[openstack-dev] [barbican] No ca_file in the KeystonePassword class

Hi, Trying to implement kms_keymaster in Swift (to enable encryption), I have found out that Castellan's KeystonePassword doesn't include any option for root CA certificates (neither a insecure=True option). In such a configuration, it's not easy to test. So my question is: has anyone from the

[openstack-dev] [barbican] Adjust weekly meeting time for US DST

Hi openstack-dev@, During the weekly meeting today the topic of moving the weekly meeting forward by an hour to adjust for US Daylight Savings Time ending was brought up. All contributors in attendance unanimously voted for the move. [1] If you would like to participate in the meetings and

Re: [openstack-dev] [barbican][tc] Seeking feedback on the OpenStack cloud vision

Hello Zane-- Yes, this vision is consistent with the Barbican team's vision. Barbican provides an abstraction layer over HSMs and other secret storage services. We have a plugin architecture to enable this abstraction over a variety of backends. Vault is a recent addition to our supported

[openstack-dev] [barbican][tc] Seeking feedback on the OpenStack cloud vision

Greetings, Barbican team! As you may be aware, I've been working with other folks in the community on documenting a vision for OpenStack clouds (formerly known as the 'Technical Vision') - essentially to interpret the mission statement in long-form, in a way that we can use to actually help

Re: [openstack-dev] [barbican][oslo][release][requirements] FFE request for castellan

> > > > > > I've approved it for a UC only bump > > > > > We are still waiting on https://review.openstack.org/594541 to merge, > but I already voted and noted that it was FFE approved. > > -- > Matthew Thode (prometheanfire) And I have now approved the u-c update. We should be all set now.

Re: [openstack-dev] [barbican][oslo][release][requirements] FFE request for castellan

On 18-08-22 23:06:36, Ade Lee wrote: > Thanks guys, > > Sorry - it was not clear to me if I was supposed to do anything > further. It seems like the requirements team has approved the FFE and > the release has merged. Is there anything further I need to do? > > Thanks, > Ade > > On Tue,

Re: [openstack-dev] [barbican][oslo][release][requirements] FFE request for castellan

Thanks guys, Sorry - it was not clear to me if I was supposed to do anything further. It seems like the requirements team has approved the FFE and the release has merged. Is there anything further I need to do? Thanks, Ade On Tue, 2018-08-21 at 14:16 -0500, Matthew Thode wrote: > On 18-08-21

Re: [openstack-dev] [barbican][oslo][release][requirements] FFE request for castellan

On 18-08-21 14:00:41, Ben Nemec wrote: > Because castellan is in global-requirements, we need an FFE from > requirements too. Can someone from the requirements team respond to the > review? Thanks. > > On 08/16/2018 04:34 PM, Ben Nemec wrote: > > The backport has merged and I've proposed the

Re: [openstack-dev] [barbican][oslo][release][requirements] FFE request for castellan

Because castellan is in global-requirements, we need an FFE from requirements too. Can someone from the requirements team respond to the review? Thanks. On 08/16/2018 04:34 PM, Ben Nemec wrote: The backport has merged and I've proposed the release here: https://review.openstack.org/592746

Re: [openstack-dev] [barbican][oslo][release] FFE request for castellan

The backport has merged and I've proposed the release here: https://review.openstack.org/592746 On 08/15/2018 11:58 AM, Ade Lee wrote: Done. https://review.openstack.org/#/c/592154/ Thanks, Ade On Wed, 2018-08-15 at 09:20 -0500, Ben Nemec wrote: On 08/14/2018 01:56 PM, Sean McGinnis

Re: [openstack-dev] [barbican][oslo][release] FFE request for castellan

Done. https://review.openstack.org/#/c/592154/ Thanks, Ade On Wed, 2018-08-15 at 09:20 -0500, Ben Nemec wrote: > > On 08/14/2018 01:56 PM, Sean McGinnis wrote: > > > On 08/10/2018 10:15 AM, Ade Lee wrote: > > > > Hi all, > > > > > > > > I'd like to request a feature freeze exception to get

Re: [openstack-dev] [barbican][oslo][release] FFE request for castellan

On 08/14/2018 01:56 PM, Sean McGinnis wrote: On 08/10/2018 10:15 AM, Ade Lee wrote: Hi all, I'd like to request a feature freeze exception to get the following change in for castellan. https://review.openstack.org/#/c/575800/ This extends the functionality of the vault backend to provide

Re: [openstack-dev] [barbican][oslo][release] FFE request for castellan

> On 08/10/2018 10:15 AM, Ade Lee wrote: > > Hi all, > > > > I'd like to request a feature freeze exception to get the following > > change in for castellan. > > > > https://review.openstack.org/#/c/575800/ > > > > This extends the functionality of the vault backend to provide > > previously

Re: [openstack-dev] [barbican][oslo][release] FFE request for castellan

On 08/10/2018 10:15 AM, Ade Lee wrote: Hi all, I'd like to request a feature freeze exception to get the following change in for castellan. https://review.openstack.org/#/c/575800/ This extends the functionality of the vault backend to provide previously uninmplemented functionality, so it

Re: [openstack-dev] [barbican][ara][helm][tempest] Removal of fedora-27 nodes

On Mon, Aug 13, 2018 at 09:56:44AM -0400, Paul Belanger wrote: > On Thu, Aug 02, 2018 at 08:01:46PM -0400, Paul Belanger wrote: > > Greetings, > > > > We've had fedora-28 nodes online for some time in openstack-infra, I'd like > > to > > finish the migration process and remove fedora-27 images.

[openstack-dev] barbican 7.0.0.0rc1 (rocky)

Hello everyone, A new release candidate for barbican for the end of the Rocky cycle is available! You can find the source code tarball at: https://tarballs.openstack.org/barbican/ Unless release-critical issues are found that warrant a release candidate respin, this candidate will be

Re: [openstack-dev] [barbican][ara][helm][tempest] Removal of fedora-27 nodes

On Thu, Aug 02, 2018 at 08:01:46PM -0400, Paul Belanger wrote: > Greetings, > > We've had fedora-28 nodes online for some time in openstack-infra, I'd like to > finish the migration process and remove fedora-27 images. > > Please take a moment to review and approve the following patches[1].

[openstack-dev] [barbican][oslo] FFE request for castellan

Hi all, I'd like to request a feature freeze exception to get the following change in for castellan. https://review.openstack.org/#/c/575800/ This extends the functionality of the vault backend to provide previously uninmplemented functionality, so it should not break anyone. The castellan

[openstack-dev] [barbican][ara][helm][tempest] Removal of fedora-27 nodes

Greetings, We've had fedora-28 nodes online for some time in openstack-infra, I'd like to finish the migration process and remove fedora-27 images. Please take a moment to review and approve the following patches[1]. We'll be using the fedora-latest nodeset now, which make is a little easier for

Re: [openstack-dev] [barbican] Can we support key wrapping mechanisms other than CKM_AES_CBC_PAD?

You probably also need to change the parameters being added to the structure to match the chosen padding mechanism. mech = self.ffi.new("CK_MECHANISM *") mech.mechanism = CKM_AES_CBC_PAD iv = self._generate_random(16, session) mech.parameter = iv

Re: [openstack-dev] [barbican] Can we support key wrapping mechanisms other than CKM_AES_CBC_PAD?

BTW, i am using `CKM_RSA_PKCS` because it's the only one of the suggested mechanisms that SoftHSM supports according to the output of `pkcs11-tool --module libsofthsm2.so ---slot $slot --list-mechanisms`. *$ pkcs11-tool --module libsofthsm2.so ---slot $slot --list-mechanisms* *...* *RSA-PKCS,

Re: [openstack-dev] [barbican] Can we support key wrapping mechanisms other than CKM_AES_CBC_PAD?

Hi Ade, Thanks for your reply. I just replaced `CKM_AES_CBC_PAD` with `CKM_RSA_PKCS` here[1], of course I defined `CKM_RSA_PKCS = 0x0001` in the code, but still got the following error: *Jul 11 10:42:05 barbican-devstack devstack@barbican-svc.service[19897]: 2018-07-11 10:42:05.309 19900

Re: [openstack-dev] [barbican] Can we support key wrapping mechanisms other than CKM_AES_CBC_PAD?

Lingxian, I don't see any reason not to provide support for other wrapping mechanisms. Have you tried hacking the code to use one of the other wrapping mechanisms to see if it works? Ultimately, what is passed are parameters to CFFI. As long as you pass in the right input and your PKCS#11

[openstack-dev] [barbican] Can we support key wrapping mechanisms other than CKM_AES_CBC_PAD?

Hi Barbican guys, Currently, I am testing the integration between Barbican and SoftHSM v2 but I met with a problem that SoftHSM v2 doesn't support CKM_AES_CBC_PAD key wrapping operation which is hardcoded in Barbican code here

Re: [openstack-dev] [barbican][cinder][glance][nova] Goodbye from JHUAPL

Thanks so much for your contributions to our ecosystem, Brianna! I'm sad to see you go! :( Best, -jay On 07/03/2018 03:13 PM, Poulos, Brianna L. wrote: All, After over five years of contributing security features to OpenStack, the JHUAPL team is wrapping up our involvement with OpenStack.

[openstack-dev] [barbican][cinder][glance][nova] Goodbye from JHUAPL

All, After over five years of contributing security features to OpenStack, the JHUAPL team is wrapping up our involvement with OpenStack. To all who have reviewed/improved/accepted our contributions, thank you. It has been a pleasure to be a part of the community. Regards, The JHUAPL

Re: [openstack-dev] [barbican][heat] Identifying secrets in Barbican

On Thu, 2018-06-28 at 17:32 -0400, Zane Bitter wrote: > On 28/06/18 15:00, Douglas Mendizabal wrote: > > Replying inline. > > [snip] > > IIRC, using URIs instead of UUIDs was a federation pre-optimization > > done many years ago when Barbican was brand new and we knew we > > wanted > > federation

Re: [openstack-dev] [barbican] default devstack barbican secret store ? and big picture question ?

On Mon, 2018-06-18 at 17:23 +, Waines, Greg wrote: > Hey ... a couple of NEWBY question for the Barbican Team. > > I just setup a devstack with Barbican @ stable/queens . > > Ran through the “Verify operation” commands ( > https://docs.openstack.org/barbican/latest/install/verify.html )

Re: [openstack-dev] [barbican][heat] Identifying secrets in Barbican

On 28/06/18 15:00, Douglas Mendizabal wrote: Replying inline. [snip] IIRC, using URIs instead of UUIDs was a federation pre-optimization done many years ago when Barbican was brand new and we knew we wanted federation but had no idea how it would work. The rationale was that the URI would

Re: [openstack-dev] [barbican][heat] Identifying secrets in Barbican

Replying inline. On Wed, 2018-06-27 at 16:39 -0400, Zane Bitter wrote: > We're looking at using Barbican to implement a feature in Heat[1] > and > ran into some questions about how secrets are identified in the > client. > > With most openstack clients, resources are identified by a UUID. You

Re: [openstack-dev] [barbican][heat] Identifying secrets in Barbican

For now we found two ways to get a secret, with secret href or with secret URI(which is `secrets/UUID`). We will turn to use secret URI for now for Heat multi cloud support, but is there any reason for Barbican client not to accept only secrets UUID (Secret incorrectly specified error will shows

[openstack-dev] [barbican][heat] Identifying secrets in Barbican

We're looking at using Barbican to implement a feature in Heat[1] and ran into some questions about how secrets are identified in the client. With most openstack clients, resources are identified by a UUID. You pass the UUID on the command line (or via the Python API or whatever) and the

[openstack-dev] [barbican] default devstack barbican secret store ? and big picture question ?

Hey ... a couple of NEWBY question for the Barbican Team. I just setup a devstack with Barbican @ stable/queens . Ran through the “Verify operation” commands ( https://docs.openstack.org/barbican/latest/install/verify.html ) ... Everything worked. stack@barbican:~/devstack$ openstack secret

Re: [openstack-dev] [barbican] NEW weekly meeting time

Based on popular demand, the new meeting time is now active. We will meet at Tuesday 12:00 UTC starting this week. redrobot and Dave will chair the next two meetings as I'm on vacation. Ade On Sat, 2018-06-16 at 11:11 +0300, Juan Antonio Osorio wrote: > +1 I dig > > On Fri, 15 Jun 2018, 17:41

Re: [openstack-dev] [barbican] NEW weekly meeting time

+1 from me. > -Original Message- > From: Ade Lee [mailto:a...@redhat.com] > Sent: Friday, June 15, 2018 3:30 AM > To: OpenStack Development Mailing List (not for usage questions) > > Subject: [openstack-dev] [barbican] NEW weekly meeting time > > The new t

Re: [openstack-dev] [barbican] NEW weekly meeting time

+1 I dig On Fri, 15 Jun 2018, 17:41 Dave McCowan (dmccowan), wrote: > +1 > This is a great time. > > On 6/14/18, 4:30 PM, "Ade Lee" wrote: > > >The new time slot has been pretty difficult for folks to attend. > >I'd like to propose a new time slot, which will hopefully be more > >amenable to

Re: [openstack-dev] [barbican] NEW weekly meeting time

+1 This is a great time. On 6/14/18, 4:30 PM, "Ade Lee" wrote: >The new time slot has been pretty difficult for folks to attend. >I'd like to propose a new time slot, which will hopefully be more >amenable to everyone. > >Tuesday 12:00 UTC >

Re: [openstack-dev] [barbican] NEW weekly meeting time

+1 The new time slot would definitely make it much easier for me to attend than the current one. - Douglas Mendizábal On Thu, 2018-06-14 at 16:30 -0400, Ade Lee wrote: > The new time slot has been pretty difficult for folks to attend. > I'd like to propose a new time slot, which will hopefully

[openstack-dev] [barbican] NEW weekly meeting time

The new time slot has been pretty difficult for folks to attend. I'd like to propose a new time slot, which will hopefully be more amenable to everyone. Tuesday 12:00 UTC https://www.timeanddate.com/worldclock/fixedtime.html?hour=12=00 c=0 This works out to 8 am EST, around 1pm in Europe, and 8

[openstack-dev] [barbican] meeting cancelled for 5/7/2018

Hi all, I have a conflict for this week's meeting. Therefore we will cancel for this week and reconvene next week. Thanks. Ade __ OpenStack Development Mailing List (not for usage questions) Unsubscribe:

[openstack-dev] [barbican] barbican migrated to storyboard

Hi all, Thanks to the hard work done by Kendall and Jeremy, Barbican has now been been migrated to storyboard. The new link for the Barbican storyboard is https://storyboard.openstac k.org/#!/project_group/81 This is the starting point for : python-barbicanclient, castellan-ui,

[openstack-dev] [barbican] Hangout Barbican team

Hi Barbican team, In order to be easy for reviewing some patch sets in Barbican, we propose that it should have a hangout meeting on 10pm EDT - Monday 30 April. So i would like to send an email to notify everyone that feel free to join with us by leaving your email. Cheers, Nam?

Re: [openstack-dev] [barbican] NEW weekly meeting time

0 > > > > From: Ade Lee <a...@redhat.com> > > > > To: "OpenStack Development Mailing List (not for usage > > > > questions)" > > > > <openstack-dev@lists.openstack.org> > > > > Subject: [openstack-dev] [barbican]

Re: [openstack-dev] [barbican][nova-powervm][pyghmi][solum][trove] Switching to cryptography from pycrypto

On Mon, Apr 2, 2018 at 8:26 AM, Jim Rollenhagen wrote: > On Sat, Mar 31, 2018 at 7:24 PM, Matthew Thode > wrote: > >> Here's the current status. I'd like to ask the projects what's keeping >> them from removing pycrypto in facor of a

Re: [openstack-dev] [barbican] [Fwd: Barbican is Eligible to Migrate!]

https://storyboard-dev.openstack.org/#!/project_group/27 shows the project group that has all the barbican repos represented for tracking issues and new features against. https://storyboard-dev.openstack.org/#!/project/286 shows items specifically related to the main barbican repo- its where the

[openstack-dev] [barbican] [Fwd: Barbican is Eligible to Migrate!]

Hey Barbicaneers, Kendall has provided us a test migration to storyboard, and Barbican has apparently migrated smoothly. You can see the test instance in his email (forwarded below). The correct URL is actually https://storyboar d-dev.openstack.org/#!/project/286 Any objections/ concerns about

Re: [openstack-dev] [barbican][nova-powervm][pyghmi][solum][trove] Switching to cryptography from pycrypto

On Sat, 2018-03-31 at 18:24 -0500, Matthew Thode wrote: > Here's the current status. I'd like to ask the projects what's > keeping > them from removing pycrypto in facor of a maintained library. > > Open reviews > barbican: > - (merge conflict) https://review.openstack.org/#/c/458196 > -

Re: [openstack-dev] [barbican][nova-powervm][pyghmi][solum][trove] Switching to cryptography from pycrypto

On Sat, Mar 31, 2018 at 7:24 PM, Matthew Thode wrote: > Here's the current status. I'd like to ask the projects what's keeping > them from removing pycrypto in facor of a maintained library. > > pyghmi: > - (merge conflict) https://review.openstack.org/#/c/331828 >

Re: [openstack-dev] [barbican][nova-powervm][pyghmi][solum][trove] Switching to cryptography from pycrypto

Mr. Fire- > nova-powervm: no open reviews > - in test-requirements, but not actually used? > - made https://review.openstack.org/558091 for it Thanks for that. It passed all our tests; we should merge it early next week. -efried

[openstack-dev] [barbican][nova-powervm][pyghmi][solum][trove] Switching to cryptography from pycrypto

Here's the current status. I'd like to ask the projects what's keeping them from removing pycrypto in facor of a maintained library. Open reviews barbican: - (merge conflict) https://review.openstack.org/#/c/458196 - (merge conflict) https://review.openstack.org/#/c/544873 nova-powervm: no

[openstack-dev] [barbican] priorities/tracker for Rocky

Hi all, I have started a tracker wiki page with some of the features/bugs that we might want to track for Rocky. Please take a look and see if there is anything that you would like to add/ comment on/ volunteer for. https://etherpad.openstack.org/p/barbican-tracker-rocky Thanks, Ade

Re: [openstack-dev] [barbican] NEW weekly meeting time

works better for me. > > > > Regards, > > Jiong > > > > > Message: 35 > > > Date: Tue, 13 Feb 2018 10:17:59 -0500 > > > From: Ade Lee <a...@redhat.com> > > > To: "OpenStack Development Mailing List (not for usage > > > questi

Re: [openstack-dev] [barbican][castellan] Stepping down from core

Kaitlin, thank you for all your contribution over the past years! Wish you all the best in your new career! > Hi Barbicaneers, > I will be moving on to other projects at work and will not have time to > contribute to OpenStack anymore. I am stepping down as core reviewer as I > will not be

[openstack-dev] [barbican][castellan] Stepping down from core

Hi Barbicaneers,   I will be moving on to other projects at work and will not have time to contribute to OpenStack anymore.  I am stepping down as core reviewer as I will not be able to maintain my responsibilities.  It's been a great 4.5 years working on OpenStack and a fulfilling 3 years as a

Re: [openstack-dev] [barbican] weekly meeting time

ists.openstack.org> > Subject: [openstack-dev] [barbican] weekly meeting time > > Hi all, > > The Barbican weekly meeting has been fairly sparsely attended for a little > while now, and the most active contributors these days appear to be in Asia. > > Its time to cons

Re: [openstack-dev] [Barbican] Keystone Listener error when processing delete project event

Taking a quick look at the barbican code, it might be that something isn't setting up the _SESSION_FACTORY [0], but I'm certainly not a barbican expert. Might be worth while to open a bug [1]. [0]

[openstack-dev] [Barbican] Keystone Listener error when processing delete project event

Hello, The Keystone Listener outputs the below error, over and over again, when processing a delete project event. Do you have any idea why this happens? Happens the same with Ocata and Pike versions. Thank you, Mihaela Balas 2018-02-16 15:36:02.673 1 DEBUG amqp [-] heartbeat_tick : for

Re: [openstack-dev] [barbican] weekly meeting time

; Regards, > Jiong > > > Message: 35 > > Date: Tue, 13 Feb 2018 10:17:59 -0500 > > From: Ade Lee <a...@redhat.com> > > To: "OpenStack Development Mailing List (not for usage questions)" > > <openstack-dev@lists.openstack.org>

Re: [openstack-dev] [barbican] weekly meeting time

ns)" > <openstack-dev@lists.openstack.org> > Subject: [openstack-dev] [barbican] weekly meeting time > Message-ID: <1518535079.22990.9.ca...@redhat.com> > Content-Type: text/plain; charset="UTF-8" > Hi all, > The Barbican weekly meeting has

[openstack-dev] [barbican] weekly meeting time

Hi all, The Barbican weekly meeting has been fairly sparsely attended for a little while now, and the most active contributors these days appear to be in Asia. Its time to consider moving the weekly meeting to a time when more contributors can attend. I'm going to propose a couple times below

[openstack-dev] [barbican] barbican 6.0.0.0rc1 (queens)

Hello everyone, A new release candidate for barbican for the end of the Queens cycle is available! You can find the source code tarball at: https://tarballs.openstack.org/barbican/ Unless release-critical issues are found that warrant a release candidate respin, this candidate will be

[openstack-dev] [barbican][heat] Missing RCs

Hello teams, Yesterday was the RC1 deadline, and we have not seen a release request for either Barbican or Heat. If there is some blocking reason for waiting on these, please let us know as soon as possible. Otherwise, please submit a release request with branching for stable/queens to the

Re: [openstack-dev] [barbican] candidacy for PTL

+1, thanks Dave for leading Barbican team in the past cycles > Message: 20 > Date: Mon, 05 Feb 2018 15:13:31 -0500 > From: Ade Lee <a...@redhat.com> > To: "OpenStack Development Mailing List (not for usage questions)" > <openstack-dev@lists.openst

[openstack-dev] [barbican] candidacy for PTL

Fellow Barbicaneers, I'd like to nominate myself to serve as Barbican PTL through the Rocky cycle. Dave has done a great job at keeping the project growing and I'd like to continue his good work. This is an exciting time for Barbican. With more distributions and installers incorporating

Re: [openstack-dev] [barbican] [glance] [ironic] [neutron] [tacker] [tc] policy in code goal

On 01/31/2018 11:50 AM, Pavlo Shchelokovskyy wrote: > Lance, > > that's a single patch renaming the sample policy file from .json to > .yaml, so I do not think it is a real blocker. > Besides we have another patch on review that deletes those files > altogether (and which I like more and there

Re: [openstack-dev] [barbican] [glance] [ironic] [neutron] [tacker] [tc] policy in code goal

On Wed, Jan 31, 2018 at 12:16 PM, Lance Bragstad wrote: > Hey folks, > > The tracking tool for the policy-and-docs-in-code goal for Queens [0] > lists a couple projects remaining for the goal [1]. I wanted to start a > discussion with said projects to see how we want to go

Re: [openstack-dev] [barbican] [glance] [ironic] [neutron] [tacker] [tc] policy in code goal

Lance, that's a single patch renaming the sample policy file from .json to .yaml, so I do not think it is a real blocker. Besides we have another patch on review that deletes those files altogether (and which I like more and there was an ML thread resulting in a decision to indeed remove them).

Re: [openstack-dev] [barbican] [glance] [ironic] [neutron] [tacker] [tc] policy in code goal

On 01/31/2018 06:23 PM, Lance Bragstad wrote: On 01/31/2018 11:20 AM, Dmitry Tantsur wrote: Hi! On 01/31/2018 06:16 PM, Lance Bragstad wrote: Hey folks, The tracking tool for the policy-and-docs-in-code goal for Queens [0] lists a couple projects remaining for the goal [1].  I wanted to

Re: [openstack-dev] [barbican] [glance] [ironic] [neutron] [tacker] [tc] policy in code goal

On 01/31/2018 11:20 AM, Dmitry Tantsur wrote: > Hi! > > On 01/31/2018 06:16 PM, Lance Bragstad wrote: >> Hey folks, >> >> The tracking tool for the policy-and-docs-in-code goal for Queens [0] >> lists a couple projects remaining for the goal [1].  I wanted to start a >> discussion with said

Re: [openstack-dev] [barbican] [glance] [ironic] [neutron] [tacker] [tc] policy in code goal

Hi! On 01/31/2018 06:16 PM, Lance Bragstad wrote: Hey folks, The tracking tool for the policy-and-docs-in-code goal for Queens [0] lists a couple projects remaining for the goal [1].  I wanted to start a discussion with said projects to see how we want to go about the work in the future, we

[openstack-dev] [barbican] [glance] [ironic] [neutron] [tacker] [tc] policy in code goal

Hey folks, The tracking tool for the policy-and-docs-in-code goal for Queens [0] lists a couple projects remaining for the goal [1].  I wanted to start a discussion with said projects to see how we want to go about the work in the future, we have a couple of options. I can update the document

Re: [openstack-dev] [barbican][nova][cinder][tacker][glance] Remove Certificate Orders and CAs from API

On 12/5/17, 11:37 AM, "Matt Riedemann" wrote: >On 12/5/2017 2:52 AM, na...@vn.fujitsu.com wrote: >> Hi all, >> >> Barbican's team are considering whether the Certificate Orders and CAs >>should be removed or not [1]. And we would like to hear information from >>other

Re: [openstack-dev] [barbican][nova][cinder][tacker][glance] Remove Certificate Orders and CAs from API

On 12/5/2017 2:52 AM, na...@vn.fujitsu.com wrote: Hi all, Barbican's team are considering whether the Certificate Orders and CAs should be removed or not [1]. And we would like to hear information from other projects. If you are using this feature for your project, please raise your hand. We

[openstack-dev] [barbican][nova][cinder][tacker][glance] Remove Certificate Orders and CAs from API

Hi all, Barbican's team are considering whether the Certificate Orders and CAs should be removed or not [1]. And we would like to hear information from other projects. If you are using this feature for your project, please raise your hand. We will discuss about this. [1]

Re: [openstack-dev] [barbican] [security] custodia @ PTG

Sure, I'll be there, see you guys on Thursday. On Thu, Aug 17, 2017 at 1:53 PM Luke Hinds wrote: > Hi Raildo, > > That's great news. Are you around next Thursday to jump on > #openstack-meeting-alt at 17:00 UTC? we can then go over some topics. > > @Dave, unless you prefer to

Re: [openstack-dev] [barbican] [security] custodia @ PTG

Hi Raildo, That's great news. Are you around next Thursday to jump on #openstack-meeting-alt at 17:00 UTC? we can then go over some topics. @Dave, unless you prefer to use the Barbican meeting that is (possible synergies to barbican)? Regards, Luke On Thu, Aug 17, 2017 at 1:10 PM, Raildo

Re: [openstack-dev] [barbican] [security] custodia @ PTG

Hi Luke, I'll definitely be there, sounds like a great idea, so we can clarify a lot of topics and make progress in the community together. Cheers, On Thu, Aug 17, 2017 at 5:52 AM Luke Hinds wrote: > Hi Raildo, > > Both Barbican and Security have an interest in custodia

[openstack-dev] [barbican] [security] custodia @ PTG

Hi Raildo, Both Barbican and Security have an interest in custodia and we have it marked down as a topic / discussion point for the PTG [1] Would you be interested / willing to join the Barbican room on Thurs / Fri and propose a walk through / overview etc? [1]

[openstack-dev] [barbican] barbican 5.0.0.0rc1 (pike)

Hello everyone, A new release candidate for barbican for the end of the Pike cycle is available! You can find the source code tarball at: https://tarballs.openstack.org/barbican/ Unless release-critical issues are found that warrant a release candidate respin, this candidate will be

[openstack-dev] [Barbican] Status of PKCS#11 Plug-in

Hi all, I would like to get clarity about the sate of the Barbican PKCS#11 Plug-in. We did some tests against against the PKCS#11 implementation opencryptoki configured with a s390x hardware backend. The main issue seems to be, that the plug-in has been developed against PKCS#11 2.40 draft [2]-

Re: [openstack-dev] [barbican] Help for Barbican and UWSGI Community Goal

On 6/23/17, 2:24 PM, "Matthew Treinish" wrote: >On Fri, Jun 23, 2017 at 04:11:50PM +, Dave McCowan (dmccowan) wrote: >> The Barbican team is currently lacking a UWSGI expert. >> We need help identifying what work items we have to meet the UWSGI >>community goal.[1] >>

Re: [openstack-dev] [barbican] Help for Barbican and UWSGI Community Goal

On Fri, Jun 23, 2017 at 04:11:50PM +, Dave McCowan (dmccowan) wrote: > The Barbican team is currently lacking a UWSGI expert. > We need help identifying what work items we have to meet the UWSGI community > goal.[1] > Could someone with expertise in this area review our code and docs [2] and

[openstack-dev] [barbican] Help for Barbican and UWSGI Community Goal

The Barbican team is currently lacking a UWSGI expert. We need help identifying what work items we have to meet the UWSGI community goal.[1] Could someone with expertise in this area review our code and docs [2] and help me put together a to-do list? Thanks! Dave (dave-mccowan) [1]

[openstack-dev] [barbican] [security] Project Onboarding in Boston

Greetings! If you are interested in learning more about Barbican with a goal to contribute, please come to the Barbican Project Onboarding session on Tuesday, May 9, at 2pm in Room MR101. We'll be sharing the time slot with the Security project for those interested in becoming an OpenStack

Re: [openstack-dev] [barbican] Nominating Jeremy Liu for Barbican Core

> Barbicaneers, please indicate your agreement by responding with +1. +1 from me. Jeremy has been a valuable contributor for the past several development cycles. Kaitlin __ OpenStack Development Mailing List (not for usage

Re: [openstack-dev] [barbican] Nominating Jeremy Liu for Barbican Core

+1 from my side. I think he's been doing pretty good contributions and has definitely earned it. On Mon, Apr 24, 2017 at 7:13 PM, Dave McCowan (dmccowan) wrote: > I'm pleased to nominate Jeremy Liu for Barbican core. > > He's been a top reviewer and contributor to Barbican

[openstack-dev] [barbican] Nominating Jeremy Liu for Barbican Core

I'm pleased to nominate Jeremy Liu for Barbican core. He's been a top reviewer and contributor to Barbican since Newton and his efforts are very much appreciated. http://stackalytics.com/?module=barbican-group_id=liujiong=pike Barbicaneers, please indicate your agreement by responding with +1.

Re: [openstack-dev] [barbican] How to update cert in the secret

ontent for LBaaS. This will be included in the octavia OpenStack client. > > > > Michael > > > > *From:* Andrey Grebennikov [mailto:agrebenni...@mirantis.com] > *Sent:* Monday, April 3, 2017 12:14 PM > *To:* OpenStack Development Mailing List (not for usage question

Re: [openstack-dev] [barbican] How to update cert in the secret

(not for usage questions) <openstack-dev@lists.openstack.org> Subject: [openstack-dev] [barbican] How to update cert in the secret Hey Barbican folks, I have a question regarding the functionality of the secrets containers please. If I got my secret created is there a way to

[openstack-dev] [barbican] How to update cert in the secret

Hey Barbican folks, I have a question regarding the functionality of the secrets containers please. If I got my secret created is there a way to update it down the road with another cert? The usecase is pretty common - using barbican with neutron lbaas. When the load balance from the lbaas

Re: [openstack-dev] [barbican][castellan] How to share secrets in barbican

Another option: If you want to give User-A read access to all Project-B secrets, you could assign User-A the role of "observer" in Project-B. This would use the default RBAC policy, not give every user access to the secrets, and be more convenient than adding each user to the ACL of each

Re: [openstack-dev] [barbican][castellan] How to share secrets in barbican

Thanks Kaitlin Farr. In tacker vim usecase, an operator [user A] may create a vim with an account[user B] to access the NFVI. I want to store user B's password in barbican. There are two methods to store secret: 1. All user A's vim secrets are stored in one common reserved project/user as

Re: [openstack-dev] [barbican][castellan] How to share secrets in barbican

>    As i known, the secrets are saved in a user's domain, and other  > project/user can not retrieve the secrets. >    But i have a situation that many users need retrieve a same secret. > >    After looking into the castellan usage,  I see the method that saving the  >credentials in 

[openstack-dev] [barbican][castellan] How to share secrets in barbican

Hello, folks: As i known, the secrets are saved in a user's domain, and other project/user can not retrieve the secrets. But i have a situation that many users need retrieve a same secret. After looking into the castellan usage, I see the method that saving the credentials in

Re: [openstack-dev] [barbican] Rolling upgrade in Barbican project

d you please refer this mailing-list [1] for more detail. [1] http://lists.openstack.org/pipermail/openstack-dev/2017-March/113073.html -Original Message- From: Clint Byrum [mailto:cl...@fewbar.com] Sent: Wednesday, March 01, 2017 1:57 AM To: openstack-dev Subject: Re: [openstack-dev]

Re: [openstack-dev] [barbican] Rolling upgrade in Barbican project

.org/#/c/386685/ -Original Message- From: Dave McCowan (dmccowan) [mailto:dmcco...@cisco.com] Sent: Tuesday, February 28, 2017 9:07 PM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [barbican] Rolling upgrade in Barbican project Hi Nam--

Re: [openstack-dev] [barbican] Rolling upgrade in Barbican project

Excerpts from na...@vn.fujitsu.com's message of 2017-02-28 09:52:13 +: > Hi everyone, > > Recently, there are many emails to discuss a topic that "Why are projects > trying to avoid Barbican, still?" [0]. That is very an interesting topic. Now > I would like to make a new topic related to

Re: [openstack-dev] [barbican] Rolling upgrade in Barbican project

Hi Nam-- Thanks for writing. Offline rolling upgrades is part of the current Barbican project. Better support and documentation for upgrades would be a welcome addition. 1) API Versioning Currently, Barbican only has one API version. The wiki you reference is an old list of ideas that we

[openstack-dev] [barbican] Rolling upgrade in Barbican project

Hi everyone, Recently, there are many emails to discuss a topic that "Why are projects trying to avoid Barbican, still?" [0]. That is very an interesting topic. Now I would like to make a new topic related to Rolling upgrade. I am trying to find information about the strategy to support

[openstack-dev] [barbican] barbican 4.0.0.0rc1 (ocata)

Hello everyone, A new release candidate for barbican for the end of the Ocata cycle is available! You can find the source code tarball at: https://tarballs.openstack.org/barbican/ Unless release-critical issues are found that warrant a release candidate respin, this candidate will be

  1   2   3   4   5   >