20:00:08 <redrobot> #startmeeting barbican
20:00:09 <openstack> Meeting started Mon Mar 28 20:00:08 2016 UTC and is due to finish in 60 minutes.  The chair is redrobot. Information about MeetBot at http://wiki.debian.org/MeetBot.
20:00:10 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
20:00:12 <openstack> The meeting name has been set to 'barbican'
20:00:14 <redrobot> #topic Roll Call
20:00:16 <edtubill> o/
20:00:22 <mp1> o /
20:00:23 <silos> \o/
20:00:28 <woodster_> o/
20:00:29 <diazjf> o/
20:00:36 <kfarr> o/
20:00:52 <asingh> o/
20:01:55 <randallburt1> o/
20:02:13 <redrobot> as usual the agenda can be found here:
20:02:15 <redrobot> #link https://wiki.openstack.org/wiki/Meetings/Barbican#Agenda
20:03:06 <redrobot> #topic Release Candidate 2
20:03:23 <redrobot> We found a critical bug in the database migrations
20:03:30 <redrobot> #link https://bugs.launchpad.net/barbican/+bug/1562091
20:03:30 <openstack> Launchpad bug 1562091 in Barbican "Wrong table name in alembic version" [Critical,Fix released] - Assigned to Christopher Solis (cnsolis)
20:03:32 <arunkant> o/
20:03:43 <maxabidi> o/
20:03:47 <redrobot> the fix was merged, and I think we're ready to release an RC2
20:04:02 <redrobot> many thanks to silos for the fix
20:04:26 <silos> redrobot: np. After that fix we can now test alembic in the gate forever now. No more worrying about this in the future
20:05:30 <redrobot> any questions/comments about RC2 ?
20:06:16 <redrobot> okay, let's move on
20:06:20 <redrobot> #topic Secret User Metadata Quotas
20:06:29 <redrobot> Project Quotas vs. Secret Quotas ?
20:06:41 <redrobot> diazjf your topic?
20:07:01 <diazjf> redrobot, ok so I am creating quotas for Secret User metdata
20:07:14 <diazjf> my question is should they be per project or per secret
20:08:00 <diazjf> Per Secret seems to make sense, but I'm thinking of a company charging for total metadata per project.
20:08:00 <kfarr> diazjf, do you mean *or per user?
20:08:05 <redrobot> I think maybe per secret makes sense
20:08:33 <redrobot> kfarr I think all quotas are per-project?
20:08:34 <kfarr> oh nm
20:08:41 <diazjf> kfarr, no worries
20:08:46 <jmckind> o/
20:08:55 <redrobot> I agree per-secret seems to make sense.
20:09:15 <diazjf> redrobot, ok yeah per project its too spread out
20:09:25 <diazjf> Just wondering before I decide to code it up
20:09:38 <redrobot> total metadata limit per project would be max_secrets * max_meta_per_secret
20:10:12 <diazjf> redrobot sounds good
20:10:31 <redrobot> #agreed metadata quotas should be set at the secret level
20:11:22 <redrobot> ok, moving on
20:11:27 <redrobot> #topic Bug: Incorrect Error Code when Passing Accept Header on a Secret GET
20:11:34 <diazjf> Also mine
20:11:38 <redrobot> #link https://bugs.launchpad.net/barbican/+bug/1561701
20:11:38 <openstack> Launchpad bug 1561701 in Barbican "Incorrect Error Code when Passing Accept Header on a Secret GET" [Medium,In progress] - Assigned to Fernando Diaz (diazjf)
20:11:41 <woodster_> redrobot: max_secrets * max_...  or current_num_secrets * current_meta_in_project > max_meta?
20:12:17 <woodster_> redrobot: can move on, catch up in IRC
20:12:57 <redrobot> woodster_ no prob.... it would depend on what the company is charging for.
20:13:05 <redrobot> diazjf go ahead
20:13:31 <diazjf> So theres a Bug that if you pass the accept header with text/plain or application/octet-stream you get a 500.
20:14:31 <diazjf> currently it tries to get a payload on GET secrets.{uuid}
20:14:46 <diazjf> when according to the API should only get the metadata
20:15:07 <diazjf> and on GET secrets/{uuid}/payload should get the payload
20:15:13 * redrobot hides from content-type discussions
20:15:21 <woodster_> diazjf: and that's only if no payload correct? If there is a payload then could decrypt
20:15:37 <diazjf> woodster_ correct
20:15:44 * woodster_ I forgot! hiding too...
20:15:50 <elmiko> o/
20:16:00 <redrobot> oh so like after step 1 of a two-step secret store
20:16:15 <diazjf> redrobot yup
20:16:23 <woodster_> diazjf: what does get secrets/.../payload return if there is no payload? 404?
20:17:04 <diazjf> woodster_ we get a 500 StorePluginNotAvailableOrMisconfigured
20:17:33 <diazjf> So I wanted to step1 change so that you only get a payload when doing GET /payload
20:17:36 <diazjf> else metadata
20:17:37 <woodster_> diazjf: :\
20:18:01 <woodster_> diazjf: would you be up for adding more functional tests to verify that fixed behavior?
20:18:28 <redrobot> that breaks backwards compat with early releases of Barbican :-\
20:18:41 <redrobot> I think the correct backwards-compatible response should be 406 Not Acceptable
20:18:48 <woodster_> diazjf: I'm not sure about /payload returning the secret metadata...that is distinct from the secret's payload to me
20:18:49 <alee> o/
20:19:05 <redrobot> after step 1
20:19:21 <randallburt> redrobot:  why not 404? its not there, right?
20:19:25 <diazjf> woodster_ so /payload would return payload, and secrets/uuid will only return metadata
20:19:34 <woodster_> redrobot: do you mean on a /payload call with no payload return 406?
20:19:36 <diazjf> I proposed my step 1 is https://review.openstack.org/#/c/297820/
20:19:49 <redrobot> I think a GET to /payload should return 404
20:20:07 <redrobot> and a GET to /secrets/{uuid} with 'application/json' or no accept should return the metadata
20:20:33 <redrobot> and a GET to /secrets/{uuid} with text/plain or app/octet should return 406 not acceptable
20:20:38 <redrobot> randallburt ^^
20:20:42 <randallburt> redrobot:  and any other content-type return 406?
20:20:51 <randallburt> redrobot:  right
20:21:00 <woodster_> redrobot: agreed
20:21:32 <diazjf> redrobot, woodster_, +1
20:21:41 <randallburt> yep, makes sense to me
20:21:41 <diazjf> Just wanted to know before I start working on it
20:21:46 * woodster_ the ghost of content-types is still lingering after 2.5+ years
20:21:50 <redrobot> awesome... agreement all around. :D
20:22:11 <redrobot> woodster_ yup... and rellerreller and I have threatened to bring them back in v2 ;)
20:22:25 <elmiko> lol
20:22:49 <woodster_> redrobot: (╯°□°)╯︵ ┻━┻
20:23:04 * redrobot lols
20:23:07 <silos> lol
20:23:27 <redrobot> I think we're all in agreement for the fix
20:23:38 <diazjf> ___
20:23:38 <diazjf> _/ ..\
20:23:38 <diazjf> ( \  0/__ Booo I am the ghost of content-types
20:23:38 <diazjf> \    \__)
20:23:38 <diazjf> /     \
20:23:38 <diazjf> /      _\
20:23:38 <diazjf> `"""""``
20:23:47 <elmiko> haha
20:23:50 <redrobot> lmfao
20:23:53 <woodster_> diazjf: nice!
20:24:15 <redrobot> ok, moving on
20:24:51 <redrobot> #topic Austin Summit Planning
20:25:34 <redrobot> #link https://etherpad.openstack.org/p/newton-barbican-design-sessions
20:26:32 <redrobot> Just a reminder that we have an etherpad for session planning
20:26:51 <diazjf> rellerreller's talk got accepted https://www.openstack.org/summit/austin-2016/summit-schedule/events/7229?goback=1
20:26:53 <redrobot> looks like we'll have 2 fishbowls, a few design sessions and 1 half-day meetup
20:27:02 <redrobot> woot!  contrats rellerreller !!!
20:27:21 <woodster_> +1
20:29:01 <redrobot> I think that's all we have on the agenda for today
20:29:05 <redrobot> #topic Open Discussion
20:30:13 <redrobot> Bueller?
20:30:30 <silos> patch just needs a workflow: https://review.openstack.org/#/c/298329/
20:30:59 <arunkant> can this host_href change be reviewed https://review.openstack.org/#/c/282581/ . It has been pending for review for a while.
20:31:32 <silos> redrobot: thanks!
20:33:50 <redrobot> diazjf do you think you can get a fix for that bug in the next few days?  I think we may want to include it in RC2
20:34:21 <diazjf> redrobot, yeah I'll let you know by tomorrow if I have time
20:34:29 <redrobot> diazjf awesome, thanks
20:34:37 <diazjf> redrobot, np
20:34:49 <redrobot> #help need core reviewers for https://review.openstack.org/#/c/282581/
20:35:00 <redrobot> anything else?
20:35:06 <redrobot> if not we can have 25 min back
20:36:17 <redrobot> alright then, y'all.  thanks for coming!
20:36:21 <redrobot> #endmeeting