| 2020-04-02 11:58:38 |
Brian Rosmaita |
description |
https://review.opendev.org/671503
Dear bug triager. This bug was created since a commit was marked with DOCIMPACT.
Your project "openstack/glance" is set up so that we directly report the documentation bugs against it. If this needs changing, the docimpact-group option needs to be added for the project. You can ask the OpenStack infra team (#openstack-infra on freenode) for help if you need to.
commit b190a39a2831d4b221476444c09d5f1bd88f6fd2
Author: Cyril Roelandt <cyril@redhat.com>
Date: Wed Jul 17 22:15:10 2019 +0200
Delete secret key on image deletion
We add two extra properties for images:
- cinder_encryption_key_id, which stores the encryption key id;
- cinder_encryption_key_deletion_policy, which states whether the secret
key should be deleted on image deletion.
This feature uses the Castellan key manager, and will therefore work
with all its supported backends.
Implements: blueprint barbican-secret-deletion-support
DocImpact
Change-Id: Iacd0b3785ad4cdd06961e6d11967775806e009ff
|
This is prompted by https://review.opendev.org/671503 (released in Train; see commit message below).
It's currently documented in the image schema:
https://review.opendev.org/#/c/671503/5/etc/schema-image.json
but it would be good to have some more info somewhere. A likely place is
https://opendev.org/openstack/glance/src/branch/master/doc/source/admin/troubleshooting.rst
The current title is "Images and instances". Maybe change to "Images, instances, and volumes".
There's a section "Instance Launch" that talks about images and volumes, but only talks about volumes as persistent storage. Add a section after it titled "Images and volumes", and mention:
1 - creating a bootable volume (should be something in nova and cinder docs about this that you can copy)
2 - uploading a volume as an image (find something in cinder docs)
3 - uploading an encrypted volume as an image (find something in cinder docs)
The below commit impacts item 3. The release note for it has additional information you can copy:
https://opendev.org/openstack/glance/src/branch/master/releasenotes/notes/bp-barbican-secret-deletion-support-40cffa5ffa33447e.yaml
https://review.opendev.org/671503
commit b190a39a2831d4b221476444c09d5f1bd88f6fd2
Author: Cyril Roelandt <cyril@redhat.com>
Date: Wed Jul 17 22:15:10 2019 +0200
Delete secret key on image deletion
We add two extra properties for images:
- cinder_encryption_key_id, which stores the encryption key id;
- cinder_encryption_key_deletion_policy, which states whether the secret
key should be deleted on image deletion.
This feature uses the Castellan key manager, and will therefore work
with all its supported backends.
Implements: blueprint barbican-secret-deletion-support
DocImpact
Change-Id: Iacd0b3785ad4cdd06961e6d11967775806e009ff |
|
