Kaitlin, On Mon, Mar 13, 2017 at 2:55 PM, Farr, Kaitlin M. <kaitlin.f...@jhuapl.edu> wrote: > Proposed library name: Rename Castellan to oslo.keymanager > > > > Proposed library mission/motivation: Castellan’s goal is to provide a > > generic key manager interface that projects can use for their key > > manager needs, e.g., storing certificates or generating keys for > > encrypting data. The interface passes the commands and Keystone > > credentials on to the configured back end. Castellan is not a service > > and does not maintain state. The library can grow to have multiple > > back ends, as long as the back end can authenticate Keystone > > credentials. The only two back end options now in Castellan are > > Barbican and a limited mock key manager useful only for unit tests. > > If someone wrote a Keystone auth plugin for Vault, we could also have a > > Vault back end for Castellan. > > > > The benefit of using Castellan versus using Barbican directly > > is Castellan allows the option of swapping out for other key managers, > > mainly for testing. If projects want their own custom back end for > > Castellan, they can write a back end that implements the Castellan > > interface but lives in their own code base, i.e., ConfKeyManager in > > Nova and Cinder. Additionally, Castellan already has oslo.config > > options defined which are helpful for configuring the project to talk > > to Barbican. > > > > When the Barbican team first created the Castellan library, we had > > reached out to oslo to see if we could name it oslo.keymanager, but the > > idea was not accepted because the library didn’t have enough traction. > > Now, Castellan is used in many projects, and we thought we would > > suggest renaming again. At the PTG, the Barbican team met with the AWG > > to discuss how we could get Barbican integrated with more projects, and > > the rename was also suggested at that meeting. Other projects are > > interested in creating encryption features, and a rename will help > > clarify the difference between Barbican and Castellan. > > > > Existing similar libraries (if any) and why they aren't being used: N/A > > > > Reviewer activity: Barbican team > > > > Who is going to use this (project involvement): Cinder, Nova, Sahara, > > and Glance already use Castellan, Swift has a patch that integrates > > Castellan. > > > > Proposed adoption model/plan: The Castellan library was already created > > and produces a functional and useful artifact (a pypi release) and is > > integrated into various OpenStack projects and now it is proposed that > > the library be moved into the Oslo group's namespace by creating a fork > > of Castellan, clean up a few things, create a new oslo.keymanager > > release on pypi, and change the projects to use oslo.keymanager. >
Is the idea that the name change (oslo) will help drive the adoption? Also, Is the a default backend for say devstack going to be barbican? Is there a plan to do something else (say a vault based backend) for very simple scenarios? > > Thanks, > > > > Kaitlin Farr > > Software Engineer > > The Johns Hopkins University Applied Physics Laboratory > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- Davanum Srinivas :: https://twitter.com/dims __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
