Thursday, 2015-05-14

*** gyee has quit IRC00:14
*** SheenaG has quit IRC00:18
*** zz_dimtruck is now known as dimtruck00:30
*** SheenaG has joined #openstack-barbican01:16
*** SheenaG has quit IRC01:24
*** kebray has quit IRC01:30
*** woodster_ has quit IRC01:40
*** SheenaG has joined #openstack-barbican02:40
*** kebray has joined #openstack-barbican02:56
*** SheenaG has quit IRC03:03
*** dimtruck is now known as zz_dimtruck03:31
*** dave-mccowan has quit IRC03:36
*** woodster_ has joined #openstack-barbican04:47
*** kebray has quit IRC04:50
*** kebray has joined #openstack-barbican04:51
*** kebray has quit IRC06:24
*** woodster_ has quit IRC06:50
*** nickrmc83 has joined #openstack-barbican07:04
*** tkelsey has joined #openstack-barbican07:12
*** darrenmoffat has quit IRC10:19
*** darrenmoffat has joined #openstack-barbican10:20
*** jamielennox is now known as jamielennox|away10:58
*** woodster_ has joined #openstack-barbican11:26
*** chlong has joined #openstack-barbican11:48
*** kebray has joined #openstack-barbican11:57
*** kebray has quit IRC12:22
*** alee has quit IRC12:28
*** zz_dimtruck is now known as dimtruck12:33
*** rellerreller has joined #openstack-barbican12:37
*** nickrmc83 has quit IRC12:41
*** dave-mccowan has joined #openstack-barbican12:42
*** nickrmc83 has joined #openstack-barbican12:51
*** xaeth_afk is now known as xaeth12:53
*** rellerreller has quit IRC13:00
*** rellerreller has joined #openstack-barbican13:03
*** alee has joined #openstack-barbican13:43
*** jorge_munoz has quit IRC14:02
*** pglass has joined #openstack-barbican14:05
*** nickrmc83 has quit IRC14:10
*** igueths has joined #openstack-barbican14:18
jvrbanacreaperhulk, redrobot, rellerreller, woodster_, hockeynut, could I get a a workflow?
*** nickrmc83 has joined #openstack-barbican14:22
*** nickrmc83 has quit IRC14:27
*** shakamunyi has joined #openstack-barbican14:29
*** silos has joined #openstack-barbican14:34
*** mordred has quit IRC14:40
*** rellerreller has quit IRC14:40
*** nelsnelson has joined #openstack-barbican14:40
*** mordred has joined #openstack-barbican14:42
*** barra204 has joined #openstack-barbican14:43
*** SheenaG has joined #openstack-barbican14:52
*** alee has quit IRC15:01
*** alee has joined #openstack-barbican15:02
*** SheenaG has quit IRC15:06
aleewoodster_, were you able to open and see the slides?15:07
aleeredrobot, jvrbanac - would be nice to get in for therve15:09
aleewoodster_, ^^15:09
openstackgerritMerged openstack/barbican: Adding config option for specifying HSM slot
aleeespecially as we actually use the outputs from that patch in our summit talk15:09
*** nickrmc83 has joined #openstack-barbican15:16
*** everjeje has joined #openstack-barbican15:17
*** reaperhulk has quit IRC15:20
*** reaperhulk has joined #openstack-barbican15:30
*** nickrmc83 has quit IRC15:33
woodster_alee: in meeting foo but will take a look after lunch15:48
aleewoodster_, ok thanks -- I'm reading your cert specs now15:49
*** gyee has joined #openstack-barbican15:51
*** SheenaG has joined #openstack-barbican16:05
woodster_alee, thanks. A thought I had (adding SheenaG Sheena_)  is that we really should explain the functional diff between cancel and revoke cert. Cancel is done when the cert is generated but within a period of time after that determined by the CA (I recall). Revoke is done after that period of time, and probably after the cert is used/published, and probably16:16
woodster_involve adding to revocation lists and so forth.16:16
SheenaGCancel and revoke get weird, I think a lot of it is by CA as to how that terminology is applied16:17
aleewoodster_, haven't gotten to that yet - but I'm pretty sure thats not how dogtag sees things16:18
aleeSheena_, were you able to open/see the slides?16:18
aleewoodster_, I'm still stuck on your reissue blueprint16:18
aleewoodster_, Sheena_ one of the things we need to do next week is get a very clear sense of what we mean for each of those terms16:20
aleeie. what barbican users would expect to get16:20
aleewoodster_, Sheena_ because different CA's will behave differently based on their policies.16:21
*** shakamunyi has quit IRC16:27
*** barra204 has quit IRC16:28
*** xaeth is now known as xaeth_afk16:34
aleeSheena_, can you see the slides?16:39
aleeredrobot, is there a schedule for what we plan to discuss in each of the design sessions?16:40
SheenaGwoodster_, alee: I haven't looked at the slides yet, but I saw your e-mail16:43
SheenaGAnd I would imagine that we'd consider "cancel" to be an in flight order16:43
SheenaGAnd "revoke" to be a post-completion order16:43
*** xaeth_afk is now known as xaeth16:43
SheenaGWhich is the most commonly expected terminology16:43
aleeSheena_, good - that makes sense to me16:43
SheenaGI don't think we want to get into the weeds on how different CAs expect different terminology based on whether or not they're going to refund you16:46
SheenaGIt just gets weird at that level16:46
*** xaeth is now known as xaeth_afk16:48
*** xaeth_afk is now known as xaeth16:56
*** xaeth is now known as xaeth_afk16:57
*** atiwari has joined #openstack-barbican16:58
*** alee is now known as alee_food17:08
*** gyee has quit IRC17:16
*** atiwari has quit IRC17:20
*** atiwari has joined #openstack-barbican17:22
openstackgerritSteve Heyman proposed openstack/python-barbicanclient: Re-merge CLI test update for auth URL and version
*** rellerreller has joined #openstack-barbican17:33
*** atiwari has quit IRC17:38
*** xaeth_afk is now known as xaeth17:39
*** jsavak has joined #openstack-barbican17:50
*** atiwari has joined #openstack-barbican17:50
*** dimtruck is now known as zz_dimtruck18:15
*** zz_dimtruck is now known as dimtruck18:16
*** gyee has joined #openstack-barbican18:19
*** pglass has quit IRC18:31
*** rellerreller has quit IRC18:32
*** alee_food is now known as alee18:32
*** pglass has joined #openstack-barbican18:34
*** atiwari has quit IRC18:34
*** atiwari has joined #openstack-barbican18:34
*** atiwari has quit IRC18:43
*** dave-mccowan has quit IRC18:44
*** xaeth is now known as xaeth_afk18:44
*** pglass has quit IRC19:11
*** dave-mccowan has joined #openstack-barbican19:11
*** ccneill has joined #openstack-barbican19:11
*** pglass has joined #openstack-barbican19:11
ccneillhas anyone else had issues with pbr when running functional tests w/ tox?19:11
ccneillI keep getting this: ValueError: Unknown remainder ['g8b983b1'] in '2015.2.dev53.g8b983b1'19:12
*** SheenaG has quit IRC19:18
*** atiwari has joined #openstack-barbican19:29
*** atiwari has quit IRC19:30
*** tkelsey has quit IRC19:41
*** openstackgerrit has quit IRC19:52
*** openstackgerrit has joined #openstack-barbican19:52
*** tkelsey has joined #openstack-barbican20:08
*** jhfeng has joined #openstack-barbican20:09
*** tkelsey has quit IRC20:13
*** SheenaG has joined #openstack-barbican20:14
*** silos has left #openstack-barbican20:15
aleeSheena_, woodster_ had a chance to look at the slides yet?20:20
aleeSheena_, woodster_ I just want to confirm you guys can open them and it all looks ok.  Otherwise I need to try and resave in ppt directly.20:20
SheenaGLooks like the edited version is opening fine for me20:23
SheenaGAlso woodster_: my e-mail didn't have the section about agreeing to be filmed?  Weird20:26
SheenaGI used the link you sent20:26
SheenaGMaybe I agreed earlier20:26
woodster_SheenaG: alee  ok, I'll update the cancel BP to be a more generic 'cancel PENDING order' sort of BP then? So for a cert order that means a plugin might get a cancel order sort of call. The client would make the cancel order request on the same order UUID then?20:31
woodster_SheenaG: alee Whereas a revoke would be a new cert order request (so new UUID) but it refers to a created container ID that represents the certificate20:32
woodster_SheenaG: yeah I think the emails for the release waiver are unique per speaker20:32
woodster_alee: ok, I'm finally getting to the point of looking at those slides :\20:32
woodster_alee, to see the design sessions (and other barbican things too), use this query:
woodster_redrobot: ccneill is getting that pbr version error above. Does Charles just have to update his pbr version to fix that/20:35
aleewoodster_, nice search link -- there is nothing there that indicates general topics of the "work sessions"20:37
aleewoodster_, redrobot are those not further defined yet?20:38
aleeredrobot, woodster_ if we're just going to go through the list  - thats ok too.20:38
aleejust wanted to be sure I was current20:38
aleelooking for my email ..20:39
aleespeaker email20:39
aleewoodster_, Sheena_ yeah - mine says nothing about youtube either.  I must have given my permission earlier.20:41
woodster_alee: I think going thru the list was the objective20:41
aleewoodster_, ok -- gotta make sure everything I wanted to talk about is on the list :/20:42
woodster_alee: SheenaG well my email said I only recieved the email because I hadn't signed the waiver yet, so maybe you all did?20:42
SheenaGwoodster_: shame20:43
woodster_alee, yeah I was thinking of highlighting important items in a summary above that long list, but hadn't gotten to it20:43
aleewoodster_, Sheena_ so if the cancel action is to cancel a pending order, then I dont understand why you need a special order.20:43
woodster_SheenaG: are you surprised that I was behind on something? :)20:44
aleewoodster_, we already have some skeleton code for cancelling orders ..20:44
woodster_alee: yeah, we could probably just delete that PENDING order and have it cancel things under the hood?20:44
aleewoodster_, which has yet to be implemented. but it seems that this would be an action on the specific order20:44
aleeI would not delete the order -- rather POST /order/foo/cancel20:45
aleeor something like that20:45
woodster_alee: SheenaG yeah like a PUT /orders/{UUID}/cancel sort of thing perhaps20:45
aleewoodster_, Sheena_ I was thinking you meant some kind of thing whereby you could cancel a just completed order so you would not get charged for it20:46
aleeor something similar20:46
aleewoodster_, Sheena_ not somethign dogtag offers -- but maybe this is something symantec does ?20:47
woodster_alee, SheenaG That was the original intent of that BP I'm pretty sure20:47
aleewoodster_, you sure?  you did write the BP? :)20:48
aleewoodster_, I can't speak to whether this is something symantec needs -- if it is - then fine, if not then we simply need to impleement cancel as is20:49
woodster_alee, SheenaG Yeah I think it was a symantec thing.  I wrote those perhaps a bit hastily, back when I had hope we'd review those things *before* the summit...what a idealist 3-months-ago-woodster was!20:49
SheenaGwoodster_ alee: there is logic on Symantec's side regarding how to "end" an order following its issuance that decides if the customer doesn't get charged20:49
aleewoodster_, we're still before the summit :)20:49
woodster_SheenaG: alee Yeah but that should really be handled by enterprise business logic that sees when the request was made to barbican to cancel, and when the order was initiated, and if time is < a refund max, then they get a refund credit20:50
woodster_alee: oh yeah, plenty of time to spare!20:50
woodster_alee: I still need to move those all over to the liberty folder :\20:50
aleewoodster_, Sheena_ we need a couple of more blueprints for certs that I need to write.  Prob wont get them done before summit - but I'll put them on the list20:51
aleewoodster_, Sheena_ one is exposing the ability to create subcas20:51
aleewoodster_, Sheena_ the other is to figure out how to be able to get certmonger (or similar) to be able to renew a cert without the user having to add credentials20:52
aleewoodster_, the second one should be fun but it might involve being able to permit renewals based on cert/private key possession20:54
aleeok  - gotta head home .. talk to ya'll tommorow during run through20:54
redrobotalee sorry, just now catching up on IRC20:55
redrobotalee I did not want to timebox the working sessions.  I figured we'll do something similar to the last mid-cycle where we just go down the list of the etherpad items.20:55
aleeredrobot, you mean when we ended up talking half the time about certs in castellan?  or the summit before, when we talked half the time about content types ? :)20:57
aleeredrobot, thats fine -- we'll see how things go.20:57
redrobotalee lol...  well, let me rephrase that....  I'm wasn't sure how to split up the etherpad points into the sessions we have.20:57
woodster_alee: SheenaG So I'll send out updates to the ppt deck tonight then20:58
aleeredrobot, ah , a more honest answer :)20:58
redrobotalee I didn't want to end up in a situation where we cover a topic in 20 minutes, but can't start on a new topic because it's scheduled for a later session.20:58
aleeredrobot, no matter what -- I'm not letting you get back on a plane without fixing the dogtag gate.20:59
redrobotalee deal! :)21:00
*** alee is now known as alee_headed_home21:00
*** alee_headed_home has quit IRC21:06
*** chlong has quit IRC21:08
*** jsavak has quit IRC21:10
*** rellerreller has joined #openstack-barbican21:11
*** openstackgerrit has quit IRC21:22
*** openstackgerrit has joined #openstack-barbican21:22
jvrbanacwoodster_, you21:25
woodster_jvrbanac: hey John21:28
jvrbanacwoodster_, hey, do you know why I'm getting a crap load of debug messages from sqlalchemy on trunk now?21:29
woodster_SheenaG: I looks like the look and feel in alee's first presentation version is borked :\21:29
woodster_jvrbanac: in local dev mode, or in our envs?21:30
*** rellerreller has quit IRC21:30
jvrbanacwoodster_, local dev21:30
woodster_jvrbanac: hmmm...if just running the app locally, then the config debug setting must be set to true now?21:31
jvrbanacwoodster_, nope21:31
jvrbanacI'm only getting debug messages from sqlalchemy and info from everything else.21:31
SheenaGwoodster_: you're seeing weird formatting on the edited version?21:34
SheenaGMine looked okay21:34
woodster_SheenaG: on the one that alee said he edited with openoffice21:35
woodster_jvrbanac: yeah it appears to be ignoring config settings....21:35
woodster_jvrbanac: wtf!!!!21:37
woodster_SheenaG: I can't just copy objects from a working ppt to that one...the colors are all borked :\21:37
SheenaGSo Ade's ppt looks okay but you can't copy objects in because they don't format correctly?21:40
woodster_jvrbanac: I see the problem (a string opt instead of a boolean one for's sql_pool_logging) :\ I'll put up a CR later this evening, sorry for that21:42
jvrbanacwoodster_, np21:43
jvrbanacwoodster_, btw, I'll try to put a CR tonight or tomorrow morning to address the unauthenticated context problem21:43
woodster_jvrbanac: yeah, I looked at that one...either we disable policy look ups like had in there before, or require X-Roles to be provided maybe?  That latter is not expected though, and would require changing docs, but would let folks play with role/RBAC behaviors locally21:45
jvrbanacwoodster_, actually I was thinking about just saying that if you don't provide a X-Roles then default to admin21:46
jvrbanacwoodster_, you're running without auth, so you're effectively admin anyhow21:46
jvrbanacwoodster_, you still want a external middleware to specify the role, but if it's not specified then you're using an admin role21:48
*** igueths has quit IRC21:49
jvrbanacwoodster_, thoughts? I know it sounds a bit crazy, but not really if you think about it21:51
woodster_jvrbanac: I like that approach21:56
woodster_jvrbanac: backwards compatible21:57
redrobotjvrbanac sounds reasonable to me21:59
*** pglass has quit IRC22:06
*** nelsnelson has quit IRC22:20
openstackgerritOpenStack Proposal Bot proposed openstack/barbican: Updated from global requirements
*** shakamunyi has joined #openstack-barbican22:47
*** barra204 has joined #openstack-barbican22:47
*** ccneill has quit IRC23:01
*** dave-mccowan has quit IRC23:02
*** barra204 has quit IRC23:04
*** shakamunyi has quit IRC23:04
*** redrobot has quit IRC23:04
*** redrobot has joined #openstack-barbican23:05
*** xaeth_afk has quit IRC23:05
*** redrobot is now known as Guest1989523:05
*** xaeth_afk has joined #openstack-barbican23:06
*** chlong has joined #openstack-barbican23:10
*** jhfeng has quit IRC23:11
*** dstufft has joined #openstack-barbican23:15
*** dave-mccowan has joined #openstack-barbican23:16
*** shakamunyi has joined #openstack-barbican23:18
*** barra204 has joined #openstack-barbican23:18
*** ccneill has joined #openstack-barbican23:31
*** dimtruck is now known as zz_dimtruck23:36
*** alee_headed_home has joined #openstack-barbican23:52

Generated by 2.14.0 by Marius Gedminas - find it at!