Am 06.02.2020 um 14:36 hat Daniel P. Berrangé geschrieben:
> On Thu, Feb 06, 2020 at 02:20:11PM +0100, Markus Armbruster wrote:
> > One more question regarding the array in
> >
> > { 'struct': 'QCryptoBlockAmendOptionsLUKS',
> > 'data' : {
> > 'keys': ['LUKSKeyslotUpdate'],
> > '*unlock-secret' : 'str' } }
> >
> > Why an array? Do we really need multiple keyslot updates in one amend
> > operation?
>
> I think it it is unlikely we'd use this in libvirt. In the case of wanting
> to *change* a key, it is safer to do a sequence of "add key" and then
> "remove key". If you combine them into the same operation, and you get
> an error back, it is hard to know /where/ it failed ? was the new key
> added or not ?
I think the array came in because of the "describe the new state"
approach. The state has eight keyslots, so in order to fully describe
the new state, you would have to be able to pass multiple slots at once.
Kevin
