)]}'
{"id":"openstack%2Fopenstack-helm~794967","triplet_id":"openstack%2Fopenstack-helm~master~I462085b89ef80985b42149cccf865e6c5f0f5a53","project":"openstack/openstack-helm","branch":"master","hashtags":[],"change_id":"I462085b89ef80985b42149cccf865e6c5f0f5a53","subject":"Barbican: Add support for master KEK rotation","status":"MERGED","created":"2021-06-06 02:02:56.000000000","updated":"2021-06-08 14:36:28.000000000","submitted":"2021-06-08 14:33:32.000000000","submitter":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"total_comment_count":31,"unresolved_comment_count":4,"has_review_started":true,"submission_id":"794967","meta_rev_id":"0204afeb749e9d8f58cfcdb4d43809e169b4c7e0","_number":794967,"virtual_id_number":794967,"owner":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"actions":{},"labels":{"Verified":{"approved":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"all":[{"value":0,"_account_id":28275,"name":"Darren DeJaeger","email":"darren.dejaeger@gmail.com","username":"darren.dejaeger"},{"value":0,"_account_id":23928,"name":"Pete Birley","email":"petebirley@gmail.com","username":"portdirect"},{"value":0,"_account_id":7769,"name":"Pentheus","display_name":"Alan Meadows","email":"alan.meadows@gmail.com","username":"alanmeadows"},{"tag":"autogenerated:zuul:gate","value":2,"date":"2021-06-08 14:33:29.000000000","permitted_voting_range":{"min":2,"max":2},"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]}],"values":{"-2":"Fails","-1":"Doesn\u0027t seem to work"," 0":"No score","+1":"Works for me","+2":"Verified"},"description":"","default_value":0,"optional":true},"Code-Review":{"approved":{"_account_id":23928,"name":"Pete Birley","email":"petebirley@gmail.com","username":"portdirect"},"all":[{"value":0,"_account_id":28275,"name":"Darren DeJaeger","email":"darren.dejaeger@gmail.com","username":"darren.dejaeger"},{"value":2,"date":"2021-06-08 13:25:48.000000000","permitted_voting_range":{"min":2,"max":2},"_account_id":23928,"name":"Pete Birley","email":"petebirley@gmail.com","username":"portdirect"},{"value":2,"date":"2021-06-08 13:01:17.000000000","permitted_voting_range":{"min":2,"max":2},"_account_id":7769,"name":"Pentheus","display_name":"Alan Meadows","email":"alan.meadows@gmail.com","username":"alanmeadows"},{"value":0,"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]}],"values":{"-2":"Do not merge","-1":"This patch needs further work before it can be merged"," 0":"No score","+1":"Looks good to me, but someone else must approve","+2":"Looks good to me (core reviewer)"},"description":"","default_value":0,"optional":true},"Workflow":{"approved":{"_account_id":23928,"name":"Pete Birley","email":"petebirley@gmail.com","username":"portdirect"},"all":[{"value":0,"_account_id":28275,"name":"Darren DeJaeger","email":"darren.dejaeger@gmail.com","username":"darren.dejaeger"},{"value":1,"date":"2021-06-08 13:25:48.000000000","permitted_voting_range":{"min":1,"max":1},"_account_id":23928,"name":"Pete Birley","email":"petebirley@gmail.com","username":"portdirect"},{"value":0,"_account_id":7769,"name":"Pentheus","display_name":"Alan Meadows","email":"alan.meadows@gmail.com","username":"alanmeadows"},{"value":0,"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]}],"values":{"-1":"Work in progress"," 0":"Ready for reviews","+1":"Approved"},"description":"","default_value":0,"optional":true}},"removable_reviewers":[{"_account_id":17896,"name":"Rick Bartra","email":"rickbartra@microsoft.com","username":"rb560u"},{"_account_id":21420,"name":"Gage Hugo","email":"gagehugo@gmail.com","username":"ghugo"}],"reviewers":{"REVIEWER":[{"_account_id":7769,"name":"Pentheus","display_name":"Alan Meadows","email":"alan.meadows@gmail.com","username":"alanmeadows"},{"_account_id":17896,"name":"Rick Bartra","email":"rickbartra@microsoft.com","username":"rb560u"},{"_account_id":21420,"name":"Gage Hugo","email":"gagehugo@gmail.com","username":"ghugo"},{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},{"_account_id":23928,"name":"Pete Birley","email":"petebirley@gmail.com","username":"portdirect"},{"_account_id":28275,"name":"Darren DeJaeger","email":"darren.dejaeger@gmail.com","username":"darren.dejaeger"}]},"pending_reviewers":{},"reviewer_updates":[{"updated":"2021-06-06 02:12:37.000000000","updated_by":{"_account_id":17896,"name":"Rick Bartra","email":"rickbartra@microsoft.com","username":"rb560u"},"reviewer":{"_account_id":17896,"name":"Rick Bartra","email":"rickbartra@microsoft.com","username":"rb560u"},"state":"REVIEWER"},{"updated":"2021-06-06 03:06:41.000000000","updated_by":{"_account_id":23928,"name":"Pete Birley","email":"petebirley@gmail.com","username":"portdirect"},"reviewer":{"_account_id":23928,"name":"Pete Birley","email":"petebirley@gmail.com","username":"portdirect"},"state":"REVIEWER"},{"updated":"2021-06-06 03:08:40.000000000","updated_by":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"reviewer":{"_account_id":21420,"name":"Gage Hugo","email":"gagehugo@gmail.com","username":"ghugo"},"state":"REVIEWER"},{"updated":"2021-06-06 03:08:40.000000000","updated_by":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"reviewer":{"_account_id":7769,"name":"Pentheus","display_name":"Alan Meadows","email":"alan.meadows@gmail.com","username":"alanmeadows"},"state":"REVIEWER"},{"updated":"2021-06-06 03:52:23.000000000","updated_by":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"reviewer":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"state":"REVIEWER"},{"updated":"2021-06-08 00:44:27.000000000","updated_by":{"_account_id":28275,"name":"Darren DeJaeger","email":"darren.dejaeger@gmail.com","username":"darren.dejaeger"},"reviewer":{"_account_id":28275,"name":"Darren DeJaeger","email":"darren.dejaeger@gmail.com","username":"darren.dejaeger"},"state":"REVIEWER"}],"messages":[{"id":"619ad989ce1a2d8fada453e28df9b67f0d628864","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"date":"2021-06-06 02:02:56.000000000","message":"Uploaded patch set 1.","accounts_in_message":[],"_revision_number":1},{"id":"d0111d7f4cf78486d711ce55f63c1d248d548f0f","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"date":"2021-06-06 02:58:05.000000000","message":"Uploaded patch set 2.","accounts_in_message":[],"_revision_number":2},{"id":"c3e1f2022f9c0201ecd18d8575bf123262a010ef","author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"date":"2021-06-06 03:08:40.000000000","message":"Patch Set 2:\n\nPlease provide feedback/comments if you get a chance.\n\nAny thoughts on the values.yaml interface for providing the old/new kek? Should they be directly in .Values.conf.barbican.simple_crypto_plugin, or a top-level key, and then injected into the config?\n\n    simple_crypto:\n      rotate: true\n      kek: xxx\n      old_kek: xxx","accounts_in_message":[],"_revision_number":2},{"id":"55dd2f6f1a35770876b939e9500d93004f7bcd49","tag":"autogenerated:zuul:check","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2021-06-06 03:52:23.000000000","message":"Patch Set 2: Verified+1\n\nBuild succeeded (check pipeline).\n\n- openstack-tox-docs https://zuul.opendev.org/t/openstack/build/0bed028c70db4a24ab59da52e82ed900 : SUCCESS in 4m 47s\n- build-openstack-releasenotes https://zuul.opendev.org/t/openstack/build/a57c08a52ef14b7496aa7271e949436e : SUCCESS in 4m 01s\n- openstack-helm-lint https://zuul.opendev.org/t/openstack/build/c4a1b0a599394fa1aa3afdb22199bc56 : SUCCESS in 5m 02s\n- openstack-helm-bandit https://zuul.opendev.org/t/openstack/build/3d3d294a71474748b23059b405595801 : SUCCESS in 8m 23s\n- openstack-helm-cinder-train-ubuntu_bionic https://zuul.opendev.org/t/openstack/build/6127ed8aaa974dc88b22f23cc7adb026 : SUCCESS in 44m 18s\n- openstack-helm-cinder-ussuri-ubuntu_bionic https://zuul.opendev.org/t/openstack/build/017083f17f0446a6b2a8489f7cad4993 : SUCCESS in 46m 24s\n- openstack-helm-compute-kit-train-ubuntu_bionic https://zuul.opendev.org/t/openstack/build/e0755cfb26f249a98c16e21fcb797a00 : SUCCESS in 50m 00s\n- openstack-helm-compute-kit-ussuri-ubuntu_bionic https://zuul.opendev.org/t/openstack/build/cd735c9b38ce4106b43b6b92a7d1d917 : SUCCESS in 48m 32s","accounts_in_message":[],"_revision_number":2},{"id":"2e5045be0d326a14576b1179ba24e081e330c97d","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"date":"2021-06-06 07:56:22.000000000","message":"Uploaded patch set 3.","accounts_in_message":[],"_revision_number":3},{"id":"e16835e4f068cfe3ca0bca8bba2d5ae2c608d262","tag":"autogenerated:zuul:check","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2021-06-06 08:47:12.000000000","message":"Patch Set 3: Verified+1\n\nBuild succeeded (check pipeline).\n\n- openstack-tox-docs https://zuul.opendev.org/t/openstack/build/7a4dfd4bb6924374a58ed5bb2e64f3c2 : SUCCESS in 5m 24s\n- build-openstack-releasenotes https://zuul.opendev.org/t/openstack/build/4a1dee513bae494395088d731ac8ac23 : SUCCESS in 4m 00s\n- openstack-helm-lint https://zuul.opendev.org/t/openstack/build/65d028ec89a041e09e73683aa1b92e9d : SUCCESS in 5m 08s\n- openstack-helm-bandit https://zuul.opendev.org/t/openstack/build/03f99c8127b3474d9fc415627cc59680 : SUCCESS in 9m 40s\n- openstack-helm-cinder-train-ubuntu_bionic https://zuul.opendev.org/t/openstack/build/fd109d15246c4b78b1e6879001adaf17 : SUCCESS in 46m 43s\n- openstack-helm-cinder-ussuri-ubuntu_bionic https://zuul.opendev.org/t/openstack/build/37a4143ea79a4017be51f3594f5c458c : SUCCESS in 44m 44s\n- openstack-helm-compute-kit-train-ubuntu_bionic https://zuul.opendev.org/t/openstack/build/728ab16645ac405cb0c2262832857abe : SUCCESS in 49m 59s\n- openstack-helm-compute-kit-ussuri-ubuntu_bionic https://zuul.opendev.org/t/openstack/build/6bcfef6096b2499c9aebe2e1cfa1b266 : SUCCESS in 49m 33s","accounts_in_message":[],"_revision_number":3},{"id":"3ce456869b2800567c2e89c55c8f2a65a5c5817b","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"date":"2021-06-07 01:08:55.000000000","message":"Uploaded patch set 4.","accounts_in_message":[],"_revision_number":4},{"id":"20a9a3d5f26c3683ff7cea25d460b8f78698099e","tag":"autogenerated:zuul:check","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2021-06-07 02:06:34.000000000","message":"Patch Set 4: Verified+1\n\nBuild succeeded (check pipeline).\n\n- openstack-tox-docs https://zuul.opendev.org/t/openstack/build/b34ca689b02e4158a7c9d30322894620 : SUCCESS in 5m 49s\n- build-openstack-releasenotes https://zuul.opendev.org/t/openstack/build/9a4cfaee01a840e6b83f7df37df38742 : SUCCESS in 3m 47s\n- openstack-helm-lint https://zuul.opendev.org/t/openstack/build/40eacd3a2aac4a4281379beb8a937d6c : SUCCESS in 4m 52s\n- openstack-helm-bandit https://zuul.opendev.org/t/openstack/build/c224d82ee60946579b2509c6fc5fce87 : SUCCESS in 8m 43s\n- openstack-helm-cinder-train-ubuntu_bionic https://zuul.opendev.org/t/openstack/build/85d85b77abc84878bed4241f577f739b : SUCCESS in 44m 29s\n- openstack-helm-cinder-ussuri-ubuntu_bionic https://zuul.opendev.org/t/openstack/build/17924949ecf24c6bbacb6c9c80deff72 : SUCCESS in 44m 52s\n- openstack-helm-compute-kit-train-ubuntu_bionic https://zuul.opendev.org/t/openstack/build/a8671ab79536447b8b4ad1ba8235a374 : SUCCESS in 49m 36s\n- openstack-helm-compute-kit-ussuri-ubuntu_bionic https://zuul.opendev.org/t/openstack/build/264b774043d44770a0f87636be2c2f6b : SUCCESS in 51m 16s","accounts_in_message":[],"_revision_number":4},{"id":"0e47c25ffe9ea7808e9fef2b91b32e5a95aef2c3","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"date":"2021-06-07 04:45:18.000000000","message":"Uploaded patch set 5.","accounts_in_message":[],"_revision_number":5},{"id":"68d353ed723b7015c8a3fc4da75eac8804623c70","tag":"autogenerated:zuul:check","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2021-06-07 05:35:36.000000000","message":"Patch Set 5: Verified+1\n\nBuild succeeded (check pipeline).\n\n- openstack-tox-docs https://zuul.opendev.org/t/openstack/build/e4f162bf260d4a99b9d06918e1a5e72c : SUCCESS in 5m 56s\n- build-openstack-releasenotes https://zuul.opendev.org/t/openstack/build/6db2b110e4e244e6a019144bba83621b : SUCCESS in 4m 06s\n- openstack-helm-lint https://zuul.opendev.org/t/openstack/build/fcbae5db91794be6bee9db73450a0a7e : SUCCESS in 5m 05s\n- openstack-helm-bandit https://zuul.opendev.org/t/openstack/build/bd6293675dcf4ce5a3dce9e950f0569f : SUCCESS in 8m 38s\n- openstack-helm-cinder-train-ubuntu_bionic https://zuul.opendev.org/t/openstack/build/3eef223a34784b57b540086e48f37368 : SUCCESS in 43m 56s\n- openstack-helm-cinder-ussuri-ubuntu_bionic https://zuul.opendev.org/t/openstack/build/86effe8f62f44c4da8696fa84d710164 : SUCCESS in 42m 21s\n- openstack-helm-compute-kit-train-ubuntu_bionic https://zuul.opendev.org/t/openstack/build/f20244d2129c4cbb92508f93f4e5d564 : SUCCESS in 47m 59s\n- openstack-helm-compute-kit-ussuri-ubuntu_bionic https://zuul.opendev.org/t/openstack/build/6c03fea76e394f57a78afdae61221000 : SUCCESS in 46m 40s","accounts_in_message":[],"_revision_number":5},{"id":"77472f68fe25709ac1dd937574142389727bf0d5","author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"date":"2021-06-07 05:54:48.000000000","message":"Patch Set 5:\n\n(4 comments)","accounts_in_message":[],"_revision_number":5},{"id":"c80e7d9183d929ca50683c373f8d48ffdad1deef","author":{"_account_id":17896,"name":"Rick Bartra","email":"rickbartra@microsoft.com","username":"rb560u"},"date":"2021-06-07 14:02:11.000000000","message":"Patch Set 5:\n\n(5 comments)","accounts_in_message":[],"_revision_number":5},{"id":"d6b16f9d998319a2b77fe5a5ae853ab9338643c6","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"date":"2021-06-07 22:38:47.000000000","message":"Uploaded patch set 6.","accounts_in_message":[],"_revision_number":6},{"id":"fc816c2cbb64d59d238f2220b13a176d9961b85c","author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"date":"2021-06-07 22:44:06.000000000","message":"Patch Set 6:\n\n(6 comments)\n\nPlease re-review, hopefully this is fairly close.\n\nProvides some more logging about what is going on, and exits with a failure if anything goes wrong.","accounts_in_message":[],"_revision_number":6},{"id":"be5b5ea0ae18b77621b3c184c511e3f59623bffc","tag":"autogenerated:zuul:check","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2021-06-07 23:36:54.000000000","message":"Patch Set 6: Verified+1\n\nBuild succeeded (check pipeline).\n\n- openstack-tox-docs https://zuul.opendev.org/t/openstack/build/02d29981c7914a57b09d6eb20c52e430 : SUCCESS in 5m 08s\n- build-openstack-releasenotes https://zuul.opendev.org/t/openstack/build/3ccdcb82b83c42bab077233902bc5f14 : SUCCESS in 4m 02s\n- openstack-helm-lint https://zuul.opendev.org/t/openstack/build/fc64a8a172f44445901dcdc29f557478 : SUCCESS in 5m 07s\n- openstack-helm-bandit https://zuul.opendev.org/t/openstack/build/11a080cc79bf4125817946b686678923 : SUCCESS in 8m 46s\n- openstack-helm-cinder-train-ubuntu_bionic https://zuul.opendev.org/t/openstack/build/315e0ad5d42b4953b6e1d870890fb1c7 : SUCCESS in 48m 48s\n- openstack-helm-cinder-ussuri-ubuntu_bionic https://zuul.opendev.org/t/openstack/build/48cb52895cbf40fc92a39c6712408c62 : SUCCESS in 40m 15s\n- openstack-helm-compute-kit-train-ubuntu_bionic https://zuul.opendev.org/t/openstack/build/4ecf075a2a8643d5b4031606dec539d0 : SUCCESS in 49m 19s\n- openstack-helm-compute-kit-ussuri-ubuntu_bionic https://zuul.opendev.org/t/openstack/build/0a540705f8944e649a0b39fde0d21c31 : SUCCESS in 52m 03s","accounts_in_message":[],"_revision_number":6},{"id":"58e1a13486df022323d73c98828170657c11bdf6","author":{"_account_id":28275,"name":"Darren DeJaeger","email":"darren.dejaeger@gmail.com","username":"darren.dejaeger"},"date":"2021-06-08 00:44:27.000000000","message":"Patch Set 6: Code-Review+1","accounts_in_message":[],"_revision_number":6},{"id":"188aeedeac33d8880c74e909723200e4a68ef459","author":{"_account_id":23928,"name":"Pete Birley","email":"petebirley@gmail.com","username":"portdirect"},"date":"2021-06-08 02:15:06.000000000","message":"Patch Set 6: Code-Review-1\n\n(5 comments)\n\nLooks great - the python here appears solid, just a few issues re the conditionals and user feedback.","accounts_in_message":[],"_revision_number":6},{"id":"ed9cbfd9f44db12276d321b055130d25040bd400","author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"date":"2021-06-08 04:37:20.000000000","message":"Patch Set 6:\n\n(5 comments)","accounts_in_message":[],"_revision_number":6},{"id":"d22c483e2f5963e45a32f5389680cdfe5be03c9d","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"date":"2021-06-08 05:48:13.000000000","message":"Uploaded patch set 7.","accounts_in_message":[],"_revision_number":7},{"id":"0aadbb167e4e21f9422d2bb0b65d295015e131ba","author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"date":"2021-06-08 06:03:07.000000000","message":"Patch Set 7:\n\n(5 comments)","accounts_in_message":[],"_revision_number":7},{"id":"f7f35e8cc6f0c7154ff3afeef0285411b92eb695","tag":"autogenerated:zuul:check","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2021-06-08 06:39:47.000000000","message":"Patch Set 7: Verified-1\n\nBuild failed (check pipeline).  For information on how to proceed, see\nhttps://docs.opendev.org/opendev/infra-manual/latest/developers.html#automated-testing\n\n\n- openstack-tox-docs https://zuul.opendev.org/t/openstack/build/f1eb6e8702fc4378bfbdd95cb88a0088 : SUCCESS in 5m 24s\n- build-openstack-releasenotes https://zuul.opendev.org/t/openstack/build/9d065ada1de74dadbfb75d461e04388d : SUCCESS in 4m 00s\n- openstack-helm-lint https://zuul.opendev.org/t/openstack/build/6b473977b1684e28a22293b3307c6fa0 : FAILURE in 3m 34s\n- openstack-helm-bandit https://zuul.opendev.org/t/openstack/build/29d026c4844740b4a6742f575618fb37 : FAILURE in 8m 05s\n- openstack-helm-cinder-train-ubuntu_bionic https://zuul.opendev.org/t/openstack/build/8f9eef9449c74d1a911a0574d6c62fd6 : SUCCESS in 46m 12s\n- openstack-helm-cinder-ussuri-ubuntu_bionic https://zuul.opendev.org/t/openstack/build/1c518c6a36324666b89fae8cc3ee86fb : SUCCESS in 43m 47s\n- openstack-helm-compute-kit-train-ubuntu_bionic https://zuul.opendev.org/t/openstack/build/d1c47cb9cb01433ca59364769da6f3f2 : SUCCESS in 50m 26s\n- openstack-helm-compute-kit-ussuri-ubuntu_bionic https://zuul.opendev.org/t/openstack/build/8aeee71ec1e345c0a895542b90c04ea5 : SUCCESS in 50m 08s","accounts_in_message":[],"_revision_number":7},{"id":"fd17db1cf7263d6cb330142abad84d7379cd413b","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"date":"2021-06-08 07:00:18.000000000","message":"Uploaded patch set 8.","accounts_in_message":[],"_revision_number":8},{"id":"fe3e13695eab7d07a38582a77f6bc08c901218d1","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"date":"2021-06-08 07:20:22.000000000","message":"Uploaded patch set 9.","accounts_in_message":[],"_revision_number":9},{"id":"79d0ca785bc0a40f87211fa34beb952231e7bc40","tag":"autogenerated:zuul:check","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2021-06-08 08:12:23.000000000","message":"Patch Set 9: Verified+1\n\nBuild succeeded (check pipeline).\n\n- openstack-tox-docs https://zuul.opendev.org/t/openstack/build/0eafd4bd1fc74665b6784ac9e54cfef7 : SUCCESS in 5m 38s\n- build-openstack-releasenotes https://zuul.opendev.org/t/openstack/build/1c84580505ac40f2bd5088b5b8bb8b23 : SUCCESS in 6m 37s\n- openstack-helm-lint https://zuul.opendev.org/t/openstack/build/2d63261151e146d79f6399f404a1cd8f : SUCCESS in 5m 17s\n- openstack-helm-bandit https://zuul.opendev.org/t/openstack/build/203f23062bf5457297a1d487f5a57fde : SUCCESS in 7m 52s\n- openstack-helm-cinder-train-ubuntu_bionic https://zuul.opendev.org/t/openstack/build/79bd23ed710a433fb3abd0c88df26048 : SUCCESS in 44m 46s\n- openstack-helm-cinder-ussuri-ubuntu_bionic https://zuul.opendev.org/t/openstack/build/40f57cf172bf4533ab22b1590a8c0170 : SUCCESS in 44m 11s\n- openstack-helm-compute-kit-train-ubuntu_bionic https://zuul.opendev.org/t/openstack/build/58a1c5cfefaa462da46db99cf2a5af94 : SUCCESS in 45m 17s\n- openstack-helm-compute-kit-ussuri-ubuntu_bionic https://zuul.opendev.org/t/openstack/build/22780e03e4254f03adf10160035e8ad4 : SUCCESS in 50m 14s","accounts_in_message":[],"_revision_number":9},{"id":"9d261f8a13cfae8ef78b586da0bf2c84495594fd","author":{"_account_id":7769,"name":"Pentheus","display_name":"Alan Meadows","email":"alan.meadows@gmail.com","username":"alanmeadows"},"date":"2021-06-08 13:01:17.000000000","message":"Patch Set 9: Code-Review+2\n\nLGTM","accounts_in_message":[],"_revision_number":9},{"id":"d26caff68c6f4ae6b4ebebb5ef8609809ec2ed96","author":{"_account_id":23928,"name":"Pete Birley","email":"petebirley@gmail.com","username":"portdirect"},"date":"2021-06-08 13:25:48.000000000","message":"Patch Set 9: Code-Review+2 Workflow+1\n\n(1 comment)\n\nLgtm","accounts_in_message":[],"_revision_number":9},{"id":"2d6a15d7e2f03e51e7c51da6e24ea114e0c45392","tag":"autogenerated:zuul:gate","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2021-06-08 13:26:04.000000000","message":"Patch Set 9: -Verified\n\nStarting gate jobs.","accounts_in_message":[],"_revision_number":9},{"id":"6057fc12eef97417a6f2fc9da4f42611652154df","tag":"autogenerated:zuul:gate","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2021-06-08 14:33:29.000000000","message":"Patch Set 9: Verified+2\n\nBuild succeeded (gate pipeline).\n\n- openstack-tox-docs https://zuul.opendev.org/t/openstack/build/052a7ba32bbd45f9b654f4255ccec94a : SUCCESS in 5m 26s\n- build-openstack-releasenotes https://zuul.opendev.org/t/openstack/build/c2832d5efc6841d792565eb6bf0a09ef : SUCCESS in 4m 10s\n- openstack-helm-lint https://zuul.opendev.org/t/openstack/build/821e05a34175413895bf469efa482986 : SUCCESS in 5m 46s\n- openstack-helm-tls https://zuul.opendev.org/t/openstack/build/9aef4f7cb23348578fb14aa863b8d282 : SUCCESS in 1h 06m 19s\n- openstack-helm-cinder-train-ubuntu_bionic https://zuul.opendev.org/t/openstack/build/cc035e7c461f4cbcbc94221dca22e912 : SUCCESS in 42m 51s\n- openstack-helm-compute-kit-train-ubuntu_bionic https://zuul.opendev.org/t/openstack/build/e70bbc2b02474ed997984649be330fa6 : SUCCESS in 47m 32s","accounts_in_message":[],"_revision_number":9},{"id":"20460238d235943ad09ba5066402fec937b2f7f9","tag":"autogenerated:gerrit:merged","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2021-06-08 14:33:32.000000000","message":"Change has been successfully merged by Zuul","accounts_in_message":[],"_revision_number":9},{"id":"0204afeb749e9d8f58cfcdb4d43809e169b4c7e0","tag":"autogenerated:zuul:promote","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2021-06-08 14:36:28.000000000","message":"Patch Set 9:\n\nBuild succeeded (promote pipeline).\n\n- promote-openstack-tox-docs https://zuul.opendev.org/t/openstack/build/8244d4ad48884021be31a9b2dcfb16af : SUCCESS in 2m 24s\n- promote-openstack-releasenotes https://zuul.opendev.org/t/openstack/build/f0f04a1136de431fb3ab9b553c07ac1b : SUCCESS in 1m 07s","accounts_in_message":[],"_revision_number":9}],"current_revision_number":9,"current_revision":"ce1b2630d22484f8fe3677fecac2b897bc22a65e","revisions":{"6a432b3bc77396613fa22f0082f790e6fb6db971":{"kind":"REWORK","_number":1,"created":"2021-06-06 02:02:56.000000000","uploader":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"ref":"refs/changes/67/794967/1","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/openstack-helm","ref":"refs/changes/67/794967/1","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/1 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/1 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/1 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/1"}}},"commit":{"parents":[{"commit":"87011eb8d78b8954f6a003aea59fa7e7a36bbd19","subject":"Merge \"docs: Update Freenode to OFTC\"","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/openstack-helm/commit/87011eb8d78b8954f6a003aea59fa7e7a36bbd19"}]}],"author":{"name":"Sphicas, Phil (ps3910)","email":"ps3910@att.com","date":"2021-06-06 01:46:41.000000000","tz":0},"committer":{"name":"Sphicas, Phil (ps3910)","email":"ps3910@att.com","date":"2021-06-06 02:02:40.000000000","tz":0},"subject":"Barbican: Add support for master KEK rotation (WIP)","message":"Barbican: Add support for master KEK rotation (WIP)\n\nChange-Id: I462085b89ef80985b42149cccf865e6c5f0f5a53\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/openstack-helm/commit/6a432b3bc77396613fa22f0082f790e6fb6db971"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/openstack-helm/commit/6a432b3bc77396613fa22f0082f790e6fb6db971"}]},"branch":"refs/heads/master"},"59ecc136027a0c09e3be1922a325151fe10ba12f":{"kind":"REWORK","_number":2,"created":"2021-06-06 02:58:05.000000000","uploader":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"ref":"refs/changes/67/794967/2","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/openstack-helm","ref":"refs/changes/67/794967/2","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/2 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/2 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/2 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/2"}}},"commit":{"parents":[{"commit":"43f24adf576240b82a9d053caeb09dc3900aa69e","subject":"Barbican: Add conditional wrapper to helm hook","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/openstack-helm/commit/43f24adf576240b82a9d053caeb09dc3900aa69e"}]}],"author":{"name":"Phil Sphicas","email":"phil.sphicas@att.com","date":"2021-06-06 02:29:52.000000000","tz":0},"committer":{"name":"Phil Sphicas","email":"phil.sphicas@att.com","date":"2021-06-06 02:57:34.000000000","tz":0},"subject":"Barbican: Add support for master KEK rotation (WIP)","message":"Barbican: Add support for master KEK rotation (WIP)\n\nChange-Id: I462085b89ef80985b42149cccf865e6c5f0f5a53\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/openstack-helm/commit/59ecc136027a0c09e3be1922a325151fe10ba12f"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/openstack-helm/commit/59ecc136027a0c09e3be1922a325151fe10ba12f"}]},"branch":"refs/heads/master"},"9d058af425429bfbae8626fdb806ad7654b7eaf3":{"kind":"REWORK","_number":3,"created":"2021-06-06 07:56:22.000000000","uploader":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"ref":"refs/changes/67/794967/3","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/openstack-helm","ref":"refs/changes/67/794967/3","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/3 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/3 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/3 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/3"}}},"commit":{"parents":[{"commit":"43f24adf576240b82a9d053caeb09dc3900aa69e","subject":"Barbican: Add conditional wrapper to helm hook","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/openstack-helm/commit/43f24adf576240b82a9d053caeb09dc3900aa69e"}]}],"author":{"name":"Phil Sphicas","email":"phil.sphicas@att.com","date":"2021-06-06 02:29:52.000000000","tz":0},"committer":{"name":"Phil Sphicas","email":"phil.sphicas@att.com","date":"2021-06-06 07:55:57.000000000","tz":0},"subject":"Barbican: Add support for master KEK rotation (WIP)","message":"Barbican: Add support for master KEK rotation (WIP)\n\nChange-Id: I462085b89ef80985b42149cccf865e6c5f0f5a53\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/openstack-helm/commit/9d058af425429bfbae8626fdb806ad7654b7eaf3"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/openstack-helm/commit/9d058af425429bfbae8626fdb806ad7654b7eaf3"}]},"branch":"refs/heads/master"},"991310a0b2c23c3e0afdf15bbfa3d17f75c91c0d":{"kind":"REWORK","_number":4,"created":"2021-06-07 01:08:55.000000000","uploader":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"ref":"refs/changes/67/794967/4","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/openstack-helm","ref":"refs/changes/67/794967/4","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/4 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/4 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/4 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/4"}}},"commit":{"parents":[{"commit":"43f24adf576240b82a9d053caeb09dc3900aa69e","subject":"Barbican: Add conditional wrapper to helm hook","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/openstack-helm/commit/43f24adf576240b82a9d053caeb09dc3900aa69e"}]}],"author":{"name":"Phil Sphicas","email":"phil.sphicas@att.com","date":"2021-06-06 02:29:52.000000000","tz":0},"committer":{"name":"Phil Sphicas","email":"phil.sphicas@att.com","date":"2021-06-07 00:51:51.000000000","tz":0},"subject":"Barbican: Add support for master KEK rotation","message":"Barbican: Add support for master KEK rotation\n\nWhen using the simple_crypto_plugin (which is enabled by default),\nsecrets are encrypted with per-project keys, and those keys are\nencrypted (or wrapped) with a master key encryption key (KEK, or MKEK).\nThe wrapped project keys are stored in the database. The KEK is stored\nin the barbican configuration file.\n\nIf no KEK is specified, a well-known default is used. There is no native\nBarbican support for rotating the KEK. Changing the KEK would cause loss\nof access to all secrets, because Barbican would be unable to unwrap the\nproject keys.\n\nThis change adds support for upgrading the Helm chart while changing the\nkek. A script can be executed during the db-sync job that decrypts the\nproject keys with the old KEK, and rewraps them with the new KEK. Note\nthat no secrets are actually modified during this procedure, and the\nproject keys are not actually changed.\n\nTo use this feature, specify the following values:\n\n    simple_crypto_kek_rewrap:\n      rotate: true\n      old_kek: # old KEK, 32-bytes of data, base64-encoded\n    conf:\n      barbican:\n        simple_crypto_plugin:\n          kek: # new KEK, 32-bytes of data, base64-encoded\n\nChange-Id: I462085b89ef80985b42149cccf865e6c5f0f5a53\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/openstack-helm/commit/991310a0b2c23c3e0afdf15bbfa3d17f75c91c0d"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/openstack-helm/commit/991310a0b2c23c3e0afdf15bbfa3d17f75c91c0d"}]},"branch":"refs/heads/master"},"0c760122ecb9bd0973b55dacb392230eb1c8c2c9":{"kind":"REWORK","_number":5,"created":"2021-06-07 04:45:18.000000000","uploader":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"ref":"refs/changes/67/794967/5","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/openstack-helm","ref":"refs/changes/67/794967/5","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/5 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/5 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/5 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/5"}}},"commit":{"parents":[{"commit":"43f24adf576240b82a9d053caeb09dc3900aa69e","subject":"Barbican: Add conditional wrapper to helm hook","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/openstack-helm/commit/43f24adf576240b82a9d053caeb09dc3900aa69e"}]}],"author":{"name":"Phil Sphicas","email":"phil.sphicas@att.com","date":"2021-06-06 02:29:52.000000000","tz":0},"committer":{"name":"Phil Sphicas","email":"phil.sphicas@att.com","date":"2021-06-07 04:45:05.000000000","tz":0},"subject":"Barbican: Add support for master KEK rotation","message":"Barbican: Add support for master KEK rotation\n\nWhen using the simple_crypto_plugin (which is enabled by default),\nsecrets are encrypted with per-project keys, and those keys are\nencrypted (or wrapped) with a master key encryption key (KEK, or MKEK).\nThe wrapped project keys are stored in the database. The KEK is stored\nin the barbican configuration file.\n\nIf no KEK is specified, a well-known default is used. There is no native\nBarbican support for rotating the KEK. Changing the KEK would cause loss\nof access to all secrets, because Barbican would be unable to unwrap the\nproject keys.\n\nThis change adds support for upgrading the Helm chart while changing the\nKEK. A script can be executed during the db-sync job that decrypts the\nproject keys with the old KEK, and rewraps them with the new KEK. Note\nthat no secrets are actually modified during this procedure, and the\nproject keys are not actually changed.\n\nTo use this feature, specify the following values:\n\n    simple_crypto_kek_rewrap:\n      rotate: true\n      old_kek: # old KEK, 32-bytes of data, base64-encoded\n    conf:\n      barbican:\n        simple_crypto_plugin:\n          kek: # new KEK, 32-bytes of data, base64-encoded\n\nChange-Id: I462085b89ef80985b42149cccf865e6c5f0f5a53\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/openstack-helm/commit/0c760122ecb9bd0973b55dacb392230eb1c8c2c9"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/openstack-helm/commit/0c760122ecb9bd0973b55dacb392230eb1c8c2c9"}]},"branch":"refs/heads/master"},"756d62f390a70984f0b570177e86b47fab28ef3a":{"kind":"REWORK","_number":6,"created":"2021-06-07 22:38:47.000000000","uploader":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"ref":"refs/changes/67/794967/6","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/openstack-helm","ref":"refs/changes/67/794967/6","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/6 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/6 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/6 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/6"}}},"commit":{"parents":[{"commit":"43f24adf576240b82a9d053caeb09dc3900aa69e","subject":"Barbican: Add conditional wrapper to helm hook","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/openstack-helm/commit/43f24adf576240b82a9d053caeb09dc3900aa69e"}]}],"author":{"name":"Phil Sphicas","email":"phil.sphicas@att.com","date":"2021-06-06 02:29:52.000000000","tz":0},"committer":{"name":"Phil Sphicas","email":"phil.sphicas@att.com","date":"2021-06-07 22:37:50.000000000","tz":0},"subject":"Barbican: Add support for master KEK rotation","message":"Barbican: Add support for master KEK rotation\n\nWhen using the simple_crypto_plugin (which is enabled by default),\nsecrets are encrypted with per-project keys, and those keys are\nencrypted (or wrapped) with a master key encryption key (KEK, or MKEK).\nThe wrapped project keys are stored in the database. The KEK is stored\nin the barbican configuration file.\n\nIf no KEK is specified, a well-known default is used. There is no native\nBarbican support for rotating the KEK. Changing the KEK would cause loss\nof access to all secrets, because Barbican would be unable to unwrap the\nproject keys.\n\nThis change adds support for upgrading the Helm chart while changing the\nKEK. A script can be executed during the db-sync job that decrypts the\nproject keys with the old KEK, and rewraps them with the new KEK. Note\nthat no secrets are actually modified during this procedure, and the\nproject keys are not actually changed.\n\nTo use this feature, specify the following values:\n\n    simple_crypto_kek_rewrap:\n      old_kek: # old KEK, 32-bytes of data, base64-encoded\n    conf:\n      barbican:\n        simple_crypto_plugin:\n          kek: # new KEK, 32-bytes of data, base64-encoded\n\nChange-Id: I462085b89ef80985b42149cccf865e6c5f0f5a53\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/openstack-helm/commit/756d62f390a70984f0b570177e86b47fab28ef3a"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/openstack-helm/commit/756d62f390a70984f0b570177e86b47fab28ef3a"}]},"branch":"refs/heads/master"},"cb8b262e16ecad6b86a84a8cdc06f418898eb35c":{"kind":"REWORK","_number":7,"created":"2021-06-08 05:48:13.000000000","uploader":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"ref":"refs/changes/67/794967/7","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/openstack-helm","ref":"refs/changes/67/794967/7","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/7 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/7 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/7 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/7"}}},"commit":{"parents":[{"commit":"43f24adf576240b82a9d053caeb09dc3900aa69e","subject":"Barbican: Add conditional wrapper to helm hook","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/openstack-helm/commit/43f24adf576240b82a9d053caeb09dc3900aa69e"}]}],"author":{"name":"Phil Sphicas","email":"phil.sphicas@att.com","date":"2021-06-06 02:29:52.000000000","tz":0},"committer":{"name":"Phil Sphicas","email":"phil.sphicas@att.com","date":"2021-06-08 05:45:36.000000000","tz":0},"subject":"Barbican: Add support for master KEK rotation","message":"Barbican: Add support for master KEK rotation\n\nWhen using the simple_crypto_plugin (which is enabled by default),\nsecrets are encrypted with per-project keys, and those keys are\nencrypted (or wrapped) with a master key encryption key (KEK, or MKEK).\nThe wrapped project keys are stored in the database. The KEK is stored\nin the barbican configuration file.\n\nIf no KEK is specified, a well-known default is used. There is no native\nBarbican support for rotating the KEK. Changing the KEK would cause loss\nof access to all secrets, because Barbican would be unable to unwrap the\nproject keys.\n\nThis change adds support for upgrading the Helm chart while changing the\nKEK. A script can be executed during the db-sync job that decrypts the\nproject keys with the old KEK, and rewraps them with the new KEK. Note\nthat no secrets are actually modified during this procedure, and the\nproject keys are not actually changed.\n\nTo use this feature, specify the following values:\n\n    conf:\n      barbican:\n        simple_crypto_plugin:\n          kek: # new KEK, 32-bytes of data, base64-encoded\n      simple_crypto_kek_rewrap:\n        old_kek: # old KEK, 32-bytes of data, base64-encoded\n\nChange-Id: I462085b89ef80985b42149cccf865e6c5f0f5a53\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/openstack-helm/commit/cb8b262e16ecad6b86a84a8cdc06f418898eb35c"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/openstack-helm/commit/cb8b262e16ecad6b86a84a8cdc06f418898eb35c"}]},"branch":"refs/heads/master"},"cb677042a32b944cb443d0fc11d5034dcb414b1d":{"kind":"REWORK","_number":8,"created":"2021-06-08 07:00:18.000000000","uploader":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"ref":"refs/changes/67/794967/8","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/openstack-helm","ref":"refs/changes/67/794967/8","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/8 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/8 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/8 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/8"}}},"commit":{"parents":[{"commit":"43f24adf576240b82a9d053caeb09dc3900aa69e","subject":"Barbican: Add conditional wrapper to helm hook","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/openstack-helm/commit/43f24adf576240b82a9d053caeb09dc3900aa69e"}]}],"author":{"name":"Phil Sphicas","email":"phil.sphicas@att.com","date":"2021-06-06 02:29:52.000000000","tz":0},"committer":{"name":"Phil Sphicas","email":"phil.sphicas@att.com","date":"2021-06-08 07:00:12.000000000","tz":0},"subject":"Barbican: Add support for master KEK rotation","message":"Barbican: Add support for master KEK rotation\n\nWhen using the simple_crypto_plugin (which is enabled by default),\nsecrets are encrypted with per-project keys, and those keys are\nencrypted (or wrapped) with a master key encryption key (KEK, or MKEK).\nThe wrapped project keys are stored in the database. The KEK is stored\nin the barbican configuration file.\n\nIf no KEK is specified, a well-known default is used. There is no native\nBarbican support for rotating the KEK. Changing the KEK would cause loss\nof access to all secrets, because Barbican would be unable to unwrap the\nproject keys.\n\nThis change adds support for upgrading the Helm chart while changing the\nKEK. A script can be executed during the db-sync job that decrypts the\nproject keys with the old KEK, and rewraps them with the new KEK. Note\nthat no secrets are actually modified during this procedure, and the\nproject keys are not actually changed.\n\nTo use this feature, specify the following values:\n\n    conf:\n      barbican:\n        simple_crypto_plugin:\n          kek: # new KEK, 32-bytes of data, base64-encoded\n      simple_crypto_kek_rewrap:\n        old_kek: # old KEK, 32-bytes of data, base64-encoded\n\nChange-Id: I462085b89ef80985b42149cccf865e6c5f0f5a53\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/openstack-helm/commit/cb677042a32b944cb443d0fc11d5034dcb414b1d"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/openstack-helm/commit/cb677042a32b944cb443d0fc11d5034dcb414b1d"}]},"branch":"refs/heads/master"},"ce1b2630d22484f8fe3677fecac2b897bc22a65e":{"kind":"REWORK","_number":9,"created":"2021-06-08 07:20:22.000000000","uploader":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"ref":"refs/changes/67/794967/9","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/openstack-helm","ref":"refs/changes/67/794967/9","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/9 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/9 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/9 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/openstack-helm refs/changes/67/794967/9"}}},"commit":{"parents":[{"commit":"43f24adf576240b82a9d053caeb09dc3900aa69e","subject":"Barbican: Add conditional wrapper to helm hook","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/openstack-helm/commit/43f24adf576240b82a9d053caeb09dc3900aa69e"}]}],"author":{"name":"Phil Sphicas","email":"phil.sphicas@att.com","date":"2021-06-06 02:29:52.000000000","tz":0},"committer":{"name":"Phil Sphicas","email":"phil.sphicas@att.com","date":"2021-06-08 07:20:14.000000000","tz":0},"subject":"Barbican: Add support for master KEK rotation","message":"Barbican: Add support for master KEK rotation\n\nWhen using the simple_crypto_plugin (which is enabled by default),\nsecrets are encrypted with per-project keys, and those keys are\nencrypted (or wrapped) with a master key encryption key (KEK, or MKEK).\nThe wrapped project keys are stored in the database. The KEK is stored\nin the barbican configuration file.\n\nIf no KEK is specified, a well-known default is used. There is no native\nBarbican support for rotating the KEK. Changing the KEK would cause loss\nof access to all secrets, because Barbican would be unable to unwrap the\nproject keys.\n\nThis change adds support for upgrading the Helm chart while changing the\nKEK. A script can be executed during the db-sync job that decrypts the\nproject keys with the old KEK, and rewraps them with the new KEK. Note\nthat no secrets are actually modified during this procedure, and the\nproject keys are not actually changed.\n\nTo use this feature, specify the following values:\n\n    conf:\n      barbican:\n        simple_crypto_plugin:\n          kek: # new KEK, 32-bytes of data, base64-encoded\n      simple_crypto_kek_rewrap:\n        old_kek: # old KEK, 32-bytes of data, base64-encoded\n\nChange-Id: I462085b89ef80985b42149cccf865e6c5f0f5a53\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/openstack-helm/commit/ce1b2630d22484f8fe3677fecac2b897bc22a65e"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/openstack-helm/commit/ce1b2630d22484f8fe3677fecac2b897bc22a65e"}]},"branch":"refs/heads/master"}},"requirements":[],"submit_records":[{"status":"CLOSED","labels":[{"label":"Verified","status":"OK","applied_by":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]}},{"label":"Code-Review","status":"OK","applied_by":{"_account_id":23928,"name":"Pete Birley","email":"petebirley@gmail.com","username":"portdirect"}},{"label":"Workflow","status":"OK","applied_by":{"_account_id":23928,"name":"Pete Birley","email":"petebirley@gmail.com","username":"portdirect"}}]}],"submit_requirements":[{"name":"Verified","status":"SATISFIED","is_legacy":true,"submittability_expression_result":{"expression":"label:Verified\u003dCustom-Rule","fulfilled":true,"status":"PASS","passing_atoms":["label:Verified\u003dCustom-Rule"],"failing_atoms":[],"atom_explanations":{}}},{"name":"Workflow","status":"SATISFIED","is_legacy":true,"submittability_expression_result":{"expression":"label:Workflow\u003dCustom-Rule","fulfilled":true,"status":"PASS","passing_atoms":["label:Workflow\u003dCustom-Rule"],"failing_atoms":[],"atom_explanations":{}}},{"name":"Code-Review","status":"SATISFIED","is_legacy":true,"submittability_expression_result":{"expression":"label:Code-Review\u003dCustom-Rule","fulfilled":true,"status":"PASS","passing_atoms":["label:Code-Review\u003dCustom-Rule"],"failing_atoms":[],"atom_explanations":{}}}]}