Wednesday, 2014-10-08

« Tuesday, 2014-10-07 Index Thursday, 2014-10-09 »
*** gyee has quit IRC00:20
*** zz_dimtruck is now known as dimtruck00:26
*** juantwo_ has joined #openstack-barbican00:31
*** juantwo_ has quit IRC00:32
*** juantwo_ has joined #openstack-barbican00:32
*** juantwo has quit IRC00:33
*** dimtruck is now known as zz_dimtruck01:00
*** jamielennox has joined #openstack-barbican01:54
*** zz_dimtruck is now known as dimtruck02:06
*** kebray has joined #openstack-barbican02:09
*** kebray has quit IRC02:09
*** kebray has joined #openstack-barbican02:10
*** woodster_ has quit IRC02:21
*** ryanpetrello has quit IRC03:14
*** ryanpetrello has joined #openstack-barbican03:15
*** dimtruck is now known as zz_dimtruck03:21
*** kebray has quit IRC03:28
*** kebray has joined #openstack-barbican03:33
*** kebray has quit IRC03:40
*** kebray has joined #openstack-barbican03:40
*** ajc_ has joined #openstack-barbican03:50
*** juantwo_ has quit IRC04:49
*** zz_dimtruck is now known as dimtruck05:03
*** jamielennox has quit IRC05:29
*** kebray has quit IRC05:34
*** ajc_ has quit IRC05:36
*** jamielennox has joined #openstack-barbican05:40
*** rm_you| has joined #openstack-barbican05:56
*** rm_you|wtf has quit IRC06:00
*** dimtruck is now known as zz_dimtruck06:37
*** jaosorior has joined #openstack-barbican09:44
openstackgerritJuan Antonio Osorio Robles proposed a change to openstack/barbican: Delete usage-indications from the model docstrings  https://review.openstack.org/12505009:46
*** openstack has joined #openstack-barbican14:12
*** rtom has joined #openstack-barbican14:13
*** openstackstatus has joined #openstack-barbican14:13
*** ChanServ sets mode: +v openstackstatus14:13
*** JeffF has joined #openstack-barbican14:17
*** kebray has quit IRC14:18
*** juantwo has quit IRC14:19
*** juantwo has joined #openstack-barbican14:20
*** tdink_ has joined #openstack-barbican14:24
*** tdink has quit IRC14:25
*** tdink_ has quit IRC14:28
*** tdink has joined #openstack-barbican14:28
*** ametts has joined #openstack-barbican14:30
*** zz_dimtruck is now known as dimtruck14:36
*** paul_glass has quit IRC14:59
*** joesavak has quit IRC15:01
*** dimtruck is now known as zz_dimtruck15:03
*** zz_dimtruck is now known as dimtruck15:05
*** joesavak has joined #openstack-barbican15:30
*** juantwo has quit IRC15:56
*** juantwo has joined #openstack-barbican15:58
*** juantwo has quit IRC16:03
*** juantwo has joined #openstack-barbican16:03
*** arunkant_work has joined #openstack-barbican16:14
*** woodster_ has joined #openstack-barbican16:16
*** kebray has joined #openstack-barbican16:24
arunkant_workwoodster_, redrobot: Does this require more review https://review.openstack.org/#/c/110817/ before it can be merged?16:25
*** tdink_ has joined #openstack-barbican16:26
*** tdink has quit IRC16:28
*** juantwo has quit IRC16:45
*** juantwo has joined #openstack-barbican16:50
*** jraim has joined #openstack-barbican17:03
woodster_arunkant_work: not from me :)  I'll try to get ahold of redrobot for review though17:16
*** mkam has joined #openstack-barbican17:19
*** alee_afk is now known as alee17:35
*** kebray_ has joined #openstack-barbican17:35
*** kebray has quit IRC17:38
*** jsavak has joined #openstack-barbican17:46
*** kgriffs is now known as kgriffs|afk17:46
*** joesavak has quit IRC17:49
redrobotarunkant_work merged.  Thanks for being so patient with this CR17:55
openstackgerritA change was merged to openstack/barbican: Adding keystone notification listener support  https://review.openstack.org/11081718:09
openstackgerritA change was merged to openstack/barbican: Delete usage-indications from the model docstrings  https://review.openstack.org/12505018:09
rm_workwill you look at that, jaosorior and woodster_ have both given me positive reviews on https://review.openstack.org/#/c/124889/18:12
rm_workawesome18:12
rm_workseems like it'd just require a couple of others now :)18:12
redrobotrm_work I'm on it18:14
rm_work:P18:14
*** jaosorior has quit IRC18:23
*** jaosorior has joined #openstack-barbican18:29
*** jsavak has quit IRC18:31
*** joesavak has joined #openstack-barbican18:32
*** kgriffs|afk is now known as kgriffs18:35
*** gyee has joined #openstack-barbican18:41
*** kgriffs is now known as kgriffs|afk18:45
*** tdink_ has quit IRC18:47
*** bubbva has quit IRC18:56
*** bubbva has joined #openstack-barbican18:56
hockeynutrm_work - code looks good, a few comments on the comments.  if you're going to push up another changeset then feel free to handle 'em :-)18:58
rm_worklol nice, love comment/docstring typods18:59
rm_work*typos18:59
rm_workI18:59
rm_work*I'll do those if people promise to look at it again soon :P18:59
redrobotrm_work so hopeful that people are actually looking at his code...19:00
rm_workhockeynut: what would the docstring for "payload_content_type" be? "The content type for the payload"? :P19:02
rm_workoh, "Content type to use for payload decryption"?19:02
hockeynuteither of them are ok - we were just missing that 1 parameter19:03
hockeynut"content type for people who are into that sort of thing" :-)19:03
rm_workalso, for docstrings, which is correct: no blank line before text, or one blank before text?19:03
rm_workIE:19:03
rm_work"""Firstline19:03
rm_work"""19:04
rm_workFirstline19:04
rm_workright now it's mixed19:04
redrobotno blank line for single line docstring19:12
redrobotblank line for a multiline docstring19:12
redrobotI _think_19:12
dolphmso, how scary would it be if barbican got a read hit for every request into OpenStack, and at every service-to-service boundary?19:13
dolphmfor every HTTP request crossing a service-to-service boundary*19:14
reaperhulkhow scary is it to have a distributed service oriented architecture that has a centralized dependency that must be bigger than all other services combined? (I would say that's very scary)19:14
reaperhulkI suppose as a former keystone PTL such critical path dependencies are not new to you though :)19:15
*** paul_glass has joined #openstack-barbican19:16
dolphmyeah... i'm staring down a long dark path at the moment19:17
openstackgerritAdam Harwell proposed a change to openstack/python-barbicanclient: Fix consistency between Order/Secret/Container  https://review.openstack.org/12488919:19
rm_workhockeynut: addressed and more :)19:20
rm_workfixed some more inconsistencies19:20
rm_work(in docstrings)19:20
rm_workwoodster_: re-re-re-re-re-review :)19:20
hockeynutsweet!19:20
hockeynutwoodster_ you stutter when you type19:20
* redrobot flips table19:20
redrobotI was about to +2, now I have to start over19:20
rm_workredrobot: :P19:20
redrobotrm_work It's actually looking pretty nice19:21
rm_workredrobot: you should have told hockeynut to knock it off before he brought that to my attention :P19:21
hockeynut(running and hiding)19:21
redrobotmy only beef is that exceptions from 400s don't include the returned error string.  Not a big deal though, I can add that functionality later.19:21
rm_workhmm19:21
rm_workyes, well19:21
rm_workexceptions in general are screwed right now if it comes from the server19:21
rm_workbecause I have NO earthly idea what the message is19:22
rm_workbecause the keystone layer eats it and throws its own exception19:22
rm_workif you're talking about what I think you're talking about19:22
rm_workI thought *you* were looking at fixing that particular issue :)19:23
redrobotI'm just having to refer to barbican logs to figure out why the 400s are being thrown... would be nicer if we actually told the client how the fubared it... but yeah, not going to make you do that for this patch19:23
rm_workyeah, because I don't even know, I have to infer what the issue probably is based on where in the sequence the exception happened19:24
rm_worksince all I get is a generic exception raised from the middleware layer not being able to parse the real error that came back19:24
rm_workbecause it expects Keystone's error format19:24
rm_workagain, that's if you're talking about what I think you're talking about19:25
*** tdink has joined #openstack-barbican19:29
*** kgriffs|afk is now known as kgriffs19:29
*** mkam has left #openstack-barbican19:34
*** tdink has quit IRC19:45
*** tdink has joined #openstack-barbican19:46
*** jsavak has joined #openstack-barbican19:47
*** joesavak has quit IRC19:49
*** tdink has quit IRC19:50
*** tdink has joined #openstack-barbican19:50
openstackgerritA change was merged to openstack/python-barbicanclient: Remove code from oslo-incubator  https://review.openstack.org/12631620:10
*** tdink has quit IRC20:11
*** tdink has joined #openstack-barbican20:12
rm_workwoodster_: gotta get me some more of that +2 lovin'20:21
*** paul_glass has quit IRC20:25
*** dimtruck is now known as zz_dimtruck20:31
*** kebray_ has quit IRC20:32
*** jaosorior has quit IRC20:33
*** paul_glass has joined #openstack-barbican20:37
*** zz_dimtruck is now known as dimtruck20:46
*** kebray has joined #openstack-barbican20:49
*** dimtruck is now known as zz_dimtruck20:57
openstackgerritChristian Berendt proposed a change to openstack/barbican: Remove extraneous vim editor configuration comments  https://review.openstack.org/12702021:03
*** juantwo has quit IRC21:04
*** zz_dimtruck is now known as dimtruck21:09
*** paul_glass has quit IRC21:14
JeffFI'm not sure who to ask this question to, so my apologies for the broadcast, but again, I'm a dev for DigiCert building the plugin and I'm wondering about the method supports(self, certificate_spec) in certificate_manager.py.  What is certificate_spec and how will this method be used?21:18
*** jsavak has quit IRC21:21
*** alee has quit IRC21:24
*** alee has joined #openstack-barbican21:27
aleeJeffF, did you see my response?21:27
JeffFalee: no21:27
*** tdink has quit IRC21:27
aleealee> JeffF, the idea of supports() is to determine whether or not the cert plugin supports the relevant cert request21:27
alee<alee> right now its passed in the metadata that was passed into the order21:27
alee<alee> as we standardize the interface, we'll flesh out exactly whats in there.21:27
alee<alee> but for example, a particular cert plugin might or might not support certs with ECC keys for instance.21:27
JeffFalee: ok.  Is there a definition for how it looks now, the types of certs that will be requested, or is that still being figured out?21:29
aleeanyways what is going to be available to differentiate on is not yet well defined.  but the idea is to return whether or not the cert_plugin supports the request (True or False)21:29
aleethats still being worked out21:30
JeffFalee: great.  ok.  Thanks!21:30
JeffFalee: I'll just return true for now I guess then21:30
*** akoneru has quit IRC21:30
aleewhat you can do now is pass in the parameters specific to your ca21:30
JeffFspecific for each type of cert?21:30
aleeeventually we'll want to add some parameter to allow the user to select a ca potentially21:31
JeffFyeah21:31
aleeJeffF, or maybe a SKI (signing key identifier)21:32
aleeyou recall the sample json I sent you ?  that had param that were specific to dogtag21:32
JeffFyes21:32
aleeifyou look in symantec, they are looking for params specific to them21:32
JeffFI have put in our specific params and even started a rudimentary mapper expecting that there will be a generic interface of attributes that will come through one day and I'll need to map those to fit our api21:33
aleeanyways - supports() will make a lot more sense when a) we add ability to select ca  b) we have a standard interface21:33
JeffFalee: ok, that makes sense to me, yes.21:34
aleefr now, I think dogtag just returns true.21:34
aleeprob same for symantec21:34
JeffFso does the symantec plugin21:34
JeffFyes21:34
JeffFI'll do the same for now21:34
JeffFalee: so to try this out in barbican, I should copy out the symantec and dogtag plugins, copy in my new plugin and then by sending a request to the orders resource, I should hit my plugin?21:34
aleewell there is config in barbican-api.conf21:35
JeffFoh, ok21:35
aleeyou want to add something like this --21:36
alee[certificate]21:36
aleenamespace = barbican.certificate.plugin21:36
aleeenabled_certificate_plugins = dogtag21:36
JeffFthere is one in /etc/init and /etc/barbican21:36
aleein /etc/barbican21:36
JeffFok21:36
JeffFdoes that name match up with the filename?21:37
JeffFso if I specify enabled_certificate_plugins = digicert, my plugin would be named digicert.py?21:37
aleeno - there is a file ..21:37
*** tdink has joined #openstack-barbican21:38
aleesetup.cfg21:38
rm_workAGH21:38
rm_workrebase time T_T21:38
aleeJeffF, where all the plugin entry points are defined21:39
aleeso under [entry points]21:39
aleedogtag = barbican.plugin.dogtag:DogtagCAPlugin21:39
aleefor example ..21:39
JeffFthat must be this area?  barbican.certificate.plugin =21:39
JeffF    simple_certificate = barbican.plugin.simple_certificate_manager:SimpleCertificatePlugin21:39
JeffF    symantec = barbican.plugin.symantec:SymantecCertificatePlugin21:39
JeffF    dogtag = barbican.plugin.dogtag:DogtagCAPlugin21:39
aleeyup21:39
aleeso add one for digicert21:40
aleeand make sure its the only one enabled21:40
JeffFand it's enabled in the certificate section you mentioned above, correct?21:41
aleeyup21:41
JeffFin barbican-api.conf21:41
*** kebray has quit IRC21:41
aleeexactly21:41
JeffFok, cool.  anything else I should know?21:42
aleeI'm not sure :)21:42
JeffFalee: well, here goes with my first test then.  wish me luck! ;-)21:42
aleejust keep asking questions when you get stuck :)21:43
JeffFalee: thanks so much!21:43
aleenp21:43
openstackgerritAdam Harwell proposed a change to openstack/python-barbicanclient: Fix consistency between Order/Secret/Container  https://review.openstack.org/12488921:45
rm_workwoodster_: redrobot: moar +221:45
redrobotrm_work dagnabbit21:46
rm_workforced to rebase because of that oslo CR merging T_T21:46
redrobotrm_work this is why I don't like gerrit dependency chains -___-21:46
rm_workmine was on master :P21:46
rm_workand they're super easy to manage, I can come show you if you want :P21:46
rm_workI am handling a 6-long chain in neutron-lbaas21:47
openstackgerritDouglas Mendizábal proposed a change to openstack/python-barbicanclient: Remove outdated examples  https://review.openstack.org/12703521:54
*** jkf has joined #openstack-barbican21:56
* rm_work prods redrobot and woodster_ again for +2s21:56
redrobotrm_work trade you for a +1 https://review.openstack.org/#/c/127035/121:58
rm_workwhelp, that's an easy one22:00
rm_work0 lines of code to review :P22:00
rm_workwoodster_, give a brother some sweet sweet +2 love22:01
*** tdink has quit IRC22:03
*** tdink has joined #openstack-barbican22:03
redrobotrm_work looksl ike woodster_ is deep in the rabbit hole.22:07
*** nkinder has quit IRC22:10
rm_workT_T22:12
rm_workjvrbanac: got any +2s in ya today?22:12
*** kebray has joined #openstack-barbican22:27
*** dimtruck is now known as zz_dimtruck22:27
*** kebray has quit IRC22:27
*** nkinder has joined #openstack-barbican22:27
*** kebray has joined #openstack-barbican22:28
*** juantwo has joined #openstack-barbican22:30
*** juantwo has quit IRC22:30
*** juantwo has joined #openstack-barbican22:31
*** kgriffs is now known as kgriffs|afk22:39
*** ayoung has quit IRC22:40
*** tdink has quit IRC22:40
*** tdink has joined #openstack-barbican22:48
*** rtom has quit IRC22:54
*** kgriffs|afk is now known as kgriffs22:58
*** tdink has quit IRC22:58
*** kgriffs is now known as kgriffs|afk23:08
*** jorge_munoz has quit IRC23:13
*** JeffF has quit IRC23:25
*** jkf has quit IRC23:34
*** arunkant_work has quit IRC23:42
*** nkinder has quit IRC23:55
*** kgriffs|afk is now known as kgriffs23:59
« Tuesday, 2014-10-07 Index Thursday, 2014-10-09 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!