dest: \"fernet-push.sh\" }"},{"line_number":237,"context_line":"    - { src: \"credential-push.sh.j2\", dest: \"credential-push.sh\" }"},{"line_number":238,"context_line":"    - { src: \"fernet-healthcheck.sh.j2\", dest: \"fernet-healthcheck.sh\" }"},{"line_number":239,"context_line":"    - { src: \"id_rsa\", dest: \"id_rsa\" }"},{"line_number":240,"context_line":"    - { src: \"ssh_config.j2\", dest: \"ssh_config\" }"}],"source_content_type":"text/x-yaml","patch_set":18,"id":"ee0e6131_b7a4b477","line":237,"updated":"2026-06-23 05:51:35.000000000","message":"I don\u0027t think the order in which we copy files matters, so we can keep this list ordered for easier maintenance?","commit_id":"ca8675e4022afbe6abb3f2bba93bae2e8227878a"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"78c2ce2726255c5b1a9a9b393826f4f64d4a44df","unresolved":false,"context_lines":[{"line_number":234,"context_line":"    - { src: \"fernet-rotate.sh.j2\", dest: \"fernet-rotate.sh\" }"},{"line_number":235,"context_line":"    - { src: \"fernet-node-sync.sh.j2\", dest: \"fernet-node-sync.sh\" }"},{"line_number":236,"context_line":"    - { src: \"fernet-push.sh.j2\", dest: \"fernet-push.sh\" }"},{"line_number":237,"context_line":"    - { src: \"credential-push.sh.j2\", dest: \"credential-push.sh\" }"},{"line_number":238,"context_line":"    - { src: \"fernet-healthcheck.sh.j2\", dest: \"fernet-healthcheck.sh\" }"},{"line_number":239,"context_line":"    - { src: \"id_rsa\", dest: \"id_rsa\" }"},{"line_number":240,"context_line":"    - { src: \"ssh_config.j2\", dest: \"ssh_config\" }"}],"source_content_type":"text/x-yaml","patch_set":18,"id":"e53f271c_62d61b37","line":237,"in_reply_to":"ee0e6131_b7a4b477","updated":"2026-06-24 11:09:09.000000000","message":"Done","commit_id":"ca8675e4022afbe6abb3f2bba93bae2e8227878a"}],"ansible/roles/keystone/tasks/distribute_fernet.yml":[{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"5c4d82993249ffcc629c8c6898cbc73d77b30bb3","unresolved":true,"context_lines":[{"line_number":24,"context_line":"  command: \"{{ kolla_container_engine }} exec -t {{ keystone_services[\u0027keystone-fernet\u0027][\u0027container_name\u0027] }} /usr/bin/credential-push.sh\""},{"line_number":25,"context_line":"  run_once: true"},{"line_number":26,"context_line":"  delegate_to: \u003e-"},{"line_number":27,"context_line":"    {% if groups[\u0027keystone_fernet_running\u0027] is defined -%}"},{"line_number":28,"context_line":"    {{ groups[\u0027keystone_fernet_running\u0027][0] }}{%- else -%}{{ groups[\u0027keystone\u0027][0] }}{%- endif %}"}],"source_content_type":"text/x-yaml","patch_set":10,"id":"3b961359_8cf1848c","line":27,"updated":"2026-01-13 17:53:32.000000000","message":"Do we need jinja here?","commit_id":"21be8a27225eff63fc32c241e3eecbda10c47941"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"72115b13719bd03235a037003e4412fbe3510e68","unresolved":true,"context_lines":[{"line_number":24,"context_line":"  command: \"{{ kolla_container_engine }} exec -t {{ keystone_services[\u0027keystone-fernet\u0027][\u0027container_name\u0027] }} /usr/bin/credential-push.sh\""},{"line_number":25,"context_line":"  run_once: true"},{"line_number":26,"context_line":"  delegate_to: \u003e-"},{"line_number":27,"context_line":"    {% if groups[\u0027keystone_fernet_running\u0027] is defined -%}"},{"line_number":28,"context_line":"    {{ groups[\u0027keystone_fernet_running\u0027][0] }}{%- else -%}{{ groups[\u0027keystone\u0027][0] }}{%- endif %}"}],"source_content_type":"text/x-yaml","patch_set":10,"id":"681d85f1_dea0b969","line":27,"in_reply_to":"3b961359_8cf1848c","updated":"2026-01-13 21:29:22.000000000","message":"Not sure what you had in mind ? Maybe we can simplify it a bit, but I believe we need to dynamically choose delegation ?\n\nWe could get away with {{ groups[\u0027keystone_fernet_running\u0027][0] | default( groups[\u0027keystone\u0027][0]) }} probbly","commit_id":"21be8a27225eff63fc32c241e3eecbda10c47941"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"88cf5ba5b39d11f624e62bd4b3ef7a0b0f0d1807","unresolved":false,"context_lines":[{"line_number":24,"context_line":"  command: \"{{ kolla_container_engine }} exec -t {{ keystone_services[\u0027keystone-fernet\u0027][\u0027container_name\u0027] }} /usr/bin/credential-push.sh\""},{"line_number":25,"context_line":"  run_once: true"},{"line_number":26,"context_line":"  delegate_to: \u003e-"},{"line_number":27,"context_line":"    {% if groups[\u0027keystone_fernet_running\u0027] is defined -%}"},{"line_number":28,"context_line":"    {{ groups[\u0027keystone_fernet_running\u0027][0] }}{%- else -%}{{ groups[\u0027keystone\u0027][0] }}{%- endif %}"}],"source_content_type":"text/x-yaml","patch_set":10,"id":"bd23781e_4f4a7760","line":27,"in_reply_to":"4712709a_1c7ccfa4","updated":"2026-01-15 20:42:30.000000000","message":"Did that, the other key distribution task I left untouched, but I will rework this whole process in a subsequent patch anyways.","commit_id":"21be8a27225eff63fc32c241e3eecbda10c47941"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"bbb18c96e9c2a7949e101d4d2f99fed72922d300","unresolved":true,"context_lines":[{"line_number":24,"context_line":"  command: \"{{ kolla_container_engine }} exec -t {{ keystone_services[\u0027keystone-fernet\u0027][\u0027container_name\u0027] }} /usr/bin/credential-push.sh\""},{"line_number":25,"context_line":"  run_once: true"},{"line_number":26,"context_line":"  delegate_to: \u003e-"},{"line_number":27,"context_line":"    {% if groups[\u0027keystone_fernet_running\u0027] is defined -%}"},{"line_number":28,"context_line":"    {{ groups[\u0027keystone_fernet_running\u0027][0] }}{%- else -%}{{ groups[\u0027keystone\u0027][0] }}{%- endif %}"}],"source_content_type":"text/x-yaml","patch_set":10,"id":"4712709a_1c7ccfa4","line":27,"in_reply_to":"681d85f1_dea0b969","updated":"2026-01-14 06:09:31.000000000","message":"That\u0027s what I meant ;-)","commit_id":"21be8a27225eff63fc32c241e3eecbda10c47941"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"ee5205b2c11409b1bda5fa27e76c12be0ae0e1d4","unresolved":true,"context_lines":[{"line_number":15,"context_line":"  ansible.builtin.command: \"{{ kolla_container_engine }} exec -t {{ keystone_services[\u0027keystone-fernet\u0027][\u0027container_name\u0027] }} /usr/bin/fernet-push.sh\""},{"line_number":16,"context_line":"  run_once: true"},{"line_number":17,"context_line":"  delegate_to: \u003e-"},{"line_number":18,"context_line":"    {% if groups[\u0027keystone_fernet_running\u0027] is defined -%}"},{"line_number":19,"context_line":"    {{ groups[\u0027keystone_fernet_running\u0027][0] }}{%- else -%}{{ groups[\u0027keystone\u0027][0] }}{%- endif %}"},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"- name: Run credential key distribution"}],"source_content_type":"text/x-yaml","patch_set":18,"id":"f8ccb631_a25e7588","line":18,"updated":"2026-06-23 05:51:35.000000000","message":"why wouldn\u0027t you need this same guard below?","commit_id":"ca8675e4022afbe6abb3f2bba93bae2e8227878a"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"78c2ce2726255c5b1a9a9b393826f4f64d4a44df","unresolved":false,"context_lines":[{"line_number":15,"context_line":"  ansible.builtin.command: \"{{ kolla_container_engine }} exec -t {{ keystone_services[\u0027keystone-fernet\u0027][\u0027container_name\u0027] }} /usr/bin/fernet-push.sh\""},{"line_number":16,"context_line":"  run_once: true"},{"line_number":17,"context_line":"  delegate_to: \u003e-"},{"line_number":18,"context_line":"    {% if groups[\u0027keystone_fernet_running\u0027] is defined -%}"},{"line_number":19,"context_line":"    {{ groups[\u0027keystone_fernet_running\u0027][0] }}{%- else -%}{{ groups[\u0027keystone\u0027][0] }}{%- endif %}"},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"- name: Run credential key distribution"}],"source_content_type":"text/x-yaml","patch_set":18,"id":"f0e64a90_d8cf644e","line":18,"in_reply_to":"f8ccb631_a25e7588","updated":"2026-06-24 11:09:09.000000000","message":"Done","commit_id":"ca8675e4022afbe6abb3f2bba93bae2e8227878a"}],"ansible/roles/keystone/templates/credential-push.sh.j2":[{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"2f1138b73ef3ebbdc8f6b9d35c0c17fc54e7f679","unresolved":true,"context_lines":[{"line_number":1,"context_line":"#!/bin/bash"},{"line_number":2,"context_line":""},{"line_number":3,"context_line":"set -o errexit"},{"line_number":4,"context_line":"set -o pipefail"}],"source_content_type":"text/x-jinja2","patch_set":7,"id":"e15f1604_1e032e1d","line":1,"updated":"2025-12-17 14:01:19.000000000","message":"Needs a proper description in commit message what\u0027s the needed approach, why and why this script\nDo we need that script in crontab?","commit_id":"6a00984794169a15be1b72305987683c978ec4a3"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"249b5957fa89110008e0a786e24963439a9e33b0","unresolved":false,"context_lines":[{"line_number":1,"context_line":"#!/bin/bash"},{"line_number":2,"context_line":""},{"line_number":3,"context_line":"set -o errexit"},{"line_number":4,"context_line":"set -o pipefail"}],"source_content_type":"text/x-jinja2","patch_set":7,"id":"d047f7ae_388fd87e","line":1,"in_reply_to":"e15f1604_1e032e1d","updated":"2025-12-19 17:15:29.000000000","message":"I would argue that for now we don\u0027t need it in crontab (for fixing the issue), but it should be done later on as a feature ? As discussed on IRC, probbly reworking the whole sync logic (including the credential-keys in the process)","commit_id":"6a00984794169a15be1b72305987683c978ec4a3"},{"author":{"_account_id":37203,"name":"Bertrand Lanson","display_name":"Bertrand Lanson","email":"bertrand.lanson@infomaniak.com","username":"lanson","status":"Infomaniak Network SA"},"change_message_id":"70e86a918914b0d0c18964e6906cceb25d7bb581","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":12,"id":"6339929d_d1850344","line":31,"range":{"start_line":1,"start_character":0,"end_line":31,"end_character":1},"updated":"2026-01-16 20:40:32.000000000","message":"This syntax is terrifying to me, but who am I to argue with the linter?","commit_id":"d30d98504b63ecd5fec3cd102072d46101bf3fed"}]}