support certificate validate

Registered by TommyLike on 2018-06-05

OpenStack now supports signature verification for signed images. However, it does not support strong certificate validation for certificates used to generate image signatures. Specifically, cinder has no mechanism to identify trusted certificates. While cinder verifies the signature of a signed image, there is no way to determine if the certificate used to generate and verify that signature is a certificate that is trusted by the user. This change will introduce an addition to the cinder API allowing the user to specify a list of trusted certificates when creating volume from image. These trusted certificates will be used to conduct certificate validation in concert with signature verification, providing the user confidence in the integrity of the image being created.

Blueprint information

Status:
Started
Approver:
Sean McGinnis
Priority:
Medium
Drafter:
TommyLike
Direction:
Approved
Assignee:
TommyLike
Definition:
New
Series goal:
Accepted for rocky
Implementation:
Needs Code Review
Milestone target:
milestone icon rocky-3
Started by
Jay Bryant on 2018-07-24

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/certificate-validate,n,z

Addressed by: https://review.openstack.org/572254
    Support certificate validation

Addressed by: https://review.openstack.org/585259
    Implements image certificate verification

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.