#openstack-meeting log

13:00:14 <Luzi> #startmeeting image_encryption
13:00:15 <openstack> Meeting started Mon May 10 13:00:14 2021 UTC and is due to finish in 60 minutes.  The chair is Luzi. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:00:16 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
13:00:18 <openstack> The meeting name has been set to 'image_encryption'
13:00:22 <Luzi> #topic Roll Call
13:00:32 <rosmaita> o/
13:01:05 <fungi> ohai
13:01:10 <Luzi> hi
13:01:16 <Luzi> lets wait for redrobot
13:04:16 <redrobot> 🙋🏽‍♂️
13:04:21 <Luzi> hi redrobot
13:04:29 <Luzi> #topic Barbican Consumer API Update
13:04:31 <redrobot> Hi Luzi
13:04:52 <Luzi> how is the work in Barbican going?
13:05:09 <redrobot> Sorry, still no updates. I've been chasing a Barbican bug in the Hashicorp Vault backend.
13:05:24 <Luzi> ok thank you
13:05:33 <Luzi> #topic Image Encryption WIP-Patches
13:06:22 <Luzi> i was busy talking to my colleges and boss to get more time working on the patches again
13:06:52 <Luzi> i think they all need a rebase to the current master as they are quite old
13:08:00 <Luzi> so are there any questions regarding the patches?
13:09:04 <Luzi> ok, i take that as a no
13:09:09 <fungi> none from me
13:09:09 <rosmaita> what gerrit topic are you tracking them with?
13:10:17 <fungi> oh, good question. it didn't seem like there was a single consistent review topic set on them when i was trying to put together the summary for the tc at the ptg
13:11:20 <Luzi> bp/brick-gpg-encryption-support for the os-brick (i think someone else set this for me)
13:11:27 <fungi> setting one where possible could help. or maybe if we'd already enabled hashtags everywhere that would be a solution for cases where the topic has to be something specific per project
13:11:28 <Luzi> and image-encryption for the glance patch
13:12:07 <rosmaita> feel free to change the brick one to 'image-encryption'
13:13:12 <Luzi> okay, just have to figure out how to do so
13:13:38 <fungi> Luzi: if using the gerrit webui, you should be able to just click on the topic to edit it
13:13:44 <fungi> (while logged in)
13:14:38 <Luzi> thank you - just edit it
13:14:57 <Luzi> done
13:15:10 <Luzi> #topic Open Discussion
13:15:31 <Luzi> are there any other things you would like to talk about?
13:15:44 <rosmaita> i forgot to ask at last week's glance meeting about launching an experimental implementation without the consumer API
13:15:51 <rosmaita> but i put it on the agenda for this week
13:16:05 <rosmaita> #link https://etherpad.opendev.org/p/glance-team-meeting-agenda
13:16:26 <Luzi> ah unfortunately this thursday is a holyday
13:17:10 <rosmaita> np, if you could just look at what i wrote (lines 63-65) i can cover it
13:17:17 <Luzi> so I will not be available - but as I don't want glance to delete a secret in these patches, they should be fine
13:18:52 <rosmaita> that sounds good, your case is different from cinder, where we don't want consumers messing with the key in barbican ... your use case is that the consumer is "in charge of" the key, so we can leave it up to the end user to manage the keys
13:19:30 <Luzi> yes
13:19:38 <rosmaita> i see what you wrote, that looks good
13:20:00 <Luzi> basically the secret consumer is a helping hand for the user :D
13:20:11 <rosmaita> right
13:20:37 <rosmaita> Luzi: you might want to paste what you just wrote on the glance agenda in here, so it will be in the meeting log
13:21:09 <Luzi> i added this to the glance agenda: glance will never delete a secret on their own. Its all up to users to know which secrets they use for which image (Secret consumers would make it indeed easier for them to not accidently delete a key in use)
13:21:56 <rosmaita> you know, when you look at it like that, i think it makes sense to release the feature without consumer API support (if it's not available yet) and then add it as an enhancement in Y
13:22:29 <Luzi> yeah, that would be okay i think
13:23:28 <rosmaita> ok, cool, let's see what the glance team thinks
13:24:07 <Luzi> adding the consumer or deleting one from a secret shoul also be just a minimal patch
13:24:11 <Luzi> yeah
13:24:28 <Luzi> okay, do you have any other topics?
13:25:11 <rosmaita> nothing from me
13:26:12 <fungi> nope
13:26:31 <Luzi> okay, thank you for joining and have a nice week
13:26:34 <fungi> thanks Luzi!
13:26:37 <Luzi> #endmeeting image_encryption