#Volume move with encrypt-destination true

1 messages · Page 1 of 1 (latest)

cunning spear
#

I am trying to automate DARE (data-at-rest encryption) via python script with REST API calls using volume move.

Two possible options:

1) PATCH /api/storage/volumes/{uuid}
with object "movement" which does not support encrypt_destination parameter
{ "error": { "message": "Unexpected argument "movement.encrypt_destination".", "code": "262179", "target": "movement.encrypt_destination" } }

so I though I would get over it with private call for vol move, but...

2) PATCH /api/private/cli/volume/move
which also doesn't support encrypt-destination parameter
{ "error": { "message": "Unexpected argument "encrypt-destination".", "code": "262179", "target": "encrypt-destination" } }

As per the ONTAPI to REST API mapping, parameter encrypt-destination does not have equivalent for REST - which also confirmed my test calls. https://docs.netapp.com/us-en/ontap-restmap-9151/volume.html#volume-move-start

But can we get that enabled somehow? I think it would be enough for the private API call - it should be equivalent to the CLI command. But it is actually not, because this specific parameter was most probably not enabled for this call.

wooden pagoda
#

Hi aBend,

This should work with variant 1. Consider using encryption.enabled = true

Snippet from API docs:

Creates an encrypted or an unencrypted volume. For POST, when set to 'true', a new key is generated and used to encrypt the given volume. In that case, the underlying SVM must be configured with the key manager. When set to 'false', the volume created will be unencrypted. For PATCH, when set to 'true', it encrypts an unencrypted volume. Specifying the parameter as 'false' in a PATCH operation for an encrypted volume is only supported when moving the volume to another aggregate.