Hey Eric, thanks for taking a look at this. Several things:
1. mode is not a dogtag flag, this is an argument in barbican in the create_key method -- https://github.com/openstack/python-barbicanclient/blob/4.6.0/barbicanclient/v1/orders.py#L442-L443 2. castellan is not a service, so can only provide default, which means there will be no way to specify which mode to use. we need to add mode argument here -- https://github.com/openstack/castellan/blob/0.17.0/castellan/key_manager/barbican_key_manager.py#L216-L217, that's why this bug also affects castellan 3. other parameters provided to the key creation method come from VolumeTypeEncryption -- https://github.com/openstack/cinder/blob/a6e79968ed237a7f0982cdc0d8fcf231d63b38fc/cinder/volume/utils.py#L900-L903
Why the mode is required in case of using dogtag backend but is not required when using eg simplecrypt backend might be a bug in barbican, but still would be good to allow providing mode through cinder.
Hey Eric, thanks for taking a look at this. Several things:
1. mode is not a dogtag flag, this is an argument in barbican in the create_key method -- https:/ /github. com/openstack/ python- barbicanclient/ blob/4. 6.0/barbicancli ent/v1/ orders. py#L442- L443 /github. com/openstack/ castellan/ blob/0. 17.0/castellan/ key_manager/ barbican_ key_manager. py#L216- L217, that's why this bug also affects castellan ption -- https:/ /github. com/openstack/ cinder/ blob/a6e79968ed 237a7f0982cdc0d 8fcf231d63b38fc /cinder/ volume/ utils.py# L900-L903
2. castellan is not a service, so can only provide default, which means there will be no way to specify which mode to use. we need to add mode argument here -- https:/
3. other parameters provided to the key creation method come from VolumeTypeEncry
Why the mode is required in case of using dogtag backend but is not required when using eg simplecrypt backend might be a bug in barbican, but still would be good to allow providing mode through cinder.