15:01:35 <xek> #startmeeting barbican
15:01:35 <opendevmeet> Meeting started Mon Jun 17 15:01:35 2024 UTC and is due to finish in 60 minutes.  The chair is xek. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:01:35 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:01:35 <opendevmeet> The meeting name has been set to 'barbican'
15:01:42 <xek> #topic Roll Call
15:01:58 <xek> Courtesy ping for dmendiza[m] ade_lee d34dh0r53 Luzi tosky tobias-urdin jjung mharley lpiwowar
15:02:20 <dmendiza[m]> 🙋‍♂️
15:02:21 <xek> As usual our agenda can be found here:
15:02:31 <xek> #link https://etherpad.openstack.org/p/barbican-weekly-meeting
15:03:26 <xek> Just the usual topics today
15:03:31 <xek> #topic Review Past Meeting Action Items
15:03:41 <xek> #link https://meetings.opendev.org/meetings/barbican/2024/barbican.2024-06-10-15.00.html
15:03:53 <xek> There were none
15:04:01 <xek> #topic Liaison Updates
15:05:05 <xek> dmendiza morning :)
15:05:24 <xek> No updates from me
15:05:50 <xek> #topic Open Discussion
15:07:46 <xek> #topic Bug Review
15:08:22 <xek> There is a new bug https://bugs.launchpad.net/barbican/+bug/2069378
15:09:27 <xek> dmendizado you know about this one? It's about RBAC
15:12:32 <xek> Looks like Sam described a scenario which should be reproducable
15:16:08 <rajiv> Hi, is the meeting over ?
15:16:24 <xek> Not yet
15:16:46 <rajiv> :)
15:17:22 <xek> rajivyou may speak :)
15:18:02 <rajiv> i wanted to follow up on the Barbican-HSM upgrade topic, is the PR merged ?
15:18:54 <rajiv> Thales HSM A790 with FIPS operational mode cannot be upgraded to the next version from 7.3.3 due to current encryption restriction on Barbican
15:22:43 <rajiv> regarding my second topic, thanks for reviewing xek is it worth proceeding this idea and this format ? https://review.opendev.org/c/openstack/barbican/+/920305
15:23:05 <rajiv> lastly, i mailed these questions on the mailing list but it wasnt moderated and forwarded.
15:24:06 <xek> ack, thanks for the update!
15:24:17 <xek> I'm not sure which PR you are refering to
15:24:51 <xek> the KMIP secret store was not merged yet https://review.opendev.org/c/openstack/barbican/+/914745
15:24:53 <rajiv> https://review.opendev.org/c/openstack/barbican/+/920305
15:26:09 <xek> oh, right and you had a question about this one - I can't decide for myself, I would need a second reviewer to take a look
15:26:23 <xek> ^ dmendiza
15:26:29 <opendevreview> Merged openstack/barbican master: Replace pyOpenSSL by cryptography  https://review.opendev.org/c/openstack/barbican/+/913561
15:27:31 <rajiv> okay, thanks.
15:27:39 <xek> I would also like to have more information about the use case, I think it would then make it easier to make a decision as to whether we want to add features like that, or if other openstack services have similar features we could base this on
15:28:15 <rajiv> cinder already provides this feature
15:28:51 <rajiv> https://github.com/sapcc/cinder/blob/stable/wallaby-m3/cinder/transfer/api.py
15:29:08 <rajiv> https://www.alibabacloud.com/tech-news/a/cinder_/gvdyfkdkbj-cinder-volume-transfer-a-how-to-guide
15:29:40 <rajiv> to confirm https://review.opendev.org/c/openstack/barbican/+/913561 would help me upgrade to the next version ?
15:29:48 <rajiv> HSM upgrade*
15:31:25 <xek> yes, I think so
15:32:17 <rajiv> ah ok, i can cherry pick this commit to 2023.2 branch and test it ?
15:33:11 <xek> yep
15:33:20 <rajiv> does this replace CKM_AES_CBC_PAD mechanism ?
15:35:55 <xek> from what I see in the patch, the library was only used for converting between formats
15:36:02 <xek> (pem/der)
15:37:14 <rajiv> okay, so we are unsure if the HSM upgrade would work or not ? else shall i raise a Ticket with Thales to confirm ?
15:39:23 <xek> maybe you should, I don't specifically recall what was the cause of the issue
15:40:34 <rajiv> okay, i will raise a ticket.
15:40:58 <xek> ok, I guess that's everything for today
15:41:04 <xek> See y'all next week!
15:41:11 <xek> #endmeeting