yahoo-eng-team team mailing list archive

[sean mooney <2051108@xxxxxxxxxxxxxxxxxx>]

for cinder this would likely require a spec as its an api change to be
able to pass the barbican secrete i belive.

for nova this might be a specless blueprint if the changes were minor
enough and we coudl capture the details in the cinder spec otherwisse we
would need a spec for nova as well.

in either case this is not a bug in the scope of nova so ill make the
nova part as invild form a paper work prespective since this would be
tracked as a nova blueprint in lancuchpad with or without a spec not as
a bug.

** Changed in: nova
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/2051108

Title:
  Support for the "bring your own keys" approach for Cinder

Status in Cinder:
  New
Status in OpenStack Compute (nova):
  Invalid

Bug description:
  Description
  ===========
  Cinder currently lags support the API to create a volume with a predefined (e.g. already stored in Barbican) encryption key. This feature would be useful for use cases where end-users should be enabled to store keys later on used to encrypt volumes.

  Work flow would be as follow:
  1. End user creates a new key and stores it in OpenStack Barbican
  2. User requests a new volume with volume type "LUKS" and gives an "encryption_reference_key_id" (or just "key_id").
  3. Internally the key is copied (like in volume_utils.clone_encryption_key_()) and a new "encryption_key_id".

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/2051108/+subscriptions