Jump to: navigation, search

Difference between revisions of "Meetings/Barbican"

(Added read-only user discussion topic)
(Weekly Barbican Meeting)
 
(214 intermediate revisions by 24 users not shown)
Line 2: Line 2:
 
= Weekly Barbican Meeting =
 
= Weekly Barbican Meeting =
  
The [https://wiki.openstack.org/wiki/Barbican Barbican] project team holds a weekly team meeting in <code><nowiki>#openstack-meeting-alt</nowiki></code>:
+
The [https://wiki.openstack.org/wiki/Barbican Barbican] project team holds a [https://meetings.opendev.org/#Barbican_Meeting weekly team meeting] in <code><nowiki>#openstack-barbican</nowiki></code>:
  
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]
+
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?hour=15&min=00&sec=0 1500 UTC]
 
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican
 
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican
 
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].
 
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].
* Chair (to contact for more information): redrobot (#openstack-barbican @ Freenode)
+
* Chair (to contact for more information): xek (#openstack-barbican @ OFTC IRC)
  
 
== Agenda ==
 
== Agenda ==
* July 6, 2015
 
** Let's discuss the fifth 'read-only' role needed for Barbican:
 
*** Adam Harwell suggested that we add a 'read-only' role to users must possess to access secrets in Barbican they are on the ACL for
 
*** This would allow admins to remove a user's access to Barbican without having to remove them from Keystone completely
 
*** Soooo...what to name this new role? Is 'read-only' acceptable to everyone? Or instead let's bike shed a bit on that shall we?
 
* June 29, 2015
 
** Why are we still testing the python-barbicanclient with py26
 
** Dogtag gate as voting
 
* June 8, 2015
 
** Mid-Cycle RSVP (redrobot)
 
* June 1, 2015
 
** Vancouver Summit Recap (redrobot)
 
** Mid-Cycle (redrobot)
 
* May 11, 2015
 
** (arunkant) Proposed ACL API changes as per [https://review.openstack.org/#/c/178479/5/doc/source/api/quickstart/acls.rst,cm ACL docs review] comments on line #237
 
** (dave-mccowan) Heads-up: adding run-as-user support to functional tests.  You local keystone deployment will need new users and roles installed to run functional tests.
 
* May 4, 2015
 
** (woodster) Let's [https://etherpad.openstack.org/p/barbican-acl-read-only-user-discussion discuss and fine-tune the 'read-only' ACL user'] a little bit
 
* April 20, 2015
 
** (redrobot) Kilo-RC1
 
** (woodster) What approved or drafting blueprints do we want to bring over to Liberty?
 
** (redrobot) Bug: https://bugs.launchpad.net/barbican/+bug/1446266
 
* April 13, 2015
 
** (redrobot) Vancouver Design Summit. See this Liberty design session topics wiki page [https://etherpad.openstack.org/p/barbican-L-design-sessions here].
 
** (redrobot) Additional role for per-secret ACL. Current policy is available [https://github.com/openstack/barbican/blob/master/etc/barbican/policy.json here].
 
* April 6, 2015
 
** (woodster) Barbican Python client and expected sensitivity to additional response key/values returned. See notes on [https://review.openstack.org/#/c/169481 this CR]
 
** (redrobot) Juno to Kilo DB migration
 
** (redrobot) Content-Type and payload_content_type combinations
 
* March 30, 2015
 
** Flagging things for deprecation. (jvrbanac)
 
** Logging in Barbican (jvrbanac)
 
** Castellan Initial Release (redrobot)
 
* March 23, 2015
 
** Review comment around storing acl users as comma separated values vs separate table. [https://review.openstack.org/#/c/164334/9/barbican/model/models.py,cm Review Link]  (arunkant)
 
** How to integrate Castellan with Openstack service (arunkant)
 
*** Related: Castellan release and how to update Castellan resources, i.e. bug tracker (kfarr)
 
* March 16, 2015
 
** Functional testing
 
** Assert parameter order
 
  
* March 2, 2015
+
The weekly meeting agenda can be found/edited here: https://etherpad.openstack.org/p/barbican-weekly-meeting
** 100% code coverage options: break packages into 'paper cut' bugs maybe?
 
  
* February 23, 2015
+
Past meeting agenda archives can be found here: [[Barbican/Archive/Agenda|Archived Agenda]]
** Mid-cycle recap
 
*** https://etherpad.openstack.org/p/barbican-kilo-sprint
 
*** Ade: Wrap profiles around CMC to pass to CA to track product type
 
*** Ade: Additional CR for Identify CA migration scripts (2 others in review)
 
*** Ade: BarbicanMetadata table
 
*** Dave: Certificate Order metadata change API parameter from container ref -> secret ref validation.
 
*** tsv: Quotas BP
 
*** woodster: reach out to Jarret about hard deletes for compliance concerns.
 
*** woodster: Order sub-status
 
*** New gates
 
** Road to Liberty summit
 
*** https://etherpad.openstack.org/p/barbican-L-design-sessions
 
 
 
 
 
* February 9, 2015
 
** Update on Swift integration with KeyManager, if/when moving to Castellan
 
** A note about Barbican packaging effort underway
 
** L-Summit space requirements
 
 
 
* February 2, 2015
 
** Kilo 2
 
** [https://review.openstack.org/#/c/132091 Quota Support blueprint]:
 
*** Open question: Admin endpoint (9312) vs service admin thats allowed to set quotas on any project it wishes to?
 
** Castellan project
 
*** Which openstack services are driving? What is the timeline for Castellan availability and services started using it.
 
** Just a note: L design session etherpad is available [https://etherpad.openstack.org/p/barbican-L-design-sessions here].
 
** Migration scripts are not being ran (according to the bugs that I've found) up to which revision should we keep(support)? [jaosorior]
 
*** https://bugs.launchpad.net/barbican/+bug/1376902 [jaosorior]
 
*** This bug also relates to plugin validation which has been [https://etherpad.openstack.org/p/barbican-validation-options discussed in the past] but not otherwise acted upon.
 
** A note about Barbican packaging effort underway
 
 
 
* January 26, 2015
 
** KMIP MKEK plugin spec https://review.openstack.org/#/c/148948 [tkelsey]
 
*** Discussion over the creation of a new plugin vs updating KMIPSecretStore
 
*** Discussion over Incompatible pluggin versioning (if we decide not to make a second plugin)
 
** [https://review.openstack.org/#/c/145073 Content types blueprint]:
 
*** Seems very close...what questions still need to be answered?
 
** [https://review.openstack.org/#/c/127353 Per Secret Policy blueprint]:
 
*** Open question: Should whitelisted users be able to decrypt secrets even if they don't have proper Barbican roles?
 
 
 
* January 19, 2015
 
** Barbican Mid-Cycle
 
*** https://etherpad.openstack.org/p/barbican-kilo-sprint
 
** Vancouver Summit
 
* January 12, 2015
 
** Castellan progress [redrobot/rm_work]
 
** KMIPSecretStore HSM connection certificates [tkelsey]
 
*** Request for reviews on https://review.openstack.org/#/c/135217/
 
*** Chance to answer any questions
 
** Blueprints:
 
*** Quota support: Should we restrict scope? ...So no driver support, no class support?
 
*** Per-secret RBAC: Whitelist only vs logical expressions? GET list by project-ID or by resources I can GET?
 
 
 
* January 5, 2015
 
** Kilo 1 Released [redrobot]
 
** Quota BP [redrobot]
 
** Insights on https://bugs.launchpad.net/barbican/+bug/1376469 [jaosorior]
 
** Status of essential blueprints
 
 
 
* December 15, 2014
 
** Barbican Mid-Cycle [redrobot]
 
 
 
* December 8, 2014
 
** Integration Docs [redrobot]
 
** Bugs [redrobot]
 
** Castellan [redrobot]
 
** Content types [rellerreller]
 
*** Any feedback on etherpad page, https://etherpad.openstack.org/p/barbican-formats-discussion?
 
 
 
* December 1, 2014
 
** Consider video conference to discuss and hopefully land our many outstanding blueprints
 
 
 
* November 24, 2014
 
** Validation for Typed Container data (Certificates, etc) [rm_work]
 
** Castellan scope: include CertMgr / ContainerMgr support? [rm_work]
 
** Content type
 
 
 
* November 17, 2014
 
** RFC 7030
 
*** See Ade's notes - https://etherpad.openstack.org/p/thoughts_on_certs
 
** New Key Manager library (Castellan)
 
 
 
* November 10, 2014
 
** New Core Reviewers
 
** RFC 7030
 
 
 
* October 27, 2014
 
** Kilo Design Sessions
 
** Atalla ESKM Plugin
 
** Barbican T-Shirts
 
 
 
* October 6, 2014
 
** Kilo development is open
 
*** https://review.openstack.org/#/c/125678/
 
 
 
* Sep 29, 2014
 
** Juno RC1
 
*** CR https://review.openstack.org/#/c/110817/ review and merge before Juno final?
 
** Kilo Design Sessions
 
 
 
* Sep 22, 2014
 
** (woodster) Added 'How should we handle content type for secrets' block to [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design discussion etherpad].
 
 
 
* Sep 15, 2014
 
** jenkins.cloudkeep.io
 
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata
 
** API Stability
 
** Documentation sync up with new API
 
** (woodster) [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components
 
** (woodster) Various additions made to the [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design etherpad].
 
** Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.
 
 
 
* Sep 8, 2014
 
** Kilo Design Sessions
 
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap
 
* Sep 1, 2014
 
** Kilo Design Sessions
 
* Aug 25, 2014
 
** CR Sizes (jvrbanac)
 
** String interpolation in debug logging (redrobot, rellerreller)
 
** Python 3 support (rellerreller)
 
* Aug 18, 2014
 
** Juno Home Stretch (woodster)
 
* Aug 11, 2014
 
** [[Barbican/Integration|Barbican Integration]]  
 
** Barbican as a Keystone service
 
* Aug 4, 2014
 
** #openstack-barbican on eavesdrop
 
* July 28, 2014
 
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.
 
** Kilo conference presentation submissions
 
 
 
* July 21, 2014
 
** (redrobot) Expiring Launchpad BPs after 5 days
 
 
 
* July 14, 2014
 
** barbican-core nominations vote count
 
** can we plan better to make such change  https://review.openstack.org/#/c/103431?
 
** python-barbicanclient release schedule
 
 
 
* June 30, 2014
 
** Mid-cycle meetup next week
 
** Keystone events blueprint
 
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)
 
 
 
* June 23, 2014
 
** Mid-cycle meetup in two weeks.
 
 
 
* June 16, 2014
 
** Mid-cycle meetup
 
 
 
* June 9, 2014
 
** barbican-specs repo
 
** juno-1 release coming up
 
** mid-cycle meetup
 
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)
 
** https://review.openstack.org/#/c/97844/ (is it merge ready?)
 
** https://review.openstack.org/#/c/98174 (is it merge ready?)
 
** Testing code pattern
 
** Any progress on eventing system (atiwari).
 
** Can tenant_id removal from uri deserve v2 api version(atiwari).
 
 
 
* June 2, 2014
 
** Hacking enabled on pep8 gate
 
** New barbican-specs repository
 
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types
 
*** New field "meta of type JsonBlob" and "container_id of type String"
 
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican
 
*** Comments, Suggestions or disagreement?
 
 
 
* May 5, 2014
 
** https://review.openstack.org/#/c/82189/ (is it merge ready?)
 
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)
 
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)
 
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)
 
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system.
 
**Can we get an update or talk about this in today's meeting.
 
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server
 
 
 
* April 28, 2014
 
** Action items:
 
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter
 
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/
 
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit
 
 
 
* April 7, 2014
 
** malini - update on Secuirty Guide documentation
 
** alee_/atiwari - Crypto plugin changes
 
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]
 
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?
 
  
 
== Meeting organizers ==
 
== Meeting organizers ==

Latest revision as of 14:55, 2 January 2024

Weekly Barbican Meeting

The Barbican project team holds a weekly team meeting in #openstack-barbican:

Agenda

The weekly meeting agenda can be found/edited here: https://etherpad.openstack.org/p/barbican-weekly-meeting

Past meeting agenda archives can be found here: Archived Agenda

Meeting organizers

Retrieved from "https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&oldid=184088"