From b3e5aa376114aabbee6f9d62bfdee22365f4e34f Mon Sep 17 00:00:00 2001 From: Lee Yarwood Date: Sun, 30 Jun 2019 11:20:39 +0100 Subject: [PATCH] encryptors: Deprecate the CryptsetupEncryptor This encryptor and the underlying plain cryptsetup encryption format it provides is not widely used, inflexible (no key rotation) and as a result no longer required in os-brick. This change starts the deprecation process. Additional changes will be posted to ensure the retype workflow between this encryptor and the LUKS based encryptors is well tested ahead of any removal. Change-Id: Ibb560da269a2f330526af6761fa509c262e3d361 --- os_brick/encryptors/cryptsetup.py | 10 ++++++++++ ...te-plain-cryptsetup-encryptor-0a279abc0b0d718c.yaml | 7 +++++++ 2 files changed, 17 insertions(+) create mode 100644 releasenotes/notes/deprecate-plain-cryptsetup-encryptor-0a279abc0b0d718c.yaml diff --git a/os_brick/encryptors/cryptsetup.py b/os_brick/encryptors/cryptsetup.py index ba4574cd0..9fa2dd123 100644 --- a/os_brick/encryptors/cryptsetup.py +++ b/os_brick/encryptors/cryptsetup.py @@ -22,6 +22,7 @@ from os_brick.encryptors import base from os_brick import exception from oslo_concurrency import processutils from oslo_log import log as logging +from oslo_log import versionutils LOG = logging.getLogger(__name__) @@ -146,6 +147,15 @@ class CryptsetupEncryptor(base.VolumeEncryptor): instance is unaware of the underlying encryption due to modifying the original symbolic link to refer to the device mounted by dm-crypt. """ + # TODO(lyarwood): Remove this encryptor and refactor the LUKS based + # encryptors in the U release. + versionutils.report_deprecated_feature( + LOG, + "The plain CryptsetupEncryptor is deprecated and will be removed " + "in a future release. Existing users are encouraged to retype " + "any existing volumes using this encryptor to the 'luks' " + "LuksEncryptor or 'luks2' Luks2Encryptor encryptors as soon as " + "possible.") key = self._get_key(context).get_encoded() passphrase = self._get_passphrase(key) diff --git a/releasenotes/notes/deprecate-plain-cryptsetup-encryptor-0a279abc0b0d718c.yaml b/releasenotes/notes/deprecate-plain-cryptsetup-encryptor-0a279abc0b0d718c.yaml new file mode 100644 index 000000000..d6fa04fb4 --- /dev/null +++ b/releasenotes/notes/deprecate-plain-cryptsetup-encryptor-0a279abc0b0d718c.yaml @@ -0,0 +1,7 @@ +--- +deprecations: + - | + The plain CryptsetupEncryptor is deprecated and will be removed in a future + release. Existing users are encouraged to retype any existing volumes using + this encryptor to the luks LuksEncryptor or luks2 Luks2Encryptor encryptors + as soon as possible