)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"5476fc34cfecb093f5d50d40b78d479a1b4f022c","unresolved":true,"context_lines":[{"line_number":4,"context_line":"Commit:     melanie witt \u003cmelwittt@gmail.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2024-02-11 20:52:14 +0000"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"WIP Support encrypted backing files for qcow2"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Related to blueprint ephemeral-encryption-libvirt"},{"line_number":10,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":8,"id":"dba28506_bc37ea9f","line":7,"updated":"2024-02-13 08:23:27.000000000","message":"so i have not tested this manually yet but i can when i start testing this again later.\n\n\nover all i guess the simplest way to test this is boot a vm that request encyption\nthen create a snap shot and boot a second vm form that.\n\ni have tested shelve/unshelve form the top of the seriese so that code path works i just have not tested spwaning form an encypted image out side fo the shelve code path.","commit_id":"7f8f0755eb94a1508f497b2ec1663c93a90ccc06"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"7523fdf03c17bc2709ca7052a4fc024abbcc7dc3","unresolved":false,"context_lines":[{"line_number":4,"context_line":"Commit:     melanie witt \u003cmelwittt@gmail.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2024-02-11 20:52:14 +0000"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"WIP Support encrypted backing files for qcow2"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Related to blueprint ephemeral-encryption-libvirt"},{"line_number":10,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":8,"id":"49d881ba_ad4a93b8","line":7,"in_reply_to":"dba28506_bc37ea9f","updated":"2024-02-23 12:30:03.000000000","message":"i tested creating a snapshot and then use that to boot a vm and it worked in a previous iteration so marking this as resolved.","commit_id":"7f8f0755eb94a1508f497b2ec1663c93a90ccc06"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"5476fc34cfecb093f5d50d40b78d479a1b4f022c","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":8,"id":"9e4d046f_3f8339af","updated":"2024-02-13 08:23:27.000000000","message":"i assume the WIP is becuse of the lack of functional tests.\nshelve/unshelve works form the top of the serices so this does appear to be code compelte hence +1","commit_id":"7f8f0755eb94a1508f497b2ec1663c93a90ccc06"},{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"029e0cf91d500c89d0e30300eb7ac2b9f23d1611","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":8,"id":"e6e47e2b_ea135da3","in_reply_to":"9e4d046f_3f8339af","updated":"2024-02-26 17:35:02.000000000","message":"Right","commit_id":"7f8f0755eb94a1508f497b2ec1663c93a90ccc06"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"2fc0009a8a4190facfe024df7bb29200cf64a497","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":15,"id":"ffcb5a24_37d9289d","updated":"2024-02-22 11:06:47.000000000","message":"+1 only because i need to come back to this later today and finish revieiwng it","commit_id":"3ba8fc0d2523d6b142951a4bc5f5ae837e6b3acc"},{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"68057052e44c6e51624547ff667e79d7ba5cfe1b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":15,"id":"c59c6cff_65673d9e","updated":"2024-02-23 21:17:49.000000000","message":"recheck nova-lvm unshelve took longer than 196s timeout but did succeed after that","commit_id":"3ba8fc0d2523d6b142951a4bc5f5ae837e6b3acc"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"555be3bcac20909dba2d44678bbe0a24ca3b1b32","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":15,"id":"26e37fe1_8282c320","updated":"2024-02-23 12:27:56.000000000","message":"recheck nova-next","commit_id":"3ba8fc0d2523d6b142951a4bc5f5ae837e6b3acc"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"7523fdf03c17bc2709ca7052a4fc024abbcc7dc3","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":15,"id":"f127f897_e81fed6b","updated":"2024-02-23 12:30:03.000000000","message":"recheck nova-next\n\nim off today so ill loop back to this on monday","commit_id":"3ba8fc0d2523d6b142951a4bc5f5ae837e6b3acc"}],"nova/privsep/qemu.py":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"2fc0009a8a4190facfe024df7bb29200cf64a497","unresolved":true,"context_lines":[{"line_number":143,"context_line":"                \u0027--object\u0027, f\"secret,id\u003dsec0,file\u003d{src_secret_file.name}\","},{"line_number":144,"context_line":"                \u0027--image-opts\u0027,"},{"line_number":145,"context_line":"            ]"},{"line_number":146,"context_line":"            csv_opts \u003d ["},{"line_number":147,"context_line":"                f\u0027{driver_str}file.driver\u003dfile\u0027,"},{"line_number":148,"context_line":"                f\u0027file.filename\u003d{source}\u0027,"},{"line_number":149,"context_line":"                f\u0027{prefix}key-secret\u003dsec0\u0027,"}],"source_content_type":"text/x-python","patch_set":15,"id":"4a2b2d8c_55d62f07","line":146,"updated":"2024-02-22 11:06:47.000000000","message":"im not really sure what csv stands for in this context\n\ncommon secrete values?","commit_id":"3ba8fc0d2523d6b142951a4bc5f5ae837e6b3acc"},{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"029e0cf91d500c89d0e30300eb7ac2b9f23d1611","unresolved":true,"context_lines":[{"line_number":143,"context_line":"                \u0027--object\u0027, f\"secret,id\u003dsec0,file\u003d{src_secret_file.name}\","},{"line_number":144,"context_line":"                \u0027--image-opts\u0027,"},{"line_number":145,"context_line":"            ]"},{"line_number":146,"context_line":"            csv_opts \u003d ["},{"line_number":147,"context_line":"                f\u0027{driver_str}file.driver\u003dfile\u0027,"},{"line_number":148,"context_line":"                f\u0027file.filename\u003d{source}\u0027,"},{"line_number":149,"context_line":"                f\u0027{prefix}key-secret\u003dsec0\u0027,"}],"source_content_type":"text/x-python","patch_set":15,"id":"2600d3bc_89068074","line":146,"in_reply_to":"4a2b2d8c_55d62f07","updated":"2024-02-26 17:35:02.000000000","message":"comma separated values, it\u0027s when you use --image-opts k\u003dv,k\u003dv,k\u003dv,... and it has to be one string","commit_id":"3ba8fc0d2523d6b142951a4bc5f5ae837e6b3acc"}],"nova/tests/fixtures/glance.py":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"2fc0009a8a4190facfe024df7bb29200cf64a497","unresolved":false,"context_lines":[{"line_number":289,"context_line":""},{"line_number":290,"context_line":"    @staticmethod"},{"line_number":291,"context_line":"    def _remove_empty_kernel_id_and_ramdisk_id(metadata):"},{"line_number":292,"context_line":"        # NOTE(melwitt): Remove kernel_id and ramdisk_id from the image"},{"line_number":293,"context_line":"        # metadata if they are empty strings (Instance.kernel_id and"},{"line_number":294,"context_line":"        # Instance.ramdisk_id can be \u0027\u0027 when creating a snapshot image)."},{"line_number":295,"context_line":"        # In real Glance, kernel_id and ramdisk_id don\u0027t appear in the image"}],"source_content_type":"text/x-python","patch_set":15,"id":"719a144d_6de336d2","line":292,"updated":"2024-02-22 11:06:47.000000000","message":"ack +1","commit_id":"3ba8fc0d2523d6b142951a4bc5f5ae837e6b3acc"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"0bd960ac1550a489bb9f1707804c65742cc11e56","unresolved":true,"context_lines":[{"line_number":360,"context_line":"        if not self.images.get(image_id):"},{"line_number":361,"context_line":"            raise exception.ImageNotFound(image_id\u003dimage_id)"},{"line_number":362,"context_line":""},{"line_number":363,"context_line":"        metadata \u003d self._remove_empty_kernel_id_and_ramdisk_id(metadata)"},{"line_number":364,"context_line":""},{"line_number":365,"context_line":"        if purge_props:"},{"line_number":366,"context_line":"            self.images[image_id] \u003d copy.deepcopy(metadata)"}],"source_content_type":"text/x-python","patch_set":15,"id":"904e661b_a65d2e79","line":363,"updated":"2024-02-26 13:17:40.000000000","message":"above we have \n```\n        image_meta \u003d copy.deepcopy(metadata)\n```\nbefore we call\n```\nimage_meta \u003d self._remove_empty_kernel_id_and_ramdisk_id(image_meta)\n```\n\nbut here we do the deep copy after if we are purging props\n\nthe else barnch was already not workign on a copy\nand does\n\n image[\u0027properties\u0027].update(metadata.pop(\u0027properties\u0027))\n \nwhich updates the metadata so i think this is ok as is\ni just want to call this out to confirm that modifying the input is intended.","commit_id":"3ba8fc0d2523d6b142951a4bc5f5ae837e6b3acc"},{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"029e0cf91d500c89d0e30300eb7ac2b9f23d1611","unresolved":true,"context_lines":[{"line_number":360,"context_line":"        if not self.images.get(image_id):"},{"line_number":361,"context_line":"            raise exception.ImageNotFound(image_id\u003dimage_id)"},{"line_number":362,"context_line":""},{"line_number":363,"context_line":"        metadata \u003d self._remove_empty_kernel_id_and_ramdisk_id(metadata)"},{"line_number":364,"context_line":""},{"line_number":365,"context_line":"        if purge_props:"},{"line_number":366,"context_line":"            self.images[image_id] \u003d copy.deepcopy(metadata)"}],"source_content_type":"text/x-python","patch_set":15,"id":"feee0d12_ddf26d2e","line":363,"in_reply_to":"904e661b_a65d2e79","updated":"2024-02-26 17:35:02.000000000","message":"OK, I think I see what you\u0027re saying. I guess I was thinking, in isolation _remove_empty_kernel_id_and_ramdisk_id might not always be desired to modify the input.","commit_id":"3ba8fc0d2523d6b142951a4bc5f5ae837e6b3acc"}],"nova/tests/fixtures/libvirt.py":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"0bd960ac1550a489bb9f1707804c65742cc11e56","unresolved":true,"context_lines":[{"line_number":891,"context_line":"            disk_info[\u0027source\u0027] \u003d source.get(\u0027path\u0027)"},{"line_number":892,"context_line":""},{"line_number":893,"context_line":"        encryption \u003d element.find(\u0027./source/encryption\u0027)"},{"line_number":894,"context_line":"        if encryption is not None:"},{"line_number":895,"context_line":"            disk_info[\u0027encryption_format\u0027] \u003d encryption.get(\u0027format\u0027)"},{"line_number":896,"context_line":"            secret \u003d encryption.find(\u0027./secret\u0027)"},{"line_number":897,"context_line":"            if secret is not None:"}],"source_content_type":"text/x-python","patch_set":15,"id":"4e445dcf_603aac16","line":894,"range":{"start_line":894,"start_character":7,"end_line":894,"end_character":34},"updated":"2024-02-26 13:17:40.000000000","message":"nit: this can just be\n```\nif encryption:\n```\n\ni know testing is None or not None is prefered in some case but you are really checking if this returns an empty mapping as you are uncondtionally calling \nencryption.get(\u0027format\u0027) if it is not None.\n\nwhat you have written is corret if your intent is to explcitly set \n\ndisk_info[\u0027encryption_format\u0027] \u003d None when there is no source encyption element.\n\nbut that is not obviously the intent of the code today so if that is the intent a comment would be good.\n\nthis can be a follwoup however as this alone is not worth a respine of this patch.","commit_id":"3ba8fc0d2523d6b142951a4bc5f5ae837e6b3acc"},{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"029e0cf91d500c89d0e30300eb7ac2b9f23d1611","unresolved":true,"context_lines":[{"line_number":891,"context_line":"            disk_info[\u0027source\u0027] \u003d source.get(\u0027path\u0027)"},{"line_number":892,"context_line":""},{"line_number":893,"context_line":"        encryption \u003d element.find(\u0027./source/encryption\u0027)"},{"line_number":894,"context_line":"        if encryption is not None:"},{"line_number":895,"context_line":"            disk_info[\u0027encryption_format\u0027] \u003d encryption.get(\u0027format\u0027)"},{"line_number":896,"context_line":"            secret \u003d encryption.find(\u0027./secret\u0027)"},{"line_number":897,"context_line":"            if secret is not None:"}],"source_content_type":"text/x-python","patch_set":15,"id":"4053c742_efe146a5","line":894,"range":{"start_line":894,"start_character":7,"end_line":894,"end_character":34},"in_reply_to":"4e445dcf_603aac16","updated":"2024-02-26 17:35:02.000000000","message":"Yeah, I see what you mean. Maybe I was copying what it\u0027s doing for source and driver? I dunno.","commit_id":"3ba8fc0d2523d6b142951a4bc5f5ae837e6b3acc"}],"nova/tests/functional/libvirt/test_ephemeral_encryption.py":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"2fc0009a8a4190facfe024df7bb29200cf64a497","unresolved":true,"context_lines":[{"line_number":958,"context_line":"        # There should be 8 secrets in the key manager now: three for server1"},{"line_number":959,"context_line":"        # BDMs, one for the snapshot image, three for server2 BDMs and one for"},{"line_number":960,"context_line":"        # the server2 root disk BDM backing image secret."},{"line_number":961,"context_line":"        self.assertEqual(8, len(self._get_key_mgr_secrets(self.context)))"},{"line_number":962,"context_line":""},{"line_number":963,"context_line":"        # There should be three secrets in libvirt for server2, one for the"},{"line_number":964,"context_line":"        # root disk, one for the ephemeral disk, and one for the swap disk."}],"source_content_type":"text/x-python","patch_set":15,"id":"dbe58445_88b99cd5","line":961,"updated":"2024-02-22 11:06:47.000000000","message":"thanks for calling out what the 8 are\ni initalaly tought 7 assuming we migth be able to use the same secret for the root disk and backing file but your right if we have 2 vms form the same encypeted image\nwe cant assume its ok to share the same secret between the backing file and root image.","commit_id":"3ba8fc0d2523d6b142951a4bc5f5ae837e6b3acc"},{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"029e0cf91d500c89d0e30300eb7ac2b9f23d1611","unresolved":true,"context_lines":[{"line_number":958,"context_line":"        # There should be 8 secrets in the key manager now: three for server1"},{"line_number":959,"context_line":"        # BDMs, one for the snapshot image, three for server2 BDMs and one for"},{"line_number":960,"context_line":"        # the server2 root disk BDM backing image secret."},{"line_number":961,"context_line":"        self.assertEqual(8, len(self._get_key_mgr_secrets(self.context)))"},{"line_number":962,"context_line":""},{"line_number":963,"context_line":"        # There should be three secrets in libvirt for server2, one for the"},{"line_number":964,"context_line":"        # root disk, one for the ephemeral disk, and one for the swap disk."}],"source_content_type":"text/x-python","patch_set":15,"id":"4e32db4d_f8478ab3","line":961,"in_reply_to":"dbe58445_88b99cd5","updated":"2024-02-26 17:35:02.000000000","message":"Right. The backing file actually always has a different secret than the overlay as the series is currently written.","commit_id":"3ba8fc0d2523d6b142951a4bc5f5ae837e6b3acc"}],"releasenotes/notes/support-ephemeral-encryption-4fdead844d9c86b6.yaml":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"5476fc34cfecb093f5d50d40b78d479a1b4f022c","unresolved":true,"context_lines":[{"line_number":15,"context_line":"    * evacuate"},{"line_number":16,"context_line":"    * rescue"},{"line_number":17,"context_line":"    * snapshot"},{"line_number":18,"context_line":"    * shelve/unshelve"}],"source_content_type":"text/x-yaml","patch_set":8,"id":"da223b85_cc886b17","line":18,"updated":"2024-02-13 08:23:27.000000000","message":"ah so this is why you didnt add this in \nhttps://review.opendev.org/c/openstack/nova/+/870937/28","commit_id":"7f8f0755eb94a1508f497b2ec1663c93a90ccc06"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"116f1e6de2fb5c806d514b98656e71fe9be1b987","unresolved":false,"context_lines":[{"line_number":15,"context_line":"    * evacuate"},{"line_number":16,"context_line":"    * rescue"},{"line_number":17,"context_line":"    * snapshot"},{"line_number":18,"context_line":"    * shelve/unshelve"}],"source_content_type":"text/x-yaml","patch_set":8,"id":"71731f8b_03969085","line":18,"in_reply_to":"da223b85_cc886b17","updated":"2024-02-14 10:40:34.000000000","message":"Acknowledged","commit_id":"7f8f0755eb94a1508f497b2ec1663c93a90ccc06"}]}