Add release notes for secret key deletion

Change-Id: Ie7961ed0fab4af0208a9add0bf06a08cc12d0b4d Implements: blueprint barbican-secret-deletion-support
2019-09-06 23:13:52 +02:00 · 2019-09-06 23:13:52 +02:00 · defc01042f
parent e475581c72
commit defc01042f
1 changed files with 40 additions and 0 deletions
--- a/releasenotes/notes/bp-barbican-secret-deletion-support-40cffa5ffa33447e.yaml
+++ b/releasenotes/notes/bp-barbican-secret-deletion-support-40cffa5ffa33447e.yaml
@ -0,0 +1,40 @@
+---
+features:
+  - |
+    To support the Block Storage service (Cinder) upload-volume-to-image action
+    when the volume is an encrypted volume type, when such an image is deleted,
+    Glance will now contact the OpenStack Key Management service (Barbican) and
+    request it to delete the associated encryption key. Two extra properties
+    must be set on the image for this to work: ``cinder_encryption_key_id``
+    (whose value is the identifier in the OpenStack Key Management service for
+    the encryption key used to encrypt the volume) and
+    ``cinder_encryption_key_deletion_policy`` (whose value may be either
+    ``on_image_deletion`` or ``do_not_delete``).  Please note the following:
+
+    * An image created by the Block Storage service will have these properties
+      set automatically, with the deletion policy set to ``on_image_deletion``.
+    * The Block Storage service *always* creates a new secret in Barbican when
+      it uploads a volume as an image, keeping a 1-1 relation between each
+      secret stored in the Key Management Service and each image of an
+      encrypted volume stored in Glance.  Thus, deleting the Barbican secret
+      *at the time when the image is deleted* will not cause data loss *as long
+      as the secret is not being used for any other purpose*.
+
+      * The Block Storage service will not use the secret associated with an
+        image for any other purpose.
+      * If you choose to use the Barbican secret identified by the value of
+        ``cinder_encryption_key_id`` for any other purpose, you risk data loss.
+      * Manual use of the ``cinder_encryption_key_*`` properties is *not*
+        recommended.
+
+    * If the ``cinder_encryption_key_deletion_policy`` image property is
+      missing or has any value other than ``on_image_deletion``, Glance will
+      **not** attempt to delete the key whose identifier is the value of
+      ``cinder_encryption_key_id``.
+
+upgrade:
+  - |
+    The properties ``cinder_encryption_key_id`` and
+    ``cinder_encryption_key_deletion_policy`` have been added to the *common
+    image properties* and appear in the image schema.  See the "New Features"
+    section of these notes for information about these image properties.