Monday, 2014-11-24

*** woodster_ has joined #openstack-barbican01:51
*** ryanpetrello has joined #openstack-barbican04:20
*** zz_dimtruck is now known as dimtruck04:21
*** dimtruck is now known as zz_dimtruck05:07
*** ryanpetrello has quit IRC05:49
*** woodster_ has quit IRC05:50
*** miqui_ has quit IRC08:05
*** viktors has joined #openstack-barbican10:34
*** viktors is now known as viktors|afk11:09
openstackgerritTim Kelsey proposed openstack/barbican: Adding client certificates to connection credentials
openstackgerritTim Kelsey proposed openstack/barbican: Adding client certificates to connection credentials
*** SheenaG1 has joined #openstack-barbican12:33
openstackgerritMerged openstack/barbican-specs: Remove Kilo placeholder file
*** jraim has quit IRC13:24
*** jraim has joined #openstack-barbican13:25
*** tdink has quit IRC13:25
*** tdink has joined #openstack-barbican13:27
*** ayoung has joined #openstack-barbican13:41
*** dave-mccowan has joined #openstack-barbican14:03
*** nkinder has quit IRC14:10
*** ryanpetrello has joined #openstack-barbican14:12
*** SheenaG1 has quit IRC14:21
*** woodster_ has joined #openstack-barbican14:23
*** ametts has joined #openstack-barbican14:42
*** SheenaG1 has joined #openstack-barbican14:47
openstackgerritTim Kelsey proposed openstack/barbican: Adding client certificates to connection credentials
*** nkinder has joined #openstack-barbican14:54
*** ayoung is now known as ayoung-afk15:22
*** rellerreller has joined #openstack-barbican15:25
*** atiwari has joined #openstack-barbican15:35
*** zz_dimtruck is now known as dimtruck15:41
*** ayoung-afk is now known as ayoung15:53
*** kebray has joined #openstack-barbican16:04
*** rellerreller has quit IRC16:09
*** rellerreller has joined #openstack-barbican16:11
*** dave-mccowan has quit IRC16:14
*** dave-mccowan has joined #openstack-barbican16:33
alee_dave-mccowan, ping16:39
dave-mccowanalee_ Hi Ade16:39
alee_dave-mccowan, hey Dave -- when you get a chance - please take a look at
alee_dave-mccowan, its not rfc7030 - but was certainly inspired by it.16:40
dave-mccowanalee_  thanks.  will do.  overall i think this is a good approach.  keeping the barbican structure, while borrowing liberally from a well-vetted interface.16:43
alee_dave-mccowan, thanks -look forward to your comments/improvements :)16:44
*** kgriffs|afk is now known as kgriffs16:47
*** rellerreller has quit IRC17:03
*** rellerreller has joined #openstack-barbican17:20
*** JeffF has joined #openstack-barbican17:23
*** dave-mccowan has quit IRC17:30
*** rellerreller has quit IRC17:38
*** mikedillion has joined #openstack-barbican17:44
*** jorge_munoz has joined #openstack-barbican17:51
*** mikedillion has quit IRC17:54
*** rellerreller has joined #openstack-barbican18:07
*** dave-mccowan has joined #openstack-barbican18:17
*** jaosorior has joined #openstack-barbican18:46
openstackgerritThomas Dinkjian proposed openstack/barbican: Added smoke tests for consumers
*** jorge_munoz has quit IRC18:55
*** rellerreller has quit IRC19:04
*** rellerreller has joined #openstack-barbican19:05
*** kgriffs is now known as kgriffs|afk19:13
openstackgerritAdam Harwell proposed openstack/barbican: Container deletion will now clean up Consumers
rm_workerr, forgot to run tox... *crosses fingers*19:17
rm_worktdink: that's the change I mentioned19:17
rm_workgoing to need a patchset for a single blank line T_T19:19
jaosoriorrm_work: lol19:19
rm_workthat's what I get for instinctively typing `git review` before running tox19:20
jaosoriorshouldn't .the call to self.consumer_repo.get_by_container_id also be wrapped by the try: ... except: ?19:23
rm_workIt's suppress_errors19:23
rm_workerr, suppress_exception19:23
jaosorioraaah shit, didn't read that part19:23
jaosoriorbut anyway, why would we want to supress if the container is not found? why not catch it immediately?19:24
rm_workthat's just if there are no consumers19:24
rm_worksince probably 99% of containers won't have any :P19:24
rm_workwe're not really concerned if there's zero found19:25
jaosoriorfair enough19:25
jaosoriorthe rest of the CR seems alright19:25
rm_workwaiting for tests to pass locally and will update with the -blankline19:27
jaosoriorthough for the tests readability, maybe it would make sense to do an "assert_called_once" for the consumer_repo.delete_entity_by_id19:27
rm_workit's called twice though19:27
rm_workso that would be problematic :P19:27
jaosorioraah crap19:28
jaosorior(need to sleep)19:28
rm_workit's cool, I am very much enjoying being a step ahead for once :P19:28
rm_worksince usually that's not the case :)19:29
jaosoriorhahaha well, I was pretty hangover in the morning :P it's been a loooooong day19:29
rm_worksounds like a fun weekend tho19:29
jaosoriorooh it was brilliant19:29
jaosoriorwell, I guess you could actually get the call count for the delete_entity_by_id and assert using that19:31
rm_workyeah, I could do that as well19:31
rm_workbut I prefer testing specific calls19:31
rm_workthis way I know I didn't do something stupid and just delete the same consumer twice, or something like that19:32
jaosoriorsomething such as self.assertEqual(self.consumer_repo.delete_entity_by_id.call_count, len(consumers))19:32
jaosoriorwell, was just mentioning so it became obscenely aparent when reading the test that the delete_entity_by_id is being tested. as of now there is only a check if the id was retrieved, which would then lead me to read the code in the other file again19:33
jaosorioranyway, no biggie, I could do without the call_count check; I know it's quite tricky19:34
jaosoriorgonna wait for Jenkins before scoring it19:34
rm_workit's just not as specific :P19:34
jaosoriorI know, actually I like that the check for the getting of the id is there19:35
rm_workis it?19:35
jaosorioranyway, it looks good19:37
jaosoriorwill wait for jenkins now19:37
rm_worki am getting local tox failures19:37
rm_workbut unrelated to my change I think19:37
rm_workdb type could not be determined19:37
rm_workerror: testr failed (3)19:37
rm_workhaven't run tox on this repo in a while19:37
rm_worksomething must have changed19:37
tdinksorry was out to lunch ill take a look rm_work19:38
openstackgerritAdam Harwell proposed openstack/barbican: Container deletion will now clean up Consumers
rm_workwoo blank line removed T_RT19:39
rm_worktdink: yeah it took me an extra hour because I went to lunch right before doing the commit :P19:39
jaosoriorwhat time is it over there?19:40
rm_work1:40pm currently19:40
rm_workor 13:4019:40
rm_worktake your pick19:40
jaosoriorunix epoch? :P19:41
*** tkelsey has joined #openstack-barbican19:42
rm_work1416858094 ? :P19:42
rm_workof course, that's not super useful :)19:42
jaosoriorby the way, has there been a decision regarding the mid-cycle?19:44
SheenaG1Has anyone seen redrobot today?19:45
rm_workoh, also I realize I still owe a Consumer's implementation for Secrets as well <_<19:45
SheenaG1(seen = in this channel)19:45
rm_workSheenaG1: I don't even see him physically :/19:46
reaperhulkjaosorior: I believe the tentative plan is mid-February in SF, but that's dependent on redrobot inquiring with Geekdom SF19:46
SheenaG1rm_work: I think he's ETO19:46
reaperhulkETO, pssh19:46
reaperhulkSo am I19:46
* reaperhulk is writing X50919:46
rm_workoh, I had topics for today's meeting19:46
SheenaG1reaperhulk: are you on ETO and working on x509?19:46
reaperhulkI might be.19:46
jaosoriorreaperhulk: thought there was a desired plan of doing it with the keystone guys, which I guess would have been in SAT?19:47
SheenaG1reaperhulk: scriiiiiiiiiiiiiiiiiiiiiiiiiiptsssssssssssssss19:47
rm_workreaperhulk: so how long until we can remove any dependency on PyOpenSSL and *just* rely on pyca?19:47
reaperhulkjaosorior: I think we're going to align it with OpenStack Security Group because Keystone + OSSG + barbican was getting too big19:47
rm_workyeah I thought I heard Geekdom SA19:47
rm_worksad, won't be able to make it then :(19:48
reaperhulkjaosorior: but since nothing is confirmed yet I dunno19:48
rm_workreaperhulk: and by "we", I mean Octavia and Neutron-LBaaS in this case19:48
reaperhulkSheenaG1: When I'm on vacation you'll have to accept that I'm working on something that will help chellygel ;)19:48
jaosoriorI guess the Keystone guys were also quite interested in getting aligned to the OSSG one19:48
SheenaG1reaperhulk: I hate you.19:49
chellygelSheenaG1, i love reaperhulk19:49
SheenaG1reaperhulk: but I will accept your ETO plans.19:49
morganfainbergjaosorior, if at all possible.19:49
SheenaG1chellygel: I hate you too.19:49
chellygelSheenaG1, is a liaaarrr19:49
jaosoriorhaha I was about to mention you morganfainberg19:49
morganfainbergjaosorior, you mentioned "keystone" ;)19:49
rm_workwas wondering if you had "keystone" on highlight :P19:49
jaosoriorlol, got a bot for that? :P19:49
rm_worksince you seem to show up at all the right moments19:49
jaosoriorI wouldn't mind if it takes too long, makes my trip worth while :P19:50
morganfainbergjaosorior, FYI, i've heard from some US Govt. folks, if we had an aligned time they'd love to show up to Keystone, Barbican, Security.19:50
morganfainbergbut we're (keystone) def. in SA.19:50
morganfainbergso it may be a no-go for the alignment this time around19:50
reaperhulkjaosorior, morganfainberg : This is the last I saw
morganfainbergreaperhulk, yeah19:51
rm_workreaperhulk: ah, my first meeting topic today is related to Certificate validation, wrt validating cert/pk/passphrase as a set + expiration and such19:52
rm_workreaperhulk: does pyca do all of that without PyOpenSSL?19:52
morganfainbergand as much as I'd like to join Barbican / OSSG meetup i have to be in the bay area thurs and fri of that week for an HP meeting thing.19:52
reaperhulknot yet.19:52
rm_workright now I've been loading stuff up with pyOpenSSL19:53
rm_workreaperhulk: is that related to what you're doing now? :P I would assume so19:53
reaperhulkpyca/cryptography is going to get the rudiments of x509 support shortly, but it will take a while to flesh it out to the extent that it can do all that19:53
rm_workreaperhulk: you're writing x509 import/export support?19:53
reaperhulkimport + some limited parsing for the moment19:53
reaperhulkno support for chain building, extensions, or even subject/issuer yet19:53
* reaperhulk is trying to bite it off in chewable chunks19:54
morganfainbergreaperhulk, jaosorior, let me know if you guys are overlapping with us, OSSG, both... in any case. - keep me posted :)19:54
jaosoriorsure man19:54
rm_workmost of that is just trivial yet time consuming pyasn1 stuff, right?19:54
reaperhulksadly not trivial either :/19:54
reaperhulktime consuming and non-trivial woo!19:54
reaperhulkbut yes19:54
rm_workwe took a crack at some pyasn1 stuff for x509 on our own and it didn't seem TOO bad19:55
rm_workit's ... interesting19:55
rm_workbut seemed pretty doable, just a lot of weird edge cases19:55
jaosoriormorganfainberg: but... the keystone has been decided already, right?19:55
rm_workI guess you'd know better though :P I just dabble19:55
reaperhulkAnd the weird edge cases are the problem. If asn.1 can do it cryptography requires a test for it ;)19:55
morganfainbergjaosorior, yes. just meant if you are in the same place as we are19:55
rm_workreaperhulk: erk T_T19:55
morganfainbergplease let me know. ;)19:55
jaosoriorwhat dates was it again?19:56
morganfainbergwe're Jan 19, 20, 2119:56
morganfainbergin San Antonio19:56
jaosoriorthanks for the info dude19:56
rm_workreaperhulk: well, if you got it all spec'd out / handlers in place or some such, I could take a crack at filling in some stuff+tests19:56
morganfainbergof course19:56
rm_workreaperhulk: if you don't feel like hero-ing the whole thing :P19:56
reaperhulkrm_work thanks for the offer. As I get further along I'll let you know19:57
jaosoriorah, reaperhulk19:57
* redrobot puts vacation on hold to run meeting19:57
jaosoriorI forgot to tell you19:57
rm_workredrobot: :P19:57
jaosorioryou kinda got famous dude19:57
jaosoriorsome mexican dev friends of mine really dig your work :P19:57
reaperhulk...what? haha19:57
*** jorge_munoz has joined #openstack-barbican19:58
jaosorioranyway, just remembered :P19:58
jaosoriorredrobot: travelling anywhere?19:59
reaperhulkI will let my fame go right to my head19:59
redrobotjaosorior nope, just had a ton of ETO I have to burn before the end of the year19:59
* reaperhulk is kind of a big deal19:59
jaosorioruuhh... what's ETO?20:00
*** darrenmoffat has quit IRC20:00
reaperhulkearned time off20:00
rm_workI still thought it was funny I was using reaperhulk's appletv hacking guide before I realized who wrote it :P20:00
jaosoriorseems legit20:00
reaperhulkthat appletv workaround is like the most popular blog post I've ever written20:00
redrobotmeeting starting now in #openstack-meeting-alt20:00
rm_workbecause fuck apple, that's why T_T20:00
jaosorioris it now?20:00
*** darrenmoffat has joined #openstack-barbican20:01
*** gyee_ has joined #openstack-barbican20:25
*** alee_ has quit IRC20:46
*** paul_glass1 has joined #openstack-barbican20:57
*** dg__ has joined #openstack-barbican21:00
*** tkelsey has quit IRC21:01
*** paul_glass1 has quit IRC21:02
*** dg__ has quit IRC21:04
*** kgriffs|afk is now known as kgriffs21:10
rm_workBPs for Castellan would have to wait until the repos are created to be posted, yes? :P21:16
rm_workuhh am I missing something or did Zuul just not pick up my change at all?
rm_workit's not showing up in zuul at all21:18
*** alee has joined #openstack-barbican21:18
aleerellerreller, ok - what did I miss?21:19
rellerrelleralee More of the same21:20
aleerellerreller, so did we decide on anything differently from what we decided in Paris?21:20
rellerrelleralee The big takeways were that I proposed using Base64 encoded ANS.1 DER encoded objects and there is a new etherpad page started21:21
rm_workso, I guess asking for PEM is redundant if you're storing it in a typed secret?21:21
rellerrelleralee I found this RFC for public keys
rm_worksince PEM is just Base64 ASN.1 DER, but with start/end tags?21:22
rellerrelleralee Paul said private keys can be stored using PKCS#8 format21:22
rm_workyeah PKCS8 is what we expect currently for CLB21:22
rellerrellerrm_work I would eventually like to support storing and retrieving in PEM and DER format, but for the first round we said that we would only support one format to make things simple21:23
rellerrellerwhat is CLB?21:23
rm_workI would have assumed we'd make that one format be PEM :)21:23
rm_workah sorry, Cloud Load Balancers -- Rack thing21:23
rm_workthat's technically what team I'm on :)21:23
rellerrellerIt could be PEM. It's not a big deal since that is nearly identitical to what I am proposing.21:24
rellerrellerI just want a standard notation for all of these things21:25
aleerellerreller, did reaperhulk have any suggestions on either public/private keys?21:25
aleerellerreller, +121:25
rellerrelleralee reaperhulk suggested PKCS#821:25
*** dave-mccowan has quit IRC21:39
*** SheenaG1 has quit IRC21:46
*** dimtruck is now known as zz_dimtruck21:52
*** atiwari has quit IRC21:58
*** kebray has quit IRC22:03
*** kebray_ has joined #openstack-barbican22:04
*** mikedillion has joined #openstack-barbican22:06
*** SheenaG1 has joined #openstack-barbican22:18
*** alee has quit IRC22:21
*** alee has joined #openstack-barbican22:21
*** rellerreller has quit IRC22:30
*** SheenaG1 has quit IRC22:31
*** alee has quit IRC22:35
*** SheenaG1 has joined #openstack-barbican22:36
*** paul_glass has joined #openstack-barbican22:57
*** paul_glass has quit IRC23:02
*** jaosorior has quit IRC23:03
*** nkinder has quit IRC23:06
*** alee has joined #openstack-barbican23:17
*** kebray_ has quit IRC23:17
*** JeffF has quit IRC23:46
*** kgriffs is now known as kgriffs|afk23:53
*** kgriffs|afk is now known as kgriffs23:55

Generated by 2.14.0 by Marius Gedminas - find it at!