)]}'
{"releasenotes/notes/bp-barbican-secret-deletion-support-40cffa5ffa33447e.yaml":[{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"d62caf0659ea9edf9d367fa63f0a7ef8ede030aa","unresolved":false,"context_lines":[{"line_number":13,"context_line":""},{"line_number":14,"context_line":"    * An image created by the Block Storage service will have these properties"},{"line_number":15,"context_line":"      set automatically, with the deletion policy set to ``on_image_deletion``."},{"line_number":16,"context_line":"    * The Block Storage service *always* creates a new encryption key when it"},{"line_number":17,"context_line":"      uploads a volume as an image, keeping a 1-1 relation between each key"},{"line_number":18,"context_line":"      stored in the Key Management Service and each image of an encrypted"},{"line_number":19,"context_line":"      volume stored in Glance.  Thus, deleting the encryption key *at the time"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"5faad753_b7ae26e5","line":16,"range":{"start_line":16,"start_character":51,"end_line":16,"end_character":54},"updated":"2019-09-09 13:10:08.000000000","message":"\"copy of\"","commit_id":"f365fa4a830d36df11727be319d19890da442107"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"ccc2a3b400b648256035ede08035899aadb1c7c2","unresolved":false,"context_lines":[{"line_number":13,"context_line":""},{"line_number":14,"context_line":"    * An image created by the Block Storage service will have these properties"},{"line_number":15,"context_line":"      set automatically, with the deletion policy set to ``on_image_deletion``."},{"line_number":16,"context_line":"    * The Block Storage service *always* creates a new encryption key when it"},{"line_number":17,"context_line":"      uploads a volume as an image, keeping a 1-1 relation between each key"},{"line_number":18,"context_line":"      stored in the Key Management Service and each image of an encrypted"},{"line_number":19,"context_line":"      volume stored in Glance.  Thus, deleting the encryption key *at the time"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"5faad753_299cdcbe","line":16,"range":{"start_line":16,"start_character":51,"end_line":16,"end_character":54},"in_reply_to":"5faad753_b7ae26e5","updated":"2019-09-11 22:01:01.000000000","message":"Volumes are re-keyed in Train, so it\u0027s not a copy anymore.  Also, Cinder has never guaranteed key re-use (it was just an artifact of the implementation).","commit_id":"f365fa4a830d36df11727be319d19890da442107"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"d62caf0659ea9edf9d367fa63f0a7ef8ede030aa","unresolved":false,"context_lines":[{"line_number":14,"context_line":"    * An image created by the Block Storage service will have these properties"},{"line_number":15,"context_line":"      set automatically, with the deletion policy set to ``on_image_deletion``."},{"line_number":16,"context_line":"    * The Block Storage service *always* creates a new encryption key when it"},{"line_number":17,"context_line":"      uploads a volume as an image, keeping a 1-1 relation between each key"},{"line_number":18,"context_line":"      stored in the Key Management Service and each image of an encrypted"},{"line_number":19,"context_line":"      volume stored in Glance.  Thus, deleting the encryption key *at the time"},{"line_number":20,"context_line":"      when the image is deleted* will not cause data loss *as long as a user is"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"5faad753_172dba42","line":17,"range":{"start_line":17,"start_character":72,"end_line":17,"end_character":75},"updated":"2019-09-09 13:10:08.000000000","message":"Maybe \"key instance\" or \"key ID\"?","commit_id":"f365fa4a830d36df11727be319d19890da442107"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"ccc2a3b400b648256035ede08035899aadb1c7c2","unresolved":false,"context_lines":[{"line_number":14,"context_line":"    * An image created by the Block Storage service will have these properties"},{"line_number":15,"context_line":"      set automatically, with the deletion policy set to ``on_image_deletion``."},{"line_number":16,"context_line":"    * The Block Storage service *always* creates a new encryption key when it"},{"line_number":17,"context_line":"      uploads a volume as an image, keeping a 1-1 relation between each key"},{"line_number":18,"context_line":"      stored in the Key Management Service and each image of an encrypted"},{"line_number":19,"context_line":"      volume stored in Glance.  Thus, deleting the encryption key *at the time"},{"line_number":20,"context_line":"      when the image is deleted* will not cause data loss *as long as a user is"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"5faad753_ceeae5aa","line":17,"range":{"start_line":17,"start_character":72,"end_line":17,"end_character":75},"in_reply_to":"5faad753_172dba42","updated":"2019-09-11 22:01:01.000000000","message":"I\u0027ll rephrase in terms of Barbican \"secrets\" (which are what Barbican calls the entities it stores).","commit_id":"f365fa4a830d36df11727be319d19890da442107"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"d62caf0659ea9edf9d367fa63f0a7ef8ede030aa","unresolved":false,"context_lines":[{"line_number":18,"context_line":"      stored in the Key Management Service and each image of an encrypted"},{"line_number":19,"context_line":"      volume stored in Glance.  Thus, deleting the encryption key *at the time"},{"line_number":20,"context_line":"      when the image is deleted* will not cause data loss *as long as a user is"},{"line_number":21,"context_line":"      not using the key in a nonstandard way*."},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"      * A key is being used in a nonstandard way if some service or user other"},{"line_number":24,"context_line":"        than the Block Storage service is involved in any way in using the key."}],"source_content_type":"text/x-yaml","patch_set":3,"id":"5faad753_77918e99","line":21,"range":{"start_line":21,"start_character":24,"end_line":21,"end_character":44},"updated":"2019-09-09 13:10:08.000000000","message":"Perhaps \"ID associated for anything else\", This gives perception that the key would somehow be unique, which is not in Cinder\u0027s case as it\u0027s copied all over the place in every action. As in Crypto key vs. key instance in barbican.","commit_id":"f365fa4a830d36df11727be319d19890da442107"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"ccc2a3b400b648256035ede08035899aadb1c7c2","unresolved":false,"context_lines":[{"line_number":18,"context_line":"      stored in the Key Management Service and each image of an encrypted"},{"line_number":19,"context_line":"      volume stored in Glance.  Thus, deleting the encryption key *at the time"},{"line_number":20,"context_line":"      when the image is deleted* will not cause data loss *as long as a user is"},{"line_number":21,"context_line":"      not using the key in a nonstandard way*."},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"      * A key is being used in a nonstandard way if some service or user other"},{"line_number":24,"context_line":"        than the Block Storage service is involved in any way in using the key."}],"source_content_type":"text/x-yaml","patch_set":3,"id":"5faad753_0e0a3d89","line":21,"range":{"start_line":21,"start_character":24,"end_line":21,"end_character":44},"in_reply_to":"5faad753_77918e99","updated":"2019-09-11 22:01:01.000000000","message":"I\u0027ll rephrase in terms of secrets.  We also don\u0027t want to give the impression that the key is *not* unique, because that could raise false hopes of data recovery.","commit_id":"f365fa4a830d36df11727be319d19890da442107"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"d62caf0659ea9edf9d367fa63f0a7ef8ede030aa","unresolved":false,"context_lines":[{"line_number":20,"context_line":"      when the image is deleted* will not cause data loss *as long as a user is"},{"line_number":21,"context_line":"      not using the key in a nonstandard way*."},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"      * A key is being used in a nonstandard way if some service or user other"},{"line_number":24,"context_line":"        than the Block Storage service is involved in any way in using the key."},{"line_number":25,"context_line":"      * It is recommended that the ``cinder_encryption_key_*`` properties *not*"},{"line_number":26,"context_line":"        be used in a nonstandard way as this could lead to user data loss."},{"line_number":27,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":3,"id":"5faad753_17f85ae3","line":24,"range":{"start_line":23,"start_character":8,"end_line":24,"end_character":79},"updated":"2019-09-09 13:10:08.000000000","message":"above would get rid of this.","commit_id":"f365fa4a830d36df11727be319d19890da442107"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"ccc2a3b400b648256035ede08035899aadb1c7c2","unresolved":false,"context_lines":[{"line_number":20,"context_line":"      when the image is deleted* will not cause data loss *as long as a user is"},{"line_number":21,"context_line":"      not using the key in a nonstandard way*."},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"      * A key is being used in a nonstandard way if some service or user other"},{"line_number":24,"context_line":"        than the Block Storage service is involved in any way in using the key."},{"line_number":25,"context_line":"      * It is recommended that the ``cinder_encryption_key_*`` properties *not*"},{"line_number":26,"context_line":"        be used in a nonstandard way as this could lead to user data loss."},{"line_number":27,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":3,"id":"5faad753_8e3aad31","line":24,"range":{"start_line":23,"start_character":8,"end_line":24,"end_character":79},"in_reply_to":"5faad753_17f85ae3","updated":"2019-09-11 22:01:01.000000000","message":"I\u0027ll see how the rewrite goes.  The key point is that you should let the \u0027cinder_*\u0027 metadata be managed automatically; if a user chooses to mess with them, all bets are off.","commit_id":"f365fa4a830d36df11727be319d19890da442107"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"d62caf0659ea9edf9d367fa63f0a7ef8ede030aa","unresolved":false,"context_lines":[{"line_number":22,"context_line":""},{"line_number":23,"context_line":"      * A key is being used in a nonstandard way if some service or user other"},{"line_number":24,"context_line":"        than the Block Storage service is involved in any way in using the key."},{"line_number":25,"context_line":"      * It is recommended that the ``cinder_encryption_key_*`` properties *not*"},{"line_number":26,"context_line":"        be used in a nonstandard way as this could lead to user data loss."},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"    * If the ``cinder_encryption_key_deletion_policy`` image property is"},{"line_number":29,"context_line":"      missing or has any value other than ``on_image_deletion``, Glance will"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"5faad753_573c9292","line":26,"range":{"start_line":25,"start_character":74,"end_line":26,"end_character":10},"updated":"2019-09-09 13:10:08.000000000","message":"Sounds weird, perhaps \"are *not* been\"?","commit_id":"f365fa4a830d36df11727be319d19890da442107"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"ccc2a3b400b648256035ede08035899aadb1c7c2","unresolved":false,"context_lines":[{"line_number":22,"context_line":""},{"line_number":23,"context_line":"      * A key is being used in a nonstandard way if some service or user other"},{"line_number":24,"context_line":"        than the Block Storage service is involved in any way in using the key."},{"line_number":25,"context_line":"      * It is recommended that the ``cinder_encryption_key_*`` properties *not*"},{"line_number":26,"context_line":"        be used in a nonstandard way as this could lead to user data loss."},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"    * If the ``cinder_encryption_key_deletion_policy`` image property is"},{"line_number":29,"context_line":"      missing or has any value other than ``on_image_deletion``, Glance will"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"5faad753_ee1481a2","line":26,"range":{"start_line":25,"start_character":74,"end_line":26,"end_character":10},"in_reply_to":"5faad753_573c9292","updated":"2019-09-11 22:01:01.000000000","message":"Will rephrase.","commit_id":"f365fa4a830d36df11727be319d19890da442107"}]}