[openstack-dev] [Barbican] Barebones CA

Nathan Kinder nkinder at redhat.com
Thu Jun 26 02:43:17 UTC 2014



On 06/25/2014 02:42 PM, Clark, Robert Graham wrote:
> 
> Ok, I’ll hack together a dev plugin over the next week or so, other work
> notwithstanding. Where possible I’ll probably borrow from the dog tag
> plugin as I’ve not looked closely at the plugin infrastructure in Barbican
> recently.

My understanding is that Barbican's plugin interface is currently in the
midst of a redesign, so be careful not to copy something that will be
changing shortly.

-NGK

> 
> Is this something you’d like a blueprint for first?
> 
> -Rob
> 
> 
> 
> 
> On 25/06/2014 18:30, "Ade Lee" <alee at redhat.com> wrote:
> 
>> I think the plan is to create a Dogtag instance so that integration
>> tests can be run whenever code is checked in (both with and without a
>> Dogtag backend).
>>
>> Dogtag isn't that difficult to deploy, but being a Java app, it does
>> bring in a set of dependencies that developers may not want to deal with
>> for basic/ devstack testing.
>>
>> So, I agree that a simple OpenSSL CA may be useful at least initially as
>> a 'dev' plugin.
>>
>> Ade
>>
>> On Wed, 2014-06-25 at 16:31 +0000, Jarret Raim wrote:
>>> Rob,
>>>
>>> RedHat is working on a backend for Dogtag, which should be capable of
>>> doing something like that. That's still a bit hard to deploy, so it
>>> would
>>> make sense to extend the 'dev' plugin to include those features.
>>>
>>>
>>> Jarret
>>>
>>>
>>> On 6/24/14, 4:04 PM, "Clark, Robert Graham" <robert.clark at hp.com> wrote:
>>>
>>>> Yeah pretty much.
>>>>
>>>> That¹s something I¹d be interested to work on, if work isn¹t ongoing
>>>> already.
>>>>
>>>> -Rob
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 24/06/2014 18:57, "John Wood" <john.wood at RACKSPACE.COM> wrote:
>>>>
>>>>> Hello Robert,
>>>>>
>>>>> I would actually hope we have a self-contained certificate plugin
>>>>> implementation that runs 'out of the box' to enable certificate
>>>>> generation orders to be evaluated and demo-ed on local boxes.
>>>>>
>>>>> Is this what you were thinking though?
>>>>>
>>>>> Thanks,
>>>>> John
>>>>>
>>>>>
>>>>>
>>>>> ________________________________________
>>>>> From: Clark, Robert Graham [robert.clark at hp.com]
>>>>> Sent: Tuesday, June 24, 2014 10:36 AM
>>>>> To: OpenStack List
>>>>> Subject: [openstack-dev] [Barbican] Barebones CA
>>>>>
>>>>> Hi all,
>>>>>
>>>>> I¹m sure this has been discussed somewhere and I¹ve just missed it.
>>>>>
>>>>> Is there any value in creating a basic ŒCA¹ and plugin to satisfy
>>>>> tests/integration in Barbican? I¹m thinking something that probably
>>>>> performs OpenSSL certificate operations itself, ugly but perhaps
>>> useful
>>>>> for some things?
>>>>>
>>>>> -Rob
>>>>>
>>>>> _______________________________________________
>>>>> OpenStack-dev mailing list
>>>>> OpenStack-dev at lists.openstack.org
>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>>
>>>>> _______________________________________________
>>>>> OpenStack-dev mailing list
>>>>> OpenStack-dev at lists.openstack.org
>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>
>>>>
>>>> _______________________________________________
>>>> OpenStack-dev mailing list
>>>> OpenStack-dev at lists.openstack.org
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>> _______________________________________________
>>> OpenStack-dev mailing list
>>> OpenStack-dev at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 



More information about the OpenStack-dev mailing list