[barbican][cinder] Business Software License in new Vault

Damian Bulira damian at bulira.pl
Tue Sep 19 13:19:44 UTC 2023


Thanks Sean for the input regarding the code base.

I would highly appreciate it if anyone has any input regarding Vault as a
backend and BSL from the cloud provider perspective.

Cheers,
Damian

pon., 18 wrz 2023 o 12:07 <smooney at redhat.com> napisał(a):

> On Sun, 2023-09-17 at 18:52 +0200, Damian Bulira wrote:
> > Hi Guys,
> >
> > Recently Hashicorp changed their product licensing from MPL to BSL. Did
> any
> > of you carry out research on the impact of this change in regard to using
> > Vault as a backend in Barbican and/or Cinder for both private and public
> > clouds? Any thoughts about that?
>
> im not that familiar with vault or barbican but unless we are importing
> code form
> vault it should nova no impact on the licensing of the barbican code base.
>
> i belive we actully use https://github.com/openstack/castellan as an
> indirection layer
> in any openstack project that talks to vault.
>
> if the BSL which is not generally accpted as a opensouce lisnce is
> incompatble with apache2
> we woudl have to drop vault support if we were now calling any bsl code.
>
> assumign we are using non CLIs or non bsl clinent libs we shoudl be
> unaffected by the chagne
> however it may have implicatoins for deployers both new and existing.
>
> looking at it looks like its written in terms of vaults http api.
>
> https://github.com/openstack/castellan/blob/master/castellan/key_manager/vault_key_manager.py
> as a result castellan should be insulated form this change and proejcts
> like nova that only interact
> via castallan should be fine.  barbincan appears to be using castellan at
> first glance too
>
> https://github.com/openstack/barbican/blob/c8e3dc14e6225f1d400131434e8afec0aa410ae7/barbican/plugin/vault_secret_store.py#L65
>
> so i think form a code licening point of view we are ok.
> that does not mean we hould nessisarly endorce the use of vault going
> forward but i honestly dont
> know enough about the politic or details of the bsl change to really
> comment on that.
>
> if its not already a cpabality of barbican now might be a good time to
> investiage support for secrete migration between
> secrete backends...
>
>
> >
> > Cheers,
> > Damian
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230919/e7eb7a79/attachment-0001.htm>


More information about the openstack-discuss mailing list