Tuesday, 2019-06-11

*** whoami-rajat has joined #openstack-barbican02:09
*** dave-mccowan has quit IRC04:23
*** Luzi has joined #openstack-barbican05:53
*** pcaruana has joined #openstack-barbican06:55
*** dayou has quit IRC07:23
*** dayou has joined #openstack-barbican07:37
openstackgerritMerged openstack/castellan master: List requests as explicit dependency  https://review.opendev.org/65566807:46
openstackgerritVladislav Kuzmin proposed openstack/castellan master: Reuse existing token from RequestContext  https://review.opendev.org/66283008:08
*** dayou has quit IRC08:28
*** dayou has joined #openstack-barbican08:41
*** dayou has quit IRC09:18
*** dayou has joined #openstack-barbican09:32
*** pcaruana has quit IRC10:19
*** pcaruana has joined #openstack-barbican11:09
*** dave-mccowan has joined #openstack-barbican11:23
openstackgerritVladislav Kuzmin proposed openstack/castellan master: Reuse existing token from RequestContext  https://review.opendev.org/66283011:33
*** dave-mccowan has quit IRC12:05
*** raildo has joined #openstack-barbican12:06
redrobot#startmeeting barbican13:00
openstackMeeting started Tue Jun 11 13:00:05 2019 UTC and is due to finish in 60 minutes.  The chair is redrobot. Information about MeetBot at http://wiki.debian.org/MeetBot.13:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.13:00
*** openstack changes topic to " (Meeting topic: barbican)"13:00
openstackThe meeting name has been set to 'barbican'13:00
redrobot#topic Roll Call13:00
*** openstack changes topic to "Roll Call (Meeting topic: barbican)"13:00
redrobotCourtesy ping for ade_lee hrybacki jamespage Luzi lxkong moguimar raildo rm_work xek13:00
redrobotAs usual our agenda can be found here:13:01
redrobot#link https://etherpad.openstack.org/p/barbican-weekly-meeting13:01
redrobot#topic Review Past Meeting Action Items13:01
*** openstack changes topic to "Review Past Meeting Action Items (Meeting topic: barbican)"13:01
ade_lee_o/ (briefly)13:01
redrobot#link http://eavesdrop.openstack.org/meetings/barbican/2019/barbican.2019-06-04-13.01.html13:01
redrobotade_lee_, 👋13:01
redrobotWe didn't have any action items last week, so yay!13:02
redrobot#topic Liaison Updates13:02
*** openstack changes topic to "Liaison Updates (Meeting topic: barbican)"13:02
redrobotmoguimar, is not around, but I don't think anything happened in the Oslo meeting this week.13:02
redrobotOk, moving on to today's topics:13:03
redrobot#topic castellan-ui officially retired13:03
*** openstack changes topic to "castellan-ui officially retired (Meeting topic: barbican)"13:03
redrobotThe governance patch finally merged13:03
redrobot#link https://review.opendev.org/#/c/662077/13:03
redrobotwhich means that castellan-ui is officially dead13:03
* redrobot dances on castellan-ui's grave13:03
* ade_lee_ dances a jig13:04
ade_lee_that said -- it would be nice to resurrect it as barbican-ui13:04
redrobotI was thinking about starting a barbican-ui project, just for fun13:04
redrobotade_lee_, jinx!13:04
ade_lee_and we've had some requests for that13:05
moguimarredrobot: o/13:05
redrobotYep, I've seen folks on #openstack-lbass asking about a UI to provision TLS-enabled load balancers13:05
redrobotso for sure the demand is there for a barbican-ui, I think.13:05
ade_lee_I've heard it in the context of folks managing secrets ( certs, keys) for octavia from the ui13:06
ade_lee_(jinx again)13:07
redrobotglad to know we're on the same page, ade_lee_ 😁13:07
redrobotThat's all I had to say about castellan-ui13:08
redrobotDid y'all have any other topics to talk about?13:08
redrobothi jamespage 👋13:08
jamespagesorry I'm late13:08
redrobotjamespage, no worries, you just missed me and ade_lee_ dancing on castellan-ui's grave 😂13:09
jamespageq - when do I need to have the hvac switch done by?13:09
jamespagejuggling a few bits of work at the moment and want to make sure I plan some time to work on that13:09
redrobotjamespage, great question...13:09
redrobot#topic castellan + hvac13:09
*** openstack changes topic to "castellan + hvac (Meeting topic: barbican)"13:09
redrobotmoguimar, when is Feature Freeze for Oslo?13:09
redrobotmoguimar, M3?13:10
moguimarblame harry for having me multitasking13:10
redrobotHaha, no worries13:11
raildoredrobot, Aug 26 - Aug 3013:11
redrobotraildo, thanks!13:11
raildo#link https://releases.openstack.org/train/schedule.html13:11
redrobotjamespage, 👆👆👆  That's the date we need to shoot for13:11
jamespageI'll plan to get something up well in advance of that for review13:12
redrobotjamespage, appreciate you volunteering to rewrite the Vault stuff.  I know it's quite a bit of work13:12
jamespagenp - I'm quite looking forward to it13:12
redrobotjamespage, add me and moguimar for reviews when you get something up13:12
jamespagewill do13:13
redrobotok, moving on to next topic13:13
redrobot#topic Secret Consumers13:14
*** openstack changes topic to "Secret Consumers (Meeting topic: barbican)"13:14
redrobotThanks to ade_lee_ and moguimar for the reviews on this Spec13:14
redrobotI think we're pretty close to working out the details13:14
redrobot#link https://review.opendev.org/#/c/662013/13:14
Luzii have read it and have a question13:15
redrobotLuzi, what's up?13:15
Luzido we assume resource_ids are unique - or don't we?13:16
Luzii mean - if we want to use them as unique, when deleting a consumer, we have to prevent adding multiple different consumers with the same id, right?13:17
redrobotLuzi, yeah, ade_lee_ and I were talking about that on the spec13:18
redrobotat the PTG we were thinking that pretty much all projects use UUIDs to identify resources13:18
Luziredrobot, yes13:18
redrobotand per definition the likelyhood of those being the same would be very very small13:18
redrobotand IIRC we agreed that assuming UUIDs would be unique in a cloud would be OK13:19
redrobotI think we got ade_lee_ on-board with that assumption13:19
redrobotso I'm going to update the spec so that we do consider a resource_id unique13:19
redroboton the server API, we'll return 409 - Conflict if someone wants to add a new consumer with the same resource ID as an existing one13:20
redrobotLuzi, does that answer your question?13:22
Luziredrobot, okay then i'm still up to date :D13:22
redrobotI'll try to get the updated patch up today.13:22
redrobotGreat! 😁13:22
redrobotOk, moving on13:23
redrobot#topic Open Discussion13:23
*** openstack changes topic to "Open Discussion (Meeting topic: barbican)"13:23
redrobotAny other topics we should talk about while we're here?13:23
Luzi3 weeks until cfp fur the summit in shanghai closes13:24
Luzijust as a reminder :D13:24
redrobotLuzi, ah yes, thanks for the reminder!13:24
redrobotI think ade_lee_ davemccowan and I are going to submit the Barbican Workshop again13:25
ade_lee_yeah - we've been talking about adding something about airship as its the new hot thing if we can get it working13:26
ade_lee_there is a security track and a workshop track - so more opportunities to get things in if interested13:27
redrobotLuzi, any plans to talk about Image Encryption?13:30
Luzinot right now, i am updating the specs13:30
redrobotCool beans.13:30
redrobotAlrighty, anything else we should talk about?13:32
redrobotOk, let's call it a day, then.13:36
redrobotThanks for coming, everyone!13:36
*** openstack changes topic to "OpenStack PTG Denver - https://etherpad.openstack.org/p/barbican-train-ptg"13:36
openstackMeeting ended Tue Jun 11 13:36:08 2019 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)13:36
openstackMinutes:        http://eavesdrop.openstack.org/meetings/barbican/2019/barbican.2019-06-11-13.00.html13:36
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/barbican/2019/barbican.2019-06-11-13.00.txt13:36
openstackLog:            http://eavesdrop.openstack.org/meetings/barbican/2019/barbican.2019-06-11-13.00.log.html13:36
openstackgerritVladislav Kuzmin proposed openstack/castellan master: Reuse existing token from RequestContext  https://review.opendev.org/66283013:46
*** pcaruana has quit IRC14:04
*** dave-mccowan has joined #openstack-barbican14:28
*** pcaruana has joined #openstack-barbican14:30
*** pcaruana has quit IRC14:31
*** pcaruana has joined #openstack-barbican14:31
*** kklimonda has quit IRC14:47
*** pcaruana has quit IRC15:17
*** Luzi has quit IRC15:18
*** pcaruana has joined #openstack-barbican15:43
*** pcaruana has quit IRC15:55
*** arunkant has joined #openstack-barbican16:06
*** kklimonda has joined #openstack-barbican16:32
*** whoami-rajat has quit IRC16:38
*** pcaruana has joined #openstack-barbican16:49
rm_workredrobot: FYI currently with consumers, resource IDs are unique by definition because adding them is IDEMPOTENT17:03
rm_workso very different from causing a conflict error17:03
rm_workSpecifically because a service might make multiple requests for a single resource17:04
rm_workAnd it seems fine to allow that, so I'd urge you to conform to the existing implementation17:04
rm_workSorry I missed the meeting :(17:05
rm_workade_lee_: ^^17:05
*** whoami-rajat has joined #openstack-barbican17:05
ade_lee_rm_work, redrobot ^^ I'm ok with returning OK if the consumer has already been added18:26
redrobotade_lee_, rm_work sounds OK to me.18:29
rm_workYeah, I'm hoping it can follow somewhat from the consumer for containers? would hate for them to be super different18:37
rm_workwhat were the main changes you were asking? it seemed like the container thing basically did everything you wanted now too18:37
rm_workthe idea was the service type (IE, load-balancer, would be the same as the Keystone service name) and the resource-id, would be enough to look up whatever it was for18:38
*** pcaruana has quit IRC18:39
rm_workthen: {'service-type': 'load-balancer', 'resource-type': 'loadbalancer', 'resource-id': '<UUID of Load Balancer>'}18:39
rm_workerr, this message got lost: rm_work:it's possible an additional field, like "resource type" would be good, and could be added to containers too as an enhancement18:40
rm_workI forget the exact naming of stuff now18:40
rm_workah, crap, it's name/url18:41
rm_worki thought i did it via service-type, guess i was wrong18:41
rm_workprobably was following the HATEOAS style of the rest T_T18:42
*** raildo has quit IRC19:39
*** whoami-rajat has quit IRC22:55

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!