Open Stack

Kaitlin,

On Mon, Mar 13, 2017 at 2:55 PM, Farr, Kaitlin M.
<Kaitlin.Farr at jhuapl.edu> wrote:
> Proposed library name: Rename Castellan to oslo.keymanager
>
>
>
> Proposed library mission/motivation: Castellan’s goal is to provide a
>
> generic key manager interface that projects can use for their key
>
> manager needs, e.g., storing certificates or generating keys for
>
> encrypting data.  The interface passes the commands and Keystone
>
> credentials on to the configured back end. Castellan is not a service
>
> and does not maintain state. The library can grow to have multiple
>
> back ends, as long as the back end can authenticate Keystone
>
> credentials.  The only two back end options now in Castellan are
>
> Barbican and a limited mock key manager useful only for unit tests.
>
> If someone wrote a Keystone auth plugin for Vault, we could also have a
>
> Vault back end for Castellan.
>
>
>
> The benefit of using Castellan versus using Barbican directly
>
> is Castellan allows the option of swapping out for other key managers,
>
> mainly for testing.  If projects want their own custom back end for
>
> Castellan, they can write a back end that implements the Castellan
>
> interface but lives in their own code base, i.e., ConfKeyManager in
>
> Nova and Cinder. Additionally, Castellan already has oslo.config
>
> options defined which are helpful for configuring the project to talk
>
> to Barbican.
>
>
>
> When the Barbican team first created the Castellan library, we had
>
> reached out to oslo to see if we could name it oslo.keymanager, but the
>
> idea was not accepted because the library didn’t have enough traction.
>
> Now, Castellan is used in many projects, and we thought we would
>
> suggest renaming again.  At the PTG, the Barbican team met with the AWG
>
> to discuss how we could get Barbican integrated with more projects, and
>
> the rename was also suggested at that meeting.  Other projects are
>
> interested in creating encryption features, and a rename will help
>
> clarify the difference between Barbican and Castellan.
>
>
>
> Existing similar libraries (if any) and why they aren't being used: N/A
>
>
>
> Reviewer activity: Barbican team
>
>
>
> Who is going to use this (project involvement): Cinder, Nova, Sahara,
>
> and Glance already use Castellan, Swift has a patch that integrates
>
> Castellan.
>
>
>
> Proposed adoption model/plan: The Castellan library was already created
>
> and produces a functional and useful artifact (a pypi release) and is
>
> integrated into various OpenStack projects and now it is proposed that
>
> the library be moved into the Oslo group's namespace by creating a fork
>
> of Castellan, clean up a few things, create a new oslo.keymanager
>
> release on pypi, and change the projects to use oslo.keymanager.
>

Is the idea that the name change (oslo) will help drive the adoption?

Also, Is the a default backend for say devstack going to be barbican?
Is there a plan to do something else (say a vault based backend) for
very simple scenarios?

>
> Thanks,
>
>
>
> Kaitlin Farr
>
> Software Engineer
>
> The Johns Hopkins University Applied Physics Laboratory
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



-- 
Davanum Srinivas :: https://twitter.com/dims