Skip to content

Rotate ci passwords (Yoga)#2237

Merged
priteau merged 1 commit intostackhpc/yogafrom
pw-rotation-yoga
Mar 30, 2026
Merged

Rotate ci passwords (Yoga)#2237
priteau merged 1 commit intostackhpc/yogafrom
pw-rotation-yoga

Conversation

@Alex-Welsh
Copy link
Copy Markdown
Member

@Alex-Welsh Alex-Welsh commented Mar 30, 2026

No description provided.

@Alex-Welsh Alex-Welsh requested a review from a team as a code owner March 30, 2026 10:42
gemini-code-assist[bot]
gemini-code-assist bot reviewed Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the repository mirror usernames and Ansible Vault passwords for the ci-aio and ci-builder environments, appending the 'yoga' release suffix. The review feedback suggests replacing the hardcoded release name in the usernames with the openstack_release variable to enhance maintainability and simplify future upgrades.

etc/kayobe/environments/ci-aio/stackhpc-ci.yml
# Use Ark's package repositories to install packages.
stackhpc_repo_mirror_url: "{{ stackhpc_release_pulp_url }}"
stackhpc_repo_mirror_username: "skc-ci-aio"
stackhpc_repo_mirror_username: "skc-ci-aio-yoga"
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

To improve maintainability and make it easier to adapt this configuration for future OpenStack releases, consider using the openstack_release variable to construct the username. This avoids hardcoding the release name. Ensure that the resulting username remains dedicated to this specific environment to maintain isolation as per our security guidelines.

stackhpc_repo_mirror_username: "skc-ci-aio-{{ openstack_release }}"
References
  1. Use dedicated credentials and users for distinct environments to improve security and isolation, rather than sharing them.

etc/kayobe/environments/ci-builder/stackhpc-ci.yml
# Use Ark's package repositories to install packages.
stackhpc_repo_mirror_url: "{{ stackhpc_repo_mirror_auth_proxy_url if stackhpc_repo_mirror_auth_proxy_enabled | bool else stackhpc_release_pulp_url }}"
stackhpc_repo_mirror_username: "skc-ci-builder-reader"
stackhpc_repo_mirror_username: "skc-ci-builder-reader-yoga"
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

To improve maintainability and make it easier to adapt this configuration for future OpenStack releases, consider using the openstack_release variable to construct the username. This avoids hardcoding the release name. Ensure that the resulting username remains dedicated to this specific environment to maintain isolation as per our security guidelines.

stackhpc_repo_mirror_username: "skc-ci-builder-reader-{{ openstack_release }}"
References
  1. Use dedicated credentials and users for distinct environments to improve security and isolation, rather than sharing them.

@Alex-Welsh Alex-Welsh closed this Mar 30, 2026
@Alex-Welsh Alex-Welsh reopened this Mar 30, 2026
@priteau priteau merged commit 211c6b7 into stackhpc/yoga Mar 30, 2026
16 of 30 checks passed
@priteau priteau deleted the pw-rotation-yoga branch March 30, 2026 12:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@priteau priteau priteau approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Alex-Welsh @priteau