| rm_work[m] | tkajinam: are you working on the (unrelated to your CR?) issue that is making tests fail on the mypy fix CR? https://review.opendev.org/c/openstack/castellan/+/993143 | 04:20 |
|---|---|---|
| rm_work[m] | I was going to rebase mine on that but that seems like it is failing due to yet another thing? T_T | 04:21 |
| opendevreview | Adam Harwell proposed openstack/castellan master: Add token-based auth method to VaultKeyManager https://review.opendev.org/c/openstack/castellan/+/993057 | 04:25 |
| opendevreview | Adam Harwell proposed openstack/castellan master: Add token-based auth method to VaultKeyManager https://review.opendev.org/c/openstack/castellan/+/993057 | 04:36 |
| rm_work[m] | I rebased it on top of your chain | 04:36 |
| opendevreview | Takashi Kajinami proposed openstack/castellan master: Do not expose internal client exceptions https://review.opendev.org/c/openstack/castellan/+/993209 | 05:24 |
| opendevreview | Takashi Kajinami proposed openstack/castellan master: Add token-based auth method to VaultKeyManager https://review.opendev.org/c/openstack/castellan/+/993057 | 05:43 |
| opendevreview | Adam Harwell proposed openstack/castellan master: Add token-based auth method to VaultKeyManager https://review.opendev.org/c/openstack/castellan/+/993057 | 06:10 |
| rm_work[m] | tkajinam / tkajinam_ you here? | 06:26 |
| tkajinam | yes | 06:26 |
| * tkajinam reading through vault documentation | 06:26 | |
| rm_work[m] | I think I put a basic example in one of the docstrings | 06:27 |
| rm_work[m] | but ours is like... | 06:27 |
| rm_work[m] | kubernetes-{datacenter}-{namespace}-{serviceaccount} | 06:28 |
| rm_work[m] | because of the way our magic-auth-crap works | 06:28 |
| tkajinam | rm_work[m], maybe my questions are | 06:28 |
| tkajinam | 1. how do you configure that mount path ? | 06:29 |
| tkajinam | 2. is customization of mount path specific to k8s or can be used for the other auth methods ? | 06:29 |
| rm_work[m] | I don't know, originally I was going to propose just for k8s but you made me realize other methods are similar | 06:29 |
| rm_work[m] | I don't know how any of the other ones wrk | 06:30 |
| tkajinam | it's ok that you don't know the other backends are | 06:30 |
| tkajinam | but we need to know how that is configured in vault side for k8s auth method at least | 06:30 |
| tkajinam | https://developer.hashicorp.com/vault/docs/auth/userpass#configuration | 06:32 |
| rm_work[m] | what we are doing is very simple at its core, I think | 06:32 |
| rm_work[m] | load auth files and pass them somewhere | 06:32 |
| rm_work[m] | if we just make everything as variables, it hardly even matters if we mess up the defaults, people just config what they need :D | 06:33 |
| tkajinam | IMHO configuration interface in castellan should be consistent with the one in vault. Allow everything may be easy for developers but is not for operators/users | 06:34 |
| rm_work[m] | I am coming from an operator perspective here | 06:34 |
| rm_work[m] | as an operator I barely care about the implementation as long as I can technically hack it to work for my deployment by overriding config vars :P | 06:35 |
| rm_work[m] | from a developer perspective, I would like it to be as cleanly implemented as possible, but know that I need to keep certain parts generic | 06:36 |
| tkajinam | yeah | 06:39 |
| opendevreview | Takashi Kajinami proposed openstack/python-barbicanclient master: Drop direct import from the base client module https://review.opendev.org/c/openstack/python-barbicanclient/+/993315 | 09:03 |
| opendevreview | Merged openstack/castellan master: Do not expose internal client exceptions https://review.opendev.org/c/openstack/castellan/+/993209 | 09:50 |
| opendevreview | Merged openstack/castellan master: Add token-based auth method to VaultKeyManager https://review.opendev.org/c/openstack/castellan/+/993057 | 09:55 |
| -opendevstatus- NOTICE: Recent POST_FAILURE job results with no logs were due to upload errors in one of our providers, which has been temporarily disabled now so rechecking those should be safe | 12:43 | |
| *** iurygregory_ is now known as iurygregory | 13:46 | |
| opendevreview | Mauricio Harley proposed openstack/barbican master: Add crypto-agility to SimpleCrypto asymmetric key generation https://review.opendev.org/c/openstack/barbican/+/985080 | 18:29 |
Generated by irclog2html.py 4.1.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!