)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":20778,"name":"Damien Ciabrini","email":"dciabrin@redhat.com","username":"dciabrin"},"change_message_id":"6ac3aef536b8e98e33fef665d20f62176a66e1ae","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"ef7f47ec_81fcfd88","updated":"2022-02-09 09:28:12.000000000","message":"recheck\nmirror timeout in standalone upgrade job","commit_id":"6f67c15f4705467584274c95c2a6baaeb65ecdfd"}],"tripleo_common/utils/passwords.py":[{"author":{"_account_id":6926,"name":"Bogdan Dobrelya","email":"bdobreli@redhat.com","username":"bogdando"},"change_message_id":"076596255343efbbcdb47d70289a84b0782022d0","unresolved":true,"context_lines":[{"line_number":209,"context_line":"            serialization.NoEncryption()"},{"line_number":210,"context_line":"        )"},{"line_number":211,"context_line":"        generate_new_key \u003d any([x in skip_bytes for x in private_bytes])"},{"line_number":212,"context_line":"    return base64.b64encode(private_bytes).decode(\u0027utf-8\u0027)"}],"source_content_type":"text/x-python","patch_set":3,"id":"775c1dd9_a54ca06a","line":212,"updated":"2022-01-18 09:52:44.000000000","message":"If all the above boils down to having a base64 ASCII string, could it work instead to use OpenSSH format, which never has nullbytes and tabs (I suppose?). For example, compare:\n\n\u003e\u003e\u003e base64.b64encode(private_bytes).decode(\u0027utf-8\u0027)\n\u0027h31YEuzG7UCbItk4Fi56SGyr8gN76WW8noV9wS+IolI\u003d\u0027\n\u003e\u003e\u003e len(base64.b64encode(private_bytes).decode(\u0027utf-8\u0027))\n44\n\u003e\u003e\u003e private_bytes2.decode(\u0027utf-8\u0027).split(\u0027\\n\u0027)[1][:44]\n\u0027b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAA\u0027\n\nwhere:\nprivate_bytes2 \u003d private_key.private_bytes(\n\t\t\tserialization.Encoding.PEM,\n\t\t\tserialization.PrivateFormat.OpenSSH,\n\t\t\tserialization.NoEncryption()\nwithout \u0027safety\u0027 iterations...","commit_id":"a2bb64968da5aeaa397947b110a3e8bdf405ee69"},{"author":{"_account_id":20778,"name":"Damien Ciabrini","email":"dciabrin@redhat.com","username":"dciabrin"},"change_message_id":"7ed4a1bc8dbd2a9704376fe5366e2cbd3f832d52","unresolved":true,"context_lines":[{"line_number":209,"context_line":"            serialization.NoEncryption()"},{"line_number":210,"context_line":"        )"},{"line_number":211,"context_line":"        generate_new_key \u003d any([x in skip_bytes for x in private_bytes])"},{"line_number":212,"context_line":"    return base64.b64encode(private_bytes).decode(\u0027utf-8\u0027)"}],"source_content_type":"text/x-python","patch_set":3,"id":"b10cbc00_e0d0c21e","line":212,"in_reply_to":"775c1dd9_a54ca06a","updated":"2022-02-09 13:28:40.000000000","message":"No the base64 encoding is just there to easy passing that parameter to hiera and heat. It\u0027s the decoded password that must contain a reasonably random array of bytes, without a few forbidden bytes because 1) mariadb cannot store password with \\0 in a config file; and 2) sometimes we use passwords at the commadline, and this clashes a few other bytes, but only for mysql and clustercheck passwords.\nAll the openstack services connect to the DB via oslo.db, which can handle all bytes.","commit_id":"a2bb64968da5aeaa397947b110a3e8bdf405ee69"}]}