| *** rose has quit IRC | 00:06 | |
| *** juantwo has quit IRC | 00:15 | |
| *** SheenaG1 has joined #openstack-barbican | 00:15 | |
| *** gyee has quit IRC | 00:18 | |
| *** juantwo has joined #openstack-barbican | 00:29 | |
| *** juantwo has quit IRC | 00:29 | |
| *** juantwo has joined #openstack-barbican | 00:29 | |
| *** bdpayne has quit IRC | 00:51 | |
| *** jorge_munoz has joined #openstack-barbican | 01:03 | |
| *** alee has quit IRC | 01:28 | |
| *** alee has joined #openstack-barbican | 01:28 | |
| *** juantwo has quit IRC | 01:33 | |
| *** woodster_ has quit IRC | 01:35 | |
| *** jorge_munoz has quit IRC | 01:46 | |
| *** jorge_munoz has joined #openstack-barbican | 01:48 | |
| *** jorge_munoz has joined #openstack-barbican | 01:53 | |
| *** jorge_munoz has quit IRC | 01:54 | |
| *** juantwo has joined #openstack-barbican | 01:56 | |
| *** jorge_munoz has joined #openstack-barbican | 01:58 | |
| *** juantwo has quit IRC | 01:58 | |
| *** juantwo has joined #openstack-barbican | 01:58 | |
| *** lisaclark1 has joined #openstack-barbican | 02:26 | |
| *** akoneru has quit IRC | 02:35 | |
| *** kebray has joined #openstack-barbican | 03:09 | |
| *** kebray has quit IRC | 03:17 | |
| *** ajc_ has joined #openstack-barbican | 03:25 | |
| *** lisaclark1 has quit IRC | 03:26 | |
| *** lisaclark1 has joined #openstack-barbican | 03:26 | |
| *** jorge_munoz has quit IRC | 03:33 | |
| *** jorge_munoz has joined #openstack-barbican | 03:40 | |
| *** lisaclark1 has quit IRC | 03:50 | |
| *** jorge_munoz has quit IRC | 03:52 | |
| *** ayoung has quit IRC | 04:05 | |
| *** jaosorior has joined #openstack-barbican | 05:46 | |
| *** juantwo_ has joined #openstack-barbican | 08:16 | |
| *** juantwo has quit IRC | 08:20 | |
| *** d0ugal has quit IRC | 10:08 | |
| *** d0ugal has joined #openstack-barbican | 10:08 | |
| *** SheenaG1 has quit IRC | 11:16 | |
| *** SheenaG1 has joined #openstack-barbican | 11:20 | |
| *** alee has quit IRC | 12:04 | |
| *** woodster_ has joined #openstack-barbican | 12:09 | |
| *** woodster_ is now known as woodster | 12:10 | |
| *** ajc_ has quit IRC | 12:48 | |
| *** nkinder has quit IRC | 13:12 | |
| *** ayoung has joined #openstack-barbican | 13:14 | |
| *** juantwo_ has quit IRC | 13:37 | |
| *** juantwo has joined #openstack-barbican | 13:37 | |
| *** alee has joined #openstack-barbican | 13:40 | |
| *** samuelbercovici has joined #openstack-barbican | 13:58 | |
| *** SheenaG1 has quit IRC | 14:01 | |
| *** jorge_munoz has joined #openstack-barbican | 14:07 | |
| *** lisaclark1 has joined #openstack-barbican | 14:13 | |
| *** nkinder has joined #openstack-barbican | 14:16 | |
| *** ametts has quit IRC | 14:27 | |
| *** lisaclark1 has quit IRC | 14:30 | |
| *** SheenaG1 has joined #openstack-barbican | 14:30 | |
| *** SheenaG1 has left #openstack-barbican | 14:30 | |
| *** usimha has joined #openstack-barbican | 14:32 | |
| *** lisaclark1 has joined #openstack-barbican | 14:35 | |
| rm_work | reaperhulk / redrobot / woodster / hockeynut / jvrbanac / others: who would I talk to about Postern? :P | 14:37 |
|---|---|---|
| jvrbanac | rm_work, pull request accepted? ;) | 14:37 |
| rm_work | hehe | 14:37 |
| jvrbanac | rm_work, no one has really worked on Postern yet. | 14:38 |
| rm_work | am I looking at the right repo here? https://github.com/cloudkeep/postern | 14:38 |
| rm_work | IE, it is still totally unstarted? | 14:38 |
| hockeynut | looks like jraim was the last one to get his paws on it | 14:39 |
| hockeynut | new owner = rm_work ? | 14:39 |
| rm_work | lol, awesome | 14:39 |
| rm_work | T_T | 14:39 |
| jvrbanac | rm_work, pretty much. I think there was a POC somewhere at some point that was used, but it need a lot of work. | 14:39 |
| jvrbanac | rm_work, well, it really needed a fresh start | 14:40 |
| rm_work | yeah | 14:40 |
| rm_work | not sure that I'm your man for that particular job though :P | 14:40 |
| rm_work | my security background with respect to actually implementing anything hardened is … somewhat lacking | 14:41 |
| *** paul_glass has joined #openstack-barbican | 14:44 | |
| *** samuelbercovici has quit IRC | 14:51 | |
| *** atiwari has joined #openstack-barbican | 14:58 | |
| *** lisaclark1 has quit IRC | 15:02 | |
| *** paul_glass1 has joined #openstack-barbican | 15:02 | |
| *** kebray has joined #openstack-barbican | 15:04 | |
| *** paul_glass has quit IRC | 15:05 | |
| *** lisaclark1 has joined #openstack-barbican | 15:06 | |
| jaosorior | rm_work: sorry, I wasn't able to review your stuff at the office, I had too much unexpected stuff there. At home I'll do it though | 15:09 |
| rm_work | jaosorior: np | 15:09 |
| *** dolphm has left #openstack-barbican | 15:11 | |
| *** juantwo_ has joined #openstack-barbican | 15:13 | |
| *** juantwo has quit IRC | 15:16 | |
| *** juantwo_ has quit IRC | 15:21 | |
| *** juantwo has joined #openstack-barbican | 15:21 | |
| redrobot | rm_work I htink it's weird that the Containers have a type property | 15:21 |
| rm_work | redrobot: I think you're weird | 15:21 |
| redrobot | rm_work I was expecting the type to be implied by the object type | 15:22 |
| rm_work | redrobot: well, kinda | 15:22 |
| rm_work | redrobot: it's helpful to be able to get an explicit type, I think | 15:23 |
| * redrobot shrugs | 15:23 | |
| rm_work | it's not like the user has to set it if they use the typed objects | 15:24 |
| rm_work | they don't HAVE to read it, either :P | 15:24 |
| redrobot | so you'd my_container.type == "blah" instead of type(my_container) == SomeClass ? | 15:25 |
| rm_work | eh | 15:25 |
| rm_work | possibly | 15:25 |
| redrobot | if I wanted to check they container type for some reason | 15:25 |
| rm_work | but internally it is useful because we need to pass a string type to the API :P | 15:26 |
| rm_work | I could "not expose it" but | 15:26 |
| rm_work | it's still necessary internally | 15:26 |
| rm_work | and exposing it allows people to create containers of any type using the generic Container class if they really want | 15:26 |
| redrobot | so Container(type="rsa") woud return an RSAContainer? That doesn't feel right to me | 15:29 |
| rm_work | redrobot: no | 15:30 |
| rm_work | but it would create one | 15:30 |
| redrobot | right, so Container.save() would create an RSA container, but then getting it again would give you an RSAContainer? | 15:30 |
| rm_work | yes | 15:31 |
| redrobot | still doesn't seem right. | 15:31 |
| rm_work | I mean, the alternative is just arbitrary restriction | 15:31 |
| rm_work | I can see times when writing code that it would be much easier to do it that way | 15:31 |
| redrobot | rm_work I think that it's weird that the thest in this code block is false: http://paste.openstack.org/show/110180/ | 15:35 |
| redrobot | s/thest/test/ | 15:35 |
| *** atiwari has quit IRC | 15:35 | |
| rm_work | I mean, i get it | 15:35 |
| rm_work | I just don't see the problem | 15:36 |
| *** lisaclark1 has quit IRC | 15:37 | |
| *** gyee has joined #openstack-barbican | 15:37 | |
| redrobot | rm_work I don't really see a benefit to stringly-typed containers | 15:37 |
| *** lisaclark1 has joined #openstack-barbican | 15:37 | |
| rm_work | stringly or strongly? :P | 15:37 |
| redrobot | stringly | 15:37 |
| rm_work | hmm | 15:38 |
| redrobot | because you pass a string to define the type :-P | 15:38 |
| rm_work | yes | 15:38 |
| rm_work | I get it :P | 15:38 |
| rm_work | so.... | 15:38 |
| rm_work | one thing I could do | 15:39 |
| rm_work | hmm | 15:39 |
| rm_work | well | 15:39 |
| rm_work | I guess I could have an internal dictionary of Class to String | 15:40 |
| redrobot | yeah, I was thinking the client code would just instantiate the appropriate class, then we'd figure out the right string to send to Barbican | 15:40 |
| rm_work | so when we go to actually save() I could pull from self._type_mapping[type(self)] or something like that | 15:40 |
| redrobot | that way client code doesn't need to know what the magic strings are | 15:40 |
| rm_work | well, the client doesn't really | 15:41 |
| rm_work | *doesn't NEED to | 15:41 |
| rm_work | if they create via the Typed Objects, or are actually just doing a generic container, they don't need to know a string | 15:41 |
| rm_work | it's all automatic | 15:42 |
| *** lisaclark1 has quit IRC | 15:42 | |
| redrobot | what if I want to create a new RSA container client side... I could do it either by instantiating the RSAContainer class or by passing "rsa" to the Container class? | 15:43 |
| rm_work | yes | 15:43 |
| redrobot | if I choose to pass the "rsa" string, the the consumin code now has to know what that string is | 15:43 |
| rm_work | so if you don't know the magic string, just use RSAContainer() | 15:43 |
| rm_work | redrobot: err | 15:43 |
| rm_work | wat | 15:43 |
| redrobot | so if we change it in Barbican proper, client code would have to change also | 15:43 |
| rm_work | well, that's always going to be the case | 15:43 |
| redrobot | client code here = an app using barbicanclient | 15:43 |
| rm_work | oh, no? why would it have to change | 15:44 |
| rm_work | well, i mean, if they're using the string -- but they don't HAVE to use the string :P | 15:44 |
| redrobot | right, but I think it'd be even better if they never get the choice to use it | 15:44 |
| rm_work | you just want less options? | 15:44 |
| rm_work | I mean, I could take "type" out of the passed args | 15:44 |
| rm_work | that'd be the only code change | 15:45 |
| rm_work | to facilitate that | 15:45 |
| redrobot | yeah, I think that'd be awesome | 15:45 |
| redrobot | and remove the type property | 15:45 |
| rm_work | I think it's limiting :P | 15:45 |
| rm_work | but | 15:45 |
| rm_work | I can do it | 15:46 |
| rm_work | I need the type property though | 15:46 |
| rm_work | because I need to read what type it is to generate the right kind of object when we GET a container | 15:46 |
| rm_work | but it could be read-only | 15:47 |
| rm_work | also for listing containers | 15:47 |
| rm_work | it is necessary | 15:47 |
| rm_work | since in a list they are all displayed generically | 15:47 |
| rm_work | with a type field | 15:47 |
| redrobot | can you make it _private? | 15:47 |
| rm_work | I don't see the point <_< | 15:48 |
| rm_work | if it's read-only | 15:48 |
| redrobot | it's so that people don't write code around it | 15:48 |
| rm_work | you accomplish your goal of "people won't use it for creates", you really that badly don't want them to see it at all? | 15:48 |
| redrobot | yeah, I want it to be able to change if needed, without breaking too much stuff | 15:49 |
| jvrbanac | rm_work, ping | 15:49 |
| rm_work | jvrbanac: yes I am here :P | 15:49 |
| rm_work | bah i didn't upgrade my pycharm license on this machine | 15:50 |
| jvrbanac | rm_work, quick question. Is there a reason why you're overriding the reserved name "type" in https://review.openstack.org/#/c/113393/14/barbicanclient/containers.py | 15:50 |
| rm_work | heh | 15:50 |
| rm_work | I thought about if it mattered / if i cared, and the answer I came up with was "nope" | 15:50 |
| * redrobot thinks jvrbanac is late to the party | 15:50 | |
| redrobot | :-P | 15:50 |
| rm_work | if you want me to change it just because it is "bad practice" or something, I don't have a specific objection | 15:50 |
| rm_work | but yes, if redrobot gets his way, it will disappear entirely | 15:51 |
| rm_work | so your concern won't even be valid :P | 15:51 |
| *** arunkant_work has joined #openstack-barbican | 15:51 | |
| redrobot | I don't think it's shadowing type in this context | 15:51 |
| redrobot | it's always self.type() | 15:51 |
| rm_work | right | 15:51 |
| jvrbanac | lawls.... I just read the logback on the channel... woops | 15:51 |
| rm_work | heh | 15:51 |
| rm_work | yes, I thought your interjection was humorous :P | 15:51 |
| rm_work | jvrbanac: i opted for "clear meaning in the current context" | 15:52 |
| rm_work | instead of trying to come up with a new name for what is literally "type" in the API JSON | 15:52 |
| rm_work | since it didn't actually interfere with the type keyword at any point | 15:53 |
| *** atiwari has joined #openstack-barbican | 15:53 | |
| rm_work | pycharm still gives me smells for it constantly but I pointedly ignore it | 15:53 |
| rm_work | but | 15:53 |
| rm_work | that said, redrobot wants type() gone | 15:54 |
| rm_work | so your complaint is barely relevant in that context :P | 15:54 |
| rm_work | redrobot: so, if I get rid of the type arg in Container()'s signature | 15:54 |
| rm_work | and get rid of the properties for it | 15:54 |
| rm_work | and simply set and read self._type internally | 15:55 |
| rm_work | that would satisfy you? | 15:55 |
| redrobot | yes, I would think that's awesome ^_^ ... also debating myself right now if maybe we want the different Container classes defined at the module level, in case we need to import them somewhere | 15:56 |
| rm_work | erk | 15:56 |
| rm_work | I mean, you can still import them | 15:56 |
| rm_work | for example... | 15:56 |
| rm_work | https://review.openstack.org/gitweb?p=openstack/python-barbicanclient.git;a=blob;f=barbicanclient/test/test_client_containers.py;h=3c7c23243a4c4930d467d3ed02ea17a03ca6d21f;hb=2da3c3d3828262c875bc45e1ab937c3691bab038#l309 | 15:59 |
| rm_work | :P | 15:59 |
| rm_work | not sure what you want exactly | 16:00 |
| atiwari | reaperhulk, woodster do you guys know where we stand on https://github.com/cloudkeep/barbican/wiki/Blueprint:-Initial-Approach-to-Keystone-Interaction use cases? | 16:01 |
| rm_work | atiwari: wow, that looks very much like what I've been working on for a while now | 16:02 |
| rm_work | atiwari: http://goo.gl/X3kKIX | 16:02 |
| atiwari | rm_work, great | 16:03 |
| rm_work | I think their solution is probably better | 16:03 |
| rm_work | I was just trying to get something to WORK with the current system | 16:03 |
| rm_work | I am interested in what they're doing | 16:03 |
| rm_work | redrobot: I will do that I guess <_< | 16:04 |
| redrobot | rm_work ok, I'm fine with the classes where they are | 16:06 |
| redrobot | rm_work but yes, I'd like that type change | 16:06 |
| rm_work | redrobot: ok, one side-effect | 16:13 |
| redrobot | rm_work shoot | 16:13 |
| rm_work | redrobot: now if a user does "my_existing_container = RSAContainer(container_ref='blah')" | 16:13 |
| rm_work | and the container is actually a CertificateContainer | 16:14 |
| rm_work | it will straight up return a CertificateContainer | 16:14 |
| rm_work | previously, it would have complained and raised an exception about expected type not matching | 16:14 |
| redrobot | weird... should that be an exception maybe? | 16:14 |
| rm_work | yes | 16:14 |
| rm_work | but now I can't do that easily | 16:14 |
| rm_work | err, well | 16:14 |
| rm_work | scratch that, I just need to reorganize I think | 16:15 |
| rm_work | <_< | 16:15 |
| rm_work | so, question then | 16:15 |
| rm_work | should it be possible for Container(container_ref=blah) to return an RSAContainer? | 16:15 |
| rm_work | or do they absolutely *need* to know the type to get the container out? | 16:15 |
| rm_work | that seems… >_> | 16:15 |
| rm_work | suboptimal | 16:16 |
| rm_work | but if we allow that, it violates your constraint that the factory only return the specific type that was "requested" | 16:16 |
| rm_work | but NOT allowing that, it becomes overly burdensome on the user just to get their container out | 16:17 |
| redrobot | rm_work trying to think of use cases for Container(container_ref="http://actually_an_rsa_container") ... ? | 16:18 |
| redrobot | I mean, it's my container, I should know what type it is? :-\ | 16:19 |
| rm_work | well, without it, how would the user even be able to find out what type a container is with the client? >_> | 16:19 |
| rm_work | programmatically | 16:19 |
| rm_work | if you can't GET the container without knowing the type | 16:19 |
| rm_work | but you can't know the type programmatically without doing a GET :P | 16:19 |
| rm_work | remember, containers are going to be passed to other services | 16:20 |
| rm_work | it might not be *your* container | 16:20 |
| rm_work | though there should theoretically be an "expected type" in those cases... | 16:20 |
| redrobot | yeah... wonder if we just need a containers.get_container(container_ref) that returns the correct type? | 16:20 |
| rm_work | <_< | 16:20 |
| redrobot | but now I can't remember why we wanted to move away from that ? | 16:21 |
| rm_work | lol | 16:21 |
| rm_work | the spec said so, for one | 16:21 |
| rm_work | :P | 16:21 |
| rm_work | and I do honestly like these factory methods a lot more | 16:21 |
| rm_work | erk | 16:21 |
| rm_work | sec, please leave your thoughts, I will brb in a sec | 16:21 |
| *** SheenaG1 has joined #openstack-barbican | 16:22 | |
| rm_work | err and by "sec" i now mean "a while" | 16:23 |
| atiwari | rm_work, in the seq diagram you are LBaaS is creating trust on behalf of use. | 16:26 |
| *** akoneru has joined #openstack-barbican | 16:27 | |
| atiwari | I think that is not allowed | 16:27 |
| rm_work | atiwari: haha | 16:27 |
| rm_work | yes | 16:27 |
| rm_work | so | 16:27 |
| rm_work | I have had HOURS of discussion on this | 16:27 |
| rm_work | technically it is possible | 16:27 |
| rm_work | but it "depends" | 16:27 |
| rm_work | which is not great, because then there are cases where it works and some where it doesn't | 16:27 |
| rm_work | oh right, I was going to be afk for a few… >_> | 16:28 |
| * rm_work goes afk for a few min | 16:28 | |
| atiwari | I think we need to report it to Keystone folks, it is security issue | 16:28 |
| rm_work | atiwari: these discussions were *with* keystone folks | 16:28 |
| rm_work | specifically ayoung | 16:28 |
| rm_work | who apparently is here | 16:28 |
| atiwari | are they ok with this issue? | 16:28 |
| rm_work | not particularly :P | 16:28 |
| rm_work | I think his statement was something like "I am trying my hardest to prevent things like this from being possible, but if you want to do it we can't stop you" | 16:29 |
| atiwari | ok | 16:29 |
| rm_work | atiwari: also of interest might be this morning's LBaaS meeting | 16:29 |
| rm_work | http://eavesdrop.openstack.org/meetings/neutron_lbaas/2014/neutron_lbaas.2014-09-11-14.00.log.html | 16:30 |
| rm_work | first topic | 16:30 |
| rm_work | Barbican integration -- Keystone Trusts, comments and concerns (rm_work) | 16:30 |
| rm_work | that went for about 30 minutes :) | 16:30 |
| rm_work | I explain most of what the issues are | 16:30 |
| rm_work | seriously tho, afk for a few | 16:30 |
| atiwari | hmm | 16:31 |
| rm_work | atiwari: it kind of comes down to the never-ending tug-o-war between security and usability | 16:40 |
| rm_work | we think making the user do the Trust stuff themselves is horrible usability | 16:40 |
| rm_work | but allowing for a service like us to create trusts on someone's behalf is unarguably a security hole, to some degree | 16:40 |
| rm_work | I definitely don't think ayoung is *wrong* in his quest to plug holes like that, but I also hope that he sees the value of what we're trying to do as well (make a seamless user experience) | 16:41 |
| rm_work | it's about finding a balance, usually | 16:41 |
| rm_work | but anyway, I should talk to the guys that are working on the Cinder side of this :P | 16:42 |
| rm_work | looks like they may have some thoughts that would be useful to LBaaS as well, even though their stuff is slightly different | 16:42 |
| rm_work | I am going to lunch right now, I will be back in an hour+, can resume this conversation then? (both conversations actually, redrobot / atiwari ) | 16:43 |
| atiwari | rm_work, problem is *IMO* it is security issue and if you design your use case around those issue it may cause problems later | 16:43 |
| atiwari | rm_work, sure | 16:43 |
| rm_work | atiwari: yes, that is a concern | 16:43 |
| rm_work | kk, bbl | 16:43 |
| atiwari | also can you provide me cinder contact | 16:44 |
| atiwari | no rush | 16:44 |
| *** alee is now known as alee_lunch | 16:45 | |
| ayoung | rm_work, I understand it, and it is one of thing things that I wrote up as a blueprint a long time ago but the world was not there yet... https://blueprints.launchpad.net/keystone/+spec/delegation-workplans | 16:50 |
| ayoung | atiwari, I think the trust creation needs to be done by the user, but the trust definition does not. The user should have to "sign on the dotted line" that the trust is OK | 16:51 |
| atiwari | ayoung, seems correct | 16:52 |
| atiwari | but who is going to define the trust? | 16:53 |
| ayoung | atiwari, you know, I think it is OK for LBaaS or Heat to do it, so long as the user actually creates it | 16:53 |
| ayoung | the client can be smart enough to show the user the trust definitino | 16:53 |
| ayoung | longer term, I would like to have them pre-canned in Keystone, and thus subject to a third party review as well | 16:54 |
| ayoung | I think we need to be iterative: lets get something that works now based on "You create the trust for me" I promise to break that on you in the future, and you work towards the day when I break that | 16:54 |
| ayoung | atiwari, the problem is, the day is coming where not all end services are trusted with all resources. | 16:55 |
| atiwari | ok, I am still not clear on "the client can be smart enough to show the user the trust definitino" | 16:57 |
| atiwari | btw thanks ayoung, | 16:57 |
| atiwari | seems some kind of workflow ? | 16:58 |
| *** nkinder_ has joined #openstack-barbican | 17:03 | |
| *** nkinder has quit IRC | 17:07 | |
| openstackgerrit | Paul Kehrer proposed a change to openstack/barbican: PKCS11 refactor to use a master KEK and per project KEK https://review.openstack.org/120498 | 17:19 |
| *** tkelsey_ has joined #openstack-barbican | 17:29 | |
| *** tkelsey_ is now known as tkelsey | 17:31 | |
| *** alee_lunch is now known as alee | 17:45 | |
| *** openstackgerrit has quit IRC | 17:46 | |
| *** openstackgerrit has joined #openstack-barbican | 17:47 | |
| *** tkelsey has quit IRC | 17:58 | |
| *** usimha has quit IRC | 17:59 | |
| *** rose_ has joined #openstack-barbican | 18:10 | |
| atiwari | woodster, redrobot can we make some progress on https://review.openstack.org/#/c/118697/? | 18:15 |
| atiwari | thanks | 18:15 |
| jvrbanac | reaperhulk, ping | 18:21 |
| *** mikedillion has joined #openstack-barbican | 18:27 | |
| *** mikedillion has quit IRC | 18:30 | |
| *** Stanzi has joined #openstack-barbican | 18:36 | |
| Stanzi | hello, this is a test | 18:36 |
| *** Stanzi has quit IRC | 18:37 | |
| *** Constanze has joined #openstack-barbican | 18:38 | |
| *** paul_glass1 has quit IRC | 18:41 | |
| jaosorior | rm_work: so, the result of the __str__ cr is that the containers are printed differently per type but the same if listed? | 18:52 |
| Constanze | I submitted the following CR's for the Barbican docs. I'm looking for reviewers. Thanks! | 18:52 |
| Constanze | https://review.openstack.org/#/c/117889/ https://review.openstack.org/#/c/119931/ https://review.openstack.org/#/c/119932/ https://review.openstack.org/#/c/120156/ https://review.openstack.org/#/c/120161/ https://review.openstack.org/#/c/120163/ | 18:52 |
| jaosorior | I still think this could have been a bit simpler just by using inheritance | 18:53 |
| jaosorior | But why does listing the containers of different types have to be the same? | 18:54 |
| *** stanzi has joined #openstack-barbican | 18:57 | |
| *** annegentle has joined #openstack-barbican | 19:00 | |
| jaosorior | And stuff | 19:04 |
| jvrbanac | stanzi, I'm taking a look at a couple of them right now | 19:05 |
| *** russellb has quit IRC | 19:05 | |
| *** russellb has joined #openstack-barbican | 19:07 | |
| stanzi | Great. Thanks, John! | 19:07 |
| *** lbragstad has quit IRC | 19:07 | |
| reaperhulk | jvrbanac what's up? | 19:08 |
| *** xaeth has quit IRC | 19:09 | |
| *** jillysciarilly has quit IRC | 19:09 | |
| *** dstufft has quit IRC | 19:10 | |
| *** hockeynut has quit IRC | 19:10 | |
| *** lbragstad has joined #openstack-barbican | 19:10 | |
| *** dstufft has joined #openstack-barbican | 19:10 | |
| *** kebray has quit IRC | 19:10 | |
| jvrbanac | reaperhulk, I was looking at your review noticed that you're pulling the hmac_key and the mkek_key from the same dict. It seems like potentially a problem if someone accidentally defines the same label name for both the mkek_label hmac_label. | 19:10 |
| jvrbanac | reaperhulk, thoughts? | 19:10 |
| *** paul_glass has joined #openstack-barbican | 19:12 | |
| *** hockeynut has joined #openstack-barbican | 19:12 | |
| *** paul_glass1 has joined #openstack-barbican | 19:14 | |
| *** reaperhulk has quit IRC | 19:14 | |
| *** russellb has quit IRC | 19:15 | |
| *** paul_glass has quit IRC | 19:17 | |
| *** paul_glass1 is now known as paul_glass | 19:18 | |
| *** annegentle has quit IRC | 19:18 | |
| *** lbragstad has quit IRC | 19:19 | |
| *** hockeynut has quit IRC | 19:21 | |
| *** hockeynut has joined #openstack-barbican | 19:21 | |
| *** nkinder_ has quit IRC | 19:23 | |
| *** lbragstad has joined #openstack-barbican | 19:23 | |
| *** lbragstad has quit IRC | 19:28 | |
| *** hockeynut has quit IRC | 19:30 | |
| *** hockeynut has joined #openstack-barbican | 19:30 | |
| akoneru | redrobot, ping | 19:34 |
| *** lbragstad has joined #openstack-barbican | 19:34 | |
| *** lbragstad has quit IRC | 19:37 | |
| redrobot | hi akoneru | 19:39 |
| *** hockeynut has quit IRC | 19:39 | |
| akoneru | redrobot, hi. i have a question regarding a jenkins failure for my CR. Got a minute? | 19:39 |
| *** hockeynut has joined #openstack-barbican | 19:40 | |
| *** paul_glass has quit IRC | 19:40 | |
| *** paul_glass has joined #openstack-barbican | 19:40 | |
| akoneru | redrobot, the py26 gate tests are failing. in the console.html, i came across this error - error: testr failed (3) | 19:41 |
| akoneru | 2014-09-10 22:02:58.146 | ERROR: InvocationError: '/home/jenkins/workspace/gate-barbican-python26/.tox/py26/bin/python setup.py testr --coverage' | 19:41 |
| redrobot | akoneru is that on your local dev box? | 19:41 |
| akoneru | redrobot, no. i submitted the CR. i see this in the Jenkins UI. I started looking into running tests using tox locally, but wanted to know the exact failure reason first. | 19:43 |
| redrobot | akoneru can you give me the cr link? | 19:43 |
| akoneru | redrobot, https://review.openstack.org/#/c/117845/ | 19:43 |
| *** ryanpetrello has quit IRC | 19:44 | |
| *** ryanpetrello has joined #openstack-barbican | 19:44 | |
| *** ryanpetrello is now known as ryanpetre | 19:44 | |
| *** hockeynut has quit IRC | 19:48 | |
| *** jillysciarilly has joined #openstack-barbican | 19:51 | |
| *** xaeth has joined #openstack-barbican | 19:52 | |
| *** reaperhulk has joined #openstack-barbican | 19:56 | |
| redrobot | akoneru looking... also having a discussion here about another issue, so give me a few... | 19:56 |
| akoneru | redrobot, sure. thanks! | 19:58 |
| *** lbragstad has joined #openstack-barbican | 20:02 | |
| *** bubbva has quit IRC | 20:05 | |
| *** bubbva has joined #openstack-barbican | 20:05 | |
| jvrbanac | reaperhulk, thoughts on my question? | 20:08 |
| *** nkinder_ has joined #openstack-barbican | 20:11 | |
| *** tkelsey has joined #openstack-barbican | 20:23 | |
| *** tkelsey has quit IRC | 20:29 | |
| *** SheenaG11 has joined #openstack-barbican | 20:31 | |
| *** SheenaG1 has quit IRC | 20:33 | |
| openstackgerrit | Matthew Treinish proposed a change to openstack/barbican: Install tempest instead of just adding it to PYTHONPATH https://review.openstack.org/120904 | 20:36 |
| openstackgerrit | Matthew Treinish proposed a change to openstack/barbican: Switch to running tests in parallel with testr https://review.openstack.org/120905 | 20:36 |
| *** akoneru is now known as akoneru_brb | 20:40 | |
| redrobot | akoneru_brb I can't tell what's going on in that failure. And I'm having a completely different error on my machine -___- | 20:45 |
| *** rose_ has quit IRC | 20:54 | |
| *** akoneru_brb is now known as akoneru | 21:29 | |
| akoneru | redrobot, oh. ok. thanks! i will keep looking into it | 21:29 |
| openstackgerrit | Matthew Treinish proposed a change to openstack/barbican: Switch to running tests in parallel with testr https://review.openstack.org/120905 | 21:30 |
| *** alee is now known as alee_heading_hom | 21:32 | |
| reaperhulk | jvrbanac: I don't think I saw a question | 21:33 |
| jvrbanac | reaperhulk, I was looking at your review noticed that you're pulling the hmac_key and the mkek_key from the same dict. It seems like potentially a problem if someone accidentally defines the same label name for both the mkek_label hmac_label. | 21:34 |
| openstackgerrit | Constanze Kratel proposed a change to openstack/barbican: removed whitespace from pom.xml https://review.openstack.org/120161 | 21:35 |
| openstackgerrit | Constanze Kratel proposed a change to openstack/barbican: removed tenant id from code samples https://review.openstack.org/120163 | 21:35 |
| openstackgerrit | Constanze Kratel proposed a change to openstack/barbican: removing cq-devguide.wadl which was added by mistake https://review.openstack.org/119931 | 21:35 |
| openstackgerrit | Constanze Kratel proposed a change to openstack/barbican: Updated dev guide to include feedback from previous tech review https://review.openstack.org/117889 | 21:35 |
| openstackgerrit | Constanze Kratel proposed a change to openstack/barbican: Update Getting Started Guide to include tech review feedback https://review.openstack.org/120156 | 21:35 |
| openstackgerrit | Constanze Kratel proposed a change to openstack/barbican: removed image files as they referred to internal architecure https://review.openstack.org/119932 | 21:35 |
| reaperhulk | if they do that then it will break some shit | 21:35 |
| reaperhulk | I think there's even a comment to that exact effect in the api.conf :) | 21:35 |
| reaperhulk | pretty much https://review.openstack.org/#/c/120498/3/etc/barbican/barbican-api.conf ("must not be the same as HMAC label") | 21:36 |
| jvrbanac | reaperhulk, ok. Is there any benefit of adding safeguards against that? | 21:36 |
| reaperhulk | not particularly since the key would be ambiguous in the HSM too | 21:36 |
| reaperhulk | I'm not sure the HSM would even let you generate it | 21:36 |
| jvrbanac | reaperhulk, ok cool. I just thought I would ask. | 21:37 |
| *** alee_heading_hom has quit IRC | 21:37 | |
| reaperhulk | It's a fair question. We could add a check in the init to error if they're the same | 21:37 |
| jvrbanac | reaperhulk, I'm fine with either. In theory this is more of a deployer problem, so I'm not so concerned. | 21:40 |
| *** paul_glass has quit IRC | 21:40 | |
| *** jaosorior has quit IRC | 21:42 | |
| openstackgerrit | Constanze Kratel proposed a change to openstack/barbican: removed whitespace from pom.xml https://review.openstack.org/120161 | 21:44 |
| openstackgerrit | Constanze Kratel proposed a change to openstack/barbican: removed tenant id from code samples https://review.openstack.org/120163 | 21:44 |
| jvrbanac | reaperhulk, I +2'ed. If it becomes more of a concern we can address it then. | 21:47 |
| reaperhulk | ko, thanks for the review jvrbanac | 21:47 |
| *** atiwari has quit IRC | 21:50 | |
| *** SheenaG11 has quit IRC | 22:02 | |
| jvrbanac | woodster, you still around? | 22:27 |
| woodster | jvrbanac: yep | 22:28 |
| jvrbanac | woodster, do you mind approving Doug H's CRs in the barbican-specs repo? reaperhulk and myself already +2'ed them | 22:28 |
| openstackgerrit | Constanze Kratel proposed a change to openstack/barbican: removed tenant id from code samples https://review.openstack.org/120163 | 22:29 |
| jvrbanac | woodster, they are quite small | 22:32 |
| woodster | jvrbanac: will take a look | 22:33 |
| *** openstackgerrit has quit IRC | 22:38 | |
| *** openstackgerrit_ has joined #openstack-barbican | 22:39 | |
| *** openstackgerrit_ is now known as openstackgerrit | 22:40 | |
| *** gyee has quit IRC | 22:40 | |
| jvrbanac | woodster, I added in a link to the email from the dev list that talk about what this stuff is for | 22:41 |
| jvrbanac | ^in a comment | 22:41 |
| openstackgerrit | Constanze Kratel proposed a change to openstack/barbican: removed whitespace from pom.xml https://review.openstack.org/120161 | 22:43 |
| openstackgerrit | Constanze Kratel proposed a change to openstack/barbican: removed tenant id from code samples https://review.openstack.org/120163 | 22:43 |
| *** ayoung has quit IRC | 22:45 | |
| *** alee_heading_hom has joined #openstack-barbican | 22:48 | |
| Constanze | <jvrbanac> thanks for reviewing my CR's. I went ahead and addressed all of them | 22:49 |
| openstackgerrit | Adam Harwell proposed a change to openstack/python-barbicanclient: Add Containers to python-barbicanclient https://review.openstack.org/113393 | 23:06 |
| openstackgerrit | Adam Harwell proposed a change to openstack/python-barbicanclient: Change object __str__() to use pretty formatting https://review.openstack.org/118494 | 23:06 |
| rm_work | redrobot: change made to remove type | 23:06 |
| rm_work | bbl, please leave reviews :) | 23:06 |
| *** SheenaG1 has joined #openstack-barbican | 23:28 | |
| *** arunkant_work has quit IRC | 23:29 | |
| *** SheenaG11 has joined #openstack-barbican | 23:30 | |
| *** SheenaG1 has quit IRC | 23:32 | |
| *** jorge_munoz has quit IRC | 23:48 | |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!