| *** iurygregory_ is now known as iurygregory | 06:19 | |
| lxkong | hi barbican team, may I know what is it possible to mark a secret/container private when creating? | 11:02 |
|---|---|---|
| lxkong | if not, is it a reasonable feature requirement? | 11:03 |
| redrobot | Hi lxkong | 12:04 |
| redrobot | In my opinion, the best way to make things "private" is for a user to create a new project in Keystone for which they are the only user that has roles assigned on that project. | 12:05 |
| redrobot | lxkong it is also possible to set the "project-access" flag to false in both a secret or a container using the ACL API: https://docs.openstack.org/barbican/latest/api/reference/acls.html | 12:07 |
| redrobot | however, it's not exactly private, because users with the "admin" role on the project can still access them. In other words, it only prevents users with "reader" or "member" roles from accessing a secret. | 12:07 |
| redrobot | #startmeeting barbican | 13:00 |
| opendevmeet | Meeting started Tue Jun 15 13:00:35 2021 UTC and is due to finish in 60 minutes. The chair is redrobot. Information about MeetBot at http://wiki.debian.org/MeetBot. | 13:00 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 13:00 |
| opendevmeet | The meeting name has been set to 'barbican' | 13:00 |
| redrobot | #topic Roll Call | 13:00 |
| redrobot | Courtesy ping for ade_lee dave-mccowan hrybacki jamespage Luzi lxkong mhen moguimar raildo rm_work tosky xek nearyo oleksandry | 13:00 |
| rosmaita | o/ | 13:01 |
| redrobot | Hi rosmaita | 13:01 |
| rosmaita | hello | 13:01 |
| redrobot | As usual the agenda can be found here: | 13:01 |
| redrobot | #link https://etherpad.opendev.org/p/barbican-weekly-meeting | 13:01 |
| Luzi | o/ | 13:02 |
| rosmaita | redrobot: https://review.opendev.org/c/openstack/barbican/+/796284 has finally passed zuul, if you could look when you have time, it's blocking some of the cinder gates | 13:03 |
| rosmaita | took 3 rechecks, but looks like that was due to mirroring problems for dependencies where the jobs landed | 13:03 |
| redrobot | #topic Barbican Gates | 13:03 |
| redrobot | Thanks for working ont hat patch rosmaita. | 13:03 |
| rosmaita | that was all Gorka, i am just following up | 13:04 |
| redrobot | gotcha | 13:04 |
| redrobot | Yeah, I'm not sure how so much SQLAlchemy broke all at once | 13:04 |
| rosmaita | well, the "major" projects got advance notice a few months ago | 13:04 |
| redrobot | heh | 13:04 |
| rosmaita | i left a comment on the patch that more projects should be notified, but it got lost | 13:04 |
| rosmaita | anyway, 1.4 intentionally introduced some backward incompatibilities | 13:05 |
| rosmaita | to prepare for 2.0 | 13:05 |
| redrobot | I'll take a look at the patch right after this meeting and try to catch ade_lee for a second review when he comes online | 13:05 |
| rosmaita | cool, ty | 13:05 |
| rosmaita | i have one more "none of my business, but" comment (or i can wait for open discussion later) | 13:06 |
| redrobot | shoot | 13:06 |
| rosmaita | i noticed that there's a place in the barbican code where you have deleted=1 in a sqlalchemy query | 13:06 |
| rosmaita | 'deleted' is boolean in the model, though | 13:06 |
| rosmaita | i believe it's not a problem for mysql/mariadb | 13:07 |
| rosmaita | but might be worth using boolean to be consistent | 13:07 |
| rosmaita | (since db use is kind of important for barbican) | 13:07 |
| redrobot | Ah yeah, that's a good catch | 13:07 |
| tosky | hi | 13:07 |
| redrobot | hi tosky | 13:08 |
| rosmaita | we got burned once by that in glance when someone was using postgresql | 13:08 |
| tosky | I see the main topic I was going to raise has been taken care of already | 13:08 |
| rosmaita | :) | 13:08 |
| tosky | (i.e. broken gates for everyone!) | 13:08 |
| redrobot | 😅😅😅 | 13:08 |
| redrobot | I'm hoping we can get everything back online in the next couple of hours | 13:08 |
| rosmaita | i wonder whether we should propose that the cinder-tempest-plugin tests be run in the requirements gate -- currently it's just unit tests for select projects | 13:09 |
| rosmaita | that way barbican would get a workout | 13:10 |
| rosmaita | i was going to propose that barbican unit tests should be added, but that wouldn't have caught this event | 13:10 |
| rosmaita | anyway, something to think about ... i will be happy to help push this if you think it's a good idea | 13:11 |
| redrobot | More testing is always good IMO | 13:11 |
| rosmaita | and actually, i am wrong about the barbican UTs not catching a problem, so maybe those would be sufficient | 13:11 |
| redrobot | let's propose a patch and see what the requirements folks have to say abou tit | 13:12 |
| rosmaita | sounds good | 13:13 |
| redrobot | OK, moving on ... | 13:14 |
| redrobot | #topic Liaison Updates | 13:14 |
| redrobot | tosky anything else you want to talk about? | 13:14 |
| tosky | nothing else (usual stuff about grenade still pending) | 13:17 |
| redrobot | cool, thanks tosky | 13:18 |
| redrobot | #topic Kanban Review | 13:18 |
| redrobot | #link https://tree.taiga.io/project/dmend-openstack-barbican/kanban | 13:18 |
| redrobot | I have a WIP patch to fix the unicode error when using the Vault backend: https://review.opendev.org/c/openstack/barbican/+/796065 | 13:19 |
| redrobot | the patch works for a new deployment, but I still need to add the logic to handle inconsistent encodings for existing deployments | 13:20 |
| redrobot | #topic Bug Review | 13:21 |
| redrobot | #link https://storyboard.openstack.org/#!/project_group/barbican | 13:21 |
| redrobot | We have one new bug for the db migration that was broken by sqlachemy https://storyboard.openstack.org/#!/story/2008967 | 13:22 |
| redrobot | #link https://bugs.launchpad.net/castellan/+bugs?orderby=-id&start=0 | 13:22 |
| redrobot | No new Castellan bugs | 13:22 |
| redrobot | #link https://bugs.launchpad.net/cursive/+bugs?orderby=-id&start=0 | 13:22 |
| redrobot | And no new Cusrvie bugs | 13:23 |
| redrobot | #topic Wayward Reviews | 13:23 |
| redrobot | usually me and moguimar would look at reviews now, but he won't be around very much anymore :( | 13:23 |
| redrobot | That said, if anyone here is interested in being a core reviewer let me know and we can work on a plan to get you there. ;) | 13:24 |
| redrobot | #topic Open Discussion | 13:24 |
| redrobot | Anything else y'all want to talk about? | 13:24 |
| rosmaita | redrobot: will you propose a patch to add barbican UTs to the requirements check? | 13:28 |
| redrobot | rosmaita yeah, I can do that | 13:28 |
| redrobot | #action redrobot to propose patch for requirements check to include barbican unit tests | 13:28 |
| rosmaita | cool, ping me in #openstack-cinder and I will leave a comment on it | 13:28 |
| rosmaita | i will talk offline with tosky about the advisibility of proposing cinder-tempest-plugin jobs for requirements | 13:29 |
| rosmaita | if we put up a patch, i will ping you | 13:29 |
| redrobot | ack, sounds good | 13:29 |
| rosmaita | excellent, thank you | 13:29 |
| redrobot | Thanks for joining, everyone! | 13:32 |
| redrobot | #endmeeting | 13:32 |
| opendevmeet | Meeting ended Tue Jun 15 13:32:03 2021 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 13:32 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/barbican/2021/barbican.2021-06-15-13.00.html | 13:32 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/barbican/2021/barbican.2021-06-15-13.00.txt | 13:32 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/barbican/2021/barbican.2021-06-15-13.00.log.html | 13:32 |
| *** ricolin_ is now known as ricolin | 16:26 | |
| *** ricolin_ is now known as ricolin | 17:32 | |
| rosmaita | redrobot: ade_lee: reminder to please look at https://review.opendev.org/c/openstack/barbican/+/796284 | 20:04 |
| opendevreview | Douglas Mendizábal proposed openstack/barbican master: Fix alembic migrations https://review.opendev.org/c/openstack/barbican/+/796059 | 20:49 |
| lxkong | redrobot: Thanks for the answer. So creating a secret/container and then `openstack acl submit URI --no-project-access` would work for me. | 20:51 |
| opendevreview | Merged openstack/barbican master: Fix unit tests and migration to unblock gate https://review.opendev.org/c/openstack/barbican/+/796284 | 21:57 |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!