#openstack-barbican log

13:11:14 <dmendiza[m]> #startmeeting barbican
13:11:14 <opendevmeet> Meeting started Tue Apr 19 13:11:14 2022 UTC and is due to finish in 60 minutes.  The chair is dmendiza[m]. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:11:14 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
13:11:14 <opendevmeet> The meeting name has been set to 'barbican'
13:11:36 <dmendiza[m]> #topic  Roll Call
13:11:49 <dmendiza[m]> Courtesy ping for ade_lee dave-mccowan d34dh0r53 hrybacki jamespage Luzi lxkong mhen rm_work tosky xek nearyo oleksandry
13:12:53 <Luzi> o/
13:14:58 <dmendiza[m]> Let's get started
13:15:05 <dmendiza[m]> #topic Past Meeting Action Items
13:15:37 <dmendiza[m]> #link https://meetings.opendev.org/meetings/barbican/2022/barbican.2022-04-12-13.02.html
13:15:41 <dmendiza[m]> > dmendiza[m] Check to make sure all of the repos have branched and tagged properly
13:15:46 <dmendiza[m]> Ugh, didn't get a chance to do that (short week last week)
13:15:49 <dmendiza[m]> #action dmendiza[m] Check to make sure all of the repos have branched and tagged properly
13:15:53 <dmendiza[m]> OK, moving on
13:16:05 <dmendiza[m]> #topic Liaison Updates
13:16:08 <dmendiza[m]> tosky: around?
13:16:25 <tosky> hello
13:16:44 <tosky> so, there is a bunch of open reviews on barbican-tempest-plugin
13:17:32 <tosky> most of them are cleanups: removing the custom methods in the scenario manager, switching to the stable scenario manager in tempest
13:17:36 <tosky> available for a while
13:18:29 <tosky> and there are a few others which may deserve some attention
13:19:08 <dmendiza[m]> tosky: ack, I'll review those as soon as I can
13:19:17 <tosky> this one should get some priority when the related zuul issue is fixed (I guess it could be directly merged, as it is a "mandatory" change): https://review.opendev.org/c/openstack/barbican-tempest-plugin/+/838063
13:19:38 <tosky> dmendiza[m]: there is a change which may be a bit more controversial: https://review.opendev.org/c/openstack/barbican-tempest-plugin/+/831644
13:23:43 <dmendiza[m]> okay, added both to my review queue
13:23:54 <tosky> thanks!
13:23:58 <tosky> that's it from me today
13:25:19 <dmendiza[m]> Thank you tosky !
13:25:24 <dmendiza[m]> OK, moving on
13:25:36 <dmendiza[m]> #topic Microversions + Secret Consumers
13:26:04 <dmendiza[m]> Not a whole lot of progress this week.  xek and I are working on this together, and then I'll be driving it home
13:32:22 <dmendiza[m]> #topic Secure RBAC
13:32:52 <dmendiza[m]> Not much progress on this either.  I think we just need to review our admin APIs and we'll be done with Phase 1
13:34:50 <dmendiza[m]> OK, moving on
13:34:53 <dmendiza[m]> #topic Bug Review
13:34:56 <dmendiza[m]> #link https://storyboard.openstack.org/#!/project_group/barbican
13:35:04 <dmendiza[m]> No new Barbican group stories
13:36:41 <rajiv> Hi, any comments on https://storyboard.openstack.org/#!/story/2009322
13:38:07 <dmendiza[m]> rajiv: looks like a real bug...  unfortunately nobody has signed up to fix it
13:38:29 <rajiv> ah ok
13:39:15 <rajiv> i presume doesnt wouldnt be fixed as well ? https://storyboard.openstack.org/#!/story/2009007
13:40:34 <dmendiza[m]> I haven't had a chance to look at that one closely
13:40:53 <dmendiza[m]> but yeah, unfortunately our team is really small.
13:41:00 <dmendiza[m]> but if you want to try to fix it, we can help review patches
13:41:23 <rajiv> okay, i will try
13:41:41 <rajiv> i also see barbican release notes link isnt present here : https://releases.openstack.org/yoga/index.html
13:41:59 <rajiv> is this in-progress or i need to wait to upgrade ?
13:42:57 <dmendiza[m]> hmm... that's strange
13:43:35 <rajiv> i see there is no change alembic_version or a new api is released, is there anyother way to validate it the upgrade is successful to yoga ?
13:44:27 <dmendiza[m]> looks like release notes are missing this patch:
13:44:29 <dmendiza[m]> #link https://review.opendev.org/c/openstack/barbican/+/833277
13:45:07 <dmendiza[m]> rajiv: let me finish the bug review and I'll get back to your question
13:45:26 <rajiv> sure
13:45:39 <dmendiza[m]> #link https://bugs.launchpad.net/castellan/+bugs?orderby=-id&start=0
13:45:44 <dmendiza[m]> looks like no new Castellan bugs
13:46:56 <dmendiza[m]> #link https://bugs.launchpad.net/cursive/+bugs?orderby=-id&start=0
13:47:02 <dmendiza[m]> also no new Cursive bugs
13:47:05 <dmendiza[m]> #topic Open Discussion
13:51:44 <dmendiza[m]> rajiv you should be able to check the current version like this:
13:52:06 <dmendiza[m]> curl https://your-barbican-host:9311/?build
13:52:18 <dmendiza[m]> response should be
13:52:30 <dmendiza[m]> {"build": "14.0.0"} for Yoga
13:53:33 <dmendiza[m]> Almost out of time, y'all
13:53:41 <dmendiza[m]> anything else you want to talk about?
13:53:47 <rajiv> should it be the public endpoint ? as host
13:54:08 <rajiv> @dmendiza i would like to follow up on the HSM integration testing
13:54:27 <rajiv> i dropped a mail, hope you could spare few mins reviewing it ?
13:54:45 <dmendiza[m]> Yeah, send that request to your barbican public endpoint
13:55:00 <rajiv> to shorten the mail, is there a way to move the secrets from simple crypto to p11 plugin name ?
13:55:02 <dmendiza[m]> I will review your email when I get a chance
13:56:10 <rajiv> is there a way to move the secrets from simple crypto to p11 plugin name ?
13:57:43 <dmendiza[m]> you would likely need to download the secret, then re-upload it with the new backend
13:57:57 <dmendiza[m]> there is no automatic process to decrypt and re-encrypt with a different backend
13:58:44 <rajiv> oh ok, curl https://your-barbican-host:9311/?build doesnt seem to work, curl https://your-barbican-host works
14:00:18 <dmendiza[m]> yeah, sure.  we default to port 9311, but your deployment probably remaps that to port 443.
14:00:28 <dmendiza[m]> All out of time, y'all.
14:00:32 <dmendiza[m]> See you online!
14:00:36 <dmendiza[m]> #endmeeting