Back to bug 2192596

Who When What Removed Added
RHEL Program Management 2023-05-02 12:46:17 UTC Target Release ODF 4.12.z Async ---
arun kumar mohan 2023-05-03 14:03:25 UTC Link ID Github red-hat-storage/ocs-operator/pull/2045
Status NEW POST
Mudit Agarwal 2023-05-05 11:14:17 UTC CC muagarwa
krishnaram Karthick 2023-05-15 09:50:25 UTC CC kramdoss
QA Contact ebenahar pakamble
RHEL Program Management 2023-05-16 14:02:33 UTC Target Release --- ODF 4.12.4
Sunil Kumar Acharya 2023-05-22 09:21:38 UTC Flags needinfo?(muagarwa)
Sanjal Katiyar 2023-05-22 09:23:36 UTC Assignee muagarwa amohan
Sanjal Katiyar 2023-05-22 09:24:49 UTC Flags needinfo?(amohan)
arun kumar mohan 2023-05-23 09:10:04 UTC Blocks 2209254
arun kumar mohan 2023-05-24 12:23:52 UTC Doc Text Cause: we were enabling encryption when any of the below condition was true,
storagecluster.Spec.Encryption.Enable OR
storagecluster.Spec.Encryption.ClusterWide OR storagecluster.Spec.Encryption.KeyManagementService.Enable

Consequence: this started enabling Noobaa KMS encryption even when the clusterwide encryption is not turned on (just KMS encryption was enabled)

Fix: was to add Nooba encryption only when storagecluster spec has KMS enabled (ie; storagecluster.Spec.Encryption.KeyManagementService.Enable = true) and any one of the following condition is met/true,

Encryption.Enabled OR
Encryption.ClusterWide is true OR
noobaa is in Standalone mode

Result: Nooba system is encrypted appropriately/correctly
Doc Type If docs needed, set a value Bug Fix
Sunil Kumar Acharya 2023-05-24 16:15:10 UTC CC sheggodu
Status POST MODIFIED
Jenkins Automation for Ceph (Ken Dreyer) 2023-05-25 18:04:51 UTC Fixed In Version 4.12.4-1
Status MODIFIED ON_QA
Mudit Agarwal 2023-05-30 06:13:21 UTC Flags needinfo?(muagarwa)
Parag Kamble 2023-06-02 07:15:52 UTC Status ON_QA VERIFIED
Kusuma 2023-06-09 18:09:15 UTC CC kbg
Doc Text Cause: we were enabling encryption when any of the below condition was true,
storagecluster.Spec.Encryption.Enable OR
storagecluster.Spec.Encryption.ClusterWide OR storagecluster.Spec.Encryption.KeyManagementService.Enable

Consequence: this started enabling Noobaa KMS encryption even when the clusterwide encryption is not turned on (just KMS encryption was enabled)

Fix: was to add Nooba encryption only when storagecluster spec has KMS enabled (ie; storagecluster.Spec.Encryption.KeyManagementService.Enable = true) and any one of the following condition is met/true,

Encryption.Enabled OR
Encryption.ClusterWide is true OR
noobaa is in Standalone mode

Result: Nooba system is encrypted appropriately/correctly
Previously, Multicloud Object Gateway (MCG) Key Management Service (KMS) encryption was enabled even when the clusterwide encryption was not enabled and only when the KMS encryption was enabled. This was because MCG encryption was set to enable when one of these conditions was true:
* storagecluster.Spec.Encryption.Enable
* storagecluster.Spec.Encryption.ClusterWide
* storagecluster.Spec.Encryption.KeyManagementService.Enable.

With this fix, MCG encryption is enabled only when the storagecluster spec has KMS enabled and any one of the following conditions is true:
* Encryption.Enabled OR
* Encryption.ClusterWide is true OR
* MCG is in Standalone mode
As a result, MCG is encrypted appropriately.
errata-xmlrpc 2023-06-14 10:14:05 UTC Status VERIFIED RELEASE_PENDING
errata-xmlrpc 2023-06-14 21:20:41 UTC Status RELEASE_PENDING CLOSED
Resolution --- ERRATA
Last Closed 2023-06-14 21:20:41 UTC
errata-xmlrpc 2023-06-14 21:21:03 UTC Link ID Red Hat Product Errata RHSA-2023:3609
Elad 2023-08-09 17:00:43 UTC CC odf-bz-bot

Back to bug 2192596