)]}'
{"specs/stein/approved/glance/image-encryption.rst":[{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"6fa60d7f9dc826337a861d0e410ae358a9f73ead","unresolved":false,"context_lines":[{"line_number":30,"context_line":"includes the image storage hosts of Glance itself. Furthermore it might also"},{"line_number":31,"context_line":"involve caches on systems like compute hosts. In conclusion they are exposed"},{"line_number":32,"context_line":"to a multitude of potential scenarios involving different hosts with different"},{"line_number":33,"context_line":"access patterns and attack surfaces. The OpenStack components involved in"},{"line_number":34,"context_line":"those scenarios do not protect the confidentiality of image data. That’s why"},{"line_number":35,"context_line":"we propose the introduction of an encrypted image format."},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"Use Cases"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3f79a3b5_c8f5d885","line":34,"range":{"start_line":33,"start_character":37,"end_line":34,"end_character":65},"updated":"2018-10-12 12:44:08.000000000","message":"I\u0027d like you to be more clear about the problem you want to solve.  What I mean is, Glance currently controls access to an image by what \u0027visibility\u0027 is set on the image.  Private images are accessible only within a project, not outside a project.\n\nBut, you say, what if someone gains access to the Glance backend?  Suppose someone does, even with the image encrypted.  If that person has access to the key stored in Barbican, then the encryption does not guarantee the confidentiality of the image data.\n\nSimilarly, when nova decrypts the data in-flight from Glance, the image is going to wind up unencrypted on the hypervisor.  So now we\u0027re in the same situation as if the image were never encrypted and someone compromised the Glance backend.  If someone got hypervisor access at this point, they\u0027d have access to the image.\n\nSo it\u0027s not clear to me why a plaintext image is OK on the hypervisor but not in the Glance backend.","commit_id":"56c80abba613b23d23627f4203433ec361e9d87a"},{"author":{"_account_id":27665,"name":"Markus Hentsch","email":"markus.hentsch@cloudandheat.com","username":"mhen"},"change_message_id":"a4d181cfa3e3031b1f086cf58d827f570c7cff4d","unresolved":false,"context_lines":[{"line_number":30,"context_line":"includes the image storage hosts of Glance itself. Furthermore it might also"},{"line_number":31,"context_line":"involve caches on systems like compute hosts. In conclusion they are exposed"},{"line_number":32,"context_line":"to a multitude of potential scenarios involving different hosts with different"},{"line_number":33,"context_line":"access patterns and attack surfaces. The OpenStack components involved in"},{"line_number":34,"context_line":"those scenarios do not protect the confidentiality of image data. That’s why"},{"line_number":35,"context_line":"we propose the introduction of an encrypted image format."},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"Use Cases"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3f79a3b5_a273421c","line":34,"range":{"start_line":33,"start_character":37,"end_line":34,"end_character":65},"in_reply_to":"3f79a3b5_c8f5d885","updated":"2018-10-19 15:22:55.000000000","message":"Done","commit_id":"56c80abba613b23d23627f4203433ec361e9d87a"},{"author":{"_account_id":27665,"name":"Markus Hentsch","email":"markus.hentsch@cloudandheat.com","username":"mhen"},"change_message_id":"124fb57cf342498e978e4234d3b366806c03cf57","unresolved":false,"context_lines":[{"line_number":30,"context_line":"includes the image storage hosts of Glance itself. Furthermore it might also"},{"line_number":31,"context_line":"involve caches on systems like compute hosts. In conclusion they are exposed"},{"line_number":32,"context_line":"to a multitude of potential scenarios involving different hosts with different"},{"line_number":33,"context_line":"access patterns and attack surfaces. The OpenStack components involved in"},{"line_number":34,"context_line":"those scenarios do not protect the confidentiality of image data. That’s why"},{"line_number":35,"context_line":"we propose the introduction of an encrypted image format."},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"Use Cases"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3f79a3b5_196800ba","line":34,"range":{"start_line":33,"start_character":37,"end_line":34,"end_character":65},"in_reply_to":"3f79a3b5_c8f5d885","updated":"2018-10-12 14:45:30.000000000","message":"If someone gains access to both the Glance host file system as well as the Barbican key entry it\u0027s game over for the image, I agree. However, gaining access to one does not automatically grant access to the other. As a Defence-in-depth approach this still holds value for sufficiently secured infrastructures.\n\nRegarding the hypervisor: as described in \"Proposed change\" we require the mechanism to be able to directly stream the image format into the target resource (volumes, ephemeral disks). If the target is encrypted as well and native LUKS (QEMU) is used, the image data is never exposed unencrypted anywhere else than in the hypervisor for the VM itself. Even root can\u0027t access it.\n\nThere are still limitations (native LUKS only supported by volumes not ephemeral storage etc.) but in specific scenarios you can already reach this level of security - it\u0027s up to the provider to limit the possibility scenarios through configuration if they care about that. We would limit them in the code itself but Nova and Cinder teams have been against this approach, so we simply lay the foundation for security focused clouds. It\u0027s not like it is OK to have plaintext images on the hypervisor and our proposal doesn\u0027t state that.\n\nWe simply can\u0027t address every possible cloud configuration in the same way. But with a set of configuration recommendations for security focused environments, we are able to reach a good foundation in our opinion. Future enhancements can build upon that and extend the provided security enhancements to a broader set of variants.","commit_id":"56c80abba613b23d23627f4203433ec361e9d87a"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"2f74f9373a7ea1b70bead614abf93843cddcd748","unresolved":false,"context_lines":[{"line_number":50,"context_line":"   compute host then generates the image based on the data of the ephemeral"},{"line_number":51,"context_line":"   storage disk. To protect the confidentiality of the data within the image,"},{"line_number":52,"context_line":"   the user wants Nova to also encrypt the image using a key from the key"},{"line_number":53,"context_line":"   manager, specified by its secret ID. Consequently, the image stored on the"},{"line_number":54,"context_line":"   Glance host is encrypted."},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"3. A user wants to create a new server or volume based on an encrypted image"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3f79a3b5_b0f256e2","line":53,"range":{"start_line":53,"start_character":29,"end_line":53,"end_character":38},"updated":"2018-10-11 19:38:07.000000000","message":"Could you clarify the sense in which this is a \"secret ID\"?  What I mean is, do you simply mean that this is the identifier for the key stored in barbican, or do you mean that you want to keep this ID itself secret (perhaps by using property protections to make it invisible to most users)?","commit_id":"56c80abba613b23d23627f4203433ec361e9d87a"},{"author":{"_account_id":27665,"name":"Markus Hentsch","email":"markus.hentsch@cloudandheat.com","username":"mhen"},"change_message_id":"a4d181cfa3e3031b1f086cf58d827f570c7cff4d","unresolved":false,"context_lines":[{"line_number":50,"context_line":"   compute host then generates the image based on the data of the ephemeral"},{"line_number":51,"context_line":"   storage disk. To protect the confidentiality of the data within the image,"},{"line_number":52,"context_line":"   the user wants Nova to also encrypt the image using a key from the key"},{"line_number":53,"context_line":"   manager, specified by its secret ID. Consequently, the image stored on the"},{"line_number":54,"context_line":"   Glance host is encrypted."},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"3. A user wants to create a new server or volume based on an encrypted image"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3f79a3b5_828086c0","line":53,"range":{"start_line":53,"start_character":29,"end_line":53,"end_character":38},"in_reply_to":"3f79a3b5_b0f256e2","updated":"2018-10-19 15:22:55.000000000","message":"Done","commit_id":"56c80abba613b23d23627f4203433ec361e9d87a"},{"author":{"_account_id":27665,"name":"Markus Hentsch","email":"markus.hentsch@cloudandheat.com","username":"mhen"},"change_message_id":"124fb57cf342498e978e4234d3b366806c03cf57","unresolved":false,"context_lines":[{"line_number":50,"context_line":"   compute host then generates the image based on the data of the ephemeral"},{"line_number":51,"context_line":"   storage disk. To protect the confidentiality of the data within the image,"},{"line_number":52,"context_line":"   the user wants Nova to also encrypt the image using a key from the key"},{"line_number":53,"context_line":"   manager, specified by its secret ID. Consequently, the image stored on the"},{"line_number":54,"context_line":"   Glance host is encrypted."},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"3. A user wants to create a new server or volume based on an encrypted image"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3f79a3b5_191a406a","line":53,"range":{"start_line":53,"start_character":29,"end_line":53,"end_character":38},"in_reply_to":"3f79a3b5_b0f256e2","updated":"2018-10-12 14:45:30.000000000","message":"We do not plan to keep the ID itself secret, it’s simply an identifier for the key stored in Barbican. It’s similar to the ‘encryption_key_id’ for resources in other services (volumes etc.).","commit_id":"56c80abba613b23d23627f4203433ec361e9d87a"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"2f74f9373a7ea1b70bead614abf93843cddcd748","unresolved":false,"context_lines":[{"line_number":55,"context_line":""},{"line_number":56,"context_line":"3. A user wants to create a new server or volume based on an encrypted image"},{"line_number":57,"context_line":"   created by any of the use cases described above. The corresponding compute"},{"line_number":58,"context_line":"   or volume host has to be able to decrypt the image using the symmetric key"},{"line_number":59,"context_line":"   stored in the key manager and transform it into the requested resource"},{"line_number":60,"context_line":"   (server disk or volume)."},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"4. A user wants to create a server or a volume based on an encrypted image."}],"source_content_type":"text/x-rst","patch_set":2,"id":"3f79a3b5_f301b504","line":59,"range":{"start_line":58,"start_character":54,"end_line":59,"end_character":28},"updated":"2018-10-11 19:38:07.000000000","message":"How is access to this key controlled?","commit_id":"56c80abba613b23d23627f4203433ec361e9d87a"},{"author":{"_account_id":27665,"name":"Markus Hentsch","email":"markus.hentsch@cloudandheat.com","username":"mhen"},"change_message_id":"124fb57cf342498e978e4234d3b366806c03cf57","unresolved":false,"context_lines":[{"line_number":55,"context_line":""},{"line_number":56,"context_line":"3. A user wants to create a new server or volume based on an encrypted image"},{"line_number":57,"context_line":"   created by any of the use cases described above. The corresponding compute"},{"line_number":58,"context_line":"   or volume host has to be able to decrypt the image using the symmetric key"},{"line_number":59,"context_line":"   stored in the key manager and transform it into the requested resource"},{"line_number":60,"context_line":"   (server disk or volume)."},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"4. A user wants to create a server or a volume based on an encrypted image."}],"source_content_type":"text/x-rst","patch_set":2,"id":"3f79a3b5_d9236805","line":59,"range":{"start_line":58,"start_character":54,"end_line":59,"end_character":28},"in_reply_to":"3f79a3b5_f301b504","updated":"2018-10-12 14:45:30.000000000","message":"As with any other secret stored in Barbican the access is controlled by the project/role assignment of the user. Similar to encryption keys attached to volumes or ephemeral disks.","commit_id":"56c80abba613b23d23627f4203433ec361e9d87a"},{"author":{"_account_id":27665,"name":"Markus Hentsch","email":"markus.hentsch@cloudandheat.com","username":"mhen"},"change_message_id":"a4d181cfa3e3031b1f086cf58d827f570c7cff4d","unresolved":false,"context_lines":[{"line_number":55,"context_line":""},{"line_number":56,"context_line":"3. A user wants to create a new server or volume based on an encrypted image"},{"line_number":57,"context_line":"   created by any of the use cases described above. The corresponding compute"},{"line_number":58,"context_line":"   or volume host has to be able to decrypt the image using the symmetric key"},{"line_number":59,"context_line":"   stored in the key manager and transform it into the requested resource"},{"line_number":60,"context_line":"   (server disk or volume)."},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"4. A user wants to create a server or a volume based on an encrypted image."}],"source_content_type":"text/x-rst","patch_set":2,"id":"3f79a3b5_42626e43","line":59,"range":{"start_line":58,"start_character":54,"end_line":59,"end_character":28},"in_reply_to":"3f79a3b5_f301b504","updated":"2018-10-19 15:22:55.000000000","message":"Done","commit_id":"56c80abba613b23d23627f4203433ec361e9d87a"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"2f74f9373a7ea1b70bead614abf93843cddcd748","unresolved":false,"context_lines":[{"line_number":72,"context_line":"different mechanisms (format, cipher algorithms, secret ID) via a metadata"},{"line_number":73,"context_line":"property. Whether introducing several container types or outsourcing the"},{"line_number":74,"context_line":"mechanism definition into metadata properties may still be up for discussion,"},{"line_number":75,"context_line":"although we do favor the latter."},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"To upload an encrypted image to Glance we want to add support for encrypting"},{"line_number":78,"context_line":"images using a secret ID which references the symmetric key in the key manager"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3f79a3b5_002e59f8","line":75,"updated":"2018-10-11 19:38:07.000000000","message":"I think you\u0027ll need something like this:\n- a new container_format, \u0027encrypted\u0027\n- custom image properties:\n  * os_encrypt_method - stores the encryption algo identifier\n  * os_encrypt_key_id - reference to the key in barbican\n  * os_decrypt_container_format - value is the container format after the payload is decrypted","commit_id":"56c80abba613b23d23627f4203433ec361e9d87a"},{"author":{"_account_id":27665,"name":"Markus Hentsch","email":"markus.hentsch@cloudandheat.com","username":"mhen"},"change_message_id":"a4d181cfa3e3031b1f086cf58d827f570c7cff4d","unresolved":false,"context_lines":[{"line_number":72,"context_line":"different mechanisms (format, cipher algorithms, secret ID) via a metadata"},{"line_number":73,"context_line":"property. Whether introducing several container types or outsourcing the"},{"line_number":74,"context_line":"mechanism definition into metadata properties may still be up for discussion,"},{"line_number":75,"context_line":"although we do favor the latter."},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"To upload an encrypted image to Glance we want to add support for encrypting"},{"line_number":78,"context_line":"images using a secret ID which references the symmetric key in the key manager"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3f79a3b5_e2705a0c","line":75,"in_reply_to":"3f79a3b5_002e59f8","updated":"2018-10-19 15:22:55.000000000","message":"Done","commit_id":"56c80abba613b23d23627f4203433ec361e9d87a"},{"author":{"_account_id":27665,"name":"Markus Hentsch","email":"markus.hentsch@cloudandheat.com","username":"mhen"},"change_message_id":"124fb57cf342498e978e4234d3b366806c03cf57","unresolved":false,"context_lines":[{"line_number":72,"context_line":"different mechanisms (format, cipher algorithms, secret ID) via a metadata"},{"line_number":73,"context_line":"property. Whether introducing several container types or outsourcing the"},{"line_number":74,"context_line":"mechanism definition into metadata properties may still be up for discussion,"},{"line_number":75,"context_line":"although we do favor the latter."},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"To upload an encrypted image to Glance we want to add support for encrypting"},{"line_number":78,"context_line":"images using a secret ID which references the symmetric key in the key manager"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3f79a3b5_194fa069","line":75,"in_reply_to":"3f79a3b5_002e59f8","updated":"2018-10-12 14:45:30.000000000","message":"This what we intended basically. In addition to the container_format, we’d like to propose the following slightly different set of metadata:\n\n* os_encrypt_format - the main mechanism used, e.g. \u0027GPG\u0027\n* os_encrypt_type   - encryption type, e.g. \u0027symmetric\u0027\n* os_encrypt_cipher - the cipher algorithm, e.g. \u0027AES256\u0027\n* os_encrypt_key_id - reference to key in barbican\n* os_decrypt_container_format - format after payload decryption\n\nThis way we don\u0027t limit the possibilities for future extensions too much. The addition of \"os_decrypt_container_format\" seems reasonable to me and pursues the same goal I guess. Currently, our  implementation only supports raw format but no reason to stay limited to this in the future.","commit_id":"56c80abba613b23d23627f4203433ec361e9d87a"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"ee7bb88882acde41f5a320e2ab14513c88c11b02","unresolved":false,"context_lines":[{"line_number":34,"context_line":"those scenarios do not protect the confidentiality of image data."},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"Using encrypted storage backends for volume and compute hosts in conjunction"},{"line_number":37,"context_line":"with direct data transfer from/to encrypted images can enable workflows that"},{"line_number":38,"context_line":"never expose an image\u0027s data on a host\u0027s filesystem. Storage of encryption"},{"line_number":39,"context_line":"keys on a dedicated key manager host ensures isolation and access control for"},{"line_number":40,"context_line":"the keys as well."},{"line_number":41,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_4d3ee826","line":38,"range":{"start_line":37,"start_character":51,"end_line":38,"end_character":51},"updated":"2018-10-23 13:55:25.000000000","message":"I think it\u0027s worth stating explicitly here what you said on the other patch, namely that making this completely secure will depend upon proper configuration by the cloud provider, for example, making sure no in-flight-decrypted images are cached on the nova compute.  Your aim is to make sure that the tools are available so that a cloud can be securely configured.","commit_id":"068805c343834a9e40ca469b34f0eea5e66c66fc"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"ee7bb88882acde41f5a320e2ab14513c88c11b02","unresolved":false,"context_lines":[{"line_number":50,"context_line":"   confidentiality of the image data through encryption. The user generates or"},{"line_number":51,"context_line":"   uploads a key in the key manager (e.g. Barbican) and uses it to encrypt the"},{"line_number":52,"context_line":"   image locally using the OpenStack client (osc) when uploading it."},{"line_number":53,"context_line":"   Consequently, the image stored on the Glance host is encrypted."},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"2. A user wants to create an image from an existing server with ephemeral"},{"line_number":56,"context_line":"   storage. This server may contain sensitive user data. The corresponding"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_4d76e8d7","line":53,"updated":"2018-10-23 13:55:25.000000000","message":"Another way to do this would be to leave the image un-encrypted but have the data payload inside the image be encrypted.  Once the image is booted, a script goes out to some trusted keyserver outside the cloud, gets the key and decrypts the payload.  This would have the advantage that the cloud provider would have no way to decrypt the data, so the user\u0027s audit chain doesn\u0027t depend on the trustworthiness of the cloud provider.  Could you explain why your proposal is as good/better than this idea?  (I\u0027m not saying your idea is bad, I\u0027m trying to get a better understanding of how your proposal solves the audit chain problem.)","commit_id":"068805c343834a9e40ca469b34f0eea5e66c66fc"},{"author":{"_account_id":27665,"name":"Markus Hentsch","email":"markus.hentsch@cloudandheat.com","username":"mhen"},"change_message_id":"ab6587ce157cb20e085f905c7b9111ae9e772d1f","unresolved":false,"context_lines":[{"line_number":50,"context_line":"   confidentiality of the image data through encryption. The user generates or"},{"line_number":51,"context_line":"   uploads a key in the key manager (e.g. Barbican) and uses it to encrypt the"},{"line_number":52,"context_line":"   image locally using the OpenStack client (osc) when uploading it."},{"line_number":53,"context_line":"   Consequently, the image stored on the Glance host is encrypted."},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"2. A user wants to create an image from an existing server with ephemeral"},{"line_number":56,"context_line":"   storage. This server may contain sensitive user data. The corresponding"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_832c9a00","line":53,"in_reply_to":"3f79a3b5_4d76e8d7","updated":"2018-10-25 12:55:09.000000000","message":"(I don\u0027t know if I understood what you are describing correctly, so for my answer I\u0027ll assume you meant that the user has to include an encrypted data package and corresponding script as part of their image, which is executed after the server boot.)\n\nThis is something the user could already do with OpenStack in its current state. The user is free to include any additional script and data in their image as long as the cloud-init works. In this case however, the user has to have the expertise and ability to set up such an infrastructure, including the external trusted keyserver and secure encryption mechanism. This also kind of denies the cloud idea in my opinion since all of this relies on an external infrastructure which is not part of the cloud.\n\nWith our proposal we want to include a new core functionality to OpenStack that enables cloud users without sufficient expertise and infrastructure (keyserver) to protect the data in their images using encryption according to a supported standard. The functionality is supposed to be provided by the OpenStack services and OSC, so the user doesn\u0027t have to adjust their images in any way and can rely on the services that OpenStack offers.\n\nFurthermore, in the case you described, if the included script goes out to the \"trusted keyserver\" and decrypts the data all by itself, how is the data protected if an unauthorized entity is able to retrieve the image file and simply boots it (which will start the data decryption automatically)?","commit_id":"068805c343834a9e40ca469b34f0eea5e66c66fc"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"5356be28c5823e3646baeb9008333b18e594d95c","unresolved":false,"context_lines":[{"line_number":50,"context_line":"   confidentiality of the image data through encryption. The user generates or"},{"line_number":51,"context_line":"   uploads a key in the key manager (e.g. Barbican) and uses it to encrypt the"},{"line_number":52,"context_line":"   image locally using the OpenStack client (osc) when uploading it."},{"line_number":53,"context_line":"   Consequently, the image stored on the Glance host is encrypted."},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"2. A user wants to create an image from an existing server with ephemeral"},{"line_number":56,"context_line":"   storage. This server may contain sensitive user data. The corresponding"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_f247eba3","line":53,"in_reply_to":"3f79a3b5_832c9a00","updated":"2018-10-31 14:51:23.000000000","message":"Well, the request to the keyserver would contain some kind of info that the keyserver could use to validate the request.  For example, the request could contain the UUID of the VM and the keyserver would contact the Compute API and verify the owner, IP, etc., before responding with the key.\n\nBut I take your point that this would not be something easy for the average user to set up.  On the other hand, is your proposal in fact going to satisfy privacy audit requirements if the user is running in a public cloud?  And is your proposal useful in a private cloud (doesn\u0027t seem like it would be necessary)?","commit_id":"068805c343834a9e40ca469b34f0eea5e66c66fc"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"ee7bb88882acde41f5a320e2ab14513c88c11b02","unresolved":false,"context_lines":[{"line_number":58,"context_line":"   storage disk. To protect the confidentiality of the data within the image,"},{"line_number":59,"context_line":"   the user wants Nova to also encrypt the image using a key from the key"},{"line_number":60,"context_line":"   manager, specified by its ID. Consequently, the image stored on the Glance"},{"line_number":61,"context_line":"   host is encrypted."},{"line_number":62,"context_line":""},{"line_number":63,"context_line":"3. A user wants to create a new server or volume based on an encrypted image"},{"line_number":64,"context_line":"   created by any of the use cases described above. The corresponding compute"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_68a952dc","line":61,"updated":"2018-10-23 13:55:25.000000000","message":"This is another scenario that could be accomplished by using an external keyserver outside the cloud, creating an encrypted data package, and then using shred or something on the ephemeral disk; the image uploaded to glance wouldn\u0027t be encrypted, but the part you care about would be.","commit_id":"068805c343834a9e40ca469b34f0eea5e66c66fc"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"ee7bb88882acde41f5a320e2ab14513c88c11b02","unresolved":false,"context_lines":[{"line_number":66,"context_line":"   stored in the key manager and transform it into the requested resource"},{"line_number":67,"context_line":"   (server disk or volume). For this, the user needs access to the key in the"},{"line_number":68,"context_line":"   key manager which is controlled via their project role assignment."},{"line_number":69,"context_line":""},{"line_number":70,"context_line":"4. A user wants to create a server or a volume based on an encrypted image."},{"line_number":71,"context_line":"   The corresponding compute or volume host has to be able to decrypt the"},{"line_number":72,"context_line":"   image using the symmetric key stored in the key manager and transform it"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_e87ec26b","line":69,"updated":"2018-10-23 13:55:25.000000000","message":"If the image isn\u0027t encrypted (just the data is), then you don\u0027t need to worry about this scenario.","commit_id":"068805c343834a9e40ca469b34f0eea5e66c66fc"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"ee7bb88882acde41f5a320e2ab14513c88c11b02","unresolved":false,"context_lines":[{"line_number":70,"context_line":"4. A user wants to create a server or a volume based on an encrypted image."},{"line_number":71,"context_line":"   The corresponding compute or volume host has to be able to decrypt the"},{"line_number":72,"context_line":"   image using the symmetric key stored in the key manager and transform it"},{"line_number":73,"context_line":"   into the requested resource."},{"line_number":74,"context_line":""},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"Proposed change"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_08e77e47","line":73,"updated":"2018-10-23 13:55:25.000000000","message":"Same here, if the image isn\u0027t encrypted, then this isn\u0027t a problem.","commit_id":"068805c343834a9e40ca469b34f0eea5e66c66fc"},{"author":{"_account_id":28011,"name":"Nicholas Tait","email":"ntait@redhat.com","username":"nickthetait"},"change_message_id":"511ba7754039f2c18655fcd6eb33f8dada566696","unresolved":false,"context_lines":[{"line_number":83,"context_line":"* \u0027os_encrypt_format\u0027 - the main mechanism used, e.g. \u0027GPG\u0027"},{"line_number":84,"context_line":"* \u0027os_encrypt_type\u0027   - encryption type, e.g. \u0027symmetric\u0027"},{"line_number":85,"context_line":"* \u0027os_encrypt_cipher\u0027 - the cipher algorithm, e.g. \u0027AES256\u0027"},{"line_number":86,"context_line":"* \u0027os_encrypt_key_id\u0027 - reference to key in barbican"},{"line_number":87,"context_line":"* \u0027os_decrypt_container_format\u0027 - format after payload decryption"},{"line_number":88,"context_line":"* \u0027os_decrypt_size\u0027 - size after payload decryption"},{"line_number":89,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_d419e686","line":86,"range":{"start_line":86,"start_character":0,"end_line":86,"end_character":52},"updated":"2018-11-08 06:28:05.000000000","message":"Could there be a situation where this key isn\u0027t stored in barbican?","commit_id":"068805c343834a9e40ca469b34f0eea5e66c66fc"},{"author":{"_account_id":28011,"name":"Nicholas Tait","email":"ntait@redhat.com","username":"nickthetait"},"change_message_id":"511ba7754039f2c18655fcd6eb33f8dada566696","unresolved":false,"context_lines":[{"line_number":95,"context_line":"library, shared between all involved OpenStack components to prevent"},{"line_number":96,"context_line":"individual implementations of the encryption mechanism."},{"line_number":97,"context_line":""},{"line_number":98,"context_line":"We propose to use an implementation of symmetric AES 256 encryption provided"},{"line_number":99,"context_line":"by GnuPG as a basic mechanism supported by this draft. It is a well"},{"line_number":100,"context_line":"established implementation of PGP and supports streamable"},{"line_number":101,"context_line":"encryption/decryption processes, which is important as illustrated below."}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_cf9ab3c2","line":98,"range":{"start_line":98,"start_character":49,"end_line":98,"end_character":56},"updated":"2018-11-08 06:28:05.000000000","message":"would it be worth enforcing (or having an administrator configurable limit) on minimum key size?","commit_id":"068805c343834a9e40ca469b34f0eea5e66c66fc"},{"author":{"_account_id":28011,"name":"Nicholas Tait","email":"ntait@redhat.com","username":"nickthetait"},"change_message_id":"511ba7754039f2c18655fcd6eb33f8dada566696","unresolved":false,"context_lines":[{"line_number":100,"context_line":"established implementation of PGP and supports streamable"},{"line_number":101,"context_line":"encryption/decryption processes, which is important as illustrated below."},{"line_number":102,"context_line":""},{"line_number":103,"context_line":"We also explored the possibility of using more elaborated and dynamic"},{"line_number":104,"context_line":"approaches like PKCS#7 (CMS) but ultimately failed to find a free open-source"},{"line_number":105,"context_line":"implementation (e.g. OpenSSL) that supports streamable decryption of"},{"line_number":106,"context_line":"CMS-wrapped encrypted data. More precisely, no implementation we tested was"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_8f527b10","line":103,"range":{"start_line":103,"start_character":47,"end_line":103,"end_character":57},"updated":"2018-11-08 06:28:05.000000000","message":"think the \"d\" here can be removed","commit_id":"068805c343834a9e40ca469b34f0eea5e66c66fc"},{"author":{"_account_id":28011,"name":"Nicholas Tait","email":"ntait@redhat.com","username":"nickthetait"},"change_message_id":"511ba7754039f2c18655fcd6eb33f8dada566696","unresolved":false,"context_lines":[{"line_number":137,"context_line":"metadata. This decision affects the implementation in nova and cinder."},{"line_number":138,"context_line":""},{"line_number":139,"context_line":"Regarding the image encryption, we also explored the possibility of using more"},{"line_number":140,"context_line":"elaborated and dynamic approaches like PKCS#7 (CMS) but ultimately failed to"},{"line_number":141,"context_line":"find a free open-source implementation (e.g. OpenSSL) that supports streamable"},{"line_number":142,"context_line":"decryption of CMS-wrapped encrypted data. More precisely, no implementation we"},{"line_number":143,"context_line":"tested was able to decrypt a symmetrically encrypted, CMS-wrapped container"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_ba5f70e2","line":140,"range":{"start_line":140,"start_character":39,"end_line":140,"end_character":45},"updated":"2018-11-08 06:28:05.000000000","message":"list all others which where tested?","commit_id":"068805c343834a9e40ca469b34f0eea5e66c66fc"},{"author":{"_account_id":28011,"name":"Nicholas Tait","email":"ntait@redhat.com","username":"nickthetait"},"change_message_id":"511ba7754039f2c18655fcd6eb33f8dada566696","unresolved":false,"context_lines":[{"line_number":179,"context_line":"Other end user impact"},{"line_number":180,"context_line":"---------------------"},{"line_number":181,"context_line":""},{"line_number":182,"context_line":"* Users should be able to optionally, but knowingly upload an encrypted image."},{"line_number":183,"context_line":""},{"line_number":184,"context_line":"Performance Impact"},{"line_number":185,"context_line":"------------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_daf82cc3","line":182,"range":{"start_line":182,"start_character":2,"end_line":182,"end_character":36},"updated":"2018-11-08 06:28:05.000000000","message":"I imagine some administrators will want to force encryption to always be used?","commit_id":"068805c343834a9e40ca469b34f0eea5e66c66fc"},{"author":{"_account_id":28011,"name":"Nicholas Tait","email":"ntait@redhat.com","username":"nickthetait"},"change_message_id":"511ba7754039f2c18655fcd6eb33f8dada566696","unresolved":false,"context_lines":[{"line_number":259,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":260,"context_line":""},{"line_number":261,"context_line":"It should be documented for deployers, how to enable this feature in the"},{"line_number":262,"context_line":"OpenStack configuration. An end user should have a documentation, how to use"},{"line_number":263,"context_line":"encrypted images."},{"line_number":264,"context_line":""},{"line_number":265,"context_line":""},{"line_number":266,"context_line":"References"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_7a231858","line":263,"range":{"start_line":262,"start_character":25,"end_line":263,"end_character":17},"updated":"2018-11-08 06:28:05.000000000","message":"Something is wrong gramatically here. Perhaps \"An end user should have documentation on how to use encrypted images.\"","commit_id":"068805c343834a9e40ca469b34f0eea5e66c66fc"},{"author":{"_account_id":2472,"name":"Doug Hellmann","email":"dhellmann@redhat.com","username":"doug-hellmann"},"change_message_id":"84c586914e9fbba8191bb248c3d206eb2e0f0b2a","unresolved":false,"context_lines":[{"line_number":85,"context_line":"images of this format:"},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"* \u0027os_encrypt_format\u0027 - the main mechanism used, e.g. \u0027GPG\u0027"},{"line_number":88,"context_line":"* \u0027os_encrypt_type\u0027   - encryption type, e.g. \u0027symmetric\u0027"},{"line_number":89,"context_line":"* \u0027os_encrypt_cipher\u0027 - the cipher algorithm, e.g. \u0027AES256\u0027"},{"line_number":90,"context_line":"* \u0027os_encrypt_key_id\u0027 - reference to key in the key manager"},{"line_number":91,"context_line":"* \u0027os_decrypt_container_format\u0027 - format after payload decryption"}],"source_content_type":"text/x-rst","patch_set":4,"id":"3f79a3b5_d8071fc8","line":88,"updated":"2018-11-20 16:33:03.000000000","message":"This document only talks about symmetric keys. What other types of keys do you anticipate supporting? Do we need to record the type if the value is always the same?","commit_id":"c1f0ab9201c91d54cf0bdbbc08bdee8b0c444596"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"69b5370ca56d0f493f6219fc56835e48f628548b","unresolved":false,"context_lines":[{"line_number":85,"context_line":"images of this format:"},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"* \u0027os_encrypt_format\u0027 - the main mechanism used, e.g. \u0027GPG\u0027"},{"line_number":88,"context_line":"* \u0027os_encrypt_type\u0027   - encryption type, e.g. \u0027symmetric\u0027"},{"line_number":89,"context_line":"* \u0027os_encrypt_cipher\u0027 - the cipher algorithm, e.g. \u0027AES256\u0027"},{"line_number":90,"context_line":"* \u0027os_encrypt_key_id\u0027 - reference to key in the key manager"},{"line_number":91,"context_line":"* \u0027os_decrypt_container_format\u0027 - format after payload decryption"}],"source_content_type":"text/x-rst","patch_set":4,"id":"3f79a3b5_85831baa","line":88,"in_reply_to":"3f79a3b5_6a913150","updated":"2018-11-27 14:01:24.000000000","message":"I\u0027m wondering what value this brings even if asymmetric keys are to be used? Shouldn\u0027t this be part of the cipher identifier specified below?","commit_id":"c1f0ab9201c91d54cf0bdbbc08bdee8b0c444596"},{"author":{"_account_id":27665,"name":"Markus Hentsch","email":"markus.hentsch@cloudandheat.com","username":"mhen"},"change_message_id":"b13d77a267b9cb4d58937e6c6d7e437098de8b3f","unresolved":false,"context_lines":[{"line_number":85,"context_line":"images of this format:"},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"* \u0027os_encrypt_format\u0027 - the main mechanism used, e.g. \u0027GPG\u0027"},{"line_number":88,"context_line":"* \u0027os_encrypt_type\u0027   - encryption type, e.g. \u0027symmetric\u0027"},{"line_number":89,"context_line":"* \u0027os_encrypt_cipher\u0027 - the cipher algorithm, e.g. \u0027AES256\u0027"},{"line_number":90,"context_line":"* \u0027os_encrypt_key_id\u0027 - reference to key in the key manager"},{"line_number":91,"context_line":"* \u0027os_decrypt_container_format\u0027 - format after payload decryption"}],"source_content_type":"text/x-rst","patch_set":4,"id":"3f79a3b5_6a913150","line":88,"in_reply_to":"3f79a3b5_d8071fc8","updated":"2018-11-22 10:39:55.000000000","message":"We only propose a symmetric encryption and corresponding workflow for images. This doesn\u0027t mean that there won\u0027t be an asymmetric mechanism added in the future eventually. We just want to avoid limiting the extension possibilities too much.","commit_id":"c1f0ab9201c91d54cf0bdbbc08bdee8b0c444596"},{"author":{"_account_id":2472,"name":"Doug Hellmann","email":"dhellmann@redhat.com","username":"doug-hellmann"},"change_message_id":"84c586914e9fbba8191bb248c3d206eb2e0f0b2a","unresolved":false,"context_lines":[{"line_number":86,"context_line":""},{"line_number":87,"context_line":"* \u0027os_encrypt_format\u0027 - the main mechanism used, e.g. \u0027GPG\u0027"},{"line_number":88,"context_line":"* \u0027os_encrypt_type\u0027   - encryption type, e.g. \u0027symmetric\u0027"},{"line_number":89,"context_line":"* \u0027os_encrypt_cipher\u0027 - the cipher algorithm, e.g. \u0027AES256\u0027"},{"line_number":90,"context_line":"* \u0027os_encrypt_key_id\u0027 - reference to key in the key manager"},{"line_number":91,"context_line":"* \u0027os_decrypt_container_format\u0027 - format after payload decryption"},{"line_number":92,"context_line":"* \u0027os_decrypt_size\u0027 - size after payload decryption"}],"source_content_type":"text/x-rst","patch_set":4,"id":"3f79a3b5_98f1a7e2","line":89,"updated":"2018-11-20 16:33:03.000000000","message":"Does this need to match one of the driver names in the proposed oslo.encrypt library?","commit_id":"c1f0ab9201c91d54cf0bdbbc08bdee8b0c444596"},{"author":{"_account_id":27665,"name":"Markus Hentsch","email":"markus.hentsch@cloudandheat.com","username":"mhen"},"change_message_id":"b13d77a267b9cb4d58937e6c6d7e437098de8b3f","unresolved":false,"context_lines":[{"line_number":86,"context_line":""},{"line_number":87,"context_line":"* \u0027os_encrypt_format\u0027 - the main mechanism used, e.g. \u0027GPG\u0027"},{"line_number":88,"context_line":"* \u0027os_encrypt_type\u0027   - encryption type, e.g. \u0027symmetric\u0027"},{"line_number":89,"context_line":"* \u0027os_encrypt_cipher\u0027 - the cipher algorithm, e.g. \u0027AES256\u0027"},{"line_number":90,"context_line":"* \u0027os_encrypt_key_id\u0027 - reference to key in the key manager"},{"line_number":91,"context_line":"* \u0027os_decrypt_container_format\u0027 - format after payload decryption"},{"line_number":92,"context_line":"* \u0027os_decrypt_size\u0027 - size after payload decryption"}],"source_content_type":"text/x-rst","patch_set":4,"id":"3f79a3b5_2a301906","line":89,"in_reply_to":"3f79a3b5_98f1a7e2","updated":"2018-11-22 10:39:55.000000000","message":"We intend oslo.encrypt to provide a method that takes the relevant \u0027os_encrypt_*\u0027 values (format, type, cipher) as input and returns a matching driver implementing that specific crypto. This is a more dynamic approach, which allows for easy exchange of cryptographic implementations instead of locking the image resource to a specific driver.","commit_id":"c1f0ab9201c91d54cf0bdbbc08bdee8b0c444596"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"69b5370ca56d0f493f6219fc56835e48f628548b","unresolved":false,"context_lines":[{"line_number":89,"context_line":"* \u0027os_encrypt_cipher\u0027 - the cipher algorithm, e.g. \u0027AES256\u0027"},{"line_number":90,"context_line":"* \u0027os_encrypt_key_id\u0027 - reference to key in the key manager"},{"line_number":91,"context_line":"* \u0027os_decrypt_container_format\u0027 - format after payload decryption"},{"line_number":92,"context_line":"* \u0027os_decrypt_size\u0027 - size after payload decryption"},{"line_number":93,"context_line":""},{"line_number":94,"context_line":"To upload an encrypted image to Glance we want to add support for encrypting"},{"line_number":95,"context_line":"images using a key ID which references the symmetric key in the key manager"}],"source_content_type":"text/x-rst","patch_set":4,"id":"3f79a3b5_458983c5","line":92,"range":{"start_line":92,"start_character":0,"end_line":92,"end_character":51},"updated":"2018-11-27 14:01:24.000000000","message":"Is there ever meaningful difference?","commit_id":"c1f0ab9201c91d54cf0bdbbc08bdee8b0c444596"},{"author":{"_account_id":28271,"name":"Josephine Seifert","email":"josephine.seifert@cloudandheat.com","username":"josei"},"change_message_id":"19e8fc5f554e3e7041b0a6764465b2308dae0ac0","unresolved":false,"context_lines":[{"line_number":89,"context_line":"* \u0027os_encrypt_cipher\u0027 - the cipher algorithm, e.g. \u0027AES256\u0027"},{"line_number":90,"context_line":"* \u0027os_encrypt_key_id\u0027 - reference to key in the key manager"},{"line_number":91,"context_line":"* \u0027os_decrypt_container_format\u0027 - format after payload decryption"},{"line_number":92,"context_line":"* \u0027os_decrypt_size\u0027 - size after payload decryption"},{"line_number":93,"context_line":""},{"line_number":94,"context_line":"To upload an encrypted image to Glance we want to add support for encrypting"},{"line_number":95,"context_line":"images using a key ID which references the symmetric key in the key manager"}],"source_content_type":"text/x-rst","patch_set":4,"id":"9fb8cfa7_43c1422e","line":92,"range":{"start_line":92,"start_character":0,"end_line":92,"end_character":51},"in_reply_to":"3f79a3b5_458983c5","updated":"2019-06-18 12:53:30.000000000","message":"Yes, there is a difference, either through compressing the whole image or \"snapshoting\" an ephemeral storage. In the latter case the encryption layer adds a few bytes and it would not be possible to use the same flavor used for the original server also for another server you want to create from the snapshot.","commit_id":"c1f0ab9201c91d54cf0bdbbc08bdee8b0c444596"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"69b5370ca56d0f493f6219fc56835e48f628548b","unresolved":false,"context_lines":[{"line_number":96,"context_line":"(e.g. Barbican) in the OpenStack Client. This also involves new CLI arguments to"},{"line_number":97,"context_line":"specify the key ID and encryption method and this implementation should"},{"line_number":98,"context_line":"make use of a centralized encryption implementation provided by a global"},{"line_number":99,"context_line":"library, shared between all involved OpenStack components to prevent"},{"line_number":100,"context_line":"individual implementations of the encryption mechanism."},{"line_number":101,"context_line":""},{"line_number":102,"context_line":"We propose to use an implementation of symmetric AES 256 encryption provided"}],"source_content_type":"text/x-rst","patch_set":4,"id":"3f79a3b5_c8636a17","line":99,"range":{"start_line":99,"start_character":61,"end_line":99,"end_character":68},"updated":"2018-11-27 14:01:24.000000000","message":"I don\u0027t think we can prevent any such decisions. Maybe \"eliminate the need of\"?","commit_id":"c1f0ab9201c91d54cf0bdbbc08bdee8b0c444596"},{"author":{"_account_id":28271,"name":"Josephine Seifert","email":"josephine.seifert@cloudandheat.com","username":"josei"},"change_message_id":"19e8fc5f554e3e7041b0a6764465b2308dae0ac0","unresolved":false,"context_lines":[{"line_number":96,"context_line":"(e.g. Barbican) in the OpenStack Client. This also involves new CLI arguments to"},{"line_number":97,"context_line":"specify the key ID and encryption method and this implementation should"},{"line_number":98,"context_line":"make use of a centralized encryption implementation provided by a global"},{"line_number":99,"context_line":"library, shared between all involved OpenStack components to prevent"},{"line_number":100,"context_line":"individual implementations of the encryption mechanism."},{"line_number":101,"context_line":""},{"line_number":102,"context_line":"We propose to use an implementation of symmetric AES 256 encryption provided"}],"source_content_type":"text/x-rst","patch_set":4,"id":"9fb8cfa7_03e10ad1","line":99,"range":{"start_line":99,"start_character":61,"end_line":99,"end_character":68},"in_reply_to":"3f79a3b5_c8636a17","updated":"2019-06-18 12:53:30.000000000","message":"Done","commit_id":"c1f0ab9201c91d54cf0bdbbc08bdee8b0c444596"},{"author":{"_account_id":4523,"name":"Eric Harney","email":"eharney@redhat.com","username":"eharney"},"change_message_id":"0ff48e37f8866097010d92dc375228ebf0260e9e","unresolved":false,"context_lines":[{"line_number":131,"context_line":"means, we plan to set the resulting image\u0027s container_format to \"encrypted\""},{"line_number":132,"context_line":"instead and set its encryption metadata properties appropriately to indicate"},{"line_number":133,"context_line":"that the image is a direct volume copy based on LUKS encryption."},{"line_number":134,"context_line":""},{"line_number":135,"context_line":""},{"line_number":136,"context_line":"Alternatives"},{"line_number":137,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":4,"id":"3f79a3b5_b3a9cfde","line":134,"updated":"2018-11-26 19:56:31.000000000","message":"This section doesn\u0027t spell out whether Glance will delete keys from Barbican when images are deleted.  I believe this functionality should maintain a 1:1 relationship between keys and images, which means it would need to do this.","commit_id":"c1f0ab9201c91d54cf0bdbbc08bdee8b0c444596"},{"author":{"_account_id":28271,"name":"Josephine Seifert","email":"josephine.seifert@cloudandheat.com","username":"josei"},"change_message_id":"19e8fc5f554e3e7041b0a6764465b2308dae0ac0","unresolved":false,"context_lines":[{"line_number":131,"context_line":"means, we plan to set the resulting image\u0027s container_format to \"encrypted\""},{"line_number":132,"context_line":"instead and set its encryption metadata properties appropriately to indicate"},{"line_number":133,"context_line":"that the image is a direct volume copy based on LUKS encryption."},{"line_number":134,"context_line":""},{"line_number":135,"context_line":""},{"line_number":136,"context_line":"Alternatives"},{"line_number":137,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":4,"id":"9fb8cfa7_030a6a89","line":134,"in_reply_to":"3f79a3b5_68efb67f","updated":"2019-06-18 12:53:30.000000000","message":"Done","commit_id":"c1f0ab9201c91d54cf0bdbbc08bdee8b0c444596"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"69b5370ca56d0f493f6219fc56835e48f628548b","unresolved":false,"context_lines":[{"line_number":131,"context_line":"means, we plan to set the resulting image\u0027s container_format to \"encrypted\""},{"line_number":132,"context_line":"instead and set its encryption metadata properties appropriately to indicate"},{"line_number":133,"context_line":"that the image is a direct volume copy based on LUKS encryption."},{"line_number":134,"context_line":""},{"line_number":135,"context_line":""},{"line_number":136,"context_line":"Alternatives"},{"line_number":137,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":4,"id":"3f79a3b5_e5ca0f16","line":134,"in_reply_to":"3f79a3b5_b3a9cfde","updated":"2018-11-27 14:01:24.000000000","message":"I tend to disagree here. As Glance does not create, \"own\" nor manage the keys it should not be just randomly deleting them either. I really really hate the idea and the possible horror stories coming out of it, if we started deleting the keys, which lifecycle we haven\u0027t been controlling from the beginning, on behalf of the user. I don\u0027t think we have any mechanism to enforce uniqueness of the key IDs used within the cloud across the services either.","commit_id":"c1f0ab9201c91d54cf0bdbbc08bdee8b0c444596"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"242a2b09110a6c640b06bc6cc029f32f036c4e94","unresolved":false,"context_lines":[{"line_number":131,"context_line":"means, we plan to set the resulting image\u0027s container_format to \"encrypted\""},{"line_number":132,"context_line":"instead and set its encryption metadata properties appropriately to indicate"},{"line_number":133,"context_line":"that the image is a direct volume copy based on LUKS encryption."},{"line_number":134,"context_line":""},{"line_number":135,"context_line":""},{"line_number":136,"context_line":"Alternatives"},{"line_number":137,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":4,"id":"3f79a3b5_68efb67f","line":134,"in_reply_to":"3f79a3b5_b3a9cfde","updated":"2018-11-27 14:05:51.000000000","message":"It would be a good idea to add a section here on \"Key Handling\" to explain the envisioned workflow for how end users (and administrators, if there\u0027s a different flow for them) will manage their keys, and what role (if any) Glance/Cinder/Nova will have in key management.  IIRC, Eric\u0027s question has come up in previous discussion, and it would be good to have an explicit answer in the text.  (It will also be a useful reference when the time comes for documentation and release notes.)","commit_id":"c1f0ab9201c91d54cf0bdbbc08bdee8b0c444596"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"242a2b09110a6c640b06bc6cc029f32f036c4e94","unresolved":false,"context_lines":[{"line_number":152,"context_line":"Data model impact"},{"line_number":153,"context_line":"-----------------"},{"line_number":154,"context_line":""},{"line_number":155,"context_line":"The impact depends on whether the implementation will make actual changes to"},{"line_number":156,"context_line":"the image data model or simply use the custom property field in the metadata."},{"line_number":157,"context_line":""},{"line_number":158,"context_line":""},{"line_number":159,"context_line":"REST API impact"}],"source_content_type":"text/x-rst","patch_set":4,"id":"3f79a3b5_08264223","line":156,"range":{"start_line":155,"start_character":0,"end_line":156,"end_character":77},"updated":"2018-11-27 14:05:51.000000000","message":"I just want to register that I am 100% against changing the data model for this.  What we can do is describe them using image metadefs, as we currently do for the image signature verification metadata:\nhttp://git.openstack.org/cgit/openstack/glance/tree/etc/metadefs/image-signature-verification.json","commit_id":"c1f0ab9201c91d54cf0bdbbc08bdee8b0c444596"},{"author":{"_account_id":2472,"name":"Doug Hellmann","email":"dhellmann@redhat.com","username":"doug-hellmann"},"change_message_id":"84c586914e9fbba8191bb248c3d206eb2e0f0b2a","unresolved":false,"context_lines":[{"line_number":204,"context_line":""},{"line_number":205,"context_line":"* Configuration options added: new container type(s) in Glance."},{"line_number":206,"context_line":""},{"line_number":207,"context_line":"* A key manager - like Barbican - is required."},{"line_number":208,"context_line":""},{"line_number":209,"context_line":""},{"line_number":210,"context_line":"Developer impact"}],"source_content_type":"text/x-rst","patch_set":4,"id":"3f79a3b5_981a0717","line":207,"updated":"2018-11-20 16:33:03.000000000","message":"How should the REST API respond if the cloud does not have a key manager configured?","commit_id":"c1f0ab9201c91d54cf0bdbbc08bdee8b0c444596"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"69b5370ca56d0f493f6219fc56835e48f628548b","unresolved":false,"context_lines":[{"line_number":204,"context_line":""},{"line_number":205,"context_line":"* Configuration options added: new container type(s) in Glance."},{"line_number":206,"context_line":""},{"line_number":207,"context_line":"* A key manager - like Barbican - is required."},{"line_number":208,"context_line":""},{"line_number":209,"context_line":""},{"line_number":210,"context_line":"Developer impact"}],"source_content_type":"text/x-rst","patch_set":4,"id":"3f79a3b5_7b921ea2","line":207,"in_reply_to":"3f79a3b5_05eaee75","updated":"2018-11-27 14:01:24.000000000","message":"5XX is almost never good intentional response. I think 403 Forbidden would be the only properly acceptable response in the case the deployment does not support the key manager and thus cannot complete the request.\n\nI think we should include identifier for this into the discoverability API so the user can check it before.","commit_id":"c1f0ab9201c91d54cf0bdbbc08bdee8b0c444596"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"242a2b09110a6c640b06bc6cc029f32f036c4e94","unresolved":false,"context_lines":[{"line_number":204,"context_line":""},{"line_number":205,"context_line":"* Configuration options added: new container type(s) in Glance."},{"line_number":206,"context_line":""},{"line_number":207,"context_line":"* A key manager - like Barbican - is required."},{"line_number":208,"context_line":""},{"line_number":209,"context_line":""},{"line_number":210,"context_line":"Developer impact"}],"source_content_type":"text/x-rst","patch_set":4,"id":"3f79a3b5_fb5aaef2","line":207,"in_reply_to":"3f79a3b5_05eaee75","updated":"2018-11-27 14:05:51.000000000","message":"I don\u0027t think the Images API needs to do anything in this case.  Glance isn\u0027t doing encryption or decryption, it\u0027s just storing the image, so not having access to the key won\u0027t affect Glance.  If a user uploads an encrypted image first, and then discovers that there\u0027s no Barbican present to store the key, then the user can simply delete the image.  If the user tries to upload the key first, at that point they\u0027ll discover that there\u0027s no Barbican, and presumably they won\u0027t upload an encrypted image to Glance.","commit_id":"c1f0ab9201c91d54cf0bdbbc08bdee8b0c444596"},{"author":{"_account_id":27665,"name":"Markus Hentsch","email":"markus.hentsch@cloudandheat.com","username":"mhen"},"change_message_id":"b13d77a267b9cb4d58937e6c6d7e437098de8b3f","unresolved":false,"context_lines":[{"line_number":204,"context_line":""},{"line_number":205,"context_line":"* Configuration options added: new container type(s) in Glance."},{"line_number":206,"context_line":""},{"line_number":207,"context_line":"* A key manager - like Barbican - is required."},{"line_number":208,"context_line":""},{"line_number":209,"context_line":""},{"line_number":210,"context_line":"Developer impact"}],"source_content_type":"text/x-rst","patch_set":4,"id":"3f79a3b5_05eaee75","line":207,"in_reply_to":"3f79a3b5_981a0717","updated":"2018-11-22 10:39:55.000000000","message":"Any specific suggestions for the REST API behavior in this case?\n\nI guess the requests should simply return an error, like 501 or something else appropriate.","commit_id":"c1f0ab9201c91d54cf0bdbbc08bdee8b0c444596"}],"specs/stein/approved/index.rst":[{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"9fb664bb2e2404016de1c045a8788972ca790ac9","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"7faddb67_72101a58","line":10,"updated":"2019-07-17 21:44:03.000000000","message":"I don\u0027t think this file needs to be included on this patch.","commit_id":"1268198c1fbc2b83dcdfe1554cfcad0a983e1217"}],"specs/train/approved/glance/image-encryption.rst":[{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"a4151315fa9b9de383af867768d97fc77d187d3f","unresolved":false,"context_lines":[{"line_number":86,"context_line":"Furthermore, we propose the following additional metadata properties carried by"},{"line_number":87,"context_line":"images of this format:"},{"line_number":88,"context_line":""},{"line_number":89,"context_line":"* \u0027os_encrypt_format\u0027 - the main mechanism used, e.g. \u0027GPG\u0027"},{"line_number":90,"context_line":"* \u0027os_encrypt_type\u0027   - encryption type, e.g. \u0027symmetric\u0027"},{"line_number":91,"context_line":"* \u0027os_encrypt_cipher\u0027 - the cipher algorithm, e.g. \u0027AES256\u0027"},{"line_number":92,"context_line":"* \u0027os_encrypt_key_id\u0027 - reference to key in the key manager"}],"source_content_type":"text/x-rst","patch_set":5,"id":"7faddb67_ed9fb200","line":89,"range":{"start_line":89,"start_character":14,"end_line":89,"end_character":20},"updated":"2019-07-10 21:26:01.000000000","message":"It seems kind of strange to call this a format -- how about \u0027os_encrypt_mechanism\u0027?  (If \u0027format\u0027 is the term used for this in cryptographic circles, feel free to ignore this comment.)","commit_id":"1268198c1fbc2b83dcdfe1554cfcad0a983e1217"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"a4151315fa9b9de383af867768d97fc77d187d3f","unresolved":false,"context_lines":[{"line_number":91,"context_line":"* \u0027os_encrypt_cipher\u0027 - the cipher algorithm, e.g. \u0027AES256\u0027"},{"line_number":92,"context_line":"* \u0027os_encrypt_key_id\u0027 - reference to key in the key manager"},{"line_number":93,"context_line":"* \u0027os_decrypt_container_format\u0027 - format after payload decryption"},{"line_number":94,"context_line":"* \u0027os_decrypt_size\u0027 - size after payload decryption"},{"line_number":95,"context_line":""},{"line_number":96,"context_line":"To upload an encrypted image to Glance we want to add support for encrypting"},{"line_number":97,"context_line":"images using a key ID which references the symmetric key in the key manager"}],"source_content_type":"text/x-rst","patch_set":5,"id":"7faddb67_6d93c2fb","line":94,"range":{"start_line":94,"start_character":3,"end_line":94,"end_character":18},"updated":"2019-07-10 21:26:01.000000000","message":"Just want to follow up on Erno\u0027s question from the previous draft about whether we really need this one -- we already have min_disk and virtual_size, would one of those work?","commit_id":"1268198c1fbc2b83dcdfe1554cfcad0a983e1217"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"a4151315fa9b9de383af867768d97fc77d187d3f","unresolved":false,"context_lines":[{"line_number":131,"context_line":"delete the key (in most cases Glance). To delete a key, which has not been"},{"line_number":132,"context_line":"created by the same entity, is bad behavior. To avoid this, we choose to let"},{"line_number":133,"context_line":"the user create and delete the key. To not accidently delete a key, which is"},{"line_number":134,"context_line":"used to encrypt an image, we will let Glance register as a consumer of that"},{"line_number":135,"context_line":"key (secret in Barbican [1]) when the corresponding encrypted image is"},{"line_number":136,"context_line":"uploaded and unregister as a consumer when the image is deleted in Glance."},{"line_number":137,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"7faddb67_e857a001","line":134,"range":{"start_line":134,"start_character":45,"end_line":134,"end_character":53},"updated":"2019-07-10 21:26:01.000000000","message":"This \u0027Consumer API\u0027 in Barbican looks really useful.","commit_id":"1268198c1fbc2b83dcdfe1554cfcad0a983e1217"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"a4151315fa9b9de383af867768d97fc77d187d3f","unresolved":false,"context_lines":[{"line_number":174,"context_line":"The impact depends on whether the implementation will make actual changes to"},{"line_number":175,"context_line":"the image data model or simply use the generic properties field in the"},{"line_number":176,"context_line":"metadata. In the latter case the encryption properties would be added to"},{"line_number":177,"context_line":"metadefs."},{"line_number":178,"context_line":""},{"line_number":179,"context_line":""},{"line_number":180,"context_line":"REST API impact"}],"source_content_type":"text/x-rst","patch_set":5,"id":"7faddb67_e841e00c","line":177,"updated":"2019-07-10 21:26:01.000000000","message":"I think it would make sense for these to be \"common image properties\".  See the \"Proposed Change\" section of https://review.opendev.org/#/c/656895/ for a discussion of what this would mean.","commit_id":"1268198c1fbc2b83dcdfe1554cfcad0a983e1217"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"8684d80fd1c667e697d8791a8f6e77dceb7f5645","unresolved":false,"context_lines":[{"line_number":86,"context_line":"Furthermore, we propose the following additional metadata properties carried by"},{"line_number":87,"context_line":"images of this format:"},{"line_number":88,"context_line":""},{"line_number":89,"context_line":"* \u0027os_encrypt_format\u0027 - the main mechanism used, e.g. \u0027GPG\u0027"},{"line_number":90,"context_line":"* \u0027os_encrypt_type\u0027   - encryption type, e.g. \u0027symmetric\u0027"},{"line_number":91,"context_line":"* \u0027os_encrypt_cipher\u0027 - the cipher algorithm, e.g. \u0027AES256\u0027"},{"line_number":92,"context_line":"* \u0027os_encrypt_key_id\u0027 - reference to key in the key manager"}],"source_content_type":"text/x-rst","patch_set":6,"id":"7faddb67_67492fb5","line":89,"range":{"start_line":89,"start_character":14,"end_line":89,"end_character":20},"updated":"2019-07-18 12:03:55.000000000","message":"One last appeal here for \u0027mechanism\u0027, or for a better explanation of \u0027format\u0027 (I\u0027m not a cryptographer.)  A super-paranoid user may want to upload pre-encrypted raw bits to Glance and then set the proper metadata.  Suppose this user uses PGP Desktop (with AES256) algo because that\u0027s what they have available.  Would that user enter \u0027PGP\u0027 for this field?  What I\u0027m getting at is that the *format* of the blob should be the same whether the user uses GPG or PGP to encrypt the data.\n\nI can see a reason to have this info: suppose there\u0027s some kind of weird bug that under certain circumstances creates output that isn\u0027t interoperable between GPG and PGP; knowing the mechanism used could be helpful for debugging a failure.  But is that the point of this field?  Please explain.  We need to have a clear explanation of this for the documentation.","commit_id":"34370f822c2faf672c2d3ccadca35ab22372b6f9"},{"author":{"_account_id":27665,"name":"Markus Hentsch","email":"markus.hentsch@cloudandheat.com","username":"mhen"},"change_message_id":"430b96f8ba030eb65d6e5e45beeaded0a9408519","unresolved":false,"context_lines":[{"line_number":86,"context_line":"Furthermore, we propose the following additional metadata properties carried by"},{"line_number":87,"context_line":"images of this format:"},{"line_number":88,"context_line":""},{"line_number":89,"context_line":"* \u0027os_encrypt_format\u0027 - the main mechanism used, e.g. \u0027GPG\u0027"},{"line_number":90,"context_line":"* \u0027os_encrypt_type\u0027   - encryption type, e.g. \u0027symmetric\u0027"},{"line_number":91,"context_line":"* \u0027os_encrypt_cipher\u0027 - the cipher algorithm, e.g. \u0027AES256\u0027"},{"line_number":92,"context_line":"* \u0027os_encrypt_key_id\u0027 - reference to key in the key manager"}],"source_content_type":"text/x-rst","patch_set":6,"id":"7faddb67_cd9b2164","line":89,"range":{"start_line":89,"start_character":14,"end_line":89,"end_character":20},"in_reply_to":"7faddb67_4e96d2f2","updated":"2019-08-08 15:25:35.000000000","message":"I agree that the term ‚format‘ might be inappropriate for the current proposal. We refrained from using ‚driver‘ so far because it sounded a bit too server-centric from our point of view. The idea was that the field would not describe the exact driver to be selected but rather give a strong hint to which one is most likely able to handle it. The other fields would then be used to further narrow down the specific driver selection.\nThe benefit would be that the tools used on either side (client or server) to process the format could vary as long as the format agreed on can be processed by both. The documentation should then state which formats and combinations are currently supported and provide examples which tools on the user side may be used. I understand that this might be error-prone due to ever so slight differences between implementations.\n\nWould you suggest that we reduce this to a fixed selection of drivers and specific driver names for the user to choose from along with a documentation on how each exact format supported by a driver may be generated on user side?","commit_id":"34370f822c2faf672c2d3ccadca35ab22372b6f9"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"a6aeb1f9368451b767a645c1688bde4ebe554271","unresolved":false,"context_lines":[{"line_number":86,"context_line":"Furthermore, we propose the following additional metadata properties carried by"},{"line_number":87,"context_line":"images of this format:"},{"line_number":88,"context_line":""},{"line_number":89,"context_line":"* \u0027os_encrypt_format\u0027 - the main mechanism used, e.g. \u0027GPG\u0027"},{"line_number":90,"context_line":"* \u0027os_encrypt_type\u0027   - encryption type, e.g. \u0027symmetric\u0027"},{"line_number":91,"context_line":"* \u0027os_encrypt_cipher\u0027 - the cipher algorithm, e.g. \u0027AES256\u0027"},{"line_number":92,"context_line":"* \u0027os_encrypt_key_id\u0027 - reference to key in the key manager"}],"source_content_type":"text/x-rst","patch_set":6,"id":"7faddb67_4e96d2f2","line":89,"range":{"start_line":89,"start_character":14,"end_line":89,"end_character":20},"in_reply_to":"7faddb67_54c44a5f","updated":"2019-07-31 14:03:22.000000000","message":"Sorry I wasn\u0027t clear about what I\u0027m asking about.  I understand the reason for the field, I\u0027m just confused by its name.  A \"format\" is usually understood as an end result, i.e., a file that is structured in a specific way.  Since we\u0027re talking about the mechanism that is doing the structuring, I don\u0027t think \u0027format\u0027 is the correct term.\n\nGiven what you say above, though (that the field will be used by the code to select the driver to use), maybe this field should be named \u0027os_encrypt_driver\u0027?  What would be the allowable values?  How would you explain what\u0027s supposed to go here to someone uploading an already encrypted image (or are you not supporting that use case)?","commit_id":"34370f822c2faf672c2d3ccadca35ab22372b6f9"},{"author":{"_account_id":27665,"name":"Markus Hentsch","email":"markus.hentsch@cloudandheat.com","username":"mhen"},"change_message_id":"f709d2968b30ebc2920349c7f063474fa8284b44","unresolved":false,"context_lines":[{"line_number":86,"context_line":"Furthermore, we propose the following additional metadata properties carried by"},{"line_number":87,"context_line":"images of this format:"},{"line_number":88,"context_line":""},{"line_number":89,"context_line":"* \u0027os_encrypt_format\u0027 - the main mechanism used, e.g. \u0027GPG\u0027"},{"line_number":90,"context_line":"* \u0027os_encrypt_type\u0027   - encryption type, e.g. \u0027symmetric\u0027"},{"line_number":91,"context_line":"* \u0027os_encrypt_cipher\u0027 - the cipher algorithm, e.g. \u0027AES256\u0027"},{"line_number":92,"context_line":"* \u0027os_encrypt_key_id\u0027 - reference to key in the key manager"}],"source_content_type":"text/x-rst","patch_set":6,"id":"7faddb67_54c44a5f","line":89,"range":{"start_line":89,"start_character":14,"end_line":89,"end_character":20},"in_reply_to":"7faddb67_67492fb5","updated":"2019-07-29 15:50:25.000000000","message":"The way we intend the library (os-brick) to be structured regarding the crypto function is in a driver-based fashion. For the initial implementation, we propose to use an implementation of symmetric AES256 encryption as provided by GnuPG (GPG). For example, the corresponding values defining this implementation are: \u0027GPG\u0027 (format/mechanism), \u0027AES256\u0027 (cipher), \u0027symmetric\u0027 (type).\n\nWhen the library is called to handle an encryption, a corresponding driver is selected which offers handling for the exact combination given (or throws an error if that combination can\u0027t be handled by any of the available drivers). This is similar to how secret orders work in Barbican.\n\nThus, the format/mechanism field is intended to be the main identifier for the driver, whereas cipher and type are rather weak identifiers in comparison. The main focus here is to get reproducible results, i.e. if I do a symmetric AES256 encryption using GPG, I should get the same results regardless on which system.","commit_id":"34370f822c2faf672c2d3ccadca35ab22372b6f9"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"a6aeb1f9368451b767a645c1688bde4ebe554271","unresolved":false,"context_lines":[{"line_number":91,"context_line":"* \u0027os_encrypt_cipher\u0027 - the cipher algorithm, e.g. \u0027AES256\u0027"},{"line_number":92,"context_line":"* \u0027os_encrypt_key_id\u0027 - reference to key in the key manager"},{"line_number":93,"context_line":"* \u0027os_decrypt_container_format\u0027 - format after payload decryption"},{"line_number":94,"context_line":"* \u0027os_decrypt_size\u0027 - size after payload decryption"},{"line_number":95,"context_line":""},{"line_number":96,"context_line":"To upload an encrypted image to Glance we want to add support for encrypting"},{"line_number":97,"context_line":"images using a key ID which references the symmetric key in the key manager"}],"source_content_type":"text/x-rst","patch_set":6,"id":"7faddb67_61907f4b","line":94,"range":{"start_line":94,"start_character":3,"end_line":94,"end_character":19},"updated":"2019-07-31 14:03:22.000000000","message":"You never answered Erno\u0027s question from the PS4 about whether we really need this one -- we already have min_disk and virtual_size, would one of those work?","commit_id":"34370f822c2faf672c2d3ccadca35ab22372b6f9"},{"author":{"_account_id":27665,"name":"Markus Hentsch","email":"markus.hentsch@cloudandheat.com","username":"mhen"},"change_message_id":"430b96f8ba030eb65d6e5e45beeaded0a9408519","unresolved":false,"context_lines":[{"line_number":91,"context_line":"* \u0027os_encrypt_cipher\u0027 - the cipher algorithm, e.g. \u0027AES256\u0027"},{"line_number":92,"context_line":"* \u0027os_encrypt_key_id\u0027 - reference to key in the key manager"},{"line_number":93,"context_line":"* \u0027os_decrypt_container_format\u0027 - format after payload decryption"},{"line_number":94,"context_line":"* \u0027os_decrypt_size\u0027 - size after payload decryption"},{"line_number":95,"context_line":""},{"line_number":96,"context_line":"To upload an encrypted image to Glance we want to add support for encrypting"},{"line_number":97,"context_line":"images using a key ID which references the symmetric key in the key manager"}],"source_content_type":"text/x-rst","patch_set":6,"id":"7faddb67_edb5bdd1","line":94,"range":{"start_line":94,"start_character":3,"end_line":94,"end_character":19},"in_reply_to":"7faddb67_61907f4b","updated":"2019-08-08 15:25:35.000000000","message":"As already agreed upon in the IRC, we will stick with introducing a new field for the decrypted size. It is strictly related to the encryption of an image and describes the exact byte count of the decrypted payload, rather than a boundary (like min_disk). As for virtual_size, we concluded that if virtual_size eventually starts being used by some other mechanisms we might interfere with that, so we‘d like to keep it separate.","commit_id":"34370f822c2faf672c2d3ccadca35ab22372b6f9"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"a6aeb1f9368451b767a645c1688bde4ebe554271","unresolved":false,"context_lines":[{"line_number":206,"context_line":""},{"line_number":207,"context_line":"* Users should be able to optionally, but knowingly upload an encrypted image."},{"line_number":208,"context_line":""},{"line_number":209,"context_line":"* If an administrator has configured Glance to reject unencrypted images, such"},{"line_number":210,"context_line":"  images will not be accepted when attempted to be uploaded to Glance."},{"line_number":211,"context_line":""},{"line_number":212,"context_line":"Performance Impact"},{"line_number":213,"context_line":"------------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"7faddb67_21b847e3","line":210,"range":{"start_line":209,"start_character":2,"end_line":210,"end_character":70},"updated":"2019-07-31 14:03:22.000000000","message":"You need to explain how you see this working because one implication of this setting is that there can\u0027t be any public images in such a cloud (there are no public secrets in barbican), unless the operator has separate user-facing and admin-facing Glance nodes.  But if we\u0027re going to require separate nodes, then I think this can be handled via the container_formats config option (see below).","commit_id":"34370f822c2faf672c2d3ccadca35ab22372b6f9"},{"author":{"_account_id":27665,"name":"Markus Hentsch","email":"markus.hentsch@cloudandheat.com","username":"mhen"},"change_message_id":"430b96f8ba030eb65d6e5e45beeaded0a9408519","unresolved":false,"context_lines":[{"line_number":206,"context_line":""},{"line_number":207,"context_line":"* Users should be able to optionally, but knowingly upload an encrypted image."},{"line_number":208,"context_line":""},{"line_number":209,"context_line":"* If an administrator has configured Glance to reject unencrypted images, such"},{"line_number":210,"context_line":"  images will not be accepted when attempted to be uploaded to Glance."},{"line_number":211,"context_line":""},{"line_number":212,"context_line":"Performance Impact"},{"line_number":213,"context_line":"------------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"7faddb67_6dc9cd58","line":210,"range":{"start_line":209,"start_character":2,"end_line":210,"end_character":70},"in_reply_to":"7faddb67_21b847e3","updated":"2019-08-08 15:25:35.000000000","message":"The unavailability of public images is a limitation of that approach in its current state. Disabling unencrypted images is a conscious decision of the cloud provider, who will limit this functionality in favor of added security. This limitation could be addressed in the future when Barbican introduces a form of secret sharing across projects, i.e. public secrets. For now, we should simply document this limitation.","commit_id":"34370f822c2faf672c2d3ccadca35ab22372b6f9"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"8684d80fd1c667e697d8791a8f6e77dceb7f5645","unresolved":false,"context_lines":[{"line_number":226,"context_line":"Other deployer impact"},{"line_number":227,"context_line":"---------------------"},{"line_number":228,"context_line":""},{"line_number":229,"context_line":"* Configuration options added: new container type(s) in Glance and a toggle to"},{"line_number":230,"context_line":"  enforce encrypted images (by rejecting unencrypted uploads)."},{"line_number":231,"context_line":""},{"line_number":232,"context_line":"* A key manager - like Barbican - is required."},{"line_number":233,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"7faddb67_07d63b29","line":230,"range":{"start_line":229,"start_character":2,"end_line":230,"end_character":62},"updated":"2019-07-18 12:03:55.000000000","message":"We don\u0027t need a new config option for this, this can be done by simply not including \u0027encrypted\u0027 in the current \u0027container_formats\u0027 config option.  That gives you discoverability for free (\u0027encrypted\u0027 will either appear or not appear in the response to the GET v2/schemas/image call).  The down side is that someone could still upload an encrypted image using a different container_format, but (a) such an image would be useless, and (b) you can do that now.","commit_id":"34370f822c2faf672c2d3ccadca35ab22372b6f9"},{"author":{"_account_id":27665,"name":"Markus Hentsch","email":"markus.hentsch@cloudandheat.com","username":"mhen"},"change_message_id":"f709d2968b30ebc2920349c7f063474fa8284b44","unresolved":false,"context_lines":[{"line_number":226,"context_line":"Other deployer impact"},{"line_number":227,"context_line":"---------------------"},{"line_number":228,"context_line":""},{"line_number":229,"context_line":"* Configuration options added: new container type(s) in Glance and a toggle to"},{"line_number":230,"context_line":"  enforce encrypted images (by rejecting unencrypted uploads)."},{"line_number":231,"context_line":""},{"line_number":232,"context_line":"* A key manager - like Barbican - is required."},{"line_number":233,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"7faddb67_9492c29e","line":230,"range":{"start_line":229,"start_character":2,"end_line":230,"end_character":62},"in_reply_to":"7faddb67_07d63b29","updated":"2019-07-29 15:50:25.000000000","message":"\u003e simply not including \u0027encrypted\u0027 in the current \u0027container_formats\u0027\n\nCan you elaborate on how you suggest this to work for the creation step? From our experience, not specifying this type within \u0027container_formats\u0027 will lead to a\n\n\u003e Unable to set \u0027container_format\u0027 to \u0027encrypted\u0027. Reason: \u0027encrypted\u0027 is not one of [...]\"\n\nerror in the glanceclient (see [1]). The glanceclient checks \u0027/v2/schemas/image\u0027 before making the POST request to \u0027/v2/images\u0027 and ensures that the container_format is known to and accepted by the server (as defined in the server\u0027s config and included in the response).\n\n[1] https://github.com/openstack/python-glanceclient/blob/68cb66b5d0668cf2cb06f621309b3e4e5d7fd293/glanceclient/v2/images.py#L358","commit_id":"34370f822c2faf672c2d3ccadca35ab22372b6f9"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"a6aeb1f9368451b767a645c1688bde4ebe554271","unresolved":false,"context_lines":[{"line_number":226,"context_line":"Other deployer impact"},{"line_number":227,"context_line":"---------------------"},{"line_number":228,"context_line":""},{"line_number":229,"context_line":"* Configuration options added: new container type(s) in Glance and a toggle to"},{"line_number":230,"context_line":"  enforce encrypted images (by rejecting unencrypted uploads)."},{"line_number":231,"context_line":""},{"line_number":232,"context_line":"* A key manager - like Barbican - is required."},{"line_number":233,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"7faddb67_c174d36a","line":230,"range":{"start_line":229,"start_character":2,"end_line":230,"end_character":62},"in_reply_to":"7faddb67_9492c29e","updated":"2019-07-31 14:03:22.000000000","message":"Sorry, I completely misread what you\u0027re proposing here.  I thought you wanted a way to make encryption optional; you want a way to make it mandatory.  Same thing applies.  If an operator wants to allow *only* encrypted images, they could include *only* \u0027encrypted\u0027 in the container_formats configuration option, and then any other container_format will be rejected.  An end user will be able to discover this for themselves in the image schema.  This is consistent with Glance\u0027s behavior since schemas were introduced in v 2.0.","commit_id":"34370f822c2faf672c2d3ccadca35ab22372b6f9"},{"author":{"_account_id":27665,"name":"Markus Hentsch","email":"markus.hentsch@cloudandheat.com","username":"mhen"},"change_message_id":"430b96f8ba030eb65d6e5e45beeaded0a9408519","unresolved":false,"context_lines":[{"line_number":226,"context_line":"Other deployer impact"},{"line_number":227,"context_line":"---------------------"},{"line_number":228,"context_line":""},{"line_number":229,"context_line":"* Configuration options added: new container type(s) in Glance and a toggle to"},{"line_number":230,"context_line":"  enforce encrypted images (by rejecting unencrypted uploads)."},{"line_number":231,"context_line":""},{"line_number":232,"context_line":"* A key manager - like Barbican - is required."},{"line_number":233,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"7faddb67_ade4a5e1","line":230,"range":{"start_line":229,"start_character":2,"end_line":230,"end_character":62},"in_reply_to":"7faddb67_c174d36a","updated":"2019-08-08 15:25:35.000000000","message":"I see, that makes sense. I guess we can omit introducing a new configuration variable then. Thanks for the hint!","commit_id":"34370f822c2faf672c2d3ccadca35ab22372b6f9"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"eeae17f7fa5730994686a183b6eb8739c8bce75d","unresolved":false,"context_lines":[{"line_number":273,"context_line":""},{"line_number":274,"context_line":"Furthermore:"},{"line_number":275,"context_line":""},{"line_number":276,"context_line":"* Add encryption functionality to OSC for creating images from local files"},{"line_number":277,"context_line":""},{"line_number":278,"context_line":""},{"line_number":279,"context_line":"Dependencies"}],"source_content_type":"text/x-rst","patch_set":7,"id":"3fa7e38b_9d42420f","line":276,"range":{"start_line":276,"start_character":34,"end_line":276,"end_character":37},"updated":"2019-11-07 02:30:51.000000000","message":"From Train onwards, Glance is not going to use OSC anymore, so you need to add this support in python-glanceclient.","commit_id":"7975f8c127fc81c86ace515e2da9703a0dea0662"}],"specs/train/approved/index.rst":[{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"9fb664bb2e2404016de1c045a8788972ca790ac9","unresolved":false,"context_lines":[{"line_number":6,"context_line":"   :glob:"},{"line_number":7,"context_line":"   :maxdepth: 1"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Approved untargeted specs for Glance:"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":".. toctree::"},{"line_number":12,"context_line":"   :glob:"}],"source_content_type":"text/x-rst","patch_set":5,"id":"7faddb67_b5075c18","line":9,"range":{"start_line":9,"start_character":0,"end_line":9,"end_character":19},"updated":"2019-07-17 21:44:03.000000000","message":"s/Approved untargeted/Train approved/","commit_id":"1268198c1fbc2b83dcdfe1554cfcad0a983e1217"}],"specs/victoria/approved/glance/image-encryption.rst":[{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"1b0ba8958f809013707e38ff36e3e21d7169a06a","unresolved":false,"context_lines":[{"line_number":83,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":84,"context_line":""},{"line_number":85,"context_line":"For Glance we propose to add a new container_format called \u0027encrypted\u0027."},{"line_number":86,"context_line":"Furthermore, we propose the following additional metadata properties carried by"},{"line_number":87,"context_line":"images of this format:"},{"line_number":88,"context_line":""},{"line_number":89,"context_line":"* \u0027os_encrypt_format\u0027 - the main mechanism used, e.g. \u0027GPG\u0027"},{"line_number":90,"context_line":"* \u0027os_encrypt_type\u0027   - encryption type, e.g. \u0027symmetric\u0027"}],"source_content_type":"text/x-rst","patch_set":11,"id":"bf51134e_a3d8011e","line":87,"range":{"start_line":86,"start_character":38,"end_line":87,"end_character":22},"updated":"2020-06-22 11:44:24.000000000","message":"More of a question for Abhishek, Brian \u0026 Sean: Would this be something we should do as common image properties or do we want to lock this down somehow to the image format? For the record I\u0027d prefer the first option. Could get messy as we do not have mechanismn to track format specific stuff anywhere.","commit_id":"a1e52abe9151cd68467359fdd7a7e8e01a75cd5d"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"dfcbbcf62e1accd46d363ac4efd6eccf3124b78e","unresolved":false,"context_lines":[{"line_number":83,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":84,"context_line":""},{"line_number":85,"context_line":"For Glance we propose to add a new container_format called \u0027encrypted\u0027."},{"line_number":86,"context_line":"Furthermore, we propose the following additional metadata properties carried by"},{"line_number":87,"context_line":"images of this format:"},{"line_number":88,"context_line":""},{"line_number":89,"context_line":"* \u0027os_encrypt_format\u0027 - the main mechanism used, e.g. \u0027GPG\u0027"},{"line_number":90,"context_line":"* \u0027os_encrypt_type\u0027   - encryption type, e.g. \u0027symmetric\u0027"}],"source_content_type":"text/x-rst","patch_set":11,"id":"bf51134e_bd48195c","line":87,"range":{"start_line":86,"start_character":38,"end_line":87,"end_character":22},"in_reply_to":"bf51134e_a3d8011e","updated":"2020-06-22 15:07:23.000000000","message":"I would also prefer to do this as common image properties.","commit_id":"a1e52abe9151cd68467359fdd7a7e8e01a75cd5d"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"abf6939bb3229ca549b5e4a90ba91b76fac9c05a","unresolved":false,"context_lines":[{"line_number":86,"context_line":"Furthermore, we propose the following additional metadata properties carried by"},{"line_number":87,"context_line":"images of this format:"},{"line_number":88,"context_line":""},{"line_number":89,"context_line":"* \u0027os_encrypt_format\u0027 - the main mechanism used, e.g. \u0027GPG\u0027"},{"line_number":90,"context_line":"* \u0027os_encrypt_type\u0027   - encryption type, e.g. \u0027symmetric\u0027"},{"line_number":91,"context_line":"* \u0027os_encrypt_cipher\u0027 - the cipher algorithm, e.g. \u0027AES256\u0027"},{"line_number":92,"context_line":"* \u0027os_encrypt_key_id\u0027 - reference to key in the key manager"}],"source_content_type":"text/x-rst","patch_set":11,"id":"ff570b3c_0976b53f","line":89,"range":{"start_line":89,"start_character":3,"end_line":89,"end_character":20},"updated":"2020-06-17 05:46:14.000000000","message":"for additional/specific properties we prefer to use \u0027os_glance\u0027 prefix. So this should be \u0027os_glance_encrypt_format\u0027 and so on for below properties as well.","commit_id":"a1e52abe9151cd68467359fdd7a7e8e01a75cd5d"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"1b0ba8958f809013707e38ff36e3e21d7169a06a","unresolved":false,"context_lines":[{"line_number":86,"context_line":"Furthermore, we propose the following additional metadata properties carried by"},{"line_number":87,"context_line":"images of this format:"},{"line_number":88,"context_line":""},{"line_number":89,"context_line":"* \u0027os_encrypt_format\u0027 - the main mechanism used, e.g. \u0027GPG\u0027"},{"line_number":90,"context_line":"* \u0027os_encrypt_type\u0027   - encryption type, e.g. \u0027symmetric\u0027"},{"line_number":91,"context_line":"* \u0027os_encrypt_cipher\u0027 - the cipher algorithm, e.g. \u0027AES256\u0027"},{"line_number":92,"context_line":"* \u0027os_encrypt_key_id\u0027 - reference to key in the key manager"}],"source_content_type":"text/x-rst","patch_set":11,"id":"bf51134e_ae22c5fe","line":89,"range":{"start_line":89,"start_character":3,"end_line":89,"end_character":20},"in_reply_to":"ff570b3c_0976b53f","updated":"2020-06-22 11:44:24.000000000","message":"++\n\nSpecially as for example cinder copies the image properties into the volume metadata, let\u0027s try to avoid overloading the keys.","commit_id":"a1e52abe9151cd68467359fdd7a7e8e01a75cd5d"},{"author":{"_account_id":27665,"name":"Markus Hentsch","email":"markus.hentsch@cloudandheat.com","username":"mhen"},"change_message_id":"7a2172ff8b6936cab6ca8baabed2b883ea23d764","unresolved":false,"context_lines":[{"line_number":86,"context_line":"Furthermore, we propose the following additional metadata properties carried by"},{"line_number":87,"context_line":"images of this format:"},{"line_number":88,"context_line":""},{"line_number":89,"context_line":"* \u0027os_encrypt_format\u0027 - the main mechanism used, e.g. \u0027GPG\u0027"},{"line_number":90,"context_line":"* \u0027os_encrypt_type\u0027   - encryption type, e.g. \u0027symmetric\u0027"},{"line_number":91,"context_line":"* \u0027os_encrypt_cipher\u0027 - the cipher algorithm, e.g. \u0027AES256\u0027"},{"line_number":92,"context_line":"* \u0027os_encrypt_key_id\u0027 - reference to key in the key manager"}],"source_content_type":"text/x-rst","patch_set":11,"id":"bf51134e_7ab32799","line":89,"range":{"start_line":89,"start_character":3,"end_line":89,"end_character":20},"in_reply_to":"ff570b3c_0976b53f","updated":"2020-06-22 14:53:16.000000000","message":"Done","commit_id":"a1e52abe9151cd68467359fdd7a7e8e01a75cd5d"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"1b0ba8958f809013707e38ff36e3e21d7169a06a","unresolved":false,"context_lines":[{"line_number":272,"context_line":""},{"line_number":273,"context_line":"* Add unregistering as consumer for a Barbican secret when deleting an"},{"line_number":274,"context_line":"  encrypted image"},{"line_number":275,"context_line":""},{"line_number":276,"context_line":""},{"line_number":277,"context_line":"Dependencies"},{"line_number":278,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":11,"id":"bf51134e_6340a9a6","line":275,"updated":"2020-06-22 11:44:24.000000000","message":"Reminder here so we don\u0027t forget it. Conversion plugin for Interoperable Image Import needs to have addition of the \"encrypted\" container type to the list it will noop.","commit_id":"a1e52abe9151cd68467359fdd7a7e8e01a75cd5d"},{"author":{"_account_id":27665,"name":"Markus Hentsch","email":"markus.hentsch@cloudandheat.com","username":"mhen"},"change_message_id":"7a2172ff8b6936cab6ca8baabed2b883ea23d764","unresolved":false,"context_lines":[{"line_number":272,"context_line":""},{"line_number":273,"context_line":"* Add unregistering as consumer for a Barbican secret when deleting an"},{"line_number":274,"context_line":"  encrypted image"},{"line_number":275,"context_line":""},{"line_number":276,"context_line":""},{"line_number":277,"context_line":"Dependencies"},{"line_number":278,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":11,"id":"bf51134e_baa93f25","line":275,"in_reply_to":"bf51134e_6340a9a6","updated":"2020-06-22 14:53:16.000000000","message":"Good catch! Added to work items.","commit_id":"a1e52abe9151cd68467359fdd7a7e8e01a75cd5d"},{"author":{"_account_id":11904,"name":"Sean McGinnis","email":"sean.mcginnis@gmail.com","username":"SeanM"},"change_message_id":"0a741da29b7b12fc86d6d7f3538fc994a9245159","unresolved":false,"context_lines":[{"line_number":4,"context_line":""},{"line_number":5,"context_line":" http://creativecommons.org/licenses/by/3.0/legalcode"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":8,"context_line":"Image Encryption and Decryption"},{"line_number":9,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":10,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"bf51134e_d5c8a075","line":7,"range":{"start_line":7,"start_character":31,"end_line":7,"end_character":42},"updated":"2020-07-02 20:17:04.000000000","message":"This can be trimmed to match the title length if you do an update.","commit_id":"8803837a405a35f58abc364b4dc11f5bd3dabd27"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"dfcbbcf62e1accd46d363ac4efd6eccf3124b78e","unresolved":false,"context_lines":[{"line_number":95,"context_line":""},{"line_number":96,"context_line":"To upload an encrypted image to Glance we want to add support for encrypting"},{"line_number":97,"context_line":"images using a key ID which references the symmetric key in the key manager"},{"line_number":98,"context_line":"(e.g. Barbican) in the OpenStack Client. This also involves new CLI arguments to"},{"line_number":99,"context_line":"specify the key ID and encryption method and this implementation should"},{"line_number":100,"context_line":"make use of a centralized encryption implementation provided by a global"},{"line_number":101,"context_line":"library, shared between all involved OpenStack components to eliminate the need"}],"source_content_type":"text/x-rst","patch_set":12,"id":"bf51134e_fd85715b","line":98,"range":{"start_line":98,"start_character":23,"end_line":98,"end_character":39},"updated":"2020-06-22 15:07:23.000000000","message":"Glance does not recommend to use OpenStack Client any more, so we need to add this support in python-glanceclient","commit_id":"8803837a405a35f58abc364b4dc11f5bd3dabd27"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"dfcbbcf62e1accd46d363ac4efd6eccf3124b78e","unresolved":false,"context_lines":[{"line_number":274,"context_line":"  encrypted image"},{"line_number":275,"context_line":""},{"line_number":276,"context_line":"* Provide compatibility to the image_conversion plugin for Interoperable Image"},{"line_number":277,"context_line":"  Import (skip conversion attempt for encrypted payload)"},{"line_number":278,"context_line":""},{"line_number":279,"context_line":""},{"line_number":280,"context_line":"Dependencies"}],"source_content_type":"text/x-rst","patch_set":12,"id":"bf51134e_1dcf85b0","line":277,"updated":"2020-06-22 15:07:23.000000000","message":"We should also add support for providing additional properties if image format is encrypted in python-glanceclient","commit_id":"8803837a405a35f58abc364b4dc11f5bd3dabd27"},{"author":{"_account_id":28271,"name":"Josephine Seifert","email":"josephine.seifert@cloudandheat.com","username":"josei"},"change_message_id":"40b6e85292d2f2427fe866dbf576756de2a2aef0","unresolved":false,"context_lines":[{"line_number":274,"context_line":"  encrypted image"},{"line_number":275,"context_line":""},{"line_number":276,"context_line":"* Provide compatibility to the image_conversion plugin for Interoperable Image"},{"line_number":277,"context_line":"  Import (skip conversion attempt for encrypted payload)"},{"line_number":278,"context_line":""},{"line_number":279,"context_line":""},{"line_number":280,"context_line":"Dependencies"}],"source_content_type":"text/x-rst","patch_set":12,"id":"bf51134e_c06f2bfa","line":277,"in_reply_to":"bf51134e_1dcf85b0","updated":"2020-07-06 08:50:45.000000000","message":"Done","commit_id":"8803837a405a35f58abc364b4dc11f5bd3dabd27"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"ff12d6ed1ba0887675c69fea2bc67ec3dab65caa","unresolved":false,"context_lines":[{"line_number":288,"context_line":"  functionality in a global library shared between the components involved in"},{"line_number":289,"context_line":"  image encryption workflows (Nova, Cinder, OSC). We determined to use"},{"line_number":290,"context_line":"  os-brick."},{"line_number":291,"context_line":""},{"line_number":292,"context_line":""},{"line_number":293,"context_line":"Testing"},{"line_number":294,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":12,"id":"bf51134e_05d031c9","line":291,"updated":"2020-07-02 14:04:21.000000000","message":"I\u0027d add Barbican here, because if the Secret Consumer API isn\u0027t merged early enough in Victoria, you\u0027ll have to come back and add the service-registration code later.","commit_id":"8803837a405a35f58abc364b4dc11f5bd3dabd27"},{"author":{"_account_id":28271,"name":"Josephine Seifert","email":"josephine.seifert@cloudandheat.com","username":"josei"},"change_message_id":"40b6e85292d2f2427fe866dbf576756de2a2aef0","unresolved":false,"context_lines":[{"line_number":288,"context_line":"  functionality in a global library shared between the components involved in"},{"line_number":289,"context_line":"  image encryption workflows (Nova, Cinder, OSC). We determined to use"},{"line_number":290,"context_line":"  os-brick."},{"line_number":291,"context_line":""},{"line_number":292,"context_line":""},{"line_number":293,"context_line":"Testing"},{"line_number":294,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":12,"id":"bf51134e_2076e7d9","line":291,"in_reply_to":"bf51134e_05d031c9","updated":"2020-07-06 08:50:45.000000000","message":"Done","commit_id":"8803837a405a35f58abc364b4dc11f5bd3dabd27"}]}