heat-specs/specs/liberty/cinder-volume-encryption-support.rst

Cinder volume encryption support

https://blueprints.launchpad.net/heat/+spec/cinder-volume-encryption

Provides support for encrypted cinder volume creation.

Problem description

Cinder provide encrypted volume creation by using encrypted volume type as described in below wiki page: http://docs.openstack.org/juno/config-reference/content/section_volume-encryption.html

Proposed change

Add new contrib heat resource plugin for creating the encrypted volume type OS::Cinder::EncryptedVolumeType with following properties:

• provider (required)

  • description: The class that provides encryption support. For example, nova.volume.encryptors.luks.LuksEncryptor.
  • type: string

• cipher (optional)

  • description: The encryption algorithm or mode. For example, aes-xts-plain64
  • type: string

• key_size (optional)

  • description: Size of encryption key, in bits. For example, 128 or 256.
  • type: integer

• control_location (optional)

  • default: front-end
  • allowed-values: front-end, back-end.
  • description: Notional service where encryption is performed.
  • type: string

• type (required)

  • description: Name or id of volume type (OS::Cinder::VolumeType)
  • type: string

This resource needs following actions:

• create
• delete

Alternatives

None.

Implementation

Assignee(s)

Primary assignee:

Kanagaraj Manickam (kanagaraj-manickam)

Milestones

Target Milestone for completion:

liberty-1

Work Items

• Add new contrib resource plugin as described in the solution section
• Add test cases for new resource plugin
• Add required functional test cases to validate the resource.

Dependencies

None