Tuesday, 2018-07-31

openstackgerritMerged openstack/barbican master: Skip some tests for vault plugin  https://review.openstack.org/58639504:54
*** pcaruana has joined #openstack-barbican06:37
ade_lee#startmeeting barbican12:01
openstackMeeting started Tue Jul 31 12:01:12 2018 UTC and is due to finish in 60 minutes.  The chair is ade_lee. Information about MeetBot at http://wiki.debian.org/MeetBot.12:01
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.12:01
*** openstack changes topic to " (Meeting topic: barbican)"12:01
openstackThe meeting name has been set to 'barbican'12:01
ade_lee#topic roll call12:01
*** openstack changes topic to "roll call (Meeting topic: barbican)"12:01
ade_leeand redrobot is here :)12:02
*** velizarx has joined #openstack-barbican12:02
* redrobot waves12:02
ade_leea minute or so more ..12:02
ade_leewelcome all -- lets get started12:03
ade_lee#topic rocky12:03
*** openstack changes topic to "rocky (Meeting topic: barbican)"12:03
ade_leeso last week we had the m3 release - thanks to dave-mccowan for kicking that off12:04
ade_leeso that means we're in the final stretches of getting stuff in for rocky12:04
ade_leethere is still quite a bit to get in -- so we really need to try to get things reviewed and in12:05
ade_leeI've been using this to track things -- https://tinyurl.com/yctfozgh12:05
ade_leedave-mccowan, hey dave-mccowan12:05
ade_leethe main features we're trying to get in --12:06
ade_leeOVO patches ..12:06
ade_leehttps://review.openstack.org/473658  needs some reviews12:06
lxkongmay i ask what's OVO?12:06
ade_leeoslo versioned objects12:07
lxkongade_lee: thanks12:07
ade_leeallows us to do rolling upgrades12:07
ade_leeand then be able to do database changes etc. more seamlessly12:07
lxkongcool, gotcha12:08
ade_leethere are also some OVO patches which I've reviewed but could use second sets of eyes etc.12:08
ade_leealso -- vault plugin12:08
ade_leelxkong has done a great job getting the vault plugin tests to pass12:09
ade_leeit would be great to be able to get all the tests passing12:09
lxkongwe are going to use vault plugin as backend for barbican12:09
ade_leeand that means being able to create asymmetric keys12:09
ade_leewhich means a change in castellan12:10
lxkongade_lee: i have left comment in that patch12:10
lxkongafter testing12:10
ade_leelxkong, ack - I saw that and will try to address it today or tommorow12:10
ade_leebut we really need some more eyes on this ..12:10
ade_leejaosorior, dave-mccowan , redrobot ^^12:10
ade_leeI had hoped to get that change in before the client lib deadline - so we may need some feature freze exception for it12:11
ade_leeas its a client library12:11
ade_leedave-mccowan, redrobot do you know the procedure for that?12:12
redrobotI _think_ you just need to send a message to the ML12:12
lxkongade_lee: i guess we also need to bump the castellan version dependency in barbican12:12
redrobotI doubt anyone will give us grief about it12:12
dave-mccowanade_lee you should loop in oslo ptl, since oslo owns it now.12:12
ade_leeack -- ok - well lets get it ready to merge first12:13
ade_leeI've been trying to test it here - https://review.openstack.org/58657112:13
ade_leeso far without success - but some folks in #openstack-infra pointed me to LIBS_FROM_GIT parameter12:14
ade_leeso I'm going to try that ..12:14
ade_leealso -- we'd like to get Luzi change in ..12:15
ade_leeso that we have support for xts mode with a large enough bit length12:15
ade_leejaosorior, redrobot -- would like some feedback from ya'll there12:16
ade_leeLuzi, I'll approve once you add a release note12:16
Luzialso, i have a question - i was trying to create arelease note, but it failed somehow...12:16
Luzii used that command: tox -e venv -- reno new12:17
ade_leehmm .. reno failed ?12:17
LuziERROR: InvocationError: could not find executable 'reno'12:17
ade_leemaybe you need to pip install reno ?12:17
Luziwell, i added a release note to another patch, a few days ago without problems12:18
Luzioh well, i needed another version as it seemes12:19
jaosoriorLuzi: reno is not part of barbican's requirements12:19
Luzithank you :)12:19
jaosorioreither you need to pip install reno in that venv12:19
jaosorioror install it in your host (fedora packages it :D)12:19
Luziit worked now12:20
Luzii add the release note after the meeting12:20
ade_leejaosorior, should we add it to requirements?  do other projects have it?12:20
jaosoriornot that I know of12:20
ade_leeok - those are the biggest things we need to get in right now - I think12:21
redrobotmaybe add it to test-requirements?12:21
jaosoriorcool cool12:21
ade_leeare there any others that folks are concerned about ?12:21
jaosoriorade_lee: so your patch depends on Luzi's patch?12:21
jaosoriorLuzi: thanks for the commit, by the way12:21
raildoade_lee, actually, reno is a doc requirement https://github.com/openstack/keystone/blob/199e9b523878c7b0c40750e5534f14ad7bfa5bc2/doc/requirements.txt#L712:21
redrobotraildo, that makes sense12:22
raildoade_lee, so, you can use the reno tool to generate the release notes later12:22
redrobotLuzi, the command should be tox -e docs -- reno new12:22
ade_leeraildo, right12:22
ade_leeraildo, so it should be added to docs requirements.txt?12:22
Luziah thanks redrobot - i used the command from the docu12:22
ade_leewhich its in actually12:23
raildoade_lee, yep12:23
ade_leecool - so nothing to do12:23
ade_leejaosorior, I think my patch is independent of Luzi patch12:23
ade_leejaosorior, why would it depend on it?12:24
jaosoriorade_lee: I had that notion for some reason. Anyway, might wanna talk to Lingxian Kong to see if his -1 has been addressed elsewhere12:24
jaosorioror if he's alright removing the -112:25
ade_leejaosorior, nah - we should have a better unit test in castellan itself12:25
ade_leejaosorior, redrobot hrybacki has a patch here -- https://review.openstack.org/57521812:26
ade_leeabout policy changes --12:26
jaosoriorfunky it has a "Cannot Merge" sign12:26
ade_leedoc and policy in code -- might be nice to get that in - but it needs to be rebased ..12:26
ade_leemost likely12:26
ade_leeok - anything else for rocky?12:27
jaosoriormerge conflict12:27
jaosoriorneeds to be re-worked12:27
ade_lee#topic barbican-specs12:27
*** openstack changes topic to "barbican-specs (Meeting topic: barbican)"12:27
ade_leeI added a new spec for folks to look at please for stein12:28
ade_leenot urgent , but these things do take time12:28
ade_leewould especially like imput from the OVO side12:29
ade_leeI'm also planning to add a spec for a feature that abishop asked about -- being able to transfer ownership of secrets12:29
jaosorioralwould be nice to get assignee(s) for that spec12:29
ade_leejaosorior, indeed -- anyone please feel free to volunteer :)12:30
jaosoriorwould it be a good idea to have a listing of "open work" in the wiki or something of the sort?12:30
ade_leejaosorior, well thats what we have storyboard for, right?12:31
jaosoriorwasn't my initial impression of storyboard, but sure, I guess we could use it for that.12:31
ade_leewe have open stories -- which is a pretty manageable list right now12:31
ade_leeanyways -- if anyone has stories that are interested in -- lets start getting some specs in there.12:32
ade_leestories and spec.12:32
ade_lee#topic anything else?12:33
*** openstack changes topic to "anything else? (Meeting topic: barbican)"12:33
ade_leejust as a note, redrobot and I are currently doing interop testing with thales and atos hsms in case anyone is interested -- using the pkcs11 plugin12:34
ade_leeif nothing else ...12:35
Luzii would tell mhen about it, i guess he might have a few questions - but he is not here right now12:35
ade_leeLuzi, cool - he can ping us anytime12:35
Luzithat's good, thank you :)12:35
ade_leeok ya'll - thanks for coming!  till next week.12:36
*** openstack changes topic to "Discussion about development of OpenStack Barbican and its client libraries. - Logs: http://eavesdrop.openstack.org/irclogs/%23openstack-barbican/"12:36
openstackMeeting ended Tue Jul 31 12:36:08 2018 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)12:36
openstackMinutes:        http://eavesdrop.openstack.org/meetings/barbican/2018/barbican.2018-07-31-12.01.html12:36
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/barbican/2018/barbican.2018-07-31-12.01.txt12:36
openstackLog:            http://eavesdrop.openstack.org/meetings/barbican/2018/barbican.2018-07-31-12.01.log.html12:36
openstackgerritJosephine Seifert proposed openstack/barbican master: Adding support for 512-Bit-Secret-Creation when using xts-mode  https://review.openstack.org/57709613:12
openstackgerritMerged openstack/barbican master: Initial the unit-tests of OVO for Barbican  https://review.openstack.org/57640913:33
openstackgerritAde Lee proposed openstack/barbican master: Testing - DO NOT MERGE  https://review.openstack.org/58657114:12
openstackgerritAde Lee proposed openstack/barbican master: Testing - DO NOT MERGE  https://review.openstack.org/58657115:35
*** namnh has joined #openstack-barbican22:37
johnsomDoes barbican client ignore the --os-interface setting on secret gets?23:27
johnsomOctavia is using the barbican client to fetch a secret, but it appears to not be honoring the "interface" we pass in.23:28
