[openstack-dev] [nova][cinder] Deprecating ConfKeyManager (fixed-key key manager)

Matt Riedemann mriedem at linux.vnet.ibm.com
Mon Jan 4 16:28:19 UTC 2016

On 1/4/2016 10:03 AM, Eric Harney wrote:
> On 01/04/2016 10:46 AM, Farr, Kaitlin M. wrote:
>>> The fixed key manager is useful for easy testing (we're using it in the
>>> gate in places where barbican isn't available). Is there anything
>>> equivalent with Catellan?
>>>          -Sean
>>> --
>>> Sean Dague
>>> http://dague.net
>> There is no fixed-key back end with Castellan. I agree that using a
>> fixed key makes for very easy testing, but the tests use a
>> configuration (ConfKeyManager) that should not be used in deployment.
>> The tests could be made much more useful if they used a more realistic
>> configuration (Barbican).
>> Adding a gate that tests using DevStack with Barbican enabled would
>> be a more valuable than the existing tests for two reasons:
>>   1. ConfKeyManager could be removed.
>>   2. It would test the feature configured more closely to how a
>>      deployment would actually look.
>> As part of this change to deprecate ConfKeyManager and integrate
>> Castellan, I would like to add this new gate.
>>   -Kaitlin
> Aiming toward tests that mirror real-world deployment is certainly a
> good thing, but I don't think we should remove ConfKeyManager.
> We will want to maintain the ability to test these Cinder/Nova code
> paths in development environments or in some automated environments
> without requiring additional services to be configured.
> We can address this by having ConfKeyManager emit warning messages
> indicating that it isn't for production environments.
> Thanks,
> Eric
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Note that at least in nova, the single key manager already emits a 
warning when used [1].




Matt Riedemann

More information about the OpenStack-dev mailing list