Image Signing and Verification Support
OpenStack currently doesn't support either of the following features:
* Signing and signature validation of bootable images
* Validation of uploaded signed images
This blueprint adds support for both of these features. If an uploaded image is signed, Glance will verify the signature prior to storing it. In each of the uploadable cases, proper entry of the appropriate crypto mode selection and keys will be necessary. Deploying authentication will protect against counterfeit images as well as unauthorized images. Integration with Barbican will provide key management support for signing keys. This feature improves the enterprise-ready posture of OpenStack.
Blueprint information
- Status:
- Complete
- Approver:
- Nikhil Komawar
- Priority:
- Medium
- Drafter:
- Brianna Poulos
- Direction:
- Needs approval
- Assignee:
- Brianna Poulos
- Definition:
- New
- Series goal:
- Accepted for liberty
- Implementation:
- Implemented
- Milestone target:
- 11.0.0
- Started by
- Thierry Carrez
- Completed by
- Thierry Carrez
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Add image signing verification
Addressed by: https:/
Add image signing verification
Addressed by: https:/
Add unit tests for signature_utils class
Addressed by: https:/
Update style for signature_utils class
Addressed by: https:/
Add image signature verification metadefs