Hi,
Trying to implement kms_keymaster in Swift (to enable encryption), I
have found out that Castellan's KeystonePassword doesn't include any
option for root CA certificates (neither a insecure=True option). In
such a configuration, it's not easy to test.
So my question is: has anyone from the Ba
Hi openstack-dev@,
During the weekly meeting today the topic of moving the weekly meeting
forward by an hour to adjust for US Daylight Savings Time ending was
brought up. All contributors in attendance unanimously voted for the
move. [1]
If you would like to participate in the meetings and didn'
Hello Zane--
Yes, this vision is consistent with the Barbican team's vision.
Barbican provides an abstraction layer over HSMs and other secret
storage services. We have a plugin architecture to enable this
abstraction over a variety of backends. Vault is a recent addition to our
supported
Greetings, Barbican team!
As you may be aware, I've been working with other folks in the community
on documenting a vision for OpenStack clouds (formerly known as the
'Technical Vision') - essentially to interpret the mission statement in
long-form, in a way that we can use to actually help gui
> > >
> > > I've approved it for a UC only bump
> > >
>
> We are still waiting on https://review.openstack.org/594541 to merge,
> but I already voted and noted that it was FFE approved.
>
> --
> Matthew Thode (prometheanfire)
And I have now approved the u-c update. We should be all set now.
On 18-08-22 23:06:36, Ade Lee wrote:
> Thanks guys,
>
> Sorry - it was not clear to me if I was supposed to do anything
> further. It seems like the requirements team has approved the FFE and
> the release has merged. Is there anything further I need to do?
>
> Thanks,
> Ade
>
> On Tue, 2018-
Thanks guys,
Sorry - it was not clear to me if I was supposed to do anything
further. It seems like the requirements team has approved the FFE and
the release has merged. Is there anything further I need to do?
Thanks,
Ade
On Tue, 2018-08-21 at 14:16 -0500, Matthew Thode wrote:
> On 18-08-21
On 18-08-21 14:00:41, Ben Nemec wrote:
> Because castellan is in global-requirements, we need an FFE from
> requirements too. Can someone from the requirements team respond to the
> review? Thanks.
>
> On 08/16/2018 04:34 PM, Ben Nemec wrote:
> > The backport has merged and I've proposed the rel
Because castellan is in global-requirements, we need an FFE from
requirements too. Can someone from the requirements team respond to the
review? Thanks.
On 08/16/2018 04:34 PM, Ben Nemec wrote:
The backport has merged and I've proposed the release here:
https://review.openstack.org/592746
The backport has merged and I've proposed the release here:
https://review.openstack.org/592746
On 08/15/2018 11:58 AM, Ade Lee wrote:
Done.
https://review.openstack.org/#/c/592154/
Thanks,
Ade
On Wed, 2018-08-15 at 09:20 -0500, Ben Nemec wrote:
On 08/14/2018 01:56 PM, Sean McGinnis wrote:
Done.
https://review.openstack.org/#/c/592154/
Thanks,
Ade
On Wed, 2018-08-15 at 09:20 -0500, Ben Nemec wrote:
>
> On 08/14/2018 01:56 PM, Sean McGinnis wrote:
> > > On 08/10/2018 10:15 AM, Ade Lee wrote:
> > > > Hi all,
> > > >
> > > > I'd like to request a feature freeze exception to get the
On 08/14/2018 01:56 PM, Sean McGinnis wrote:
On 08/10/2018 10:15 AM, Ade Lee wrote:
Hi all,
I'd like to request a feature freeze exception to get the following
change in for castellan.
https://review.openstack.org/#/c/575800/
This extends the functionality of the vault backend to provide
pr
> On 08/10/2018 10:15 AM, Ade Lee wrote:
> > Hi all,
> >
> > I'd like to request a feature freeze exception to get the following
> > change in for castellan.
> >
> > https://review.openstack.org/#/c/575800/
> >
> > This extends the functionality of the vault backend to provide
> > previously uni
On 08/10/2018 10:15 AM, Ade Lee wrote:
Hi all,
I'd like to request a feature freeze exception to get the following
change in for castellan.
https://review.openstack.org/#/c/575800/
This extends the functionality of the vault backend to provide
previously uninmplemented functionality, so it s
On Mon, Aug 13, 2018 at 09:56:44AM -0400, Paul Belanger wrote:
> On Thu, Aug 02, 2018 at 08:01:46PM -0400, Paul Belanger wrote:
> > Greetings,
> >
> > We've had fedora-28 nodes online for some time in openstack-infra, I'd like
> > to
> > finish the migration process and remove fedora-27 images.
>
Hello everyone,
A new release candidate for barbican for the end of the Rocky
cycle is available! You can find the source code tarball at:
https://tarballs.openstack.org/barbican/
Unless release-critical issues are found that warrant a release
candidate respin, this candidate will be forma
On Thu, Aug 02, 2018 at 08:01:46PM -0400, Paul Belanger wrote:
> Greetings,
>
> We've had fedora-28 nodes online for some time in openstack-infra, I'd like to
> finish the migration process and remove fedora-27 images.
>
> Please take a moment to review and approve the following patches[1]. We'll
Hi all,
I'd like to request a feature freeze exception to get the following
change in for castellan.
https://review.openstack.org/#/c/575800/
This extends the functionality of the vault backend to provide
previously uninmplemented functionality, so it should not break anyone.
The castellan vaul
Greetings,
We've had fedora-28 nodes online for some time in openstack-infra, I'd like to
finish the migration process and remove fedora-27 images.
Please take a moment to review and approve the following patches[1]. We'll be
using the fedora-latest nodeset now, which make is a little easier for
You probably also need to change the parameters being added to the
structure to match the chosen padding mechanism.
mech = self.ffi.new("CK_MECHANISM *")
mech.mechanism = CKM_AES_CBC_PAD
iv = self._generate_random(16, session)
mech.parameter = iv
mech.parame
BTW, i am using `CKM_RSA_PKCS` because it's the only one of the suggested
mechanisms that SoftHSM supports according to the output of `pkcs11-tool
--module libsofthsm2.so ---slot $slot --list-mechanisms`.
*$ pkcs11-tool --module libsofthsm2.so ---slot $slot --list-mechanisms*
*...*
*RSA-PKCS, key
Hi Ade,
Thanks for your reply.
I just replaced `CKM_AES_CBC_PAD` with `CKM_RSA_PKCS` here[1], of course I
defined `CKM_RSA_PKCS = 0x0001` in the code, but still got the
following error:
*Jul 11 10:42:05 barbican-devstack devstack@barbican-svc.service[19897]:
2018-07-11 10:42:05.309 19900 WAR
Lingxian,
I don't see any reason not to provide support for other wrapping
mechanisms.
Have you tried hacking the code to use one of the other wrapping
mechanisms to see if it works? Ultimately, what is passed are
parameters to CFFI. As long as you pass in the right input and your
PKCS#11 libr
Hi Barbican guys,
Currently, I am testing the integration between Barbican and SoftHSM v2 but
I met with a problem that SoftHSM v2 doesn't support CKM_AES_CBC_PAD key
wrapping operation which is hardcoded in Barbican code here
https://github.com/openstack/barbican/blob/5dea5cec130b59ecfb8d46435cd7
Thanks so much for your contributions to our ecosystem, Brianna! I'm sad
to see you go! :(
Best,
-jay
On 07/03/2018 03:13 PM, Poulos, Brianna L. wrote:
All,
After over five years of contributing security features to OpenStack,
the JHUAPL team is wrapping up our involvement with OpenStack.
All,
After over five years of contributing security features to OpenStack, the
JHUAPL team is wrapping up our involvement with OpenStack.
To all who have reviewed/improved/accepted our contributions, thank you. It
has been a pleasure to be a part of the community.
Regards,
The JHUAPL OpenStac
On Thu, 2018-06-28 at 17:32 -0400, Zane Bitter wrote:
> On 28/06/18 15:00, Douglas Mendizabal wrote:
> > Replying inline.
>
> [snip]
> > IIRC, using URIs instead of UUIDs was a federation pre-optimization
> > done many years ago when Barbican was brand new and we knew we
> > wanted
> > federation
On Mon, 2018-06-18 at 17:23 +, Waines, Greg wrote:
> Hey ... a couple of NEWBY question for the Barbican Team.
>
> I just setup a devstack with Barbican @ stable/queens .
>
> Ran through the “Verify operation” commands (
> https://docs.openstack.org/barbican/latest/install/verify.html ) ...
On 28/06/18 15:00, Douglas Mendizabal wrote:
Replying inline.
[snip]
IIRC, using URIs instead of UUIDs was a federation pre-optimization
done many years ago when Barbican was brand new and we knew we wanted
federation but had no idea how it would work. The rationale was that
the URI would cont
Replying inline.
On Wed, 2018-06-27 at 16:39 -0400, Zane Bitter wrote:
> We're looking at using Barbican to implement a feature in Heat[1]
> and
> ran into some questions about how secrets are identified in the
> client.
>
> With most openstack clients, resources are identified by a UUID. You
>
For now we found two ways to get a secret, with secret href or with secret
URI(which is `secrets/UUID`).
We will turn to use secret URI for now for Heat multi cloud support, but is
there any reason for Barbican client not to
accept only secrets UUID (Secret incorrectly specified error will shows u
We're looking at using Barbican to implement a feature in Heat[1] and
ran into some questions about how secrets are identified in the client.
With most openstack clients, resources are identified by a UUID. You
pass the UUID on the command line (or via the Python API or whatever)
and the clien
Hey ... a couple of NEWBY question for the Barbican Team.
I just setup a devstack with Barbican @ stable/queens .
Ran through the “Verify operation” commands (
https://docs.openstack.org/barbican/latest/install/verify.html ) ... Everything
worked.
stack@barbican:~/devstack$ openstack secret li
Based on popular demand, the new meeting time is now active.
We will meet at Tuesday 12:00 UTC starting this week.
redrobot and Dave will chair the next two meetings as I'm on vacation.
Ade
On Sat, 2018-06-16 at 11:11 +0300, Juan Antonio Osorio wrote:
> +1 I dig
>
> On Fri, 15 Jun 2018, 17:41
+1 from me.
> -Original Message-
> From: Ade Lee [mailto:a...@redhat.com]
> Sent: Friday, June 15, 2018 3:30 AM
> To: OpenStack Development Mailing List (not for usage questions)
>
> Subject: [openstack-dev] [barbican] NEW weekly meeting time
>
> The new t
+1 I dig
On Fri, 15 Jun 2018, 17:41 Dave McCowan (dmccowan),
wrote:
> +1
> This is a great time.
>
> On 6/14/18, 4:30 PM, "Ade Lee" wrote:
>
> >The new time slot has been pretty difficult for folks to attend.
> >I'd like to propose a new time slot, which will hopefully be more
> >amenable to ev
+1
This is a great time.
On 6/14/18, 4:30 PM, "Ade Lee" wrote:
>The new time slot has been pretty difficult for folks to attend.
>I'd like to propose a new time slot, which will hopefully be more
>amenable to everyone.
>
>Tuesday 12:00 UTC
>
>https://www.timeanddate.com/worldclock/fixedtime.html
+1
The new time slot would definitely make it much easier for me to attend
than the current one.
- Douglas Mendizábal
On Thu, 2018-06-14 at 16:30 -0400, Ade Lee wrote:
> The new time slot has been pretty difficult for folks to attend.
> I'd like to propose a new time slot, which will hopefully b
The new time slot has been pretty difficult for folks to attend.
I'd like to propose a new time slot, which will hopefully be more
amenable to everyone.
Tuesday 12:00 UTC
https://www.timeanddate.com/worldclock/fixedtime.html?hour=12&min=00&se
c=0
This works out to 8 am EST, around 1pm in Europe,
Hi all,
I have a conflict for this week's meeting. Therefore we will cancel
for this week and reconvene next week.
Thanks.
Ade
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-req
Hi all,
Thanks to the hard work done by Kendall and Jeremy, Barbican has now
been been migrated to storyboard.
The new link for the Barbican storyboard is https://storyboard.openstac
k.org/#!/project_group/81
This is the starting point for :
python-barbicanclient, castellan-ui, barbican-tempest
Hi Barbican team,
In order to be easy for reviewing some patch sets in Barbican, we propose that
it should have a hangout meeting on 10pm EDT - Monday 30 April. So i would like
to send an email to notify everyone that feel free to join with us by leaving
your email.
Cheers,
Nam?
> > >
> > > Thank you for proposing this change!
> > > I'm in China, and the second time slot works better for me.
> > >
> > > Regards,
> > > Jiong
> > >
> > > > Message: 35
> > > > Date: Tue, 13 Feb
On Mon, Apr 2, 2018 at 8:26 AM, Jim Rollenhagen
wrote:
> On Sat, Mar 31, 2018 at 7:24 PM, Matthew Thode
> wrote:
>
>> Here's the current status. I'd like to ask the projects what's keeping
>> them from removing pycrypto in facor of a maintained library.
>>
>> pyghmi:
>> - (merge conflict) htt
https://storyboard-dev.openstack.org/#!/project_group/27 shows the project
group that has all the barbican repos represented for tracking issues and
new features against.
https://storyboard-dev.openstack.org/#!/project/286 shows items
specifically related to the main barbican repo- its where the m
Hey Barbicaneers,
Kendall has provided us a test migration to storyboard, and Barbican
has apparently migrated smoothly. You can see the test instance in his
email (forwarded below). The correct URL is actually https://storyboar
d-dev.openstack.org/#!/project/286
Any objections/ concerns about
On Sat, 2018-03-31 at 18:24 -0500, Matthew Thode wrote:
> Here's the current status. I'd like to ask the projects what's
> keeping
> them from removing pycrypto in facor of a maintained library.
>
> Open reviews
> barbican:
> - (merge conflict) https://review.openstack.org/#/c/458196
> - (mer
On Sat, Mar 31, 2018 at 7:24 PM, Matthew Thode
wrote:
> Here's the current status. I'd like to ask the projects what's keeping
> them from removing pycrypto in facor of a maintained library.
>
> pyghmi:
> - (merge conflict) https://review.openstack.org/#/c/331828
> - (merge conflict) https:/
Mr. Fire-
> nova-powervm: no open reviews
> - in test-requirements, but not actually used?
> - made https://review.openstack.org/558091 for it
Thanks for that. It passed all our tests; we should merge it early next
week.
-efried
_
Here's the current status. I'd like to ask the projects what's keeping
them from removing pycrypto in facor of a maintained library.
Open reviews
barbican:
- (merge conflict) https://review.openstack.org/#/c/458196
- (merge conflict) https://review.openstack.org/#/c/544873
nova-powervm: no op
Hi all,
I have started a tracker wiki page with some of the features/bugs that
we might want to track for Rocky.
Please take a look and see if there is anything that you would like to
add/ comment on/ volunteer for.
https://etherpad.openstack.org/p/barbican-tracker-rocky
Thanks,
Ade
_
time slot works better for me.
> >
> > Regards,
> > Jiong
> >
> > > Message: 35
> > > Date: Tue, 13 Feb 2018 10:17:59 -0500
> > > From: Ade Lee
> > > To: "OpenStack Development Mailing List (not for usage
> > > questions)"
> >
Kaitlin, thank you for all your contribution over the past years! Wish you all
the best in your new career!
> Hi Barbicaneers,
> I will be moving on to other projects at work and will not have time to
> contribute to OpenStack anymore. I am stepping down as core reviewer as I
> will not be
Hi Barbicaneers,
I will be moving on to other projects at work and will not have time to
contribute to OpenStack anymore. I am stepping down as core reviewer as I will
not be able to maintain my responsibilities. It's been a great 4.5 years
working on OpenStack and a fulfilling 3 years as a
Hi Ade,
The two options are good to me. I choose the second time.
Thanks,
Nam
> -Original Message-
> From: Ade Lee [mailto:a...@redhat.com]
> Sent: Tuesday, February 13, 2018 10:18 PM
> To: OpenStack Development Mailing List (not for usage questions)
>
> Subje
Taking a quick look at the barbican code, it might be that something isn't
setting up the _SESSION_FACTORY [0], but I'm certainly not a barbican
expert. Might be worth while to open a bug [1].
[0]
https://github.com/openstack/barbican/blob/5b525f6b0a7cf5342a9ffa3ca3618028d6d53649/barbican/model/re
Hello,
The Keystone Listener outputs the below error, over and over again, when
processing a delete project event. Do you have any idea why this happens?
Happens the same with Ocata and Pike versions.
Thank you,
Mihaela Balas
2018-02-16 15:36:02.673 1 DEBUG amqp [-] heartbeat_tick : for conne
> Regards,
> Jiong
>
> > Message: 35
> > Date: Tue, 13 Feb 2018 10:17:59 -0500
> > From: Ade Lee
> > To: "OpenStack Development Mailing List (not for usage questions)"
> >
> > Subject: [openstack-dev] [barbican] weekly meeting time
&
Hi Ade,
Thank you for proposing this change!
I'm in China, and the second time slot works better for me.
Regards,
Jiong
> Message: 35
> Date: Tue, 13 Feb 2018 10:17:59 -0500
> From: Ade Lee
> To: "OpenStack Development Mailing List (not for usage questions)"
>
Hi all,
The Barbican weekly meeting has been fairly sparsely attended for a
little while now, and the most active contributors these days appear to
be in Asia.
Its time to consider moving the weekly meeting to a time when more
contributors can attend. I'm going to propose a couple times below to
Hello everyone,
A new release candidate for barbican for the end of the Queens
cycle is available! You can find the source code tarball at:
https://tarballs.openstack.org/barbican/
Unless release-critical issues are found that warrant a release
candidate respin, this candidate will be form
Hello teams,
Yesterday was the RC1 deadline, and we have not seen a release request for
either Barbican or Heat.
If there is some blocking reason for waiting on these, please let us know as
soon as possible. Otherwise, please submit a release request with branching for
stable/queens to the openst
+1, thanks Dave for leading Barbican team in the past cycles
> Message: 20
> Date: Mon, 05 Feb 2018 15:13:31 -0500
> From: Ade Lee
> To: "OpenStack Development Mailing List (not for usage questions)"
>
> Subject: [openstack-dev] [barbican] ca
Fellow Barbicaneers,
I'd like to nominate myself to serve as Barbican PTL through the
Rocky cycle.
Dave has done a great job at keeping the project growing and I'd
like to continue his good work.
This is an exciting time for Barbican. With more distributions
and installers incorporating Barbica
On 01/31/2018 11:50 AM, Pavlo Shchelokovskyy wrote:
> Lance,
>
> that's a single patch renaming the sample policy file from .json to
> .yaml, so I do not think it is a real blocker.
> Besides we have another patch on review that deletes those files
> altogether (and which I like more and there wa
On Wed, Jan 31, 2018 at 12:16 PM, Lance Bragstad wrote:
> Hey folks,
>
> The tracking tool for the policy-and-docs-in-code goal for Queens [0]
> lists a couple projects remaining for the goal [1]. I wanted to start a
> discussion with said projects to see how we want to go about the work in
> the
Lance,
that's a single patch renaming the sample policy file from .json to .yaml,
so I do not think it is a real blocker.
Besides we have another patch on review that deletes those files altogether
(and which I like more and there was an ML thread resulting in a decision
to indeed remove them).
I
On 01/31/2018 06:23 PM, Lance Bragstad wrote:
On 01/31/2018 11:20 AM, Dmitry Tantsur wrote:
Hi!
On 01/31/2018 06:16 PM, Lance Bragstad wrote:
Hey folks,
The tracking tool for the policy-and-docs-in-code goal for Queens [0]
lists a couple projects remaining for the goal [1]. I wanted to sta
On 01/31/2018 11:20 AM, Dmitry Tantsur wrote:
> Hi!
>
> On 01/31/2018 06:16 PM, Lance Bragstad wrote:
>> Hey folks,
>>
>> The tracking tool for the policy-and-docs-in-code goal for Queens [0]
>> lists a couple projects remaining for the goal [1]. I wanted to start a
>> discussion with said proje
Hi!
On 01/31/2018 06:16 PM, Lance Bragstad wrote:
Hey folks,
The tracking tool for the policy-and-docs-in-code goal for Queens [0]
lists a couple projects remaining for the goal [1]. I wanted to start a
discussion with said projects to see how we want to go about the work in
the future, we hav
Hey folks,
The tracking tool for the policy-and-docs-in-code goal for Queens [0]
lists a couple projects remaining for the goal [1]. I wanted to start a
discussion with said projects to see how we want to go about the work in
the future, we have a couple of options.
I can update the document the
On 12/5/17, 11:37 AM, "Matt Riedemann" wrote:
>On 12/5/2017 2:52 AM, na...@vn.fujitsu.com wrote:
>> Hi all,
>>
>> Barbican's team are considering whether the Certificate Orders and CAs
>>should be removed or not [1]. And we would like to hear information from
>>other projects. If you are using
On 12/5/2017 2:52 AM, na...@vn.fujitsu.com wrote:
Hi all,
Barbican's team are considering whether the Certificate Orders and CAs should
be removed or not [1]. And we would like to hear information from other
projects. If you are using this feature for your project, please raise your
hand. We
Hi all,
Barbican's team are considering whether the Certificate Orders and CAs should
be removed or not [1]. And we would like to hear information from other
projects. If you are using this feature for your project, please raise your
hand. We will discuss about this.
[1] https://review.opensta
Sure, I'll be there, see you guys on Thursday.
On Thu, Aug 17, 2017 at 1:53 PM Luke Hinds wrote:
> Hi Raildo,
>
> That's great news. Are you around next Thursday to jump on
> #openstack-meeting-alt at 17:00 UTC? we can then go over some topics.
>
> @Dave, unless you prefer to use the Barbican me
Hi Raildo,
That's great news. Are you around next Thursday to jump on
#openstack-meeting-alt at 17:00 UTC? we can then go over some topics.
@Dave, unless you prefer to use the Barbican meeting that is (possible
synergies to barbican)?
Regards,
Luke
On Thu, Aug 17, 2017 at 1:10 PM, Raildo Masce
Hi Luke,
I'll definitely be there, sounds like a great idea, so we can clarify a lot
of topics and make progress in the community together.
Cheers,
On Thu, Aug 17, 2017 at 5:52 AM Luke Hinds wrote:
> Hi Raildo,
>
> Both Barbican and Security have an interest in custodia and we have it
> marke
Hi Raildo,
Both Barbican and Security have an interest in custodia and we have it
marked down as a topic / discussion point for the PTG [1]
Would you be interested / willing to join the Barbican room on Thurs / Fri
and propose a walk through / overview etc?
[1] https://etherpad.openstack.org/p/b
Hello everyone,
A new release candidate for barbican for the end of the Pike
cycle is available! You can find the source code tarball at:
https://tarballs.openstack.org/barbican/
Unless release-critical issues are found that warrant a release
candidate respin, this candidate will be formal
Hi all,
I would like to get clarity about the sate of the Barbican PKCS#11
Plug-in. We did some tests against against the PKCS#11 implementation
opencryptoki configured with a s390x hardware backend.
The main issue seems to be, that the plug-in has been developed against
PKCS#11 2.40 draft [2]- b
On 6/23/17, 2:24 PM, "Matthew Treinish" wrote:
>On Fri, Jun 23, 2017 at 04:11:50PM +, Dave McCowan (dmccowan) wrote:
>> The Barbican team is currently lacking a UWSGI expert.
>> We need help identifying what work items we have to meet the UWSGI
>>community goal.[1]
>> Could someone with exp
On Fri, Jun 23, 2017 at 04:11:50PM +, Dave McCowan (dmccowan) wrote:
> The Barbican team is currently lacking a UWSGI expert.
> We need help identifying what work items we have to meet the UWSGI community
> goal.[1]
> Could someone with expertise in this area review our code and docs [2] and
The Barbican team is currently lacking a UWSGI expert.
We need help identifying what work items we have to meet the UWSGI community
goal.[1]
Could someone with expertise in this area review our code and docs [2] and help
me put together a to-do list?
Thanks!
Dave (dave-mccowan)
[1] https://gove
Greetings!
If you are interested in learning more about Barbican with a goal to
contribute, please come to the Barbican Project Onboarding session on Tuesday,
May 9, at 2pm in Room MR101.
We'll be sharing the time slot with the Security project for those interested
in becoming an OpenStack Sec
> Barbicaneers, please indicate your agreement by responding with +1.
+1 from me. Jeremy has been a valuable contributor for the past several
development cycles.
Kaitlin
__
OpenStack Development Mailing List (not for usage
+1 from my side. I think he's been doing pretty good contributions and has
definitely earned it.
On Mon, Apr 24, 2017 at 7:13 PM, Dave McCowan (dmccowan) wrote:
> I'm pleased to nominate Jeremy Liu for Barbican core.
>
> He's been a top reviewer and contributor to Barbican since Newton and his
>
I'm pleased to nominate Jeremy Liu for Barbican core.
He's been a top reviewer and contributor to Barbican since Newton and his
efforts are very much appreciated.
http://stackalytics.com/?module=barbican-group&user_id=liujiong&release=pike
Barbicaneers, please indicate your agreement by respond
aaS. This will be included in the octavia OpenStack client.
>
>
>
> Michael
>
>
>
> *From:* Andrey Grebennikov [mailto:agrebenni...@mirantis.com]
> *Sent:* Monday, April 3, 2017 12:14 PM
> *To:* OpenStack Development Mailing List (not for usage questions) <
> opens
(not for usage questions)
Subject: [openstack-dev] [barbican] How to update cert in the secret
Hey Barbican folks, I have a question regarding the functionality of the
secrets containers please.
If I got my secret created is there a way to update it down the road with
another cert?
The
Hey Barbican folks, I have a question regarding the functionality of the
secrets containers please.
If I got my secret created is there a way to update it down the road with
another cert?
The usecase is pretty common - using barbican with neutron lbaas.
When the load balance from the lbaas backend
Another option:
If you want to give User-A read access to all Project-B secrets, you could
assign User-A the role of "observer" in Project-B.
This would use the default RBAC policy, not give every user access to the
secrets, and be more convenient than adding each user to the ACL of each
secret.
Thanks Kaitlin Farr.
In tacker vim usecase, an operator [user A] may create a vim with an
account[user B] to access the NFVI. I want to store user B's password in
barbican.
There are two methods to store secret:
1. All user A's vim secrets are stored in one common reserved
project/user as m
> As i known, the secrets are saved in a user's domain, and other
> project/user can not retrieve the secrets.
> But i have a situation that many users need retrieve a same secret.
>
> After looking into the castellan usage, I see the method that saving the
>credentials in configuratio
Hello, folks:
As i known, the secrets are saved in a user's domain, and other
project/user can not retrieve the secrets.
But i have a situation that many users need retrieve a same secret.
After looking into the castellan usage, I see the method that saving the
credentials in config
table/column.
Could you please refer this mailing-list [1] for more detail.
[1] http://lists.openstack.org/pipermail/openstack-dev/2017-March/113073.html
-Original Message-
From: Clint Byrum [mailto:cl...@fewbar.com]
Sent: Wednesday, March 01, 2017 1:57 AM
To: openstack-dev
Subject:
eview.openstack.org/#/c/386685/
-Original Message-
From: Dave McCowan (dmccowan) [mailto:dmcco...@cisco.com]
Sent: Tuesday, February 28, 2017 9:07 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [barbican] Rolling upgrade in Barbican project
Excerpts from na...@vn.fujitsu.com's message of 2017-02-28 09:52:13 +:
> Hi everyone,
>
> Recently, there are many emails to discuss a topic that "Why are projects
> trying to avoid Barbican, still?" [0]. That is very an interesting topic. Now
> I would like to make a new topic related to Ro
Hi Nam--
Thanks for writing. Offline rolling upgrades is part of the current
Barbican project. Better support and documentation for upgrades would be
a welcome addition.
1) API Versioning
Currently, Barbican only has one API version. The wiki you reference is
an old list of ideas that we st
Hi everyone,
Recently, there are many emails to discuss a topic that "Why are projects
trying to avoid Barbican, still?" [0]. That is very an interesting topic. Now I
would like to make a new topic related to Rolling upgrade. I am trying to find
information about the strategy to support rollin
Hello everyone,
A new release candidate for barbican for the end of the Ocata
cycle is available! You can find the source code tarball at:
https://tarballs.openstack.org/barbican/
Unless release-critical issues are found that warrant a release
candidate respin, this candidate will be forma
1 - 100 of 502 matches
Mail list logo