)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":3009,"name":"Vladimir Kozhukalov","email":"kozhukalov@gmail.com","username":"kozhukalov"},"change_message_id":"7c0ee89374f71d3d2e2a079510ac384f371d990f","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"b7bb568c_2c97a3d3","updated":"2026-06-03 23:12:15.000000000","message":"can you please add the release note for the helm-toolkit  change","commit_id":"f65b0e1635d4d87eaf03b420a5c13a61c051ef99"}],"helm-toolkit/templates/scripts/_ks-user.sh.tpl":[{"author":{"_account_id":3009,"name":"Vladimir Kozhukalov","email":"kozhukalov@gmail.com","username":"kozhukalov"},"change_message_id":"aa8bd61090a9419bb7aa034a691c8565dae3d889","unresolved":true,"context_lines":[{"line_number":73,"context_line":""},{"line_number":74,"context_line":"# Manage user password (we do this in a seperate step to ensure the password is updated if required)"},{"line_number":75,"context_line":"set +x"},{"line_number":76,"context_line":"if OS_USERNAME\u003d\"${SERVICE_OS_USERNAME}\" OS_PASSWORD\u003d\"${SERVICE_OS_PASSWORD}\" OS_USER_DOMAIN_NAME\u003d\"\" OS_USER_DOMAIN_ID\u003d\"${USER_DOMAIN_ID}\" OS_PROJECT_NAME\u003d\"\" OS_PROJECT_DOMAIN_NAME\u003d\"\" OS_PROJECT_ID\u003d\"${USER_PROJECT_ID}\" openstack token issue \u003e /dev/null 2\u003e\u00261; then"},{"line_number":77,"context_line":"  echo \"Password for ${USER_ID} is already correct, skipping update.\""},{"line_number":78,"context_line":"else"},{"line_number":79,"context_line":"  echo \"Setting user password via: openstack user set --password\u003dxxxxxxx ${USER_ID}\""}],"source_content_type":"text/x-smarty","patch_set":1,"id":"1bdeaf50_9b57aaaa","line":76,"updated":"2026-06-03 23:11:50.000000000","message":"- Can you please format this as multiline with backslashes.\n```\n...\nOS_USERNAME\u003d\"${SERVICE_OS_USERNAME}\" \\\nOS_PASSWORD\u003d\"${SERVICE_OS_PASSWORD}\" \\\n...\n```\n\n- We recently merged https://review.opendev.org/c/openstack/openstack-helm/+/990151 which allows users to use alternative auth plugins. So, I would say this probe should clear every ambient auth-plugin, i.e. set OS_AUTH_TYPE\u003d\"password\" explicitly and also unset OS_PROTOCOL, OS_IDENTITY_PROVIDER, OS_ACCESS_TOKEN. And also it should probably request an unscoped token (OS_PROJECT_ID\u003d\"\")\n\n- Also I see the potential issue here (that worth mentioning in comments at least and in commit message) that a real failed authentication against keystone can lead to locking the service user if [security_compliance] lockout_failure_attempts is set. So the lockout_failure_attempts must assume the auth failures are used as a probe. \n\n- Also `\u003e /dev/null 2\u003e\u00261` swallows everything and the `else` branch fires for *any* non-zero exit: keystone briefly unreachable, user disabled, etc. Maybe it worth it to distinguish between genuine auth failures and other errors.","commit_id":"f65b0e1635d4d87eaf03b420a5c13a61c051ef99"},{"author":{"_account_id":37208,"name":"Marek Skrobacki","display_name":"Marek Skrobacki","email":"skrobul@skrobul.com","username":"skrobul"},"change_message_id":"29d52126071c4e915da0a4aa499d61c335165f34","unresolved":false,"context_lines":[{"line_number":73,"context_line":""},{"line_number":74,"context_line":"# Manage user password (we do this in a seperate step to ensure the password is updated if required)"},{"line_number":75,"context_line":"set +x"},{"line_number":76,"context_line":"if OS_USERNAME\u003d\"${SERVICE_OS_USERNAME}\" OS_PASSWORD\u003d\"${SERVICE_OS_PASSWORD}\" OS_USER_DOMAIN_NAME\u003d\"\" OS_USER_DOMAIN_ID\u003d\"${USER_DOMAIN_ID}\" OS_PROJECT_NAME\u003d\"\" OS_PROJECT_DOMAIN_NAME\u003d\"\" OS_PROJECT_ID\u003d\"${USER_PROJECT_ID}\" openstack token issue \u003e /dev/null 2\u003e\u00261; then"},{"line_number":77,"context_line":"  echo \"Password for ${USER_ID} is already correct, skipping update.\""},{"line_number":78,"context_line":"else"},{"line_number":79,"context_line":"  echo \"Setting user password via: openstack user set --password\u003dxxxxxxx ${USER_ID}\""}],"source_content_type":"text/x-smarty","patch_set":1,"id":"4cba65ed_0445fe14","line":76,"in_reply_to":"1bdeaf50_9b57aaaa","updated":"2026-06-05 10:10:37.000000000","message":"Hi Vlad! Many thanks for the review - I agree on all of the points above and made the changes in Patchset 2.\n\nI was bit hesitant to parse the error messages from the probe in case Keystone error message changes, but after thinking about it, the HTTP error code will probably stay there forever.\n\nPlease let me know if you would like me to change anything else.","commit_id":"f65b0e1635d4d87eaf03b420a5c13a61c051ef99"},{"author":{"_account_id":37208,"name":"Marek Skrobacki","display_name":"Marek Skrobacki","email":"skrobul@skrobul.com","username":"skrobul"},"change_message_id":"2a8eea2651a412d8fe7290c1a948689327005ef2","unresolved":true,"context_lines":[{"line_number":73,"context_line":""},{"line_number":74,"context_line":"# Manage user password (we do this in a seperate step to ensure the password is updated if required)"},{"line_number":75,"context_line":"set +x"},{"line_number":76,"context_line":"if OS_USERNAME\u003d\"${SERVICE_OS_USERNAME}\" OS_PASSWORD\u003d\"${SERVICE_OS_PASSWORD}\" OS_USER_DOMAIN_NAME\u003d\"\" OS_USER_DOMAIN_ID\u003d\"${USER_DOMAIN_ID}\" OS_PROJECT_NAME\u003d\"\" OS_PROJECT_DOMAIN_NAME\u003d\"\" OS_PROJECT_ID\u003d\"${USER_PROJECT_ID}\" openstack token issue \u003e /dev/null 2\u003e\u00261; then"},{"line_number":77,"context_line":"  echo \"Password for ${USER_ID} is already correct, skipping update.\""},{"line_number":78,"context_line":"else"},{"line_number":79,"context_line":"  echo \"Setting user password via: openstack user set --password\u003dxxxxxxx ${USER_ID}\""}],"source_content_type":"text/x-smarty","patch_set":1,"id":"855ad0f5_b021b16c","line":76,"in_reply_to":"4cba65ed_0445fe14","updated":"2026-06-05 12:12:32.000000000","message":"Turns out Zuul is failing as that job does not complete for some reason. I\u0027m trying to replicate it locally, will keep you posted.","commit_id":"f65b0e1635d4d87eaf03b420a5c13a61c051ef99"},{"author":{"_account_id":37208,"name":"Marek Skrobacki","display_name":"Marek Skrobacki","email":"skrobul@skrobul.com","username":"skrobul"},"change_message_id":"51f26a3f6e95eca0825ab853b8465111b66f8757","unresolved":false,"context_lines":[{"line_number":73,"context_line":""},{"line_number":74,"context_line":"# Manage user password (we do this in a seperate step to ensure the password is updated if required)"},{"line_number":75,"context_line":"set +x"},{"line_number":76,"context_line":"if OS_USERNAME\u003d\"${SERVICE_OS_USERNAME}\" OS_PASSWORD\u003d\"${SERVICE_OS_PASSWORD}\" OS_USER_DOMAIN_NAME\u003d\"\" OS_USER_DOMAIN_ID\u003d\"${USER_DOMAIN_ID}\" OS_PROJECT_NAME\u003d\"\" OS_PROJECT_DOMAIN_NAME\u003d\"\" OS_PROJECT_ID\u003d\"${USER_PROJECT_ID}\" openstack token issue \u003e /dev/null 2\u003e\u00261; then"},{"line_number":77,"context_line":"  echo \"Password for ${USER_ID} is already correct, skipping update.\""},{"line_number":78,"context_line":"else"},{"line_number":79,"context_line":"  echo \"Setting user password via: openstack user set --password\u003dxxxxxxx ${USER_ID}\""}],"source_content_type":"text/x-smarty","patch_set":1,"id":"ab0f36b0_37b7b656","line":76,"in_reply_to":"855ad0f5_b021b16c","updated":"2026-06-05 16:51:06.000000000","message":"It was failing because of `set -e` affecting `openstack token issue`","commit_id":"f65b0e1635d4d87eaf03b420a5c13a61c051ef99"}]}