[barbican][cinder] Business Software License in new Vault
Hi Guys,
Recently Hashicorp changed their product licensing from MPL to BSL. Did any of you carry out research on the impact of this change in regard to using Vault as a backend in Barbican and/or Cinder for both private and public clouds? Any thoughts about that?
Cheers, Damian
On Sun, 2023-09-17 at 18:52 +0200, Damian Bulira wrote:
Hi Guys,
Recently Hashicorp changed their product licensing from MPL to BSL. Did any of you carry out research on the impact of this change in regard to using Vault as a backend in Barbican and/or Cinder for both private and public clouds? Any thoughts about that?
im not that familiar with vault or barbican but unless we are importing code form vault it should nova no impact on the licensing of the barbican code base.
i belive we actully use https://github.com/openstack/castellan as an indirection layer in any openstack project that talks to vault.
if the BSL which is not generally accpted as a opensouce lisnce is incompatble with apache2 we woudl have to drop vault support if we were now calling any bsl code.
assumign we are using non CLIs or non bsl clinent libs we shoudl be unaffected by the chagne however it may have implicatoins for deployers both new and existing.
looking at it looks like its written in terms of vaults http api. https://github.com/openstack/castellan/blob/master/castellan/key_manager/vau... as a result castellan should be insulated form this change and proejcts like nova that only interact via castallan should be fine. barbincan appears to be using castellan at first glance too https://github.com/openstack/barbican/blob/c8e3dc14e6225f1d400131434e8afec0a...
so i think form a code licening point of view we are ok. that does not mean we hould nessisarly endorce the use of vault going forward but i honestly dont know enough about the politic or details of the bsl change to really comment on that.
if its not already a cpabality of barbican now might be a good time to investiage support for secrete migration between secrete backends...
Cheers, Damian
The code part is not a issue, I think this question is mostly directed towards operators using Vault as the backend (backend storage with an API essentially) for Barbican.
I’m also very interested in this topic, my idea was to email their licensing department and simply ask unless somebody here has an answer already.
Best regards Tobias
On 18 Sep 2023, at 12:06, smooney@redhat.com wrote:
On Sun, 2023-09-17 at 18:52 +0200, Damian Bulira wrote:
Hi Guys,
Recently Hashicorp changed their product licensing from MPL to BSL. Did any of you carry out research on the impact of this change in regard to using Vault as a backend in Barbican and/or Cinder for both private and public clouds? Any thoughts about that?
im not that familiar with vault or barbican but unless we are importing code form vault it should nova no impact on the licensing of the barbican code base.
i belive we actully use https://github.com/openstack/castellan as an indirection layer in any openstack project that talks to vault.
if the BSL which is not generally accpted as a opensouce lisnce is incompatble with apache2 we woudl have to drop vault support if we were now calling any bsl code.
assumign we are using non CLIs or non bsl clinent libs we shoudl be unaffected by the chagne however it may have implicatoins for deployers both new and existing.
looking at it looks like its written in terms of vaults http api. https://github.com/openstack/castellan/blob/master/castellan/key_manager/vau... as a result castellan should be insulated form this change and proejcts like nova that only interact via castallan should be fine. barbincan appears to be using castellan at first glance too https://github.com/openstack/barbican/blob/c8e3dc14e6225f1d400131434e8afec0a...
so i think form a code licening point of view we are ok. that does not mean we hould nessisarly endorce the use of vault going forward but i honestly dont know enough about the politic or details of the bsl change to really comment on that.
if its not already a cpabality of barbican now might be a good time to investiage support for secrete migration between secrete backends...
Cheers, Damian
Thanks Sean for the input regarding the code base.
I would highly appreciate it if anyone has any input regarding Vault as a backend and BSL from the cloud provider perspective.
Cheers, Damian
pon., 18 wrz 2023 o 12:07 smooney@redhat.com napisał(a):
On Sun, 2023-09-17 at 18:52 +0200, Damian Bulira wrote:
Hi Guys,
Recently Hashicorp changed their product licensing from MPL to BSL. Did
any
of you carry out research on the impact of this change in regard to using Vault as a backend in Barbican and/or Cinder for both private and public clouds? Any thoughts about that?
im not that familiar with vault or barbican but unless we are importing code form vault it should nova no impact on the licensing of the barbican code base.
i belive we actully use https://github.com/openstack/castellan as an indirection layer in any openstack project that talks to vault.
if the BSL which is not generally accpted as a opensouce lisnce is incompatble with apache2 we woudl have to drop vault support if we were now calling any bsl code.
assumign we are using non CLIs or non bsl clinent libs we shoudl be unaffected by the chagne however it may have implicatoins for deployers both new and existing.
looking at it looks like its written in terms of vaults http api.
https://github.com/openstack/castellan/blob/master/castellan/key_manager/vau... as a result castellan should be insulated form this change and proejcts like nova that only interact via castallan should be fine. barbincan appears to be using castellan at first glance too
https://github.com/openstack/barbican/blob/c8e3dc14e6225f1d400131434e8afec0a...
so i think form a code licening point of view we are ok. that does not mean we hould nessisarly endorce the use of vault going forward but i honestly dont know enough about the politic or details of the bsl change to really comment on that.
if its not already a cpabality of barbican now might be a good time to investiage support for secrete migration between secrete backends...
Cheers, Damian
On 2023-09-17 18:52:12 +0200 (+0200), Damian Bulira wrote:
Recently Hashicorp changed their product licensing from MPL to BSL. Did any of you carry out research on the impact of this change in regard to using Vault as a backend in Barbican and/or Cinder for both private and public clouds? Any thoughts about that?
I brought it up last month in the #openstack-tc IRC channel, and there was some brief discussion but nothing concrete:
https://meetings.opendev.org/irclogs/%23openstack-tc/%23openstack-tc.2023-08...
If there are strong concerns, we do have an (infrequently-used) mailing list for legal/licensing topics as well: https://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
participants (4)
-
Damian Bulira
-
Jeremy Stanley
-
smooney@redhat.com
-
Tobias Urdin