Monday, 2015-03-16

« Sunday, 2015-03-15 Index Tuesday, 2015-03-17 »
*** woodster_ has quit IRC00:10
*** tkelsey has joined #openstack-barbican00:42
*** zz_dimtruck is now known as dimtruck00:47
*** tkelsey has quit IRC00:47
*** dimtruck is now known as zz_dimtruck01:32
openstackgerritSteve Heyman proposed openstack/barbican: Add ability to run secrets and container paging tests in parallel  https://review.openstack.org/14113803:49
*** zz_dimtruck is now known as dimtruck03:50
openstackgerritSteve Heyman proposed openstack/barbican: Add ability to run secrets and order paging tests in parallel  https://review.openstack.org/14113803:53
openstackgerritJohn Wood proposed openstack/barbican: Add sub-status logic to worker/task processing  https://review.openstack.org/15756504:11
*** tkelsey has joined #openstack-barbican04:43
*** tkelsey has quit IRC04:47
*** dimtruck is now known as zz_dimtruck05:12
openstackgerritJoshua Hesketh proposed openstack/barbican: Add pip-check-reqs tox environment  https://review.openstack.org/16457605:54
openstackgerritJoshua Hesketh proposed openstack/barbican: Add pip-check-reqs tox environment  https://review.openstack.org/16457605:58
*** gitorres has joined #openstack-barbican06:27
openstackgerritJohn Vrbanac proposed openstack/barbican: Splitting out remaining order tests from test_resources  https://review.openstack.org/16458807:13
*** gitorres has left #openstack-barbican07:15
*** tkelsey has joined #openstack-barbican08:26
*** jorge_munoz has quit IRC08:28
*** jorge_munoz has joined #openstack-barbican08:29
*** gitorres has joined #openstack-barbican10:17
*** gitorres has quit IRC10:29
*** rellerreller has joined #openstack-barbican10:43
openstackgerritNathan Reller proposed openstack/barbican: Standardized Secret Encoding  https://review.openstack.org/16044411:10
*** rellerreller has quit IRC11:33
*** gitorres has joined #openstack-barbican11:42
*** darrenmoffat has quit IRC11:52
*** darrenmoffat has joined #openstack-barbican11:53
*** rm_work is now known as rm_work|away12:14
*** woodster_ has joined #openstack-barbican12:27
woodster_alee: can you look at the sub-types CR again?12:28
*** dave-mccowan has quit IRC12:36
*** openstackgerrit has quit IRC12:50
*** openstackgerrit has joined #openstack-barbican12:50
aleewoodster_, looking12:57
openstackgerritKaitlin Farr proposed openstack/barbican: Test functionality of generated asymmetric keys  https://review.openstack.org/16242512:57
*** gitorres has left #openstack-barbican12:59
*** dave-mccowan has joined #openstack-barbican13:10
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Deprecate old secret decrypt path both in code and docs  https://review.openstack.org/16454013:13
*** jaosorior has joined #openstack-barbican13:43
aleewoodster_, ping13:56
*** paul_glass has joined #openstack-barbican14:11
*** rellerreller has joined #openstack-barbican14:16
*** zz_dimtruck is now known as dimtruck14:21
openstackgerritAde Lee proposed openstack/barbican: Added new repository classes and controller classes for CAs  https://review.openstack.org/14798114:27
jaosorioralee: commented on your CR14:45
aleejaosorior, thanks checking14:45
jaosoriorit's only regarding the tests now14:46
jaosoriorthe rest looks good to me14:46
aleejaosorior, ok - so replace with assertListEqual  at lines 80, 95, 107, 178, 195, 215, 228, 324, 346, 362, 37114:51
jaosorioralee: uhm I guess that should be alright14:53
alee:)14:53
aleejaosorior, there might be some in test_cas.py too - I'll look.14:54
*** atiwari has joined #openstack-barbican14:54
jaosorioralee: wait up, verifying something14:54
aleeok14:55
jaosoriorcause there exists assertListEqual and assertItemsEqual14:56
jaosorioraaaand again python 3 issues...14:57
*** kebray has quit IRC14:57
aleejaosorior, http://stackoverflow.com/questions/930995/assertequals-vs-assertequal-in-python  ?14:57
jaosorioralee, nevermind, lets leave those list-related asserts as they are14:58
aleejaosorior, I'm ok with that :)14:58
jaosoriorbut lets use those assertIn's, assertNotIn's, and assertEqual's15:00
aleejaosorior,  so self.assertTrue('next' not in resp.namespace) --> self.assertNotIn('next', resp.namespace) ?15:03
jaosorioryup15:03
aleeok15:03
dave-mccowanhello barbicaneers.  https://review.openstack.org/164425 in support of the certificate-order-api blueprint could use some more reviews please.15:06
jaosoriordave-moccowan: you can also add barbican-core as a reviewer and it will add all the core devs there15:07
openstackgerritAde Lee proposed openstack/barbican: Added new repository classes and controller classes for CAs  https://review.openstack.org/14798115:11
aleejaosorior, ok done15:11
jaosorioralee: there you go15:12
aleejaosorior, thanks!15:13
*** david-lyle_afk is now known as david-lyle15:15
aleerellerreller, ping15:20
rellerrelleralee pong15:20
aleerellerreller, hey -- so just to clarify15:20
aleerellerreller, with your cr, when a private key/ public key etc. get stored - we pass base 64 + pem headers15:21
aleeand this is what would be passed to the crypto store plugin too.15:21
rellerrellerAll private, public, and certificate objects to and from secret stores must be base 64 + pem headers15:22
rellerrellerThat is the same for store_crypto, which is 99% a secret store15:22
aleenow in simple_crypto - we have a case where we are generating public/private keys etc.15:22
aleewhy do this not need to be generated with pem headers?15:23
rellerrellerstore_crypto is storing everything in binary format. All secrets passed to it are decoded into binary, wrapped, and then stored in DB.15:23
rellerrellerThe only exception to this was the generation of public/private key pairs. For some reason they were in Base64 format.15:24
rellerrellerThat's why I changed that one to binary format. Now store_crypto is consistent with how it stores all of its secrets.15:25
*** kebray has joined #openstack-barbican15:26
*** xaeth_afk is now known as xaeth15:27
aleerellerreller, ok15:28
rellerrelleralee I am reviewing your CR.15:29
aleerellerreller, cool thanks15:29
*** rm_work|away is now known as rm_work15:30
rellerrellerWhat do you think about throwing a 400 error when CA not found for delete operations?15:30
aleerellerreller, I dont have a strong feeling either way.15:31
rellerrelleralee Like when user tries to remove CA from project but project is not a member of the project's CAs.15:31
openstackgerritDouglas Mendizábal proposed openstack/barbican: Fix container example secret refs  https://review.openstack.org/16473915:31
rellerrelleralee I feel like there should be something because otherwise the user cannot know if action succeeded.15:32
aleerellerreller, at this point , I dont think there are any other examples we have of this ..15:32
rellerrellerIt's not like adding a CA when a CA is already a member of a project.15:32
openstackgerritThomas Dinkjian proposed openstack/python-barbicanclient: Container negative tests  https://review.openstack.org/16398515:32
aleerellerreller, well - he does not know if any action occurred or not.15:32
rellerrelleralee I looked through the orders and secrets APIs to see what they do.15:32
aleerellerreller, but the end result is the same15:32
aleethe ca is not part of the project15:33
rellerrellerThat is true15:33
aleerellerreller, I think its exactly like adding a ca to project when it already exists15:33
rellerrellerMaybe we just leave it then and we can fix later if that is a requested feature. I don't know what the standard is on these things.15:34
aleesounds good to me15:34
rellerrellerNormally in code I return a boolean as to whether or not it was found and deleted. It's a bit different for web service.15:34
aleeright - I can see arguments both ways15:35
*** arunkant has quit IRC15:35
aleeredrobot, jvrbanac https://review.openstack.org/#/c/147981/ and https://review.openstack.org/#/c/160444/ looking for reviews/workflow15:42
woodster_rellerreller: I updated the retry CR, please take a look when you can: https://review.openstack.org/#/c/157565/315:43
* jvrbanac gets hit over the head with alee's large CR15:43
rellerrellerOK, looking at the decrypt payload one now. Will look at that one next.15:44
aleewoodster_, I'll need your help in figuring out whats wrong with the update function in my CR later15:44
aleemaybe later today15:45
aleejvrbanac, I made it smaller :)15:45
jaosoriorreaperhulk: HALP15:49
reaperhulk?15:51
reaperhulkI am at a doctor's appt right now but can help with whatever later :)15:51
jaosoriornah, it's not urgent15:51
jaosoriordon't worry about it15:51
jaosoriorI'll ping you later then15:51
openstackgerritSteve Heyman proposed openstack/barbican: Add ability to run secrets and order paging tests in parallel  https://review.openstack.org/14113815:53
*** arunkant has joined #openstack-barbican15:54
*** dave-mccowan has quit IRC15:56
*** gyee has joined #openstack-barbican15:59
jaosoriordave-mccowan: reviewed16:08
woodster_alee, ok. I'm still 'officially' on ETO today, so might be sporadically on my phone this afternoon until this evening16:09
aleewoodster_, ETO = extra time off ? :)16:10
aleewoodster_, no worries it can wait till you're officially back16:10
aleewoodster_, which is tomorrow?16:11
woodster_alee, yes, for the past week+  I was starting to forget what day of the week it was :)16:11
*** igueths has joined #openstack-barbican16:11
*** openstackgerrit has quit IRC16:11
*** openstackgerrit has joined #openstack-barbican16:12
woodster_alee, yep tomorrow. I'm feeling the weight of Kilo-3 though16:12
arunkantalee, can you please review per secret changes as now its split into 3 reviews16:13
aleearunkant, I'm reviewing the first one right now16:14
aleearunkant, you do realize the functional test gate jobs failed though, right?16:14
arunkantalee, great thanks.16:14
aleenot sure why - maybe it will go away when you resubmit16:14
arunkantalee, Yes its fixed in part 2 and part 3..so need to move a test change from part 2 to part 116:15
aleeok16:15
*** jkf has joined #openstack-barbican16:22
*** kfarr has joined #openstack-barbican16:29
*** xaeth is now known as xaeth_afk16:37
*** kfarr has quit IRC16:40
*** kfarr has joined #openstack-barbican16:41
*** openstackgerrit has quit IRC16:54
*** openstackgerrit has joined #openstack-barbican16:54
aleearunkant, reviewed first patch17:12
*** bdpayne has joined #openstack-barbican17:19
*** ametts has joined #openstack-barbican17:26
*** dave-mccowan has joined #openstack-barbican17:28
kfarralee quick question: When you run the functional tests against dogtag, what do you change in the config files to activate the dogtag plugin?17:35
aleekfarr, I end up changing the barbican-api.conf file to set the dogtag plugins17:37
*** kfarr has quit IRC17:44
rm_workhey -- one of us was seeing a bug with storing text/plain secrets17:44
rm_workseems to not like that the content-encoding isn't base64 or something17:44
rm_workI am trying to reproduce now, as this is second-hand from someone on my team17:44
rm_workbut was curious if that rings a bell with anyone17:45
rm_workhockeynut / jvrbanac : which one of you was it that discovered the kmip change issue this weekend?17:52
chellygelrm_work, i believe hockeynut discovered the issue and jvrbanac fixed it18:01
*** xaeth_afk is now known as xaeth18:11
rm_workchellygel: do you know if the fix CR is merged yet?18:13
rm_workI am still having the issue on master18:13
rm_worknot that it really impedes my work18:13
rm_workbut it's errors i have to filter out when i'm looking for other things18:13
jvrbanacrm_work, it was merged over the weekend18:14
rm_workhmm... ok18:14
rm_work  File "barbican/tests/plugin/test_kmip.py", line 61, in setUp18:14
rm_work    self.sample_secret = secrets.SecretFactory().create(18:14
rm_workAttributeError: 'SecretFactory' object has no attribute 'create'18:14
rm_workstill getting that ^^18:14
rm_workpulled 10 min ago18:14
jvrbanacYou're using an old version of PyKMIP18:14
rm_workah18:14
rm_workok18:14
rm_workgot it, yep18:15
rm_workthanks18:15
jvrbanacrm_work, w00t18:15
rm_workwonder why that didn't update18:15
chellygellawl, sorry missed the message18:15
rm_workchellygel: np resolved :P18:15
jvrbanacredrobot, here is that update in requirements for PyKMIP you were asking about earlier: https://review.openstack.org/#/c/16444918:27
arunkantalee, can you look into response comments on part 1 of per secret change.18:29
redrobotjvrbanac sweet!18:33
jvrbanacredrobot, also, did you see my comment about asserts?18:33
jvrbanacredrobot, I just posted it a couple minutes ago18:33
redrobotjvrbanac yeah.... now I'm confused about the standard.18:33
redrobotjvrbanac and if I have it backwards, I'm going to have to apologize profusely to rellerreller18:34
chellygeland chellygel ^18:35
jvrbanacredrobot, which standard are you thinking about?18:35
openstackgerritMerged openstack/barbican: Added new repository classes and controller classes for CAs  https://review.openstack.org/14798118:36
redrobotjvrbanac http://www.nag.co.za/wp-content/uploads/2013/11/I-have-no-idea-what-Im-doing.jpg18:37
jvrbanacredrobot, lol18:37
redrobotjvrbanac yes!  found a stack overflow question to support my stance :D http://stackoverflow.com/questions/9331259/unit-testing-why-is-the-expected-argument-always-first-in-equality-tests18:40
redrobotI have no idea where I picked up having the expected value be the first one.18:41
jaosoriorredrobot: I got that from somewhere also... don't remember where it was from though18:41
jaosoriorredrobot, jvrbanac, what, is it wrong?18:41
*** paul_glass has quit IRC18:42
*** paul_glass has joined #openstack-barbican18:43
openstackgerritDouglas Mendizábal proposed openstack/barbican: Use unique refs for RSA container example  https://review.openstack.org/16473918:45
openstackgerritDouglas Mendizábal proposed openstack/barbican: Use unique refs for RSA container example  https://review.openstack.org/16473918:45
redrobotjaosorior question: what's the reason you only give +1 to https://review.openstack.org/#/c/140575/ ?18:52
jaosoriorcause if you read the above conversation I was arguing against the way it's being tested, in favor of test names that actually reflect whats meant to be tested18:54
jaosoriorwell, by the above conversation I meant in the commit18:54
redrobotjaosorior ah, fair enough18:55
jaosoriorcause to be honest for me the way things are named doesn't really mean much18:55
jaosoriorbut if people don't share the opinion, then fair enough. It could be changed later I guess18:56
*** atiwari has quit IRC19:12
*** kfarr has joined #openstack-barbican19:13
*** xaeth is now known as xaeth_afk19:14
*** xaeth_afk is now known as xaeth19:21
jvrbanacredrobot, jaosorior, so if I recall correctly, outside of my own preference, I believe that testtools asserts as (actual, expected)19:31
jaosorioroho19:32
jaosoriorwell, fair enough :O19:32
redrobotjvrbanac jaosorior  sounds like an agenda item for today's meeting19:32
jvrbanacredrobot, :D19:32
rm_workok yeah, reproducable: '{"code": 400, "description": "Provided object does not match schema \\'Secret\\': None is not one of [\\'base64\\']", "title": "Bad Request"}'19:42
rm_workbarbican secret store -p "hello" -t "text/plain" -n "test_secret"19:42
rm_workdigging into why19:43
rm_workpayload_content_encoding is None19:44
rm_workbut that should be correct if it's a text/plain right?19:44
rm_workbarbican.api.controllers HTTPClientError: Provided object does not match schema 'Secret': None is not one of ['base64']19:44
jvrbanacrm_work, I don't think payload_content_encoding should be included if it's text/plain19:45
rm_workhttp://pastebin.com/wwsf4hjd19:45
rm_workjvrbanac: so, this worked until recently19:45
rm_worktrying to pinpoint the exact patch that broke it19:46
elmikoredrobot: probably not gonna make meeting today, but if there's an outcome of the great (actual, expected) debate i'll adjust my patch ;)19:49
jvrbanacrm_work, does it have something to do with https://github.com/openstack/python-barbicanclient/commit/46ef634de8c6867fa0d18fb4c3618cfca8516038 ?19:49
rm_worklooking at 2e708318e998e1adfe12b547fab8414ad0a34952 right now19:49
redrobotelmiko hehe, i'll let you know what we decide on.19:49
rm_workah could be a client change too though, good point19:50
rm_workjvrbanac: exactly right19:53
rm_workjvrbanac: that commit did it19:53
rm_workthanks, redrobot T_T19:53
redrobotrm_work I fail to see how my change introduced  "None" into the request.19:55
redrobotrm_work I'm pretty sure it was https://github.com/openstack/python-barbicanclient/commit/92b53a749d6d363b51271a796d24d6f9642d1b9119:55
rm_workredrobot: i just verified, it was this change19:55
rm_workredrobot: works before, fails after19:56
redrobotrm_work or maybe https://github.com/openstack/python-barbicanclient/commit/8c9024337c67f2dbf1a851f12209cb6bdf6f1e7c19:56
rm_workredrobot: it is most definitely https://github.com/openstack/python-barbicanclient/commit/46ef634de8c6867fa0d18fb4c3618cfca8516038#diff-073a17c22fd1f1db47fc75411685e9ebR24419:56
rm_worki am fixing it19:56
redrobotrm_work oh I see... we need to filter empty keys after, not before19:56
* redrobot derps19:56
redrobotrm_work good thing is chellygel is working on getting the functional gate up and running19:57
redrobotwe could have totally found this bug with the functional gate19:57
rm_workheh19:57
rm_workand apparently i'm the only one actually USING the client19:57
rm_workT_T19:57
* chellygel is trying to figure out her head from her bottom in this code base right now19:57
chellygelrm_work, wanna be buddies :D19:58
redrobotweekly meeting starting now in #openstack-meeting-alt20:01
openstackgerritMerged openstack/barbican: Standardized Secret Encoding  https://review.openstack.org/16044420:04
openstackgerritSteve Heyman proposed openstack/barbican: Refactor secrets functional tests for readability  https://review.openstack.org/16356420:08
hockeynutjaosorior I agree that the commit msg for ^ needed to be updated...new one is up now20:08
*** rm_you|wtf has joined #openstack-barbican20:09
jaosoriorhockeynut: funny thing is, my review was wrongly written, I meant +2 and not +1 haha20:09
rm_workchellygel: heh, you're doing the client tests? I can help with that possibly, if you have questions :)20:10
jaosoriorhockeynut: but there you go, +220:10
chellygelyeah we have 7 total errors right now rm_work. so i'm trying to deduce if they are code or test related and fix them20:10
rm_workwell, secret create20:10
rm_workdoes not work presently :P20:10
rm_workso there's at least one20:11
iguethsifconfig eth2:020:11
iguethsoops20:11
*** rm_you| has quit IRC20:13
hockeynutjaosorior I got the point :-)20:14
hockeynutjaosorior are you going to push up any more patchsets for https://review.openstack.org/#/c/164540/ ?  I see a few comments in there so I'm hesitating from workflowing it20:15
jaosoriorhockeynut: to be honest... it is not clear to me what to do there :/20:16
hockeynutI see rellerreller had a few nuts and the question about modulo over format20:17
jaosoriorusually for nits I can submit a subsequent patchset, if it already has a couple of +2, but I have left it like it is cause the modulo over format discussion didn't seem to have a conclusion20:18
*** dimtruck is now known as zz_dimtruck20:18
jaosoriorhockeynut: if you have an opinion, and someone else, I guess I'll just take the majority opinion there and implement that haha, to be honest I have no preference over module or format for log messages20:19
hockeynutjaosorior woodster_ may since he's been int hat area...I haven't20:19
*** zz_dimtruck is now known as dimtruck20:20
rm_workq20:23
rm_work... whoops20:23
chellygelQ_Q rm_work20:23
woodster_Sorry sketchy time to do things....the modulo format for logging is for deferring localizing messages in case logging levels are set above the logged message...so avoids taking proc time to localize messages20:26
iguethsInteresting writeup, thankfully it doesn't apply to us directly though https://freedom-to-tinker.com/blog/dwallach/on-compromising-app-developers-to-go-after-their-users/20:33
jaosoriorwoodster_: so... should I switch to that then?20:34
woodster_jaosorior: sorry just on phone now, but in general the modulo approach is only needed if the message is localized, so with one of those _u functions20:36
openstackgerritAdam Harwell proposed openstack/python-barbicanclient: Fix secret-store empty-key filtering bug  https://review.openstack.org/16486120:36
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Deprecate old secret decrypt path both in code and docs  https://review.openstack.org/16454020:41
rm_work^^ redrobot fixed20:42
redrobotrm_work Closes-Bug: #???????20:46
rm_workredrobot: closes bug: I'll cut you20:46
redrobotrm_work lmao... nice Sheena_ throwback20:49
iguethsLol rm_work20:49
Sheena_rm_work, redrobot: this is excellent news! I knew the Barbican team had picked up my crazy, but this is proof it's infected Neutron too!20:51
Sheena_Well, besides insequent20:54
chellygelis this what unemployed people do Sheena_ ? just troll irc channels20:54
openstackgerritArun Kant proposed openstack/barbican: Adding per secret ACL support with db layer changes (Part 1)  https://review.openstack.org/16433420:55
hockeynutredrobot is there a way to block these unwashed heathen?20:57
Sheena_chellygel: I think this is a higher vocation than mere employment. Don't worry, I will make special time in my day one I'm at the new job to harass you guys, too. Priorities.20:57
chellygel+1 :D20:57
redrobotI think I have the power to /kick20:57
redrobotbut I refuse to /kick Sheena_ for fear of stabbings20:57
hockeynutbut sheena can /stab20:57
redrobothockeynut exactly!20:58
iguethsShe might also be able to do an /teleport && /stab20:58
Sheena_Oh man, how things have changed in 72 hours... Now I know how you all really feel!20:58
rm_workheh20:59
Sheena_Unlimited time to carve shanks and nap here, thanks unemployment!20:59
*** jkf has quit IRC20:59
redrobot"fun"employment20:59
*** jkf has joined #openstack-barbican21:00
Sheena_Definitely the best kind.21:00
*** kebray has quit IRC21:04
*** rellerreller has quit IRC21:05
*** xaeth is now known as xaeth_afk21:06
iguethswoodster_: Ping.21:09
*** kebray has joined #openstack-barbican21:13
woodster_igueths: I'm getting 5 min here and there to look at IRC21:16
iguethswoodster_: Ah ok, had a question pertaining to your reply to the latest bug I dropped in...Can discuss when you're here next since that's likely easier.21:18
woodster_igueths: oh for the unlimited consumers? Yeah tsv 's quota feature will handle this21:19
openstackgerritCharles Neill proposed openstack/barbican: Security tests for Consumer resources  https://review.openstack.org/16407521:20
woodster_Sheena_: good to see you in the channel again!21:20
iguethswoodster_: So at the time I looked at that blueprint, I understood it to mean that it would be a limit on the number of secrets/containers/registered consumers/etc that could be associated at any given time. However, I didn't see anything about validating the input lengths.21:21
*** kebray has quit IRC21:25
Sheena_woodster_: thanks sir. irccloud is awesome?21:25
Sheena_!*21:25
openstackSheena_: Error: "*" is not a valid command.21:25
Sheena_I'm Ron Burgundy?21:26
openstackgerritCharles Neill proposed openstack/barbican: Security tests for Container resources  https://review.openstack.org/16487521:30
woodster_igueths: oh sorry I thought the bug was no limits on number of consumers. If instead in the size of each consumer than yes that's a validation issue21:33
iguethswoodster_: Yeah it's definitely the latter, hence my confusion with your reply lol21:34
*** kebray has joined #openstack-barbican21:43
*** xaeth_afk is now known as xaeth21:43
*** kebray has quit IRC21:46
*** kebray has joined #openstack-barbican21:46
openstackgerritCharles Neill proposed openstack/barbican: Security tests for Order resources  https://review.openstack.org/16487921:54
*** dimtruck is now known as zz_dimtruck22:03
*** tkelsey has quit IRC22:03
openstackgerritCharles Neill proposed openstack/barbican: Security tests for Secret resources  https://review.openstack.org/16488222:05
*** xaeth is now known as xaeth_afk22:08
openstackgerritDave McCowan proposed openstack/barbican: Implement validate_pkcs10_data  https://review.openstack.org/16442522:10
dave-mccowanadee ping22:14
dave-mccowanalee ping22:14
aleedave-mccowan, yo22:15
dave-mccowani think i'm in good shape on #3 from your list.  i'll work on #2 next.  how's the functional tests looking?  i can add functional tests for the validators after you've merged yours if you want.22:16
aleedave-mccowan, that sounds good -- I'm hoping to have a first patch for functional tests by tommorow morning22:16
aleedave-mccowan, I will include some basic bad validation cases22:17
aleebut any addtional ones will certainly help22:17
dave-mccowancool.  you might be able to use the functions in tests/cert_utils.py to help write the test cases.22:18
aleedave-mccowan, yup - I defintely plan to22:20
aleedave-mccowan, of course we have to get those merged in then :)22:20
dave-mccowannova-cores ^^ :-)22:21
aleedave-mccowan, you may  be asking for the wrong cores ..22:21
dave-mccowangack.  flashbacks from last week.   s/nova/barican-cores22:22
elmikoredrobot: so... (expected, observed) ?22:23
redrobotelmiko indeed22:23
mjg59Quick question about deployment - I have cinder integration working to the extent that as an admin I can create a volume, but as a user I'm getting a 403 with PolicyNotAuthorized: Policy doesn't allow orders:post to be performed.22:23
dave-mccowanalee time for my commute.  ttyl22:24
aleedave-mccowan, later - thanks!22:24
*** dave-mccowan has quit IRC22:24
mjg59The policy file has orders:post as rule:admin_or_creator22:24
elmikoredrobot: sweet, that makes it easy for me. hehe. was there anything more about castellan or just the oslo_log stuff?22:24
mjg59How are the roles assigned?22:25
redrobotelmiko just the oslo_log stuff... we'll cut the initial release after that.22:26
elmikoredrobot: awesome! looking forward to it =)22:27
redrobotmjg59 hi!22:27
redrobotmjg59 Barbican defines 4 roles (admin, observer, creator, audit) at the project level22:28
*** paul_glass has quit IRC22:28
redrobotmjg59 oslo.policy allows you to map those built in roles to whatever your cloud deployment uses as the actual roles.22:28
mjg59Ah, ok22:28
redrobotmjg59 you can take a look at the sample policy.json in /etc/barbican22:28
redrobotmjg59 https://github.com/cloudkeep/barbican/blob/master/etc/barbican/policy.json#L22-L2522:28
mjg59Yeah, I've just deployed the sample policy22:29
mjg59I'll figure out what our deployment uses22:29
mjg59Thanks!22:30
openstackgerritChelsea Winfree proposed openstack/python-barbicanclient: Fixed max payload size error  https://review.openstack.org/16489422:43
*** igueths has quit IRC22:45
*** dave-mccowan has joined #openstack-barbican22:50
*** kfarr has quit IRC22:52
chellygel\o/ vote for test fixes22:58
*** dave-mccowan has quit IRC23:09
*** jaosorior has quit IRC23:12
rm_workchellygel: comments on your last CR23:14
chellygelty! :D23:14
*** gyee has quit IRC23:16
openstackgerritArun Kant proposed openstack/barbican: Adding per secret ACL support with policy layer changes (Part 3)  https://review.openstack.org/16433723:21
openstackgerritArun Kant proposed openstack/barbican: Adding per secret ACL support with controller layer changes (Part 2)  https://review.openstack.org/16433523:21
openstackgerritArun Kant proposed openstack/barbican: Adding per secret ACL support with db layer changes (Part 1)  https://review.openstack.org/16433423:21
openstackgerritArun Kant proposed openstack/barbican: Adding per secret ACL support with db layer changes (Part 1)  https://review.openstack.org/16433423:26
*** jkf has quit IRC23:31
openstackgerritArun Kant proposed openstack/barbican: Adding per secret ACL support with controller layer changes (Part 2)  https://review.openstack.org/16433523:31
openstackgerritArun Kant proposed openstack/barbican: Adding per secret ACL support with db layer changes (Part 1)  https://review.openstack.org/16433423:31
*** atiwari has joined #openstack-barbican23:33
openstackgerritArun Kant proposed openstack/barbican: Adding per secret ACL support with db layer changes (Part 1)  https://review.openstack.org/16433423:43
openstackgerritChelsea Winfree proposed openstack/python-barbicanclient: Added new exception and adjusted functional test.  https://review.openstack.org/16489823:45
« Sunday, 2015-03-15 Index Tuesday, 2015-03-17 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!