Tuesday, 2015-04-21

*** openstackgerrit has quit IRC00:22
*** openstackgerrit has joined #openstack-barbican00:23
*** openstack has joined #openstack-barbican00:35
*** gyee has quit IRC00:46
*** zz_dimtruck is now known as dimtruck01:15
*** everjeje has quit IRC01:36
*** rm_you| is now known as rm_you02:42
*** woodster_ has quit IRC03:30
*** woodster_ has joined #openstack-barbican04:25
*** dave-mccowan has quit IRC04:44
*** rm_work|away is now known as rm_work04:59
*** dimtruck is now known as zz_dimtruck05:15
*** jamielennox is now known as jamielennox|away06:34
*** tkelsey has joined #openstack-barbican07:18
*** woodster_ has quit IRC07:20
*** jaosorior has joined #openstack-barbican07:22
jaosoriortherve: So the CR fixing the bug has been workflowed, but it depends on some code that hockeynut made for the functionaltests07:29
jaosoriorso if you have time to review this, probably it would help to merge it faster, since that one's needed to get the fix merged: https://review.openstack.org/#/c/172604/807:30
*** jamielennox|away is now known as jamielennox07:43
*** tkelsey has quit IRC08:39
*** xaeth_afk is now known as xaeth09:28
*** xaeth is now known as xaeth_afk09:49
thervejaosorior, Thanks looking11:38
*** dave-mccowan has joined #openstack-barbican11:46
*** woodster_ has joined #openstack-barbican12:20
*** joesavak has joined #openstack-barbican13:04
*** alee_ has joined #openstack-barbican13:37
*** paul_glass has joined #openstack-barbican14:09
*** stanzi has joined #openstack-barbican14:11
*** igueths has joined #openstack-barbican14:32
*** stanzi has quit IRC14:40
*** stanzi has joined #openstack-barbican14:40
*** stanzi has quit IRC14:45
*** igueths has quit IRC14:47
*** zz_dimtruck is now known as dimtruck14:51
*** mdarby has joined #openstack-barbican14:52
openstackgerritDoug Hellmann proposed openstack/python-barbicanclient: Update README to work with release tools  https://review.openstack.org/17591915:00
*** rellerreller has joined #openstack-barbican15:05
*** dave-mccowan has quit IRC15:08
*** mdarby has quit IRC15:12
*** SheenaG has joined #openstack-barbican15:16
*** igueths has joined #openstack-barbican15:20
*** darrenmoffat has quit IRC15:20
*** mdarby has joined #openstack-barbican15:21
*** darrenmoffat has joined #openstack-barbican15:21
*** xaeth_afk is now known as xaeth15:21
*** dave-mccowan has joined #openstack-barbican15:22
*** mdarby has quit IRC15:25
*** jsavak has joined #openstack-barbican15:26
*** joesavak has quit IRC15:29
*** david-lyle has quit IRC15:36
*** stanzi has joined #openstack-barbican15:37
*** ccneill has joined #openstack-barbican15:40
*** gyee has joined #openstack-barbican15:50
*** david-lyle has joined #openstack-barbican16:02
*** kebray has joined #openstack-barbican16:04
*** stanzi has quit IRC16:15
*** stanzi has joined #openstack-barbican16:15
*** stanzi has quit IRC16:19
*** stanzi has joined #openstack-barbican16:28
*** ccneill has quit IRC16:30
*** joesavak has joined #openstack-barbican16:34
*** jsavak has quit IRC16:37
*** silos214 has joined #openstack-barbican16:37
*** silos214 has quit IRC16:38
openstackgerritKaitlin Farr proposed openstack/castellan: Add Barbican key manager  https://review.openstack.org/17191816:58
*** rellerreller has quit IRC16:59
*** stanzi has quit IRC17:00
*** kebray has quit IRC17:01
*** stanzi has joined #openstack-barbican17:01
*** joesavak has quit IRC17:01
*** stanzi has quit IRC17:05
*** alee_ is now known as alee_lunch17:07
*** rellerreller has joined #openstack-barbican17:08
*** david-lyle has quit IRC17:08
*** stanzi has joined #openstack-barbican17:32
*** stanzi has quit IRC17:40
*** stanzi has joined #openstack-barbican17:51
*** alee_lunch is now known as alee_17:52
*** stanzi has quit IRC17:58
*** joesavak has joined #openstack-barbican17:59
*** stanzi has joined #openstack-barbican17:59
*** mdarby has joined #openstack-barbican18:03
*** ccneill has joined #openstack-barbican18:08
*** rellerreller has quit IRC18:09
*** ccneill_ has joined #openstack-barbican18:09
*** ccneill has quit IRC18:10
*** ccneill_ is now known as ccneill18:11
*** mdarby has quit IRC18:19
*** ccneill_ has joined #openstack-barbican18:20
*** ccneill has quit IRC18:20
*** rellerreller has joined #openstack-barbican18:27
*** openstackgerrit has quit IRC18:37
*** openstackgerrit has joined #openstack-barbican18:37
*** joesavak has quit IRC18:38
*** david-lyle has joined #openstack-barbican18:39
*** ccneill_ has quit IRC18:42
*** joesavak has joined #openstack-barbican18:42
*** ccneill has joined #openstack-barbican18:43
*** david-ly_ has joined #openstack-barbican18:46
*** david-lyle has quit IRC18:46
*** stanzi has quit IRC18:50
*** stanzi has joined #openstack-barbican18:50
*** stanzi has quit IRC18:55
*** paul_glass has quit IRC19:05
*** rellerreller has quit IRC19:05
*** kebray has joined #openstack-barbican19:08
*** paul_glass has joined #openstack-barbican19:08
*** stanzi has joined #openstack-barbican19:12
*** stanzi has quit IRC19:17
*** SheenaG has quit IRC19:17
*** rellerreller has joined #openstack-barbican19:17
*** stanzi has joined #openstack-barbican19:17
*** david-ly_ has quit IRC19:18
*** stanzi has quit IRC19:22
*** gyee has quit IRC19:23
*** kebray has quit IRC19:36
*** kebray has joined #openstack-barbican19:36
*** kebray has quit IRC19:38
dave-mccowanjvrbanac ping19:41
*** rellerreller has quit IRC19:42
*** kebray has joined #openstack-barbican19:42
jamielennoxcan someone refresh my memory - barbican was initially written on falcon and one of the terms of being incubated was to switch to pecan?19:42
reaperhulkpretty much19:43
reaperhulkit was strongly encouraged but not required19:43
jamielennoxok, the more I play with pecan the less i feel it fits, but i remember it was seriously discouraged to use anything other than pecan19:43
*** stanzi has joined #openstack-barbican19:48
*** kebray has quit IRC19:55
*** stanzi has quit IRC19:56
*** stanzi has joined #openstack-barbican20:00
*** stanzi has quit IRC20:00
*** stanzi has joined #openstack-barbican20:01
*** silos has joined #openstack-barbican20:02
silosHello. I am having a problem testing the kmip_plugin with barbican. Is there anyone familiar with the kmip plugin?20:05
*** paul_glass1 has joined #openstack-barbican20:05
*** paul_glass has quit IRC20:08
openstackgerritMerged openstack/python-barbicanclient: Update README to work with release tools  https://review.openstack.org/17591920:09
redrobotHi silos!  The main devs for the kmip plugin are rellerreller and kfarr but I don't believe either of them are online right now20:09
*** SheenaG has joined #openstack-barbican20:10
silosredrobot:Thanks! I'll try e-mailing the dev mailing list and try later then.20:11
redrobotsilos what are you having trouble with?20:12
silosI am getting an error when I try to store a secret in barbican. It is an attributeError that is getting errored out in the kmip_secret_store module.20:13
*** david-lyle has joined #openstack-barbican20:21
*** kebray has joined #openstack-barbican20:23
*** ccneill has quit IRC20:24
*** ccneill has joined #openstack-barbican20:25
redrobotsilos oh yikes... yeah, I don't have an answer off the top of my head.  kfarr is usually pretty good about responding to email questions though, so hopefully she'll see yours.20:26
*** kebray has quit IRC20:28
silosredrobot: no problem. thanks20:32
*** kebray has joined #openstack-barbican20:38
*** silos has quit IRC20:41
*** kebray has quit IRC20:46
*** openstackgerrit has quit IRC20:52
*** openstackgerrit has joined #openstack-barbican20:52
openstackgerritCharles Neill proposed openstack/barbican: Removing signing_dir directive from config  https://review.openstack.org/17607120:56
openstackgerritJohn Vrbanac proposed openstack/python-barbicanclient: Cleaning up validate_ref()  https://review.openstack.org/17560520:56
ccneillanybody want to review the quickest CR ever? :)20:57
ccneillat least I think it should be... I've tested it locally with no ill effects, but I'm curious to see how other environments handle the removal of an explicit signing_dir in the config20:58
redrobotccneill looking21:01
redrobotccneill do you have a Launchpad ID, I want to assing the LP bug to you.21:01
ccneillI believe so, should be my Rackspace email21:01
redrobotccneill yeah, that's an easy change.  I'll +2 as soon as Jenkins votes21:01
ccneillsweet, thanks21:02
ccneillhey redrobot, not sure if you saw my question from yesterday, but I was also trying to find out what the best way to get the current project ID in a functionaltest?21:07
ccneilltried doing this in the setUp method for my class, but it seems to only work on the final test that's run, and fails on all others: `self.project_id = self.client._auth.auth_client.project_id`21:08
redrobotccneill hmm... good question...  I presume the auth object has it somewhere,  I'd have to dig through keystoneclient code to make sure though.21:09
redrobotccneill the idea is that the client knows their project id, or project name, and then the auth object takes care of authenticating, and requesting a token that has the correct project for scope21:10
ccneillright, so I can get the project name, but I just wanted to pull the ID so I can set only that header (i.e. without the token)21:10
jamielennoxccneill, redrobot: there is a get_project_id() on auth plugins that you would typically call from the adapter - but it's fairly rare that you would ever need your project_id as a user21:10
ccneillthe client has use_auth kwargs for all the request methods, but that sets BOTH the x-project-id header and the x-auth-token header21:11
ccneilland I want to write a test that sends ONLY the valid project-id, no token21:11
ccneillso I could modify how use_auth works...21:11
redrobotjamielennox oh cool thanks.  ccneill  is writing some security-minded tests for us, so he'll be trying to do sneaky things with the project-id.21:11
jamielennoxccneill: that's kind of odd, but anyway from a manager you call httpclient.get_project_id()21:12
redrobotccneill the keystone middleware _should_ strip out the X-Project-Id header and then set it to whatever the project scope is returned from the token validation.21:13
jamielennoxthere is also session.get_project_id() - you might need to pass it an auth plugin or not depending on how you set up the session21:13
woodster_ccneill, +1 to what redrobot said there. You should not be able to spoof a project ID via header21:22
ccneillwell I guess we'll find out soon :)21:23
ccneillso.. quick and dirty way to get project id: self.client._auth.stored_auth.values()[0]['project_id']21:34
ccneillalso, looks like passing use_auth=False and extra_headers={'X-Project-Id': 'dummy'} will send the dummy project ID21:35
ccneillI'm planning to do both (e.g. use_auth=False with dummy project ID, use_auth=False with real project ID)21:36
*** stanzi has quit IRC21:48
*** stanzi has joined #openstack-barbican21:48
*** stanzi has quit IRC21:49
*** stanzi has joined #openstack-barbican21:50
*** xaeth is now known as xaeth_afk21:57
*** gyee has joined #openstack-barbican22:01
openstackgerritDave McCowan proposed openstack/barbican: Fix failure with get on dict that was None  https://review.openstack.org/17610122:01
*** stanzi has quit IRC22:02
*** stanzi has joined #openstack-barbican22:03
*** dave-mccowan has quit IRC22:03
openstackgerritCharles Neill proposed openstack/barbican: Security tests for Secret resources  https://review.openstack.org/16488222:05
*** stanzi has quit IRC22:08
*** igueths has quit IRC22:15
*** dave-mccowan has joined #openstack-barbican22:19
dave-mccowanredrobot ^^^ this bug might make sense to backport22:20
*** jaosorior has quit IRC22:22
*** paul_glass1 has quit IRC22:23
*** joesavak has quit IRC22:39
*** alee_ is now known as alee_headed_home22:51
openstackgerritSteve Heyman proposed openstack/python-barbicanclient: Initial setup for command line tests  https://review.openstack.org/17260423:00
*** alee_headed_home has quit IRC23:01
dimtruckgot erroz :)23:04
dimtruck2015-04-21 22:12:17.506 |     TypeError: cannot create weak reference to 'Struct' object23:05
dimtruckthis blocks anything that requires cryptography (and barbican)23:05
dimtrucksolum's gates are failing, for example....not sure what's going on...cryptography tests are passing: https://travis-ci.org/pyca/cryptography23:06
dimtruckoh i see infra's already on top of it23:07
*** dimtruck is now known as zz_dimtruck23:34
*** alee_headed_home has joined #openstack-barbican23:49

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!