20:00:50 <dave-mccowan> #startmeeting barbican
20:00:51 <openstack> Meeting started Mon Jan  9 20:00:50 2017 UTC and is due to finish in 60 minutes.  The chair is dave-mccowan. Information about MeetBot at http://wiki.debian.org/MeetBot.
20:00:53 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
20:00:55 <openstack> The meeting name has been set to 'barbican'
20:01:05 <dave-mccowan> #topic roll call
20:01:10 <kfarr> \o/
20:01:41 <redrobot> o/
20:01:50 <dave-mccowan> Happy New Year Barbican!
20:01:50 <dave-mccowan> hi kfarr
20:01:52 <dave-mccowan> hi redrobot
20:02:10 <redrobot> 2017 is the year of the Barbican, I can feel it!!!
20:02:27 <diazjf> o/
20:02:50 <woodster_> @redrobot: it's about time!
20:02:56 <mathiasb> o/
20:03:50 <dave-mccowan> our agenda is in the usual spot:
20:03:51 <dave-mccowan> #link https://wiki.openstack.org/wiki/Meetings/Barbican
20:04:09 <dave-mccowan> #topic Castellan Release
20:04:31 <kfarr> Did someone ask for the release? I can cut the release
20:04:34 <dave-mccowan> kfarr, jaosorior asked if we could cut a new Castallan release.  what do you think?
20:04:38 <kfarr> Oh for sure
20:04:55 <dave-mccowan> thanks!
20:04:55 <kfarr> I was hoping to get some of my list features in, but I can do one now, and then another one later
20:05:50 <dave-mccowan> he was looking for  https://review.openstack.org/#/c/400234/ in particular
20:05:59 <dave-mccowan> moving on...
20:06:04 <dave-mccowan> #topic Tempest Testing
20:06:15 <dave-mccowan> does anyone have an update on this?
20:06:24 <kfarr> Dane asked me to ask for reviews
20:06:32 <kfarr> Marc Koderer's patch: https://review.openstack.org/#/c/418019/
20:06:37 <kfarr> Secrets API test: https://review.openstack.org/#/c/417468/
20:06:48 <dave-mccowan> dane, marc, kfarr and others have been submiting patches to a new repo for tempest tests.
20:07:15 <dave-mccowan> all cores: we need to add that repo to our watch list
20:07:33 <kfarr> ** Marc Koderer's patch: https://review.openstack.org/#/c/409725/
20:07:38 <alee> o/
20:07:50 <dave-mccowan> hi alee
20:07:52 <redrobot> for the record I'm not pleased with the code duplication in adding yet another thin client layer to the tempest repo
20:08:05 <redrobot> but apparently that's the "OpenStack Way"
20:08:27 <alee> dave-mccowan, heya!
20:09:26 <dave-mccowan> redrobot the QA team was pretty insistent that this was the way to do it.  marc and dane have been following their prescription to the letter.
20:10:20 <dave-mccowan> alee, did you catch the code review requests for the tempest testing repo?
20:10:21 <redrobot> dave-mccowan yep, just wanted to make sure I voiced my concerns.  I suppose there's not much we can do about it.
20:10:44 <dave-mccowan> redrobot cool.  noted.  i hate duplication too.
20:11:04 <dave-mccowan> #topic ocata work items
20:11:17 <dave-mccowan> #link  https://etherpad.openstack.org/p/barbican-tracker-ocata
20:12:03 <dave-mccowan> we're pretty light on new features for Ocata.  which is fine, we planned for Ocata to be a maturing cycle.
20:12:18 <dave-mccowan> the cross-project testing with tempest will help our stability.
20:12:32 <dave-mccowan> milestone-3 is in two weeks.  is there anything planned for it?
20:13:12 <redrobot> I'm working on adding UUIDs to our api.  mkoderer___ had started a patch, but he hasn't answered any of my comments on his patch in weeks, so I'm implementing an alternative patch.
20:13:43 <redrobot> iirc that was supposed to help with the tempest thin client
20:13:53 <redrobot> will also fix an annoying bug in python-openstacksdk
20:14:42 <dave-mccowan> redrobot awesome!  thanks!  give a shout when you need a code review.
20:15:12 <dave-mccowan> are there any other items that should be higher priority for Ocata that's not getting enough attention?
20:15:36 <redrobot> it would be good to make progress in the CA-features deprecation
20:15:48 <redrobot> I may have some time after the ID stuff
20:16:06 <redrobot> also can we add "Adding UUID IDs" to the agenda today?  I had a couple of questions about it.
20:16:42 <dave-mccowan> sounds good.  let's talk about both UUID IDs and CA-features deprecation.
20:16:50 <dave-mccowan> #topic Adding UUID IDs
20:17:15 <redrobot> right, so I'm working on that
20:17:24 <redrobot> first question is on the format of UUIDs
20:17:46 <redrobot> looks like we use UUID4 everywhere, which means our uuids have dashes in them
20:17:55 <redrobot> was playing with the keystone api and they use uuids without dashes
20:18:07 <redrobot> not sure which way we want to go with the new ID properties?
20:18:58 <redrobot> e.g. 51b4c166-af93-4c90-a4ac-f3b59e5c20e9 vs 51b4c166af934c90a4acf3b59e5c20e9
20:19:50 * redrobot hears crickets
20:20:32 <dave-mccowan> redrobot have you surveyed any other project on this?
20:20:35 <redrobot> I'm thinking probably with dashes so they can be used to build URLs?  Because urls will 404 without the dashes?
20:21:49 <kfarr> redrobot, I was thinking with dashes, too.  I didn't know keystone didn't use dashes
20:21:52 <dave-mccowan> looks like nova keeps the dashes
20:22:05 <redrobot> kfarr Keystone v3 doesn't
20:22:21 <redrobot> cool, sounds good to me
20:22:49 <dave-mccowan> +1 with dashes
20:22:52 <kfarr> it would be interesting to track down why they switched
20:23:06 <kfarr> +1 dashes
20:23:10 <redrobot> ok, next question
20:25:08 <redrobot> I'm not sure what a " new API extension" means in the context of api chagnes
20:25:10 <redrobot> *changes
20:25:15 <redrobot> #link https://specs.openstack.org/openstack/api-wg/guidelines/evaluating_api_changes.html#guidance
20:26:53 <redrobot> I'm mainly concerned that adding the ID property would break backwards compat in the eyes of the api-wg
20:28:32 <dave-mccowan> redrobot look like they allow "adding a project to a resource representation".  what's your concern?
20:29:09 <redrobot> dave-mccowan I may be reading it wrong, but to me it seems like adding the property requires a "new API extension"
20:30:19 <dave-mccowan> oh, got it.  then the question is "what's required for a new api extension?"
20:31:07 <dave-mccowan> i guess we need more research on this.
20:31:59 <dave-mccowan> we can check with api-wg for an explanation.  their web pages on the topic still list "TODO".
20:32:07 <dave-mccowan> any other questions?
20:32:20 <redrobot> nope, that's it for me atm
20:32:23 <redrobot> on this topic anyway
20:32:57 <redrobot> if anyone has pointers for getting Keystone v3 to work with our functional tests that'd be awesome.  I seem to be getting a lot of failures in my local setup.
20:33:57 <dave-mccowan> #topic CA-features deprecation
20:34:17 <dave-mccowan> diazjf added some patches to document/log deprecation.
20:34:42 <dave-mccowan> what else needs to be done in Ocata, so we're safe to turn everything off in Pike?
20:34:55 <diazjf> dave-mccowan correct. It should be logged that its deprecated on all calls.
20:35:56 <diazjf> https://governance.openstack.org/tc/reference/tags/assert_follows-standard-deprecation.html
20:37:50 <diazjf> dave-mccowan, redrobot, we also alerted the mailing list I believe
20:38:00 <dave-mccowan> thanks diazjf.  my reading says that we've met the minimum requirements.
20:38:37 <dave-mccowan> we're done #1 and #2.  #3 doesn't apply to us.  #4 allows us to set the obsolescence date based on data.
20:40:31 <dave-mccowan> do we need to do anything else?  or can we just take a vote to make the obsolescence date in line with the Pike release?
20:41:50 <diazjf> dave-mccowan not sure, we should maybe ask someone who has done it before.
20:42:47 <dave-mccowan> diazjf sounds good.  i'll find someone to check with, on both this question and the one on API extensions.
20:43:01 <dave-mccowan> #topic PTG
20:43:23 <dave-mccowan> #link  https://etherpad.openstack.org/p/ptg-barbican-pike
20:44:10 <dave-mccowan> The the PTG is coming up, starting on Feb 20 in Atlanta.  I reserved a room, all day, Wednesday through Friday.
20:44:26 <redrobot> oh snap! that's coming up quick
20:44:31 * redrobot crosses fingers to get an approval soon
20:44:40 <dave-mccowan> On Monday and Tuesday, the security team and other cross-project teams have rooms reserved.
20:44:59 <diazjf> hopefully we can have some meetings via the internet(hangouts).
20:45:14 <alee> do we know who will be there?
20:45:49 <alee> dave-mccowan, I'm assuming you will :)
20:45:50 <dave-mccowan> https://etherpad.openstack.org/p/ptg-barbican-pike
20:45:57 <dave-mccowan> according to etherpad, it's kfarr and me so far.
20:46:46 <dave-mccowan> yep, i'll be there Tuesday (for Security Project), then Wednesday and Thursday for Barbican.
20:46:50 <alee> I ca bring the salmiaki
20:47:03 <dave-mccowan> Do folks want something Friday morning?
20:47:50 <dave-mccowan> I was planning on flying late Thursday night.  I figure we can cover everything in two days.
20:49:04 <alee> dave-mccowan, see - we're already promoting so much efficiency by selecting Atlanta as the venue :)
20:50:12 <alee> dave-mccowan, that sounds reasonable to me .  Lets see if more stuff shapes up over the next week or two.
20:50:24 <dave-mccowan> I was talking with the Security guys last week.  they only have 2 or 3 people committed so far.  much less than the 12 or more that they've had for midcycles .
20:50:24 <kfarr> I'll be there Fri morning, but was planning on finding some other project's meetings if there wasn't anything for Barbican
20:51:26 <dave-mccowan> #topic any other business
20:51:29 <alee> dave-mccowan, yeah - I think the plan to kill midcyles is working.
20:51:49 <diazjf> dave-mccowan, redrobot, talks for Boston due the 20th
20:51:56 <alee> dave-mccowan, did we decide on another meeting time for the weekly meet?
20:52:37 <diazjf> dave-mccowan, redrobot, was wondering if you guys still wanna be added to "Managing Contributions and Proprietary work" which I submitted for Barcelona. Still think its an interesting talk.
20:52:38 <dave-mccowan> alee the meeting rooms are pretty much all booked.  i couldn't find a slot that worked much better than this one.
20:53:00 <alee> dave-mccowan, ok
20:53:27 <dave-mccowan> diazjf sure, sounds good.
20:53:53 <diazjf> awesome, will let you know when I submit :)
20:53:54 <dave-mccowan> any Barbican ideas?  a repeat for the hands-on lab?
20:54:32 <redrobot> dave-mccowan +1 repeat hands-on lab.  also mention we were the most attended lab in barcelona
20:54:34 <diazjf> dave-mccowan, fernet keys in Barbican talk??????
20:54:53 <redrobot> oh, i have an idea that I just thought about:
20:55:10 <redrobot> "In depth comparison of Vault and Barbican security models"
20:55:33 <diazjf> redrobot, I'd be down
20:55:48 <diazjf> even if its a brown-bag
20:56:00 <dave-mccowan> redrobot i like that idea a lot.
20:56:35 <redrobot> #action redrobot to flesh out Vault and Barican comparison abstract
20:57:31 <mathiasb> diazjf: did you have any more interactions with the Vault folks after this? https://groups.google.com/forum/#!topic/vault-tool/BfSq4dP081s
20:58:12 <diazjf> mathiasb, I spoke briefly to them, but we need to come up with a plan on how we will integrate vault with barbican. So far I haven't had time to workout that plan.
20:58:31 <redrobot> I do like their concept of sealed/unsealed vaults, and I think we should totally steal it ;)
20:58:33 <dave-mccowan> does someone want to take an action to submit the lab again?
20:58:54 <redrobot> maybe alee wants to hook up an hsm again?
20:59:09 <diazjf> dave-mccowan, I can already have all the docs, alee did an awesome job with getting that together.
20:59:22 <alee> redrobot, maybe -- I'll suggest it
20:59:50 <dave-mccowan> one minute left in the room.
21:00:05 <dave-mccowan> #action dave-mccowan get info on api extensions and clarification on deprecation rules
21:00:17 <alee> does it make sense to have lab in back to back summits?
21:00:39 <dave-mccowan> alee they usually don't like repeats, but maybe in this case.
21:00:50 <alee> then again -- I guess Sydney is pretty unlikely for most ..
21:01:09 <alee> dave-mccowan, we can always propose ..
21:01:11 <dave-mccowan> we can continue in the Barbican channel.  thanks everyone.
21:01:15 <dave-mccowan> #endmeeting