Cinder volume encryption support

Provides support for encrypted cinder volume creation.

Problem description

Cinder provide encrypted volume creation by using encrypted volume type as described in below wiki page:

Proposed change

Add new contrib heat resource plugin for creating the encrypted volume type OS::Cinder::EncryptedVolumeType with following properties:

  • provider (required)

    • description: The class that provides encryption support. For example, nova.volume.encryptors.luks.LuksEncryptor.

    • type: string

  • cipher (optional)

    • description: The encryption algorithm or mode. For example, aes-xts-plain64

    • type: string

  • key_size (optional)

    • description: Size of encryption key, in bits. For example, 128 or 256.

    • type: integer

  • control_location (optional)

    • default: front-end

    • allowed-values: front-end, back-end.

    • description: Notional service where encryption is performed.

    • type: string

  • type (required)

    • description: Name or id of volume type (OS::Cinder::VolumeType)

    • type: string

This resource needs following actions:

  • create

  • delete





Primary assignee:

Kanagaraj Manickam (kanagaraj-manickam)


Target Milestone for completion:


Work Items

  • Add new contrib resource plugin as described in the solution section

  • Add test cases for new resource plugin

  • Add required functional test cases to validate the resource.