defc01042f
Change-Id: Ie7961ed0fab4af0208a9add0bf06a08cc12d0b4d Implements: blueprint barbican-secret-deletion-support
41 lines
2.2 KiB
YAML
41 lines
2.2 KiB
YAML
---
|
|
features:
|
|
- |
|
|
To support the Block Storage service (Cinder) upload-volume-to-image action
|
|
when the volume is an encrypted volume type, when such an image is deleted,
|
|
Glance will now contact the OpenStack Key Management service (Barbican) and
|
|
request it to delete the associated encryption key. Two extra properties
|
|
must be set on the image for this to work: ``cinder_encryption_key_id``
|
|
(whose value is the identifier in the OpenStack Key Management service for
|
|
the encryption key used to encrypt the volume) and
|
|
``cinder_encryption_key_deletion_policy`` (whose value may be either
|
|
``on_image_deletion`` or ``do_not_delete``). Please note the following:
|
|
|
|
* An image created by the Block Storage service will have these properties
|
|
set automatically, with the deletion policy set to ``on_image_deletion``.
|
|
* The Block Storage service *always* creates a new secret in Barbican when
|
|
it uploads a volume as an image, keeping a 1-1 relation between each
|
|
secret stored in the Key Management Service and each image of an
|
|
encrypted volume stored in Glance. Thus, deleting the Barbican secret
|
|
*at the time when the image is deleted* will not cause data loss *as long
|
|
as the secret is not being used for any other purpose*.
|
|
|
|
* The Block Storage service will not use the secret associated with an
|
|
image for any other purpose.
|
|
* If you choose to use the Barbican secret identified by the value of
|
|
``cinder_encryption_key_id`` for any other purpose, you risk data loss.
|
|
* Manual use of the ``cinder_encryption_key_*`` properties is *not*
|
|
recommended.
|
|
|
|
* If the ``cinder_encryption_key_deletion_policy`` image property is
|
|
missing or has any value other than ``on_image_deletion``, Glance will
|
|
**not** attempt to delete the key whose identifier is the value of
|
|
``cinder_encryption_key_id``.
|
|
|
|
upgrade:
|
|
- |
|
|
The properties ``cinder_encryption_key_id`` and
|
|
``cinder_encryption_key_deletion_policy`` have been added to the *common
|
|
image properties* and appear in the image schema. See the "New Features"
|
|
section of these notes for information about these image properties.
|