13:00:24 #startmeeting image_encryption 13:00:24 Meeting started Mon Jun 21 13:00:24 2021 UTC and is due to finish in 60 minutes. The chair is Luzi. Information about MeetBot at http://wiki.debian.org/MeetBot. 13:00:24 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 13:00:24 The meeting name has been set to 'image_encryption' 13:00:38 #topic Roll Call 13:01:51 ohai 13:02:25 hi fungi 13:04:08 👋 13:04:19 hi redrobot 13:04:24 lets start 13:04:34 o/ 13:05:06 #topic Barbican Consumer API Update 13:05:24 redrobot, are there news about the barbican consumer api? 13:05:30 Little to no progress unfortunately. I've been working on getting the Vault backend fixed up. 13:05:47 okay thank you 13:05:53 There were some issues with the migration 13:05:57 that adds the consumers table 13:06:03 due to a new version of SQLAlchemy 13:06:16 we did merge a couple of patches that fix it 13:06:57 ah thats unfortunate 13:07:00 #topic spec-lite update 13:07:43 it's still open and i think dansmith posted a comment about it maybe being better as a full spec 13:08:08 i would like to talk to him, he is also in one of the US-timezones right? 13:08:09 do you have the url handy? 13:08:25 he's in pacific timezone 13:08:26 Luzi: yes, utc-8 13:08:28 https://review.opendev.org/c/openstack/glance-specs/+/792134/ 13:08:46 or i suppose it's utc-7 this time of year 13:08:54 okay, well i hope i can manage it this week 13:09:56 i wonder if he is talking about the this specific spec-lite or if maybe he doesn't know about the former spec for which the WIP-patch was originally for 13:11:06 well i will have to ask him personally 13:11:21 thats all from my side. 13:11:31 do you have any other topics you would like to talk about 13:11:55 was just looking at dan's comments 13:12:26 i think they apply to both the spec and spec-lite 13:12:37 Luzi: dansmith just sent e-mail to the openstack-discuss ml, so may already be awake/around 13:12:47 i mean his comments at https://review.opendev.org/c/openstack/glance/+/705445/4/glance/api/v2/images.py#177 and https://review.opendev.org/c/openstack/glance/+/705445/4/glance/api/v2/images.py#766 13:15:38 hm the WIP-patch was just a first draft, so i worry more about the spec-lite. 13:16:19 my question is: is this spec-lite sufficient or will it be necessary to write another spec? 13:16:29 i guess the point you'll want to make is that this encryption model has the end user managing the secrets. The secret consumer API will help provide some safeguards, but there's nothing we can do to prevent users from deleting an in-use secret and making some resources inaccessible 13:16:50 on the other hand, we don't want to make the lives of users completely miserable 13:18:56 i guess my advice would be to put up a patch to the original spec for how you want to handle the various error scenarios dan points out (and others that occur to you) 13:19:17 because i think you need to handle them the same way with & without the secret consumers API 13:20:35 rosmaita, well thats a starting point. 13:21:38 Luzi: can you attend the weekly glance meeting (1400 utc thursday?) 13:22:02 well, i think this week i could 13:22:50 i suggest put yourself on the agenda and find out from the team what revisions they would like and whether they should be spec, spec-lite, or WIP patch 13:22:57 that way we'll all be on the same page 13:23:10 https://etherpad.opendev.org/p/glance-team-meeting-agenda 13:25:30 okay i added this to the agenda 13:26:19 are there any other topics you would like to talk about? 13:26:26 nothing from me 13:28:21 i got nothin' 13:28:53 okay thank you for joining and have a nice week 13:29:16 #endmeeting image_encryption