)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"919ae90a33ec40cd944fdb0c22d7b0781f69be90","unresolved":true,"context_lines":[{"line_number":4,"context_line":"Commit:     Steve Baker \u003csbaker@redhat.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2022-06-10 16:23:16 +1200"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Align ironic driver with libvirt secure boot enable"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Currently, flavor extra_specs are passed directly through to the"},{"line_number":10,"context_line":"ironic node capabilities, so secure boot is enabled by setting"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"08348ed5_36e0c76c","line":7,"updated":"2022-06-11 01:24:28.000000000","message":"by the way the hyperv driver was the first to support secureboot using os:secure_boot\n\nwhen we added secure boot support to the libvirt driver we chose to reuse the same flavor and image properties that hyperv already used so this isnt libvirt specific.\n\nwe intentionally used os:secure_boot so that end users did not need to care if it was hyperv libvirt or now ironic.\n\nso you are not really alinging with the libvirt driver but rather the standared trait which we have codifed in our flavor validateion code.\n\nall standard extra specs supported by intree drviers should have a validator in \nhttps://github.com/openstack/nova/tree/master/nova/api/validation/extra_specs\n\nand all unnamespaced extra spec should be deprecated and aliased with a namespaced version.\n\ndoes ironic have any other setting like this one that you are just passing striat though because techincally speceing every time you and an extra specs you are ment to have a specless blueprint and or a spec for the feature.\n\nso ironic should not use the extra specs as an opaque bag of string that are directly passthough to ironic.\n\nwhile adding extra specs is not considered a microversion bump its still a non versioned api change so they should still be reviewed via a spec or specless blueprint to try and fined extra specs that are portable across drivers.","commit_id":"642145cf390d857909ce89894a84741190931220"},{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"9b5534dd1a437bed643e405a01c8cbf6872bf3a4","unresolved":true,"context_lines":[{"line_number":4,"context_line":"Commit:     Steve Baker \u003csbaker@redhat.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2022-06-10 16:23:16 +1200"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Align ironic driver with libvirt secure boot enable"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Currently, flavor extra_specs are passed directly through to the"},{"line_number":10,"context_line":"ironic node capabilities, so secure boot is enabled by setting"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"98dfafcc_8580552e","line":7,"in_reply_to":"08348ed5_36e0c76c","updated":"2022-06-16 02:06:47.000000000","message":"\u003e all standard extra specs supported by intree drviers should have a validator in \n\u003e https://github.com/openstack/nova/tree/master/nova/api/validation/extra_specs\n\u003e \n\u003e and all unnamespaced extra spec should be deprecated and aliased with a namespaced version.\n\u003e\n\u003e does ironic have any other setting like this one that you are just passing striat though because techincally speceing every time you and an extra specs you are ment to have a specless blueprint and or a spec for the feature.\n\u003e \n\u003e so ironic should not use the extra specs as an opaque bag of string that are directly passthough to ironic.\n\nThe good news is all ironic extra specs are namespaced (capabilities and traits). However it looks like there is very little extra_specs validator coverage. Some of the documented capabilities[1] would be generic enough to add a validator in a follow-up I think.\n\n[1] https://paste.openstack.org/show/bDjVXAxiSb1tWqJlLuoz/\n\n\u003e while adding extra specs is not considered a microversion bump its still a non versioned api change so they should still be reviewed via a spec or specless blueprint to try and fined extra specs that are portable across drivers.\n\nDone: https://blueprints.launchpad.net/nova/+spec/secure-boot-ironic","commit_id":"642145cf390d857909ce89894a84741190931220"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"4031d4ddce5b0c75d3b09c643a830290250830cd","unresolved":false,"context_lines":[{"line_number":4,"context_line":"Commit:     Steve Baker \u003csbaker@redhat.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2022-06-10 16:23:16 +1200"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Align ironic driver with libvirt secure boot enable"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Currently, flavor extra_specs are passed directly through to the"},{"line_number":10,"context_line":"ironic node capabilities, so secure boot is enabled by setting"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"2e30b4b1_cdc68c8c","line":7,"in_reply_to":"98dfafcc_8580552e","updated":"2022-06-16 02:26:50.000000000","message":"Ack","commit_id":"642145cf390d857909ce89894a84741190931220"},{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"9b5534dd1a437bed643e405a01c8cbf6872bf3a4","unresolved":true,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Align ironic driver with libvirt secure boot enable"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Currently, flavor extra_specs are passed directly through to the"},{"line_number":10,"context_line":"ironic node capabilities, so secure boot is enabled by setting"},{"line_number":11,"context_line":"extra_specs secure_boot\u003dtrue."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"This means that there is a divergence in the interfaces between"},{"line_number":14,"context_line":"libvirt and ironic drivers for how to enable secure boot via flavor"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"043c1516_2d1b894b","line":11,"range":{"start_line":9,"start_character":0,"end_line":11,"end_character":29},"updated":"2022-06-16 02:06:47.000000000","message":"This is inaccurate, the \"capabilities\" and \"traits\" namespaces are passed on to ironic capabilities and traits\n\nSo secure boot is currently set with:\nextra_specs capabilities:secure_boot\u003dtrue","commit_id":"642145cf390d857909ce89894a84741190931220"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"4031d4ddce5b0c75d3b09c643a830290250830cd","unresolved":false,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Align ironic driver with libvirt secure boot enable"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Currently, flavor extra_specs are passed directly through to the"},{"line_number":10,"context_line":"ironic node capabilities, so secure boot is enabled by setting"},{"line_number":11,"context_line":"extra_specs secure_boot\u003dtrue."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"This means that there is a divergence in the interfaces between"},{"line_number":14,"context_line":"libvirt and ironic drivers for how to enable secure boot via flavor"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"41d23f75_42c32eba","line":11,"range":{"start_line":9,"start_character":0,"end_line":11,"end_character":29},"in_reply_to":"043c1516_2d1b894b","updated":"2022-06-16 02:26:50.000000000","message":"Ack","commit_id":"642145cf390d857909ce89894a84741190931220"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"90983c26daa7d3dd6f6df3de270bcfa75eddce2e","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"5be5ec91_1eb7eeb5","updated":"2022-06-01 08:29:40.000000000","message":"A release note would be nice.","commit_id":"ed6e65a0cfc1117a48f9a9ac4e81c6a261b63746"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"64406e0246c5d9aa17effefa1516e5fcd3010227","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"733eaeed_80a8cf31","updated":"2022-06-01 08:30:58.000000000","message":"recheck unrelated greenlet bug","commit_id":"ed6e65a0cfc1117a48f9a9ac4e81c6a261b63746"},{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"22ff8f7f967aedf72f42efc8e8fee8380bd900bd","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"212779ba_42fe8775","in_reply_to":"5be5ec91_1eb7eeb5","updated":"2022-06-10 04:53:41.000000000","message":"Done","commit_id":"ed6e65a0cfc1117a48f9a9ac4e81c6a261b63746"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"2b775dbb8503b7611ea9314cba949eb43ceac4fb","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"8660fd55_fa35e9c9","updated":"2022-06-11 01:09:17.000000000","message":"strictly speaking this is a mini feature so it should have a specless bluepirnt.\ni have added it to my review queue and ill try and take a look on monday but perhaps we should discuss this on tuesday at the team meeting.\n\ngiven this will mena ironic an move away form using non namespaced flaovr extra specs for this usecase im supportive of doing this as using secure_boot\u003dture will cause issues with filtering depening on which filters you have enabled.\n\nnote that ironci should also be enforcing that the firmeware _type is set to uefi too.\n\nthat is requested sepereatly.\n","commit_id":"642145cf390d857909ce89894a84741190931220"},{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"9b5534dd1a437bed643e405a01c8cbf6872bf3a4","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"9d40e668_6e66c2ad","in_reply_to":"8660fd55_fa35e9c9","updated":"2022-06-16 02:06:47.000000000","message":"\u003e strictly speaking this is a mini feature so it should have a specless bluepirnt.\n\u003e i have added it to my review queue and ill try and take a look on monday but perhaps we should discuss this on tuesday at the team meeting.\n\nDone: https://blueprints.launchpad.net/nova/+spec/secure-boot-ironic\n\n\u003e note that ironci should also be enforcing that the firmeware _type is set to uefi too.\n\u003e \n\u003e that is requested sepereatly.\n\nack","commit_id":"642145cf390d857909ce89894a84741190931220"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"4031d4ddce5b0c75d3b09c643a830290250830cd","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"9a96323b_2cc9f82f","updated":"2022-06-16 02:26:50.000000000","message":"i think im pretty happy with this. validators can always be added later\nfor standared capabliteis fi they exist. that would be a seperate patch.\nthe capabilities namespace is technially reserved for the compute capabilities filter and has\narbitray keys that can be defined by opertators so i dont think we can really enhacne it to validate a specifcic set.\n\nironic i guess is overloading that namespace as capablity extra specs were intended only for schduling and for performaince any configuration. i.e. having a capability extra spec out side of ironic usage should have no sideffect outside sechduling to a host.\n\nhttps://github.com/openstack/nova/blob/master/nova/scheduler/filters/compute_capabilities_filter.py\n\nfrom a nova api point of view these are the only vlaid capablity extra specs\nhttps://github.com/openstack/nova/blob/master/nova/api/validation/extra_specs/capabilities.py#L58-L91\n\n\ntrait validation cant really be enhanced either beyond what we currently have\nhttps://github.com/openstack/nova/blob/master/nova/api/validation/extra_specs/traits.py\n\nwe likely should figure out how to move all ironic traits to and ironic namespace going forward to break the overloading fo the capabilities namespace.\n","commit_id":"0c44a73717655306048de8c4bd5e49752a6a7544"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"485f1efc0e5db5709555b2ff5520a1d193707ab2","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"5bc8c83a_9b995582","updated":"2022-07-20 18:17:10.000000000","message":"recheck unrelated job failures no logs","commit_id":"0c44a73717655306048de8c4bd5e49752a6a7544"}],"releasenotes/notes/ironic-secure-boot-849e66663fec5770.yaml":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"919ae90a33ec40cd944fdb0c22d7b0781f69be90","unresolved":true,"context_lines":[{"line_number":10,"context_line":""},{"line_number":11,"context_line":"    The flavor extra_specs are passed directly through to the ironic node"},{"line_number":12,"context_line":"    capabilities, so flavor extra_specs secure_boot\u003dtrue continues to be"},{"line_number":13,"context_line":"    supported."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"23bda22e_5c6c0797","line":13,"updated":"2022-06-11 01:24:28.000000000","message":"nit\n\nthat is only true when not using both the capablity filter and aggreateFlavorEtraspecs filter.\n\nif you have both enabled you cannot use any unnamespaced extra specs.\n\noperators are also stongly discuraged form adding unnamespaced custom extra specs for schdulign and virt drviers should alais any unnamespaced extra specs they currently have with namespaced versions like is bing done here.","commit_id":"642145cf390d857909ce89894a84741190931220"},{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"9b5534dd1a437bed643e405a01c8cbf6872bf3a4","unresolved":true,"context_lines":[{"line_number":10,"context_line":""},{"line_number":11,"context_line":"    The flavor extra_specs are passed directly through to the ironic node"},{"line_number":12,"context_line":"    capabilities, so flavor extra_specs secure_boot\u003dtrue continues to be"},{"line_number":13,"context_line":"    supported."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"422b76d6_f40ee3a1","line":13,"in_reply_to":"23bda22e_5c6c0797","updated":"2022-06-16 02:06:47.000000000","message":"What I wrote isn\u0027t accurate, the capabilities: namespace is passed through to the ironic node capabilities, I\u0027ll fix","commit_id":"642145cf390d857909ce89894a84741190931220"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"4031d4ddce5b0c75d3b09c643a830290250830cd","unresolved":false,"context_lines":[{"line_number":10,"context_line":""},{"line_number":11,"context_line":"    The flavor extra_specs are passed directly through to the ironic node"},{"line_number":12,"context_line":"    capabilities, so flavor extra_specs secure_boot\u003dtrue continues to be"},{"line_number":13,"context_line":"    supported."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"028bbe2e_a81808d0","line":13,"in_reply_to":"422b76d6_f40ee3a1","updated":"2022-06-16 02:26:50.000000000","message":"Ack","commit_id":"642145cf390d857909ce89894a84741190931220"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"485f1efc0e5db5709555b2ff5520a1d193707ab2","unresolved":true,"context_lines":[{"line_number":5,"context_line":"    as other drivers (flavor extra-specs os:secure_boot and image property"},{"line_number":6,"context_line":"    os_secure_boot). The values \u0027required\u0027 and \u0027optional\u0027 are both mapped to"},{"line_number":7,"context_line":"    ironic capabilities secure_boot\u003dtrue, which is just a signalling of intent"},{"line_number":8,"context_line":"    anyway, since not all hardware (or node management drivers) support setting"},{"line_number":9,"context_line":"    secure boot via API."},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"    Values in the flavor extra_specs capabilities namespace are passed through"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"8d40d585_04fc9299","line":8,"range":{"start_line":8,"start_character":4,"end_line":8,"end_character":11},"updated":"2022-07-20 18:17:10.000000000","message":"I catch myself on \"anyway,\". I think that would be good to remove since it is not needed for the overall sentence to make sense.","commit_id":"0c44a73717655306048de8c4bd5e49752a6a7544"}]}