Jump to: navigation, search

Difference between revisions of "Meetings/Barbican"

m (Agenda)
(Weekly Barbican Meeting)
 
(128 intermediate revisions by 10 users not shown)
Line 2: Line 2:
 
= Weekly Barbican Meeting =
 
= Weekly Barbican Meeting =
  
The [https://wiki.openstack.org/wiki/Barbican Barbican] project team holds a weekly team meeting in <code><nowiki>#openstack-meeting-alt</nowiki></code>:
+
The [https://wiki.openstack.org/wiki/Barbican Barbican] project team holds a [https://meetings.opendev.org/#Barbican_Meeting weekly team meeting] in <code><nowiki>#openstack-barbican</nowiki></code>:
  
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]
+
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?hour=15&min=00&sec=0 1500 UTC]
 
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican
 
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican
 
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].
 
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].
* Chair (to contact for more information): redrobot (#openstack-barbican @ Freenode)
+
* Chair (to contact for more information): xek (#openstack-barbican @ OFTC IRC)
  
 
== Agenda ==
 
== Agenda ==
* Apr 18, 2016
 
** Candidate for backport to stable/mitaka ?
 
*** https://review.openstack.org/#/c/304335/ (panatl)
 
*** https://review.openstack.org/#/c/303648/ (arunkant)
 
** Should creator be allowed to delete related barbican resources?
 
*** Cinder allows create/delete as long as user has a role on that project. https://github.com/openstack/cinder/blob/master/etc/cinder/policy.json#L9
 
**** Should we assign creator or admin role for cinder user to mange barbican resources ?
 
  
 +
The weekly meeting agenda can be found/edited here: https://etherpad.openstack.org/p/barbican-weekly-meeting
  
 
+
Past meeting agenda archives can be found here: [[Barbican/Archive/Agenda|Archived Agenda]]
* Apr 11, 2016
 
** Blueprints for Newton
 
*** Blueprint for Deployer Secret Metadata (diazjf)
 
**** https://review.openstack.org/#/c/301310/
 
*** Blueprint for HSM fail safe (diazjf)
 
**** https://review.openstack.org/#/c/301997/
 
 
 
* Mar 28, 2016
 
** RC2
 
*** https://bugs.launchpad.net/barbican/+bug/1562091
 
** Secret User Metadata Quotas
 
*** Project Quotas vs. Secret Quotas
 
** Bug: Incorrect Error Code when Passing Accept Header on a Secret GET
 
*** https://bugs.launchpad.net/barbican/+bug/1561701
 
 
 
* Feb 29, 2016
 
** Code Freeze, burr! (diazjf)
 
*** https://etherpad.openstack.org/p/barbican-m-spec-crs
 
** Castellan releases (kfarr)
 
 
 
* Feb 22, 2016
 
** Chair: diazjf
 
** Fernando Diaz added to core team (redrobot)
 
*** http://lists.openstack.org/pipermail/openstack-dev/2016-February/087159.html
 
** Barbican CLI revamp (silos)
 
***https://etherpad.openstack.org/p/barbican-client-v2
 
 
 
* Feb 15, 2016
 
** Go over keystone middleware in Credential Factory (diazjf)
 
*** https://review.openstack.org/#/c/273863/11/castellan/common/utils.py
 
** pycryptodome (redrobot)
 
** Fernando Diaz for Core (rerdrobot)
 
*** http://lists.openstack.org/pipermail/openstack-dev/2016-February/086581.html
 
** Volunteer meeting chair for next week
 
** Barbican client cliff bug (silos)
 
***https://bugs.launchpad.net/python-barbicanclient/+bug/1504646
 
 
 
* Feb 8, 2016
 
** Public, internal barbican endpoints issue with single host setting in barbican config (arunkant)
 
*** https://github.com/openstack/barbican/blob/master/barbican/common/utils.py#L58
 
** Setup a Barbican Guild meeting (diazjf)
 
** KMIP Key Manager for Castellan (silos)
 
***https://review.openstack.org/#/c/246546/
 
** Required configuration options without a default value (rellerreller)
 
*** Is that allowed?
 
*** https://review.openstack.org/#/c/273863/
 
 
 
* Feb 1, 2016
 
** Discuss Castellan Credential Object Patches (diazjf)
 
*** https://review.openstack.org/#/c/270602/
 
** Setup Google Hangout meetings(diazjf)
 
*** BYOK Castellan implementation
 
*** Barbican Puppet
 
 
 
* Jan 25, 2016
 
** checkout BYOK spec (diazjf)
 
***https://review.openstack.org/#/c/271517/
 
 
 
* Jan 18, 2016
 
** discuss cron job database cleanup (edtubill)
 
*** talk about database constraints
 
*** set up hangout
 
 
 
* Jan 4, 2016
 
** Happy New Year!
 
** Quickly go over updated Castellan multiple keystone auth blueprint
 
*** https://review.openstack.org/#/c/241068/
 
** puppet modules for Barbican
 
*** https://review.openstack.org/#/c/258851/
 
*** review coming for puppet+ gunicorn + keystone
 
*** need help with apache/mod_wsgi
 
 
 
* Dec 21, 2015
 
** Questions about steps to integrate Barbican with DevStack (kfarr)
 
 
 
* Dec 14, 2015
 
** Barbican SAML authentication (diazjf)
 
*** https://review.openstack.org/#/c/241068/
 
** Add PUT support for generic container types (ting wang)
 
*** https://review.openstack.org/#/c/207249/
 
** Add barbican-manage command  (jhfeng)
 
*** https://review.openstack.org/#/c/253719/
 
 
 
* Nov 30, 2015
 
** chair: rellerreller
 
** Mitaka-1 milestone
 
*** kfarr will be handling the release this week
 
** Castellan logging options (elmiko)
 
** Castellan integration testing (elmiko)
 
 
 
* Nov 23, 2015
 
** chair: rellerreller
 
** Castellan improvements (elmiko)
 
*** auto-discovery of barbican endpoint
 
*** auth detection from context object
 
 
 
* Nov 16, 2015
 
** Barbican Federation Use-Cases Detailed Overview
 
** Castellan Authentication compatibility for Swift
 
*** https://etherpad.openstack.org/p/swifjt-keymaster-with-castellan
 
** Barbican garbage collector
 
** Creating a castellan-specs github (silos)
 
 
 
* Nov 9, 2015
 
** Summit Recap
 
** redrobot is getting married at the end of November! :D 
 
***We'll need a substitute meeting chair for the Nov 23 and 30.
 
** Federation Use Cases (edtubill, diazjf, silos)
 
 
 
* Nov 2, 2015
 
** Cancelled due to Summit
 
 
 
* October 26, 2015
 
** Cancelled due to Summit
 
 
 
* October 19, 2015
 
** chair: dave-mccowan
 
** Review design summit etherpad votes.
 
 
 
* October 12, 2015
 
** Cross project liasions
 
** py34 update (dave)
 
 
 
* October 5, 2015
 
** Liberty RC2
 
** Mitaka Blueprints
 
** Tokyo Summit
 
 
 
* September 28, 2015
 
** (woodster) What about changing our gates to populate database with Alembic migrations, instead of from SQLAlchemy models directly?
 
 
 
* September 21, 2015
 
** (arunkant) Barbicanclient failures on neutron test gate: http://logs.openstack.org/43/208343/15/check/gate-tempest-dsvm-neutron-src-python-barbicanclient/9193018/
 
 
 
* September 14, 2015
 
** Review Dave's core nomination: http://lists.openstack.org/pipermail/openstack-dev/2015-September/073866.html
 
** Federated Barbican Update (silos)
 
 
 
* September 7, 2015
 
** No meeting.  Happy Labor day to contributors in the US.
 
 
 
* August 31, 2015
 
** Test framework - We're currently using both nosetest and testtools.  Can we consolidate to one of them?
 
** Merge requirements continued
 
** Quotas Blueprint targeting Liberty-3.  Update.
 
** /v2/orders
 
** Castellan: https://review.openstack.org/#/c/208569/ Last patch needed before a release (kfarr)
 
** (woodster) Don't forget about the ACL blueprints, esp. this one: https://review.openstack.org/#/c/208343
 
 
 
* August 24, 2015
 
** Merge Requirements - I think it's time we start merging after two +2 reviews by a core reviewer.  (redrobot)
 
** Tokyo Session Requirements (red robot)
 
 
 
* August 17, 2015
 
** Adding certificate_manager namespace to Castellan (rm_work)
 
** Federated Barbican (silos)
 
** Defect/issue template - https://etherpad.openstack.org/p/barbican-bug-report-template (hockeynut)
 
** super-user rule in policy.json (dave-mccowan)
 
** quotas blueprint update (dave-mccowan)
 
 
 
* August 3, 2015
 
** Multiple KMIP Blueprint - https://review.openstack.org/#/c/194298/ (silos)
 
** Castellan merge requests (kfarr)
 
 
 
* July 27, 2015
 
** V2 and Orders (jmvrbanac)
 
** stable/kilo tests are failing (jaosorior)
 
** Barbican Openstack CLI plugin (jaosorior)
 
** Castellan
 
*** release schedules (elmiko)
 
*** patches need merging
 
 
 
* July 20, 2015
 
** Magnum integration
 
** Resource Quotas
 
*** Design Discussion: https://review.openstack.org/203678
 
*** Code review for first commit (config, controller, validator) https://review.openstack.org/198764
 
** Brief discussion regarding default policy settings and ability of secret creators to manage their secrets (https://bugs.launchpad.net/barbican/+bug/1475962)
 
 
 
* July 13, 2015
 
** Magnum integration
 
** CAs blueprint
 
*** http://specs.openstack.org/openstack/barbican-specs/specs/liberty/add-cas.html
 
** copy constructor for secrets and containers, report back from api-wg discussions (elmiko)
 
*** https://review.openstack.org/#/c/127823/
 
 
 
* July 6, 2015
 
** Update on Quota Support blueprint (dave-mccowan)
 
** ACL client implementation (chellygel)
 
** Let's discuss the fifth 'acl-user' role needed for Barbican:
 
*** Ugh, I noticed we did discuss this on May 4th with an etherpad [https://etherpad.openstack.org/p/barbican-acl-read-only-user-discussion here].
 
*** However, I think we got off track talking about lists of secrets...
 
*** So I think the outcome of this discussion should just be a blueprint or paper-cut to add this new role and associated testing for it. I favor blueprint as we could also see a sample of the API doc mods needed.
 
 
 
* June 29, 2015
 
** Magnum integration
 
** Why are we still testing the python-barbicanclient with py26
 
** Dogtag gate as voting
 
 
 
* June 8, 2015
 
** Mid-Cycle RSVP (red robot)
 
 
 
* June 1, 2015
 
** Vancouver Summit Recap (redrobot)
 
** Mid-Cycle (red robot)
 
 
 
* May 11, 2015
 
** (arunkant) Proposed ACL API changes as per [https://review.openstack.org/#/c/178479/5/doc/source/api/quickstart/acls.rst,cm ACL docs review] comments on line #237
 
** (dave-mccowan) Heads-up: adding run-as-user support to functional tests.  You local keystone deployment will need new users and roles installed to run functional tests.
 
 
 
* May 4, 2015
 
** (woodster) Let's [https://etherpad.openstack.org/p/barbican-acl-read-only-user-discussion discuss and fine-tune the 'read-only' ACL user'] a little bit
 
 
 
* April 20, 2015
 
** (redrobot) Kilo-RC1
 
** (woodster) What approved or drafting blueprints do we want to bring over to Liberty?
 
** (redrobot) Bug: https://bugs.launchpad.net/barbican/+bug/1446266
 
 
 
* April 13, 2015
 
** (redrobot) Vancouver Design Summit. See this Liberty design session topics wiki page [https://etherpad.openstack.org/p/barbican-L-design-sessions here].
 
** (redrobot) Additional role for per-secret ACL. Current policy is available [https://github.com/openstack/barbican/blob/master/etc/barbican/policy.json here].
 
 
 
* April 6, 2015
 
** (woodster) Barbican Python client and expected sensitivity to additional response key/values returned. See notes on [https://review.openstack.org/#/c/169481 this CR]
 
** (redrobot) Juno to Kilo DB migration
 
** (redrobot) Content-Type and payload_content_type combinations
 
 
 
* March 30, 2015
 
** Flagging things for deprecation. (jvrbanac)
 
** Logging in Barbican (jvrbanac)
 
** Castellan Initial Release (redrobot)
 
 
 
* March 23, 2015
 
** Review comment around storing acl users as comma separated values vs separate table. [https://review.openstack.org/#/c/164334/9/barbican/model/models.py,cm Review Link]  (arunkant)
 
** How to integrate Castellan with Openstack service (arunkant)
 
*** Related: Castellan release and how to update Castellan resources, i.e. bug tracker (kfarr)
 
 
 
* March 16, 2015
 
** Functional testing
 
** Assert parameter order
 
 
 
* March 2, 2015
 
** 100% code coverage options: break packages into 'paper cut' bugs maybe?
 
 
 
* February 23, 2015
 
** Mid-cycle recap
 
*** https://etherpad.openstack.org/p/barbican-kilo-sprint
 
*** Ade: Wrap profiles around CMC to pass to CA to track product type
 
*** Ade: Additional CR for Identify CA migration scripts (2 others in review)
 
*** Ade: BarbicanMetadata table
 
*** Dave: Certificate Order metadata change API parameter from container ref -> secret ref validation.
 
*** tsv: Quotas BP
 
*** woodster: reach out to Jarret about hard deletes for compliance concerns.
 
*** woodster: Order sub-status
 
*** New gates
 
** Road to Liberty summit
 
*** https://etherpad.openstack.org/p/barbican-L-design-sessions
 
 
 
* February 9, 2015
 
** Update on Swift integration with KeyManager, if/when moving to Castellan
 
** A note about Barbican packaging effort underway
 
** L-Summit space requirements
 
 
 
* February 2, 2015
 
** Kilo 2
 
** [https://review.openstack.org/#/c/132091 Quota Support blueprint]:
 
*** Open question: Admin endpoint (9312) vs service admin thats allowed to set quotas on any project it wishes to?
 
** Castellan project
 
*** Which openstack services are driving? What is the timeline for Castellan availability and services started using it.
 
** Just a note: L design session etherpad is available [https://etherpad.openstack.org/p/barbican-L-design-sessions here].
 
** Migration scripts are not being ran (according to the bugs that I've found) up to which revision should we keep(support)? [jaosorior]
 
*** https://bugs.launchpad.net/barbican/+bug/1376902 [jaosorior]
 
*** This bug also relates to plugin validation which has been [https://etherpad.openstack.org/p/barbican-validation-options discussed in the past] but not otherwise acted upon.
 
** A note about Barbican packaging effort underway
 
 
 
* January 26, 2015
 
** KMIP MKEK plugin spec https://review.openstack.org/#/c/148948 [tkelsey]
 
*** Discussion over the creation of a new plugin vs updating KMIPSecretStore
 
*** Discussion over Incompatible pluggin versioning (if we decide not to make a second plugin)
 
** [https://review.openstack.org/#/c/145073 Content types blueprint]:
 
*** Seems very close...what questions still need to be answered?
 
** [https://review.openstack.org/#/c/127353 Per Secret Policy blueprint]:
 
*** Open question: Should whitelisted users be able to decrypt secrets even if they don't have proper Barbican roles?
 
 
 
* January 19, 2015
 
** Barbican Mid-Cycle
 
*** https://etherpad.openstack.org/p/barbican-kilo-sprint
 
** Vancouver Summit
 
* January 12, 2015
 
** Castellan progress [redrobot/rm_work]
 
** KMIPSecretStore HSM connection certificates [tkelsey]
 
*** Request for reviews on https://review.openstack.org/#/c/135217/
 
*** Chance to answer any questions
 
** Blueprints:
 
*** Quota support: Should we restrict scope? ...So no driver support, no class support?
 
*** Per-secret RBAC: Whitelist only vs logical expressions? GET list by project-ID or by resources I can GET?
 
 
 
* January 5, 2015
 
** Kilo 1 Released [redrobot]
 
** Quota BP [redrobot]
 
** Insights on https://bugs.launchpad.net/barbican/+bug/1376469 [jaosorior]
 
** Status of essential blueprints
 
 
 
* December 15, 2014
 
** Barbican Mid-Cycle [redrobot]
 
 
 
* December 8, 2014
 
** Integration Docs [redrobot]
 
** Bugs [redrobot]
 
** Castellan [redrobot]
 
** Content types [rellerreller]
 
*** Any feedback on etherpad page, https://etherpad.openstack.org/p/barbican-formats-discussion?
 
 
 
* December 1, 2014
 
** Consider video conference to discuss and hopefully land our many outstanding blueprints
 
 
 
* November 24, 2014
 
** Validation for Typed Container data (Certificates, etc) [rm_work]
 
** Castellan scope: include CertMgr / ContainerMgr support? [rm_work]
 
** Content type
 
 
 
* November 17, 2014
 
** RFC 7030
 
*** See Ade's notes - https://etherpad.openstack.org/p/thoughts_on_certs
 
** New Key Manager library (Castellan)
 
 
 
* November 10, 2014
 
** New Core Reviewers
 
** RFC 7030
 
 
 
* October 27, 2014
 
** Kilo Design Sessions
 
** Atalla ESKM Plugin
 
** Barbican T-Shirts
 
 
 
* October 6, 2014
 
** Kilo development is open
 
*** https://review.openstack.org/#/c/125678/
 
 
 
* Sep 29, 2014
 
** Juno RC1
 
*** CR https://review.openstack.org/#/c/110817/ review and merge before Juno final?
 
** Kilo Design Sessions
 
 
 
* Sep 22, 2014
 
** (woodster) Added 'How should we handle content type for secrets' block to [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design discussion etherpad].
 
 
 
* Sep 15, 2014
 
** jenkins.cloudkeep.io
 
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata
 
** API Stability
 
** Documentation sync up with new API
 
** (woodster) [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components
 
** (woodster) Various additions made to the [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design etherpad].
 
** Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.
 
 
 
* Sep 8, 2014
 
** Kilo Design Sessions
 
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap
 
 
 
* Sep 1, 2014
 
** Kilo Design Sessions
 
 
 
* Aug 25, 2014
 
** CR Sizes (jvrbanac)
 
** String interpolation in debug logging (redrobot, rellerreller)
 
** Python 3 support (rellerrellera)
 
 
 
* Aug 18, 2014
 
** Juno Home Stretch (woodsier)
 
 
 
* Aug 11, 2014
 
** [[Barbican/Integration|Barbican Integration]]  
 
** Barbican as a Keystone service
 
 
 
* Aug 4, 2014
 
** #openstack-barbican on eavesdrop
 
 
 
* July 28, 2014
 
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.
 
** Kilo conference presentation submissions
 
 
 
* July 21, 2014
 
** (redrobot) Expiring Launchpad BPs after 5 days
 
 
 
* July 14, 2014
 
** barbican-core nominations vote count
 
** can we plan better to make such change  https://review.openstack.org/#/c/103431?
 
** python-barbicanclient release schedule
 
 
 
* June 30, 2014
 
** Mid-cycle meetup next week
 
** Keystone events blueprint
 
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)
 
 
 
* June 23, 2014
 
** Mid-cycle meetup in two weeks.
 
 
 
* June 16, 2014
 
** Mid-cycle meetup
 
 
 
* June 9, 2014
 
** barbican-specs repo
 
** juno-1 release coming up
 
** mid-cycle meetup
 
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)
 
** https://review.openstack.org/#/c/97844/ (is it merge ready?)
 
** https://review.openstack.org/#/c/98174 (is it merge ready?)
 
** Testing code pattern
 
** Any progress on eventing system (atiwari).
 
** Can tenant_id removal from uri deserve v2 api version(atiwari).
 
 
 
* June 2, 2014
 
** Hacking enabled on pep8 gate
 
** New barbican-specs repository
 
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types
 
*** New field "meta of type JsonBlob" and "container_id of type String"
 
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican
 
*** Comments, Suggestions or disagreement?
 
 
 
* May 5, 2014
 
** https://review.openstack.org/#/c/82189/ (is it merge ready?)
 
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)
 
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)
 
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)
 
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system.
 
**Can we get an update or talk about this in today's meeting.
 
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server
 
 
 
* April 28, 2014
 
** Action items:
 
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter
 
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/
 
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit
 
 
 
* April 7, 2014
 
** malini - update on Secuirty Guide documentation
 
** alee_/atiwari - Crypto plugin changes
 
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]
 
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?
 
  
 
== Meeting organizers ==
 
== Meeting organizers ==

Latest revision as of 14:55, 2 January 2024

Weekly Barbican Meeting

The Barbican project team holds a weekly team meeting in #openstack-barbican:

Agenda

The weekly meeting agenda can be found/edited here: https://etherpad.openstack.org/p/barbican-weekly-meeting

Past meeting agenda archives can be found here: Archived Agenda

Meeting organizers

Retrieved from "https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&oldid=184088"