Ask Your Question

can a normal user create an encrypted volume?

asked 2016-09-24 06:55:59 -0500

updated 2016-09-24 18:58:34 -0500

The admin guide for Mitaka indicates that admin credentials are required to create an encrypted volume. A Mitaka cloud I am currently playing with confirms this.

If this is true, is there a way to configure a cloud so that normal users can protect their data at rest?

EDIT: The error message I am getting when creating an encrypted volume indicates that I can't order a secret with Barbican. And indeed:

$ barbican secret order create key
Starting new HTTPS connection (1):
Starting new HTTPS connection (1):
4xx Client error: Forbidden
$ barbican secret list
Starting new HTTPS connection (1):
Starting new HTTPS connection (1):
4xx Client error: Forbidden

So my question is now: How can I configure Barbican so that a normal user can use it?

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted

answered 2016-09-26 01:58:32 -0500

updated 2016-09-26 02:01:03 -0500

It turns out that Barbican requires users to have the creator role (or one of the other roles documented on the Barbican RBAC page for creating and using secrets.

Unfortunately non-developer guides on fail to mention this detail. In fact, there is no Key Management section in these guides, although volume encryption is covered in the config guide.

edit flag offensive delete link more

answered 2016-09-25 15:14:59 -0500

theque42 gravatar image

I dont know this specific issue, but if this a limitation caused by policy restriction, then creating a new role and modifying policy.json apropriately should solve it. It least it worked for enabling a normal user to perform live migration.

edit flag offensive delete link more


You are right. Details in the second answer. Thanks!

Bernd Bausch gravatar imageBernd Bausch ( 2016-09-26 01:53:14 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2016-09-24 06:55:59 -0500

Seen: 108 times

Last updated: Sep 26 '16