Tuesday, 2016-09-13

*** dimtruck is now known as zz_dimtruck00:00
openstackgerritzhangyanxian proposed openstack/barbican: typo fix  https://review.openstack.org/36192900:34
openstackgerritJamie Lennox proposed openstack/barbican: Don't inspect oslo.context  https://review.openstack.org/36909200:46
openstackgerritJamie Lennox proposed openstack/barbican: Don't inspect oslo.context  https://review.openstack.org/36909200:49
*** chlong_ has joined #openstack-barbican01:14
*** michauds has joined #openstack-barbican01:18
*** chlong_ has quit IRC01:49
*** chlong_ has joined #openstack-barbican02:06
*** zz_dimtruck is now known as dimtruck02:28
jamielennoxwoodster_: and others here: https://review.openstack.org/#/c/369092/ fixes a problem the release team is having with positional and oslo.context libraries02:38
jamielennoxit should be a really simple review when people have a moment and would unblock some release dependency problems02:39
woodster_jamielennox: should merge in a bit, thanks gain02:47
jamielennoxThat was quick, thanks02:50
woodster_jamielennox: it's fun to merge stuff in every once in a while :)02:52
openstackgerritMerged openstack/barbican: Don't inspect oslo.context  https://review.openstack.org/36909203:18
woodster_jamielennox: ^^^03:20
jamielennoxwoodster_: woot! thanks03:20
woodster_jamielennox: good luck unclogging things on your side!03:21
openstackgerritMerged openstack/python-barbicanclient: Use international logging message  https://review.openstack.org/35697903:31
openstackgerritMerged openstack/barbican: Fix test suite cleanup  https://review.openstack.org/35727703:53
*** michauds has quit IRC03:56
*** jamielennox is now known as jamielennox|away04:05
*** jamielennox|away is now known as jamielennox04:08
*** dimtruck is now known as zz_dimtruck04:29
*** jamielennox is now known as jamielennox|away04:41
*** jamielennox|away is now known as jamielennox04:46
*** jaosorior has joined #openstack-barbican05:21
*** jamielennox is now known as jamielennox|away05:53
*** jamielennox|away is now known as jamielennox06:00
*** jamielennox is now known as jamielennox|away06:13
*** jamielennox|away is now known as jamielennox06:30
*** andreas_s has joined #openstack-barbican06:49
*** shohel has joined #openstack-barbican06:50
*** woodster_ has quit IRC06:59
*** pcaruana has joined #openstack-barbican07:02
*** mmotiani has quit IRC07:11
*** mmotiani has joined #openstack-barbican07:16
*** openstackgerrit has quit IRC07:48
*** openstackgerrit has joined #openstack-barbican07:49
*** tkelsey has joined #openstack-barbican08:17
*** zigo_ is now known as zigo08:34
*** jaosorior is now known as jaosorior_lunch09:05
*** jaosorior_lunch is now known as jaosorior10:04
*** shohel1 has joined #openstack-barbican10:04
*** shohel has quit IRC10:05
*** shohel has joined #openstack-barbican10:09
*** shohel1 has quit IRC10:11
*** shohel has quit IRC10:15
*** permalac has joined #openstack-barbican10:17
*** shohel has joined #openstack-barbican10:28
*** spotz_zzz is now known as spotz10:49
*** permalac has quit IRC10:51
*** shohel has quit IRC11:07
*** spotz is now known as spotz_zzz11:16
*** permalac has joined #openstack-barbican12:33
openstackgerritMerged openstack/barbican: Support upper-constratints.txt in tox environments  https://review.openstack.org/35840412:55
*** jaosorior has quit IRC12:59
*** jaosorior has joined #openstack-barbican13:00
openstackgerritClenimar Filemon proposed openstack/python-barbicanclient: Cast sets to lists in acl functional tests  https://review.openstack.org/35184413:01
*** woodster_ has joined #openstack-barbican13:18
*** zz_dimtruck is now known as dimtruck13:42
arunkant_woodster: Thanks for comments on multiple backends reviews. Can you please check my reply (especially part 2 review) as I have to make changes based on it.13:46
arunkantwoodster_ ^^^13:49
arunkantDid I have typo again..woodster_ ^^^13:53
woodster_arunkant: replied back just now14:17
*** dimtruck is now known as zz_dimtruck14:24
*** jmckind has joined #openstack-barbican14:25
*** randallburt has joined #openstack-barbican14:31
*** randallburt1 has joined #openstack-barbican14:32
woodster_alee: redrobot In addition to Arun's CR's, this one would be good to land, and it's not too large: https://review.openstack.org/#/c/251168/    It has two +2's but I'd like for one of you two to 'bless'/merge it as it affects consumers API behavior somewhat14:32
*** randallburt has quit IRC14:35
*** dave-mccowan has joined #openstack-barbican14:41
*** zz_dimtruck is now known as dimtruck14:41
*** jaosorior has quit IRC15:02
aleearunkant, woodster_ https://review.openstack.org/#/c/354285  looks pretty good.  I will +2 once woodster_ comments are addressed15:03
aleearunkant, woodster_ as far as I can tell, the only thing to do there was to add some asserts in the tests (asuming the unused member variable is removed in a subsequent patch)15:05
*** edtubill has joined #openstack-barbican15:08
*** filler has quit IRC15:10
*** sigmavirus|awa has quit IRC15:11
*** _sigmavirus24 has joined #openstack-barbican15:12
*** filler has joined #openstack-barbican15:12
*** mixos has joined #openstack-barbican15:26
woodster_alee: agreed15:26
aleearunkant, woodster_ going through part 3 now ..15:28
woodster_alee: This one is so close once you've caught up on the others :)  https://review.openstack.org/#/c/251168/15:28
*** dave-mccowan has quit IRC15:32
*** dave-mccowan has joined #openstack-barbican15:37
*** diazjf has joined #openstack-barbican15:40
openstackgerritArun Kant proposed openstack/barbican: Central logic to sync secret store data with conf data (Part 3)  https://review.openstack.org/35754415:50
openstackgerritArun Kant proposed openstack/barbican: Adding rest API for secret-stores resource (Part 4)  https://review.openstack.org/35816215:50
openstackgerritArun Kant proposed openstack/barbican: Changes for multiple backend conf and friendly plugin names (Part 2)  https://review.openstack.org/35428515:50
arunkant_wooster, alee: Addressed review comments till part 3 .. will work for part 5 review comment.15:50
arunkantwoodster_ : ^^^15:51
*** jmckind_ has joined #openstack-barbican16:00
*** jmckind has quit IRC16:01
*** tdink has joined #openstack-barbican16:03
*** andreas_s has quit IRC16:07
*** randallburt1 has quit IRC16:17
*** permalac has quit IRC16:20
aleearunkant, posted some comments on the previous version of part 316:25
aleearunkant, more likely than not, they will still apply16:25
arunkantalee, thanks..let me check16:26
*** diazjf has quit IRC16:56
*** pcaruana has quit IRC16:59
*** randallburt has joined #openstack-barbican17:02
*** xek has quit IRC17:03
-openstackstatus- NOTICE: The Gerrit service on review.openstack.org is being restarted now to address current performance problems, but should return to a working state within a few minutes17:09
*** tkelsey has quit IRC17:22
*** xek has joined #openstack-barbican17:24
*** diazjf has joined #openstack-barbican17:47
openstackgerritMerged openstack/barbican: Remove consumer check for project_id to match containers  https://review.openstack.org/25116817:52
*** dimtruck is now known as zz_dimtruck18:03
*** diazjf has quit IRC18:18
*** diazjf has joined #openstack-barbican18:22
*** david-lyle has quit IRC18:23
openstackgerritMerged openstack/python-barbicanclient: Cast sets to lists in acl functional tests  https://review.openstack.org/35184418:25
*** david-lyle has joined #openstack-barbican18:26
arunkantalee: can you check my reply on part 3 (https://review.openstack.org/#/c/357544/8)  and please let me know your response.18:35
*** pcaruana has joined #openstack-barbican18:36
*** Kevin_Zheng has quit IRC18:38
*** Kevin_Zheng has joined #openstack-barbican18:38
aleearunkant, replied19:15
aleearunkant, woodster_ redrobot we never did implement active/passive secret stores eh?19:15
*** david-lyle has quit IRC19:16
*** dave-mccowan has quit IRC19:16
*** Daviey_ has quit IRC19:16
*** nkinder has quit IRC19:16
*** jamespage has quit IRC19:16
*** reaperhulk has quit IRC19:16
*** cargonza has quit IRC19:17
*** rm_work has quit IRC19:17
*** alee has quit IRC19:17
*** dgonzalez has quit IRC19:17
*** panatl has quit IRC19:17
*** rbradfor has quit IRC19:17
*** madorn has quit IRC19:17
*** beisner has quit IRC19:17
*** jamielennox has quit IRC19:17
*** Guest66666 has quit IRC19:17
*** mathiasb has quit IRC19:17
*** jorgem has quit IRC19:17
*** edtubill has quit IRC19:17
*** zigo has quit IRC19:17
*** zz_dimtruck has quit IRC19:17
*** spotz_zzz has quit IRC19:17
*** filler has quit IRC19:17
*** jgrassler has quit IRC19:17
*** hyakuhei has quit IRC19:17
*** _sigmavirus24 has quit IRC19:17
*** jraim has quit IRC19:17
*** phschwartz has quit IRC19:17
*** tdink has quit IRC19:17
*** alpha_ori has quit IRC19:17
*** Kevin_Zheng has quit IRC19:17
*** woodster_ has quit IRC19:17
*** Kiall_ has quit IRC19:17
*** vipul has quit IRC19:17
*** eglute has quit IRC19:18
*** jvrbanac has quit IRC19:18
*** chlong_ has quit IRC19:18
*** crc32|znc has quit IRC19:18
*** jmckind_ has quit IRC19:18
*** stevemar has quit IRC19:18
*** stupidnic has quit IRC19:18
*** haplo37_ has quit IRC19:18
*** tonyb has quit IRC19:18
*** pcaruana has quit IRC19:18
*** diazjf has quit IRC19:18
*** mixos has quit IRC19:18
*** DuncanT has quit IRC19:18
*** briancurtin has quit IRC19:18
*** kragniz has quit IRC19:18
*** tinwood has quit IRC19:18
*** openstackgerrit has quit IRC19:18
*** mmotiani has quit IRC19:18
*** arunkant has quit IRC19:18
*** julian1 has quit IRC19:18
*** kencjohnston has quit IRC19:18
*** _jungh4ns has quit IRC19:18
*** jroll has quit IRC19:18
*** tonyb has joined #openstack-barbican19:21
*** jmckind has joined #openstack-barbican19:23
*** reaperhulk has joined #openstack-barbican19:23
*** nkinder has joined #openstack-barbican19:23
*** jamespage has joined #openstack-barbican19:23
*** Daviey_ has joined #openstack-barbican19:23
*** dave-mccowan has joined #openstack-barbican19:23
*** crc32|znc has joined #openstack-barbican19:23
*** chlong_ has joined #openstack-barbican19:23
*** pcaruana has joined #openstack-barbican19:23
*** phschwartz has joined #openstack-barbican19:23
*** _sigmavirus24 has joined #openstack-barbican19:23
*** kragniz has joined #openstack-barbican19:23
*** Kiall_ has joined #openstack-barbican19:23
*** Kevin_Zheng has joined #openstack-barbican19:23
*** stupidnic has joined #openstack-barbican19:23
*** david-lyle has joined #openstack-barbican19:23
*** haplo37_ has joined #openstack-barbican19:23
*** edtubill has joined #openstack-barbican19:23
*** zigo has joined #openstack-barbican19:23
*** dimtruck has joined #openstack-barbican19:23
*** spotz_zzz has joined #openstack-barbican19:23
*** stevemar_ has joined #openstack-barbican19:23
*** vipul has joined #openstack-barbican19:23
*** eglute has joined #openstack-barbican19:23
*** jvrbanac has joined #openstack-barbican19:23
*** rm_work has joined #openstack-barbican19:23
*** alee has joined #openstack-barbican19:23
*** dgonzalez has joined #openstack-barbican19:23
*** panatl has joined #openstack-barbican19:23
*** rbradfor has joined #openstack-barbican19:23
*** madorn has joined #openstack-barbican19:23
*** beisner has joined #openstack-barbican19:23
*** jamielennox has joined #openstack-barbican19:23
*** Guest66666 has joined #openstack-barbican19:23
*** mathiasb has joined #openstack-barbican19:23
*** jorgem has joined #openstack-barbican19:23
*** hyakuhei has joined #openstack-barbican19:23
*** openstackgerrit has joined #openstack-barbican19:23
*** mmotiani has joined #openstack-barbican19:23
*** arunkant has joined #openstack-barbican19:23
*** julian1 has joined #openstack-barbican19:23
*** kencjohnston has joined #openstack-barbican19:23
*** _jungh4ns has joined #openstack-barbican19:23
*** jroll has joined #openstack-barbican19:23
*** tdink has joined #openstack-barbican19:23
*** alpha_ori has joined #openstack-barbican19:23
*** filler has joined #openstack-barbican19:23
*** jgrassler has joined #openstack-barbican19:23
*** tinwood has joined #openstack-barbican19:24
*** diazjf has joined #openstack-barbican19:24
aleearunkant, responded some more19:28
*** _jungh4ns has quit IRC19:35
*** briancurtin has joined #openstack-barbican19:38
*** diazjf has quit IRC19:40
*** woodster_ has joined #openstack-barbican19:48
*** DuncanT has joined #openstack-barbican20:00
*** jraim has joined #openstack-barbican20:01
*** cargonza has joined #openstack-barbican20:03
*** pcaruana has quit IRC20:11
*** diazjf has joined #openstack-barbican20:12
*** diazjf has quit IRC20:30
arunkantalee: ping20:32
*** diazjf has joined #openstack-barbican20:42
aleearunkant, pong20:45
arunkantalee: I thought it will be better to clarify comment Line #192 in https://review.openstack.org/#/c/357544/8/barbican/plugin/util/multiple_backends.py20:46
arunkantalee: trying to understand what is passive behavior?20:47
arunkantalee: and comment 'we need an active/passive field on the secret store.'20:48
aleearunkant, so sometime awhile back we considered adding active /passive secret stores20:49
aleethe idea was that one might want to migrate secrets from one secret store to another20:49
aleearunkant, lets say for instance you were using software plugin and then wanted to upgrade to a kmip or dogtag plugin20:50
arunkantalee: just to be clear..do you mean new secrets are created in different secret store (or backend) ..existing secrets still remain there20:50
aleecorrect - although at some point (out of band) someone could run a migration script that would retrieve a secret from the old store and re-store it in the new store20:51
aleearunkant, and then -- and only then - would the secret_store be retired20:52
aleearunkant, in any case, the question arises ..20:53
aleearunkant, we are providing an interface to allow project admins to select a backend for their secrets20:53
aleebut what if I do not want the project admin to select a particular plugin?20:54
arunkantalee: In that case, admin can remove preferred secret store setting ..20:55
aleearunkant, yes but that does not prevent some future admin from adding it20:55
aleethat is "project admin"20:56
aleearunkant, the basic problem is that -- right now based on your patches , configured == enabled20:56
arunkantalee: yes, it means it can be used if needed.20:57
aleearunkant, maybe this is a problem no one really cares about -- redrobot , woodster_ ?20:58
aleearunkant, this might also be something that we could resolve in a separate patch.20:59
arunkantalee: if someone does not want secret store to be used at all...then do not add in configuration.20:59
aleearunkant, yes -- but what if there are secrets stored there?20:59
aleearunkant, I still need to be able to get to them21:00
aleearunkant, right now, there is no way for me to say -- I want to keep store X around to retrieve whatecver secrets are there,  but I also do not want to store any new secrets there.21:02
arunkantalee: okay. There is a active flag (or status) on a secret store..may be it can be used to restrict that to list only active secret stores.21:02
aleearunkant, ok good -- we dont need another field then21:02
arunkantalee: I think if this is needed, it can be enhanced via that mechanism ..21:02
aleeagreed -- no need to do in this patch set21:03
aleeshould be easy to add21:03
arunkantalee: okay. We can certainly revisit this aspect in next release as there is solution available.21:04
aleeyup we can chat about at summit.21:04
aleearunkant, the question still arises though ..21:05
arunkantalee: yes, its change in secret stores list API ..just to include active based on 'status' or flag21:05
*** randallburt has quit IRC21:05
aleearunkant, on startup , should we remove secret stores if there are secrets still stored there?21:05
aleearunkant, if we do - then we end up starting up with many secrets potentially inaccessible21:06
arunkantalee: Currently if secrets are used, then to make it work, related configuration needs to be there21:06
aleewith nary a warning21:06
aleesure - but if someone misconfigures , we start up and secrets are broken and we are none the wiser21:07
aleearunkant, I think we should check .. and we should error out.  we can also provide an override flag if someone does not care about whatever secrets are there21:09
aleearunkant, after all  -- why check project preferred plugins and not secrets?21:09
arunkantalee: Did not change that area as  it is existing behavior. preferred plugin is something which was added new that's why added check.21:11
aleearunkant, understood, but we're checking to avoid misconfiguration ..21:12
aleearunkant, I'll defer to what woodster_ and redrobot think about this ..21:13
openstackgerritClenimar Filemon proposed openstack/python-barbicanclient: Use keystoneauth  https://review.openstack.org/31944621:13
aleearunkant, back in a little bit/ going for run21:14
arunkantalee: question for that..if we want to have that behavior (check before removal that a secret store is used in existing secret) .. and then want to have flag..what's the default for that21:14
aleearunkant, default is to fail and error out on startup21:15
arunkantalee: it will be different behavior when multiple backend is enabled ..is that okay?21:15
arunkantalee: currently barbican will start without any error. Error will only come when someone tries to use that secret21:16
aleearunkant, meaning that it will just crash and burn if you take away/replace  the one plugin you have -- yeah, I can live with that21:17
arunkantalee: which may or may not be significant in that case.21:17
arunkantalee: okay..I will add that flag with default to raise error if any secret is using it..21:18
aleearunkant, cool ,21:18
aleearunkant, of course the admin wont know -- it will the poor user who somehow cannot get his secret!21:18
arunkantalee: other change (active/ passive secret store) can be done later in a separate patch21:19
aleearunkant, agreed21:19
*** alee is now known as alee_run21:20
arunkantalee: one last thing..do you want to have 2 separate method for get_applicable_plugins logic21:20
alee_runarunkant, yeah - I think it makes things clearer21:20
arunkantalee: okay..will do that..thanks21:20
alee_runarunkant, its a small amount of repeat - but it will make more sense in 6 months21:21
*** dave-mccowan has quit IRC21:26
*** gyee has joined #openstack-barbican21:28
*** edtubill has quit IRC21:33
*** tdink has quit IRC22:02
*** diazjf has quit IRC22:11
*** jmckind has quit IRC22:13
*** dave-mccowan has joined #openstack-barbican22:15
*** dave-mccowan has quit IRC22:16

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!