Friday, 2015-01-23

« Thursday, 2015-01-22 Index Saturday, 2015-01-24 »
*** chlong has joined #openstack-barbican00:00
openstackgerritSteve Heyman proposed openstack/barbican: ** DO NOT MERGE **  https://review.openstack.org/14660800:02
*** dave-mccowan has joined #openstack-barbican00:07
*** dave-mccowan has quit IRC00:19
openstackgerritSteve Heyman proposed openstack/barbican: ** DO NOT MERGE **  https://review.openstack.org/14660800:28
openstackgerritMerged openstack/barbican: Fix 500 error when PUTing an order  https://review.openstack.org/12551600:33
*** jkf has quit IRC00:44
*** zz_dimtruck is now known as dimtruck00:44
*** dave-mccowan has joined #openstack-barbican00:54
*** kgriffs is now known as kgriffs|afk01:05
*** sigmavirus24_awa is now known as sigmavirus2401:10
*** alee has joined #openstack-barbican01:48
*** atiwari has quit IRC02:09
*** dimtruck is now known as zz_dimtruck02:19
*** ayoung has quit IRC02:22
*** atiwari has joined #openstack-barbican02:39
*** woodster_ has quit IRC02:40
*** atiwari has quit IRC02:44
*** woodster_ has joined #openstack-barbican02:54
*** zz_dimtruck is now known as dimtruck03:04
*** dave-mccowan has quit IRC04:14
*** sigmavirus24 is now known as sigmavirus24_awa04:21
*** crc32 has joined #openstack-barbican04:31
openstackgerritOpenStack Proposal Bot proposed openstack/python-barbicanclient: Updated from global requirements  https://review.openstack.org/14948204:37
*** woodster_ has quit IRC05:00
*** woodster_ has joined #openstack-barbican05:13
*** dimtruck is now known as zz_dimtruck05:28
*** crc32 has quit IRC05:45
*** Nirupama has joined #openstack-barbican05:49
*** chlong has quit IRC05:54
*** jamielennox is now known as jamielennox|away06:00
*** chlong has joined #openstack-barbican06:01
*** jamielennox|away is now known as jamielennox06:02
*** jamielennox is now known as jamielennox|away06:04
*** woodster_ has quit IRC07:20
*** chlong has quit IRC08:14
*** jaosorior has joined #openstack-barbican10:14
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Fix content type validation if missing payload  https://review.openstack.org/14957011:12
openstackgerritTim Kelsey proposed openstack/barbican-specs: Adding spec for Barbican MKEK Model.  https://review.openstack.org/14894811:14
openstackgerritJulien Danjou proposed openstack/barbican: Drop Python 2.6 support  https://review.openstack.org/14958511:35
*** chlong has joined #openstack-barbican11:51
*** tkelsey has joined #openstack-barbican11:54
jaosoriortkelsey11:59
tkelseyhey jaosorior :)12:00
jaosoriorThe versioning issue is something that was actually brought up last summit... But I remember there was no concrete solution proposed12:00
jaosoriorI think this should be taken up in the next weekly12:01
jaosoriorto see if we should come up with a solution for the versioning of plugins right now, or if your implementation should be a separate plugin completely12:01
tkelseyyeah, so I was actually thinking that this could be a new plugin rather then an incompatible enhancement of KMIPSecretStore, the HP ESKMs can store a _lot_ of keys so for some situations storing everything in the HSM may be desirable12:01
tkelseyhaving two plugins lets deployers pick, perhaps for compliance issues, and side steps the problem of versioning (at least for now)12:03
tkelseybut perhaps we should be thinking about that anyway12:03
jaosoriorindeed12:04
jaosoriorso, lets bring it up in the next weekly12:04
tkelseymake sense to me :)12:04
tkelseyi'll update the meeting agenda12:04
jaosoriorHere's the link https://wiki.openstack.org/wiki/Meetings/Barbican12:04
tkelseyawesome, thanks12:04
tkelseyso hows things anyway jaosorior?12:05
jaosoriorquite good man12:05
jaosoriorchilling out, working at a café12:06
jaosoriorgonna move to another place in a bit though12:06
jaosoriorthen a bar, most likely :P12:06
tkelseysounds nice :) Im quite looking forward to the weekend personally, flying back to Newcastle to see some friends12:06
tkelseyhaha good plan :)12:06
jaosoriornot bad!12:07
jaosoriorI need myself some travel, wanderlust is kicking in :P12:07
tkelsey:) got to be done12:08
tkelseyright, updated, should be an interesting discussion12:12
tkelseyso jaosorior, when I refer to you in comments how do you like to be address? as Juan or Juan Antonio or what?12:15
tkelseyjust think its polite to get it right :)12:15
jaosoriorHaha people usually call me Ozz12:16
tkelseyheh ok :) I'll do that than lol12:16
tkelseyso re your comment about HSMs for CI/CD HP is planning to make some ESKMs available for testing, we already got access for the JH guys to test PyKMIP12:19
tkelseynot sure of all the details, but there is a plan12:19
jaosoriorNiiiice12:26
jaosoriortkelsey: so wazzup man, gonna hit the barbican mid cycle?12:43
*** Nirupama has quit IRC12:48
*** woodster_ has joined #openstack-barbican12:52
tkelseyjaosorior: I would, but im at the OSSG mid-cycle so I cant make it in person :(12:55
jaosoriorFair enough. There is a section about barbican in the OSSG meeting, but I'm actually not sure how the collaboration will work regarding that12:56
tkelseyyeah, im not sure either, but it would be good if something gets worked out12:57
reaperhulkcc redrobot --^^^12:57
*** darrenmoffat has quit IRC13:37
*** darrenmoffat has joined #openstack-barbican13:38
*** dave-mccowan has joined #openstack-barbican13:55
jaosoriortkelsey: you around?13:56
tkelseyyo13:56
jaosoriorHave you tried the Beavertown 8 Ball IPA? (Just moved from the café to a bar)13:56
jaosoriorIt's damn good13:57
jaosoriorhockeynut: I haven't found much regarding the JSONDecoderError thingy, have you?13:57
tkelseyhaha :D no I dont think i have, I am still working my way through the Williams Bros stuff :)13:58
tkelseyI'll have to keep an eye out if it comes in as a guest ale somewhere :)13:58
tkelseythanks for the tip jaosorior :)13:59
reaperhulkso much opportunity for micro optimization in this experiment...must resist14:04
jaosoriorreaperhulk: what experiment?14:06
reaperhulkI'm replacing PyKCS1114:06
reaperhulkin the pkcs11 plugin14:06
reaperhulkwith a cffi implementation that doesn't infuriate me.14:07
reaperhulk(and should fix some race condition issues we're seeing in our testing)14:07
reaperhulkI am resisting the urge to do things like reuse the plaintext char buffers to write ciphertext to gain efficiency for now14:07
reaperhulkOnce this is all working the way I want I'll figure out how much optimization is worth doing14:08
jaosoriorI'm not acquainted at all with cffi, mind sending a link?14:09
reaperhulkhttps://cffi.readthedocs.org14:09
reaperhulkIt's by far the best way to do C FFI from Python14:10
reaperhulk(it's the core of how we do things in https://github.com/pyca/cryptography as well)14:10
tkelseyhaving played with it extending pyca/cryptography X509 stuff, I totally agree with reaperhulk14:11
reaperhulktkelsey: next release of cryptography will have subject/issuer DN parsing and maybe one or two other X509 features. Not sure yet. Still a ways until we have hazmat interfaces for certificate generation though (although let's encrypt wants that now as well)14:12
tkelseyreaperhulk: awesome :) longterm we plan to move over Anchor to using all cryptography stuff and kill our internal stuff off14:13
tkelseyI'll look forward to the new version landing14:14
*** rellerreller has joined #openstack-barbican14:18
reaperhulk0.8 should be mid-Feb. A bit delayed since I'll be on vacation first week of February14:19
tkelseysounds good :) though I'll be at some state-side meeting and the OSSG mid cycle then, so probs pick it up end of Feb14:20
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Fix content type validation if missing payload  https://review.openstack.org/14957014:23
hockeynutjaosorior yes, its solved.  putting up the CR now14:32
reaperhulkhockeynut: you working from home today?14:32
jaosorioroooh dude, nice!14:33
jaosoriorYou have earned yourself a beer14:33
*** hyakuhei has joined #openstack-barbican14:33
hockeynutreaperhulk yes.  combine Friday and rain and its the defintion of WFH14:34
reaperhulkheh14:34
reaperhulkwe'll see who comes in today. I am here because I wanted to work on the cffi stuff. I'm pretty much to the point where I could test in staging14:35
hockeynutawesome.  This is the 5% issue?14:35
reaperhulkyep14:36
reaperhulkthe code I have to test is a prototype that replaces all of pykcs1114:36
hockeynutwow14:36
reaperhulk+413 -182 bleh14:37
*** ayoung has joined #openstack-barbican14:45
*** chlong has quit IRC14:54
*** lisaclark1 has joined #openstack-barbican14:54
*** hyakuhei has left #openstack-barbican14:57
*** lisaclark1 has quit IRC14:59
*** lisaclark1 has joined #openstack-barbican15:11
*** tkelsey has quit IRC15:12
*** sigmavirus24_awa is now known as sigmavirus2415:12
*** SheenaG1 has joined #openstack-barbican15:12
*** lisaclark1 has quit IRC15:18
SheenaG1lisaclark: ping, where'd you go in the other channel?15:19
woodster_reaperhulk, hockeynut, sounds like progress for sure15:19
rellerrellerDoes anyone have the link for the mid-cycle details etherpad?15:19
jvrbanacrellerreller, https://wiki.openstack.org/wiki/Sprints/BarbicanKiloSprint15:21
jvrbanacrellerreller, they should be a link on there some where15:21
rellerrellerjvrbananac Thanks!15:21
jvrbanacrellerreller, last I checked, there wasn't much on there yet15:21
rellerrellerjvrbanac That's ok. I really just needed the location. I'm booking travel now.15:22
*** rtom has joined #openstack-barbican15:22
*** lisaclark1 has joined #openstack-barbican15:22
jvrbanacrellerreller, got it15:22
*** dstanek has left #openstack-barbican15:25
*** kebray has joined #openstack-barbican15:29
*** zz_dimtruck is now known as dimtruck15:33
*** paul_glass has joined #openstack-barbican15:46
woodster_alee, btw we'll be putting up a blueprint for an 'automatic' order type...one that generates the private key and CSR as part of the cert order process, so one step above the stored key mode.16:04
aleewoodster_, ok16:05
*** kgriffs|afk is now known as kgriffs16:13
*** rellerreller has quit IRC16:19
woodster_we still need to get plugin validation working on the API side...we had discussed in Paris but no action on that yet16:21
*** arunkant has joined #openstack-barbican16:23
*** dave-mccowan has quit IRC16:27
*** dave-mccowan has joined #openstack-barbican16:28
*** dave-mccowan has quit IRC16:29
*** david-lyle_afk is now known as david-lyle16:35
*** nkinder has quit IRC16:35
*** paul_glass has quit IRC16:37
aleewoodster_, plugin validation?16:37
woodster_alee, yep that's the ones. We discussed doing this in Paris but we probably need a blueprint to contend with that16:39
*** paul_glass has joined #openstack-barbican16:41
aleewoodster_, sorry -- so many blueprints -- what kind of validation are you talking about?16:41
woodster_alee, we had talked about letting plugins perform validation on the API nodes...so if a dogtag CA plugin is to be used to process a given cert order, it would have a chance to validate the order data first before the worker nodes are assigned to work the order16:45
aleewoodster_, ah right16:49
aleeyeah -we can talk about that further in Austin16:49
woodster_alee, is all that supports() vs validate() method funness coming back to you now?? :)16:49
aleeoh -- so much fun -- just as long as no one says "content types" ..16:51
woodster_alee, that's barbican's 'voldemort'!16:55
*** kgriffs is now known as kgriffs|afk17:04
*** SheenaG1 has quit IRC17:06
*** kgriffs|afk is now known as kgriffs17:07
*** SheenaG1 has joined #openstack-barbican17:08
*** lisaclark1 has quit IRC17:16
*** lisaclark1 has joined #openstack-barbican17:18
*** lisaclark1 has quit IRC17:19
*** lisaclark1 has joined #openstack-barbican17:23
*** jkf has joined #openstack-barbican17:31
*** paul_glass has quit IRC17:33
*** paul_glass has joined #openstack-barbican17:36
*** jaosorior has quit IRC17:44
*** lisaclark1 has quit IRC17:45
openstackgerritSteve Heyman proposed openstack/barbican: ** DO NOT MERGE **  https://review.openstack.org/14660817:56
openstackgerritSteve Heyman proposed openstack/barbican: Resolve intermittent HTTP 404 in devstack gate  https://review.openstack.org/14660817:59
openstackgerritSteve Heyman proposed openstack/barbican: Resolve intermittent HTTP 404 in devstack gate  https://review.openstack.org/14660818:01
openstackgerritSteve Heyman proposed openstack/barbican: Resolve intermittent HTTP 404 in devstack gate  https://review.openstack.org/14660818:02
hockeynutok, the fix is up for the intermittent http404 - have at it please!18:08
*** lisaclark1 has joined #openstack-barbican18:15
openstackgerritSteve Heyman proposed openstack/barbican: Include logging for barbican functional tests  https://review.openstack.org/14969718:15
reaperhulkjvrbanac you around?18:19
openstackgerritSteve Heyman proposed openstack/barbican: Resolve intermittent HTTP 404 in devstack gate  https://review.openstack.org/14660818:19
jvrbanacreaperhulk, yep18:19
reaperhulkguess what18:20
jvrbanacreaperhulk, what?18:20
reaperhulkwanna run gatling against keep-api-n01.dev.sat6.cidm.rackspace.net:9311 ?18:20
reaperhulkbecause it's all working18:21
*** SheenaG1 has left #openstack-barbican18:21
jvrbanack18:22
*** dave-mccowan has joined #openstack-barbican18:24
*** lisaclark1 has quit IRC18:29
*** lisaclark1 has joined #openstack-barbican18:33
openstackgerritOpenStack Proposal Bot proposed openstack/barbican: Updated from global requirements  https://review.openstack.org/14970418:40
*** atiwari has joined #openstack-barbican18:41
*** david-lyle has quit IRC18:46
*** kebray has quit IRC19:01
*** kebray has joined #openstack-barbican19:01
*** SheenaG1 has joined #openstack-barbican19:08
*** rellerreller has joined #openstack-barbican19:23
arunkantHi..is there a way to store secrets in barbican under a different project other than token's project ? Working on a Keystone spec where its Credential API is going to use Barbican / HSM for credential storage.19:28
arunkantSpec: https://review.openstack.org/#/c/148672/19:30
*** lisaclark2 has joined #openstack-barbican19:34
*** lisaclark1 has quit IRC19:37
*** lisaclark2 has quit IRC19:54
woodster_arunkant: currently there is no way to do so. Will take a look at the spec a bit later19:59
*** lisaclark1 has joined #openstack-barbican19:59
arunkantThanks woodster_ . Looking forward to your inputs on this as Keystone can become barbican client for its Keystone credential API functionality.20:28
*** SheenaG1 has quit IRC20:44
*** kebray has quit IRC21:00
*** samueldmq has quit IRC21:01
*** kebray has joined #openstack-barbican21:02
rellerrellerwoodster_ can you look at the content types spec when you get a chance? I have not received much feedback on it.21:05
openstackgerritMerged openstack/barbican: Resolve intermittent HTTP 404 in devstack gate  https://review.openstack.org/14660821:10
openstackgerritMerged openstack/barbican: Fix content type validation if missing payload  https://review.openstack.org/14957021:10
*** lisaclark1 has quit IRC21:20
*** kebray has quit IRC21:22
*** lisaclark1 has joined #openstack-barbican21:23
woodster_rellerreller, yeah, I've been behind on reviews21:37
openstackgerritMerged openstack/barbican: Drop Python 2.6 support  https://review.openstack.org/14958521:45
openstackgerritOpenStack Proposal Bot proposed openstack/barbican: Updated from global requirements  https://review.openstack.org/14970421:50
*** SheenaG1 has joined #openstack-barbican22:07
*** gyee has joined #openstack-barbican22:07
*** lisaclark1 has quit IRC22:11
*** rellerreller has quit IRC22:14
aleerm_work, ping22:15
*** chlong has joined #openstack-barbican22:25
*** SheenaG1 has quit IRC22:26
*** dave-mccowan has quit IRC22:29
*** SheenaG11 has joined #openstack-barbican22:32
*** kebray has joined #openstack-barbican22:54
*** rtom has quit IRC22:55
*** paul_glass has quit IRC22:57
*** SheenaG11 has quit IRC23:02
*** david-ly_ has joined #openstack-barbican23:07
openstackgerritVenkat Sundaram proposed openstack/barbican-specs: Add Quota support for Barbican resources  https://review.openstack.org/13209123:11
*** david-ly_ is now known as david-lyle23:11
*** gyee has quit IRC23:32
*** sigmavirus24 is now known as sigmavirus24_awa23:58
« Thursday, 2015-01-22 Index Saturday, 2015-01-24 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!