cinder

History

Alan Bishop d59e41fb3c Add support for transferring encrypted volumes A new microversion 3.70 adds the ability to transfer a volume's encryption key when transferring a volume to another project. When the volume transfer is initiated, the volume's encryption secret is essentially transferred to the cinder service. - The cinder service creates a new encryption_key_id that contains a copy of the volume's encryption secret. - The volume (and its snapshots) is updated with the new encryption_key_id (the one owned by the cinder service). - The volume's original encryption_key_id (owned by the volume's owner) is deleted. When the transfer is accepted, the secret is transferred to the user accepting the transfer. - A new encryption_key_id is generated on behalf of the new user that contains a copy of the volume's encryption secret. - The volume (and its snapshots) is updated with the new encryption_key_id (the one owned by the user). - The intermediate encryption_key_id owned by the cinder service is deleted. When a transfer is cancelled (deleted), the same process is used to transfer ownship back to the user that cancelled the transfer. Implements: blueprint transfer-encrypted-volume Change-Id: I459f06504e90025c9c0b539981d3d56a2a9394c7	2022-08-26 06:32:41 -07:00
..
__init__.py	Move oslo.utils to oslo_utils namespace	2015-01-19 21:50:34 -06:00
api.py	Add support for transferring encrypted volumes	2022-08-26 06:32:41 -07:00

Alan Bishop d59e41fb3c Add support for transferring encrypted volumes

A new microversion 3.70 adds the ability to transfer a volume's
encryption key when transferring a volume to another project.

When the volume transfer is initiated, the volume's encryption
secret is essentially transferred to the cinder service.
- The cinder service creates a new encryption_key_id that contains
  a copy of the volume's encryption secret.
- The volume (and its snapshots) is updated with the new
  encryption_key_id (the one owned by the cinder service).
- The volume's original encryption_key_id (owned by the volume's
  owner) is deleted.

When the transfer is accepted, the secret is transferred to the
user accepting the transfer.
- A new encryption_key_id is generated on behalf of the new user
  that contains a copy of the volume's encryption secret.
- The volume (and its snapshots) is updated with the new
  encryption_key_id (the one owned by the user).
- The intermediate encryption_key_id owned by the cinder service
  is deleted.

When a transfer is cancelled (deleted), the same process is used
to transfer ownship back to the user that cancelled the transfer.

Implements: blueprint transfer-encrypted-volume
Change-Id: I459f06504e90025c9c0b539981d3d56a2a9394c7

2022-08-26 06:32:41 -07:00

__init__.py

Move oslo.utils to oslo_utils namespace

2015-01-19 21:50:34 -06:00

api.py

Add support for transferring encrypted volumes

2022-08-26 06:32:41 -07:00