Wednesday, 2015-02-25

*** woodster_ has quit IRC		00:00
*** crc32 has quit IRC		00:11
*** woodster_ has joined #openstack-barbican		00:17
*** kebray has joined #openstack-barbican		00:18
*** kebray has quit IRC		00:21
*** kebray has joined #openstack-barbican		00:22
*** david-lyle is now known as david-lyle_afk		00:25
*** nkinder has joined #openstack-barbican		00:33
*** jkf has quit IRC		00:35
*** kgriffs\|afk is now known as kgriffs		00:35
*** jaosorior has quit IRC		00:41
*** kgriffs is now known as kgriffs\|afk		00:46
*** openstack has joined #openstack-barbican		01:11
*** mjg59 has quit IRC		01:16
*** elmiko has quit IRC		01:16
*** redrobot has quit IRC		01:16
*** morganfainberg has quit IRC		01:16
*** elmiko has joined #openstack-barbican		01:20
*** mjg59 has joined #openstack-barbican		01:20
*** redrobot has joined #openstack-barbican		01:20
*** morganfainberg has joined #openstack-barbican		01:20
*** sendak.freenode.net sets mode: +o redrobot		01:20
*** SheenaG1 has joined #openstack-barbican		01:29
*** SheenaG11 has quit IRC		01:32
*** gyee has quit IRC		01:35
*** mordred has quit IRC		01:35
*** anteaya has quit IRC		01:35
*** igueths has quit IRC		01:35
*** greghaynes has quit IRC		01:35
*** gyee has joined #openstack-barbican		01:39
*** igueths has joined #openstack-barbican		01:39
*** greghaynes has joined #openstack-barbican		01:39
*** mordred has joined #openstack-barbican		01:39
*** anteaya has joined #openstack-barbican		01:39
*** gyee has quit IRC		01:40
*** mordred has quit IRC		01:40
*** anteaya has quit IRC		01:40
*** igueths has quit IRC		01:40
*** greghaynes has quit IRC		01:40
*** david-lyle_afk has quit IRC		01:40
*** gyee has joined #openstack-barbican		01:41
*** igueths has joined #openstack-barbican		01:41
*** greghaynes has joined #openstack-barbican		01:41
*** mordred has joined #openstack-barbican		01:41
*** anteaya has joined #openstack-barbican		01:41
*** gyee has quit IRC		01:56
*** jamielennox is now known as jamielennox\|away		01:58
*** david-lyle_afk has joined #openstack-barbican		01:59
*** mjg59 has quit IRC		02:03
*** mjg59 has joined #openstack-barbican		02:04
*** jamielennox\|away is now known as jamielennox		02:06
*** david-lyle_afk has quit IRC		02:10
*** david-lyle_afk has joined #openstack-barbican		02:16
*** jamielennox is now known as jamielennox\|away		02:17
*** jamielennox\|away is now known as jamielennox		02:27
*** jamielennox is now known as jamielennox\|away		02:38
*** jamielennox\|away is now known as jamielennox		02:47
*** zz_dimtruck is now known as dimtruck		02:59
*** jamielennox is now known as jamielennox\|away		03:22
*** igueths has quit IRC		03:30
*** jamielennox\|away is now known as jamielennox		03:33
openstackgerrit	Jamie Lennox proposed openstack/python-barbicanclient: Convert CRUD tests to requests-mock https://review.openstack.org/148447	04:19
openstackgerrit	Jamie Lennox proposed openstack/python-barbicanclient: Convert CRUD tests to requests-mock https://review.openstack.org/148447	04:21
openstackgerrit	Jamie Lennox proposed openstack/python-barbicanclient: Additional requests-mock testing https://review.openstack.org/148449	04:28
openstackgerrit	Jamie Lennox proposed openstack/python-barbicanclient: Remove cyclical dependency https://review.openstack.org/148448	04:28
*** crc32 has joined #openstack-barbican		04:37
*** crc32 has quit IRC		04:44
*** dimtruck is now known as zz_dimtruck		04:51
*** kgriffs\|afk is now known as kgriffs		04:54
*** crc32 has joined #openstack-barbican		05:50
*** zz_dimtruck is now known as dimtruck		06:15
*** crc32 has quit IRC		06:20
*** dimtruck is now known as zz_dimtruck		06:25
*** kebray has quit IRC		07:57
*** woodster_ has quit IRC		08:30
*** jaosorior has joined #openstack-barbican		08:30
openstackgerrit	Juan Antonio Osorio Robles proposed openstack/barbican: Refactor Orders resource to use repository factories https://review.openstack.org/158802	09:13
openstackgerrit	Juan Antonio Osorio Robles proposed openstack/barbican: Enable secret decrypt through 'payload' resource https://review.openstack.org/157068	09:21
openstackgerrit	Juan Antonio Osorio Robles proposed openstack/barbican: Enable secret decrypt through 'payload' resource https://review.openstack.org/157068	09:40
*** kgriffs is now known as kgriffs\|afk		09:49
*** darrenmoffat1 has joined #openstack-barbican		10:03
*** darrenmoffat has quit IRC		10:03
*** kgriffs\|afk is now known as kgriffs		10:51
*** kgriffs is now known as kgriffs\|afk		11:01
*** jaosorior has quit IRC		12:01
*** woodster_ has joined #openstack-barbican		12:30
*** kgriffs\|afk is now known as kgriffs		12:40
*** kgriffs is now known as kgriffs\|afk		12:50
*** jaosorior has joined #openstack-barbican		12:55
openstackgerrit	Juan Antonio Osorio Robles proposed openstack/barbican: Enable secret decrypt through 'payload' resource https://review.openstack.org/157068	13:09
*** rellerreller has joined #openstack-barbican		13:50
*** SheenaG11 has joined #openstack-barbican		14:10
*** SheenaG1 has quit IRC		14:11
*** nkinder has quit IRC		14:18
*** kgriffs\|afk is now known as kgriffs		14:26
*** lisaclark1 has joined #openstack-barbican		14:30
*** kgriffs is now known as kgriffs\|afk		14:36
*** lisaclark1 has quit IRC		14:39
*** david-lyle_afk is now known as david-lyle		14:48
*** ametts has joined #openstack-barbican		14:58
*** lisaclark1 has joined #openstack-barbican		15:01
*** xaeth_afk is now known as xaeth		15:02
*** zz_dimtruck is now known as dimtruck		15:03
jaosorior	woodster_, tdink_, hockeynut, redrobot: I uploaded another patchset for the 'payload' resource adding https://review.openstack.org/157068 Nothing really changed in the code, I just ended up adding the APIImpact flag.	15:04
*** paul_glass has joined #openstack-barbican		15:05
jaosorior	redrobot: Also, I responded to your comment regarding the urljoin... And couldn't use it in that section of the code. due to that part not being an absolute url	15:05
*** openstackgerrit has quit IRC		15:08
*** openstackgerrit has joined #openstack-barbican		15:08
*** nkinder has joined #openstack-barbican		15:08
*** mordred has quit IRC		15:22
*** mordred has joined #openstack-barbican		15:22
*** lisaclark1 has quit IRC		15:26
*** kebray has joined #openstack-barbican		15:29
*** kebray has quit IRC		15:29
*** kebray has joined #openstack-barbican		15:30
*** lisaclark1 has joined #openstack-barbican		15:31
*** igueths has joined #openstack-barbican		15:33
*** kebray has quit IRC		15:36
*** kgriffs\|afk is now known as kgriffs		15:37
*** kgriffs is now known as kgriffs\|afk		15:46
*** kgriffs\|afk is now known as kgriffs		15:50
*** kgriffs is now known as kgriffs\|afk		15:51
*** lisaclark1 has quit IRC		16:06
*** dave-mccowan has joined #openstack-barbican		16:17
*** lisaclark1 has joined #openstack-barbican		16:18
*** kgriffs\|afk is now known as kgriffs		16:25
*** kgriffs is now known as kgriffs\|afk		16:27
*** dimtruck is now known as zz_dimtruck		16:27
*** kfox1111 has joined #openstack-barbican		16:27
*** alee has quit IRC		16:36
*** alee has joined #openstack-barbican		16:36
*** openstackstatus has joined #openstack-barbican		16:42
*** ChanServ sets mode: +v openstackstatus		16:42
*** lisaclark1 has quit IRC		16:42
*** rellerreller has quit IRC		17:16
*** lisaclark1 has joined #openstack-barbican		17:18
*** lisaclark1 has quit IRC		17:22
*** jamielennox is now known as jamielennox\|away		17:22
*** lisaclark1 has joined #openstack-barbican		17:22
*** jamielennox\|away is now known as jamielennox		17:30
*** crc32 has joined #openstack-barbican		17:31
*** igueths has quit IRC		17:33
*** jkf has joined #openstack-barbican		17:36
*** kgriffs\|afk is now known as kgriffs		17:37
kfox1111	so, is there ever a time when a container will have a secret on a uri other then the server hosting the container?	17:38
*** gyee has joined #openstack-barbican		17:38
*** lisaclark1 has quit IRC		17:39
*** zz_dimtruck is now known as dimtruck		17:40
*** jkf has quit IRC		17:42
*** jkf has joined #openstack-barbican		17:46
*** kgriffs is now known as kgriffs\|afk		17:47
*** rellerreller has joined #openstack-barbican		17:47
woodster_	kfox1111: not at this time and probably never, though federation might challenge this	17:49
woodster_	reaperhulk: redrobot fyi ^^^	17:50
kfox1111	k. just weirded out that the container requires a full url for a secret.	17:53
reaperhulk	Yeah we talked about this at the midcycle meetup and the consensus was we should explicitly require the same uri as the server.	17:54
kfox1111	hmm... k.	17:55
*** nkinder has quit IRC		17:56
kfox1111	can a secret be associated with multiple containers?	17:56
*** jamielennox is now known as jamielennox\|away		18:02
*** jamielennox\|away is now known as jamielennox		18:15
*** dimtruck is now known as zz_dimtruck		18:19
*** zz_dimtruck is now known as dimtruck		18:32
*** dimtruck is now known as zz_dimtruck		18:34
*** xaeth is now known as xaeth_afk		18:41
*** crc32 has quit IRC		18:43
*** crc32 has joined #openstack-barbican		18:50
woodster_	kfox1111: I believe	18:55
woodster_	It can be	18:55
*** dave-mccowan has quit IRC		18:56
*** kebray has joined #openstack-barbican		19:01
*** kgriffs\|afk is now known as kgriffs		19:05
*** kebray has quit IRC		19:07
*** zz_dimtruck is now known as dimtruck		19:08
*** kebray has joined #openstack-barbican		19:11
hockeynut	woodster_ that's interesting. If we do the "delete a secret when we delete the container" then we could end up with someone else's container having a stale reference	19:12
*** bdpayne has joined #openstack-barbican		19:14
*** lisaclark1 has joined #openstack-barbican		19:17
*** lisaclark1 has quit IRC		19:18
*** lisaclark1 has joined #openstack-barbican		19:19
*** lisaclark1 has quit IRC		19:24
*** kgriffs is now known as kgriffs\|afk		19:24
woodster_	hockeynut: that's probably true...containers are more of a loose grouping right now	19:24
hockeynut	yep	19:24
*** lisaclark1 has joined #openstack-barbican		19:25
hockeynut	so if you delete a secret then it could very well be in one (or more) containers - that's an interesting one.	19:25
woodster_	hockeynut: containers could just be a convenient way to group secrets, and the same secret could be in multiple containers/groups	19:28
*** lisaclark1 has quit IRC		19:30
hockeynut	right - so if I delete secret S that is contained in containers C1, C2 then they will get 404 when trying to use the secret S. Would be interesting if we had some kind of use count on secrets	19:33
kfox1111	yeah. refcount would be great.	19:50
kfox1111	hmm.. ok. so I can use a url like /v1-vm/<container-name>/<container-secret-name>/filename.whatever in the code I add.	19:52
kfox1111	or just /v1-vm/<container-name>/<container-secret-name>	19:52
*** dave-mccowan has joined #openstack-barbican		19:55
*** rm_mobile has joined #openstack-barbican		19:56
*** rm_mobile has quit IRC		19:56
*** rm_mobile has joined #openstack-barbican		19:56
*** atiwari has joined #openstack-barbican		20:01
*** lisaclark1 has joined #openstack-barbican		20:02
*** dimtruck is now known as zz_dimtruck		20:09
*** prometheanfire has joined #openstack-barbican		20:15
*** prometheanfire has left #openstack-barbican		20:17
*** zz_dimtruck is now known as dimtruck		20:17
*** nkinder has joined #openstack-barbican		20:19
kfox1111	is there a way in pecan to just have one get handler for all of a subdirectory?	20:24
kfox1111	/foo/bar/baz set the handler on /foo and get /bar/baz?	20:24
*** kgriffs\|afk is now known as kgriffs		20:25
woodster_	kfox1111: I think Alee ended up doing something like that for his ca resource work	20:25
kfox1111	hmm... _lookup maybe?	20:27
woodster_	kfox1111: just recalling, you are wanting a name based way to access secrets via containers correct? We only have this sort of interface now: https://github.com/cloudkeep/barbican/wiki/Application-Programming-Interface#containers-resource	20:27
kfox1111	yeah. thats what I'm using. what I want to do is be able to with one api call, download the secret given its name and container.	20:28
woodster_	kfox1111: so you would like to translate between the current and new Apis in middleware correct?	20:29
kfox1111	middleware would be ok, or I can just add a /v1-vm sub app at the root.	20:30
kfox1111	and do just the auth in the middleware.	20:30
woodster_	kfox1111: so is this a custom implementation on your part or do you intend to submit to upstream?	20:33
kfox1111	I intend to submit it.	20:34
redrobot	kfox1111 btw, name uniqueness is not guaranteed by Barbican	20:34
kfox1111	name uniqueness is not guaranteed by barbincan outside of a single container?	20:34
*** kgriffs is now known as kgriffs\|afk		20:35
woodster_	redrobot: ha you beat me to it, so was going to ask if my name you meant UUID?	20:35
redrobot	kfox1111 correct, I can submit 10 secrets all called "my secret" and the api would be ok with that	20:35
rm_work	I forget whether you can have a container that contains secrets of the same name	20:35
rm_work	I think actually no	20:35
kfox1111	yeah. so if the url takes in <container-name>/<containers name for the secret>, that should be unique?	20:36
rm_work	though I went through like three iterations of the client library, changing it back and forth to either support that or not	20:36
woodster_	rm_work: name uniqueness is enforced by validation	20:36
redrobot	kfox1111no, because container-name is not guaranteed to be unique	20:36
redrobot	kfox1111 ^^	20:36
rm_work	woodster_: it might be enforced elsewire	20:36
kfox1111	even within a tenant?	20:36
redrobot	kfox1111 however, names within a container are unique	20:36
rm_work	^^ yes, this	20:36
redrobot	kfox1111 however, however, container within name != secret.name	20:37
rm_work	Container 1234-5678-90123 can't have two secrets inside it with the tag "thing"	20:37
kfox1111	are container names for a given tenant unique?	20:37
rm_work	(note I said "tag")	20:37
rm_work	kfox1111: no	20:37
redrobot	kfox1111 no, we only enforce uniqueness on UUIDs	20:37
rm_work	I could have ten containers named "mycontainer"	20:37
rm_work	but each "mycontainer" could not have multiple secrets tagged "thing"	20:37
kfox1111	ok... so what I can do is the same thing the rest of the openstack api's do. have it take container-name or containeruuid.	20:37
rm_work	though the actual secret names might not be "thing"	20:37
rm_work	it's a bit weird	20:38
kfox1111	if the user does something stupid like naming to containers the same thing, they can use a uuid.	20:38
rm_work	kfox1111: that actually makes sense to me	20:38
rm_work	being consistently wonky with the rest of the OpenStack APIs :P	20:38
rm_work	or at least, CLIs	20:38
kfox1111	:)	20:38
rm_work	it's wonky, but it's consistent, and I value consistency VERY hightly	20:38
rm_work	*highly	20:38
woodster_	So the resource ID could be UUID or name?	20:40
kfox1111	yeah. me too. thats one reason I was so surprised the secret was a uri in the container, not a uuid.	20:40
kfox1111	yeah. that should work.	20:40
*** ametts has quit IRC		20:41
woodster_	kfox1111 so what happens when more than one container matches? You get a list instead of individual response?	20:42
kfox1111	or a error.	20:42
openstackgerrit	Thomas Dinkjian proposed openstack/python-barbicanclient: Adds positive orders functional tests https://review.openstack.org/158454	20:44
kfox1111	probably should just look at the other openstack api's and see what they do in that case.	20:45
kfox1111	maybe a not unique http code or something.	20:45
woodster_	kfox1111: if you intend to submit as a CR it might be good to put up a blue print first	20:46
kfox1111	yeah... not too much time yet.	20:46
kfox1111	I'm deploying a cloud for some users, and I have a choice. Use our msc-keyserver for it, or tweak barbican to make it work.	20:47
kfox1111	I'm ok having to tell users they need to change api's slightly. but wouldn't want to switch technologies, or delay a long time.	20:47
kfox1111	I figure I'll get something working, then submit a spec/some code.	20:47
kfox1111	I've been given about 2 days now to work on making barbican work. :/	20:48
*** lisaclark1 has quit IRC		20:48
kfox1111	if it works, then I can ask for some more time to do it really right.	20:48
kfox1111	odd. the _lookup thing looks like it almost works, but is throwing a 302 all the time. :/	20:55
*** atiwari has quit IRC		20:58
*** dimtruck is now known as zz_dimtruck		20:59
kfox1111	I'm not getting debug logging I think I should... is there a debug flag in places other then the api.config?	21:01
*** lisaclark1 has joined #openstack-barbican		21:02
*** kebray has quit IRC		21:07
*** zz_dimtruck is now known as dimtruck		21:08
*** kfox1111 has quit IRC		21:11
*** alee is now known as alee_afk		21:12
*** kebray has joined #openstack-barbican		21:12
*** rellerreller has quit IRC		21:15
*** alee_afk has quit IRC		21:16
*** dimtruck is now known as zz_dimtruck		21:18
*** zz_dimtruck is now known as dimtruck		21:21
*** kebray has quit IRC		21:26
*** alee has joined #openstack-barbican		21:44
*** lisaclark1 has quit IRC		21:45
*** kebray has joined #openstack-barbican		21:46
*** dimtruck is now known as zz_dimtruck		21:49
*** lisaclark1 has joined #openstack-barbican		21:59
*** jaosorior has quit IRC		22:02
*** zz_dimtruck is now known as dimtruck		22:03
openstackgerrit	Douglas Mendizábal proposed openstack/barbican: Remove version from endpoints in catalog https://review.openstack.org/127865	22:07
*** kebray has quit IRC		22:13
*** jkf has quit IRC		22:14
*** dave-mccowan has quit IRC		22:19
*** alee has quit IRC		22:35
*** lisaclark1 has quit IRC		22:39
*** jorge_munoz has quit IRC		22:48
*** kfox1111 has joined #openstack-barbican		22:49
kfox1111	so in a Controller, how do you get info in the context?	22:52
*** crc32 has quit IRC		23:00
*** gyee has quit IRC		23:20
*** alee has joined #openstack-barbican		23:39
*** paul_glass has quit IRC		23:42
*** chlong has quit IRC		23:43
*** chlong_ has quit IRC		23:44
*** chlong has joined #openstack-barbican		23:48
*** dimtruck is now known as zz_dimtruck		23:48
kfox1111	hmm... can I just call _on_get_secret_payload directly from another api function?	23:53

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!