Skip to content

Rotate CI passwords (antelope)#2239

Merged
priteau merged 3 commits intostackhpc/2023.1from
pw-rotation-antelope
Mar 30, 2026
Merged

Rotate CI passwords (antelope)#2239
priteau merged 3 commits intostackhpc/2023.1from
pw-rotation-antelope

Conversation

@Alex-Welsh
Copy link
Copy Markdown
Member

@Alex-Welsh Alex-Welsh commented Mar 30, 2026

No description provided.

@Alex-Welsh Alex-Welsh requested a review from a team as a code owner March 30, 2026 10:42
gemini-code-assist[bot]
gemini-code-assist bot reviewed Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the repository mirror usernames and Ansible Vault passwords for the ci-aio and ci-builder environments to include the 'antelope' release suffix. The reviewer suggests using the openstack_release_codename variable instead of hardcoding the release name to improve maintainability and simplify future updates.

etc/kayobe/environments/ci-aio/stackhpc-ci.yml
# Use Ark's package repositories to install packages.
stackhpc_repo_mirror_url: "{{ stackhpc_release_pulp_url }}"
stackhpc_repo_mirror_username: "skc-ci-aio"
stackhpc_repo_mirror_username: "skc-ci-aio-antelope"
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

To improve maintainability and avoid hardcoding the release name, consider using the openstack_release_codename variable to construct this username. This will make it easier to update for future OpenStack releases. Ensure that the resulting username remains dedicated to this environment to maintain isolation as per security guidelines.

stackhpc_repo_mirror_username: "skc-ci-aio-{{ openstack_release_codename }}"
References
  1. Use dedicated credentials and users for distinct environments to improve security and isolation, rather than sharing them.

etc/kayobe/environments/ci-builder/stackhpc-ci.yml
# Use Ark's package repositories to install packages.
stackhpc_repo_mirror_url: "{{ stackhpc_repo_mirror_auth_proxy_url if stackhpc_repo_mirror_auth_proxy_enabled | bool else stackhpc_release_pulp_url }}"
stackhpc_repo_mirror_username: "skc-ci-builder-reader"
stackhpc_repo_mirror_username: "skc-ci-builder-reader-antelope"
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

To improve maintainability and avoid hardcoding the release name, consider using the openstack_release_codename variable to construct this username. This will make it easier to update for future OpenStack releases. Ensure that the resulting username remains dedicated to this environment to maintain isolation as per security guidelines.

stackhpc_repo_mirror_username: "skc-ci-builder-reader-{{ openstack_release_codename }}"
References
  1. Use dedicated credentials and users for distinct environments to improve security and isolation, rather than sharing them.

@Alex-Welsh Alex-Welsh closed this Mar 30, 2026
@Alex-Welsh Alex-Welsh reopened this Mar 30, 2026
@Alex-Welsh Alex-Welsh mentioned this pull request Mar 30, 2026
Closed
@priteau priteau merged commit c2625e1 into stackhpc/2023.1 Mar 30, 2026
18 of 24 checks passed
@priteau priteau deleted the pw-rotation-antelope branch March 30, 2026 12:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@priteau priteau priteau approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Alex-Welsh @priteau @stackhpc-ci