[Glance] Deprecate metadata_encryption_key
Hello Everyone, Glance core team have discussed and decided during Dalmatian PTG[1] about depreciation of `metadata_encryption_key` config option. We decided to deprecate it in this cycle and remove it in `E` (2025.1) cycle[2]. Problems with `metadata_encryption_key` config option and its related functionality: 1. It was added quite a long time ago and even though as per the description it should encrypt the location metadata but it actually encrypts the location url. 2. It encrypts the location url only for image upload/import/download/show APIs and doesn't encrypt url on location APIs. 3. If it's enabled during upgrade, it will break the existing deployment since the existing image url is not encrypted. 4. It doesn't even work for location url encryption as expected since it does not encrypt the legacy images url on start up, download of that image fails with InvalidLocation error. If there are any objections/suggestions on the above plan kindly please let us know before the spec freeze date of glance which is July 05,2024. If there will be no response till 5th July, we will assume that it's a go forward signal and can merge the spec lite[2] for the same. [1]: https://etherpad.opendev.org/p/apr2024-ptg-glance#L339 [2]: https://review.opendev.org/c/openstack/glance-specs/+/916178 Thanks & Regards, Pranali Deore
On 4/25/24 15:25, Pranali Deore wrote:
Hello Everyone,
Glance core team have discussed and decided during Dalmatian PTG[1] about depreciation of `metadata_encryption_key` config option. We decided to deprecate it in this cycle and remove it in `E` (2025.1) cycle[2].
My main concern is that the plan is not aligned with the current SLURP policy, and the feature may need to be kept in E and can be removed in F. If it's removed in E then the feature is directly removed between SLURP releases, C and E without deprecation step. If the implementation doesn't break the other functionality of glance (as long as the feature is disabled), I'd suggest removing the feature in F. Even if the implementation needs to be removed for some reason then probably leaving at least the option may allow users to notice the removal.
Problems with `metadata_encryption_key` config option and its related functionality:
1. It was added quite a long time ago and even though as per the description it should encrypt the location metadata but it actually encrypts the location url. 2. It encrypts the location url only for image upload/import/download/show APIs and doesn't encrypt url on location APIs. 3. If it's enabled during upgrade, it will break the existing deployment since the existing image url is not encrypted. 4. It doesn't even work for location url encryption as expected since it does not encrypt the legacy images url on start up, download of that image fails with InvalidLocation error.
If there are any objections/suggestions on the above plan kindly please let us know before the spec freeze date of glance which is July 05,2024.
If there will be no response till 5th July, we will assume that it's a go forward signal and can merge the spec lite[2] for the same.
[1]: https://etherpad.opendev.org/p/apr2024-ptg-glance#L339 <https://etherpad.opendev.org/p/apr2024-ptg-glance#L339> [2]: https://review.opendev.org/c/openstack/glance-specs/+/916178 <https://review.opendev.org/c/openstack/glance-specs/+/916178>
Thanks & Regards, Pranali Deore
participants (2)
-
Pranali Deore
-
Takashi Kajinami