[Openstack-security] [openstack/cinder] SecurityImpact review request change I164290e761a9922919a70f22f99af70dac213b61
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Thu May 30 00:03:18 UTC 2013
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/30974
Log:
commit 2498510115f879e2e7ee71a9df6a4a5f57084d33
Author: Joel Coffman <joel.coffman at jhuapl.edu>
Date: Wed May 15 17:27:42 2013 -0400
Add encryption metadata to volume table
This modification adds an encryption key UUID field to the volume table, which
is sufficient to make Cinder "aware" of encrypted volumes as designated by
predefined volume types. Integration with a key manager is necessary to obtain
an actual encryption key UUID (the current implementation generates a random
UUID when an encrypted volumes is created). Cinder should *not* presume that it
necessarily will have access to the key itself -- this decision depends upon the
design, implementation, and policy for encrypted volumes. The key's UUID is
stored in Cinder because it is metadata about the volume.
Implements: blueprint encrypt-cinder-volumes
Change-Id: I164290e761a9922919a70f22f99af70dac213b61
SecurityImpact
More information about the Openstack-security
mailing list