Difference between revisions of "Meetings/Barbican"
< Meetings
Dave-mccowan (talk | contribs) (→Agenda) |
(→Agenda) |
||
Line 17: | Line 17: | ||
*** Design Discussion: https://review.openstack.org/203678 | *** Design Discussion: https://review.openstack.org/203678 | ||
*** Code review for first commit (config, controller, validator) https://review.openstack.org/198764 | *** Code review for first commit (config, controller, validator) https://review.openstack.org/198764 | ||
+ | ** Brief discussion regarding default policy settings and ability of secret creators to manage their secrets (https://bugs.launchpad.net/barbican/+bug/1475962) | ||
* July 13, 2015 | * July 13, 2015 | ||
** Magnum integration | ** Magnum integration |
Revision as of 19:43, 20 July 2015
Weekly Barbican Meeting
The Barbican project team holds a weekly team meeting in #openstack-meeting-alt
:
- Weekly on Mondays at 2000 UTC
- The blueprints that are used as a basis for the Barbican project can be found at https://blueprints.launchpad.net/barbican
- Notes for previous meetings can be found here.
- Chair (to contact for more information): redrobot (#openstack-barbican @ Freenode)
Agenda
- July 27, 2015
- ENTER TOPICS HERE!
- July 20, 2015
- Magnum integration
- Resource Quotas
- Design Discussion: https://review.openstack.org/203678
- Code review for first commit (config, controller, validator) https://review.openstack.org/198764
- Brief discussion regarding default policy settings and ability of secret creators to manage their secrets (https://bugs.launchpad.net/barbican/+bug/1475962)
- July 13, 2015
- Magnum integration
- CAs blueprint
- copy constructor for secrets and containers, report back from api-wg discussions (elmiko)
- July 6, 2015
- Update on Quota Support blueprint (dave-mccowan)
- ACL client implementation (chellygel)
- Let's discuss the fifth 'acl-user' role needed for Barbican:
- Ugh, I noticed we did discuss this on May 4th with an etherpad here.
- However, I think we got off track talking about lists of secrets...
- So I think the outcome of this discussion should just be a blueprint or paper-cut to add this new role and associated testing for it. I favor blueprint as we could also see a sample of the API doc mods needed.
- June 29, 2015
- Magnum integration
- Why are we still testing the python-barbicanclient with py26
- Dogtag gate as voting
- June 8, 2015
- Mid-Cycle RSVP (redrobot)
- June 1, 2015
- Vancouver Summit Recap (redrobot)
- Mid-Cycle (redrobot)
- May 11, 2015
- (arunkant) Proposed ACL API changes as per ACL docs review comments on line #237
- (dave-mccowan) Heads-up: adding run-as-user support to functional tests. You local keystone deployment will need new users and roles installed to run functional tests.
- May 4, 2015
- (woodster) Let's discuss and fine-tune the 'read-only' ACL user' a little bit
- April 20, 2015
- (redrobot) Kilo-RC1
- (woodster) What approved or drafting blueprints do we want to bring over to Liberty?
- (redrobot) Bug: https://bugs.launchpad.net/barbican/+bug/1446266
- April 13, 2015
- April 6, 2015
- (woodster) Barbican Python client and expected sensitivity to additional response key/values returned. See notes on this CR
- (redrobot) Juno to Kilo DB migration
- (redrobot) Content-Type and payload_content_type combinations
- March 30, 2015
- Flagging things for deprecation. (jvrbanac)
- Logging in Barbican (jvrbanac)
- Castellan Initial Release (redrobot)
- March 23, 2015
- Review comment around storing acl users as comma separated values vs separate table. Review Link (arunkant)
- How to integrate Castellan with Openstack service (arunkant)
- Related: Castellan release and how to update Castellan resources, i.e. bug tracker (kfarr)
- March 16, 2015
- Functional testing
- Assert parameter order
- March 2, 2015
- 100% code coverage options: break packages into 'paper cut' bugs maybe?
- February 23, 2015
- Mid-cycle recap
- https://etherpad.openstack.org/p/barbican-kilo-sprint
- Ade: Wrap profiles around CMC to pass to CA to track product type
- Ade: Additional CR for Identify CA migration scripts (2 others in review)
- Ade: BarbicanMetadata table
- Dave: Certificate Order metadata change API parameter from container ref -> secret ref validation.
- tsv: Quotas BP
- woodster: reach out to Jarret about hard deletes for compliance concerns.
- woodster: Order sub-status
- New gates
- Road to Liberty summit
- Mid-cycle recap
- February 9, 2015
- Update on Swift integration with KeyManager, if/when moving to Castellan
- A note about Barbican packaging effort underway
- L-Summit space requirements
- February 2, 2015
- Kilo 2
- Quota Support blueprint:
- Open question: Admin endpoint (9312) vs service admin thats allowed to set quotas on any project it wishes to?
- Castellan project
- Which openstack services are driving? What is the timeline for Castellan availability and services started using it.
- Just a note: L design session etherpad is available here.
- Migration scripts are not being ran (according to the bugs that I've found) up to which revision should we keep(support)? [jaosorior]
- https://bugs.launchpad.net/barbican/+bug/1376902 [jaosorior]
- This bug also relates to plugin validation which has been discussed in the past but not otherwise acted upon.
- A note about Barbican packaging effort underway
- January 26, 2015
- KMIP MKEK plugin spec https://review.openstack.org/#/c/148948 [tkelsey]
- Discussion over the creation of a new plugin vs updating KMIPSecretStore
- Discussion over Incompatible pluggin versioning (if we decide not to make a second plugin)
- Content types blueprint:
- Seems very close...what questions still need to be answered?
- Per Secret Policy blueprint:
- Open question: Should whitelisted users be able to decrypt secrets even if they don't have proper Barbican roles?
- KMIP MKEK plugin spec https://review.openstack.org/#/c/148948 [tkelsey]
- January 19, 2015
- Barbican Mid-Cycle
- Vancouver Summit
- January 12, 2015
- Castellan progress [redrobot/rm_work]
- KMIPSecretStore HSM connection certificates [tkelsey]
- Request for reviews on https://review.openstack.org/#/c/135217/
- Chance to answer any questions
- Blueprints:
- Quota support: Should we restrict scope? ...So no driver support, no class support?
- Per-secret RBAC: Whitelist only vs logical expressions? GET list by project-ID or by resources I can GET?
- January 5, 2015
- Kilo 1 Released [redrobot]
- Quota BP [redrobot]
- Insights on https://bugs.launchpad.net/barbican/+bug/1376469 [jaosorior]
- Status of essential blueprints
- December 15, 2014
- Barbican Mid-Cycle [redrobot]
- December 8, 2014
- Integration Docs [redrobot]
- Bugs [redrobot]
- Castellan [redrobot]
- Content types [rellerreller]
- Any feedback on etherpad page, https://etherpad.openstack.org/p/barbican-formats-discussion?
- December 1, 2014
- Consider video conference to discuss and hopefully land our many outstanding blueprints
- November 24, 2014
- Validation for Typed Container data (Certificates, etc) [rm_work]
- Castellan scope: include CertMgr / ContainerMgr support? [rm_work]
- Content type
- November 17, 2014
- RFC 7030
- See Ade's notes - https://etherpad.openstack.org/p/thoughts_on_certs
- New Key Manager library (Castellan)
- RFC 7030
- November 10, 2014
- New Core Reviewers
- RFC 7030
- October 27, 2014
- Kilo Design Sessions
- Atalla ESKM Plugin
- Barbican T-Shirts
- October 6, 2014
- Kilo development is open
- Sep 29, 2014
- Juno RC1
- CR https://review.openstack.org/#/c/110817/ review and merge before Juno final?
- Kilo Design Sessions
- Juno RC1
- Sep 22, 2014
- (woodster) Added 'How should we handle content type for secrets' block to Kilo design discussion etherpad.
- Sep 15, 2014
- jenkins.cloudkeep.io
- Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata
- API Stability
- Documentation sync up with new API
- (woodster) Juno roadmap addition: Refactor Barbican python client to use new Keystone auth components
- (woodster) Various additions made to the Kilo design etherpad.
- Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.
- Sep 8, 2014
- Kilo Design Sessions
- Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap
- Sep 1, 2014
- Kilo Design Sessions
- Aug 25, 2014
- CR Sizes (jvrbanac)
- String interpolation in debug logging (redrobot, rellerreller)
- Python 3 support (rellerreller)
- Aug 18, 2014
- Juno Home Stretch (woodster)
- Aug 11, 2014
- Barbican Integration
- Barbican as a Keystone service
- Aug 4, 2014
- #openstack-barbican on eavesdrop
- July 28, 2014
- Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.
- Kilo conference presentation submissions
- July 21, 2014
- (redrobot) Expiring Launchpad BPs after 5 days
- July 14, 2014
- barbican-core nominations vote count
- can we plan better to make such change https://review.openstack.org/#/c/103431?
- python-barbicanclient release schedule
- June 30, 2014
- Mid-cycle meetup next week
- Keystone events blueprint
- (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)
- June 23, 2014
- Mid-cycle meetup in two weeks.
- June 16, 2014
- Mid-cycle meetup
- June 9, 2014
- barbican-specs repo
- juno-1 release coming up
- mid-cycle meetup
- https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)
- https://review.openstack.org/#/c/97844/ (is it merge ready?)
- https://review.openstack.org/#/c/98174 (is it merge ready?)
- Testing code pattern
- Any progress on eventing system (atiwari).
- Can tenant_id removal from uri deserve v2 api version(atiwari).
- June 2, 2014
- Hacking enabled on pep8 gate
- New barbican-specs repository
- Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types
- New field "meta of type JsonBlob" and "container_id of type String"
- Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican
- Comments, Suggestions or disagreement?
- May 5, 2014
- https://review.openstack.org/#/c/82189/ (is it merge ready?)
- https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)
- https://review.openstack.org/#/c/81310/ (review required- Adding target support for policy enforcement.)
- https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)
- The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system.
- Can we get an update or talk about this in today's meeting.
- April 28, 2014
- Action items:
- all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter
- all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/
- core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit
- Action items:
- April 7, 2014
Meeting organizers
- Publish the agenda 24h in advance
- Mail the agenda to the list and invite participants
- Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item: . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action
- Use http://meetbot.debian.net/Manual.html to get an automatic summary
- Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)
- Record decisions and commitments; review in the next meeting