Good morning Openstack,

I hope this message finds you well. I wanted to follow up from Alex's last email below to help to clarify our questions here. We're reaching out to ask your reviewers for their feedback on what had changed on your side during our course of work. https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/814865

We had been working with your team over many months, and had been tracking to commit the code upstream. We were not sure why the Openstack reviewers had not brought up this potential concern for us earlier on in our discussions to be addressed. 

Can you please advise us why that particular comment regarding the requirement for this to be an ansible plugin stops us from being able to commit the code?

We look forward to your feedback here, and would be happy to schedule a call as well to talk this through. Please let us know if you have any questions.

Thank you,

Kelsi Parenteau, PMP, PMI-ACP, CSM

Senior Project Manager

d: 586.473.1230 I m: 313.404.3214

 

  

  

From: Alexander Yeremko <a.yeremko@connectria.com>
Sent: Tuesday, March 29, 2022 4:10 PM
To: openstack-discuss@lists.openstack.org <openstack-discuss@lists.openstack.org>
Cc: Tina Wisbiski <t.wisbiski@connectria.com>; Kelsi Parenteau <k.parenteau@connectria.com>; Yuliia Romanova <y.romanova@connectria.com>
Subject: plain text config parameters encryption feature
 
Dear OpenStack community,

we are developing plain text config secrets encryption feature according to the next specification:

https://specs.openstack.org/openstack/openstack-ansible-specs/specs/xena/protecting-plaintext-configs.html

We started from Glance OS service and submitted two patchsets already:

https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/814865

Now we have two questions that we need to clarify to proceed our work on that feature and finish our development:

1. Is it correct that we need to develop more patchsets to rework some logic of encryption mechanism according
to comment to 'files/encypt_secrets.py' script that arised at the second patchset (PatchSet 2) dated Nov/30/2021 ?
Comment is by Dmitry Rabotyagov: "We _really_ should make it as an ansible plugin and re-work logic"

2. We wish to have such feature in previous releases also, not just in upcoming Yoga or Zed.
Stein, Train and Victoria - it would be excellent to have plain text secrets encryption with these releases also.
So question is how is it possible to use our feature in those releases also? Can we push some backports to those releases openstack-ansible repo?

Could someone be so kind and give us answers?

Best regards and wishes,
Alex Yeremko
This E-Mail (including any attachments) may contain privileged or confidential information. It is intended only for the addressee(s) indicated above. The sender does not waive any of its rights, privileges or other protections respecting this information. Any distribution, copying or other use of this E-Mail or the information it contains, by other than an intended recipient, is not sanctioned and is prohibited. If you received this E-Mail in error, please delete it and advise the sender (by return E-Mail or otherwise) immediately. Any calls held by you with Connectria may be recorded by an automated note taking system to ensure prompt follow up and for information collection purposes, and your attendance on any calls with Connectria confirms your consent to this. Any E-mail received by or sent from Connectria is subject to review by Connectria supervisory personnel.