[openstack-dev] [Barbican] Barebones CA

Clark, Robert Graham robert.clark at hp.com
Thu Jun 26 08:42:02 UTC 2014


On 26/06/2014 03:43, "Nathan Kinder" <nkinder at redhat.com> wrote:

>
>
>On 06/25/2014 02:42 PM, Clark, Robert Graham wrote:
>> 
>> Ok, I’ll hack together a dev plugin over the next week or so, other work
>> notwithstanding. Where possible I’ll probably borrow from the dog tag
>> plugin as I’ve not looked closely at the plugin infrastructure in
>>Barbican
>> recently.
>
>My understanding is that Barbican's plugin interface is currently in the
>midst of a redesign, so be careful not to copy something that will be
>changing shortly.
>
>-NGK

Good point, thanks Nathan, I’ll try to keep the ‘do-poi-stuff’ bit nicely
decoupled from the ‘barbican’ bit.

>
>> 
>> Is this something you’d like a blueprint for first?
>> 
>> -Rob
>> 
>> 
>> 
>> 
>> On 25/06/2014 18:30, "Ade Lee" <alee at redhat.com> wrote:
>> 
>>> I think the plan is to create a Dogtag instance so that integration
>>> tests can be run whenever code is checked in (both with and without a
>>> Dogtag backend).
>>>
>>> Dogtag isn't that difficult to deploy, but being a Java app, it does
>>> bring in a set of dependencies that developers may not want to deal
>>>with
>>> for basic/ devstack testing.
>>>
>>> So, I agree that a simple OpenSSL CA may be useful at least initially
>>>as
>>> a 'dev' plugin.
>>>
>>> Ade
>>>
>>> On Wed, 2014-06-25 at 16:31 +0000, Jarret Raim wrote:
>>>> Rob,
>>>>
>>>> RedHat is working on a backend for Dogtag, which should be capable of
>>>> doing something like that. That's still a bit hard to deploy, so it
>>>> would
>>>> make sense to extend the 'dev' plugin to include those features.
>>>>
>>>>
>>>> Jarret
>>>>
>>>>
>>>> On 6/24/14, 4:04 PM, "Clark, Robert Graham" <robert.clark at hp.com>
>>>>wrote:
>>>>
>>>>> Yeah pretty much.
>>>>>
>>>>> That¹s something I¹d be interested to work on, if work isn¹t ongoing
>>>>> already.
>>>>>
>>>>> -Rob
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 24/06/2014 18:57, "John Wood" <john.wood at RACKSPACE.COM> wrote:
>>>>>
>>>>>> Hello Robert,
>>>>>>
>>>>>> I would actually hope we have a self-contained certificate plugin
>>>>>> implementation that runs 'out of the box' to enable certificate
>>>>>> generation orders to be evaluated and demo-ed on local boxes.
>>>>>>
>>>>>> Is this what you were thinking though?
>>>>>>
>>>>>> Thanks,
>>>>>> John
>>>>>>
>>>>>>
>>>>>>
>>>>>> ________________________________________
>>>>>> From: Clark, Robert Graham [robert.clark at hp.com]
>>>>>> Sent: Tuesday, June 24, 2014 10:36 AM
>>>>>> To: OpenStack List
>>>>>> Subject: [openstack-dev] [Barbican] Barebones CA
>>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> I¹m sure this has been discussed somewhere and I¹ve just missed it.
>>>>>>
>>>>>> Is there any value in creating a basic ŒCA¹ and plugin to satisfy
>>>>>> tests/integration in Barbican? I¹m thinking something that probably
>>>>>> performs OpenSSL certificate operations itself, ugly but perhaps
>>>> useful
>>>>>> for some things?
>>>>>>
>>>>>> -Rob
>>>>>>
>>>>>> _______________________________________________
>>>>>> OpenStack-dev mailing list
>>>>>> OpenStack-dev at lists.openstack.org
>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>>>
>>>>>> _______________________________________________
>>>>>> OpenStack-dev mailing list
>>>>>> OpenStack-dev at lists.openstack.org
>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OpenStack-dev mailing list
>>>>> OpenStack-dev at lists.openstack.org
>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>> _______________________________________________
>>>> OpenStack-dev mailing list
>>>> OpenStack-dev at lists.openstack.org
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>>
>>>
>>> _______________________________________________
>>> OpenStack-dev mailing list
>>> OpenStack-dev at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>> 
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>> 
>
>_______________________________________________
>OpenStack-dev mailing list
>OpenStack-dev at lists.openstack.org
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



More information about the OpenStack-dev mailing list