Cinder volume encryption support¶

https://blueprints.launchpad.net/heat/+spec/cinder-volume-encryption

Provides support for encrypted cinder volume creation.

Problem description¶

Cinder provide encrypted volume creation by using encrypted volume type as described in below wiki page: http://docs.openstack.org/juno/config-reference/content/section_volume-encryption.html

Proposed change¶

Add new contrib heat resource plugin for creating the encrypted volume type OS::Cinder::EncryptedVolumeType with following properties:

provider (required)

description: The class that provides encryption support. For example, nova.volume.encryptors.luks.LuksEncryptor.

type: string

cipher (optional)

description: The encryption algorithm or mode. For example, aes-xts-plain64

type: string

key_size (optional)

description: Size of encryption key, in bits. For example, 128 or 256.

type: integer

control_location (optional)

default: front-end

allowed-values: front-end, back-end.

description: Notional service where encryption is performed.

type: string

type (required)

description: Name or id of volume type (OS::Cinder::VolumeType)

type: string

This resource needs following actions:

create

delete

Alternatives¶

None.

Implementation¶

Assignee(s)¶

Primary assignee:: Kanagaraj Manickam (kanagaraj-manickam)

Milestones¶

Target Milestone for completion:: liberty-1

Work Items¶

Add new contrib resource plugin as described in the solution section
Add test cases for new resource plugin
Add required functional test cases to validate the resource.

Dependencies¶

None

Cinder volume encryption support