| *** altlogbot_2 has quit IRC | 00:46 | |
| *** altlogbot_2 has joined #openstack-barbican | 00:47 | |
| *** moguimar has quit IRC | 03:55 | |
| *** moguimar has joined #openstack-barbican | 03:55 | |
| *** jaosorior has joined #openstack-barbican | 05:32 | |
| *** dpawlik has joined #openstack-barbican | 07:08 | |
| *** trident has quit IRC | 07:16 | |
| *** trident has joined #openstack-barbican | 07:24 | |
| *** ivve has joined #openstack-barbican | 07:36 | |
| *** xek has joined #openstack-barbican | 07:39 | |
| *** jaosorior has quit IRC | 08:16 | |
| *** jaosorior has joined #openstack-barbican | 09:47 | |
| *** dave-mccowan has joined #openstack-barbican | 11:19 | |
| *** raildo has joined #openstack-barbican | 12:02 | |
| *** jaosorior has quit IRC | 12:43 | |
| *** mhen has joined #openstack-barbican | 12:54 | |
| *** jaosorior has joined #openstack-barbican | 12:59 | |
| redrobot | #startmeeting barbican | 13:00 |
|---|---|---|
| openstack | Meeting started Tue Aug 20 13:00:24 2019 UTC and is due to finish in 60 minutes. The chair is redrobot. Information about MeetBot at http://wiki.debian.org/MeetBot. | 13:00 |
| openstack | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 13:00 |
| *** openstack changes topic to " (Meeting topic: barbican)" | 13:00 | |
| openstack | The meeting name has been set to 'barbican' | 13:00 |
| redrobot | #topic Roll Call | 13:00 |
| *** openstack changes topic to "Roll Call (Meeting topic: barbican)" | 13:00 | |
| redrobot | Courtesy ping for ade_lee hrybacki jamespage Luzi lxkong moguimar raildo rm_work xek | 13:00 |
| redrobot | As usual our agenda can be found here: | 13:01 |
| redrobot | #link https://etherpad.openstack.org/p/barbican-weekly-meeting | 13:01 |
| moguimar | o/ | 13:01 |
| mhen | o/ | 13:02 |
| redrobot | Hi y'all! | 13:02 |
| redrobot | Looks like we're a bit light on attendance. | 13:03 |
| redrobot | But that's OK, because y'all are awesome! :D | 13:03 |
| redrobot | #topic Review Past Meeting Action Items | 13:03 |
| rm_work | o/ just back from vacation | 13:03 |
| *** openstack changes topic to "Review Past Meeting Action Items (Meeting topic: barbican)" | 13:03 | |
| redrobot | #link http://eavesdrop.openstack.org/meetings/barbican/2019/barbican.2019-08-13-13.01.html | 13:03 |
| redrobot | rm_work, welcome back! | 13:03 |
| redrobot | Let's see: | 13:03 |
| redrobot | First action item: | 13:03 |
| redrobot | redrobot to document the feature gap between python-barbicanclient and openstacksdk (2) | 13:03 |
| redrobot | I did not do this :( | 13:04 |
| redrobot | so let's punt it for another week! | 13:04 |
| redrobot | #action redrobot to document the feature gap between python-barbicanclient and openstacksdk (3) | 13:04 |
| redrobot | OK, moving on | 13:04 |
| redrobot | #topic Liaison Updates | 13:04 |
| *** openstack changes topic to "Liaison Updates (Meeting topic: barbican)" | 13:04 | |
| redrobot | moguimar, anything from Osloland? | 13:04 |
| moguimar | nope | 13:04 |
| moguimar | Osloland is quite quiet as well | 13:05 |
| redrobot | moguimar, cool. Thanks for the tongue twister update ;) | 13:05 |
| redrobot | I don't have anything on the agenda ... | 13:05 |
| redrobot | Any important dates coming up? | 13:05 |
| moguimar | secret consumers review? =D | 13:06 |
| * redrobot looks at release calendar | 13:06 | |
| redrobot | #topic Secret Consumers update | 13:06 |
| *** openstack changes topic to "Secret Consumers update (Meeting topic: barbican)" | 13:06 | |
| moguimar | #link https://review.opendev.org/#/c/674302/ | 13:06 |
| moguimar | I think the model is finished | 13:06 |
| moguimar | I'm woring on the repositories.py classes | 13:06 |
| moguimar | then all the way up | 13:07 |
| redrobot | Nice. Good job so far, moguimar! | 13:07 |
| moguimar | I am just not sure about the project_id field | 13:07 |
| moguimar | also, in the secrets model, I see that other orms have a cascade="all, delete-orphan" | 13:08 |
| moguimar | that's not the behavior in ContainerConsumers, so which one is the best to follow? | 13:08 |
| * redrobot does not have any answers right now ... still waiting for coffee to kick in ... | 13:09 | |
| redrobot | Did you put those Qs in the review? | 13:10 |
| redrobot | I'll definitely get to it today for reals | 13:10 |
| moguimar | I'll drop them there | 13:11 |
| redrobot | Sweet. | 13:11 |
| redrobot | Anything else on this topic? | 13:13 |
| moguimar | not for now | 13:14 |
| redrobot | Cool beans. | 13:14 |
| redrobot | moving on | 13:14 |
| redrobot | #topic Open Discussion | 13:14 |
| *** openstack changes topic to "Open Discussion (Meeting topic: barbican)" | 13:14 | |
| rm_work | I should probably look at that | 13:14 |
| redrobot | rm_work++ | 13:15 |
| rm_work | Ah hmm maybe have something for discussion | 13:15 |
| rm_work | Ran into a problem recently | 13:15 |
| redrobot | what's up? | 13:16 |
| rm_work | Looking for thoughts | 13:16 |
| rm_work | So in the Octavia horizon dashboard, we have a selector for certificates from Barbican for TLS terminated listeners | 13:16 |
| rm_work | Previously we showed all containers of the certificates type | 13:17 |
| rm_work | Which worked well | 13:17 |
| rm_work | Now that we use secrets ... And they don't have types... | 13:17 |
| redrobot | > they don't have types | 13:18 |
| redrobot | ? | 13:18 |
| rm_work | We're left with "show all secrets and let our API validate | 13:18 |
| rm_work | Which is less awesome but I can't think of a better way to do it? But it means we have to just show an entire secret list for the user in that UI | 13:18 |
| rm_work | There's no way just from the secret list to see which ones contain a pkcs12 bundle | 13:18 |
| rm_work | Secrets are just... Secrets | 13:19 |
| rm_work | There's no "certificate typed secret" | 13:19 |
| rm_work | Right? | 13:19 |
| mhen | #link https://docs.openstack.org/barbican/latest/api/reference/secret_types.html | 13:20 |
| moguimar | I saw a container for certificates | 13:20 |
| moguimar | but secrets seems to be generic | 13:20 |
| redrobot | what mhen said | 13:20 |
| mhen | there's a "certificate" type, but that's just metadata | 13:20 |
| redrobot | Secrets all have a type | 13:20 |
| redrobot | if you don't specify it, then type=opaque | 13:20 |
| mhen | i.e. it is not validate in any form by Barbican iirc | 13:20 |
| mhen | *validated | 13:20 |
| moguimar | accordint to the docs, secrets can be whatever you want | 13:21 |
| redrobot | right, not validated, but it could be used to filter results | 13:21 |
| rm_work | So we could tell the user to specify that when they create their secret I guess | 13:21 |
| mhen | and as redrobot said, it's not automatically set | 13:21 |
| rm_work | But it's definitely not automatic | 13:21 |
| redrobot | right, rm_work. Not automatic. | 13:21 |
| rm_work | And I forsee a 100% chance of a support request increase because people's stuff isn't showing up | 13:22 |
| redrobot | We talked about adding validations many moons ago. | 13:22 |
| redrobot | hehe | 13:22 |
| rm_work | Well I don't see how you can | 13:22 |
| rm_work | Since you even support end to end encryption of the payload to the store | 13:22 |
| rm_work | So Barbican couldn't even see the secret in that case | 13:22 |
| mhen | redrobot, out of interest, what was the consensus on that? | 13:22 |
| redrobot | rm_work, could be client-side validation ... which is not helpful if you're going straight to API, but the CLI could do it. | 13:23 |
| rm_work | :/ | 13:23 |
| redrobot | mhen, it was a "good idea" that never got anywhere... It was back in my Rackspace days, so it's been a while. | 13:23 |
| mhen | redrobot, I see thanks | 13:24 |
| rm_work | Ok, so what do you think? If we change the UI to show secrets with type certificate, and add a doc line that says "make sure to type it as a certificate!" ... | 13:24 |
| rm_work | I feel like that's going to be a headache | 13:24 |
| rm_work | Is that mutable? | 13:24 |
| rm_work | Can people fix existing secrets that don't have that set correctly? | 13:25 |
| redrobot | I'm not sure it is ... but maybe it should be | 13:25 |
| redrobot | I'd have to go test it out. | 13:25 |
| rm_work | K. | 13:25 |
| redrobot | What's the current guidance for uploading stuff? | 13:25 |
| redrobot | Use the cli? Octavia-horizon? | 13:25 |
| rm_work | Thanks for the info I guess, I actually didn't think secrets had any type at all, even an unenforced metadata field | 13:26 |
| rm_work | Cli or api | 13:26 |
| rm_work | Since there's no Barbican horizon dashboard? I think? | 13:26 |
| rm_work | Or is there? | 13:26 |
| redrobot | Nope ... no barbican-ui yet ... | 13:27 |
| rm_work | Right now our docs have cli examples | 13:27 |
| rm_work | :( feels like that would help with adoption | 13:27 |
| mhen | are there any plans for a Barbican dashboard? | 13:27 |
| rm_work | IMO that should probably be a priority | 13:27 |
| redrobot | mhen, I've heard a couple of folks ask for it, but no one is committed to make it happen. | 13:27 |
| redrobot | rm_work++ | 13:27 |
| rm_work | I'd help if I knew web at all | 13:28 |
| rm_work | :/ | 13:28 |
| redrobot | I can look into getting some time to get at least a POC going | 13:28 |
| rm_work | Right now I can't even change basic variables in our own UI :( | 13:28 |
| redrobot | #action redrobot to ask boss for some time to get a barbican-ui POC | 13:28 |
| rm_work | None of that shit makes sense | 13:28 |
| rm_work | I hate frontend so much | 13:28 |
| redrobot | Haha | 13:29 |
| rm_work | Everything is just magic | 13:29 |
| redrobot | It's been a long while since I've done front end dev. | 13:29 |
| rm_work | You can't ever follow an entrypoint through to the end | 13:29 |
| redrobot | rm_work, http://dmend.github.io/speaking/django_zero_to_hero/peter_css.gif | 13:30 |
| rm_work | It's just all over the place via magic fairies and who knows how you got to that function or what code will run next <_< | 13:30 |
| rm_work | Thanks, will check that out | 13:31 |
| redrobot | rm_work, it's just an image to make you lol. :-P | 13:31 |
| rm_work | Yeah but I figure it comes from a talk? :D | 13:31 |
| rm_work | Based on the URL | 13:32 |
| redrobot | Heh, yeah, old Django talk I did for PyTexas | 13:32 |
| redrobot | a few years back | 13:32 |
| rm_work | Still useful? | 13:32 |
| rm_work | Few years ago in frontend means none of that tech is used anymore right? | 13:33 |
| redrobot | rm_work, possibly? The Django tutorial in the official docs is pretty solid | 13:33 |
| redrobot | would recommend that over my talk. | 13:33 |
| rm_work | lol k | 13:33 |
| redrobot | rm_work, correct. :) | 13:33 |
| redrobot | rm_work, definitely want to get your cert stuff sorted out tho | 13:33 |
| redrobot | rm_work, I'll check out the Octavia docs and see if I can send y'all a patch that uses the secret types | 13:34 |
| rm_work | Yeah I'll prolly try to go with showing cert type secrets | 13:34 |
| rm_work | It's just our dashboard | 13:34 |
| redrobot | #action redrobot to review octavia's how-to for uploading certs | 13:34 |
| rm_work | But yeah updating the docs to set that would be good | 13:34 |
| *** ade_lee has quit IRC | 13:35 | |
| redrobot | then we'll just have to figure out if the secret type can be changed after-the-fact | 13:35 |
| redrobot | #action redrobot to check if secret types can be changed after upload | 13:35 |
| * redrobot needs to learn how to delegate | 13:35 | |
| redrobot | rm_work, ok, so for now, I'll check out your docs, and also look into whether the secret type can be checked | 13:36 |
| redrobot | rm_work, seem like a reasonable start? | 13:37 |
| rm_work | Yeah | 13:38 |
| redrobot | cool deal | 13:38 |
| rm_work | I'll poke at our UI guy and he if he has time to do the change in the UI side | 13:38 |
| redrobot | any other topics we should talk about while we're here? | 13:38 |
| rm_work | Or else I've got some tutorials in my future | 13:39 |
| redrobot | rm_work, 😂 | 13:39 |
| redrobot | Okay ... I think we're done for the day then. | 13:40 |
| redrobot | Thanks everyone for coming! | 13:40 |
| redrobot | #endmeeting | 13:40 |
| *** openstack changes topic to "OpenStack Barbican Train Cycle Development - Weekly Meeting Agenda: https://etherpad.openstack.org/p/barbican-weekly-meeting" | 13:40 | |
| openstack | Meeting ended Tue Aug 20 13:40:25 2019 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 13:40 |
| openstack | Minutes: http://eavesdrop.openstack.org/meetings/barbican/2019/barbican.2019-08-20-13.00.html | 13:40 |
| openstack | Minutes (text): http://eavesdrop.openstack.org/meetings/barbican/2019/barbican.2019-08-20-13.00.txt | 13:40 |
| openstack | Log: http://eavesdrop.openstack.org/meetings/barbican/2019/barbican.2019-08-20-13.00.log.html | 13:40 |
| *** dave-mccowan has quit IRC | 14:12 | |
| *** ade_lee has joined #openstack-barbican | 14:13 | |
| *** jmlowe has joined #openstack-barbican | 14:27 | |
| *** dpawlik has quit IRC | 14:41 | |
| *** openstackstatus has quit IRC | 14:58 | |
| *** openstack has joined #openstack-barbican | 15:00 | |
| *** ChanServ sets mode: +o openstack | 15:00 | |
| *** pvradu has joined #openstack-barbican | 15:04 | |
| *** ivve has quit IRC | 15:26 | |
| *** dave-mccowan has joined #openstack-barbican | 15:31 | |
| *** dayou has joined #openstack-barbican | 15:47 | |
| *** dayou_ has quit IRC | 15:50 | |
| *** pvradu has quit IRC | 15:50 | |
| *** ivve has joined #openstack-barbican | 16:42 | |
| openstackgerrit | Moisés Guimarães proposed openstack/barbican master: Add SecretConsumerRepo repository and its tests. https://review.opendev.org/677517 | 17:05 |
| moguimar | redrobot: ^ | 17:07 |
| moguimar | 😎 | 17:07 |
| moguimar | now I can go have dinner =P | 17:07 |
| *** raildo has quit IRC | 17:25 | |
| *** raildo has joined #openstack-barbican | 17:32 | |
| *** jmlowe has quit IRC | 18:29 | |
| *** jmlowe has joined #openstack-barbican | 18:55 | |
| *** ade_lee has quit IRC | 20:12 | |
| *** ade_lee has joined #openstack-barbican | 21:14 | |
| *** xek has quit IRC | 21:20 | |
| *** ade_lee has quit IRC | 21:20 | |
| *** ade_lee has joined #openstack-barbican | 21:21 | |
| *** raildo has quit IRC | 21:39 | |
| *** ivve has quit IRC | 21:42 | |
| *** trident has quit IRC | 22:02 | |
| *** trident has joined #openstack-barbican | 22:11 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!
