20:01:31 <redrobot> #startmeeting barbican
20:01:31 <openstack> Meeting started Mon Mar  2 20:01:31 2015 UTC and is due to finish in 60 minutes.  The chair is redrobot. Information about MeetBot at http://wiki.debian.org/MeetBot.
20:01:32 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
20:01:34 <openstack> The meeting name has been set to 'barbican'
20:01:38 <redrobot> #topic Roll Call
20:01:48 <elmiko> yo/
20:02:14 <kfarr> o/
20:02:28 <reaperhulk> o/
20:02:33 <arunkant> o/
20:02:37 <woodster_> o/
20:05:24 <redrobot> ok, _some_ barbicaneers here today!
20:05:27 <reaperhulk> ha
20:05:28 * redrobot is not a robot
20:05:55 <kfox1111> sounds like something a robot would say... ;)
20:05:59 <redrobot> as usual our agenda can be found here:
20:06:02 <jvrbanac> o/
20:06:04 <redrobot> #link https://wiki.openstack.org/wiki/Meetings/Barbican
20:06:13 <redrobot> #topic Action Items
20:06:26 <redrobot> #link http://eavesdrop.openstack.org/meetings/barbican/2015/barbican.2015-02-23-20.00.html
20:06:44 <redrobot> tsv and arunkant don't seem to be here, so I'll skip them
20:06:59 <redrobot> #action tsv arunkant to review per-secret-policy for Kilo
20:07:26 <redrobot> woodster_ have you had a chance to talk to Jarret about compliance concerns if we switch to hard deletes?
20:08:03 <woodster_> not yet, I think he's going to be busy for the next few weeks but will try to get ask him
20:08:16 <redrobot> woodster_ ok, i'll put this back in the queue
20:08:32 <redrobot> #action woodster_ to reach out to Jarret about compliance concerns if we switch to hard deletes
20:08:44 <redrobot> woodster_ also had a note here to get an update on Order sub-status
20:09:24 <redrobot> #link https://review.openstack.org/#/c/157565/
20:09:46 <woodster_> One +2, two +1s :)
20:10:17 <redrobot> woodster_ is this the CR that implements https://blueprints.launchpad.net/barbican/+spec/add-worker-retry-update-support ?
20:10:22 <woodster_> Reviews appreciated
20:10:26 <arunkant> redrobot, for per-secret-policy update. After discussing with alee, I have started worked on it.. Will have better update next week (based on development status)
20:10:39 <alee> arunkant, yay :)
20:10:55 <dave-mccowan> o/
20:10:56 <redrobot> arunkant awesome! I'll ask again next week. :)
20:11:01 <arunkant> ok
20:11:07 <woodster_> oh know that is different. This one just connects the task processing to the sub-status field on the order, and logic as to wheter the order stays PENDING or not
20:11:21 <woodster_> it is needed for the retry work
20:11:56 <woodster_> So sub-status CR, then the retry CR(s) will be coming
20:11:59 <redrobot> woodster_ I see... and are you still planning on implementing the spec?  I think we agreed that a Rackspace dev would do that for Kilo?
20:12:20 <woodster_> I can work on that as a 'background' task :)
20:12:38 <redrobot> woodster_ hehe, ok.  I'll keep you as the assigned person on that BP then.
20:12:54 <woodster_> yes, planning to have retries still for kilo
20:13:08 <redrobot> and lastly, I had an action item that I totally forgot about
20:13:09 <redrobot> so
20:13:18 <redrobot> #action redrobot to add Castellan to global-requirements
20:13:26 <redrobot> ok, moving on
20:13:30 <redrobot> #topic Kilo-3
20:13:52 <redrobot> #link https://launchpad.net/barbican/+milestone/kilo-3
20:14:25 <redrobot> also
20:14:30 <redrobot> #link https://wiki.openstack.org/wiki/Kilo_Release_Schedule
20:14:43 <redrobot> I should point out that this Thursday is the last day to propose Kilo features
20:15:21 <redrobot> after Thursday, new and unapproved specs will move to Liberty
20:16:09 <redrobot> so, one thing that Thierry recommended was to try to have all code CRs submitted two weeks in advance of the Feature freeze
20:16:25 <redrobot> which would also be this Thursday.
20:16:48 <redrobot> I think it's worth considering to give ourselves about two weeks to iterate on CRs for Kilo
20:17:29 <redrobot> kfarr do you know if there's any outstanding work for the Content-Types spec?
20:17:33 <kfox1111> Is my spec considered for Kilo at this point?
20:18:04 <kfarr> redrobot There's a few merge requests open
20:18:17 <kfarr> https://review.openstack.org/#/c/157410/
20:18:18 <redrobot> kfox1111 yes, if we can get it landed by Thursday... but I think Liberty is more likely
20:18:32 <kfarr> ^^ Fixed Binary Encoding to Secret Stores -- a blocking bug
20:18:36 <kfarr> and
20:18:41 <kfox1111> k. :/
20:19:01 <kfarr> https://review.openstack.org/#/c/160444/  Standardized Secret Encoding where the main logic is
20:19:40 <kfarr> If I understand correctly, these two will finish up content types
20:19:43 <redrobot> kfarr could you add Implements: blueprint content-type (or Related: blueprint content-types)
20:19:49 <redrobot> kfarr to the commit messages
20:20:04 <igueths> Hi all.
20:20:15 <redrobot> it's how they're linked to Launchpad.  I didn't see any open reviews linked in LP, so I thought we didn't have any.
20:20:32 <kfarr> redrobot Ah, yes. I will do that, or have Nate do that
20:20:39 <redrobot> kfarr thanks!
20:20:53 <woodster_> BTW I've added a number of certificate related specs out there...the idea was to get them in for folks to look at before Liberty ideally, so we could start work on them in Liberty more quickly
20:21:11 <kfarr> Once those are merged, then we can work on asymmetric key support
20:21:21 <redrobot> alee Common Cert API still needs code reviews, yes?  Any pending CRs?
20:21:25 <kfarr> which Nate posted the spec for, as well: https://review.openstack.org/#/c/160449/
20:23:31 <alee> redrobot, yes - I need to revisit shortly
20:23:58 <alee> there are some CR's for idetifying ca's that are out there , but need to be revised based on the CR's I've landed
20:24:09 <alee> wil try to get those out this week
20:24:17 <redrobot> alee awesome
20:25:11 <alee> redrobot, how are we doing on the dogtag gate job?  would be nice to get that going to test out the cert api and content type chanegs?
20:26:05 <redrobot> alee good question.... I'll get to it in a sec
20:26:35 <redrobot> I think that about covers Kilo-3.  So if you've got time, please, please, please review CRs linked to our outstanding BPs
20:26:58 <redrobot> I would especially like to see teh Common Cert API for K-3
20:27:16 <redrobot> #topic DogTag gate job
20:27:34 <redrobot> so you may have noticed me leaving "check experimental" comments on your CRs
20:27:54 <redrobot> that's the way to trigger the DogTag gate while we iron out the kinks
20:28:06 <redrobot> it's running DevStack in a Fedora 21 box
20:28:12 <redrobot> and configuring the DogTag plugin
20:28:18 <redrobot> and then running the functional test suite
20:28:40 <redrobot> unfortunately it turns out that the script does not run with elevated privileges, which we had assumed during the mid-cycle
20:28:50 <redrobot> so I need to refactor all the bash to be able to sudo install things
20:29:46 <alee> redrobot, any timeline on when that'll be done by?
20:30:03 <redrobot> I'm hoping to get to it today/this week
20:30:41 <redrobot> good news is all the Infra config is there, so we don't need to wait on infra reviews anymore
20:30:43 <alee> redrobot, awesome -- let me know if you get stuck/need help.  I'd really like to see how content types affects the dogtag gate
20:31:14 <redrobot> ok, moving on
20:31:22 <redrobot> #topic 100% Code Coverage
20:31:27 <redrobot> woodster_ did you add this topic?
20:31:30 <woodster_> I added that one
20:31:46 <woodster_> just curious how we might tackle that
20:32:08 <woodster_> the paper-cut/wishlist bugs route seems reasonable to me
20:32:23 <woodster_> do we want 100% coverage in Kilo though?
20:32:32 <redrobot> I wonder if jvrbanac has any ideas on this?
20:32:54 <redrobot> woodster_ sure we want it, but I doubt it's doable. :-\
20:32:56 <woodster_> we have been trying to get at least the crypto package to 100% (it is less than that now)
20:33:24 <redrobot> #help We need brave souls to jump into the test code and improve our coverage
20:33:43 <jvrbanac> redrobot, I think we need to spend some time removing some of our mocking
20:33:49 <woodster_> yeah, it was more for the jaosorior's out there that have a bit of spare time to work on things :)
20:34:39 <elmiko> is there a blueprint talking about the improved test coverage, or another way to help guide folks on getting involved?
20:35:02 <redrobot> elmiko I think that's what woodster_  is asking about... how to get folks involved?
20:35:34 <elmiko> i'd like to help write some tests, but i'll probably need some direction on what needs implementing and whatnot
20:35:35 <redrobot> elmiko but it seems more of a bug than a new feature to me...  maybe wishlist bugs is the right spot to advertise this?
20:35:53 <elmiko> redrobot: wishlist bugs sounds nice, that would help
20:36:07 <woodster_> that's what I was thinking...to make this more bite sized (and CRs more bite sized too)
20:36:14 <elmiko> woodster_: +1
20:36:55 <redrobot> #agreed file wishlist bugs for modules that need increased code coverage
20:37:07 <redrobot> we also haven't revisited the coverage gate in a while
20:37:15 <redrobot> as of today it's still non-voting
20:37:29 <redrobot> how do we feel about turning it into a voting gate?
20:37:37 <redrobot> reaperhulk jvrbanac ^^
20:37:37 <woodster_> it isn't always reliable though
20:37:55 <reaperhulk> I don't think it should be a voting gate still
20:38:00 <redrobot> woodster_ how so?  too many false positives?
20:38:06 <woodster_> I've seen more than once where it says lines are missing that appear covered by testing
20:38:55 <woodster_> it is still a useful gate to scrub out 99% of the uncovered lines.
20:39:15 <jvrbanac> redrobot, woodster_, yeah... lets avoid the voting part for now. We're making steady coverage improvement as is.
20:39:32 <redrobot> #agreed coverage gate should continue to be non-voting
20:39:41 <redrobot> anything else on this topic?
20:40:07 <jvrbanac> As a side note, we're up to 88%
20:40:08 <jvrbanac> w00t!
20:40:21 <redrobot> woot woot!  (as lisaclark1 would say)
20:40:29 <chellygel> +1 :D
20:40:37 <redrobot> ok, moving on
20:40:38 <jvrbanac> Much better than when we started this last summer
20:40:49 <woodster_> +1
20:41:05 <redrobot> #topic VM integration
20:41:07 <redrobot> #link https://review.openstack.org/#/c/159571/
20:41:46 <redrobot> It's an interesting use case, but there are some aspects of the BP that I don't think belong in Barbican
20:42:44 <redrobot> I think landing this in Kilo would be a stretch... so we may want to consider this a Liberty BP.
20:43:37 <redrobot> has anyone gotten a chance to review the spec?
20:44:06 <jvrbanac> not yet. redrobot, considering the proposal freeze is in a couple days.
20:44:13 <woodster_> kfox1111, ^^^^ in case you are still in this IRC (you had mentioned having meeting conflicts)
20:44:25 <jvrbanac> I'm not sure the spec is gonna land that quick
20:45:08 <woodster_> yeah, and it is blueprint + code CRs needed by Thursday too
20:45:10 <redrobot> jvrbanac
20:45:13 <redrobot> jvrbanac agreed
20:45:32 <redrobot> we'll punt on it until after k-3
20:45:39 <jvrbanac> redrobot, +1
20:45:57 <redrobot> ok, guys, that's all I have in the Agenda
20:46:05 <redrobot> any other topics we need to discuss?
20:47:18 <woodster_> Just noting there are security tests being worked on now
20:47:27 <elmiko> i have an update from sahara
20:47:48 <elmiko> my spec for barbican integration is approved, and it looks like i'll land the code in k-3
20:47:49 <kfarr> If anyone has time, please review the merge request to add cinder's keymgr code to Castellan https://review.openstack.org/#/c/148742/
20:47:54 <redrobot> #topic Sahara integration
20:48:09 <redrobot> elmiko woot!  that' is awesome news
20:48:09 <elmiko> redrobot: hehe, cool!
20:48:22 <woodster_> elmiko, can you link to the CR again?
20:48:31 <elmiko> sure, 1sec.
20:48:50 <elmiko> https://review.openstack.org/#/c/157432/
20:48:53 <elmiko> that's the spec
20:48:59 <elmiko> code review will be up soon
20:49:07 <kfox1111> woodster_: yeah, I'm here sort of.
20:49:23 <kfox1111> The meeting thing said it was at 1:00pm pst, not 12:00pm pst.
20:49:36 <elmiko> basically once our barbican wrapper is in place, we'll start off-boarding all stored passwords to barbican
20:49:59 <redrobot> elmiko are you planning to use Castellan as a "barbican wrapper" or are you rolling your own?
20:50:20 <elmiko> we're gonna start with rolling our own, but i'd like to move to castellan
20:50:24 <redrobot> kfox1111 this meeting is always at 2000 UTC.
20:50:31 <elmiko> i'm writing our wrapper to be tolerant of that switch
20:50:57 <kfox1111> http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000
20:50:58 <elmiko> so really, we have an internal api that can wrap around whatever we need to use for a key manager
20:51:05 <kfox1111> <- says 1:00pm for me.
20:51:39 <kfox1111> thats the link given at: https://wiki.openstack.org/wiki/Meetings/Barbican
20:51:39 <elmiko> currently our need is to just get passwords out of our database
20:51:47 <redrobot> kfox1111 http://time.is/UTC
20:52:12 <kfox1111> yeah. the website your pointing at is broken.
20:52:16 <redrobot> kfox1111 seems that website is wrong... I'll update the link to a non-crappy website
20:52:39 <kfox1111> thanks. :)
20:52:45 <alee> redrobot, rm_work - whats the status of the cert stuff vis a vis castellan?  has rm_work given up?
20:53:10 <reaperhulk> Haha, timeanddate.com isn't wrong, it just says CDT/PDT when it should say CST/PST right now since that's what we're on
20:53:15 <reaperhulk> (so not wrong, but useless)
20:53:20 <elmiko> lol
20:53:22 <dave-mccowan> website points to 12:00pm PDT  (but it's currently PST)    i've gotten bitten by that too
20:53:42 <redrobot> alee yeah, I think rm_work has given up for Kilo, may revisit in Liberty
20:53:51 <alee> redrobot, ok
20:54:05 <rm_work> yeah :(
20:54:13 <redrobot> alee rellerreller had agreeed to add a Certificate type to the Castellan interface, but it's not quite what rm_work  wanted, so I think it's all on hold
20:54:32 <rm_work> yeah we're going to revisit our requirements around that in Liberty
20:54:45 <rm_work> but I didn't see a point in forcing something in that we wouldn't even use
20:55:03 <alee> rm_work, you almost had me convinced with a pkcs12 type thing.
20:55:05 <woodster_> Maybe we need an extensions/contrib for castellan for optional features like the cert grouping
20:55:12 <rm_work> yeah, I could maybe have gotten that to work
20:55:25 <rm_work> but the priority on it is low enough that I had to peel off and work on other stuff
20:55:26 <redrobot> I agree the PCKS12 story seemed interesting
20:55:43 <alee> rm_work, but I look forward to another round at the summit
20:55:57 <rm_work> heh
20:56:00 <rm_work> we'll see :P
20:57:20 <redrobot> ok, that'll wrap it up for this week
20:57:24 <redrobot> thanks everyone for coming
20:57:28 <redrobot> #endmeeting