Barbican key manager: missing key blocks volume deletion
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Fix Released
|
Undecided
|
Sayali Lunkad | ||
castellan |
Invalid
|
Undecided
|
Sayali Lunkad |
Bug Description
Summary
=======
If a key for an encrypted volume no longer exists, cinder.
https:/
This error condition should be handled more gracefully: a 404 upon an attempt to delete can simply be ignored with a warning in the log, since all it signifies is that the task is already done.
Impact
======
This has been observed in stable/mitaka. With the Barbican key manager gone as of Newton, this should not be an issue in Newton, unless Castellan based key management makes the same mistake.
Steps to repoduce
=================
1) Create an encrypted Cinder volume using the Barbican key manager
2) Delete its encryption key using `openstack secret delete`
3) Attempting to delete the volume will yield the error shown in the attached excerpt from the Cinder API log (stacktrace.log)
Changed in cinder: | |
assignee: | nobody → Sayali Lunkad (sayalilunkad) |
Changed in castellan: | |
status: | New → In Progress |
Note: this problem will also crop up when one tries to delete an encrypted volume created using cinder. keymgr. conf_key_ mgr (that volume will have an invalid key_id of `00000000- 0000-0000- 0000-0000000000 00`).