Add release notes for secret key deletion
Change-Id: Ie7961ed0fab4af0208a9add0bf06a08cc12d0b4d Implements: blueprint barbican-secret-deletion-support
This commit is contained in:
Cyril Roelandt
Brian Rosmaita
parent
e475581c72
commit
defc01042f
@ -0,0 +1,40 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
To support the Block Storage service (Cinder) upload-volume-to-image action
|
||||||
|
when the volume is an encrypted volume type, when such an image is deleted,
|
||||||
|
Glance will now contact the OpenStack Key Management service (Barbican) and
|
||||||
|
request it to delete the associated encryption key. Two extra properties
|
||||||
|
must be set on the image for this to work: ``cinder_encryption_key_id``
|
||||||
|
(whose value is the identifier in the OpenStack Key Management service for
|
||||||
|
the encryption key used to encrypt the volume) and
|
||||||
|
``cinder_encryption_key_deletion_policy`` (whose value may be either
|
||||||
|
``on_image_deletion`` or ``do_not_delete``). Please note the following:
|
||||||
|
|
||||||
|
* An image created by the Block Storage service will have these properties
|
||||||
|
set automatically, with the deletion policy set to ``on_image_deletion``.
|
||||||
|
* The Block Storage service *always* creates a new secret in Barbican when
|
||||||
|
it uploads a volume as an image, keeping a 1-1 relation between each
|
||||||
|
secret stored in the Key Management Service and each image of an
|
||||||
|
encrypted volume stored in Glance. Thus, deleting the Barbican secret
|
||||||
|
*at the time when the image is deleted* will not cause data loss *as long
|
||||||
|
as the secret is not being used for any other purpose*.
|
||||||
|
|
||||||
|
* The Block Storage service will not use the secret associated with an
|
||||||
|
image for any other purpose.
|
||||||
|
* If you choose to use the Barbican secret identified by the value of
|
||||||
|
``cinder_encryption_key_id`` for any other purpose, you risk data loss.
|
||||||
|
* Manual use of the ``cinder_encryption_key_*`` properties is *not*
|
||||||
|
recommended.
|
||||||
|
|
||||||
|
* If the ``cinder_encryption_key_deletion_policy`` image property is
|
||||||
|
missing or has any value other than ``on_image_deletion``, Glance will
|
||||||
|
**not** attempt to delete the key whose identifier is the value of
|
||||||
|
``cinder_encryption_key_id``.
|
||||||
|
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
The properties ``cinder_encryption_key_id`` and
|
||||||
|
``cinder_encryption_key_deletion_policy`` have been added to the *common
|
||||||
|
image properties* and appear in the image schema. See the "New Features"
|
||||||
|
section of these notes for information about these image properties.
|
||||||
Loading…
Reference in New Issue
Block a user