Jump to: navigation, search

Difference between revisions of "Meetings/Barbican"

(Updated per previous discussion)
(Modified the desired outcome of discussion about the acl-user role)
Line 14: Line 14:
 
*** Ugh, I noticed we did discuss this on May 4th with an etherpad [https://etherpad.openstack.org/p/barbican-acl-read-only-user-discussion here].
 
*** Ugh, I noticed we did discuss this on May 4th with an etherpad [https://etherpad.openstack.org/p/barbican-acl-read-only-user-discussion here].
 
*** However, I think we got off track talking about lists of secrets...
 
*** However, I think we got off track talking about lists of secrets...
*** So I think the outcome of this discussion should just be a paper-cut to add this new role and associated testing for it.
+
*** So I think the outcome of this discussion should just be a blueprint or paper-cut to add this new role and associated testing for it. I favor blueprint as we could also see a sample of the API doc mods needed.
 
* June 29, 2015
 
* June 29, 2015
 
** Why are we still testing the python-barbicanclient with py26
 
** Why are we still testing the python-barbicanclient with py26

Revision as of 21:00, 1 July 2015

Weekly Barbican Meeting

The Barbican project team holds a weekly team meeting in #openstack-meeting-alt:

Agenda

  • July 6, 2015
    • Let's discuss the fifth 'acl-user' role needed for Barbican:
      • Ugh, I noticed we did discuss this on May 4th with an etherpad here.
      • However, I think we got off track talking about lists of secrets...
      • So I think the outcome of this discussion should just be a blueprint or paper-cut to add this new role and associated testing for it. I favor blueprint as we could also see a sample of the API doc mods needed.
  • June 29, 2015
    • Why are we still testing the python-barbicanclient with py26
    • Dogtag gate as voting
  • June 8, 2015
    • Mid-Cycle RSVP (redrobot)
  • June 1, 2015
    • Vancouver Summit Recap (redrobot)
    • Mid-Cycle (redrobot)
  • May 11, 2015
    • (arunkant) Proposed ACL API changes as per ACL docs review comments on line #237
    • (dave-mccowan) Heads-up: adding run-as-user support to functional tests. You local keystone deployment will need new users and roles installed to run functional tests.
  • May 4, 2015
  • April 20, 2015
  • April 13, 2015
    • (redrobot) Vancouver Design Summit. See this Liberty design session topics wiki page here.
    • (redrobot) Additional role for per-secret ACL. Current policy is available here.
  • April 6, 2015
    • (woodster) Barbican Python client and expected sensitivity to additional response key/values returned. See notes on this CR
    • (redrobot) Juno to Kilo DB migration
    • (redrobot) Content-Type and payload_content_type combinations
  • March 30, 2015
    • Flagging things for deprecation. (jvrbanac)
    • Logging in Barbican (jvrbanac)
    • Castellan Initial Release (redrobot)
  • March 23, 2015
    • Review comment around storing acl users as comma separated values vs separate table. Review Link (arunkant)
    • How to integrate Castellan with Openstack service (arunkant)
      • Related: Castellan release and how to update Castellan resources, i.e. bug tracker (kfarr)
  • March 16, 2015
    • Functional testing
    • Assert parameter order
  • March 2, 2015
    • 100% code coverage options: break packages into 'paper cut' bugs maybe?
  • February 23, 2015


  • February 9, 2015
    • Update on Swift integration with KeyManager, if/when moving to Castellan
    • A note about Barbican packaging effort underway
    • L-Summit space requirements
  • February 2, 2015
    • Kilo 2
    • Quota Support blueprint:
      • Open question: Admin endpoint (9312) vs service admin thats allowed to set quotas on any project it wishes to?
    • Castellan project
      • Which openstack services are driving? What is the timeline for Castellan availability and services started using it.
    • Just a note: L design session etherpad is available here.
    • Migration scripts are not being ran (according to the bugs that I've found) up to which revision should we keep(support)? [jaosorior]
    • A note about Barbican packaging effort underway
  • January 26, 2015
    • KMIP MKEK plugin spec https://review.openstack.org/#/c/148948 [tkelsey]
      • Discussion over the creation of a new plugin vs updating KMIPSecretStore
      • Discussion over Incompatible pluggin versioning (if we decide not to make a second plugin)
    • Content types blueprint:
      • Seems very close...what questions still need to be answered?
    • Per Secret Policy blueprint:
      • Open question: Should whitelisted users be able to decrypt secrets even if they don't have proper Barbican roles?
  • January 19, 2015
  • January 12, 2015
    • Castellan progress [redrobot/rm_work]
    • KMIPSecretStore HSM connection certificates [tkelsey]
    • Blueprints:
      • Quota support: Should we restrict scope? ...So no driver support, no class support?
      • Per-secret RBAC: Whitelist only vs logical expressions? GET list by project-ID or by resources I can GET?
  • December 15, 2014
    • Barbican Mid-Cycle [redrobot]
  • December 1, 2014
    • Consider video conference to discuss and hopefully land our many outstanding blueprints
  • November 24, 2014
    • Validation for Typed Container data (Certificates, etc) [rm_work]
    • Castellan scope: include CertMgr / ContainerMgr support? [rm_work]
    • Content type
  • November 10, 2014
    • New Core Reviewers
    • RFC 7030
  • October 27, 2014
    • Kilo Design Sessions
    • Atalla ESKM Plugin
    • Barbican T-Shirts
  • July 21, 2014
    • (redrobot) Expiring Launchpad BPs after 5 days
  • June 23, 2014
    • Mid-cycle meetup in two weeks.
  • June 16, 2014
    • Mid-cycle meetup
  • April 7, 2014
    • malini - update on Secuirty Guide documentation
    • alee_/atiwari - Crypto plugin changes
    • arunkant - Target support in barbican policy enforcement [1]
    • jraim - Support for debug mode start in barbican [2], can be merged?

Meeting organizers