Friday, 2014-12-05

« Thursday, 2014-12-04 Index Saturday, 2014-12-06 »
*** JeffF has quit IRC00:03
*** bdpayne_ has joined #openstack-barbican00:03
*** bdpayne has quit IRC00:05
*** dimtruck is now known as zz_dimtruck00:17
*** openstackgerrit has quit IRC00:18
*** openstackgerrit has joined #openstack-barbican00:19
*** lordbyron820 has joined #openstack-barbican00:21
*** lordbyron820 has quit IRC00:25
*** kebray has quit IRC00:28
*** crc32 has quit IRC00:31
*** bdpayne_ has quit IRC00:37
openstackgerritMerged openstack/barbican: Updated from global requirements  https://review.openstack.org/13922400:53
openstackgerritgreghaynes proposed openstack/python-barbicanclient: Correctly set pbr version name  https://review.openstack.org/13929200:58
greghaynes^ is a pretty embarassing bug in that pip install python-barbicanclient currently fails with a traceback :)00:59
greghaynessorry, the pip install doesnt fail, running barbican after pip installing fails00:59
greghaynesSo, im hoping to use barbican to do some snakeoil CA/Cert generation and storage for tripleo. I spoke with someone at the summit who indicated that there was some kind of 'admin API' which might need a little bit of work but is a good way to do that01:07
greghaynesany tips on where I should be looking for this?01:07
greghaynesAlso, does a client exist yet for this?01:07
*** stanzi has joined #openstack-barbican02:09
*** stanzi has quit IRC02:10
*** stanzi has joined #openstack-barbican02:11
*** stanzi has quit IRC02:12
*** zz_dimtruck is now known as dimtruck02:39
*** ryanpetrello has quit IRC02:40
*** ryanpetrello has joined #openstack-barbican02:43
*** bubbva has quit IRC03:08
*** gyee has quit IRC03:25
*** bubbva has joined #openstack-barbican03:27
*** rm_you has joined #openstack-barbican03:33
*** rm_you has quit IRC03:33
*** rm_you has joined #openstack-barbican03:33
openstackgerritJeremy Stanley proposed openstack/barbican: Workflow documentation is now in infra-manual  https://review.openstack.org/13930903:40
openstackgerritJeremy Stanley proposed openstack/barbican-specs: Workflow documentation is now in infra-manual  https://review.openstack.org/13931003:40
openstackgerritJeremy Stanley proposed openstack/castellan: Workflow documentation is now in infra-manual  https://review.openstack.org/13931103:40
openstackgerritJeremy Stanley proposed openstack/kite: Workflow documentation is now in infra-manual  https://review.openstack.org/13933503:42
openstackgerritJeremy Stanley proposed openstack/python-barbicanclient: Workflow documentation is now in infra-manual  https://review.openstack.org/13936803:44
*** kebray has joined #openstack-barbican03:49
openstackgerritJeremy Stanley proposed openstack/python-kiteclient: Workflow documentation is now in infra-manual  https://review.openstack.org/13937803:51
*** dave-mccowan has quit IRC04:52
*** dimtruck is now known as zz_dimtruck05:38
*** openstackgerrit has quit IRC06:49
*** openstackgerrit has joined #openstack-barbican06:49
*** tiger_toes has joined #openstack-barbican08:12
*** woodster_ has quit IRC08:30
*** tiger_toes has quit IRC09:01
*** mikedillion has joined #openstack-barbican12:55
*** woodster_ has joined #openstack-barbican13:00
*** dave-mccowan has joined #openstack-barbican13:11
*** mikedillion has quit IRC13:19
*** dave-mccowan_ has joined #openstack-barbican13:36
*** dave-mccowan has quit IRC13:37
*** dave-mccowan_ is now known as dave-mccowan13:37
*** miqui_ has joined #openstack-barbican14:04
*** mikedillion has joined #openstack-barbican14:45
*** SheenaG1 has joined #openstack-barbican14:57
*** SheenaG11 has joined #openstack-barbican15:04
*** SheenaG1 has quit IRC15:05
openstackgerritTim Kelsey proposed openstack/barbican: Adding client certificates to connection credentials  https://review.openstack.org/13521715:13
*** ryanpetrello has quit IRC15:21
*** kgriffs|afk is now known as kgriffs15:25
*** ryanpetrello has joined #openstack-barbican15:26
*** zz_dimtruck is now known as dimtruck15:30
*** kebray has quit IRC15:39
*** stanzi has joined #openstack-barbican15:40
*** JeffF has joined #openstack-barbican15:54
alee_dave-mccowan, ping16:00
dave-mccowanalee_ pong16:01
alee_dave-mccowan, correct me if I'm wrong, but it seems to me that neither cmc nor rfc 7030 have any fields for a requestor to provide contact information (ie. email address, phone number ) for the requestor?16:02
*** stanzi has quit IRC16:02
dave-mccowanalee_, the RFC allows for a preamble section that can contain this.  There is an example in appendix A.4.16:05
alee_dave-mccowan, ok - so there are no specific fields defined ..16:07
alee_dave-mccowan, I'm curious how that information would be passed from an EST RA to a CA16:08
alee_given that it has no defined format16:08
*** stanzi has joined #openstack-barbican16:08
alee_might be something to think about to improve the RFC16:08
*** kebray has joined #openstack-barbican16:09
dave-mccowanalee_, good question.  i'll ask the author if he has thought of this.16:09
alee_dave-mccowan, thanks16:09
*** kebray has quit IRC16:17
*** stanzi has quit IRC16:21
alee_dave-mccowan, did you get that list of ca's that support cmc?16:27
dave-mccowanalee_, i asked some folks who have looked into it.  they said it was a complicated question.  for example, Microsoft uses CMC, but they use a proprietary transport.  so, even among CAs that use CMC, it will not be plug and play.16:29
alee_dave-mccowan, yup understood16:29
SheenaG11woodster_, redrobot: stand up?16:30
redrobotSheenaG11 yep, booting up Mumble16:30
alee_dave-mccowan, that kind of complication would have to be handled by the backend plugin16:30
*** kebray has joined #openstack-barbican16:34
openstackgerritAde Lee proposed openstack/barbican-specs: Add Cert API Spec.  https://review.openstack.org/13549016:38
alee_woodster_, rellerreller, reaperhulk , redrobot , dave-mccowan , rm_work , chellygel , jvrbanac - latest version of the cert api spec based on feedback yesterday.16:39
rm_workk16:39
alee_lets see if we can put this one to bed today ..16:40
rm_workno objections here, looks pretty good16:47
alee_rm_work, cool beans thanks16:47
*** kebray has quit IRC16:48
alee_rm_work, take a look at https://review.openstack.org/#/c/129048 and see if it works for you as well.16:52
*** stanzi has joined #openstack-barbican16:56
*** kebray has joined #openstack-barbican17:09
openstackgerritAde Lee proposed openstack/barbican-specs: Spec for identifying CAs  https://review.openstack.org/12904817:13
*** stanzi has quit IRC17:14
alee_woodster_, rellerreller, jvrbanac , rm_work , dave-mccowan , chellygel , reaperhulk , redrobot - updated spec for identifying ca's based on comments yesterday.17:14
rm_workcommenting17:15
rm_workdamnit17:15
alee_those two specs should cover the basic cert API17:15
rm_workwell17:15
rm_workcommenting on the previous patchset17:15
alee_rm_work, sorry :/17:15
rm_work>_<17:15
*** SheenaG11 has quit IRC17:16
rm_workposted17:16
rm_worki guess I'll read the new one to see if you already addressed any of my comments17:16
rm_workthough if you want to read my comments it might be easier for you to say immediately whether you did or not :)17:17
rm_workalee_: ^^17:17
alee_rm_work, reading -- I did address some of them17:18
alee_rm_work, looking at the rest ..17:18
rm_workheh first time https://review.openstack.org/#/c/129048/2..3/specs/kilo/identify-cas.rst has actually been helpful17:20
rm_work(changing the base)17:20
alee_:)17:20
rm_workso yeah, POST /cas/{ca_id}/unset-preferred doesnt make sense now17:21
alee_rm_work, agreed.17:21
alee_rm_work, woodster_ - I'm not a database guy -- so I think I need woodster_ to comment on the other suggestions.17:21
rm_workyeah, I used to do a lot of DB work at my last job, and we did the sort of thing I am suggesting *a lot*17:22
alee_ie. the unique table for hard enforcement, and the key value pair thing17:22
rm_workbecause AFAIK storing blobs in a DB is an absolute last resort17:22
alee_I know we did that for secrets -> secret metadata17:23
rm_workbut people here tend to not care as much it seems <_<17:23
rm_workor maybe my view is outdated17:23
rm_workI used to work with SAP / ABAP, so everything else was definitely outdated :P17:23
alee_rm_work, I think your view is reasonable -- but I'll defer to the real DB folks.17:24
alee_woodster_, redrobot , jvrbanac ^^17:24
* rm_work is currently fighting against JSON BLOB storaging in his own project, too17:24
*** mikedillion has quit IRC17:24
alee_rm_work, can you add your remaining comments to the new patchset for convenience ?17:24
rm_workerr, apparently storage + storing = storaging :P17:24
rm_workheh, I can try to pick things out17:25
alee_thanks!17:25
*** mikedillion has joined #openstack-barbican17:25
rm_workk yeah moving them all17:26
rm_workdon't comment on them in the last patchset :P17:26
alee_rm_work, cool - thanks17:31
*** kgriffs is now known as kgriffs|afk17:31
rm_workalee_: ok, published new comments17:35
rm_workplease read/comment on those instead :)17:36
*** mikedillion has quit IRC17:40
*** ayoung has quit IRC17:44
*** ayoung has joined #openstack-barbican18:20
alee_rm_work, thanks - will comment18:23
*** gyee has joined #openstack-barbican18:25
*** stanzi_ has joined #openstack-barbican18:27
*** kgriffs|afk is now known as kgriffs18:31
*** gyee has quit IRC18:35
alee_rm_work, thanks - commented18:37
*** gyee has joined #openstack-barbican18:38
*** gyee has quit IRC18:38
*** gyee has joined #openstack-barbican18:39
*** kgriffs is now known as kgriffs|afk18:42
*** paul_glass has joined #openstack-barbican18:54
*** stanzi_ has quit IRC19:05
*** stanzi has joined #openstack-barbican19:15
*** mikedillion has joined #openstack-barbican19:17
*** SheenaG1 has joined #openstack-barbican19:24
*** ayoung has quit IRC19:25
*** SheenaG11 has joined #openstack-barbican19:26
*** lordbyron820 has joined #openstack-barbican19:27
*** SheenaG1 has quit IRC19:29
*** kgriffs|afk is now known as kgriffs19:33
*** gyee has quit IRC19:34
SheenaG11reaperhulk: ping19:34
alee_woodster_, ?19:41
*** bdpayne has joined #openstack-barbican19:41
alee_redrobot, woodster_ when a secret is created, do we store the creator userid by default with the secret entry?19:42
*** ayoung has joined #openstack-barbican19:59
*** darrenmoffat has quit IRC20:15
*** darrenmoffat has joined #openstack-barbican20:16
*** crc32 has joined #openstack-barbican20:44
*** kebray has quit IRC20:45
redrobotalee_ I don't think so, I think we only store the project ID20:47
*** stanzi has quit IRC20:48
*** kebray has joined #openstack-barbican20:49
*** stanzi has joined #openstack-barbican20:51
*** david-lyle has joined #openstack-barbican20:56
openstackgerritJeff Fischer proposed openstack/barbican: initial commit for DigiCert Barbican plugin  https://review.openstack.org/13819920:58
*** mikedillion has quit IRC21:03
*** JeffF has quit IRC21:07
*** JeffF has joined #openstack-barbican21:14
alee_JeffF, ping21:18
JeffFalee_: hey21:19
alee_JeffF, hey -- saw you put up a CR for digicert21:19
JeffFyes21:19
alee_does DigiCert accept CMC requests?21:19
JeffFyes we can21:20
alee_cool - you should take a look at https://review.openstack.org/13549021:20
JeffFI don't know that we have before, but I talked with our CA developer the other day and he verified that we can21:20
alee_and https://review.openstack.org/12904821:21
alee_proposed common api for certs21:21
JeffFoh, good.21:21
JeffFI would love any and all information about this.21:21
alee_JeffF, yeah - please comment and +1/-121:22
JeffFCMC requests will be the method used for the common API?21:22
alee_JeffF, yup - we'll still have the order interface - but it will use cmc as the vechicle21:24
alee_vehicle ..21:24
*** stanzi has quit IRC21:24
JeffFok, I'll start reviewing and digesting this.21:25
alee_JeffF, thanks21:26
*** bubbva has quit IRC21:55
*** stanzi_ has joined #openstack-barbican21:55
*** gyee has joined #openstack-barbican22:03
*** stanzi_ has quit IRC22:04
*** ryanpetrello_ has joined #openstack-barbican22:06
*** ryanpetrello has quit IRC22:06
*** ryanpetrello_ is now known as ryanpetrello22:06
*** ryanpetrello has quit IRC22:14
*** lordbyron8201 has joined #openstack-barbican22:24
*** JeffF has quit IRC22:25
*** lordbyron8201 has quit IRC22:28
*** lordbyron8201 has joined #openstack-barbican22:31
*** dave-mccowan has quit IRC22:33
*** paul_glass has quit IRC22:53
*** lordbyron8201 has quit IRC22:55
openstackgerritMerged openstack/barbican: Add functional tests for order  https://review.openstack.org/13615523:02
openstackgerritMerged openstack/barbican: Workflow documentation is now in infra-manual  https://review.openstack.org/13930923:07
*** jorge_munoz has quit IRC23:27
*** kgriffs is now known as kgriffs|afk23:27
« Thursday, 2014-12-04 Index Saturday, 2014-12-06 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!