Cinder

Encryption key not be deleted when upload encryped volume to image fails

Bug #1882019 reported by caixiaoyu on 2020-06-04

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Cinder	In Progress	Undecided	caixiaoyu

Bug Description

When uploading encrypted volume to image, a new encryption key will be created by cloning the encrypted volume's encryption key. And the new encryption key id will be stored in glance image matadata in the form of 'cinder_encryption_key_id'.
If upload-to-image fails, for example: upload-to-image fails when volume's status is incorrect, there is no process to delete the new encryption key. We still can get the new encryption key info by execute CLI: openstack secret get http://barbican-ha-vip:9311/v1/secrets/<new_encryption_key_id>.

OpenStack Infra (hudson-openstack) on 2020-06-04

Changed in cinder:
assignee:	nobody → caixiaoyu (caixiaoyu)
status:	New → In Progress

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.