[openstack-dev] [nova][cinder] Deprecating ConfKeyManager (fixed-key key manager)
Farr, Kaitlin M.
Kaitlin.Farr at jhuapl.edu
Tue Jan 5 21:58:38 UTC 2016
>> Aiming toward tests that mirror real-world deployment is certainly a
>> good thing, but I don't think we should remove ConfKeyManager.
>>
>> We will want to maintain the ability to test these Cinder/Nova code
>> paths in development environments or in some automated environments
>> without requiring additional services to be configured.
>>
>> We can address this by having ConfKeyManager emit warning messages
>> indicating that it isn't for production environments.
>
> Right, effectively the fixed key manager was a Testing Fixture for us.
> That's really important because it reduces the number of moving parts
> when testing this stuff as a full stack.
>
> -Sean
Ok, I am looking into a way to keep a fixed-key back end, but it will
not live in Castellan.
Even if we keep the fixed-key back end, what about adding a gate that
tests the encryption features using Barbican? Would the community be
supportive if I added that gate?
Kaitlin
More information about the OpenStack-dev
mailing list