From e98d005ee75ca348729f7d46ddd50b538bd96cbd Mon Sep 17 00:00:00 2001
From: Gerrit User 18816 <18816@4a232e18-c5a9-48ee-94c0-e04e7cca6543>
Date: Wed, 17 Jan 2024 12:46:51 +0000
Subject: [PATCH] Update patch set 5

Patch Set 5:

(7 comments)

Patch-set: 5
Attention: {"person_ident":"Gerrit User 18816 \u003c18816@4a232e18-c5a9-48ee-94c0-e04e7cca6543\u003e","operation":"REMOVE","reason":"\u003cGERRIT_ACCOUNT_18816\u003e replied on the change"}
Attention: {"person_ident":"Gerrit User 29632 \u003c29632@4a232e18-c5a9-48ee-94c0-e04e7cca6543\u003e","operation":"ADD","reason":"\u003cGERRIT_ACCOUNT_18816\u003e replied on the change"}
---
 7073bfe6e2eb52a56586b4e46ad0506d84f9e6fc |  35 ++++++++
 7e375d234c48fb3e6c33584ea12452ec0e29ee60 | 108 +++++++++++++++++++++++
 2 files changed, 143 insertions(+)

diff --git a/7073bfe6e2eb52a56586b4e46ad0506d84f9e6fc b/7073bfe6e2eb52a56586b4e46ad0506d84f9e6fc
index f0d4413..66a578c 100644
--- a/7073bfe6e2eb52a56586b4e46ad0506d84f9e6fc
+++ b/7073bfe6e2eb52a56586b4e46ad0506d84f9e6fc
@@ -17,6 +17,23 @@
       "revId": "7073bfe6e2eb52a56586b4e46ad0506d84f9e6fc",
       "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
     },
+    {
+      "unresolved": false,
+      "key": {
+        "uuid": "20368812_36ba28e5",
+        "filename": "/PATCHSET_LEVEL",
+        "patchSetId": 5
+      },
+      "lineNbr": 0,
+      "author": {
+        "id": 18816
+      },
+      "writtenOn": "2024-01-17T12:46:51Z",
+      "side": 1,
+      "message": "Thanks for the work and the feedback, see my comments inline",
+      "revId": "7073bfe6e2eb52a56586b4e46ad0506d84f9e6fc",
+      "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
+    },
     {
       "unresolved": true,
       "key": {
@@ -34,6 +51,24 @@
       "revId": "7073bfe6e2eb52a56586b4e46ad0506d84f9e6fc",
       "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
     },
+    {
+      "unresolved": true,
+      "key": {
+        "uuid": "b139dc06_c124914e",
+        "filename": "specs/caracal/share_encryption.rst",
+        "patchSetId": 5
+      },
+      "lineNbr": 3,
+      "author": {
+        "id": 18816
+      },
+      "writtenOn": "2024-01-17T12:46:51Z",
+      "side": 1,
+      "message": "Good questions. I\u0027ll add my thoughts:\n\nre 1: I think unmanage would need to make sure that the user, who sends that command has access to the key, too. But I would be also fine with the safe approach in not allowing to unmanage such shares.\nre 2: same like 1, I think. But with a higher tendency to not allow this because of complexity. I don\u0027t know if barbican even has a concept of transferring a key?\nre 3: not all backup targets may support this, depends on the driver, I think.\nre 4: I can imagine that snapshots simply can re-use the encryption key of the parent. Snapshots anyhow have a strong tie to the parent object.",
+      "parentUuid": "df7e1454_2c0c1422",
+      "revId": "7073bfe6e2eb52a56586b4e46ad0506d84f9e6fc",
+      "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
+    },
     {
       "unresolved": true,
       "key": {
diff --git a/7e375d234c48fb3e6c33584ea12452ec0e29ee60 b/7e375d234c48fb3e6c33584ea12452ec0e29ee60
index caef650..b0c1aeb 100644
--- a/7e375d234c48fb3e6c33584ea12452ec0e29ee60
+++ b/7e375d234c48fb3e6c33584ea12452ec0e29ee60
@@ -105,6 +105,24 @@
       "revId": "7e375d234c48fb3e6c33584ea12452ec0e29ee60",
       "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
     },
+    {
+      "unresolved": true,
+      "key": {
+        "uuid": "8fd91534_eea4ff40",
+        "filename": "specs/caracal/share_encryption.rst",
+        "patchSetId": 4
+      },
+      "lineNbr": 82,
+      "author": {
+        "id": 18816
+      },
+      "writtenOn": "2024-01-17T12:46:51Z",
+      "side": 1,
+      "message": "That is a detail of driver implementation. \nThe driver can decide wether the maybe already existing encryption satisfies the ask to encrypt or if it needs to do something, e.g. re-encrypt with a new key.",
+      "parentUuid": "d2ef7c74_37cd18f8",
+      "revId": "7e375d234c48fb3e6c33584ea12452ec0e29ee60",
+      "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
+    },
     {
       "unresolved": true,
       "key": {
@@ -176,6 +194,30 @@
       "revId": "7e375d234c48fb3e6c33584ea12452ec0e29ee60",
       "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
     },
+    {
+      "unresolved": true,
+      "key": {
+        "uuid": "8cfbec2c_53fa60e8",
+        "filename": "specs/caracal/share_encryption.rst",
+        "patchSetId": 4
+      },
+      "lineNbr": 168,
+      "author": {
+        "id": 18816
+      },
+      "writtenOn": "2024-01-17T12:46:51Z",
+      "side": 1,
+      "message": "I\u0027m very much in favor of keeping the UX close to cinder, that means not having an additional command.\n\nSee https://docs.openstack.org/python-openstackclient/latest/cli/command-objects/volume-type.html",
+      "parentUuid": "eae10362_e71563ba",
+      "range": {
+        "startLine": 163,
+        "startChar": 2,
+        "endLine": 168,
+        "endChar": 69
+      },
+      "revId": "7e375d234c48fb3e6c33584ea12452ec0e29ee60",
+      "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
+    },
     {
       "unresolved": true,
       "key": {
@@ -222,6 +264,30 @@
       "revId": "7e375d234c48fb3e6c33584ea12452ec0e29ee60",
       "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
     },
+    {
+      "unresolved": true,
+      "key": {
+        "uuid": "35af1d02_a09f6561",
+        "filename": "specs/caracal/share_encryption.rst",
+        "patchSetId": 4
+      },
+      "lineNbr": 183,
+      "author": {
+        "id": 18816
+      },
+      "writtenOn": "2024-01-17T12:46:51Z",
+      "side": 1,
+      "message": "For cinder there is no additional command or am I missing something?\nTo update the encryption options, those have to be set with `openstack volume type set`\n\nhttps://docs.openstack.org/python-openstackclient/latest/cli/command-objects/volume-type.html#volume-type-set",
+      "parentUuid": "3f4a961f_e1973be7",
+      "range": {
+        "startLine": 179,
+        "startChar": 0,
+        "endLine": 183,
+        "endChar": 37
+      },
+      "revId": "7e375d234c48fb3e6c33584ea12452ec0e29ee60",
+      "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
+    },
     {
       "unresolved": true,
       "key": {
@@ -378,6 +444,24 @@
       "revId": "7e375d234c48fb3e6c33584ea12452ec0e29ee60",
       "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
     },
+    {
+      "unresolved": true,
+      "key": {
+        "uuid": "0f8baeae_8d0b17fb",
+        "filename": "specs/caracal/share_encryption.rst",
+        "patchSetId": 4
+      },
+      "lineNbr": 306,
+      "author": {
+        "id": 18816
+      },
+      "writtenOn": "2024-01-17T12:46:51Z",
+      "side": 1,
+      "message": "There are use-cases where shares in the same share server should not use the same key, hence I think it is best to go with single share encryption first.\n\nAny grouping (either via share groups or at share server level) to optimize certain setups, can be added in a future implementation, I think.",
+      "parentUuid": "65aca70d_df25af72",
+      "revId": "7e375d234c48fb3e6c33584ea12452ec0e29ee60",
+      "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
+    },
     {
       "unresolved": true,
       "key": {
@@ -400,6 +484,30 @@
       },
       "revId": "7e375d234c48fb3e6c33584ea12452ec0e29ee60",
       "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
+    },
+    {
+      "unresolved": true,
+      "key": {
+        "uuid": "d2fb1fa0_f9890dd7",
+        "filename": "specs/caracal/share_encryption.rst",
+        "patchSetId": 4
+      },
+      "lineNbr": 330,
+      "author": {
+        "id": 18816
+      },
+      "writtenOn": "2024-01-17T12:46:51Z",
+      "side": 1,
+      "message": "I agree",
+      "parentUuid": "b299aa27_76186dd7",
+      "range": {
+        "startLine": 330,
+        "startChar": 3,
+        "endLine": 330,
+        "endChar": 35
+      },
+      "revId": "7e375d234c48fb3e6c33584ea12452ec0e29ee60",
+      "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
     }
   ]
 }
\ No newline at end of file