yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #93391
[Bug 2051108] Re: Support for the "bring your own keys" approach for Cinder
for cinder this would likely require a spec as its an api change to be
able to pass the barbican secrete i belive.
for nova this might be a specless blueprint if the changes were minor
enough and we coudl capture the details in the cinder spec otherwisse we
would need a spec for nova as well.
in either case this is not a bug in the scope of nova so ill make the
nova part as invild form a paper work prespective since this would be
tracked as a nova blueprint in lancuchpad with or without a spec not as
a bug.
** Changed in: nova
Status: New => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/2051108
Title:
Support for the "bring your own keys" approach for Cinder
Status in Cinder:
New
Status in OpenStack Compute (nova):
Invalid
Bug description:
Description
===========
Cinder currently lags support the API to create a volume with a predefined (e.g. already stored in Barbican) encryption key. This feature would be useful for use cases where end-users should be enabled to store keys later on used to encrypt volumes.
Work flow would be as follow:
1. End user creates a new key and stores it in OpenStack Barbican
2. User requests a new volume with volume type "LUKS" and gives an "encryption_reference_key_id" (or just "key_id").
3. Internally the key is copied (like in volume_utils.clone_encryption_key_()) and a new "encryption_key_id".
To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/2051108/+subscriptions
References