[Openstack-security] [openstack/cinder] SecurityImpact review request change I164290e761a9922919a70f22f99af70dac213b61
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Tue Aug 13 18:55:49 UTC 2013
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/30974
Log:
commit 57c26ca5e182840bb670616e5f1aef74db2387b1
Author: Joel Coffman <joel.coffman at jhuapl.edu>
Date: Mon Aug 12 09:41:41 2013 -0400
Add support for encrypted volumes
This modification adds an encryption key UUID field to the volume
table, which is sufficient to make Cinder "aware" of encrypted volumes
as designated by predefined volume types. Integration with a key
manager is necessary to obtain an actual encryption key UUID (the
current implementation generates a random UUID when an encrypted
volumes is created). Cinder should *not* presume that it necessarily
will have access to the key itself -- this decision depends upon the
design, implementation, and policy for encrypted volumes. The key's
UUID is stored in Cinder because it is metadata about the volume.
Implements: blueprint encrypt-cinder-volumes
Change-Id: I164290e761a9922919a70f22f99af70dac213b61
SecurityImpact
More information about the Openstack-security
mailing list