13:00:14 #startmeeting image_encryption 13:00:15 Meeting started Mon May 10 13:00:14 2021 UTC and is due to finish in 60 minutes. The chair is Luzi. Information about MeetBot at http://wiki.debian.org/MeetBot. 13:00:16 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 13:00:18 The meeting name has been set to 'image_encryption' 13:00:22 #topic Roll Call 13:00:32 o/ 13:01:05 ohai 13:01:10 hi 13:01:16 lets wait for redrobot 13:04:16 🙋🏽‍♂️ 13:04:21 hi redrobot 13:04:29 #topic Barbican Consumer API Update 13:04:31 Hi Luzi 13:04:52 how is the work in Barbican going? 13:05:09 Sorry, still no updates. I've been chasing a Barbican bug in the Hashicorp Vault backend. 13:05:24 ok thank you 13:05:33 #topic Image Encryption WIP-Patches 13:06:22 i was busy talking to my colleges and boss to get more time working on the patches again 13:06:52 i think they all need a rebase to the current master as they are quite old 13:08:00 so are there any questions regarding the patches? 13:09:04 ok, i take that as a no 13:09:09 none from me 13:09:09 what gerrit topic are you tracking them with? 13:10:17 oh, good question. it didn't seem like there was a single consistent review topic set on them when i was trying to put together the summary for the tc at the ptg 13:11:20 bp/brick-gpg-encryption-support for the os-brick (i think someone else set this for me) 13:11:27 setting one where possible could help. or maybe if we'd already enabled hashtags everywhere that would be a solution for cases where the topic has to be something specific per project 13:11:28 and image-encryption for the glance patch 13:12:07 feel free to change the brick one to 'image-encryption' 13:13:12 okay, just have to figure out how to do so 13:13:38 Luzi: if using the gerrit webui, you should be able to just click on the topic to edit it 13:13:44 (while logged in) 13:14:38 thank you - just edit it 13:14:57 done 13:15:10 #topic Open Discussion 13:15:31 are there any other things you would like to talk about? 13:15:44 i forgot to ask at last week's glance meeting about launching an experimental implementation without the consumer API 13:15:51 but i put it on the agenda for this week 13:16:05 #link https://etherpad.opendev.org/p/glance-team-meeting-agenda 13:16:26 ah unfortunately this thursday is a holyday 13:17:10 np, if you could just look at what i wrote (lines 63-65) i can cover it 13:17:17 so I will not be available - but as I don't want glance to delete a secret in these patches, they should be fine 13:18:52 that sounds good, your case is different from cinder, where we don't want consumers messing with the key in barbican ... your use case is that the consumer is "in charge of" the key, so we can leave it up to the end user to manage the keys 13:19:30 yes 13:19:38 i see what you wrote, that looks good 13:20:00 basically the secret consumer is a helping hand for the user :D 13:20:11 right 13:20:37 Luzi: you might want to paste what you just wrote on the glance agenda in here, so it will be in the meeting log 13:21:09 i added this to the glance agenda: glance will never delete a secret on their own. Its all up to users to know which secrets they use for which image (Secret consumers would make it indeed easier for them to not accidently delete a key in use) 13:21:56 you know, when you look at it like that, i think it makes sense to release the feature without consumer API support (if it's not available yet) and then add it as an enhancement in Y 13:22:29 yeah, that would be okay i think 13:23:28 ok, cool, let's see what the glance team thinks 13:24:07 adding the consumer or deleting one from a secret shoul also be just a minimal patch 13:24:11 yeah 13:24:28 okay, do you have any other topics? 13:25:11 nothing from me 13:26:12 nope 13:26:31 okay, thank you for joining and have a nice week 13:26:34 thanks Luzi! 13:26:37 #endmeeting image_encryption