python-novaclient/releasenotes/notes/microversion-v2_63-cd058a9145550cae.yaml
Jackie Truong 7f10707e5d Microversion 2.63 - Add trusted_image_certificates
This change adds a `--trusted-image-certificate-id` option to the
`nova boot` and `nova rebuild` commands. This option takes in a
a single trusted certificate ID. The option may be used multiple times
to specify multiple trusted certificate IDs, which will be
used to validate certificates in the image signature verification
process. If ID values are not specified using this option, the value of
the newly added OS_TRUSTED_IMAGE_CERTIFICATE_IDS environment variable
will be used instead. This value will be converted into a list before
being passed on.

The ``nova rebuild`` command also gets a new
``--trusted-image-certificates-unset`` option to unset/reset the
trusted image certificates in a server during rebuild. This is
similar to unsetting key_name and user_data during rebuild.

Corresponding `trusted_image_certificates` kwarg has been added to the
server create and rebuild Python API bindings.

Co-Authored-By: Brianna Poulos <Brianna.Poulos@jhuapl.edu>
Co-Authored-By: Matt Riedemann <mriedem.os@gmail.com>
Change-Id: I235541a689732826950c7b2a510d5835211120c3
Implements: blueprint nova-validate-certificates
2018-06-15 10:40:24 -04:00

18 lines
693 B
YAML

---
features:
- |
Added support for `microversion 2.63`_, which includes the following
changes:
- New environment variable called ``OS_TRUSTED_IMAGE_CERTIFICATE_IDS``
- New ``nova boot`` option called ``--trusted-image-certificate-id``
- New ``nova rebuild`` options called ``--trusted-image-certificate-id``
and ``--trusted-image-certificates-unset``
- New kwarg called ``trusted_image_certificates`` added to python API
bindings:
- ``novaclient.v2.servers.ServerManager.create()``
- ``novaclient.v2.servers.ServerManager.rebuild()``
.. _microversion 2.63: https://docs.openstack.org/nova/latest/api_microversion_history.html#id57