https://wiki.openstack.org/w/index.php?title=Barbican/Archive/Agenda/2015&feed=atom&action=historyBarbican/Archive/Agenda/2015 - Revision history2024-03-29T01:05:00ZRevision history for this page on the wikiMediaWiki 1.28.2https://wiki.openstack.org/w/index.php?title=Barbican/Archive/Agenda/2015&diff=168186&oldid=prevDmend: Created page with " * Dec 21, 2015 ** Questions about steps to integrate Barbican with DevStack (kfarr) * Dec 14, 2015 ** Barbican SAML authentication (diazjf) *** https://review.openstack.org/..."2019-02-05T12:43:59Z<p>Created page with " * Dec 21, 2015 ** Questions about steps to integrate Barbican with DevStack (kfarr) * Dec 14, 2015 ** Barbican SAML authentication (diazjf) *** https://review.openstack.org/..."</p>
<p><b>New page</b></p><div><br />
* Dec 21, 2015<br />
** Questions about steps to integrate Barbican with DevStack (kfarr)<br />
<br />
* Dec 14, 2015<br />
** Barbican SAML authentication (diazjf)<br />
*** https://review.openstack.org/#/c/241068/<br />
** Add PUT support for generic container types (ting wang)<br />
*** https://review.openstack.org/#/c/207249/<br />
** Add barbican-manage command (jhfeng)<br />
*** https://review.openstack.org/#/c/253719/<br />
<br />
* Nov 30, 2015<br />
** chair: rellerreller<br />
** Mitaka-1 milestone<br />
*** kfarr will be handling the release this week<br />
** Castellan logging options (elmiko)<br />
** Castellan integration testing (elmiko)<br />
<br />
* Nov 23, 2015<br />
** chair: rellerreller<br />
** Castellan improvements (elmiko)<br />
*** auto-discovery of barbican endpoint<br />
*** auth detection from context object<br />
<br />
* Nov 16, 2015<br />
** Barbican Federation Use-Cases Detailed Overview<br />
** Castellan Authentication compatibility for Swift<br />
*** https://etherpad.openstack.org/p/swifjt-keymaster-with-castellan<br />
** Barbican garbage collector<br />
** Creating a castellan-specs github (silos)<br />
<br />
* Nov 9, 2015<br />
** Summit Recap<br />
** redrobot is getting married at the end of November! :D <br />
***We'll need a substitute meeting chair for the Nov 23 and 30.<br />
** Federation Use Cases (edtubill, diazjf, silos)<br />
<br />
* Nov 2, 2015<br />
** Cancelled due to Summit<br />
<br />
* October 26, 2015<br />
** Cancelled due to Summit<br />
<br />
* October 19, 2015<br />
** chair: dave-mccowan<br />
** Review design summit etherpad votes.<br />
<br />
* October 12, 2015<br />
** Cross project liasions<br />
** py34 update (dave)<br />
<br />
* October 5, 2015<br />
** Liberty RC2<br />
** Mitaka Blueprints<br />
** Tokyo Summit<br />
<br />
* September 28, 2015<br />
** (woodster) What about changing our gates to populate database with Alembic migrations, instead of from SQLAlchemy models directly?<br />
<br />
* September 21, 2015<br />
** (arunkant) Barbicanclient failures on neutron test gate: http://logs.openstack.org/43/208343/15/check/gate-tempest-dsvm-neutron-src-python-barbicanclient/9193018/<br />
<br />
* September 14, 2015<br />
** Review Dave's core nomination: http://lists.openstack.org/pipermail/openstack-dev/2015-September/073866.html<br />
** Federated Barbican Update (silos)<br />
<br />
* September 7, 2015<br />
** No meeting. Happy Labor day to contributors in the US.<br />
<br />
* August 31, 2015<br />
** Test framework - We're currently using both nosetest and testtools. Can we consolidate to one of them?<br />
** Merge requirements continued<br />
** Quotas Blueprint targeting Liberty-3. Update.<br />
** /v2/orders<br />
** Castellan: https://review.openstack.org/#/c/208569/ Last patch needed before a release (kfarr)<br />
** (woodster) Don't forget about the ACL blueprints, esp. this one: https://review.openstack.org/#/c/208343<br />
<br />
* August 24, 2015<br />
** Merge Requirements - I think it's time we start merging after two +2 reviews by a core reviewer. (redrobot)<br />
** Tokyo Session Requirements (red robot)<br />
<br />
* August 17, 2015<br />
** Adding certificate_manager namespace to Castellan (rm_work)<br />
** Federated Barbican (silos)<br />
** Defect/issue template - https://etherpad.openstack.org/p/barbican-bug-report-template (hockeynut)<br />
** super-user rule in policy.json (dave-mccowan)<br />
** quotas blueprint update (dave-mccowan)<br />
<br />
* August 3, 2015<br />
** Multiple KMIP Blueprint - https://review.openstack.org/#/c/194298/ (silos)<br />
** Castellan merge requests (kfarr)<br />
<br />
* July 27, 2015<br />
** V2 and Orders (jmvrbanac)<br />
** stable/kilo tests are failing (jaosorior)<br />
** Barbican Openstack CLI plugin (jaosorior)<br />
** Castellan<br />
*** release schedules (elmiko)<br />
*** patches need merging<br />
<br />
* July 20, 2015<br />
** Magnum integration<br />
** Resource Quotas<br />
*** Design Discussion: https://review.openstack.org/203678<br />
*** Code review for first commit (config, controller, validator) https://review.openstack.org/198764<br />
** Brief discussion regarding default policy settings and ability of secret creators to manage their secrets (https://bugs.launchpad.net/barbican/+bug/1475962)<br />
<br />
* July 13, 2015<br />
** Magnum integration<br />
** CAs blueprint<br />
*** http://specs.openstack.org/openstack/barbican-specs/specs/liberty/add-cas.html<br />
** copy constructor for secrets and containers, report back from api-wg discussions (elmiko)<br />
*** https://review.openstack.org/#/c/127823/<br />
<br />
* July 6, 2015<br />
** Update on Quota Support blueprint (dave-mccowan)<br />
** ACL client implementation (chellygel)<br />
** Let's discuss the fifth 'acl-user' role needed for Barbican:<br />
*** Ugh, I noticed we did discuss this on May 4th with an etherpad [https://etherpad.openstack.org/p/barbican-acl-read-only-user-discussion here].<br />
*** However, I think we got off track talking about lists of secrets...<br />
*** So I think the outcome of this discussion should just be a blueprint or paper-cut to add this new role and associated testing for it. I favor blueprint as we could also see a sample of the API doc mods needed.<br />
<br />
* June 29, 2015<br />
** Magnum integration<br />
** Why are we still testing the python-barbicanclient with py26<br />
** Dogtag gate as voting<br />
<br />
* June 8, 2015<br />
** Mid-Cycle RSVP (red robot)<br />
<br />
* June 1, 2015<br />
** Vancouver Summit Recap (redrobot)<br />
** Mid-Cycle (red robot)<br />
<br />
* May 11, 2015<br />
** (arunkant) Proposed ACL API changes as per [https://review.openstack.org/#/c/178479/5/doc/source/api/quickstart/acls.rst,cm ACL docs review] comments on line #237<br />
** (dave-mccowan) Heads-up: adding run-as-user support to functional tests. You local keystone deployment will need new users and roles installed to run functional tests.<br />
<br />
* May 4, 2015<br />
** (woodster) Let's [https://etherpad.openstack.org/p/barbican-acl-read-only-user-discussion discuss and fine-tune the 'read-only' ACL user'] a little bit<br />
<br />
* April 20, 2015<br />
** (redrobot) Kilo-RC1<br />
** (woodster) What approved or drafting blueprints do we want to bring over to Liberty?<br />
** (redrobot) Bug: https://bugs.launchpad.net/barbican/+bug/1446266<br />
<br />
* April 13, 2015<br />
** (redrobot) Vancouver Design Summit. See this Liberty design session topics wiki page [https://etherpad.openstack.org/p/barbican-L-design-sessions here].<br />
** (redrobot) Additional role for per-secret ACL. Current policy is available [https://github.com/openstack/barbican/blob/master/etc/barbican/policy.json here]. <br />
<br />
* April 6, 2015<br />
** (woodster) Barbican Python client and expected sensitivity to additional response key/values returned. See notes on [https://review.openstack.org/#/c/169481 this CR]<br />
** (redrobot) Juno to Kilo DB migration<br />
** (redrobot) Content-Type and payload_content_type combinations<br />
<br />
* March 30, 2015<br />
** Flagging things for deprecation. (jvrbanac)<br />
** Logging in Barbican (jvrbanac)<br />
** Castellan Initial Release (redrobot)<br />
<br />
* March 23, 2015<br />
** Review comment around storing acl users as comma separated values vs separate table. [https://review.openstack.org/#/c/164334/9/barbican/model/models.py,cm Review Link] (arunkant)<br />
** How to integrate Castellan with Openstack service (arunkant)<br />
*** Related: Castellan release and how to update Castellan resources, i.e. bug tracker (kfarr)<br />
<br />
* March 16, 2015<br />
** Functional testing<br />
** Assert parameter order<br />
<br />
* March 2, 2015<br />
** 100% code coverage options: break packages into 'paper cut' bugs maybe?<br />
<br />
* February 23, 2015<br />
** Mid-cycle recap<br />
*** https://etherpad.openstack.org/p/barbican-kilo-sprint<br />
*** Ade: Wrap profiles around CMC to pass to CA to track product type<br />
*** Ade: Additional CR for Identify CA migration scripts (2 others in review)<br />
*** Ade: BarbicanMetadata table<br />
*** Dave: Certificate Order metadata change API parameter from container ref -> secret ref validation.<br />
*** tsv: Quotas BP<br />
*** woodster: reach out to Jarret about hard deletes for compliance concerns.<br />
*** woodster: Order sub-status<br />
*** New gates<br />
** Road to Liberty summit<br />
*** https://etherpad.openstack.org/p/barbican-L-design-sessions<br />
<br />
* February 9, 2015<br />
** Update on Swift integration with KeyManager, if/when moving to Castellan<br />
** A note about Barbican packaging effort underway<br />
** L-Summit space requirements<br />
<br />
* February 2, 2015<br />
** Kilo 2<br />
** [https://review.openstack.org/#/c/132091 Quota Support blueprint]:<br />
*** Open question: Admin endpoint (9312) vs service admin thats allowed to set quotas on any project it wishes to?<br />
** Castellan project<br />
*** Which openstack services are driving? What is the timeline for Castellan availability and services started using it.<br />
** Just a note: L design session etherpad is available [https://etherpad.openstack.org/p/barbican-L-design-sessions here].<br />
** Migration scripts are not being ran (according to the bugs that I've found) up to which revision should we keep(support)? [jaosorior]<br />
*** https://bugs.launchpad.net/barbican/+bug/1376902 [jaosorior]<br />
*** This bug also relates to plugin validation which has been [https://etherpad.openstack.org/p/barbican-validation-options discussed in the past] but not otherwise acted upon.<br />
** A note about Barbican packaging effort underway<br />
<br />
* January 26, 2015<br />
** KMIP MKEK plugin spec https://review.openstack.org/#/c/148948 [tkelsey]<br />
*** Discussion over the creation of a new plugin vs updating KMIPSecretStore<br />
*** Discussion over Incompatible pluggin versioning (if we decide not to make a second plugin)<br />
** [https://review.openstack.org/#/c/145073 Content types blueprint]:<br />
*** Seems very close...what questions still need to be answered?<br />
** [https://review.openstack.org/#/c/127353 Per Secret Policy blueprint]:<br />
*** Open question: Should whitelisted users be able to decrypt secrets even if they don't have proper Barbican roles?<br />
<br />
* January 19, 2015<br />
** Barbican Mid-Cycle<br />
*** https://etherpad.openstack.org/p/barbican-kilo-sprint<br />
** Vancouver Summit<br />
* January 12, 2015<br />
** Castellan progress [redrobot/rm_work]<br />
** KMIPSecretStore HSM connection certificates [tkelsey]<br />
*** Request for reviews on https://review.openstack.org/#/c/135217/<br />
*** Chance to answer any questions<br />
** Blueprints:<br />
*** Quota support: Should we restrict scope? ...So no driver support, no class support?<br />
*** Per-secret RBAC: Whitelist only vs logical expressions? GET list by project-ID or by resources I can GET?<br />
<br />
* January 5, 2015<br />
** Kilo 1 Released [redrobot]<br />
** Quota BP [redrobot]<br />
** Insights on https://bugs.launchpad.net/barbican/+bug/1376469 [jaosorior]<br />
** Status of essential blueprints</div>Dmend