[barbican][cinder] Business Software License in new Vault
Tobias Urdin
tobias.urdin at binero.com
Mon Sep 18 11:42:24 UTC 2023
The code part is not a issue, I think this question is mostly directed towards operators
using Vault as the backend (backend storage with an API essentially) for Barbican.
I’m also very interested in this topic, my idea was to email their licensing department and simply
ask unless somebody here has an answer already.
Best regards
Tobias
> On 18 Sep 2023, at 12:06, smooney at redhat.com wrote:
>
> On Sun, 2023-09-17 at 18:52 +0200, Damian Bulira wrote:
>> Hi Guys,
>>
>> Recently Hashicorp changed their product licensing from MPL to BSL. Did any
>> of you carry out research on the impact of this change in regard to using
>> Vault as a backend in Barbican and/or Cinder for both private and public
>> clouds? Any thoughts about that?
>
> im not that familiar with vault or barbican but unless we are importing code form
> vault it should nova no impact on the licensing of the barbican code base.
>
> i belive we actully use https://github.com/openstack/castellan as an indirection layer
> in any openstack project that talks to vault.
>
> if the BSL which is not generally accpted as a opensouce lisnce is incompatble with apache2
> we woudl have to drop vault support if we were now calling any bsl code.
>
> assumign we are using non CLIs or non bsl clinent libs we shoudl be unaffected by the chagne
> however it may have implicatoins for deployers both new and existing.
>
> looking at it looks like its written in terms of vaults http api.
> https://github.com/openstack/castellan/blob/master/castellan/key_manager/vault_key_manager.py
> as a result castellan should be insulated form this change and proejcts like nova that only interact
> via castallan should be fine. barbincan appears to be using castellan at first glance too
> https://github.com/openstack/barbican/blob/c8e3dc14e6225f1d400131434e8afec0aa410ae7/barbican/plugin/vault_secret_store.py#L65
>
> so i think form a code licening point of view we are ok.
> that does not mean we hould nessisarly endorce the use of vault going forward but i honestly dont
> know enough about the politic or details of the bsl change to really comment on that.
>
> if its not already a cpabality of barbican now might be a good time to investiage support for secrete migration between
> secrete backends...
>
>
>>
>> Cheers,
>> Damian
>
>
More information about the openstack-discuss
mailing list