13:00:49 <mhen> #startmeeting image_encryption
13:00:50 <openstack> Meeting started Mon Aug 19 13:00:49 2019 UTC and is due to finish in 60 minutes.  The chair is mhen. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:00:51 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
13:00:53 <openstack> The meeting name has been set to 'image_encryption'
13:01:37 <mhen> #topic Roll Call
13:02:14 <redrobot> 👋
13:02:59 <mhen> greetings!
13:03:46 <redrobot> Happy Monday, mhen!
13:04:07 <mhen> likewise ;)
13:05:38 <mhen> just you and me today?
13:05:49 <redrobot> I think so ... unless moguimar is around?
13:05:56 <moguimar> o/
13:06:00 <moguimar> o/
13:06:11 <mhen> yay, welcome moguimar!
13:06:23 <moguimar> hey
13:06:32 <efried> o/
13:06:41 <moguimar> sorry, I was busy playing with the Secret Consumers code xD
13:06:53 <moguimar> distracted*
13:06:58 <mhen> I already started wondering whether my performance last week was so bad I scared people off... :D
13:07:10 <redrobot> 😂
13:07:11 * mhen is honored to substitute Luzi again this week
13:07:32 <mhen> okay shall we start then?
13:07:45 <moguimar> yep
13:07:48 <mhen> #topic Barbican secret consumer API
13:08:02 <mhen> so how is the consumer API implementation coming along?
13:08:12 <moguimar> #link https://review.opendev.org/#/c/674302/
13:08:14 <patchbot> patch 674302 - barbican - [WIP] Secret Consumers - 9 patch sets
13:08:37 <moguimar> I think the model + alembic migrations are solid
13:08:40 <moguimar> need reviews
13:09:00 <moguimar> and I just found out there are a lot other files that I have to touch too
13:09:08 <moguimar> in order to mimic container consumers
13:09:49 <moguimar> but I'm in a good flow now with it =D
13:10:02 <moguimar> so no big worries about the many files
13:10:19 <mhen> moguimar, that's great! Thanks for the update!
13:10:28 <redrobot> moguimar++
13:11:03 <mhen> #action mhen & Luzi, review Secret Consumers patch set
13:11:25 <mhen> #topic Pending discussion points in abandoned Nova spec
13:11:32 <mhen> so the Nova spec was abandoned due to not getting a spec freeze exception for Train
13:11:48 <mhen> there are still a bunch of unanswered questions/concerns which were raised in gerrit
13:12:08 <mhen> since the review is now abandoned, is it still appropriate to post answers there?
13:12:32 <mhen> #link https://review.opendev.org/#/c/608696/
13:12:32 <patchbot> patch 608696 - nova-specs - Spec for the Nova part of Image Encryption (ABANDONED) - 11 patch sets
13:12:42 <redrobot> can you re-open and rebase for U branch?
13:12:51 * redrobot is not sure how Nova does specs
13:13:16 <mhen> I'm not sure either, Luzi might now more ^^'
13:13:22 <mhen> *know
13:15:17 <mhen> efried, can you comment on that?
13:16:07 <efried> yes
13:17:11 <efried> restore the spec (Restore button in the gerrit UI) and then propose a new patch set with the file moved to the backlog/ directory - or wait a couple weeks until we have an official name for U, then takashin will populate the directories for that name, and then you can propose it directly to U.
13:18:08 <mhen> efried, are the old comments and patch sets kept in both cases? (so that we can directly follow up on pending discussions/questions)
13:18:54 <efried> yes. And if you're lucky, gerrit is smart enough to understand that you've renamed the same file (rather than deleting and creating) so you can still see the delta from one PS to another
13:18:55 <efried> but
13:19:04 <efried> I would recommend doing the rename in one PS and any deltas in a separate one.
13:19:11 <efried> Probably in the opposite order, actually.
13:19:32 <efried> because then I can definitely look at the diff across those two patch sets and see what's been changed per what comments
13:19:38 <efried> and then the rename PS is *only* a rename.
13:20:44 <mhen> great, I will note that down. Thanks for the clarification and tips!
13:21:40 <mhen> I will discuss with Luzi whether we go the backlog route or wait for U
13:21:54 <efried> If you have trouble restoring (it's possible only the author can restore? Not sure) let me know and I can do it for you.
13:22:59 <mhen> efried, will take you up on your offer if necessary, thanks :)
13:23:29 <efried> if our time zones don't overlap, leave a comment on the review and I'll do it asap.
13:25:50 <mhen> we'll address the pending discussion points as soon as we conclude the restore process then
13:27:02 <mhen> #topic Renaming of 'os_encrypt_format'
13:27:09 <mhen> so there was some feedback on the Glance spec regarding our proposed image metadata attribute called 'os_encrypt_format' and its naming
13:27:24 <mhen> it's supposed the main identifier for the selected encryption method, e.g. 'GPG'
13:27:36 <mhen> our spec proposes to use the set of os_encrypt_ attributes to find and select a suitable driver to compute the specified encryption
13:27:51 <mhen> (similar to how secret orders are handled by Barbican in regards to driver selection)
13:28:05 <mhen> so it's not the only attribute relevant for driver selection (_type and _cipher are also important) but the one with the most weight to it
13:28:15 <mhen> concern was raised that _format might be a bad naming choice, which I do agree with
13:28:31 <mhen> calling it _driver would be too specific I think, since the other os_encrypt_ attributes still play a role in driver selection
13:28:59 <mhen> any suggestions or opinions on this?
13:34:51 <mhen> ... seems like there's no strong opinion on this one yet :)
13:35:55 <mhen> I think I'll simply discuss this with Luzi again and we will come up with an alternative suggestion
13:36:15 <mhen> #topic Open discussion
13:36:21 <redrobot> mhen++
13:36:44 <mhen> Anything else to discuss?
13:40:38 <fungi> i'm around now, skimming scrollback real quick
13:40:46 <fungi> but i didn't have anything to bring up
13:40:46 <mhen> hey fungi :)
13:43:09 <fungi> i second efried's suggestion to use `git mv` in a separate patchset from any content editing you do
13:44:10 <fungi> also don't rebase the change if you can help it, or if you do rebase then doing that in a separate patchset with no edits (other than merge conflict resolution) too is helpful
13:44:45 <fungi> but generally don't rebase a change unless it's in merge conflict with master or parented to a different change which has been updated
13:47:52 <mhen> okay thanks for the heads-up!
13:48:27 <mhen> anything else?
13:49:30 <mhen> let's wrap this up then!
13:49:38 <fungi> thanks mhen!
13:49:43 <mhen> thanks for participating and have a wonderful week!
13:50:02 <mhen> #endmeeting image_encryption