)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"c003705c4ca83fee0a749947429d80414a25ebaf","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"aeef2d30_7049d149","updated":"2022-05-10 11:53:11.000000000","message":"We can clean up the response object too!","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"d843a9f71b0e6751ba1d1cb55e311eb29f8b3a30","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"345e404c_34cac79f","updated":"2022-05-10 17:32:55.000000000","message":"I think your PS2 raced with Sean\u0027s comments on PS1. My comments are mostly addressed so I\u0027m OK with this. But this needs a re-spin to address Sean\u0027s. Hence I\u0027m on +1","commit_id":"fb7e0d5059d5cde2dbd8c99119af0e0ebb3b8a71"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"ae4cbe01141dc2d42da67e6c920d3be4d68229b2","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"5af7d67c_0579fce6","updated":"2022-05-10 17:41:09.000000000","message":"One more spec on keypair API is about allowing @, . in keypair name. should we do both (785674 and this) in single microversion bump?\n\nhttps://review.opendev.org/c/openstack/nova-specs/+/785674 (though this needs to be re-proposed but code is almost ready for this)","commit_id":"fb7e0d5059d5cde2dbd8c99119af0e0ebb3b8a71"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"238ac185658428fcf2c7c2d50784b60f3bdbdd7c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"3d57d071_99f6c775","in_reply_to":"5af7d67c_0579fce6","updated":"2022-05-11 09:54:01.000000000","message":"am yes that makes sense to me\nif we want we can combine that into this one\n\nby the way i dont want to extend the scope too much but it would be nice if we eventully supportred passing multipel keypairs to a server.\njust in case sylvain also wants to implement that but yes allowing @ so the keypari can match the default comment makes sense to me.","commit_id":"fb7e0d5059d5cde2dbd8c99119af0e0ebb3b8a71"},{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"586580026f6ff4b9782b9637b664d8cf513ff234","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"0b4f1388_908d51fd","updated":"2022-05-17 21:57:37.000000000","message":"Looks OK to me","commit_id":"89821726d3e1c20c5dde5537b5f42cf44bd15c80"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"2630866c09ad3362fb6eadd7f4420fa5cfc040dd","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"87e4c39a_c6c9d717","updated":"2022-05-17 13:40:33.000000000","message":"i am ok with this revision of the spec.","commit_id":"89821726d3e1c20c5dde5537b5f42cf44bd15c80"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"81ccda58cd8f18ba84569bec794083b5572eb1e0","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"7be525d7_71a84da9","updated":"2022-05-17 17:05:27.000000000","message":"lgtm, just to confirm if we want to merge the another spec here in this microversion\n- https://review.opendev.org/c/openstack/nova-specs/+/785674\n\nI commented that earlier but not sure if Sylvain notice that? But up to Sylvain if that is ok to merge these two changes to do in single microversion.","commit_id":"89821726d3e1c20c5dde5537b5f42cf44bd15c80"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"8a155e99c82441fae7dfc8cc6e991ca243364e1b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"05c76ee6_4078802f","in_reply_to":"5f92b55b_6786b95e","updated":"2022-05-18 09:59:44.000000000","message":"Shit, missed Gmann\u0027s comment about the @ and dot usage for the name.\n\nWill provide a new revision.","commit_id":"89821726d3e1c20c5dde5537b5f42cf44bd15c80"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"109b417256a8e694e31bad06c0a736e77a219334","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"5f92b55b_6786b95e","in_reply_to":"7be525d7_71a84da9","updated":"2022-05-17 17:43:55.000000000","message":"yes i think we shoudl incorpeate that and allow @ so that you can use the default comment as the keypair name\n\ne.g. given ssh-rsa ... me@host we shoudl be able to create a keypair call me@host\n\nand i think merging that into this spec makes sense.","commit_id":"89821726d3e1c20c5dde5537b5f42cf44bd15c80"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"261bf3e4ec47a432446b0621486a088d7d88e57e","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"f592552a_d19c3452","updated":"2022-05-18 16:07:27.000000000","message":"Let\u0027s document the strange default type behavior in the API ref please","commit_id":"bf95c8287cfcd117184919b906aa84c93ef2ec29"},{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"99a27fc4e89c9b0344832ad07764055c6fa1e7c6","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"b1545725_ea123c40","updated":"2022-05-18 16:29:55.000000000","message":"Looks OK to me","commit_id":"bf95c8287cfcd117184919b906aa84c93ef2ec29"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"db894222e8c0de90d54dbcb9bfe48076ac1327eb","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"0fea5e43_24ba89b0","updated":"2022-05-18 11:05:10.000000000","message":"im honestly fine with this as is so lets see what everyone else thinks\nbut im +2 on this. thanks for pulling the the keypair name changes too.","commit_id":"bf95c8287cfcd117184919b906aa84c93ef2ec29"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"50ecca278a43c0cf05d494662db8d09fdbba5044","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"eb394585_bd47dc93","updated":"2022-05-18 14:57:59.000000000","message":"lgtm, thanks Sylvain for merging another change here. \n\nWaiting for melwitt if she has anything on this before we +W. ","commit_id":"bf95c8287cfcd117184919b906aa84c93ef2ec29"}],"specs/zed/approved/keypair-generation-removal.rst":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"24e80233f508b3c885e49c40a6c4d6eb77338bce","unresolved":true,"context_lines":[{"line_number":21,"context_line":""},{"line_number":22,"context_line":"During the Yoga release, we triaged an open bug report [1]_ which was"},{"line_number":23,"context_line":"commenting the fact that OpenSSH 8.8 removed support for RSA/SHA1 signatures"},{"line_number":24,"context_line":"[2]_, leading to keypairs automatically generated by Nova (if not importing) be"},{"line_number":25,"context_line":"incompatible with recent guest OSes, like CentOS9, eventually leading to guests"},{"line_number":26,"context_line":"be unable to be accessible thru SSH."},{"line_number":27,"context_line":"As a consensus, the Nova community agreed during the last PTG on removing"}],"source_content_type":"text/x-rst","patch_set":1,"id":"d6a41c3d_c3beddf9","line":24,"range":{"start_line":24,"start_character":77,"end_line":24,"end_character":79},"updated":"2022-05-10 14:17:30.000000000","message":"being","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"6dea82e7c0e932b5f1b8bb772e4b776f270c78c6","unresolved":false,"context_lines":[{"line_number":21,"context_line":""},{"line_number":22,"context_line":"During the Yoga release, we triaged an open bug report [1]_ which was"},{"line_number":23,"context_line":"commenting the fact that OpenSSH 8.8 removed support for RSA/SHA1 signatures"},{"line_number":24,"context_line":"[2]_, leading to keypairs automatically generated by Nova (if not importing) be"},{"line_number":25,"context_line":"incompatible with recent guest OSes, like CentOS9, eventually leading to guests"},{"line_number":26,"context_line":"be unable to be accessible thru SSH."},{"line_number":27,"context_line":"As a consensus, the Nova community agreed during the last PTG on removing"}],"source_content_type":"text/x-rst","patch_set":1,"id":"ed7c7c15_e6e990b0","line":24,"range":{"start_line":24,"start_character":77,"end_line":24,"end_character":79},"in_reply_to":"d6a41c3d_c3beddf9","updated":"2022-05-18 09:55:42.000000000","message":"Ack","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"2630866c09ad3362fb6eadd7f4420fa5cfc040dd","unresolved":false,"context_lines":[{"line_number":21,"context_line":""},{"line_number":22,"context_line":"During the Yoga release, we triaged an open bug report [1]_ which was"},{"line_number":23,"context_line":"commenting the fact that OpenSSH 8.8 removed support for RSA/SHA1 signatures"},{"line_number":24,"context_line":"[2]_, leading to keypairs automatically generated by Nova (if not importing) be"},{"line_number":25,"context_line":"incompatible with recent guest OSes, like CentOS9, eventually leading to guests"},{"line_number":26,"context_line":"be unable to be accessible thru SSH."},{"line_number":27,"context_line":"As a consensus, the Nova community agreed during the last PTG on removing"}],"source_content_type":"text/x-rst","patch_set":1,"id":"806d6e7b_f9a50282","line":24,"range":{"start_line":24,"start_character":77,"end_line":24,"end_character":79},"in_reply_to":"d6a41c3d_c3beddf9","updated":"2022-05-17 13:40:33.000000000","message":"Done","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"24e80233f508b3c885e49c40a6c4d6eb77338bce","unresolved":true,"context_lines":[{"line_number":23,"context_line":"commenting the fact that OpenSSH 8.8 removed support for RSA/SHA1 signatures"},{"line_number":24,"context_line":"[2]_, leading to keypairs automatically generated by Nova (if not importing) be"},{"line_number":25,"context_line":"incompatible with recent guest OSes, like CentOS9, eventually leading to guests"},{"line_number":26,"context_line":"be unable to be accessible thru SSH."},{"line_number":27,"context_line":"As a consensus, the Nova community agreed during the last PTG on removing"},{"line_number":28,"context_line":"generation support from the ``os-keypairs`` API."},{"line_number":29,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"e4605ff0_977f6374","line":26,"range":{"start_line":26,"start_character":0,"end_line":26,"end_character":2},"updated":"2022-05-10 14:17:30.000000000","message":"being\n\nthis is a run on sentence by the way.\n\nDuring the Yoga release, we triaged an open bug report [1]_ which was\ncommenting the fact that OpenSSH 8.8 removed support for RSA/SHA1 signatures\n[2]_, leading to keypairs automatically generated by Nova (if not importing) be\nincompatible with recent guest OSes, like CentOS9, eventually leading to guests\nbe unable to be accessible thru SSH.\n\n\nit woudl be better to break it up.\n\nDuring the Yoga release, we triaged an open bug report [1]_ which noted\nthe fact that OpenSSH 8.8 removed support for RSA/SHA1 signatures\n[2]_. As a result of this change in openssh behavior keypairs generated by Nova are incompatible with recent guest OSes, like CentOS9,. This leads to guests that are inaccessible via SSH using the key-pairs created by nova.","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"6dea82e7c0e932b5f1b8bb772e4b776f270c78c6","unresolved":false,"context_lines":[{"line_number":23,"context_line":"commenting the fact that OpenSSH 8.8 removed support for RSA/SHA1 signatures"},{"line_number":24,"context_line":"[2]_, leading to keypairs automatically generated by Nova (if not importing) be"},{"line_number":25,"context_line":"incompatible with recent guest OSes, like CentOS9, eventually leading to guests"},{"line_number":26,"context_line":"be unable to be accessible thru SSH."},{"line_number":27,"context_line":"As a consensus, the Nova community agreed during the last PTG on removing"},{"line_number":28,"context_line":"generation support from the ``os-keypairs`` API."},{"line_number":29,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"5dde0cba_e7fa8d41","line":26,"range":{"start_line":26,"start_character":0,"end_line":26,"end_character":2},"in_reply_to":"e4605ff0_977f6374","updated":"2022-05-18 09:55:42.000000000","message":"Ack","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"2630866c09ad3362fb6eadd7f4420fa5cfc040dd","unresolved":false,"context_lines":[{"line_number":23,"context_line":"commenting the fact that OpenSSH 8.8 removed support for RSA/SHA1 signatures"},{"line_number":24,"context_line":"[2]_, leading to keypairs automatically generated by Nova (if not importing) be"},{"line_number":25,"context_line":"incompatible with recent guest OSes, like CentOS9, eventually leading to guests"},{"line_number":26,"context_line":"be unable to be accessible thru SSH."},{"line_number":27,"context_line":"As a consensus, the Nova community agreed during the last PTG on removing"},{"line_number":28,"context_line":"generation support from the ``os-keypairs`` API."},{"line_number":29,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"38daa7aa_856bb04d","line":26,"range":{"start_line":26,"start_character":0,"end_line":26,"end_character":2},"in_reply_to":"e4605ff0_977f6374","updated":"2022-05-17 13:40:33.000000000","message":"Done","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"24e80233f508b3c885e49c40a6c4d6eb77338bce","unresolved":true,"context_lines":[{"line_number":24,"context_line":"[2]_, leading to keypairs automatically generated by Nova (if not importing) be"},{"line_number":25,"context_line":"incompatible with recent guest OSes, like CentOS9, eventually leading to guests"},{"line_number":26,"context_line":"be unable to be accessible thru SSH."},{"line_number":27,"context_line":"As a consensus, the Nova community agreed during the last PTG on removing"},{"line_number":28,"context_line":"generation support from the ``os-keypairs`` API."},{"line_number":29,"context_line":""},{"line_number":30,"context_line":"Use Cases"},{"line_number":31,"context_line":"---------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"8931652b_f6f74aaa","line":28,"range":{"start_line":27,"start_character":0,"end_line":28,"end_character":48},"updated":"2022-05-10 14:17:30.000000000","message":"The consensus of the Nova community during the last PTG  was to remove\nthe generation of key-pairs from the ``os-keypairs`` API.","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"6dea82e7c0e932b5f1b8bb772e4b776f270c78c6","unresolved":false,"context_lines":[{"line_number":24,"context_line":"[2]_, leading to keypairs automatically generated by Nova (if not importing) be"},{"line_number":25,"context_line":"incompatible with recent guest OSes, like CentOS9, eventually leading to guests"},{"line_number":26,"context_line":"be unable to be accessible thru SSH."},{"line_number":27,"context_line":"As a consensus, the Nova community agreed during the last PTG on removing"},{"line_number":28,"context_line":"generation support from the ``os-keypairs`` API."},{"line_number":29,"context_line":""},{"line_number":30,"context_line":"Use Cases"},{"line_number":31,"context_line":"---------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"641dafd1_5e624388","line":28,"range":{"start_line":27,"start_character":0,"end_line":28,"end_character":48},"in_reply_to":"8931652b_f6f74aaa","updated":"2022-05-18 09:55:42.000000000","message":"Ack","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"2630866c09ad3362fb6eadd7f4420fa5cfc040dd","unresolved":false,"context_lines":[{"line_number":24,"context_line":"[2]_, leading to keypairs automatically generated by Nova (if not importing) be"},{"line_number":25,"context_line":"incompatible with recent guest OSes, like CentOS9, eventually leading to guests"},{"line_number":26,"context_line":"be unable to be accessible thru SSH."},{"line_number":27,"context_line":"As a consensus, the Nova community agreed during the last PTG on removing"},{"line_number":28,"context_line":"generation support from the ``os-keypairs`` API."},{"line_number":29,"context_line":""},{"line_number":30,"context_line":"Use Cases"},{"line_number":31,"context_line":"---------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"1099a3ed_5cf87702","line":28,"range":{"start_line":27,"start_character":0,"end_line":28,"end_character":48},"in_reply_to":"8931652b_f6f74aaa","updated":"2022-05-17 13:40:33.000000000","message":"Done","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"c003705c4ca83fee0a749947429d80414a25ebaf","unresolved":true,"context_lines":[{"line_number":40,"context_line":"Proposed change"},{"line_number":41,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"We\u0027ll propose a new API microversion that will force the user to propose a"},{"line_number":44,"context_line":"public key instead of having it optional in the previous versions."},{"line_number":45,"context_line":"We\u0027ll also drop (in the same versioned schema) the request parameter named"},{"line_number":46,"context_line":"``type``."}],"source_content_type":"text/x-rst","patch_set":1,"id":"9f8f4cff_d7359c6e","line":43,"range":{"start_line":43,"start_character":65,"end_line":43,"end_character":72},"updated":"2022-05-10 11:53:11.000000000","message":"nit: send","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"d8045a89d9bc881755c59db434dc3bdf770e3968","unresolved":false,"context_lines":[{"line_number":40,"context_line":"Proposed change"},{"line_number":41,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"We\u0027ll propose a new API microversion that will force the user to propose a"},{"line_number":44,"context_line":"public key instead of having it optional in the previous versions."},{"line_number":45,"context_line":"We\u0027ll also drop (in the same versioned schema) the request parameter named"},{"line_number":46,"context_line":"``type``."}],"source_content_type":"text/x-rst","patch_set":1,"id":"f05d93b5_1d940210","line":43,"range":{"start_line":43,"start_character":65,"end_line":43,"end_character":72},"in_reply_to":"9f8f4cff_d7359c6e","updated":"2022-05-17 12:50:57.000000000","message":"Ack","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"24e80233f508b3c885e49c40a6c4d6eb77338bce","unresolved":true,"context_lines":[{"line_number":40,"context_line":"Proposed change"},{"line_number":41,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"We\u0027ll propose a new API microversion that will force the user to propose a"},{"line_number":44,"context_line":"public key instead of having it optional in the previous versions."},{"line_number":45,"context_line":"We\u0027ll also drop (in the same versioned schema) the request parameter named"},{"line_number":46,"context_line":"``type``."}],"source_content_type":"text/x-rst","patch_set":1,"id":"f201ad89_c399602a","line":43,"range":{"start_line":43,"start_character":65,"end_line":43,"end_character":72},"in_reply_to":"9f8f4cff_d7359c6e","updated":"2022-05-10 14:17:30.000000000","message":"import","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"d843a9f71b0e6751ba1d1cb55e311eb29f8b3a30","unresolved":true,"context_lines":[{"line_number":40,"context_line":"Proposed change"},{"line_number":41,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"We\u0027ll propose a new API microversion that will force the user to propose a"},{"line_number":44,"context_line":"public key instead of having it optional in the previous versions."},{"line_number":45,"context_line":"We\u0027ll also drop (in the same versioned schema) the request parameter named"},{"line_number":46,"context_line":"``type``."}],"source_content_type":"text/x-rst","patch_set":1,"id":"58ff0c9c_26e19b7b","line":43,"range":{"start_line":43,"start_character":65,"end_line":43,"end_character":72},"in_reply_to":"f201ad89_c399602a","updated":"2022-05-10 17:32:55.000000000","message":"even better, thanks.","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"24e80233f508b3c885e49c40a6c4d6eb77338bce","unresolved":true,"context_lines":[{"line_number":41,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"We\u0027ll propose a new API microversion that will force the user to propose a"},{"line_number":44,"context_line":"public key instead of having it optional in the previous versions."},{"line_number":45,"context_line":"We\u0027ll also drop (in the same versioned schema) the request parameter named"},{"line_number":46,"context_line":"``type``."},{"line_number":47,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"379cb174_d59b7fd6","line":44,"range":{"start_line":44,"start_character":7,"end_line":44,"end_character":66},"updated":"2022-05-10 14:17:30.000000000","message":"key.\n\ndelete the rest.","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"6dea82e7c0e932b5f1b8bb772e4b776f270c78c6","unresolved":false,"context_lines":[{"line_number":41,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"We\u0027ll propose a new API microversion that will force the user to propose a"},{"line_number":44,"context_line":"public key instead of having it optional in the previous versions."},{"line_number":45,"context_line":"We\u0027ll also drop (in the same versioned schema) the request parameter named"},{"line_number":46,"context_line":"``type``."},{"line_number":47,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"fbd08690_b3e856f0","line":44,"range":{"start_line":44,"start_character":7,"end_line":44,"end_character":66},"in_reply_to":"379cb174_d59b7fd6","updated":"2022-05-18 09:55:42.000000000","message":"Ack","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"2630866c09ad3362fb6eadd7f4420fa5cfc040dd","unresolved":false,"context_lines":[{"line_number":41,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"We\u0027ll propose a new API microversion that will force the user to propose a"},{"line_number":44,"context_line":"public key instead of having it optional in the previous versions."},{"line_number":45,"context_line":"We\u0027ll also drop (in the same versioned schema) the request parameter named"},{"line_number":46,"context_line":"``type``."},{"line_number":47,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"41321c52_80a035b8","line":44,"range":{"start_line":44,"start_character":7,"end_line":44,"end_character":66},"in_reply_to":"379cb174_d59b7fd6","updated":"2022-05-17 13:40:33.000000000","message":"Done","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"24e80233f508b3c885e49c40a6c4d6eb77338bce","unresolved":true,"context_lines":[{"line_number":42,"context_line":""},{"line_number":43,"context_line":"We\u0027ll propose a new API microversion that will force the user to propose a"},{"line_number":44,"context_line":"public key instead of having it optional in the previous versions."},{"line_number":45,"context_line":"We\u0027ll also drop (in the same versioned schema) the request parameter named"},{"line_number":46,"context_line":"``type``."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"Accordingly, the JSON request schema of POST /os-keypairs will look like this :"},{"line_number":49,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"a955aebf_96394b5d","line":46,"range":{"start_line":45,"start_character":0,"end_line":46,"end_character":8},"updated":"2022-05-10 14:17:30.000000000","message":"we could but i dont really see a harm in keeping this so we know if its an ssh key or x509 cert.\n\nif we remove it entirly by defition i guess it woudl be untyped now but i dont know if cloud-init or cloud base init actually depends on the key type.\n\nso this might break somethign if we remove it\n\nwe pass the keypair in public-keys filed in the ec2 format at least.\nhttps://github.com/openstack/nova/blob/972c06c608f0b00e9066d7f581fd81197065cf49/nova/api/metadata/base.py#L262-L274\u003d\n\nbut also encode it as keys \nhttps://github.com/openstack/nova/blob/master/nova/api/metadata/base.py#L339-L343\u003d\n\ni would have expected the x509 keys to be encoded in  \"base64_encoded_keys\": [],\nbut i guess we also pass those as public keys under meta-data/public-keys/0/openssh-key \nhttps://cloudinit.readthedocs.io/en/latest/topics/instancedata.html#example-output\n\nso i guess looking quickly we proably dont need the type.\nit still might be nice to have.","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"6dea82e7c0e932b5f1b8bb772e4b776f270c78c6","unresolved":true,"context_lines":[{"line_number":42,"context_line":""},{"line_number":43,"context_line":"We\u0027ll propose a new API microversion that will force the user to propose a"},{"line_number":44,"context_line":"public key instead of having it optional in the previous versions."},{"line_number":45,"context_line":"We\u0027ll also drop (in the same versioned schema) the request parameter named"},{"line_number":46,"context_line":"``type``."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"Accordingly, the JSON request schema of POST /os-keypairs will look like this :"},{"line_number":49,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"d8525b07_842ea3c6","line":46,"range":{"start_line":45,"start_character":0,"end_line":46,"end_character":8},"in_reply_to":"0ee5c638_e2040aa0","updated":"2022-05-18 09:55:42.000000000","message":"Melwitt, no it\u0027s possible to import a x509 public key, so we should continue to support it : https://github.com/openstack/nova/blob/972c06c608f0b00e9066d7f581fd81197065cf49/nova/api/openstack/compute/keypairs.py#L105","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"2630866c09ad3362fb6eadd7f4420fa5cfc040dd","unresolved":false,"context_lines":[{"line_number":42,"context_line":""},{"line_number":43,"context_line":"We\u0027ll propose a new API microversion that will force the user to propose a"},{"line_number":44,"context_line":"public key instead of having it optional in the previous versions."},{"line_number":45,"context_line":"We\u0027ll also drop (in the same versioned schema) the request parameter named"},{"line_number":46,"context_line":"``type``."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"Accordingly, the JSON request schema of POST /os-keypairs will look like this :"},{"line_number":49,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"58c09388_eb6aae15","line":46,"range":{"start_line":45,"start_character":0,"end_line":46,"end_character":8},"in_reply_to":"0ee5c638_e2040aa0","updated":"2022-05-17 13:40:33.000000000","message":"this has no been removed form the sepc.","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"7426150aeec631187cf835572905e43d31ea1dd8","unresolved":true,"context_lines":[{"line_number":42,"context_line":""},{"line_number":43,"context_line":"We\u0027ll propose a new API microversion that will force the user to propose a"},{"line_number":44,"context_line":"public key instead of having it optional in the previous versions."},{"line_number":45,"context_line":"We\u0027ll also drop (in the same versioned schema) the request parameter named"},{"line_number":46,"context_line":"``type``."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"Accordingly, the JSON request schema of POST /os-keypairs will look like this :"},{"line_number":49,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"0ee5c638_e2040aa0","line":46,"range":{"start_line":45,"start_character":0,"end_line":46,"end_character":8},"in_reply_to":"2a9d4409_e636f0b9","updated":"2022-05-12 00:00:14.000000000","message":"It looks like the \u0027type\u0027 param was only intended for the keypair generation ability [1], so if we keep it, it will become only a label. Maybe that is still helpful for users? Would they be disappointed if it went away?\n\n[1] https://docs.openstack.org/nova/latest/reference/api-microversion-history.html#id2","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"ae4cbe01141dc2d42da67e6c920d3be4d68229b2","unresolved":true,"context_lines":[{"line_number":42,"context_line":""},{"line_number":43,"context_line":"We\u0027ll propose a new API microversion that will force the user to propose a"},{"line_number":44,"context_line":"public key instead of having it optional in the previous versions."},{"line_number":45,"context_line":"We\u0027ll also drop (in the same versioned schema) the request parameter named"},{"line_number":46,"context_line":"``type``."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"Accordingly, the JSON request schema of POST /os-keypairs will look like this :"},{"line_number":49,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"2a9d4409_e636f0b9","line":46,"range":{"start_line":45,"start_character":0,"end_line":46,"end_character":8},"in_reply_to":"a955aebf_96394b5d","updated":"2022-05-10 17:41:09.000000000","message":"as we are still supporting x5.09 cert it will be good to keep. if we are removing then we need to remove it from GET keypair APIs response lso.","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"db894222e8c0de90d54dbcb9bfe48076ac1327eb","unresolved":false,"context_lines":[{"line_number":42,"context_line":""},{"line_number":43,"context_line":"We\u0027ll propose a new API microversion that will force the user to propose a"},{"line_number":44,"context_line":"public key instead of having it optional in the previous versions."},{"line_number":45,"context_line":"We\u0027ll also drop (in the same versioned schema) the request parameter named"},{"line_number":46,"context_line":"``type``."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"Accordingly, the JSON request schema of POST /os-keypairs will look like this :"},{"line_number":49,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"8d6a3cde_c7364ade","line":46,"range":{"start_line":45,"start_character":0,"end_line":46,"end_character":8},"in_reply_to":"d8525b07_842ea3c6","updated":"2022-05-18 11:05:10.000000000","message":"Done","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"24e80233f508b3c885e49c40a6c4d6eb77338bce","unresolved":true,"context_lines":[{"line_number":45,"context_line":"We\u0027ll also drop (in the same versioned schema) the request parameter named"},{"line_number":46,"context_line":"``type``."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"Accordingly, the JSON request schema of POST /os-keypairs will look like this :"},{"line_number":49,"context_line":""},{"line_number":50,"context_line":""},{"line_number":51,"context_line":".. code-block:: python"}],"source_content_type":"text/x-rst","patch_set":1,"id":"ed9c1682_ede8e405","line":48,"updated":"2022-05-10 14:17:30.000000000","message":"should we note that we are also removing the generation of x509 certs (assuming that was a thing?)","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"db894222e8c0de90d54dbcb9bfe48076ac1327eb","unresolved":false,"context_lines":[{"line_number":45,"context_line":"We\u0027ll also drop (in the same versioned schema) the request parameter named"},{"line_number":46,"context_line":"``type``."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"Accordingly, the JSON request schema of POST /os-keypairs will look like this :"},{"line_number":49,"context_line":""},{"line_number":50,"context_line":""},{"line_number":51,"context_line":".. code-block:: python"}],"source_content_type":"text/x-rst","patch_set":1,"id":"d36354aa_17188b70","line":48,"in_reply_to":"66a1951a_fef4be3e","updated":"2022-05-18 11:05:10.000000000","message":"Done","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"2630866c09ad3362fb6eadd7f4420fa5cfc040dd","unresolved":false,"context_lines":[{"line_number":45,"context_line":"We\u0027ll also drop (in the same versioned schema) the request parameter named"},{"line_number":46,"context_line":"``type``."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"Accordingly, the JSON request schema of POST /os-keypairs will look like this :"},{"line_number":49,"context_line":""},{"line_number":50,"context_line":""},{"line_number":51,"context_line":".. code-block:: python"}],"source_content_type":"text/x-rst","patch_set":1,"id":"60b887cb_3f4c2543","line":48,"in_reply_to":"af8ed1f5_4bef02ba","updated":"2022-05-17 13:40:33.000000000","message":"Done","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"6dea82e7c0e932b5f1b8bb772e4b776f270c78c6","unresolved":true,"context_lines":[{"line_number":45,"context_line":"We\u0027ll also drop (in the same versioned schema) the request parameter named"},{"line_number":46,"context_line":"``type``."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"Accordingly, the JSON request schema of POST /os-keypairs will look like this :"},{"line_number":49,"context_line":""},{"line_number":50,"context_line":""},{"line_number":51,"context_line":".. code-block:: python"}],"source_content_type":"text/x-rst","patch_set":1,"id":"66a1951a_fef4be3e","line":48,"in_reply_to":"af8ed1f5_4bef02ba","updated":"2022-05-18 09:55:42.000000000","message":"So, I looked more at the code and we are able to import a x509 public key :\nhttps://github.com/openstack/nova/blob/972c06c608f0b00e9066d7f581fd81197065cf49/nova/api/openstack/compute/keypairs.py#L105\n\nSo, I don\u0027t think we should remove the type, just continuing to support it only by import.","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"ae4cbe01141dc2d42da67e6c920d3be4d68229b2","unresolved":true,"context_lines":[{"line_number":45,"context_line":"We\u0027ll also drop (in the same versioned schema) the request parameter named"},{"line_number":46,"context_line":"``type``."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"Accordingly, the JSON request schema of POST /os-keypairs will look like this :"},{"line_number":49,"context_line":""},{"line_number":50,"context_line":""},{"line_number":51,"context_line":".. code-block:: python"}],"source_content_type":"text/x-rst","patch_set":1,"id":"f07a971b_3042f131","line":48,"in_reply_to":"ed9c1682_ede8e405","updated":"2022-05-10 17:41:09.000000000","message":"I think we are removing the generation of both ssh and x509. but +1 on explictly mentioning that.","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"238ac185658428fcf2c7c2d50784b60f3bdbdd7c","unresolved":true,"context_lines":[{"line_number":45,"context_line":"We\u0027ll also drop (in the same versioned schema) the request parameter named"},{"line_number":46,"context_line":"``type``."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"Accordingly, the JSON request schema of POST /os-keypairs will look like this :"},{"line_number":49,"context_line":""},{"line_number":50,"context_line":""},{"line_number":51,"context_line":".. code-block:: python"}],"source_content_type":"text/x-rst","patch_set":1,"id":"af8ed1f5_4bef02ba","line":48,"in_reply_to":"f07a971b_3042f131","updated":"2022-05-11 09:54:01.000000000","message":"yes we are removing generation in general for all types\n\ni was not orginally sure that we had generation fo x509 certs but we do\nhttps://github.com/openstack/nova/blob/972c06c608f0b00e9066d7f581fd81197065cf49/nova/compute/api.py#L6735-L6739\u003d\n\nit would still be there for older microverions","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"c003705c4ca83fee0a749947429d80414a25ebaf","unresolved":true,"context_lines":[{"line_number":85,"context_line":"REST API impact"},{"line_number":86,"context_line":"---------------"},{"line_number":87,"context_line":""},{"line_number":88,"context_line":"All the details are already described above. The response wouldn\u0027t change as"},{"line_number":89,"context_line":"we continue to return a keypair with its signature."},{"line_number":90,"context_line":"No policy changes are identified, as we only drop support for a capability."},{"line_number":91,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"00fe2767_83131aab","line":88,"range":{"start_line":88,"start_character":49,"end_line":88,"end_character":73},"updated":"2022-05-10 11:53:11.000000000","message":"Do we want to drop ``type`` from the response too? Also I think we can drop ``private_key`` from the response too","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"d8045a89d9bc881755c59db434dc3bdf770e3968","unresolved":false,"context_lines":[{"line_number":85,"context_line":"REST API impact"},{"line_number":86,"context_line":"---------------"},{"line_number":87,"context_line":""},{"line_number":88,"context_line":"All the details are already described above. The response wouldn\u0027t change as"},{"line_number":89,"context_line":"we continue to return a keypair with its signature."},{"line_number":90,"context_line":"No policy changes are identified, as we only drop support for a capability."},{"line_number":91,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"7820bf64_e2e0fd1f","line":88,"range":{"start_line":88,"start_character":49,"end_line":88,"end_character":73},"in_reply_to":"00fe2767_83131aab","updated":"2022-05-17 12:50:57.000000000","message":"Ack for private_key, NACK for \u0027type\u0027 as this is possible to import a pubkey that is related to a x509 certificate.","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"24e80233f508b3c885e49c40a6c4d6eb77338bce","unresolved":true,"context_lines":[{"line_number":85,"context_line":"REST API impact"},{"line_number":86,"context_line":"---------------"},{"line_number":87,"context_line":""},{"line_number":88,"context_line":"All the details are already described above. The response wouldn\u0027t change as"},{"line_number":89,"context_line":"we continue to return a keypair with its signature."},{"line_number":90,"context_line":"No policy changes are identified, as we only drop support for a capability."},{"line_number":91,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"ef17c44a_04be064a","line":88,"range":{"start_line":88,"start_character":49,"end_line":88,"end_character":73},"in_reply_to":"00fe2767_83131aab","updated":"2022-05-10 14:17:30.000000000","message":"so not sure we might still want to know if its an ssh key or an x509 key","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"d2dba70d33ff1156810c25c13911eafebdf1553a","unresolved":true,"context_lines":[{"line_number":85,"context_line":"REST API impact"},{"line_number":86,"context_line":"---------------"},{"line_number":87,"context_line":""},{"line_number":88,"context_line":"All the details are already described above. The response wouldn\u0027t change as"},{"line_number":89,"context_line":"we continue to return a keypair with its signature."},{"line_number":90,"context_line":"No policy changes are identified, as we only drop support for a capability."},{"line_number":91,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"d32f976d_e05e06c8","line":88,"range":{"start_line":88,"start_character":49,"end_line":88,"end_character":73},"in_reply_to":"a5f834a1_09455c40","updated":"2022-05-11 09:55:20.000000000","message":"yes we do https://github.com/openstack/nova/blob/972c06c608f0b00e9066d7f581fd81197065cf49/nova/compute/api.py#L6637-L6670\u003d\n\nwe default to ssh if you dont pass a type at least in this part of the code but you can generate and import both today.","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"d843a9f71b0e6751ba1d1cb55e311eb29f8b3a30","unresolved":true,"context_lines":[{"line_number":85,"context_line":"REST API impact"},{"line_number":86,"context_line":"---------------"},{"line_number":87,"context_line":""},{"line_number":88,"context_line":"All the details are already described above. The response wouldn\u0027t change as"},{"line_number":89,"context_line":"we continue to return a keypair with its signature."},{"line_number":90,"context_line":"No policy changes are identified, as we only drop support for a capability."},{"line_number":91,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"a5f834a1_09455c40","line":88,"range":{"start_line":88,"start_character":49,"end_line":88,"end_character":73},"in_reply_to":"ef17c44a_04be064a","updated":"2022-05-10 17:32:55.000000000","message":"do we support importing that key type? As we are planning to remove the ``type`` from the request, will nova be able to differentiate between the key types?","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"24e80233f508b3c885e49c40a6c4d6eb77338bce","unresolved":true,"context_lines":[{"line_number":94,"context_line":"---------------"},{"line_number":95,"context_line":""},{"line_number":96,"context_line":"We\u0027ll improve security, for sure, by not letting Nova to create keypairs that"},{"line_number":97,"context_line":"are cryptographically broken [3]_."},{"line_number":98,"context_line":""},{"line_number":99,"context_line":""},{"line_number":100,"context_line":"Notifications impact"}],"source_content_type":"text/x-rst","patch_set":1,"id":"e7ee44de_a325b27d","line":97,"range":{"start_line":97,"start_character":22,"end_line":97,"end_character":28},"updated":"2022-05-10 14:17:30.000000000","message":"well they are not broken they are just disbaled by policy.\nand technially the keypair does not specify the has algortim you can use our keyparis with sha256 but when some distors disabled rsa they disabled it regardless of the hashing algrotim used and other server like gerrit never implemented the hash negociation.\n\nbasicaly the hash algortims \"sha1\" is not an atribute of the key its an atibute of the protocal that is negrocated withthe server.\n\nsee https://www.ietf.org/rfc/rfc8332.txt\n\"\"\"\n   since RSA keys are not dependent on the choice of hash function, the\n   new public key algorithms reuse the \"ssh-rsa\" public key format as\n   defined in [RFC4253]:\n\n   string    \"ssh-rsa\"\n   mpint     e\n   mpint     n\n\n   All aspects of the \"ssh-rsa\" format are kept, including the encoded\n   string \"ssh-rsa\".  This allows existing RSA keys to be used with the\n   new public key algorithms, without requiring re-encoding or affecting\n   already trusted key fingerprints.\n\"\"\"","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"4e72bec3472636cec1a371d9ed7ed7c6b34cf7a0","unresolved":false,"context_lines":[{"line_number":94,"context_line":"---------------"},{"line_number":95,"context_line":""},{"line_number":96,"context_line":"We\u0027ll improve security, for sure, by not letting Nova to create keypairs that"},{"line_number":97,"context_line":"are cryptographically broken [3]_."},{"line_number":98,"context_line":""},{"line_number":99,"context_line":""},{"line_number":100,"context_line":"Notifications impact"}],"source_content_type":"text/x-rst","patch_set":1,"id":"cbca2b90_3a037430","line":97,"range":{"start_line":97,"start_character":22,"end_line":97,"end_character":28},"in_reply_to":"e7ee44de_a325b27d","updated":"2022-05-17 13:41:33.000000000","message":"Done","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"c003705c4ca83fee0a749947429d80414a25ebaf","unresolved":true,"context_lines":[{"line_number":181,"context_line":"References"},{"line_number":182,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":183,"context_line":""},{"line_number":184,"context_line":"  .. [1] https://bugs.launchpad.net/nova/+bug/1962726"},{"line_number":185,"context_line":"  .. [2] https://www.openssh.com/txt/release-8.8"},{"line_number":186,"context_line":"  .. [3] \"SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and"},{"line_number":187,"context_line":"    Application to the PGP Web of Trust\" Leurent, G and Peyrin, T"}],"source_content_type":"text/x-rst","patch_set":1,"id":"89a28edc_961226b0","line":184,"updated":"2022-05-10 11:53:11.000000000","message":"This syntax looks a bit broken in the generated html: https://ea4b2d4f8d5c187742d9-e77ce0ffc4ffea95c693e8c73a486dc2.ssl.cf2.rackcdn.com/840217/1/check/openstack-tox-docs/b55322e/docs/specs/zed/approved/keypair-generation-removal.html","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"6dea82e7c0e932b5f1b8bb772e4b776f270c78c6","unresolved":false,"context_lines":[{"line_number":181,"context_line":"References"},{"line_number":182,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":183,"context_line":""},{"line_number":184,"context_line":"  .. [1] https://bugs.launchpad.net/nova/+bug/1962726"},{"line_number":185,"context_line":"  .. [2] https://www.openssh.com/txt/release-8.8"},{"line_number":186,"context_line":"  .. [3] \"SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and"},{"line_number":187,"context_line":"    Application to the PGP Web of Trust\" Leurent, G and Peyrin, T"}],"source_content_type":"text/x-rst","patch_set":1,"id":"ff0d907e_fbcbf84b","line":184,"in_reply_to":"89a28edc_961226b0","updated":"2022-05-18 09:55:42.000000000","message":"Ack","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"4e72bec3472636cec1a371d9ed7ed7c6b34cf7a0","unresolved":false,"context_lines":[{"line_number":181,"context_line":"References"},{"line_number":182,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":183,"context_line":""},{"line_number":184,"context_line":"  .. [1] https://bugs.launchpad.net/nova/+bug/1962726"},{"line_number":185,"context_line":"  .. [2] https://www.openssh.com/txt/release-8.8"},{"line_number":186,"context_line":"  .. [3] \"SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and"},{"line_number":187,"context_line":"    Application to the PGP Web of Trust\" Leurent, G and Peyrin, T"}],"source_content_type":"text/x-rst","patch_set":1,"id":"2feb5f74_eb75eb14","line":184,"in_reply_to":"89a28edc_961226b0","updated":"2022-05-17 13:41:33.000000000","message":"Done","commit_id":"ecd36bdc48b0ca844c69769aca6332dfee149ff6"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"2630866c09ad3362fb6eadd7f4420fa5cfc040dd","unresolved":false,"context_lines":[{"line_number":74,"context_line":"The JSON response will also change as we no longer generate private keys :"},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"* ``private_key`` will never be returned from that microversion"},{"line_number":77,"context_line":""},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"Alternatives"},{"line_number":80,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"c15d0e35_bb5c6a38","line":77,"updated":"2022-05-17 13:40:33.000000000","message":"+1","commit_id":"89821726d3e1c20c5dde5537b5f42cf44bd15c80"},{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"586580026f6ff4b9782b9637b664d8cf513ff234","unresolved":true,"context_lines":[{"line_number":102,"context_line":"---------------"},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"We\u0027ll improve security, for sure, by not letting Nova to create keypairs that"},{"line_number":105,"context_line":"are disabled by OS policy due to the flawless of SHA-1 (even if ssh-rsa can"},{"line_number":106,"context_line":"generate keys with SHA-256 hash algorithm) [3]_."},{"line_number":107,"context_line":""},{"line_number":108,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"c7169291_16b3b8b8","line":105,"range":{"start_line":105,"start_character":37,"end_line":105,"end_character":45},"updated":"2022-05-17 21:57:37.000000000","message":"flaws?","commit_id":"89821726d3e1c20c5dde5537b5f42cf44bd15c80"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"db894222e8c0de90d54dbcb9bfe48076ac1327eb","unresolved":false,"context_lines":[{"line_number":102,"context_line":"---------------"},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"We\u0027ll improve security, for sure, by not letting Nova to create keypairs that"},{"line_number":105,"context_line":"are disabled by OS policy due to the flawless of SHA-1 (even if ssh-rsa can"},{"line_number":106,"context_line":"generate keys with SHA-256 hash algorithm) [3]_."},{"line_number":107,"context_line":""},{"line_number":108,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"452b6f51_8b6a417d","line":105,"range":{"start_line":105,"start_character":37,"end_line":105,"end_character":45},"in_reply_to":"c7169291_16b3b8b8","updated":"2022-05-18 11:05:10.000000000","message":"Done","commit_id":"89821726d3e1c20c5dde5537b5f42cf44bd15c80"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"2630866c09ad3362fb6eadd7f4420fa5cfc040dd","unresolved":true,"context_lines":[{"line_number":103,"context_line":""},{"line_number":104,"context_line":"We\u0027ll improve security, for sure, by not letting Nova to create keypairs that"},{"line_number":105,"context_line":"are disabled by OS policy due to the flawless of SHA-1 (even if ssh-rsa can"},{"line_number":106,"context_line":"generate keys with SHA-256 hash algorithm) [3]_."},{"line_number":107,"context_line":""},{"line_number":108,"context_line":""},{"line_number":109,"context_line":"Notifications impact"}],"source_content_type":"text/x-rst","patch_set":3,"id":"9f6be4ad_6e47ab56","line":106,"range":{"start_line":106,"start_character":0,"end_line":106,"end_character":8},"updated":"2022-05-17 13:40:33.000000000","message":"nit technical its verify.\n\nsha1 is used as the hashing algorthim when validating the keys not when generating them but its fine you have a reference to the detail if people want to read it.","commit_id":"89821726d3e1c20c5dde5537b5f42cf44bd15c80"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"db894222e8c0de90d54dbcb9bfe48076ac1327eb","unresolved":false,"context_lines":[{"line_number":103,"context_line":""},{"line_number":104,"context_line":"We\u0027ll improve security, for sure, by not letting Nova to create keypairs that"},{"line_number":105,"context_line":"are disabled by OS policy due to the flawless of SHA-1 (even if ssh-rsa can"},{"line_number":106,"context_line":"generate keys with SHA-256 hash algorithm) [3]_."},{"line_number":107,"context_line":""},{"line_number":108,"context_line":""},{"line_number":109,"context_line":"Notifications impact"}],"source_content_type":"text/x-rst","patch_set":3,"id":"ab813e31_ec8495f6","line":106,"range":{"start_line":106,"start_character":0,"end_line":106,"end_character":8},"in_reply_to":"9f6be4ad_6e47ab56","updated":"2022-05-18 11:05:10.000000000","message":"Done","commit_id":"89821726d3e1c20c5dde5537b5f42cf44bd15c80"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"13d4eb00ea47eef64620d77d7b11fe2801555954","unresolved":true,"context_lines":[{"line_number":63,"context_line":"                  \u0027public_key\u0027: {\u0027type\u0027: \u0027string\u0027},"},{"line_number":64,"context_line":"                  \u0027user_id\u0027: {\u0027type\u0027: \u0027string\u0027},"},{"line_number":65,"context_line":"              },"},{"line_number":66,"context_line":"              \u0027required\u0027: [\u0027name\u0027, \u0027public_key\u0027],"},{"line_number":67,"context_line":"              \u0027additionalProperties\u0027: False,"},{"line_number":68,"context_line":"          },"},{"line_number":69,"context_line":"      },"}],"source_content_type":"text/x-rst","patch_set":5,"id":"52370f37_0753ffe5","line":66,"updated":"2022-05-18 15:10:29.000000000","message":"So ``type`` is not required. If it is not sent in the request does nova still can determine the type of the key? \n* If not then what nova will return in the ``type`` parameter in GET /os-keypairs ?\n* If yes then why the user needs to send in the ``type`` at all?","commit_id":"bf95c8287cfcd117184919b906aa84c93ef2ec29"},{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"99a27fc4e89c9b0344832ad07764055c6fa1e7c6","unresolved":true,"context_lines":[{"line_number":63,"context_line":"                  \u0027public_key\u0027: {\u0027type\u0027: \u0027string\u0027},"},{"line_number":64,"context_line":"                  \u0027user_id\u0027: {\u0027type\u0027: \u0027string\u0027},"},{"line_number":65,"context_line":"              },"},{"line_number":66,"context_line":"              \u0027required\u0027: [\u0027name\u0027, \u0027public_key\u0027],"},{"line_number":67,"context_line":"              \u0027additionalProperties\u0027: False,"},{"line_number":68,"context_line":"          },"},{"line_number":69,"context_line":"      },"}],"source_content_type":"text/x-rst","patch_set":5,"id":"9b038b02_1884bfdd","line":66,"in_reply_to":"0c82d328_36879181","updated":"2022-05-18 16:29:55.000000000","message":"(later) Just read the #openstack-nova scrollback and the point that this \"bug\" is pre-existing is fair, that it\u0027s technically out of scope for this spec.","commit_id":"bf95c8287cfcd117184919b906aa84c93ef2ec29"},{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"507b72d432431ab6abc8cc0adcd981e1532116e8","unresolved":true,"context_lines":[{"line_number":63,"context_line":"                  \u0027public_key\u0027: {\u0027type\u0027: \u0027string\u0027},"},{"line_number":64,"context_line":"                  \u0027user_id\u0027: {\u0027type\u0027: \u0027string\u0027},"},{"line_number":65,"context_line":"              },"},{"line_number":66,"context_line":"              \u0027required\u0027: [\u0027name\u0027, \u0027public_key\u0027],"},{"line_number":67,"context_line":"              \u0027additionalProperties\u0027: False,"},{"line_number":68,"context_line":"          },"},{"line_number":69,"context_line":"      },"}],"source_content_type":"text/x-rst","patch_set":5,"id":"0c82d328_36879181","line":66,"in_reply_to":"2a32904c_56a9606f","updated":"2022-05-18 16:24:41.000000000","message":"Agreed ... AFAICT \u0027type\u0027 was only meant to be used with keypair generation, if used with import, you can have mismatches like this.\n\nI wondered if there may be a simple way to detect whether the imported key is ssh vs x509 and default or validate the \u0027type\u0027 accordingly?","commit_id":"bf95c8287cfcd117184919b906aa84c93ef2ec29"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"3f25ffc6b7eba2c01a3ffb7a68be6a340ae5f48d","unresolved":true,"context_lines":[{"line_number":63,"context_line":"                  \u0027public_key\u0027: {\u0027type\u0027: \u0027string\u0027},"},{"line_number":64,"context_line":"                  \u0027user_id\u0027: {\u0027type\u0027: \u0027string\u0027},"},{"line_number":65,"context_line":"              },"},{"line_number":66,"context_line":"              \u0027required\u0027: [\u0027name\u0027, \u0027public_key\u0027],"},{"line_number":67,"context_line":"              \u0027additionalProperties\u0027: False,"},{"line_number":68,"context_line":"          },"},{"line_number":69,"context_line":"      },"}],"source_content_type":"text/x-rst","patch_set":5,"id":"acca37de_a2a92ce1","line":66,"in_reply_to":"52370f37_0753ffe5","updated":"2022-05-18 15:23:07.000000000","message":"\u003e So ``type`` is not required. If it is not sent in the request does nova still can determine the type of the key? \n\u003e * If not then what nova will return in the ``type`` parameter in GET /os-keypairs ?\n\u003e * If yes then why the user needs to send in the ``type`` at all?\n\n\nType is optional and if unset, is set internally to \u0027ssh\u0027 (vs. \u0027x509\u0027 as the other accepted value) : \nhttps://github.com/openstack/nova/blob/master/nova/api/openstack/compute/keypairs.py#L105","commit_id":"bf95c8287cfcd117184919b906aa84c93ef2ec29"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"9ccdf97447ac8c8c5a6ee2080eaf3573f2f019c3","unresolved":true,"context_lines":[{"line_number":63,"context_line":"                  \u0027public_key\u0027: {\u0027type\u0027: \u0027string\u0027},"},{"line_number":64,"context_line":"                  \u0027user_id\u0027: {\u0027type\u0027: \u0027string\u0027},"},{"line_number":65,"context_line":"              },"},{"line_number":66,"context_line":"              \u0027required\u0027: [\u0027name\u0027, \u0027public_key\u0027],"},{"line_number":67,"context_line":"              \u0027additionalProperties\u0027: False,"},{"line_number":68,"context_line":"          },"},{"line_number":69,"context_line":"      },"}],"source_content_type":"text/x-rst","patch_set":5,"id":"a5800e12_3ae17057","line":66,"in_reply_to":"9b038b02_1884bfdd","updated":"2022-05-19 13:42:42.000000000","message":"as we agreed on IRC, this will be fixed by a api-reference modification for the parameter documentation explaining that we default to ssh, which means you *have to* provide this param if you provide a pubkey that\u0027s x509 cert related.","commit_id":"bf95c8287cfcd117184919b906aa84c93ef2ec29"},{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"92891f1e002d7c224caa5a5f9d93fbef483d07b2","unresolved":true,"context_lines":[{"line_number":63,"context_line":"                  \u0027public_key\u0027: {\u0027type\u0027: \u0027string\u0027},"},{"line_number":64,"context_line":"                  \u0027user_id\u0027: {\u0027type\u0027: \u0027string\u0027},"},{"line_number":65,"context_line":"              },"},{"line_number":66,"context_line":"              \u0027required\u0027: [\u0027name\u0027, \u0027public_key\u0027],"},{"line_number":67,"context_line":"              \u0027additionalProperties\u0027: False,"},{"line_number":68,"context_line":"          },"},{"line_number":69,"context_line":"      },"}],"source_content_type":"text/x-rst","patch_set":5,"id":"cb031f65_6774716b","line":66,"in_reply_to":"a5800e12_3ae17057","updated":"2022-05-19 15:28:39.000000000","message":"To be clear, you don\u0027t *have* to right. If you don\u0027t provide the param (and it defaults to \"ssh\") when you import x509, it will not hurt anything but you will be setting yourself up to potentially be confused later.","commit_id":"bf95c8287cfcd117184919b906aa84c93ef2ec29"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"8aeccf8c6dca1d82342b53cdb121319462f3823e","unresolved":true,"context_lines":[{"line_number":63,"context_line":"                  \u0027public_key\u0027: {\u0027type\u0027: \u0027string\u0027},"},{"line_number":64,"context_line":"                  \u0027user_id\u0027: {\u0027type\u0027: \u0027string\u0027},"},{"line_number":65,"context_line":"              },"},{"line_number":66,"context_line":"              \u0027required\u0027: [\u0027name\u0027, \u0027public_key\u0027],"},{"line_number":67,"context_line":"              \u0027additionalProperties\u0027: False,"},{"line_number":68,"context_line":"          },"},{"line_number":69,"context_line":"      },"}],"source_content_type":"text/x-rst","patch_set":5,"id":"2a32904c_56a9606f","line":66,"in_reply_to":"acca37de_a2a92ce1","updated":"2022-05-18 15:25:29.000000000","message":"So if the user sends in a x509 public key but does not specify the type then nova will return type ssh later? That seems like a bug to me.","commit_id":"bf95c8287cfcd117184919b906aa84c93ef2ec29"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"db894222e8c0de90d54dbcb9bfe48076ac1327eb","unresolved":false,"context_lines":[{"line_number":83,"context_line":"This will mean that we will modify the _validate_new_key_pair() method to"},{"line_number":84,"context_line":"accept those parameters only if wanted (which also means we will move this"},{"line_number":85,"context_line":"method to the keypairs specific API module)."},{"line_number":86,"context_line":""},{"line_number":87,"context_line":""},{"line_number":88,"context_line":"Alternatives"},{"line_number":89,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":5,"id":"c768cbf3_c3dacac9","line":86,"updated":"2022-05-18 11:05:10.000000000","message":"+1","commit_id":"bf95c8287cfcd117184919b906aa84c93ef2ec29"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"50ecca278a43c0cf05d494662db8d09fdbba5044","unresolved":false,"context_lines":[{"line_number":83,"context_line":"This will mean that we will modify the _validate_new_key_pair() method to"},{"line_number":84,"context_line":"accept those parameters only if wanted (which also means we will move this"},{"line_number":85,"context_line":"method to the keypairs specific API module)."},{"line_number":86,"context_line":""},{"line_number":87,"context_line":""},{"line_number":88,"context_line":"Alternatives"},{"line_number":89,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":5,"id":"6fd6db3b_12cc19aa","line":86,"in_reply_to":"c768cbf3_c3dacac9","updated":"2022-05-18 14:57:59.000000000","message":"yeah, author also did this and it is better way - https://review.opendev.org/c/openstack/nova/+/781076/8/nova/api/validation/validators.py#159","commit_id":"bf95c8287cfcd117184919b906aa84c93ef2ec29"}]}