20:05:47 <dave-mccowan> #startmeeting Barbican
20:05:48 <openstack> Meeting started Mon Aug 31 20:05:47 2015 UTC and is due to finish in 60 minutes.  The chair is dave-mccowan. Information about MeetBot at http://wiki.debian.org/MeetBot.
20:05:49 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
20:05:51 <openstack> The meeting name has been set to 'barbican'
20:06:02 <dave-mccowan> #topic Roll Call
20:06:04 <alee> dave-mccowan, you chairing?
20:06:11 <rellerreller_> o/
20:06:13 <silos1> \o/
20:06:17 <arunkant> o/
20:06:17 <alee> o/
20:06:18 <jkf> o/
20:06:21 <woodster_> o/
20:06:22 <dave-mccowan> i guess so.  i just tried to see if it would work.  I didn't expect it would. :-)
20:06:22 <diazjf> o/
20:06:38 <rellerreller_> I smell a coup
20:06:47 <alee> dave-mccowan, congrats -- you have been chaired
20:06:56 <chellygel> sorry guys!
20:06:58 <kfarr> o/
20:06:59 <dave-mccowan> rellerreller_ quotas. quotas for everyone.
20:06:59 <hockeynut> o/
20:07:08 <rellerreller_> haha
20:07:14 <alee> rellerreller_, is it a coup when no one else volunteers?
20:07:25 <chellygel> who kicked it off? i apologize
20:07:27 <chellygel> i'm the worst!
20:07:31 <hockeynut> evah
20:07:37 <woodster_> my kingdom for a quota!
20:07:55 <dave-mccowan> #chair chellygel
20:07:56 <openstack> Current chairs: chellygel dave-mccowan
20:08:09 <chellygel> does this mean they bring me a fancy leather seat?
20:08:22 <woodster_> fit for a queen!
20:08:37 <chellygel> dave-mccowan,  if you'd like to run the meeting, i'd be happy to let you
20:08:45 <alee> dave-mccowan, interesting -- can you be #de-chaired  ?
20:08:58 <dave-mccowan> alee meetingbot wars
20:09:15 <dave-mccowan> #topic action items from last week
20:09:33 <dave-mccowan> <read in the voice of redrobot>
20:09:48 <dave-mccowan> anyone have any update on an action item, or are they all redrobot's?
20:10:26 <jhfeng> o/
20:10:29 <dave-mccowan> #topic agenda
20:10:44 <dave-mccowan> as usual the agenda for this week can be found here:
20:10:53 <dave-mccowan> #link https://wiki.openstack.org/wiki/Meetings/Barbican#Agenda
20:11:11 <dave-mccowan> any items to add?
20:11:15 <rellerreller_> That is so like redrobot.
20:11:37 <chellygel> did you say, there's a lot of barbicaneers here? thats the critical piece :P
20:11:44 <dave-mccowan> i could just cut and paste last week's transcript.
20:11:55 <dave-mccowan> chellygel haha. i missed that line.
20:12:32 <dave-mccowan> #topic test frameworks
20:12:44 * dave-mccowan can take that one
20:13:18 <dave-mccowan> rellerreller_, hockeynut, and i were talking about some inconsistencies in test tools
20:13:31 * woodster_ Added a note about ACL reviews to the agenda
20:13:37 <rellerreller_> In the unit and functional tests we are using two different libraries.
20:13:50 <rellerreller_> We are using testtools for the unit tests and nose for the functional tests.
20:13:54 <hockeynut> also gate versus desktop dev environment
20:14:01 <dave-mccowan> most of the time we use testrools and testr.  in one case were using nosetests.
20:14:23 <dave-mccowan> is there any reason not to remove nosetests from tox -e functional?
20:14:53 <dave-mccowan> git blame says that jvrbanac add nosetests to tox.ini
20:15:39 <dave-mccowan> by using testr exclusively, we can have consistent attribute flags, consistent filtering, and maybe other stuff.
20:16:00 <rellerreller_> All of the attributes in functional tests are applied using testtools.attr, but those attributes are ignored by nose.
20:16:25 <rellerreller_> You can see in the code that they do something similar to our parameterized tests. They add an attribute to the function object.
20:16:39 <rellerreller_> For nose the attribute is inspected at runtime while testtools uses it modify the function name when doing a list operation. Then the developer passes a regex to ignore or invoke tests with an attribute by filtering the test name lists.
20:16:58 <rellerreller_> https://github.com/nose-devs/nose/blob/master/nose/plugins/attrib.py#L114
20:17:05 <rellerreller_> https://github.com/testing-cabal/testtools/blob/master/testtools/testcase.py#L829
20:17:33 <rellerreller_> So basically all the functional test attributes will not work.
20:18:28 <dave-mccowan> without objections, i'll open a bug to convert all things nose to testtools.
20:18:42 <rellerreller_> +1
20:19:07 <dave-mccowan> #action dave-mccowan open bug to cut off our nose
20:19:14 <hockeynut> dave-mccowan yes, gives folks who have a strong opinion one side or the other a place to express it
20:19:54 <dave-mccowan> #topic Merge requirements
20:20:03 <rellerreller_> I added this one
20:20:19 <rellerreller_> I was wondering what the status of this is.
20:20:38 <diazjf> rellerreller, I'll take on that bug, since I have done pervious things with tox
20:20:46 <rellerreller_> Did redrobot talk with other Rackers about this? Can we do only 2 +2s?
20:21:03 <woodster_> what is the merge about again?
20:21:15 <rellerreller_> It's not about a specific merge.
20:21:33 <hockeynut> is it because we basically require three +2s?  two for review and 1 for merge?
20:21:36 <rellerreller_> redrobot proposed changing policy to only require 2 +2s before workflowing code.
20:21:41 <woodster_> oh, the +2/workflow policy got it
20:22:02 <rellerreller_> I know that I could use that now.
20:22:14 <diazjf> I like that idea
20:22:21 <woodster_> ...so +2 follwed by a combined +2/workflow, correct?
20:22:27 <rellerreller_> https://review.openstack.org/#/c/212579/ has seen no love for a week now :(
20:22:32 <dave-mccowan> in barbican-main, i rarely have a challenge finding a third approval.  it's the first one that's the slowest. :-)
20:22:32 <alee> yup
20:23:11 <hockeynut> + oo
20:23:24 <rellerreller_> Barbican main is not as bad, but KMIP is hard to find reviewers.
20:23:34 <alee> rellerreller_, woodster_ the caveat of course being that three +2's are required for security impact fixes as well as those indicated as Barbican Impact
20:23:43 <diazjf> https://review.openstack.org/#/c/196876/ for a while. :-(
20:23:46 <rellerreller_> Castellan is also slow for reviews. kfarr has patch that needs love as well.
20:24:19 <kfarr> Yes!  :( It's a little lonely over on the Castellan review page
20:24:22 <alee> Barbican Impact means that the reviewers or submitter thinks that the patch merits a thrid reviewer
20:24:25 <rellerreller_> alee correct. We had discussed that.
20:24:38 <alee> rellerreller_, yup just summarizing ..
20:24:57 <alee> rellerreller_, so do we have a quorum to vote on this?
20:25:00 <rellerreller_> alee thanks!
20:25:02 <alee> woodster_, ?
20:25:17 <rellerreller_> I say we vote now while the PTL has no say!
20:25:26 <kfarr> This is a coup after all
20:25:30 <woodster_> I'm fine with a two step for non Barbican Impact CRs (vs the usual 3 step)
20:25:40 <alee> I think redrobot is in favor of this ..
20:25:44 <alee> +2 for me
20:25:51 <rellerreller_> alee I agree
20:25:56 <rellerreller_> +2 for me
20:26:10 <diazjf> +1
20:26:16 <woodster_> +2/workflow for me
20:26:27 <hockeynut> workflow does seem to be more of a formality (even though it shouldn't really be).  +2 here
20:26:59 <dave-mccowan> #agreed
20:27:05 <alee> I think we're good then -- is the new policy written up somewhere?
20:27:25 <woodster_> so did we discuss when the Barbican Impact flag should be used? :)
20:28:27 <dave-mccowan> i've seen other projects with the process details written up in a file in the repo
20:28:58 <alee> woodster_, I think we can leave that somewhat undefined for now -- and expect folks to use best judgement.  If we think something is quite impactful, or quite large, then BarbicanImpact
20:29:11 <alee> if need be, we can tighten up the rules
20:29:48 <rellerreller_> I think members of core should start to identify and -2 until flag is added or debated on IRC if should be there.
20:30:01 <rellerreller_> That way nothing sneaks in
20:30:14 <dave-mccowan> or a core could give a +1 instead of a +2
20:30:40 <alee> yes - thats maybe a little friendlier
20:30:52 <alee> rellerreller_, core giving -2 stops a review I think ..
20:30:52 <rellerreller_> I learned today that Cinder only requires 1 +2 for small patches, like changes to documentation
20:31:25 <alee> rellerreller_, incremental steps :) lete go from 3->2 first :)
20:31:25 <rellerreller_> alee that would be a bummer :(
20:31:52 <rellerreller_> I'm planting the seed now.
20:32:09 <rellerreller_> We can vote again later on that.
20:32:14 <dave-mccowan> any last words before moving on?
20:32:37 <alee> I would request that if a core does suggest Barbican Impact, that they be responsive and provide one of those reviews.
20:32:47 <alee> that would be polite ..
20:33:50 <alee> so - only action I think would be for PTL to decide if we need to write this up
20:33:58 <alee> (and to do it if so)
20:34:16 <dave-mccowan> if we can find a way to speed up the first review, that would help even more i think.  maybe each blueprint has a "core sponsor" or each core has an area of ownership that implies an SLA with respect to reviews?
20:34:39 <dave-mccowan> #action redrobot document new streamlined workflow process
20:34:59 * hockeynut is heading over to ACC to pick up kid (mine, not just a random one)
20:35:11 <dave-mccowan> #topic Liberty-3 milestone
20:35:54 <dave-mccowan> I hoping for the Quotas Blueprint to land this week before liberty 3.  i have 4 outstanding CRs with code that makes the BP feature complete.
20:36:14 <alee> hey - when is liberty-3?
20:36:19 <dave-mccowan> i appreciate all the reviews to date, and hope to get a few more to land everything before the milestone.
20:36:41 <dave-mccowan> the web pages say Sept 1 to 3.  Not sure what that means.  I'd like a date and time. :-)
20:36:56 * rellerreller_ quietly leaves the meeting
20:37:19 <dave-mccowan> are there any other patches that need to land before the milestone?
20:37:46 <kfarr> Castellan please :) https://review.openstack.org/#/c/208569/
20:37:46 <alee> dave-mccowan, well - there is a whol subca's feature
20:37:54 <alee> which I'm working on right now
20:38:12 <dave-mccowan> chellygel what about the modify container patch?
20:38:13 <alee> thought I had a little longer ..
20:38:24 <woodster_> arunkant's ACL stuff would be good to get traction on
20:38:28 <arunkant> there are ACL reviews as well..
20:38:48 <alee> so yeah, expect a bunch of patches coming tommorow and the next few days
20:38:54 <woodster_> #link https://review.openstack.org/#/c/208343
20:39:12 <woodster_> ^^^ that's the one that settles on the CLI and python client ACL usage
20:39:39 <dave-mccowan> i thought castellan and barbican-client might have a different cycle.  does anyone know for sure?
20:39:46 <woodster_> arunkant has been diligently tweaking it since the mid cycle
20:39:57 <alee> woodster_, chellygel - looking to you guys especially for subca reviews
20:40:33 <woodster_> alee: sounds good
20:40:49 <woodster_> dave-mccowan: you are probably right about that
20:42:07 <dave-mccowan> #action everyone spend some time on reviews early this week.
20:42:57 <dave-mccowan> here is the base of the quotas CR chain.  first of four.  https://review.openstack.org/#/c/216253/
20:43:13 <dave-mccowan> #topic /v2/orders API
20:43:54 <dave-mccowan> alee, jvrbanac ^^
20:44:31 <alee> so - there was much discussion at the midcycle about creating a v2 for certificates
20:44:39 <woodster_> Yeah, so we went over /v2/certificates at the midcycle.
20:45:01 <alee> for orders as well -- but the changes for that are much less extensive
20:45:31 <alee> woodster_, I thought jvrbanac was tasked with writing up the initial proposal as a spec or otherwise
20:46:17 <woodster_> It seems like the evolution was /v1/orders  --> /v2/certificates for certificate orders, but making them optional/feature-flag configurable, and then long term considering separating the certificate part off into its own project
20:46:18 <alee> (based on what we discussed at the midcycle)
20:47:10 <alee> woodster_, well - I'm not so sure about the splitting off into its own project
20:47:17 <woodster_> we've been heavily involved in the internal deployment process here, so not much traction on that yet. We should try to get that off the ground soon though. I'll bring it up at our planning sessions tomorrow
20:47:53 <woodster_> alee: yeah, this is just something that was discussed as a possibility...i.e. to be discussed at Tokyo for sure
20:48:25 <woodster_> alee: /v2 doesn't require or recommend a separate project for sure
20:48:50 <alee> woodster_, sure - either way, if we want to make traction on this in M, it would be nice at least have a v2 spec to start hammering at by Tokyo.
20:48:59 <alee> as a basis for discussion
20:49:38 <alee> woodster_, as well as separately a spec on migration strategy
20:49:38 <woodster_> alee: agreed
20:50:15 <woodster_> We also talked about /v2 bringing in synchronous generation of asymmetric and symmetric keys
20:50:34 <woodster_> ...so yet another spec perhaps?
20:51:14 <alee> woodster_, well - perhaps there are two v2 specs here -- one for certs and one for v2 secret api
20:51:35 <woodster_> I recall redrobot wanted /v2/certificates to be backwards compatible to /v1/orders, so that would be part of that /v2/certs spec I think
20:51:54 <woodster_> alee: yeah that makes sense
20:52:25 <alee> woodster_, sure - so long as its addressed.  It might be easier to iterate on as a separate doc though - as I suspect that will be contentious
20:52:39 <dave-mccowan> the the resource is "certificates", couldn't it be /v1/certificates ?
20:53:06 <alee> dave-mccowan, except that we're deprecating parts of v1/orders
20:53:41 <woodster_> I think the last issue was with certificate containers...right now certs and intermediates are encrypted like any other secret. It was pointed out that this could be wasteful of crypto resources. So we discussed putting cert/intermediate info on the /v2/certificates resource, or else introducing a flag on secrets to indicate they are not stored encrypted in
20:53:41 <woodster_> Barbican
20:53:43 <alee> dave-mccowan, v2 makes sense in that you must use v2/orders with v2/certificates
20:54:25 <woodster_> ...we could just sign them to verify they aren't tampered with
20:54:29 <alee> woodster_, right -all part of the new API
20:55:01 <woodster_> so yeah, quite a bucket list of stuff to bike shed on up thru Tokyo
20:56:00 <dave-mccowan> is there an action item(s) with an owner(s) to start writing these draft specs?
20:56:17 <woodster_> dave-mccowan: you can put me down for now
20:56:32 <woodster_> ...unless someone wants to fight me for it!
20:56:59 <woodster_> yeah, I didn't think so :)
20:57:03 <dave-mccowan> #action woodster_ figure out plan for generating draft specs for tokyo hammering
20:57:39 <dave-mccowan> #topic any other business or beg for reviews for 3 minutes
20:57:43 <rm_work> https://review.openstack.org/#/c/217458/ merged so the experimental job is there now for testing https://review.openstack.org/#/c/167885/ -- just an FYI, not sure if we will be able to get this merged before Lib3 (don't want to break the gate for people on the home stretch)
20:58:30 <kfarr> One last Castellan patch before the next release!  woodster_ I updated based on your comments.  https://review.openstack.org/#/c/208569/
20:58:42 <woodster_> kfarr: I'll take a look
20:58:51 <kfarr> thank you!!
20:59:25 <dave-mccowan> time's up.  thanks everyone!
20:59:39 <dave-mccowan> #endmeeting