| mangust404 | Hello, guys! My name is Erkin, I'm future PTL of Trove project for 2026.2 cycle. Right now I'm working on SSL/TLS feature in Trove, and I plan to integrate it with Barbican. So I need competent opinions about the proposed design here: https://paste.openstack.org/show/bKvvV5iHUMWCv5u96Kgj/ | 13:00 |
|---|---|---|
| mangust404 | Tl;dr: when user need to enable ssl on trove database server, he should provide href to pkcs#12 container uploaded to Barbican plus href to password if pkcs#12 container is password-protected (optionally). Additionally, consumer for pkcs#12 will be created when it's in use, and removed on ssl disable or when new certificate is uploaded during renewal process. | 13:00 |
| mangust404 | Proposed design has strong sides: full control of certs, flexibility, integration with enterprise CAs, mTLS support. But also has weak points: lack of auto-renewal, auto-rotation, no ACME support, you name it. | 13:00 |
| mangust404 | So, I'm happy to hear any opinions on this topic, perhaps the Barbican has far-reaching plans for automating certificate renewals, and we can implement all this together, also probably we need to rework current proposed design too. | 13:00 |
| mangust404 | mharley[m] dmendiza[m] please assist me on the subject, probably you can put it to agenda for future weekly meeting and I can participate in the meeting too | 13:00 |
| mangust404 | It seems that it will be more convenient to discuss here https://review.opendev.org/c/openstack/trove/+/977646 | 14:05 |
| opendevreview | Takashi Kajinami proposed openstack/castellan master: tox: Fix missing functional-vault-py310 env https://review.opendev.org/c/openstack/castellan/+/977678 | 14:36 |
| opendevreview | Takashi Kajinami proposed openstack/castellan master: Move vault functional tests to noble https://review.opendev.org/c/openstack/castellan/+/977681 | 14:38 |
| opendevreview | Takashi Kajinami proposed openstack/castellan master: Bump vault used in tests https://review.opendev.org/c/openstack/castellan/+/975135 | 14:59 |
| opendevreview | Takashi Kajinami proposed openstack/castellan master: Use more explicit import https://review.opendev.org/c/openstack/castellan/+/975399 | 14:59 |
| opendevreview | Takashi Kajinami proposed openstack/castellan master: barbican: Drop redundant full url composition https://review.opendev.org/c/openstack/castellan/+/975497 | 14:59 |
| opendevreview | Takashi Kajinami proposed openstack/castellan master: Check context instance type directly https://review.opendev.org/c/openstack/castellan/+/975375 | 14:59 |
| opendevreview | Takashi Kajinami proposed openstack/castellan master: barbican: Pass down domain/system scope https://review.opendev.org/c/openstack/castellan/+/975376 | 14:59 |
| seunghunlee | Hello Barbican team, I found this patch https://review.opendev.org/c/openstack/barbican/+/944564 was meant to be merged but kinda forgotten. Could you have a look? Currently it's causing doc-code mismatch for the variable ``enforce_new_defaults`` in 2024.2, 2025.1 and master. | 15:06 |
| opendevreview | Merged openstack/castellan master: tox: Fix missing functional-vault-py310 env https://review.opendev.org/c/openstack/castellan/+/977678 | 15:44 |
| opendevreview | Takashi Kajinami proposed openstack/castellan stable/2025.2: tox: Fix missing functional-vault-py310 env https://review.opendev.org/c/openstack/castellan/+/977688 | 15:52 |
| opendevreview | Merged openstack/castellan master: Move vault functional tests to noble https://review.opendev.org/c/openstack/castellan/+/977681 | 15:56 |
| opendevreview | Merged openstack/castellan master: Use more explicit import https://review.opendev.org/c/openstack/castellan/+/975399 | 16:08 |
| opendevreview | Merged openstack/castellan master: Bump vault used in tests https://review.opendev.org/c/openstack/castellan/+/975135 | 16:11 |
| opendevreview | Merged openstack/castellan master: Check context instance type directly https://review.opendev.org/c/openstack/castellan/+/975375 | 16:32 |
| opendevreview | Merged openstack/castellan master: barbican: Pass down domain/system scope https://review.opendev.org/c/openstack/castellan/+/975376 | 16:32 |
| opendevreview | Merged openstack/castellan master: barbican: Drop redundant full url composition https://review.opendev.org/c/openstack/castellan/+/975497 | 16:32 |
| *** Callum0270 is now known as Callum027 | 20:42 | |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!