#openstack-barbican log

15:01:24 <xek> #startmeeting barbican
15:01:24 <opendevmeet> Meeting started Mon Dec 16 15:01:24 2024 UTC and is due to finish in 60 minutes.  The chair is xek. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:01:24 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:01:24 <opendevmeet> The meeting name has been set to 'barbican'
15:01:40 <xek> #topic Roll Call
15:01:50 <xek> Courtesy ping for dmendiza[m] ade_lee d34dh0r53 Luzi tosky tobias-urdin jjung mharley lpiwowar
15:01:57 <xek> As usual our agenda can be found here:
15:02:03 <xek> #link https://etherpad.openstack.org/p/barbican-weekly-meeting
15:03:33 <rajiv> hi
15:03:41 <xek> o/
15:05:26 <rajiv> i have 2 questions for today :) i will wait for Q&A
15:05:41 <rajiv> would Doug join ?
15:06:25 <xek> I think so, he's in today
15:06:32 <xek> ok, let's go over the topics
15:06:43 <xek> #topic Review Past Meeting Action Items
15:07:02 <xek> #link https://meetings.opendev.org/meetings/barbican/2024/barbican.2024-12-09-15.01.html
15:07:02 <xek> There were none
15:07:06 <xek> #topic Liaison Updates
15:07:42 <xek> #note This will be our last meeting this year
15:08:30 <xek> #info This will be our last meeting this year
15:08:56 <rajiv> :)
15:09:10 <xek> #info also Jan 6th is a holiday here, so I won't be around
15:09:35 <xek> #topic Open Discussion
15:10:42 <xek> dmendizaI see the fix for httpx didn't go anywhere this week https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/937366
15:11:01 <xek> So let's make theese jobs non-voting
15:11:16 <rajiv> 1. regarding https://review.opendev.org/c/openstack/barbican/+/933461 is it compatible with lower hsm firmware 7.3.3 ? i couldnt test this scenario since hsm firmware rollback is a destructive change
15:11:59 <rajiv> in production all hsm firmware are on 7.3.3, hence i will need to rollout this patch first and then upgrade the hsm firmware version to 7.7.1, right ?
15:12:22 <xek> What I heard is that dmendizais testing with older firmware, but I'm not sure which version
15:12:39 <rajiv> its been 3 weeks since Thales were informed regarding this change, but i had no information
15:13:03 <rajiv> i guess i need to wait for dmendiza[m] to comment on this then ?
15:13:17 <xek> It might be an even older version that he tested
15:14:11 <rajiv> oh ok ok, if rollback was not a destructive change, i would have gone ahead upgrading production but this isnt the case
15:15:00 <xek> yeah, you should wait for his comment on this
15:15:11 <rajiv> 2. whats the best way to support multi-tenancy in barbican with HSM backend ? i see we support 1 secretstore type each but we cannot have multiple secretstores of the same type, correct ?
15:15:32 <rajiv> i dont think there is an option to create secret stores manually as well ?
15:16:15 <rajiv> if multiple secret stores are present, we can then use the secret store api to set the preferred secretstore for the project
15:20:33 <rajiv> would there be any security concerns in this approach ?
15:22:49 <xek> beyond the fact that it's not tested I can't think of any
15:23:22 <rajiv> okay, would Doug reply to mails ? or has Christmas celebrations started early :)
15:23:45 <xek> He might just have a busy morning today :)
15:24:58 <rajiv> ah ok, i will ask again in the next meeting then!
15:26:51 <xek> ok, let's finish up
15:27:02 <xek> #topic Bug Review
15:27:14 <xek> There were no new bugs reported since our last meeting
15:27:46 <xek> That's it for today, Happy Holidays!
15:28:03 <xek> #endmeeting