)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"57c0a7653df94dc6ab04ab4c9866251cad3c8814","unresolved":false,"context_lines":[{"line_number":3,"context_line":"AuthorDate: 2020-02-13 11:09:08 -0500"},{"line_number":4,"context_line":"Commit:     Brian Rosmaita \u003crosmaita.fossdev@gmail.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2020-02-17 08:07:15 -0500"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Reject boot request for unsupported images"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Nova has never supported direct booting of an image uploaded to Glance"},{"line_number":10,"context_line":"via the Cinder upload-volume-to-image process, but instead of rejecting"},{"line_number":11,"context_line":"the request, an \u0027active\u0027 but unusable instance was created.  This patch"},{"line_number":12,"context_line":"allows Nova to use image metadata to detect such an image and reject the"},{"line_number":13,"context_line":"boot request."},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"Additionally, this patch introduces absolutely non-inheritable image"},{"line_number":16,"context_line":"properties to address a situation that should no longer occur after the"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"3fa7e38b_0dde390f","line":13,"range":{"start_line":6,"start_character":0,"end_line":13,"end_character":13},"updated":"2020-02-17 14:16:44.000000000","message":"this seams to be a duplicate of \nhttps://review.opendev.org/#/c/707738/2","commit_id":"b58424b9bc803cd5afb3c83338bdf32f1bf38a3a"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"57c0a7653df94dc6ab04ab4c9866251cad3c8814","unresolved":false,"context_lines":[{"line_number":12,"context_line":"allows Nova to use image metadata to detect such an image and reject the"},{"line_number":13,"context_line":"boot request."},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"Additionally, this patch introduces absolutely non-inheritable image"},{"line_number":16,"context_line":"properties to address a situation that should no longer occur after the"},{"line_number":17,"context_line":"above fix, but which could be re-introduced by combination of"},{"line_number":18,"context_line":"misconfiguration of the non_inheritable_image_properties option and"},{"line_number":19,"context_line":"user snapshots of pre-Ussuri instances.  The image properties associated"},{"line_number":20,"context_line":"with cinder encryption keys and image signature validation are used"},{"line_number":21,"context_line":"to populate this list of absolutely non-inheritable image properties."},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"Change-Id: I4332b9c343b6c2b50226baa8f78396c2012dabd1"},{"line_number":24,"context_line":"Closes-bug: #1852106"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"3fa7e38b_8dd1c9fc","line":21,"range":{"start_line":15,"start_character":0,"end_line":21,"end_character":69},"updated":"2020-02-17 14:16:44.000000000","message":"i think this patch should only contain these changes\nand should be rebased on top of https://review.opendev.org/#/c/707738/2","commit_id":"b58424b9bc803cd5afb3c83338bdf32f1bf38a3a"}],"nova/compute/utils.py":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"2a184c2694e6452d72d42ce0ee2123e0bb7abebf","unresolved":false,"context_lines":[{"line_number":61,"context_line":"# does not make sense for them to be inherited by server snapshots."},{"line_number":62,"context_line":"# This list is distinct from the configuration option of the same"},{"line_number":63,"context_line":"# (lowercase) name."},{"line_number":64,"context_line":"NON_INHERITABLE_IMAGE_PROPERTIES \u003d frozenset(["},{"line_number":65,"context_line":"    \u0027cinder_encryption_key_id\u0027,"},{"line_number":66,"context_line":"    \u0027cinder_encryption_key_deletion_policy\u0027,"},{"line_number":67,"context_line":"    \u0027img_signature\u0027,"}],"source_content_type":"text/x-python","patch_set":3,"id":"3fa7e38b_303fb685","line":64,"range":{"start_line":64,"start_character":35,"end_line":64,"end_character":44},"updated":"2020-02-18 10:48:23.000000000","message":"nice use of frozenset","commit_id":"bc290840127c3179227a662584404f9c0178d588"}],"releasenotes/notes/absolutely-non-inheritable-image-properties-85f7f304fdc20b61.yaml":[{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"c0a5306f0f9dcd1d0d108dc4644652ddb0ff5601","unresolved":false,"context_lines":[{"line_number":5,"context_line":"    that was created by the Block Storage Service from an encrypted volume"},{"line_number":6,"context_line":"    resulted in the instance going ACTIVE but being unusable.  If a user then"},{"line_number":7,"context_line":"    performed the image-create action on such an instance, the new image would"},{"line_number":8,"context_line":"    inherit the ``cinder_encryption_key_id`` and (beginning with the Train"},{"line_number":9,"context_line":"    release) the ``cinder_encryption_key_deletion_policy`` image properties,"},{"line_number":10,"context_line":"    assuming these were not included in the"},{"line_number":11,"context_line":"    ``non_inheritable_image_properties`` configuration option.  (The default"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"3fa7e38b_8dfea905","line":8,"range":{"start_line":8,"start_character":69,"end_line":8,"end_character":74},"updated":"2020-02-17 14:57:34.000000000","message":"20.0.0 (Train)\n\n(here and elsewhere)","commit_id":"9b405a78fb40b858fa025ff0f201736c98cbbbcb"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"00632a8cb7db4e61e3ca22d474045189b59c362e","unresolved":false,"context_lines":[{"line_number":5,"context_line":"    that was created by the Block Storage Service from an encrypted volume"},{"line_number":6,"context_line":"    resulted in the instance going ACTIVE but being unusable.  If a user then"},{"line_number":7,"context_line":"    performed the image-create action on such an instance, the new image would"},{"line_number":8,"context_line":"    inherit the ``cinder_encryption_key_id`` and (beginning with the Train"},{"line_number":9,"context_line":"    release) the ``cinder_encryption_key_deletion_policy`` image properties,"},{"line_number":10,"context_line":"    assuming these were not included in the"},{"line_number":11,"context_line":"    ``non_inheritable_image_properties`` configuration option.  (The default"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"3fa7e38b_7891a9f6","line":8,"range":{"start_line":8,"start_character":69,"end_line":8,"end_character":74},"in_reply_to":"3fa7e38b_8dfea905","updated":"2020-02-17 15:14:42.000000000","message":"Done","commit_id":"9b405a78fb40b858fa025ff0f201736c98cbbbcb"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"c0a5306f0f9dcd1d0d108dc4644652ddb0ff5601","unresolved":false,"context_lines":[{"line_number":33,"context_line":"    experience.  To prevent that from happening, Nova now maintains an"},{"line_number":34,"context_line":"    internal list of image properties that are absolutely non-inheritable"},{"line_number":35,"context_line":"    regardless of the setting of the configuration option.  See the help"},{"line_number":36,"context_line":"    text for ``non_inheritable_image_properties`` in the sample Nova"},{"line_number":37,"context_line":"    configuration file for details."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"3fa7e38b_18ad15a4","line":36,"range":{"start_line":36,"start_character":64,"end_line":36,"end_character":68},"updated":"2020-02-17 14:57:34.000000000","message":"nova (https://docs.openstack.org/doc-contrib-guide/writing-style/openstack-components.html)","commit_id":"9b405a78fb40b858fa025ff0f201736c98cbbbcb"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"00632a8cb7db4e61e3ca22d474045189b59c362e","unresolved":false,"context_lines":[{"line_number":33,"context_line":"    experience.  To prevent that from happening, Nova now maintains an"},{"line_number":34,"context_line":"    internal list of image properties that are absolutely non-inheritable"},{"line_number":35,"context_line":"    regardless of the setting of the configuration option.  See the help"},{"line_number":36,"context_line":"    text for ``non_inheritable_image_properties`` in the sample Nova"},{"line_number":37,"context_line":"    configuration file for details."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"3fa7e38b_389b3117","line":36,"range":{"start_line":36,"start_character":64,"end_line":36,"end_character":68},"in_reply_to":"3fa7e38b_18ad15a4","updated":"2020-02-17 15:14:42.000000000","message":"Done","commit_id":"9b405a78fb40b858fa025ff0f201736c98cbbbcb"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"e69402fa019c473316dd34cb01f298aa30a1320a","unresolved":false,"context_lines":[{"line_number":15,"context_line":"    normal workflow of creating a volume from the image and booting an instance"},{"line_number":16,"context_line":"    from the volume.  Beginning with this release:"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"    * The Compute API will return a 400 (Bad Request) response to a request"},{"line_number":19,"context_line":"      to directly boot an image created from an encrypted volume."},{"line_number":20,"context_line":"    * The image properties ``cinder_encryption_key_id`` and"},{"line_number":21,"context_line":"      ``cinder_encryption_key_deletion_policy`` are absolutely non-inheritable"},{"line_number":22,"context_line":"      regardless of the ``non_inheritable_image_properties`` setting."}],"source_content_type":"text/x-yaml","patch_set":3,"id":"3fa7e38b_8853d06e","line":19,"range":{"start_line":18,"start_character":0,"end_line":19,"end_character":65},"updated":"2020-02-19 09:58:46.000000000","message":"Is this behavior implemented by the current patch?","commit_id":"bc290840127c3179227a662584404f9c0178d588"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"10c3f77b07d6a058ae22ecdc847491521fa8ebef","unresolved":false,"context_lines":[{"line_number":15,"context_line":"    normal workflow of creating a volume from the image and booting an instance"},{"line_number":16,"context_line":"    from the volume.  Beginning with this release:"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"    * The Compute API will return a 400 (Bad Request) response to a request"},{"line_number":19,"context_line":"      to directly boot an image created from an encrypted volume."},{"line_number":20,"context_line":"    * The image properties ``cinder_encryption_key_id`` and"},{"line_number":21,"context_line":"      ``cinder_encryption_key_deletion_policy`` are absolutely non-inheritable"},{"line_number":22,"context_line":"      regardless of the ``non_inheritable_image_properties`` setting."}],"source_content_type":"text/x-yaml","patch_set":3,"id":"3fa7e38b_48fb9848","line":19,"range":{"start_line":18,"start_character":0,"end_line":19,"end_character":65},"in_reply_to":"3fa7e38b_8853d06e","updated":"2020-02-19 10:00:47.000000000","message":"Nope, that was done in https://review.opendev.org/#/c/707738/\n\nIn hindsight, we should have added the reno in that change and updated it here, but that\u0027s merged now so no can do","commit_id":"bc290840127c3179227a662584404f9c0178d588"}]}