13:00:24 <Luzi> #startmeeting image_encryption
13:00:24 <opendevmeet> Meeting started Mon Jun 21 13:00:24 2021 UTC and is due to finish in 60 minutes.  The chair is Luzi. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:00:24 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
13:00:24 <opendevmeet> The meeting name has been set to 'image_encryption'
13:00:38 <Luzi> #topic Roll Call
13:01:51 <fungi> ohai
13:02:25 <Luzi> hi fungi
13:04:08 <redrobot> 👋
13:04:19 <Luzi> hi redrobot
13:04:24 <Luzi> lets start
13:04:34 <rosmaita> o/
13:05:06 <Luzi> #topic Barbican Consumer API Update
13:05:24 <Luzi> redrobot, are there news about the barbican consumer api?
13:05:30 <redrobot> Little to no progress unfortunately.  I've been working on getting the Vault backend fixed up.
13:05:47 <Luzi> okay thank you
13:05:53 <redrobot> There were some issues with the migration
13:05:57 <redrobot> that adds the consumers table
13:06:03 <redrobot> due to a new version of SQLAlchemy
13:06:16 <redrobot> we did merge a couple of patches that fix it
13:06:57 <Luzi> ah thats unfortunate
13:07:00 <Luzi> #topic spec-lite update
13:07:43 <Luzi> it's still open and i think dansmith posted a comment about it maybe being better as a full spec
13:08:08 <Luzi> i would like to talk to him, he is also in one of the US-timezones right?
13:08:09 <rosmaita> do you have the url handy?
13:08:25 <rosmaita> he's in pacific timezone
13:08:26 <fungi> Luzi: yes, utc-8
13:08:28 <Luzi> https://review.opendev.org/c/openstack/glance-specs/+/792134/
13:08:46 <fungi> or i suppose it's utc-7 this time of year
13:08:54 <Luzi> okay, well i hope i can manage it this week
13:09:56 <Luzi> i wonder if he is talking about the this specific spec-lite or if maybe he doesn't know about the former spec for which the WIP-patch was originally for
13:11:06 <Luzi> well i will have to ask him personally
13:11:21 <Luzi> thats all from my side.
13:11:31 <Luzi> do you have any other topics you would like to talk about
13:11:55 <rosmaita> was just looking at dan's comments
13:12:26 <rosmaita> i think they apply to both the spec and spec-lite
13:12:37 <fungi> Luzi: dansmith just sent e-mail to the openstack-discuss ml, so may already be awake/around
13:12:47 <rosmaita> i mean his comments at https://review.opendev.org/c/openstack/glance/+/705445/4/glance/api/v2/images.py#177 and https://review.opendev.org/c/openstack/glance/+/705445/4/glance/api/v2/images.py#766
13:15:38 <Luzi> hm the WIP-patch was just a first draft, so i worry more about the spec-lite.
13:16:19 <Luzi> my question is: is this spec-lite sufficient or will it be necessary to write another spec?
13:16:29 <rosmaita> i guess the point you'll want to make is that this encryption model has the end user managing the secrets.  The secret consumer API will help provide some safeguards, but there's nothing we can do to prevent users from deleting an in-use secret and making some resources inaccessible
13:16:50 <rosmaita> on the other hand, we don't want to make the lives of users completely miserable
13:18:56 <rosmaita> i guess my advice would be to put up a patch to the original spec for how you want to handle the various error scenarios dan points out (and others that occur to you)
13:19:17 <rosmaita> because i think you need to handle them the same way with & without the secret consumers API
13:20:35 <Luzi> rosmaita, well thats a starting point.
13:21:38 <rosmaita> Luzi: can you attend the weekly glance meeting (1400 utc thursday?)
13:22:02 <Luzi> well, i think this week i could
13:22:50 <rosmaita> i suggest put yourself on the agenda and find out from the team what revisions they would like and whether they should be spec, spec-lite, or WIP patch
13:22:57 <rosmaita> that way we'll all be on the same page
13:23:10 <rosmaita> https://etherpad.opendev.org/p/glance-team-meeting-agenda
13:25:30 <Luzi> okay i added this to the agenda
13:26:19 <Luzi> are there any other topics you would like to talk about?
13:26:26 <rosmaita> nothing from me
13:28:21 <fungi> i got nothin'
13:28:53 <Luzi> okay thank you for joining and have a nice week
13:29:16 <Luzi> #endmeeting image_encryption