for cinder this would likely require a spec as its an api change to be
able to pass the barbican secrete i belive.
for nova this might be a specless blueprint if the changes were minor
enough and we coudl capture the details in the cinder spec otherwisse we
would need a spec for nova as well.
in either case this is not a bug in the scope of nova so ill make the
nova part as invild form a paper work prespective since this would be
tracked as a nova blueprint in lancuchpad with or without a spec not as
a bug.
** Changed in: nova
Status: New => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/2051108
Title:
Support for the "bring your own keys" approach for Cinder
Status in Cinder:
New
Status in OpenStack Compute (nova):
Invalid
Bug description:
Description
===========
Cinder currently lags support the API to create a volume with a predefined
(e.g. already stored in Barbican) encryption key. This feature would be useful
for use cases where end-users should be enabled to store keys later on used to
encrypt volumes.
Work flow would be as follow:
1. End user creates a new key and stores it in OpenStack Barbican
2. User requests a new volume with volume type "LUKS" and gives an
"encryption_reference_key_id" (or just "key_id").
3. Internally the key is copied (like in
volume_utils.clone_encryption_key_()) and a new "encryption_key_id".
To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/2051108/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
