Update patch set 5
Patch Set 5: (7 comments) Patch-set: 5 Attention: {"person_ident":"Gerrit User 18816 \u003c18816@4a232e18-c5a9-48ee-94c0-e04e7cca6543\u003e","operation":"REMOVE","reason":"\u003cGERRIT_ACCOUNT_18816\u003e replied on the change"} Attention: {"person_ident":"Gerrit User 29632 \u003c29632@4a232e18-c5a9-48ee-94c0-e04e7cca6543\u003e","operation":"ADD","reason":"\u003cGERRIT_ACCOUNT_18816\u003e replied on the change"}
This commit is contained in:
parent
cf0f723e26
commit
e98d005ee7
|
@ -17,6 +17,23 @@
|
|||
"revId": "7073bfe6e2eb52a56586b4e46ad0506d84f9e6fc",
|
||||
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
|
||||
},
|
||||
{
|
||||
"unresolved": false,
|
||||
"key": {
|
||||
"uuid": "20368812_36ba28e5",
|
||||
"filename": "/PATCHSET_LEVEL",
|
||||
"patchSetId": 5
|
||||
},
|
||||
"lineNbr": 0,
|
||||
"author": {
|
||||
"id": 18816
|
||||
},
|
||||
"writtenOn": "2024-01-17T12:46:51Z",
|
||||
"side": 1,
|
||||
"message": "Thanks for the work and the feedback, see my comments inline",
|
||||
"revId": "7073bfe6e2eb52a56586b4e46ad0506d84f9e6fc",
|
||||
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
|
||||
},
|
||||
{
|
||||
"unresolved": true,
|
||||
"key": {
|
||||
|
@ -34,6 +51,24 @@
|
|||
"revId": "7073bfe6e2eb52a56586b4e46ad0506d84f9e6fc",
|
||||
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
|
||||
},
|
||||
{
|
||||
"unresolved": true,
|
||||
"key": {
|
||||
"uuid": "b139dc06_c124914e",
|
||||
"filename": "specs/caracal/share_encryption.rst",
|
||||
"patchSetId": 5
|
||||
},
|
||||
"lineNbr": 3,
|
||||
"author": {
|
||||
"id": 18816
|
||||
},
|
||||
"writtenOn": "2024-01-17T12:46:51Z",
|
||||
"side": 1,
|
||||
"message": "Good questions. I\u0027ll add my thoughts:\n\nre 1: I think unmanage would need to make sure that the user, who sends that command has access to the key, too. But I would be also fine with the safe approach in not allowing to unmanage such shares.\nre 2: same like 1, I think. But with a higher tendency to not allow this because of complexity. I don\u0027t know if barbican even has a concept of transferring a key?\nre 3: not all backup targets may support this, depends on the driver, I think.\nre 4: I can imagine that snapshots simply can re-use the encryption key of the parent. Snapshots anyhow have a strong tie to the parent object.",
|
||||
"parentUuid": "df7e1454_2c0c1422",
|
||||
"revId": "7073bfe6e2eb52a56586b4e46ad0506d84f9e6fc",
|
||||
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
|
||||
},
|
||||
{
|
||||
"unresolved": true,
|
||||
"key": {
|
||||
|
|
|
@ -105,6 +105,24 @@
|
|||
"revId": "7e375d234c48fb3e6c33584ea12452ec0e29ee60",
|
||||
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
|
||||
},
|
||||
{
|
||||
"unresolved": true,
|
||||
"key": {
|
||||
"uuid": "8fd91534_eea4ff40",
|
||||
"filename": "specs/caracal/share_encryption.rst",
|
||||
"patchSetId": 4
|
||||
},
|
||||
"lineNbr": 82,
|
||||
"author": {
|
||||
"id": 18816
|
||||
},
|
||||
"writtenOn": "2024-01-17T12:46:51Z",
|
||||
"side": 1,
|
||||
"message": "That is a detail of driver implementation. \nThe driver can decide wether the maybe already existing encryption satisfies the ask to encrypt or if it needs to do something, e.g. re-encrypt with a new key.",
|
||||
"parentUuid": "d2ef7c74_37cd18f8",
|
||||
"revId": "7e375d234c48fb3e6c33584ea12452ec0e29ee60",
|
||||
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
|
||||
},
|
||||
{
|
||||
"unresolved": true,
|
||||
"key": {
|
||||
|
@ -176,6 +194,30 @@
|
|||
"revId": "7e375d234c48fb3e6c33584ea12452ec0e29ee60",
|
||||
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
|
||||
},
|
||||
{
|
||||
"unresolved": true,
|
||||
"key": {
|
||||
"uuid": "8cfbec2c_53fa60e8",
|
||||
"filename": "specs/caracal/share_encryption.rst",
|
||||
"patchSetId": 4
|
||||
},
|
||||
"lineNbr": 168,
|
||||
"author": {
|
||||
"id": 18816
|
||||
},
|
||||
"writtenOn": "2024-01-17T12:46:51Z",
|
||||
"side": 1,
|
||||
"message": "I\u0027m very much in favor of keeping the UX close to cinder, that means not having an additional command.\n\nSee https://docs.openstack.org/python-openstackclient/latest/cli/command-objects/volume-type.html",
|
||||
"parentUuid": "eae10362_e71563ba",
|
||||
"range": {
|
||||
"startLine": 163,
|
||||
"startChar": 2,
|
||||
"endLine": 168,
|
||||
"endChar": 69
|
||||
},
|
||||
"revId": "7e375d234c48fb3e6c33584ea12452ec0e29ee60",
|
||||
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
|
||||
},
|
||||
{
|
||||
"unresolved": true,
|
||||
"key": {
|
||||
|
@ -222,6 +264,30 @@
|
|||
"revId": "7e375d234c48fb3e6c33584ea12452ec0e29ee60",
|
||||
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
|
||||
},
|
||||
{
|
||||
"unresolved": true,
|
||||
"key": {
|
||||
"uuid": "35af1d02_a09f6561",
|
||||
"filename": "specs/caracal/share_encryption.rst",
|
||||
"patchSetId": 4
|
||||
},
|
||||
"lineNbr": 183,
|
||||
"author": {
|
||||
"id": 18816
|
||||
},
|
||||
"writtenOn": "2024-01-17T12:46:51Z",
|
||||
"side": 1,
|
||||
"message": "For cinder there is no additional command or am I missing something?\nTo update the encryption options, those have to be set with `openstack volume type set`\n\nhttps://docs.openstack.org/python-openstackclient/latest/cli/command-objects/volume-type.html#volume-type-set",
|
||||
"parentUuid": "3f4a961f_e1973be7",
|
||||
"range": {
|
||||
"startLine": 179,
|
||||
"startChar": 0,
|
||||
"endLine": 183,
|
||||
"endChar": 37
|
||||
},
|
||||
"revId": "7e375d234c48fb3e6c33584ea12452ec0e29ee60",
|
||||
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
|
||||
},
|
||||
{
|
||||
"unresolved": true,
|
||||
"key": {
|
||||
|
@ -378,6 +444,24 @@
|
|||
"revId": "7e375d234c48fb3e6c33584ea12452ec0e29ee60",
|
||||
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
|
||||
},
|
||||
{
|
||||
"unresolved": true,
|
||||
"key": {
|
||||
"uuid": "0f8baeae_8d0b17fb",
|
||||
"filename": "specs/caracal/share_encryption.rst",
|
||||
"patchSetId": 4
|
||||
},
|
||||
"lineNbr": 306,
|
||||
"author": {
|
||||
"id": 18816
|
||||
},
|
||||
"writtenOn": "2024-01-17T12:46:51Z",
|
||||
"side": 1,
|
||||
"message": "There are use-cases where shares in the same share server should not use the same key, hence I think it is best to go with single share encryption first.\n\nAny grouping (either via share groups or at share server level) to optimize certain setups, can be added in a future implementation, I think.",
|
||||
"parentUuid": "65aca70d_df25af72",
|
||||
"revId": "7e375d234c48fb3e6c33584ea12452ec0e29ee60",
|
||||
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
|
||||
},
|
||||
{
|
||||
"unresolved": true,
|
||||
"key": {
|
||||
|
@ -400,6 +484,30 @@
|
|||
},
|
||||
"revId": "7e375d234c48fb3e6c33584ea12452ec0e29ee60",
|
||||
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
|
||||
},
|
||||
{
|
||||
"unresolved": true,
|
||||
"key": {
|
||||
"uuid": "d2fb1fa0_f9890dd7",
|
||||
"filename": "specs/caracal/share_encryption.rst",
|
||||
"patchSetId": 4
|
||||
},
|
||||
"lineNbr": 330,
|
||||
"author": {
|
||||
"id": 18816
|
||||
},
|
||||
"writtenOn": "2024-01-17T12:46:51Z",
|
||||
"side": 1,
|
||||
"message": "I agree",
|
||||
"parentUuid": "b299aa27_76186dd7",
|
||||
"range": {
|
||||
"startLine": 330,
|
||||
"startChar": 3,
|
||||
"endLine": 330,
|
||||
"endChar": 35
|
||||
},
|
||||
"revId": "7e375d234c48fb3e6c33584ea12452ec0e29ee60",
|
||||
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
|
||||
}
|
||||
]
|
||||
}
|
Loading…
Reference in New Issue