-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Why would we not want to include a fixed-key backend in Castellan? As long as we make it clear that the fixed-key implementation is insecure and should not be used in production systems I see no harm in including it as part of the Castellan package.
In fact, I think it would ease the ramp up time for potential Castellan adopters. If we included a fixed-key impl, then someone could just pip install castellan and start kicking tires in the repl. Otherwise someone who is merely evaluating Castellan would have to go down the path of standing up a Barbican instance. - - Douglas Mendizábal On 1/5/16 3:58 PM, Farr, Kaitlin M. wrote: >>> Aiming toward tests that mirror real-world deployment is >>> certainly a good thing, but I don't think we should remove >>> ConfKeyManager. >>> >>> We will want to maintain the ability to test these Cinder/Nova >>> code paths in development environments or in some automated >>> environments without requiring additional services to be >>> configured. >>> >>> We can address this by having ConfKeyManager emit warning >>> messages indicating that it isn't for production environments. >> >> Right, effectively the fixed key manager was a Testing Fixture >> for us. That's really important because it reduces the number of >> moving parts when testing this stuff as a full stack. >> >> -Sean > > Ok, I am looking into a way to keep a fixed-key back end, but it > will not live in Castellan. > > Even if we keep the fixed-key back end, what about adding a gate > that tests the encryption features using Barbican? Would the > community be supportive if I added that gate? > > Kaitlin > > ______________________________________________________________________ ____ > > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: > openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJWjE8zAAoJEB7Z2EQgmLX7kq4QAIrWs0SlX7ELbrA8XDH3Dfzd X3Omc32/4b7WbQhF9qu7hmZeGDLBwAg9mSpqEATz7YQJdfEu9DN3WdPnWwsx8JiJ N0FQUPxo5QcsZGnVMnLZezTPJ7cB+NNpDDb7VWU5gKwwNVgRvCJRv6XZ5lXo9SEP sg6pE7xwBmT3pwIunWh6WIBpDSzmr/87bPUgkLHb30+grv9GlnHiGvaIc9VOF7Nc wISFIryn1uqJAfHd0j268KpueM9JLs0fP3raWthJ/xqT7iUKgpp0iIeM0HsEj6D5 UHZqcBAtbhMED/8NuMfIJlXK0i8lTjp6omrBJQM81NeukCeLRZRqoJM1NuvjoaiY eRUyk3W2tMJcfoowFxWkWFBU7/cxWkXhZmbDAUrJ55KdkewBs6Uuz/lJmUGe4sCI pn8ROv7jAnTyZdVnRn5ybggTjAEl7Ug8DAu7RRxm06BWtbHgtmBhBQZTDDfRDIUl KSX1JnP0Js7+GDm/inA/FrYSvQwB+m/bbR86evP8izVGXNF6GhjgBkmtL5GABGqr sa8UbG8EtMZ+3mPpXlNoFvkptKbay0mpECW86srbXTrDS8W7Licrv6mZ4mn3NjOr HYgcPp/KoHVn1hmiFcNqH+5Y9N6Wh9Vs+hXwgsBG754WpsTc+qi/FjTSjr8RSZyA ZS2CXxni08/U5xQ/tNqE =hy9D -----END PGP SIGNATURE----- __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev