review.fuel-infra Code Review - openstack-build/cinder-build.git/commit

]> review.fuel-infra Code Review - openstack-build/cinder-build.git/commit

Code Review / openstack-build / cinder-build.git / commit

author	Joel Coffman <joel.coffman@jhuapl.edu>
	Wed, 14 Aug 2013 14:00:15 +0000 (10:00 -0400)
committer	Joel Coffman <joel.coffman@jhuapl.edu>
	Wed, 14 Aug 2013 14:00:15 +0000 (10:00 -0400)
commit	122d4e0865c8d3b3ae73f051e8e246706e59f7b9
tree	e2b40169ecc3059643f37187ef638d116ec27b04	tree \| snapshot
parent	c458e8a780619edde09d23c93bfcf33259647806	commit \| diff

Add support for encrypted volumes

This modification adds an encryption key UUID field to the volume
table, which is sufficient to make Cinder "aware" of encrypted volumes
as designated by predefined volume types. Integration with a key
manager is necessary to obtain an actual encryption key UUID (the
current implementation generates a random UUID when an encrypted
volumes is created). Cinder should *not* presume that it necessarily
will have access to the key itself -- this decision depends upon the
design, implementation, and policy for encrypted volumes. The key's
UUID is stored in Cinder because it is metadata about the volume.

Implements: blueprint encrypt-cinder-volumes
Change-Id: I164290e761a9922919a70f22f99af70dac213b61
SecurityImpact

30 files changed:

cinder/api/contrib/volume_encryption_metadata.py	[new file with mode: 0644]	blob
cinder/api/contrib/volume_type_encryption.py	[new file with mode: 0644]	blob
cinder/db/api.py		diff \| blob \| history
cinder/db/sqlalchemy/api.py		diff \| blob \| history
cinder/db/sqlalchemy/migrate_repo/versions/017_add_encryption_information.py	[new file with mode: 0644]	blob
cinder/db/sqlalchemy/models.py		diff \| blob \| history
cinder/exception.py		diff \| blob \| history
cinder/keymgr/__init__.py		diff \| blob \| history
cinder/keymgr/key_mgr.py		diff \| blob \| history
cinder/keymgr/not_implemented_key_mgr.py	[new file with mode: 0644]	blob
cinder/tests/api/contrib/test_quotas.py		diff \| blob \| history
cinder/tests/api/contrib/test_volume_encryption_metadata.py	[new file with mode: 0644]	blob
cinder/tests/api/contrib/test_volume_type_encryption.py	[new file with mode: 0644]	blob
cinder/tests/api/v1/test_snapshot_metadata.py		diff \| blob \| history
cinder/tests/api/v2/test_snapshot_metadata.py		diff \| blob \| history
cinder/tests/keymgr/fake.py	[new file with mode: 0644]	blob
cinder/tests/keymgr/mock_key_mgr.py		diff \| blob \| history
cinder/tests/keymgr/test_mock_key_mgr.py		diff \| blob \| history
cinder/tests/keymgr/test_not_implemented_key_mgr.py	[new file with mode: 0644]	blob
cinder/tests/policy.json		diff \| blob \| history
cinder/tests/test_db_api.py		diff \| blob \| history
cinder/tests/test_migrations.py		diff \| blob \| history
cinder/tests/test_quota.py		diff \| blob \| history
cinder/tests/test_volume.py		diff \| blob \| history
cinder/tests/test_volume_types.py		diff \| blob \| history
cinder/volume/api.py		diff \| blob \| history
cinder/volume/driver.py		diff \| blob \| history
cinder/volume/flows/create_volume.py		diff \| blob \| history
cinder/volume/volume_types.py		diff \| blob \| history
etc/cinder/policy.json		diff \| blob \| history

RSS Atom