Store encryption metadata with individual volumes
Encryption metadata is currently associated with (encrypted) volume types, which forces
snapshots, clones, and backups to all share the same volume type as the original volume. This
requirement, which is really an implementation artifact, leads to numerous special cases and
needless complexity.
This proposed change copies the encryption metadata from an encrypted volume type when a
volume is created. The encryption metadata is then stored with snapshots, clones, backups, etc.,
but there is no need to retain the original volume's type.
A side benefit of this change is the ability to modify the default encryption metadata (cipher, key
size, etc.) for a volume type since it will not affect existing volumes of that type. Currently
volume types cannot be updated or deleted once an encrypted volume has been created.
Blueprint information
- Status:
- Not started
- Approver:
- Sean McGinnis
- Priority:
- Medium
- Drafter:
- hadi esiely
- Direction:
- Needs approval
- Assignee:
- hadi esiely
- Definition:
- Approved
- Series goal:
- None
- Implementation:
-
Unknown
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
<thingee> 2015-02-14: I don't think this will have a good chance in Kilo since it's so late. Also I think this kind of thing needs a Cinder spec.
Gerrit topic: https:/
Addressed by: https:/
Store volume encryption metadata on each volume
Addressed by: https:/
blueprint volume-
Addressed by: https:/
Add test case for volume_
Addressed by: https:/
Remove unnecessary checks for encrypted types
Addressed by: https:/
Add volume encryption metadata spec
Addressed by: https:/
Correct comment to be consistent with code
Addressed by: https:/
Refactor to remove duplicate code
Addressed by: https:/
Remove unused function volume_
Addressed by: https:/
Clean up volume_type_update method
Addressed by: https:/
Store volume encryption metadata with volumes
