)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":34620,"name":"Francisco Seruca Salgado","email":"fserucas@redhat.com","username":"fserucas"},"change_message_id":"fac326360ad22bb15eba4a7eabd9652bd204e42b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":8,"id":"5d06ff4f_1badc069","updated":"2024-04-03 08:56:05.000000000","message":"recheck","commit_id":"0ee57ee070ba07c37ac8e345c7aa24de71e8cc06"},{"author":{"_account_id":34620,"name":"Francisco Seruca Salgado","email":"fserucas@redhat.com","username":"fserucas"},"change_message_id":"a67531688d321c0625cf52ead0898a02d419377f","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"0d15f3b5_1bf8b37f","updated":"2024-04-03 13:39:15.000000000","message":"recheck","commit_id":"3855d53b38f7cd2b22ad34e0b1dffd79d96250e7"},{"author":{"_account_id":6889,"name":"Fabien Boucher","email":"fboucher@redhat.com","username":"fabien-boucher"},"change_message_id":"5306da9125120f7f463d99bcd6698d8b86c12a2b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"e0f14636_475f73dd","updated":"2024-04-22 11:54:11.000000000","message":"Hi, is there something more to address in this change to land it in master ?","commit_id":"5afe315bfedcf172bf79ee9389c268d06d9afd3b"}],"tools/decrypt_secret.py":[{"author":{"_account_id":9311,"name":"Tristan Cacqueray","email":"tdecacqu@redhat.com","username":"tristanC"},"change_message_id":"accde202d016c2e1e71130c6c27fd33b64814718","unresolved":true,"context_lines":[{"line_number":28,"context_line":"    keys \u003d keyfile.get(\"keys\")"},{"line_number":29,"context_line":"    projectkeys \u003d keys.get(path)"},{"line_number":30,"context_line":"    if projectkeys is None:"},{"line_number":31,"context_line":"        return None"},{"line_number":32,"context_line":"    pk \u003d projectkeys[\"keys\"][0][\"private_key\"]"},{"line_number":33,"context_line":"    pem_private_key \u003d pk.encode(\"utf-8\")"},{"line_number":34,"context_line":"    private_key, public_key \u003d encryption.deserialize_rsa_keypair("}],"source_content_type":"text/x-python","patch_set":1,"id":"62eb678c_1608ee4e","line":31,"updated":"2024-02-08 16:18:00.000000000","message":"It might be worth printing an error here, otherwise this can cause an obscure `TypeError: cannot unpack non-iterable NoneType object` error when the path is unknown.","commit_id":"8de1f98f021d55a36cc4461e7262395de5928cdc"},{"author":{"_account_id":34620,"name":"Francisco Seruca Salgado","email":"fserucas@redhat.com","username":"fserucas"},"change_message_id":"06eed653ada9c27bb392cdda52101f7ac20221c5","unresolved":false,"context_lines":[{"line_number":28,"context_line":"    keys \u003d keyfile.get(\"keys\")"},{"line_number":29,"context_line":"    projectkeys \u003d keys.get(path)"},{"line_number":30,"context_line":"    if projectkeys is None:"},{"line_number":31,"context_line":"        return None"},{"line_number":32,"context_line":"    pk \u003d projectkeys[\"keys\"][0][\"private_key\"]"},{"line_number":33,"context_line":"    pem_private_key \u003d pk.encode(\"utf-8\")"},{"line_number":34,"context_line":"    private_key, public_key \u003d encryption.deserialize_rsa_keypair("}],"source_content_type":"text/x-python","patch_set":1,"id":"6b6ec0b0_a25a4558","line":31,"in_reply_to":"62eb678c_1608ee4e","updated":"2024-02-09 13:51:33.000000000","message":"added","commit_id":"8de1f98f021d55a36cc4461e7262395de5928cdc"},{"author":{"_account_id":9311,"name":"Tristan Cacqueray","email":"tdecacqu@redhat.com","username":"tristanC"},"change_message_id":"accde202d016c2e1e71130c6c27fd33b64814718","unresolved":true,"context_lines":[{"line_number":43,"context_line":"    parser.add_argument(\u0027dumppath\u0027,"},{"line_number":44,"context_line":"                        help\u003d\"Path to the zuul-admin export-keys command output\")"},{"line_number":45,"context_line":"    parser.add_argument(\u0027keystore\u0027,"},{"line_number":46,"context_line":"                        help\u003d\"Zuul Keystore password\")"},{"line_number":47,"context_line":"    parser.add_argument(\u0027zkpath\u0027,"},{"line_number":48,"context_line":"                        help\u003d\"Path to the project key in Zookeeper\")"},{"line_number":49,"context_line":"    args \u003d parser.parse_args()"}],"source_content_type":"text/x-python","patch_set":1,"id":"4519ed14_643901ba","line":46,"updated":"2024-02-08 16:18:00.000000000","message":"Perhaps this should provided by the environment to prevent leaking the password in the process list or the history. Better yet would be to read from the zuul.conf if possible.","commit_id":"8de1f98f021d55a36cc4461e7262395de5928cdc"},{"author":{"_account_id":34620,"name":"Francisco Seruca Salgado","email":"fserucas@redhat.com","username":"fserucas"},"change_message_id":"06eed653ada9c27bb392cdda52101f7ac20221c5","unresolved":false,"context_lines":[{"line_number":43,"context_line":"    parser.add_argument(\u0027dumppath\u0027,"},{"line_number":44,"context_line":"                        help\u003d\"Path to the zuul-admin export-keys command output\")"},{"line_number":45,"context_line":"    parser.add_argument(\u0027keystore\u0027,"},{"line_number":46,"context_line":"                        help\u003d\"Zuul Keystore password\")"},{"line_number":47,"context_line":"    parser.add_argument(\u0027zkpath\u0027,"},{"line_number":48,"context_line":"                        help\u003d\"Path to the project key in Zookeeper\")"},{"line_number":49,"context_line":"    args \u003d parser.parse_args()"}],"source_content_type":"text/x-python","patch_set":1,"id":"e2744057_eb3f538b","line":46,"in_reply_to":"4519ed14_643901ba","updated":"2024-02-09 13:51:33.000000000","message":"done","commit_id":"8de1f98f021d55a36cc4461e7262395de5928cdc"},{"author":{"_account_id":9311,"name":"Tristan Cacqueray","email":"tdecacqu@redhat.com","username":"tristanC"},"change_message_id":"accde202d016c2e1e71130c6c27fd33b64814718","unresolved":true,"context_lines":[{"line_number":45,"context_line":"    parser.add_argument(\u0027keystore\u0027,"},{"line_number":46,"context_line":"                        help\u003d\"Zuul Keystore password\")"},{"line_number":47,"context_line":"    parser.add_argument(\u0027zkpath\u0027,"},{"line_number":48,"context_line":"                        help\u003d\"Path to the project key in Zookeeper\")"},{"line_number":49,"context_line":"    args \u003d parser.parse_args()"},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"    keysfile \u003d json.load(open(args.dumppath))"}],"source_content_type":"text/x-python","patch_set":1,"id":"95542d59_080f70eb","line":48,"updated":"2024-02-08 16:18:00.000000000","message":"I think it would make sense to keep the same order as before, \u003chow to decrypt\u003e \u003cfile to decrypt\u003e","commit_id":"8de1f98f021d55a36cc4461e7262395de5928cdc"},{"author":{"_account_id":34620,"name":"Francisco Seruca Salgado","email":"fserucas@redhat.com","username":"fserucas"},"change_message_id":"06eed653ada9c27bb392cdda52101f7ac20221c5","unresolved":true,"context_lines":[{"line_number":45,"context_line":"    parser.add_argument(\u0027keystore\u0027,"},{"line_number":46,"context_line":"                        help\u003d\"Zuul Keystore password\")"},{"line_number":47,"context_line":"    parser.add_argument(\u0027zkpath\u0027,"},{"line_number":48,"context_line":"                        help\u003d\"Path to the project key in Zookeeper\")"},{"line_number":49,"context_line":"    args \u003d parser.parse_args()"},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"    keysfile \u003d json.load(open(args.dumppath))"}],"source_content_type":"text/x-python","patch_set":1,"id":"9e212bd8_d6b93b41","line":48,"in_reply_to":"95542d59_080f70eb","updated":"2024-02-09 13:51:33.000000000","message":"Check the new version of patch https://review.opendev.org/c/zuul/zuul/+/908507/3","commit_id":"8de1f98f021d55a36cc4461e7262395de5928cdc"},{"author":{"_account_id":34620,"name":"Francisco Seruca Salgado","email":"fserucas@redhat.com","username":"fserucas"},"change_message_id":"ac379fbd46239abf370bce8e4653c1e318477a26","unresolved":false,"context_lines":[{"line_number":45,"context_line":"    parser.add_argument(\u0027keystore\u0027,"},{"line_number":46,"context_line":"                        help\u003d\"Zuul Keystore password\")"},{"line_number":47,"context_line":"    parser.add_argument(\u0027zkpath\u0027,"},{"line_number":48,"context_line":"                        help\u003d\"Path to the project key in Zookeeper\")"},{"line_number":49,"context_line":"    args \u003d parser.parse_args()"},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"    keysfile \u003d json.load(open(args.dumppath))"}],"source_content_type":"text/x-python","patch_set":1,"id":"9e2607a4_cdfbac4a","line":48,"in_reply_to":"9e212bd8_d6b93b41","updated":"2024-04-03 08:50:56.000000000","message":"Acknowledged","commit_id":"8de1f98f021d55a36cc4461e7262395de5928cdc"},{"author":{"_account_id":4146,"name":"Clark Boylan","email":"cboylan@sapwetik.org","username":"cboylan"},"change_message_id":"29f771bcb4136b813f044148a085e47d8bb640d1","unresolved":true,"context_lines":[{"line_number":28,"context_line":"def convZuulKCToDict(data: dict) -\u003e dict:"},{"line_number":29,"context_line":"    result \u003d {}"},{"line_number":30,"context_line":"    for k, v in data.items():"},{"line_number":31,"context_line":"        result[str(k)] \u003d v"},{"line_number":32,"context_line":"    return result"},{"line_number":33,"context_line":""},{"line_number":34,"context_line":""}],"source_content_type":"text/x-python","patch_set":6,"id":"c9b91705_e1537cc5","line":31,"range":{"start_line":31,"start_character":15,"end_line":31,"end_character":21},"updated":"2024-03-07 21:50:49.000000000","message":"The purpose of this function appears to be to convert keys from some type to a string and then reenter the converted key and its value into a dict. Why is this necessary?","commit_id":"b2c07d43d6faedfc883dfbdb0aed0968a84222ef"},{"author":{"_account_id":34620,"name":"Francisco Seruca Salgado","email":"fserucas@redhat.com","username":"fserucas"},"change_message_id":"2d215c47a20642c47323484b20cd6bae5e402b7b","unresolved":false,"context_lines":[{"line_number":28,"context_line":"def convZuulKCToDict(data: dict) -\u003e dict:"},{"line_number":29,"context_line":"    result \u003d {}"},{"line_number":30,"context_line":"    for k, v in data.items():"},{"line_number":31,"context_line":"        result[str(k)] \u003d v"},{"line_number":32,"context_line":"    return result"},{"line_number":33,"context_line":""},{"line_number":34,"context_line":""}],"source_content_type":"text/x-python","patch_set":6,"id":"df50549f_5f682cd0","line":31,"range":{"start_line":31,"start_character":15,"end_line":31,"end_character":21},"in_reply_to":"c9b91705_e1537cc5","updated":"2024-03-11 10:36:58.000000000","message":"The idea was to convert ZuulKeyConfig which returned from the line https://review.opendev.org/c/zuul/zuul/+/908507/7/tools/decrypt_secret.py#89, but now that you have mentioned it, I checked it and this is not needed anymore.","commit_id":"b2c07d43d6faedfc883dfbdb0aed0968a84222ef"},{"author":{"_account_id":4146,"name":"Clark Boylan","email":"cboylan@sapwetik.org","username":"cboylan"},"change_message_id":"29f771bcb4136b813f044148a085e47d8bb640d1","unresolved":true,"context_lines":[{"line_number":37,"context_line":"    keys \u003d keyfile.get(\"keys\")"},{"line_number":38,"context_line":"    projectkeys \u003d keys.get(path + \"/secrets\")"},{"line_number":39,"context_line":"    if projectkeys is None:"},{"line_number":40,"context_line":"        print(f\"Project path {path} does not exist\")"},{"line_number":41,"context_line":"        exit(1)"},{"line_number":42,"context_line":"    pk \u003d projectkeys[\"keys\"][0][\"private_key\"]"},{"line_number":43,"context_line":"    pem_private_key \u003d pk.encode(\"utf-8\")"}],"source_content_type":"text/x-python","patch_set":6,"id":"efe65c89_3d853711","line":40,"updated":"2024-03-07 21:50:49.000000000","message":"Is it `path + \"/secrets\"` that doesn\u0027t exist or just `path`? I think we don\u0027t have sufficient info here. Maybe better to say that `path + \"/secrets\"` could not be found / does not exist.\n\nLooking at the code I think it is theoretically possible for a project to have an ssh key but not a secrets key. However, that would only be possible in the case of a manually curated zk database? Otherwise zuul should ensure both get created in zk.","commit_id":"b2c07d43d6faedfc883dfbdb0aed0968a84222ef"},{"author":{"_account_id":34620,"name":"Francisco Seruca Salgado","email":"fserucas@redhat.com","username":"fserucas"},"change_message_id":"f3b9709382af27f6a3a01688ae8d1a0c87ca76ab","unresolved":false,"context_lines":[{"line_number":37,"context_line":"    keys \u003d keyfile.get(\"keys\")"},{"line_number":38,"context_line":"    projectkeys \u003d keys.get(path + \"/secrets\")"},{"line_number":39,"context_line":"    if projectkeys is None:"},{"line_number":40,"context_line":"        print(f\"Project path {path} does not exist\")"},{"line_number":41,"context_line":"        exit(1)"},{"line_number":42,"context_line":"    pk \u003d projectkeys[\"keys\"][0][\"private_key\"]"},{"line_number":43,"context_line":"    pem_private_key \u003d pk.encode(\"utf-8\")"}],"source_content_type":"text/x-python","patch_set":6,"id":"4f60d468_2f99119b","line":40,"in_reply_to":"342e8fa5_1f01e0c9","updated":"2024-04-15 14:43:15.000000000","message":"Acknowledged","commit_id":"b2c07d43d6faedfc883dfbdb0aed0968a84222ef"},{"author":{"_account_id":34620,"name":"Francisco Seruca Salgado","email":"fserucas@redhat.com","username":"fserucas"},"change_message_id":"2d215c47a20642c47323484b20cd6bae5e402b7b","unresolved":true,"context_lines":[{"line_number":37,"context_line":"    keys \u003d keyfile.get(\"keys\")"},{"line_number":38,"context_line":"    projectkeys \u003d keys.get(path + \"/secrets\")"},{"line_number":39,"context_line":"    if projectkeys is None:"},{"line_number":40,"context_line":"        print(f\"Project path {path} does not exist\")"},{"line_number":41,"context_line":"        exit(1)"},{"line_number":42,"context_line":"    pk \u003d projectkeys[\"keys\"][0][\"private_key\"]"},{"line_number":43,"context_line":"    pem_private_key \u003d pk.encode(\"utf-8\")"}],"source_content_type":"text/x-python","patch_set":6,"id":"342e8fa5_1f01e0c9","line":40,"in_reply_to":"efe65c89_3d853711","updated":"2024-03-11 10:36:58.000000000","message":"Thank you for the suggestion, I changed it to a more clear output.\n\nRegarding the second part of your comment, I do not know if it is possible or not, to have several combinations of ssh and secret keys. I can only tell that, in our use case we just use ZK database created by Zuul.","commit_id":"b2c07d43d6faedfc883dfbdb0aed0968a84222ef"},{"author":{"_account_id":4146,"name":"Clark Boylan","email":"cboylan@sapwetik.org","username":"cboylan"},"change_message_id":"29f771bcb4136b813f044148a085e47d8bb640d1","unresolved":true,"context_lines":[{"line_number":39,"context_line":"    if projectkeys is None:"},{"line_number":40,"context_line":"        print(f\"Project path {path} does not exist\")"},{"line_number":41,"context_line":"        exit(1)"},{"line_number":42,"context_line":"    pk \u003d projectkeys[\"keys\"][0][\"private_key\"]"},{"line_number":43,"context_line":"    pem_private_key \u003d pk.encode(\"utf-8\")"},{"line_number":44,"context_line":"    private_key, public_key \u003d encryption.deserialize_rsa_keypair("},{"line_number":45,"context_line":"        pem_private_key, password_bytes)"}],"source_content_type":"text/x-python","patch_set":6,"id":"e9960b64_b9bece39","line":42,"range":{"start_line":42,"start_character":28,"end_line":42,"end_character":31},"updated":"2024-03-07 21:50:49.000000000","message":"For any other reviewers the [0] seems to be hardcoded in zuul\u0027s keystorage too. Not sure why we chose to make that a list with one element.","commit_id":"b2c07d43d6faedfc883dfbdb0aed0968a84222ef"},{"author":{"_account_id":1,"name":"James E. Blair","email":"jim@acmegating.com","username":"corvus"},"change_message_id":"ded276938beb65e65fdef025730ab0e2d5750bbe","unresolved":false,"context_lines":[{"line_number":39,"context_line":"    if projectkeys is None:"},{"line_number":40,"context_line":"        print(f\"Project path {path} does not exist\")"},{"line_number":41,"context_line":"        exit(1)"},{"line_number":42,"context_line":"    pk \u003d projectkeys[\"keys\"][0][\"private_key\"]"},{"line_number":43,"context_line":"    pem_private_key \u003d pk.encode(\"utf-8\")"},{"line_number":44,"context_line":"    private_key, public_key \u003d encryption.deserialize_rsa_keypair("},{"line_number":45,"context_line":"        pem_private_key, password_bytes)"}],"source_content_type":"text/x-python","patch_set":6,"id":"5451c0f0_70bf8a31","line":42,"in_reply_to":"e9960b64_b9bece39","updated":"2024-03-07 23:07:08.000000000","message":"It\u0027s for future support of key rotation.  I would expect this script to iterate through all of them despite there only being one now.","commit_id":"b2c07d43d6faedfc883dfbdb0aed0968a84222ef"},{"author":{"_account_id":1,"name":"James E. Blair","email":"jim@acmegating.com","username":"corvus"},"change_message_id":"ded276938beb65e65fdef025730ab0e2d5750bbe","unresolved":false,"context_lines":[{"line_number":49,"context_line":""},{"line_number":50,"context_line":"def main():"},{"line_number":51,"context_line":"    parser \u003d argparse.ArgumentParser(description\u003dDESCRIPTION)"},{"line_number":52,"context_line":"    parser.add_argument(\u0027dumppath\u0027,"},{"line_number":53,"context_line":"                        help\u003d\"Path to the zuul-admin export-keys \\"},{"line_number":54,"context_line":"                        command output\")"},{"line_number":55,"context_line":"    parser.add_argument(\u0027config\u0027,"}],"source_content_type":"text/x-python","patch_set":6,"id":"cd524461_82fad313","line":52,"updated":"2024-03-07 23:07:08.000000000","message":"Maybe call this \"export-path\" to suggest a connection with export-keys.","commit_id":"b2c07d43d6faedfc883dfbdb0aed0968a84222ef"},{"author":{"_account_id":1,"name":"James E. Blair","email":"jim@acmegating.com","username":"corvus"},"change_message_id":"ded276938beb65e65fdef025730ab0e2d5750bbe","unresolved":false,"context_lines":[{"line_number":57,"context_line":"    parser.add_argument(\u0027file\u0027,"},{"line_number":58,"context_line":"                        help\u003d\"The YAML file with secrets\")"},{"line_number":59,"context_line":"    parser.add_argument(\u0027zkpath\u0027,"},{"line_number":60,"context_line":"                        help\u003d\"Path to the project key in Zookeeper\")"},{"line_number":61,"context_line":"    parser.add_argument(\u0027--list\u0027,"},{"line_number":62,"context_line":"                        help\u003d\"list projects from exported keys\","},{"line_number":63,"context_line":"                        action\u003d\u0027store_true\u0027)"}],"source_content_type":"text/x-python","patch_set":6,"id":"3f765841_2eb1135b","line":60,"updated":"2024-03-07 23:07:08.000000000","message":"It\u0027s not clear what this is supposed to be or how a user should identify it.","commit_id":"b2c07d43d6faedfc883dfbdb0aed0968a84222ef"}]}