Friday, 2015-03-20

*** tkelsey has joined #openstack-barbican00:28
*** tkelsey has quit IRC00:32
*** alee has joined #openstack-barbican00:46
*** SheenaG has joined #openstack-barbican01:12
*** SheenaG has quit IRC01:49
*** woodster_ has quit IRC02:00
*** alee_afk has quit IRC02:13
*** jamielennox is now known as jamielennox|lunc02:32
*** jamielennox|lunc is now known as jamielennox|food02:32
*** woodster_ has joined #openstack-barbican02:39
*** alee_afk has joined #openstack-barbican02:53
*** greghaynes has quit IRC02:58
*** jamielennox|food is now known as jamielennox03:01
*** greghaynes has joined #openstack-barbican03:06
openstackgerritAde Lee proposed openstack/barbican: Add functional tests for certificate orders
aleeredrobot, woodster_ dave-mccowan, jvrbanac ^^03:35
dave-mccowanalee sweet.  i'll download and give them a try.03:38
aleedave-mccowan, they all don't work right now :/03:38
aleedave-mccowan, but I'm working on a quick patch right now to get at least some of them woring03:38
aleeie. the exception ferom validator based ones03:39
aleefor those I think just adding a client message and status code to the exceptions will resolve the issue.03:39
aleeothers will need woodster_ 's patches for status to land03:40
*** gyee has quit IRC03:41
dave-mccowanby the way, a bunch of kmip related unit tests stopped working for me.  did something change in the environment related to that?03:49
dave-mccowanalee ^03:49
aleedave-mccowan, yeah - recreate your tox environment03:49
aleetox -r03:49
dave-mccowanalee i think i've already tried that, but i'll give it another try03:51
aleedave-mccowan, did you actually get the exceptions to show up with the correct values by adding the %(x)s ?04:18
dave-mccowanalee i tested two of them manually and saw the value04:19
aleedave-mccowan, weird - I'm still seeing %(reason)04:20
dave-mccowanfor the %(ca_id)s one?  that came in a second patch.  maybe just git pull?04:21
aleedave-mccowan, oh wait .. its ok for the internal (log) reason) but not for the external (client_messsage)04:21
*** alee is now known as alee_sleep04:30
*** tkelsey has joined #openstack-barbican04:36
*** tkelsey has quit IRC04:41
*** dave-mcc_ has joined #openstack-barbican04:57
*** dave-mccowan has quit IRC04:57
*** chlong has quit IRC05:02
openstackgerritJamie Lennox proposed openstack/python-barbicanclient: Use the ksc Adapter instead of custom HTTPClient
*** chlong has joined #openstack-barbican05:19
openstackgerritMerged openstack/barbican: Fixing errors and warnings on the sphinx docs
*** dave-mcc_ has quit IRC05:30
*** chlong has quit IRC06:01
*** chlong has joined #openstack-barbican06:13
*** gitorres has joined #openstack-barbican06:35
*** jamielennox is now known as jamielennox|away06:35
*** gitorres has left #openstack-barbican06:35
*** chlong has quit IRC07:45
*** SheenaG has joined #openstack-barbican08:01
*** SheenaG has quit IRC08:11
*** openstackgerrit has quit IRC08:22
*** jaosorior has joined #openstack-barbican08:22
*** openstackgerrit has joined #openstack-barbican08:22
*** jamielennox|away is now known as jamielennox09:14
*** tkelsey has joined #openstack-barbican09:19
*** tkelsey has quit IRC09:24
*** tkelsey has joined #openstack-barbican09:24
*** nickrmc83 has quit IRC09:24
*** nickrmc83 has joined #openstack-barbican09:25
*** tkelsey has quit IRC10:56
*** tkelsey has joined #openstack-barbican10:56
*** gitorres has joined #openstack-barbican11:42
*** gitorres has quit IRC12:05
*** gitorres has joined #openstack-barbican12:06
*** gitorres has quit IRC12:28
*** gitorres has joined #openstack-barbican12:31
*** gitorres has left #openstack-barbican12:43
*** zz_dimtruck is now known as dimtruck13:25
*** alee_sleep is now known as alee13:36
*** jamielennox is now known as jamielennox|away13:36
*** alee has quit IRC13:37
*** alee_afk is now known as alee13:37
aleejaosorior, ping13:37
jaosorioralee: pong13:38
aleejaosorior, hey -- got a question about the exceptions13:38
aleespecificially BarbicanHTTPException13:38
aleeyou refactored that, right?13:39
aleeso - BarbicanHTTPException allows you to specify a client_message and return_code13:39
aleebut the client_message does not interpolate the args being passed in13:40
jaosoriorIt doesn't?13:40
aleeso how can we fix it so that it does?13:40
aleejaosorior, no -- look at BarbicanException13:41
jaosoriorI'll fix that as soon as I get top my computer13:41
jaosorior* to13:41
aleeyou can see how the message arg is constructed from the kwargs passed in13:41
aleeI think you need to do something similar13:41
jaosoriorI probably do.  Bummer, sorry for that13:42
aleejaosorior, thanks.  If you put up a CR, I'll review it right away13:42
alee(as I need it for the cert functional tests)13:42
jaosoriorWon't take to long. It's just that I'm at the gym at the moment13:42
jaosorior* too13:42
aleejaosorior, yup - figured that13:42
*** SheenaG has joined #openstack-barbican13:43
*** SheenaG has left #openstack-barbican13:43
aleeredrobot, jvrbanac , hockeynut ping13:48
*** tkelsey has quit IRC13:51
*** xaeth_afk is now known as xaeth14:40
*** dave-mccowan has joined #openstack-barbican14:41
aleeredrobot, jvrbanac , hockeynut, woodster_ ?14:56
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: BarbicanHTTPException can take arguments for client_message
aleejaosorior, so this allows you to set the client message and message as well right?15:01
aleejaosorior, trying it out right now ..15:02
jaosoriorjust the same as it works for the standard barbican exceptions15:02
aleejaosorior, cool - it works15:05
aleeany other cores around today?15:05
aleejaosorior, what do you think is going on here?
jaosoriorwait up15:06
aleewoodster_, jvrbanac , redrobot ?15:08
*** rellerreller has joined #openstack-barbican15:14
*** kebray has joined #openstack-barbican15:20
*** openstackgerrit has quit IRC15:21
*** openstackgerrit has joined #openstack-barbican15:22
jaosorioralee: sorry about that, I'm checking out the VISA stuff for Canada15:23
aleejaosorior, ah ok -- I thought you were concerned about your patch15:24
jaosorioraaah, no, the patch makes sense15:24
aleejaosorior, any idea on my error?15:25
jaosoriorwhat CR is it?15:25
jaosorioryeah, but what's the related CR?15:25
jaosorioror the link to it15:25
aleejaosorior, you might as well review it too  :)15:26
jaosorioralee: weird O_O15:28
aleejaosorior, yeah -- I dont know where to go from there15:29
aleejaosorior, works when I run it locally just fine15:29
*** kebray has quit IRC15:31
*** kebray has joined #openstack-barbican15:39
aleerellerreller, ping15:42
rellerrelleralee pong15:42
aleerellerreller,  couple of things ..15:42
alee1. I had comment/question on,cm15:42
alee2. can you +2
alee3. any idea what could be going on in the gate for .. ?15:43
aleeany rackers around today?15:43
rellerrelleralee 1. I responded to your comment about 20 minutes ago. We plan to implement that in the near future, so it sounded like you were ok with that code then?15:44
aleerellerreller, yeah - if thats so fine. I'll +2 it15:45
rellerrelleralee I can look at 2 and 3 in about 5-10 minutes15:45
aleerellerreller, thanks15:45
dave-mccowanCRITICAL barbican [-] OperationalError: (OperationalError) index ix_certificate_authority_metadata_ca_id already exists u'CREATE INDEX ix_certificate_authority_metadata_ca_id ON certificate_authority_metadata (ca_id)' ()15:58
aleedave-mccowan, ?15:59
dave-mccowanhas anyone seen this error before? ^^  my pyenv seteup on my mac was working great until recently.  now bin/ install gets stuck in this loop.  i've tried recreating my env from scratch, with same result.15:59
aleedave-mccowan, thats one of my commits16:00
dave-mccowanOOPS ! failed loading app in worker 1 (pid 83922) :( trying again...16:00
aleedave-mccowan, try removing your db16:00
aleedave-mccowan, usually under /var/lib/barbican16:01
rm_workredrobot: do you know if we have any plans to move to the "Externally Hosted Plugin" method of devstack
rm_workredrobot: would be a lot simpler for installation/config than the old extras.d hooks16:02
rm_workjvrbanac / hockeynut / jaosorior ^^16:02
rm_worknot sure who was doing the devstack work16:02
dave-mccowanalee thanks!16:03
aleedave-mccowan, you'll notice in the functional tests, there are a few tests that depend on your current cr16:04
jaosoriorrm_work: wazzup?16:04
rm_worklooks like a better method for devstack setup has come along16:05
rm_workwondering if we had considered switching to that16:05
rm_worknot sure how much work it would be16:05
rm_workan example:
rm_workpossibly VERY simple16:06
rm_workthen installing it in devstack is just16:08
rm_workenable_plugin barbican
rm_workin the localrc16:09
rm_workno more clone/copy16:09
dave-mccowanalee do you mean using certutils?  cool!  i was hoping they'd be useful.  or do you mean blocked waiting on my validator?16:13
rm_workdave-mccowan: certutils?16:15
*** igueths has joined #openstack-barbican16:16
rellerrelleralee I reviewed
aleedave-mccowan, blocked waiting your validator16:17
alee(look for "dave")16:17
rellerrelleralee I looked at the gate for . I don't know what is happening there. I have not seen anything like that before.16:17
aleeand yeah - I did use them16:17
rm_workdave-mccowan: what certutils? linky?16:17
dave-mccowanrm_work tests/ does some neat stuff like create_good_csr() and create_bad_csr() to write test cases16:17
rm_workwas thinking someone actually went ahead and added certutils (for certificate X509 related convenience functions) to somewhere16:18
aleerellerreller, jaosorior - seems pretty simple -- any objections to workflowing it , seeing as noone else is around?16:19
alee(and its blocking me sending up further updates)16:19
dave-mccowanalee having the tests help me. i'll get them unblocked.16:20
aleerellerreller, jaosorior - ya'll have one minute to object ..16:21
rellerrelleralee object to what? the workflow?16:22
rellerrelleralee I don't know what can and cannot get merged with the freeze.16:22
rellerrelleralee I don't mind if someone else workflows it, but I probably will not unless I hear from redrobot.16:23
aleerellerreller, we'll find out :)  but I would assume that a freeze does not stop development16:23
aleeie. it means some kind of branch16:23
aleeanyways - I'll workflow and see what happens16:24
rellerrelleralee I just saw from Thierry on openstack-announce that it kind of does stop devleopment.16:24
rellerrellerOnly those features that have ffe or are bugs can be merged.16:24
aleerellerreller,  right - but thats a policy thing -- not something that prevents stuff from being checked in (I think)16:26
aleeanyways we'll see16:26
*** igueths has quit IRC16:30
*** kebray has quit IRC16:33
*** kebray has joined #openstack-barbican16:33
*** SheenaG has joined #openstack-barbican16:37
arunkantjaosorior, replied to your comments on . Can you please check.16:45
arunkantalee, can you check as well.16:46
aleearunkant, yup - I have not forgotten .. just trying to get the cert stuff in.16:47
aleearunkant, right now that needs a little work.16:47
arunkantalee, okay. Just want to check to see if there is need to make db model changes as per jaosorior comments or not?16:52
jaosoriorarunkant: replied in the cr16:53
arunkantjaosorior, thanks16:54
*** jkf has joined #openstack-barbican16:57
*** jkf has quit IRC16:58
openstackgerritAde Lee proposed openstack/barbican: Add functional tests for certificate orders
openstackgerritAde Lee proposed openstack/barbican: Fix CA related exceptions, and unskip relevant tests
aleedave-mccowan, ^^17:02
aleedave-mccowan, you'll need Oz fix too  --
*** jkf has joined #openstack-barbican17:07
*** darrenmoffat has quit IRC17:07
*** kebray has quit IRC17:08
*** darrenmoffat has joined #openstack-barbican17:08
*** SheenaG has quit IRC17:15
*** openstackgerrit has quit IRC17:21
*** openstackgerrit has joined #openstack-barbican17:22
*** gyee has joined #openstack-barbican17:27
openstackgerritMerged openstack/barbican: Moving containers tests to separate module
*** jkf has quit IRC17:57
*** jkf has joined #openstack-barbican18:05
*** tkelsey has joined #openstack-barbican18:21
openstackgerritThomas Dinkjian proposed openstack/python-barbicanclient: Second set of negative secrets tests.
aleeanyone know if there is a way to attach a debugger to a process in pycharm 3?18:30
aleedave-mccowan, yeah - I saw that -- I may try out pycharm 4 though18:33
aleelooks like they have a brand new "attach to process" feature18:34
dave-mccowanalee i think you need the professional edition.  i use pycharm 4 PE.18:34
aleewell we have an openstack license for the pycharm 3 PE I think18:34
aleeso maybe it will work for 4?18:35
*** crc32 has joined #openstack-barbican18:35
*** lisaclark has quit IRC18:39
*** dougwig has quit IRC18:39
*** erw has quit IRC18:39
*** Sheena_ has quit IRC18:39
aleewoodster_, ?18:55
woodster_alee: lots of meetings today, one starting up shortly19:01
redrobotalee rellerreller just catching up on IRC.  I'm at a one-day security conference.19:01
aleewoodster_, yeah - I noticed no one was around19:01
redrobotrellerreller what workflow were you asking about?19:02
aleeredrobot, I workflowed this one -- not sure when/if it will merge19:02
redrobotalee ok, cool19:02
alee ?19:02
aleeits an easy one but one needed to make my tests work19:03
*** tkelsey has quit IRC19:03
aleewoodster_, I have a question about some plugins .. trying to figure out why they are not working19:03
aleewoodster_, we're going to need to work closely over the beginning of next week to try to get the ca stuff done19:04
aleewoodster_, its not working partly because the status stuff is not being set correctly19:05
aleeand partly because the plugins are not firing19:05
redrobotalee docstring doesn't match the implementation in that CR... not a big deal if it merges, I can patch it up.19:05
woodster_alee: for sure19:05
aleeredrobot, woodster_ please review and when you get a chance19:07
aleewoodster_, redrobot although I have no idea why the gate job failed for that19:07
aleeand will need help troubleshooting that19:07
alee -- no idea whats going on here.19:08
redrobotalee weird... maybe tdink or hockeynut have seen this before? ^^19:10
tdinkredrobot: i have not seen this before =/19:11
*** dimtruck is now known as zz_dimtruck19:14
openstackgerritMerged openstack/barbican: BarbicanHTTPException can take arguments for client_message
*** xaeth is now known as xaeth_afk19:15
redrobotrellerreller Feature Freeze means we're not merging any code for new Blueprints.  The only blueprint-related patches we should land are for blueprints that have Feature Freeze Exceptions (the ones listed here:
redrobotrellerreller bugfixes and test code is fine for review/merging19:18
redrobotrellerreller once RC1 is tagged, the L cycle begins and we can start landing new blueprints again.19:18
rellerrellerredrobot OK, that is good to know. Thanks for clarifying that.19:18
aleeredrobot, is there some kind of check that is made on the commit message for either a blueprint or bug number?19:21
aleeor is it done via inspection?19:21
redrobotalee it's purely policy.  There's no automatic gating of it or anything.19:22
aleeredrobot, ok great19:22
redrobotalee the idea is that we use the time to polish the code base for the final release for the Cycle19:22
aleeredrobot, or get it to actually work :)19:22
redrobotlol, yeah... that would qualify as "polish" :D19:23
*** zz_dimtruck is now known as dimtruck19:33
*** SheenaG has joined #openstack-barbican19:41
*** dimtruck is now known as zz_dimtruck19:43
*** xaeth_afk is now known as xaeth19:46
woodster_alee, I'm back. Not sure if you are still trying to remote debug, but check this out if so:
aleewoodster_, right now - I'm trying to debug my setup --- I have a barbican server which I started using install19:58
aleewoodster_, and I see the folllowing error ..19:58
aleeAttributeError: 'module' object has no attribute 'certificate'19:58
openstackgerritMerged openstack/barbican: Starting to rework docs around the secret resource
aleewoodster_,  in the init for the CertPluginManager19:59
aleewoodster_,  its like it cannot read the config file correctly20:01
aleemy barbican-api.conf has the section ..20:02
aleenamespace = barbican.certificate.plugin20:02
aleeenabled_certificate_plugins = simple_certificate20:02
woodster_alee, can you paste the top of the file (that does the config foo up there), or is it the same as what is in the code base now?20:07
aleewoodster_, its the same as whats in the code base now20:08
woodster_alee, don't see anything might need to send up a CR and workflow -2 it20:11
woodster_alee, is this running in the stand alone (out of the box) mode locally?20:12
aleewoodster_,  its running on my local box20:13
woodster_alee, send up your changes and then I can try to run locally on my box20:13
aleewoodster_, ah -- well I have a couple of crs ..20:13
*** dougwig has joined #openstack-barbican20:13
woodster_too many secrets, too many CRs!20:13
woodster_oh you're troubleshooting the broken gate then?20:14
aleeno not yet20:14
*** erw has joined #openstack-barbican20:14
aleeI'm trying to figure out why in my local install , my cert manager plugins are not being instantiated20:15
woodster_so this is the one you are futzing with then?:
aleewoodster_,  yeah -- so download the first one and the second one20:15
aleethey lie on top of each other20:16
aleethen -- I tried doing this ..20:17
aleeset up keystone and run barbican server locally20:17
aleeand run functional tests20:17
aleewoodster_, for some reason, the secret_store config works but the cert store config does not20:20
*** kebray has joined #openstack-barbican20:21
aleewoodster_, so the real question is -- when you run a functional test -- say you remove the skip on test_create_simple_cmc_order() for example20:26
aleedo you see the same error in loading the cert_manager plugin?20:26
aleeand the cert_manager_event_plugin?20:26
woodster_alee, just visually looking at the code now. I haven't crossed the bridge of spinning up Keystone server in a long time...dreading doing that, but need to :\20:27
*** gitorres has joined #openstack-barbican20:30
woodster_alee, on line 82/83 of that 'repos' from the CertificatePluginManager() constructor is shadowing the 'conf' attribute and causing your issue I bet20:30
*** gitorres has quit IRC20:31
*** lisaclark has joined #openstack-barbican20:33
*** zz_dimtruck is now known as dimtruck20:34
aleewoodster_, ok much better :)20:35
aleewoodster_, good catch20:35
woodster_alee, ha, I'm kicking that Keystone can down the road a little longer ;)20:35
aleewoodster_, anyways feel free to review the functional tests20:36
aleewoodster_, if all goes well - I think if we get the functional tests working - we can say "cert api is complete"20:36
aleeish ..20:36
*** Sheena_ has joined #openstack-barbican20:40
*** dimtruck is now known as zz_dimtruck20:44
*** jaosorior has quit IRC20:52
*** tkelsey has joined #openstack-barbican21:00
*** tkelsey has quit IRC21:04
*** zz_dimtruck is now known as dimtruck21:10
dave-mccowanalee i've got some cert api validator code working, and have it raising exceptions on some of your functional tests, but i'm still getting 500 responded.  i have patched oz's commit to  is there something else i'm missing (or need to write).21:11
aleedave-mccowan, I found a couple of things that need to be fixed , but they are later on in the stack I think21:12
aleedave-mccowan, this is in validator code , right?21:12
aleeor in code executed post validator?21:13
aleewhich functions?21:13
aleeand which tests?21:13
dave-mccowanvalidate_certificate_container() is what i've called it.  if i find a bad container id for example, i raise exception.InvalidContainer(reason=reason)21:15
*** jkf has quit IRC21:15
openstackgerritArun Kant proposed openstack/barbican: For per secret ACL support, adding db layer changes (Part 1)
*** rellerreller has quit IRC21:16
aleedave-mccowan, called by _validate_stored_key_request() ?21:16
*** jkf has joined #openstack-barbican21:17
dave-mccowanalee yes21:17
aleedave-mccowan, which functional test are you running?21:17
aleetest_create_stored_key_order_with_invalid_container_ref() ?21:18
dave-mccowantest_create_stored_key_order_with_invalid_container_ref() is one.  i see my code raising exception, but 500 is still returned.21:18
*** SheenaG has quit IRC21:18
aleedave-mccowan, thats puzzling21:19
aleedave-mccowan, the code I have in has this exception throwing 40021:20
aleeclass InvalidContainer(BarbicanHTTPException):21:20
alee    message = u._("Invalid container: %(reason)s")21:20
alee    client_message = message21:20
alee    status_code = 40021:20
aleeso - not sure what is happening .. do you see the correct message in the 500 response?21:21
dave-mccowanalee ah.  that's the code i'm missing.  has it been merged?21:21
aleedave-mccowan, no - that was in my second patch ..21:21
dave-mccowanalee cool.  that's it then.  i'll check my git branching.  thanks!21:22
aleeyou need, then oz fix (which has merged I think), and then
aleedave-mccowan, cool - looking forward to seeing the patch21:24
aleeok - gotta go get kids - have a good weekend, all.21:24
*** alee is now known as alee_out21:24
*** SheenaG has joined #openstack-barbican21:38
openstackgerritArun Kant proposed openstack/barbican: Adding Secret ACL controller layer changes (Part 2)
openstackgerritArun Kant proposed openstack/barbican: Adding Container ACL controller layer changes (Part 3)
openstackgerritArun Kant proposed openstack/barbican: Adding policy layer changes for ACL support (Part 4)
openstackgerritJohn Wood proposed openstack/barbican: Add sub-status logic to worker/task processing
*** jkf has quit IRC21:48
*** jamielennox|away is now known as jamielennox21:49
openstackgerritJohn Wood proposed openstack/barbican: Add retry periodic task and worker-client logic
*** xaeth is now known as xaeth_afk22:02
*** jamielennox is now known as jamielennox|away22:05
*** kebray has quit IRC22:42
*** SheenaG has quit IRC22:50
*** dimtruck is now known as zz_dimtruck22:59
openstackgerritJohn Wood proposed openstack/barbican: Allow business logic and plugins to retry tasks
*** dave-mccowan has quit IRC23:20
*** tkelsey has joined #openstack-barbican23:31
*** tkelsey has quit IRC23:35
*** dave-mccowan has joined #openstack-barbican23:38
*** gyee has quit IRC23:59

Generated by 2.14.0 by Marius Gedminas - find it at!