| songwenping | hi team, what's the usage of barbican-keystone-listener? how can we forbidden it to consume the notifications message? | 02:48 |
|---|---|---|
| *** mhen_ is now known as mhen | 02:57 | |
| songwenping__ | hi team, what's the usage of barbican-keystone-listener? how can we forbidden it to consume the notifications message? | 03:31 |
| rajiv | Hi, is the weekly meeting at 11 or 12 UTC ? the below link says 12 UTC | 10:43 |
| rajiv | https://wiki.openstack.org/wiki/Meetings/Barbican | 10:43 |
| xek | #startmeeting barbican | 12:01 |
| opendevmeet | Meeting started Tue Jan 17 12:01:06 2023 UTC and is due to finish in 60 minutes. The chair is xek. Information about MeetBot at http://wiki.debian.org/MeetBot. | 12:01 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 12:01 |
| opendevmeet | The meeting name has been set to 'barbican' | 12:01 |
| xek | #topic Roll Call | 12:01 |
| xek | Courtesy ping for dmendiza[m] ade_lee d34dh0r53 Luzi tosky tobias-urdin | 12:01 |
| xek | rajiv: o/ | 12:01 |
| xek | rajiv: yes, the meeting is 12 UTC | 12:01 |
| rajiv | HEY | 12:01 |
| xek | As usual our agenda can be found here: | 12:02 |
| xek | #link https://etherpad.openstack.org/p/barbican-weekly-meeting | 12:02 |
| rajiv | roger! | 12:02 |
| Luzi | o/ | 12:02 |
| xek | Just the usual topics on the agenda today | 12:04 |
| xek | Luzi: o/ | 12:05 |
| xek | #topic Review Past Meeting Action Items | 12:05 |
| xek | #link https://meetings.opendev.org/meetings/barbican/2023/barbican.2023-01-10-12.01.html | 12:05 |
| xek | There are no action items from previous meetings | 12:05 |
| xek | #topic Liaison Updates | 12:06 |
| xek | No updates from me | 12:06 |
| xek | #topic Open Discussion | 12:07 |
| rajiv | Hey, i have a couple topics, can i ask now ? or is there Q&A session ? | 12:07 |
| xek | rajiv: yes you can :) | 12:08 |
| rajiv | First, Zed release notes is broken, can i it be fixed ? https://docs.openstack.org/releasenotes/barbican/zed.html | 12:08 |
| rajiv | i observed the latest stable release notes is always broken, but (latest release notes - 1) works | 12:08 |
| rajiv | second, any change this bug could be merged in upcoming release cycle ? https://storyboard.openstack.org/#!/story/2009322 | 12:09 |
| xek | rajiv: I think we may need a patch for stable/zed to fix that, I'll look into it | 12:10 |
| xek | (the release notes) | 12:10 |
| rajiv | okay | 12:10 |
| xek | rajiv: are there patches to fix this error? | 12:10 |
| rajiv | i am unaware if there are any, i followed up during last cycle as well but there wasnt any patch. | 12:11 |
| xek | rajiv: yeah, a quick search doesn't bring any | 12:12 |
| xek | rajiv: someone would have to volunteer to prepare those patches | 12:12 |
| rajiv | i see, idk how the workflow wrt zuul goes, hence i wasnt able to figure it out. | 12:13 |
| rajiv | maybe once Doug is back, we can re-connect. | 12:13 |
| xek | rajiv: what do you mean workflow with zuul? do you need help on setting your environment up? | 12:14 |
| rajiv | sry, are we referring to first or second topic ? | 12:14 |
| xek | rajiv: second, sorry I wasn't clear | 12:14 |
| xek | rajiv: I'll look into why the release notes are not appearing | 12:15 |
| rajiv | ah ok, second issue, i have a ready env, but wasnt able figure this out. Any suggestions ? i can work on a patch though | 12:15 |
| xek | rajiv: you probably need to figure out how to pass the filter into the part that generates that next URL for pagination | 12:17 |
| rajiv | i tried this but had no luck : https://github.com/sapcc/barbican/commit/cafde97c72171c9f0bd07cb3df6f20a8ade52e33 | 12:17 |
| rajiv | okay, last topic, i am testing Zed upgrade, is there a config to enable microversions ? | 12:18 |
| rajiv | i get the below error even though i have added microversions in the paste.ini file : | 12:18 |
| rajiv | LookupError: No section 'microversion' (prefixed by 'filter') found in config /etc/barbican/barbican-api-paste.ini | 12:18 |
| rajiv | i added it here : https://github.com/sapcc/helm-charts/commit/f82748a378bf40116cfd2183b02ce6f38e9685f5 | 12:19 |
| xek | rajiv: I think you also need [filter:microversion] section | 12:25 |
| xek | rajiv: with paste.filter_factory = barbican.api.middleware.microversion:MicroversionMiddleware.factory | 12:26 |
| rajiv | okay | 12:27 |
| xek | rajiv: see the last 2 commits here: https://github.com/openstack/barbican/commits/master/etc/barbican/barbican-api-paste.ini | 12:27 |
| rajiv | https://github.com/openstack/barbican/blob/master/etc/barbican/barbican-api-paste.ini | 12:27 |
| xek | rajiv: the last commit also added it to the barbican_version pipeline, since it is also versioned for backwards compatibility | 12:28 |
| rajiv | thanks, are there any other changes in zed ? | 12:28 |
| rajiv | i am asking release notes arent there | 12:28 |
| xek | rajiv: no, I don't think there are any other major changes, and also the microversion implementation is still not well tested, since the python-barbicanclient implementation is not ready | 12:29 |
| xek | rajiv: we are working on it this cycle, but will likely backport it to zed | 12:30 |
| rajiv | oh ok, so do i need to enable microversion or drop it for now ? | 12:30 |
| xek | rajiv: you don't need it, if you don't need secret consumers functionality | 12:31 |
| xek | rajiv: and as of now, no other service uses this functionality | 12:31 |
| rajiv | is there docu on secret consumers functionality ? | 12:31 |
| rajiv | my barbican backend is Thales HSM A790 with FIPS mode enabled. | 12:32 |
| xek | rajiv: yes, let me find a link | 12:32 |
| rajiv | this https://specs.openstack.org/openstack/barbican-specs/specs/train/secret-consumers.html ? | 12:33 |
| xek | rajiv: https://specs.openstack.org/openstack/barbican-specs/specs/train/secret-consumers.html | 12:33 |
| xek | yep | 12:33 |
| rajiv | thanks, could you elaborate "we are working on it this cycle, but will likely backport it to zed" | 12:34 |
| rajiv | will this feature be rolled back in Antelope ? | 12:34 |
| xek | that's the spec, there is also the api documentation | 12:34 |
| xek | rajiv: https://docs.openstack.org/barbican/latest/api/reference/secret_consumers.html | 12:35 |
| xek | rajiv: it won't be rolled back, we will fix any issues and backport them to zed | 12:36 |
| rajiv | okay, thats it from my end. Thanks for clarifying. | 12:37 |
| xek | rajiv: ack, happy to help :) | 12:38 |
| xek | #topic Bug Review | 12:38 |
| xek | There are no new bugs | 12:39 |
| xek | Allright, thanks for attending! | 12:39 |
| xek | #endmeeting | 12:39 |
| opendevmeet | Meeting ended Tue Jan 17 12:39:59 2023 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 12:39 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/barbican/2023/barbican.2023-01-17-12.01.html | 12:39 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/barbican/2023/barbican.2023-01-17-12.01.txt | 12:39 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/barbican/2023/barbican.2023-01-17-12.01.log.html | 12:39 |
| rajiv | Hi, are these policies renamed ? secret_consumers:get, secret_consumers:post, secret_consumers:delete ? | 13:15 |
| rajiv | is it container_consumers:get ? | 13:20 |
| rajiv | found it : https://github.com/openstack/barbican/blob/stable/zed/releasenotes/notes/fix-story-2009664-042ef282c0dd6b6a.yaml | 13:21 |
| rajiv | https://github.com/openstack/barbican/commit/b6002aa3d04c0dc3bf49c05686b76f1780de358f | 13:26 |
| xek | rajiv: no, there are container consumers and secret consumers, these are distinct | 13:38 |
| xek | rajiv: the container consumers were implemented a long time ago | 13:39 |
| opendevreview | Andre Aranha proposed openstack/python-barbicanclient master: Unit tests for microversion, initial change for consumers https://review.opendev.org/c/openstack/python-barbicanclient/+/870077 | 13:40 |
| xek | rajiv: so they can be referred to just by "consumers" | 13:40 |
| xek | (in older documentation and other places) | 13:41 |
| opendevreview | Mauricio Harley proposed openstack/python-barbicanclient master: Added the force parameter to consumer removal and the corresponding CLI commands https://review.opendev.org/c/openstack/python-barbicanclient/+/865519 | 14:49 |
| opendevreview | Andre Aranha proposed openstack/python-barbicanclient master: Unit tests for microversion, initial change for consumers https://review.opendev.org/c/openstack/python-barbicanclient/+/870077 | 15:12 |
| opendevreview | Andre Aranha proposed openstack/python-barbicanclient master: Unit tests for microversion, initial change for consumers https://review.opendev.org/c/openstack/python-barbicanclient/+/870077 | 16:06 |
| JayF | Hey, I'm trying to get some Castellan changes merged (and then some barbican changes that depend on it). Is this the right place to ask about it? https://review.opendev.org/c/openstack/castellan/+/869386 | 18:37 |
| opendevreview | Jay Faulkner proposed openstack/barbican master: Add support for Vault KV path https://review.opendev.org/c/openstack/barbican/+/869387 | 18:40 |
| ade_lee | JayF, yes it is | 19:38 |
| JayF | good stuff :) I don't usually contribute to barbican/castellan, but am sheparding some changes that have been carried downstream | 19:39 |
| JayF | happy to respond to any PR feedback on those, just lmk :D thanks \o | 19:39 |
| ade_lee | JayF, cool - I'll try to take an initial look tomorrow | 19:39 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!