opendevreview | Cuiye Liu proposed openstack/manila master: Dell PowerScale: Rename Isilon to PowerScale in Manila Driver https://review.opendev.org/c/openstack/manila/+/952736 | 02:56 |
---|---|---|
opendevreview | kiran pawar proposed openstack/python-manilaclient master: Add support of encryption_key_ref option for share create https://review.opendev.org/c/openstack/python-manilaclient/+/939639 | 04:58 |
kpdev | Hi @gouthamr | 04:59 |
kpdev | we decided to have end user specifying either href or UUID of barbican secret. Please let end user have flexibility to have both the way barbican secret GET API supports both. | 05:00 |
kpdev | We have decided and worked and tested that way. | 05:00 |
gouthamr | sorry, i don't see a reason why we need information we already have, or could be incorrecty | 05:01 |
gouthamr | manila talks to barbican over an internal endpoint | 05:01 |
gouthamr | presumably | 05:02 |
gouthamr | why would the API need the user to provide a URL that could be a "public" endpoint? | 05:02 |
gouthamr | we discussed this when reviewing the specification | 05:02 |
gouthamr | i see that carloss and haixin made the same points on the server patch.. | 05:03 |
gouthamr | i guess we're not seeing the use case for accepting a URL, if we did, we'd need to sanitize something like that and extract a UUID from it | 05:04 |
kpdev | but carloss agreed to have both https://meetings.opendev.org/irclogs/%23openstack-meeting-alt/%23openstack-meeting-alt.2025-07-10.log.html | 05:05 |
gouthamr | "otherwise end user everytime need to get href, and parse uuid out of it to provide share create option" - what does this mean? | 05:06 |
gouthamr | where will the end user get this href? | 05:07 |
kpdev | href, means barbican secret href | 05:07 |
kpdev | including https | 05:07 |
kpdev | so end user need to get UUID only out of it and provide for share create API | 05:07 |
kpdev | so I assume, why not let him provide whole href | 05:08 |
gouthamr | honestly, i'm baffled looking at the secrets API | 05:09 |
gouthamr | i.e., barbican's api-ref | 05:10 |
gouthamr | kpdev: please don't update patches yet, allow me to review the change completely - might need until EOD | 05:10 |
kpdev | I was looking for more convinience as intially someone suggested to allow share create API to accept barbican secnret name as well | 05:10 |
kpdev | but thats not possible. | 05:11 |
gouthamr | name isn't unique is it? | 05:11 |
kpdev | since name can not be unique and barbican API does not accept name in GET query | 05:11 |
kpdev | so we have only UUID and href. | 05:11 |
kpdev | I am fine with only UUID only. | 05:12 |
gouthamr | i'd like that, but, i realize now that "openstack secret list" is probably how the user will find the ref to provide | 05:13 |
gouthamr | sigh | 05:13 |
gouthamr | barbican, like most openstack services can have internal and public endpoints, correct? | 05:14 |
gouthamr | so i find it silly that the API is populating the public endpoint - maybe i don't know why | 05:16 |
kpdev | yes, it can have interal and public endpoints. | 05:18 |
kpdev | might be on devstack both are same. so we can not take whole href, is it why you want only UUID ? | 05:18 |
gouthamr | https://github.com/openstack/nova/blob/24803136ac82832e1dbaad2244647bc0d08e5ac8/nova/db/main/models.py#L752 | 05:19 |
gouthamr | ^ because that's how we're going to use it | 05:20 |
gouthamr | why would we need the href? | 05:20 |
kpdev | while storing in db, we are also storing only UUID | 05:20 |
gouthamr | *facepalm* | 05:20 |
kpdev | while end user is allowed to specify either | 05:20 |
gouthamr | so add this optimization to the CLI if you'd like | 05:21 |
gouthamr | lets keep the API clean with and ensure we are given a UUID | 05:21 |
kpdev | ok, I will remove from manila and keep in manilaclient. | 05:22 |
kpdev | Another w.r.t server_encryption_keys quota | 05:22 |
kpdev | https://specs.openstack.org/openstack/manila-specs/specs/flamingo/share_encryption.html this will be specifically server_encryption_keys as we are restrcting number of shareservers with unique keys to be created under project | 05:23 |
gouthamr | yes, this was discussed on the spec - and i merged the spec with the expectation that we'd correct this in the code | 05:23 |
kpdev | it can not control share encryption keys if any driver in future support share specific encryption keys | 05:23 |
gouthamr | no, carthaca and i were trying to tell you that whether its share or server encryption, the user shouldn't really care - the administrator drives this with the help of share type extra-specs | 05:24 |
gouthamr | so, the admin can control the number of keys allowed per project | 05:24 |
kpdev | the model is tied with share server and so I think quota will share_server_encruption keys | 05:24 |
kpdev | >no, carthaca and i were trying to tell you that whether its share or server encryption, the user shouldn't really care - the administrator drives this with the help of share type extra-specs | 05:24 |
kpdev | this is w.r.t end user API option | 05:24 |
kpdev | user can specifiy either share encryptio key or share server encryption key | 05:24 |
gouthamr | and the quota iirc, but, maybe you're talking about some implementation complexity | 05:25 |
kpdev | but its not tied with qouta | 05:25 |
gouthamr | allow me to review the quota implementation, i've not done that yet | 05:25 |
kpdev | ok | 05:25 |
gouthamr | i'll be logging off now, but i'll get back to this later in your day and we can probably chat during the weekly meeting or on the patch directly | 05:26 |
kpdev | for end user he specifi key which can be either share or share server encryption key. but for driver supporting share server, quota is used and henec specific to share_server_encryption_keys | 05:26 |
kpdev | ok | 05:26 |
gouthamr | i'll check this part out in your code | 05:27 |
opendevreview | Cuiye Liu proposed openstack/manila master: Dell PowerScale: Rename Isilon to PowerScale in Manila Driver https://review.opendev.org/c/openstack/manila/+/952736 | 07:08 |
opendevreview | Cuiye Liu proposed openstack/manila master: Dell PowerScale: Rename Isilon to PowerScale in Manila Driver https://review.opendev.org/c/openstack/manila/+/952736 | 07:40 |
opendevreview | Jan Jasek proposed openstack/manila-ui master: [WIP] Add manila-ui job and first manila-ui integration tests https://review.opendev.org/c/openstack/manila-ui/+/956098 | 08:33 |
opendevreview | OpenStack Proposal Bot proposed openstack/manila-ui master: Imported Translations from Zanata https://review.opendev.org/c/openstack/manila-ui/+/956227 | 11:10 |
opendevreview | Merged openstack/manila-ui master: Imported Translations from Zanata https://review.opendev.org/c/openstack/manila-ui/+/956227 | 12:00 |
opendevreview | Cuiye Liu proposed openstack/manila master: Dell PowerScale: Rename Isilon to PowerScale in Manila Driver https://review.opendev.org/c/openstack/manila/+/952736 | 15:10 |
opendevreview | Merged openstack/manila master: sqlalchemy: Use built-in declarative https://review.opendev.org/c/openstack/manila/+/953758 | 19:47 |
opendevreview | Merged openstack/devstack-plugin-ceph master: move ceph jobs to debian 12 https://review.opendev.org/c/openstack/devstack-plugin-ceph/+/955714 | 21:29 |
opendevreview | Merged openstack/manila-tempest-plugin master: Fix share type used in negative quota test https://review.opendev.org/c/openstack/manila-tempest-plugin/+/956046 | 22:37 |
opendevreview | Merged openstack/manila master: Make create_service_share_servers wait until VM is created https://review.opendev.org/c/openstack/manila/+/954112 | 22:37 |
*** tosky_ is now known as tosky | 22:50 |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!