Revision as of 20:20, 28 January 2016

Weekly Barbican Meeting

The Barbican project team holds a weekly team meeting in #openstack-meeting-alt:

Weekly on Mondays at 2000 UTC
The blueprints that are used as a basis for the Barbican project can be found at https://blueprints.launchpad.net/barbican
Notes for previous meetings can be found here.
Chair (to contact for more information): redrobot (#openstack-barbican @ Freenode)

Agenda

Feb 1, 2016
- Discuss Castellan Credential Object Patches (diazjf)
- Setup Google Hangout meetings(diazjf)
  - BYOK Castellan implementation
  - Barbican Puppet

Jan 25, 2016
- checkout BYOK spec (diazjf)
  - https://review.openstack.org/#/c/271517/

Jan 18, 2016
- discuss cron job database cleanup (edtubill)
  - talk about database constraints
  - set up hangout

Jan 4, 2016
- Happy New Year!
- Quickly go over updated Castellan multiple keystone auth blueprint
  - https://review.openstack.org/#/c/241068/
- puppet modules for Barbican
  - https://review.openstack.org/#/c/258851/
  - review coming for puppet+ gunicorn + keystone
  - need help with apache/mod_wsgi

Dec 21, 2015
- Questions about steps to integrate Barbican with DevStack (kfarr)

Dec 14, 2015
- Barbican SAML authentication (diazjf)
  - https://review.openstack.org/#/c/241068/
- Add PUT support for generic container types (ting wang)
  - https://review.openstack.org/#/c/207249/
- Add barbican-manage command (jhfeng)
  - https://review.openstack.org/#/c/253719/

Nov 30, 2015
- chair: rellerreller
- Mitaka-1 milestone
  - kfarr will be handling the release this week
- Castellan logging options (elmiko)
- Castellan integration testing (elmiko)

Nov 23, 2015
- chair: rellerreller
- Castellan improvements (elmiko)
  - auto-discovery of barbican endpoint
  - auth detection from context object

Nov 16, 2015
- Barbican Federation Use-Cases Detailed Overview
- Castellan Authentication compatibility for Swift
  - https://etherpad.openstack.org/p/swifjt-keymaster-with-castellan
- Barbican garbage collector
- Creating a castellan-specs github (silos)

Nov 9, 2015
- Summit Recap
- redrobot is getting married at the end of November! :D
  - We'll need a substitute meeting chair for the Nov 23 and 30.
- Federation Use Cases (edtubill, diazjf, silos)

Nov 2, 2015
- Cancelled due to Summit

October 26, 2015
- Cancelled due to Summit

October 19, 2015
- chair: dave-mccowan
- Review design summit etherpad votes.

October 12, 2015
- Cross project liasions
- py34 update (dave)

October 5, 2015
- Liberty RC2
- Mitaka Blueprints
- Tokyo Summit

September 28, 2015
- (woodster) What about changing our gates to populate database with Alembic migrations, instead of from SQLAlchemy models directly?

September 21, 2015
- (arunkant) Barbicanclient failures on neutron test gate: http://logs.openstack.org/43/208343/15/check/gate-tempest-dsvm-neutron-src-python-barbicanclient/9193018/

September 14, 2015
- Review Dave's core nomination: http://lists.openstack.org/pipermail/openstack-dev/2015-September/073866.html
- Federated Barbican Update (silos)

September 7, 2015
- No meeting. Happy Labor day to contributors in the US.

August 31, 2015
- Test framework - We're currently using both nosetest and testtools. Can we consolidate to one of them?
- Merge requirements continued
- Quotas Blueprint targeting Liberty-3. Update.
- /v2/orders
- Castellan: https://review.openstack.org/#/c/208569/ Last patch needed before a release (kfarr)
- (woodster) Don't forget about the ACL blueprints, esp. this one: https://review.openstack.org/#/c/208343

August 24, 2015
- Merge Requirements - I think it's time we start merging after two +2 reviews by a core reviewer. (redrobot)
- Tokyo Session Requirements (red robot)

August 17, 2015
- Adding certificate_manager namespace to Castellan (rm_work)
- Federated Barbican (silos)
- Defect/issue template - https://etherpad.openstack.org/p/barbican-bug-report-template (hockeynut)
- super-user rule in policy.json (dave-mccowan)
- quotas blueprint update (dave-mccowan)

August 3, 2015
- Multiple KMIP Blueprint - https://review.openstack.org/#/c/194298/ (silos)
- Castellan merge requests (kfarr)

July 27, 2015
- V2 and Orders (jmvrbanac)
- stable/kilo tests are failing (jaosorior)
- Barbican Openstack CLI plugin (jaosorior)
- Castellan
  - release schedules (elmiko)
  - patches need merging

July 20, 2015
- Magnum integration
- Resource Quotas
  - Design Discussion: https://review.openstack.org/203678
  - Code review for first commit (config, controller, validator) https://review.openstack.org/198764
- Brief discussion regarding default policy settings and ability of secret creators to manage their secrets (https://bugs.launchpad.net/barbican/+bug/1475962)

July 13, 2015
- Magnum integration
- CAs blueprint
  - http://specs.openstack.org/openstack/barbican-specs/specs/liberty/add-cas.html
- copy constructor for secrets and containers, report back from api-wg discussions (elmiko)
  - https://review.openstack.org/#/c/127823/

July 6, 2015
- Update on Quota Support blueprint (dave-mccowan)
- ACL client implementation (chellygel)
- Let's discuss the fifth 'acl-user' role needed for Barbican:
  - Ugh, I noticed we did discuss this on May 4th with an etherpad here.
  - However, I think we got off track talking about lists of secrets...
  - So I think the outcome of this discussion should just be a blueprint or paper-cut to add this new role and associated testing for it. I favor blueprint as we could also see a sample of the API doc mods needed.

June 29, 2015
- Magnum integration
- Why are we still testing the python-barbicanclient with py26
- Dogtag gate as voting

June 8, 2015
- Mid-Cycle RSVP (red robot)

June 1, 2015
- Vancouver Summit Recap (redrobot)
- Mid-Cycle (red robot)

May 11, 2015
- (arunkant) Proposed ACL API changes as per ACL docs review comments on line #237
- (dave-mccowan) Heads-up: adding run-as-user support to functional tests. You local keystone deployment will need new users and roles installed to run functional tests.

May 4, 2015
- (woodster) Let's discuss and fine-tune the 'read-only' ACL user' a little bit

April 20, 2015
- (redrobot) Kilo-RC1
- (woodster) What approved or drafting blueprints do we want to bring over to Liberty?
- (redrobot) Bug: https://bugs.launchpad.net/barbican/+bug/1446266

April 13, 2015
- (redrobot) Vancouver Design Summit. See this Liberty design session topics wiki page here.
- (redrobot) Additional role for per-secret ACL. Current policy is available here.

April 6, 2015
- (woodster) Barbican Python client and expected sensitivity to additional response key/values returned. See notes on this CR
- (redrobot) Juno to Kilo DB migration
- (redrobot) Content-Type and payload_content_type combinations

March 30, 2015
- Flagging things for deprecation. (jvrbanac)
- Logging in Barbican (jvrbanac)
- Castellan Initial Release (redrobot)

March 23, 2015
- Review comment around storing acl users as comma separated values vs separate table. Review Link (arunkant)
- How to integrate Castellan with Openstack service (arunkant)
  - Related: Castellan release and how to update Castellan resources, i.e. bug tracker (kfarr)

March 16, 2015
- Functional testing
- Assert parameter order

March 2, 2015
- 100% code coverage options: break packages into 'paper cut' bugs maybe?

February 23, 2015
- Mid-cycle recap
  - https://etherpad.openstack.org/p/barbican-kilo-sprint
  - Ade: Wrap profiles around CMC to pass to CA to track product type
  - Ade: Additional CR for Identify CA migration scripts (2 others in review)
  - Ade: BarbicanMetadata table
  - Dave: Certificate Order metadata change API parameter from container ref -> secret ref validation.
  - tsv: Quotas BP
  - woodster: reach out to Jarret about hard deletes for compliance concerns.
  - woodster: Order sub-status
  - New gates
- Road to Liberty summit
  - https://etherpad.openstack.org/p/barbican-L-design-sessions

February 9, 2015
- Update on Swift integration with KeyManager, if/when moving to Castellan
- A note about Barbican packaging effort underway
- L-Summit space requirements

February 2, 2015
- Kilo 2
- Quota Support blueprint:
  - Open question: Admin endpoint (9312) vs service admin thats allowed to set quotas on any project it wishes to?
- Castellan project
  - Which openstack services are driving? What is the timeline for Castellan availability and services started using it.
- Just a note: L design session etherpad is available here.
- Migration scripts are not being ran (according to the bugs that I've found) up to which revision should we keep(support)? [jaosorior]
  - https://bugs.launchpad.net/barbican/+bug/1376902 [jaosorior]
  - This bug also relates to plugin validation which has been discussed in the past but not otherwise acted upon.
- A note about Barbican packaging effort underway

January 26, 2015
- KMIP MKEK plugin spec https://review.openstack.org/#/c/148948 [tkelsey]
  - Discussion over the creation of a new plugin vs updating KMIPSecretStore
  - Discussion over Incompatible pluggin versioning (if we decide not to make a second plugin)
- Content types blueprint:
  - Seems very close...what questions still need to be answered?
- Per Secret Policy blueprint:
  - Open question: Should whitelisted users be able to decrypt secrets even if they don't have proper Barbican roles?

January 19, 2015
- Barbican Mid-Cycle
  - https://etherpad.openstack.org/p/barbican-kilo-sprint
- Vancouver Summit
January 12, 2015
- Castellan progress [redrobot/rm_work]
- KMIPSecretStore HSM connection certificates [tkelsey]
  - Request for reviews on https://review.openstack.org/#/c/135217/
  - Chance to answer any questions
- Blueprints:
  - Quota support: Should we restrict scope? ...So no driver support, no class support?
  - Per-secret RBAC: Whitelist only vs logical expressions? GET list by project-ID or by resources I can GET?

January 5, 2015
- Kilo 1 Released [redrobot]
- Quota BP [redrobot]
- Insights on https://bugs.launchpad.net/barbican/+bug/1376469 [jaosorior]
- Status of essential blueprints

December 15, 2014
- Barbican Mid-Cycle [redrobot]

December 8, 2014
- Integration Docs [redrobot]
- Bugs [redrobot]
- Castellan [redrobot]
- Content types [rellerreller]
  - Any feedback on etherpad page, https://etherpad.openstack.org/p/barbican-formats-discussion?

December 1, 2014
- Consider video conference to discuss and hopefully land our many outstanding blueprints

November 24, 2014
- Validation for Typed Container data (Certificates, etc) [rm_work]
- Castellan scope: include CertMgr / ContainerMgr support? [rm_work]
- Content type

November 17, 2014
- RFC 7030
  - See Ade's notes - https://etherpad.openstack.org/p/thoughts_on_certs
- New Key Manager library (Castellan)

November 10, 2014
- New Core Reviewers
- RFC 7030

October 27, 2014
- Kilo Design Sessions
- Atalla ESKM Plugin
- Barbican T-Shirts

October 6, 2014
- Kilo development is open
  - https://review.openstack.org/#/c/125678/

Sep 29, 2014
- Juno RC1
  - CR https://review.openstack.org/#/c/110817/ review and merge before Juno final?
- Kilo Design Sessions

Sep 22, 2014
- (woodster) Added 'How should we handle content type for secrets' block to Kilo design discussion etherpad.

Sep 15, 2014
- jenkins.cloudkeep.io
- Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata
- API Stability
- Documentation sync up with new API
- (woodster) Juno roadmap addition: Refactor Barbican python client to use new Keystone auth components
- (woodster) Various additions made to the Kilo design etherpad.
- Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.

Sep 8, 2014
- Kilo Design Sessions
- Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap

Sep 1, 2014
- Kilo Design Sessions

Aug 25, 2014
- CR Sizes (jvrbanac)
- String interpolation in debug logging (redrobot, rellerreller)
- Python 3 support (rellerrellera)

Aug 18, 2014
- Juno Home Stretch (woodsier)

Aug 11, 2014
- Barbican Integration
- Barbican as a Keystone service

Aug 4, 2014
- #openstack-barbican on eavesdrop

July 28, 2014
- Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.
- Kilo conference presentation submissions

July 21, 2014
- (redrobot) Expiring Launchpad BPs after 5 days

July 14, 2014
- barbican-core nominations vote count
- can we plan better to make such change https://review.openstack.org/#/c/103431?
- python-barbicanclient release schedule

June 30, 2014
- Mid-cycle meetup next week
- Keystone events blueprint
- (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)

June 23, 2014
- Mid-cycle meetup in two weeks.

June 16, 2014
- Mid-cycle meetup

June 9, 2014
- barbican-specs repo
- juno-1 release coming up
- mid-cycle meetup
- https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)
- https://review.openstack.org/#/c/97844/ (is it merge ready?)
- https://review.openstack.org/#/c/98174 (is it merge ready?)
- Testing code pattern
- Any progress on eventing system (atiwari).
- Can tenant_id removal from uri deserve v2 api version(atiwari).

June 2, 2014
- Hacking enabled on pep8 gate
- New barbican-specs repository
- Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types
  - New field "meta of type JsonBlob" and "container_id of type String"
- Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican
  - Comments, Suggestions or disagreement?

May 5, 2014
- https://review.openstack.org/#/c/82189/ (is it merge ready?)
- https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)
- https://review.openstack.org/#/c/81310/ (review required- Adding target support for policy enforcement.)
- https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)
- The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system.
- Can we get an update or talk about this in today's meeting.
  - https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server

April 28, 2014
- Action items:
  - all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter
  - all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/
  - core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit

April 7, 2014
- malini - update on Secuirty Guide documentation
- alee_/atiwari - Crypto plugin changes
- arunkant - Target support in barbican policy enforcement [1]
- jraim - Support for debug mode start in barbican [2], can be merged?

Meeting organizers

Publish the agenda 24h in advance
Mail the agenda to the list and invite participants
Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item: . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action
Use http://meetbot.debian.net/Manual.html to get an automatic summary
Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)
Record decisions and commitments; review in the next meeting

@@ Line 10: / Line 10: @@
 == Agenda ==
+* Feb 1, 2016
+** Discuss Castellan Credential Object Patches (diazjf)
+** Setup Google Hangout meetings(diazjf)
+*** BYOK Castellan implementation
+*** Barbican Puppet
 * Jan 25, 2016
 ** checkout BYOK spec (diazjf)
 ***https://review.openstack.org/#/c/271517/
 * Jan 18, 2016
 ** discuss cron job database cleanup (edtubill)
 *** talk about database constraints
 *** set up hangout
 * Jan 4, 2016
 ** Happy New Year!
@@ Line 25: / Line 33: @@
 *** review coming for puppet+ gunicorn + keystone
 *** need help with apache/mod_wsgi
 * Dec 21, 2015
 ** Questions about steps to integrate Barbican with DevStack (kfarr)
 * Dec 14, 2015
 ** Barbican SAML authentication (diazjf)
@@ Line 34: / Line 44: @@
 ** Add barbican-manage command  (jhfeng)
 *** https://review.openstack.org/#/c/253719/
 * Nov 30, 2015
 ** chair: rellerreller
@@ Line 40: / Line 51: @@
 ** Castellan logging options (elmiko)
 ** Castellan integration testing (elmiko)
 * Nov 23, 2015
 ** chair: rellerreller
@@ Line 45: / Line 57: @@
 *** auto-discovery of barbican endpoint
 *** auth detection from context object
 * Nov 16, 2015
 ** Barbican Federation Use-Cases Detailed Overview
@@ Line 57: / Line 70: @@
 ***We'll need a substitute meeting chair for the Nov 23 and 30.
 ** Federation Use Cases (edtubill, diazjf, silos)
 * Nov 2, 2015
 ** Cancelled due to Summit
 * October 26, 2015
 ** Cancelled due to Summit
 * October 19, 2015
 ** chair: dave-mccowan
 ** Review design summit etherpad votes.
 * October 12, 2015
 ** Cross project liasions
 ** py34 update (dave)
 * October 5, 2015
 ** Liberty RC2
 ** Mitaka Blueprints
 ** Tokyo Summit
 * September 28, 2015
 ** (woodster) What about changing our gates to populate database with Alembic migrations, instead of from SQLAlchemy models directly?
 * September 21, 2015
 ** (arunkant) Barbicanclient failures on neutron test gate: http://logs.openstack.org/43/208343/15/check/gate-tempest-dsvm-neutron-src-python-barbicanclient/9193018/
 * September 14, 2015
 ** Review Dave's core nomination: http://lists.openstack.org/pipermail/openstack-dev/2015-September/073866.html
 ** Federated Barbican Update (silos)
 * September 7, 2015
 ** No meeting.  Happy Labor day to contributors in the US.
 * August 31, 2015
 ** Test framework - We're currently using both nosetest and testtools.  Can we consolidate to one of them?
@@ Line 87: / Line 110: @@
 ** Castellan: https://review.openstack.org/#/c/208569/ Last patch needed before a release (kfarr)
 ** (woodster) Don't forget about the ACL blueprints, esp. this one: https://review.openstack.org/#/c/208343
 * August 24, 2015
 ** Merge Requirements - I think it's time we start merging after two +2 reviews by a core reviewer.  (redrobot)
-** Tokyo Session Requirements (redrobot)
+** Tokyo Session Requirements (red robot)
 * August 17, 2015
 ** Adding certificate_manager namespace to Castellan (rm_work)
@@ Line 96: / Line 121: @@
 ** super-user rule in policy.json (dave-mccowan)
 ** quotas blueprint update (dave-mccowan)
 * August 3, 2015
 ** Multiple KMIP Blueprint - https://review.openstack.org/#/c/194298/ (silos)
 ** Castellan merge requests (kfarr)
 * July 27, 2015
 ** V2 and Orders (jmvrbanac)
@@ Line 106: / Line 133: @@
 *** release schedules (elmiko)
 *** patches need merging
 * July 20, 2015
 ** Magnum integration
@@ Line 112: / Line 140: @@
 *** Code review for first commit (config, controller, validator) https://review.openstack.org/198764
 ** Brief discussion regarding default policy settings and ability of secret creators to manage their secrets (https://bugs.launchpad.net/barbican/+bug/1475962)
 * July 13, 2015
 ** Magnum integration
@@ Line 118: / Line 147: @@
 ** copy constructor for secrets and containers, report back from api-wg discussions (elmiko)
 *** https://review.openstack.org/#/c/127823/
 * July 6, 2015
 ** Update on Quota Support blueprint (dave-mccowan)
 ** ACL client implementation (chellygel)
@@ Line 128: / Line 155: @@
 *** However, I think we got off track talking about lists of secrets...
 *** So I think the outcome of this discussion should just be a blueprint or paper-cut to add this new role and associated testing for it. I favor blueprint as we could also see a sample of the API doc mods needed.
 * June 29, 2015
 ** Magnum integration
 ** Why are we still testing the python-barbicanclient with py26
 ** Dogtag gate as voting
 * June 8, 2015
-** Mid-Cycle RSVP (redrobot)
+** Mid-Cycle RSVP (red robot)
 * June 1, 2015
 ** Vancouver Summit Recap (redrobot)
-** Mid-Cycle (redrobot)
+** Mid-Cycle (red robot)
 * May 11, 2015
 ** (arunkant) Proposed ACL API changes as per [https://review.openstack.org/#/c/178479/5/doc/source/api/quickstart/acls.rst,cm ACL docs review] comments on line #237
 ** (dave-mccowan) Heads-up: adding run-as-user support to functional tests.  You local keystone deployment will need new users and roles installed to run functional tests.
 * May 4, 2015
 ** (woodster) Let's [https://etherpad.openstack.org/p/barbican-acl-read-only-user-discussion discuss and fine-tune the 'read-only' ACL user'] a little bit
 * April 20, 2015
 ** (redrobot) Kilo-RC1
 ** (woodster) What approved or drafting blueprints do we want to bring over to Liberty?
 ** (redrobot) Bug: https://bugs.launchpad.net/barbican/+bug/1446266
 * April 13, 2015
 ** (redrobot) Vancouver Design Summit. See this Liberty design session topics wiki page [https://etherpad.openstack.org/p/barbican-L-design-sessions here].
 ** (redrobot) Additional role for per-secret ACL. Current policy is available [https://github.com/openstack/barbican/blob/master/etc/barbican/policy.json here].
 * April 6, 2015
 ** (woodster) Barbican Python client and expected sensitivity to additional response key/values returned. See notes on [https://review.openstack.org/#/c/169481 this CR]
 ** (redrobot) Juno to Kilo DB migration
 ** (redrobot) Content-Type and payload_content_type combinations
 * March 30, 2015
 ** Flagging things for deprecation. (jvrbanac)
 ** Logging in Barbican (jvrbanac)
 ** Castellan Initial Release (redrobot)
 * March 23, 2015
 ** Review comment around storing acl users as comma separated values vs separate table. [https://review.openstack.org/#/c/164334/9/barbican/model/models.py,cm Review Link]  (arunkant)
 ** How to integrate Castellan with Openstack service (arunkant)
 *** Related: Castellan release and how to update Castellan resources, i.e. bug tracker (kfarr)
 * March 16, 2015
 ** Functional testing
@@ Line 181: / Line 219: @@
 ** Road to Liberty summit
 *** https://etherpad.openstack.org/p/barbican-L-design-sessions
 * February 9, 2015
@@ Line 284: / Line 321: @@
 ** Kilo Design Sessions
 ** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap
 * Sep 1, 2014
 ** Kilo Design Sessions
 * Aug 25, 2014
 ** CR Sizes (jvrbanac)
 ** String interpolation in debug logging (redrobot, rellerreller)
-** Python 3 support (rellerreller)
+** Python 3 support (rellerrellera)
 * Aug 18, 2014
-** Juno Home Stretch (woodster)
+** Juno Home Stretch (woodsier)
 * Aug 11, 2014
 ** [[Barbican/Integration|Barbican Integration]]
 ** Barbican as a Keystone service
 * Aug 4, 2014
 ** #openstack-barbican on eavesdrop
 * July 28, 2014
 ** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.

Difference between revisions of "Meetings/Barbican"

Revision as of 20:20, 28 January 2016

Weekly Barbican Meeting

Agenda

Meeting organizers