Amend spec to use regular rst table instead of code block

Change-Id: I9be6902af17d957a0b5187087e76461cdf0dec94
2024-02-03 21:12:56 +00:00 · 2024-02-03 21:12:56 +00:00 · f79e857320
parent f0ffcb6ddf
commit f79e857320
1 changed files with 40 additions and 42 deletions
--- a/specs/2024.1/approved/ephemeral-storage-encryption.rst
+++ b/specs/2024.1/approved/ephemeral-storage-encryption.rst
@ -144,48 +144,46 @@ one swap disk. Each disk will have its own secret.
 This table is intended to illustrate the way secrets are handled in various
 scenarios.

-.. code:: rst
-
-   +--------------------+-------------+--------------+------------------------------------------------------+
-   | Instance or Image  | Disk        | Secret       | Notes                                                |
-   |                    |             | (passphrase) |                                                      |
-   +====================+=============+==============+======================================================+
-   | Instance A         | disk (root) | Secret 1     | Secret 1, 2, and 3 will be automatically deleted     |
-   |                    +-------------+--------------+ by Nova when Instance A is deleted and its disks are |
-   |                    | disk.eph0   | Secret 2     | destroyed                                            |
-   |                    +-------------+--------------+                                                      |
-   |                    | disk.swap   | Secret 3     |                                                      |
-   +--------------------+-------------+--------------+------------------------------------------------------+
-   | Image Z (snapshot) | disk (root) | Secret 4     | Secret 4 will *not* be automatically deleted and     |
-   | created from       |             | (new secret  | manual deletion will be needed if/when Image Z is    |
-   | Instance A         |             |  is created) | deleted from Glance                                  |
-   +--------------------+-------------+--------------+------------------------------------------------------+
-   | Instance B         | disk (root) | Secret 5     | Secret 5, 6, and 7 will be automatically deleted     |
-   | created from       +-------------+--------------+ by Nova when Instance B is deleted and its disks are |
-   | Image Z (snapshot) | disk.eph0   | Secret 6     | destroyed                                            |
-   |                    +-------------+--------------+                                                      |
-   |                    | disk.swap   | Secret 7     |                                                      |
-   +--------------------+-------------+--------------+------------------------------------------------------+
-   | Instance C         | disk (root) | Secret 8     | Secret 8, 9, and 10 will be automatically deleted    |
-   |                    +-------------+--------------+ by Nova when Instance C is deleted and its disks are |
-   |                    | disk.eph0   | Secret 9     | destroyed                                            |
-   |                    +-------------+--------------+                                                      |
-   |                    | disk.swap   | Secret 10    |                                                      |
-   +--------------------+-------------+--------------+------------------------------------------------------+
-   | Image Y (snapshot) | disk (root) | Secret 8     | Secret 8 is *retained* when Instance C is shelved in |
-   | created by shelve  |             |              | part to prevent the possibility of a change in       |
-   | of Instance C      |             |              | ownership of the root disk secret if, for example,   |
-   |                    |             |              | an admin user shelves a non-admin user's instance.   |
-   |                    |             |              | This approach could be avoided if there is some way  |
-   |                    |             |              | we could create a new secret using the instance's    |
-   |                    |             |              | user/project rather than the shelver's user/project  |
-   +--------------------+-------------+--------------+------------------------------------------------------+
-   | Rescue disk        | disk (root) | Secret 11    | Secret 11 is stashed in the instance's system        |
-   | created by rescue  |             | (new secret  | metadata with key                                    |
-   | of Instance A      |             |  is created) | ``rescue_disk_ephemeral_encryption_secret_uuid``.    |
-   |                    |             |              | This is done because a BDM record for the rescue     |
-   |                    |             |              | disk is not going to be persisted to the database.   |
-   +--------------------+-------------+--------------+------------------------------------------------------+
+--------------------+-------------+--------------+------------------------------------------------------+
+| Instance or Image  | Disk        | Secret       | Notes                                                |
+|                    |             | (passphrase) |                                                      |
+====================+=============+==============+======================================================+
+| Instance A         | disk (root) | Secret 1     | Secret 1, 2, and 3 will be automatically deleted     |
+|                    +-------------+--------------+ by Nova when Instance A is deleted and its disks are |
+|                    | disk.eph0   | Secret 2     | destroyed                                            |
+|                    +-------------+--------------+                                                      |
+|                    | disk.swap   | Secret 3     |                                                      |
+--------------------+-------------+--------------+------------------------------------------------------+
+| Image Z (snapshot) | disk (root) | Secret 4     | Secret 4 will *not* be automatically deleted and     |
+| created from       |             | (new secret  | manual deletion will be needed if/when Image Z is    |
+| Instance A         |             | is created)  | deleted from Glance                                  |
+--------------------+-------------+--------------+------------------------------------------------------+
+| Instance B         | disk (root) | Secret 5     | Secret 5, 6, and 7 will be automatically deleted     |
+| created from       +-------------+--------------+ by Nova when Instance B is deleted and its disks are |
+| Image Z (snapshot) | disk.eph0   | Secret 6     | destroyed                                            |
+|                    +-------------+--------------+                                                      |
+|                    | disk.swap   | Secret 7     |                                                      |
+--------------------+-------------+--------------+------------------------------------------------------+
+| Instance C         | disk (root) | Secret 8     | Secret 8, 9, and 10 will be automatically deleted    |
+|                    +-------------+--------------+ by Nova when Instance C is deleted and its disks are |
+|                    | disk.eph0   | Secret 9     | destroyed                                            |
+|                    +-------------+--------------+                                                      |
+|                    | disk.swap   | Secret 10    |                                                      |
+--------------------+-------------+--------------+------------------------------------------------------+
+| Image Y (snapshot) | disk (root) | Secret 8     | Secret 8 is *retained* when Instance C is shelved in |
+| created by shelve  |             |              | part to prevent the possibility of a change in       |
+| of Instance C      |             |              | ownership of the root disk secret if, for example,   |
+|                    |             |              | an admin user shelves a non-admin user's instance.   |
+|                    |             |              | This approach could be avoided if there is some way  |
+|                    |             |              | we could create a new secret using the instance's    |
+|                    |             |              | user/project rather than the shelver's user/project  |
+--------------------+-------------+--------------+------------------------------------------------------+
+| Rescue disk        | disk (root) | Secret 11    | Secret 11 is stashed in the instance's system        |
+| created by rescue  |             | (new secret  | metadata with key                                    |
+| of Instance A      |             | is created)  | ``rescue_disk_ephemeral_encryption_secret_uuid``.    |
+|                    |             |              | This is done because a BDM record for the rescue     |
+|                    |             |              | disk is not going to be persisted to the database.   |
+--------------------+-------------+--------------+------------------------------------------------------+

 Snapshots of instances with ephemeral encryption
 ````````````````````````````````````````````````