Thanks Sean for the input regarding the code base.
I would highly appreciate it if anyone has any input regarding Vault as a backend and BSL from the cloud provider perspective.
Cheers,
Damian
On Sun, 2023-09-17 at 18:52 +0200, Damian Bulira wrote:
> Hi Guys,
>
> Recently Hashicorp changed their product licensing from MPL to BSL. Did any
> of you carry out research on the impact of this change in regard to using
> Vault as a backend in Barbican and/or Cinder for both private and public
> clouds? Any thoughts about that?
im not that familiar with vault or barbican but unless we are importing code form
vault it should nova no impact on the licensing of the barbican code base.
i belive we actully use https://github.com/openstack/castellan as an indirection layer
in any openstack project that talks to vault.
if the BSL which is not generally accpted as a opensouce lisnce is incompatble with apache2
we woudl have to drop vault support if we were now calling any bsl code.
assumign we are using non CLIs or non bsl clinent libs we shoudl be unaffected by the chagne
however it may have implicatoins for deployers both new and existing.
looking at it looks like its written in terms of vaults http api.
https://github.com/openstack/castellan/blob/master/castellan/key_manager/vault_key_manager.py
as a result castellan should be insulated form this change and proejcts like nova that only interact
via castallan should be fine. barbincan appears to be using castellan at first glance too
https://github.com/openstack/barbican/blob/c8e3dc14e6225f1d400131434e8afec0aa410ae7/barbican/plugin/vault_secret_store.py#L65
so i think form a code licening point of view we are ok.
that does not mean we hould nessisarly endorce the use of vault going forward but i honestly dont
know enough about the politic or details of the bsl change to really comment on that.
if its not already a cpabality of barbican now might be a good time to investiage support for secrete migration between
secrete backends...
>
> Cheers,
> Damian