*** paul_glass has quit IRC | 01:48 | |
*** woodster_ has joined #openstack-barbican | 02:20 | |
*** kebray has joined #openstack-barbican | 02:28 | |
*** kebray has quit IRC | 02:28 | |
*** kebray has joined #openstack-barbican | 02:37 | |
*** kebray has quit IRC | 02:38 | |
*** kebray has joined #openstack-barbican | 02:39 | |
*** chlong has joined #openstack-barbican | 03:00 | |
*** paul_glass has joined #openstack-barbican | 03:48 | |
*** paul_glass has quit IRC | 03:53 | |
*** woodster_ has quit IRC | 05:40 | |
*** paul_glass has joined #openstack-barbican | 05:49 | |
*** paul_glass has quit IRC | 05:53 | |
*** kebray has quit IRC | 06:34 | |
*** jamielennox|away is now known as jamielennox | 06:48 | |
*** tkelsey has joined #openstack-barbican | 07:59 | |
*** tkelsey has quit IRC | 08:04 | |
*** chlong_ has joined #openstack-barbican | 08:54 | |
*** chlong has quit IRC | 08:57 | |
*** tkelsey has joined #openstack-barbican | 08:58 | |
*** tkelsey has quit IRC | 10:06 | |
*** darrenmoffat has quit IRC | 10:19 | |
*** Nirupama has joined #openstack-barbican | 10:20 | |
*** darrenmoffat has joined #openstack-barbican | 10:20 | |
*** chlong_ has quit IRC | 10:41 | |
*** chlong_ has joined #openstack-barbican | 10:58 | |
*** chlong_ has quit IRC | 11:05 | |
*** chlong has joined #openstack-barbican | 11:24 | |
-openstackstatus- NOTICE: gerrit has been restarted to restore event streaming. any change events missed by zuul (between 10:56 and 11:37 utc) will need to be rechecked or have new approval votes set | 11:38 | |
*** dave-mccowan has joined #openstack-barbican | 11:38 | |
*** jamielennox is now known as jamielennox|away | 11:49 | |
*** woodster_ has joined #openstack-barbican | 12:00 | |
*** Nirupama has quit IRC | 12:32 | |
*** tkelsey has joined #openstack-barbican | 12:44 | |
*** tkelsey has quit IRC | 12:50 | |
*** nkinder has quit IRC | 13:21 | |
dave-mccowan | woodster_, alee, ping. shall we talk about validitor calls from orders.py? john makes a good point in code review comment. | 13:44 |
---|---|---|
alee | woodster_, dave-mccowan - I was just responding to that. | 13:46 |
alee | woodster_, dave-mccowan the initial problem here is that we needed to get the external_project_id so that we could find the containers and secrets | 13:47 |
alee | (and also validate whether the caller has access to the resources or not) | 13:47 |
alee | woodster_, dave-mccowan - as far as I see, that information is not passed to the validators | 13:48 |
alee | woodster_, dave-mccowan - in that validator there are two things we need to do .. | 13:49 |
*** ametts has joined #openstack-barbican | 13:49 | |
alee | I'm going to add this to the review - so I dont have to repeat myself .. | 13:50 |
woodster_ | Good point...I think it would be fair to optionally pass the project id into the api.load_body call for validators that need that | 13:51 |
dave-mccowan | alee, woodster, and validate-stored-key needs external_project_id. validate-ca-id needs internal project.id. to validate with ACL, will we also need a user id? john instinct is right... this section might get beefier, but i don't think the validator call in line 194 can contain it all. | 13:51 |
alee | dave-mccowan, woodster_ - I agree that the better solution would be pass all these to the validators in the api.load_body call. | 13:52 |
*** gitorres has quit IRC | 13:53 | |
*** david-lyle has quit IRC | 13:53 | |
*** elmiko has quit IRC | 13:53 | |
*** reaperhulk has quit IRC | 13:53 | |
*** d0ugal has quit IRC | 13:53 | |
*** tdink has quit IRC | 13:53 | |
*** hockeynut has quit IRC | 13:53 | |
*** mordred has quit IRC | 13:53 | |
*** jvrbanac has quit IRC | 13:53 | |
*** zz_dimtruck has quit IRC | 13:53 | |
*** jillysciarilly has quit IRC | 13:53 | |
*** lbragstad has quit IRC | 13:53 | |
*** jroll has quit IRC | 13:53 | |
*** eglute has quit IRC | 13:53 | |
*** darrenmoffat has quit IRC | 13:53 | |
alee | woodster_, as I have work that depends on parts of this cr, can we workflow this in and have dave correct it in a separate CR? | 13:55 |
*** tdink has joined #openstack-barbican | 13:55 | |
*** hockeynut has joined #openstack-barbican | 13:55 | |
*** mordred has joined #openstack-barbican | 13:55 | |
*** jvrbanac has joined #openstack-barbican | 13:55 | |
*** zz_dimtruck has joined #openstack-barbican | 13:55 | |
*** jillysciarilly has joined #openstack-barbican | 13:55 | |
*** lbragstad has joined #openstack-barbican | 13:55 | |
*** jroll has joined #openstack-barbican | 13:55 | |
*** eglute has joined #openstack-barbican | 13:55 | |
*** darrenmoffat has joined #openstack-barbican | 13:56 | |
*** paul_glass has joined #openstack-barbican | 13:57 | |
*** gitorres has joined #openstack-barbican | 13:58 | |
*** david-lyle has joined #openstack-barbican | 13:58 | |
*** elmiko has joined #openstack-barbican | 13:58 | |
*** reaperhulk has joined #openstack-barbican | 13:58 | |
*** d0ugal has joined #openstack-barbican | 13:58 | |
*** paul_glass has quit IRC | 14:00 | |
*** paul_glass has joined #openstack-barbican | 14:01 | |
woodster_ | alee, that works for me | 14:02 |
alee | woodster_, reaperhulk cool | 14:03 |
alee | woodster_, dave-mccowan - that is .. | 14:03 |
dave-mccowan | woodster_. alee, shall i address the comments in hrefs before or after merge? either way is fine with me. impact is on alee. | 14:05 |
woodster_ | dave-mccowan, I'm fine fixing in following CRs | 14:06 |
woodster_ | dave-mccowan, alee, so we are fine workflowing htis CR then? | 14:07 |
alee | woodster_, sounds good to me. | 14:14 |
alee | woodster_, you need to do it .. | 14:14 |
alee | and then dave-mccowan will fix in a follow-on CR | 14:15 |
woodster_ | done, just now | 14:15 |
dave-mccowan | alee, woodster_, while it's fresh in our minds. let me ask about moving meta validation logic from orders.py. that code needs the parsed body that api.load_body() returns to extract the 'meta' parameters. so, i could move the existing code to api.load_body(), but that seems to just move the uglyness. i propose: add a new method, meta_validator(), so the new line 194 would be body = api.load_body(pecan.request, validator=se | 14:16 |
dave-mccowan | lf.type_order_validator, meta_validator=self.type_order_meta_validator). then all the validation logic can live in validators.py. | 14:16 |
alee | woodster_, in Namibia, we also have the concept of "just now" -- it means something entirely different like "I will do X just now" - which could mean anytime within the next 15 mins or the next week or so. | 14:17 |
alee | woodster_, you have to distinuguish it with from more immediate timeframes -- like "now now" or "south african now" or "american now" | 14:19 |
woodster_ | dave-mccowan, this still seems like something that could be done in the validators side...i.e. the order validator should know that there is a meta section to validate as well? | 14:19 |
*** nkinder has joined #openstack-barbican | 14:19 | |
alee | woodster_, or in this case, "just now" meaning that which has just passed | 14:19 |
woodster_ | alee, do mean as TODO comments? | 14:19 |
alee | woodster_, sorry -- whimsical aside -- reading dave-mccowan question now | 14:20 |
*** paul_glass has quit IRC | 14:21 | |
*** paul_glass has joined #openstack-barbican | 14:21 | |
alee | dave-mccowan, sorry - I'm a little confused -- what code are you trying to move? | 14:26 |
alee | dave-mccowan, I kinda agree with woodster_ , not sure I see the need for an extra validator argument | 14:27 |
dave-mccowan | alee, woodster_, yea... i'm with woodster_ too. all my code should have gone in validators.py. | 14:27 |
dave-mccowan | alee, woodster_, does that apply to validate_ca_id() too? that was the example i was following. | 14:28 |
*** zz_dimtruck is now known as dimtruck | 14:29 | |
alee | dave-mccowan, most likely yes -- that one is there also because I needed a projct_id I think. | 14:30 |
dave-mccowan | alee, woodster_ thanks john. excellent review. i know what to do. i'll fix it just now. ;-) | 14:32 |
*** igueths has joined #openstack-barbican | 14:32 | |
alee | dave-mccowan, which version of "just now"? :) | 14:33 |
openstackgerrit | Merged openstack/barbican: Implement validators and tests for stored key certificate orders https://review.openstack.org/167291 | 14:38 |
*** chlong has quit IRC | 15:00 | |
*** xaeth_afk is now known as xaeth | 15:34 | |
openstackgerrit | John Wood proposed openstack/barbican: Add retry server and functional tests to DevStack https://review.openstack.org/170896 | 15:35 |
openstackgerrit | John Wood proposed openstack/barbican: Add retry server and functional tests to DevStack https://review.openstack.org/170896 | 15:43 |
*** gyee has joined #openstack-barbican | 15:45 | |
*** ametts has left #openstack-barbican | 15:46 | |
*** xaeth is now known as xaeth_afk | 15:46 | |
*** xaeth_afk is now known as xaeth | 15:55 | |
*** dougwig has left #openstack-barbican | 16:00 | |
*** xaeth is now known as xaeth_afk | 16:12 | |
*** xaeth_afk is now known as xaeth | 16:20 | |
openstackgerrit | John Wood proposed openstack/barbican: Add order_retry_tasks migration per latest model https://review.openstack.org/169946 | 16:20 |
openstackgerrit | John Wood proposed openstack/barbican: Add retry server and functional tests to DevStack https://review.openstack.org/170896 | 16:43 |
openstackgerrit | John Wood proposed openstack/barbican: Add retry server and functional tests to DevStack https://review.openstack.org/170896 | 16:47 |
woodster_ | jvrbanac please look at my comments on this CR: https://review.openstack.org/#/c/169946/2 | 17:06 |
jvrbanac | woodster_, give me a few | 17:07 |
jvrbanac | woodster_, ok | 17:14 |
woodster_ | jvrbanac, I'll set the order the same for this CR though. Also adding guidance for new columns to the sphinx docs. | 17:16 |
*** kebray has joined #openstack-barbican | 17:17 | |
jvrbanac | woodster_, ahh ok | 17:18 |
jvrbanac | woodster_, btw, at some point, I'm probably gonna change how we do model registration. I was working with SQLAlchemy over the weekend on a different project and realized there is a much more efficient way of doing it these days. | 17:19 |
woodster_ | jvrbanac, sounds great! Yeah the current approach used hasn't change in over two years :) | 17:20 |
*** rm_work is now known as rm_work|away | 17:29 | |
arunkant | redrobot : Can remaining ACL part (4 and 5) be reviewed and possibly merged? | 17:29 |
alee | reaperhulk, ping | 17:39 |
*** paul_glass has quit IRC | 17:50 | |
*** paul_glass has joined #openstack-barbican | 17:51 | |
*** jkf has joined #openstack-barbican | 17:53 | |
*** dave-mccowan has quit IRC | 18:07 | |
openstackgerrit | Merged openstack/barbican: Restore worker tasks processing catching exceptions https://review.openstack.org/168039 | 18:10 |
*** rm_work|away is now known as rm_work | 18:24 | |
openstackgerrit | Adam Harwell proposed openstack/barbican: Use the new Devstack external plugin method https://review.openstack.org/167885 | 18:25 |
*** rm_work is now known as rm_work|away | 18:28 | |
*** rm_work|away is now known as rm_work | 18:34 | |
*** SheenaG has joined #openstack-barbican | 18:42 | |
hockeynut | jvrbanac ping | 18:45 |
jvrbanac | hockeynut, what's up | 18:46 |
hockeynut | looking at cli testing - would like to hear your ideas on how to (or not to) hit it from client tests. | 18:46 |
jvrbanac | hockeynut, to get started, I would probably just create an instance of the Barbican cli class, populate an argv, and pass it into .run() | 18:52 |
jvrbanac | Probably the fastest way of going about this | 18:52 |
hockeynut | thx! | 18:52 |
jvrbanac | hockeynut, cliff may have a more prescribed way of doing it, but if I were to just jump into it, that's probably what I would do. | 18:54 |
hockeynut | coolness - was looking at a few different ways | 18:57 |
jvrbanac | hockeynut, just don't use subprocesses, I will -2 things with subprocesses ;) | 19:03 |
hockeynut | LOL I someone got that impression! | 19:05 |
hockeynut | c/someone/somehow | 19:06 |
openstackgerrit | werner mendizabal proposed openstack/barbican: Create barbican paste deploy scripts https://review.openstack.org/170961 | 19:13 |
*** kebray has quit IRC | 19:20 | |
alee | woodster_, ping | 19:35 |
alee | rm_work, ping | 19:36 |
alee | reaperhulk, pign | 19:36 |
alee | hockeynut, reaperhulk , redrobot, jvrbanac -- anyone there? | 19:53 |
alee | woodster_, ? | 19:53 |
jvrbanac | alee, kinda what's up? | 19:53 |
hockeynut | hockeynut is here for 7 more minutes (we have a mtg @ 3CT) | 19:53 |
woodster_ | alee, sounds serious! Maybe I'm not here? :) | 19:54 |
alee | jvrbanac, hockeynut , woodster_ just trying to get a handle on this secrets encoding issue | 19:54 |
Guest48074 | alee o/ | 19:54 |
Guest48074 | derp | 19:54 |
Guest48074 | lost my nick | 19:54 |
hockeynut | nickless? | 19:54 |
alee | of course its a little different on openssl 0.9.8 .. | 19:55 |
alee | can ya'll run the following test script and let me know what you see? | 19:55 |
*** Guest48074 is now known as redrobot | 19:55 | |
alee | http://www.fpaste.org/207729/14283501/ | 19:56 |
*** kfarr has joined #openstack-barbican | 19:56 | |
alee | I'm particular interested on systems where we have openssl 0.9.8 (ie. macs for instance) | 19:56 |
jvrbanac | alee, you want the full output? | 19:58 |
alee | jvrbanac, sure | 19:58 |
alee | jvrbanac, just want to see if it matches what I have on my version of openssl | 19:58 |
redrobot | meeting is starting now in #openstack-meeting-alt | 20:00 |
alee | jvrbanac, you got output? | 20:01 |
jvrbanac | alee, I don't run a Mac, so this is on xubuntu 14.10 with OpenSSL 1.0.1f http://hastebin.com/tiwevawovu.txt | 20:04 |
alee | jvrbanac, ok - that matches what I see. | 20:05 |
alee | hockeynut, redrobot woodster_ reaperhulk -- mac users? | 20:05 |
redrobot | o/ | 20:06 |
redrobot | alee I am, but I use openssl from homebrew | 20:06 |
alee | redrobot, version? | 20:06 |
woodster_ | alee, I'll try it out shortly | 20:07 |
alee | woodster_, thanks the srcipt clearly shows the issue -- we do some encoding / decoding into base64 when storing / retrieving secrets | 20:08 |
alee | woodster_, redrobot when we do this using base64.b64encode/decode we lose all '\n' characters and crypto.loadkey barfs | 20:08 |
redrobot | alee actually I have an agenda item to talk about that | 20:09 |
redrobot | alee OpenSSL 1.0.2 22 Jan 2015 | 20:09 |
alee | using base64.encodestring seems to work for me | 20:09 |
alee | redrobot, phooey - then you'll prob see the same as me | 20:10 |
woodster_ | alee, btw we are having our weekly irc meeting now... | 20:12 |
alee | woodster_, oh I know -- I'm lurking till something comes up | 20:13 |
*** kebray has joined #openstack-barbican | 20:18 | |
*** igueths has quit IRC | 20:31 | |
*** dave-mccowan has joined #openstack-barbican | 20:46 | |
*** rellerreller has joined #openstack-barbican | 20:52 | |
*** igueths has joined #openstack-barbican | 20:52 | |
woodster_ | alee, that test script passes on my machine, but I'm not using the stock mac openssl | 20:55 |
alee | woodster_, what do you mean by passes? | 20:56 |
alee | woodster_, there are some tests that should fail in there .. | 20:57 |
woodster_ | well, I see this: | 20:57 |
woodster_ | https://www.irccloud.com/pastebin/khxXQSP6 | 20:57 |
alee | rellerreller, so -- try this script .. | 20:58 |
alee | http://www.fpaste.org/207729/14283501/ | 20:58 |
alee | woodster_, yeah thats the last bit | 20:58 |
woodster_ | Barbican meeting, overtime!... | 20:58 |
alee | woodster_, but some tests fail before that | 20:59 |
alee | you should see some "not working for ..." | 20:59 |
woodster_ | alee, do you want to see the rest of the output? My openssl version is > 1.0 btw | 20:59 |
alee | woodster_, sure | 20:59 |
rellerreller | alee What is the output? They are not the same? | 21:00 |
alee | woodster_, rellerreller - the functions in the script are modeled on the ones we use in the code. rellerreller probably recognizes some of them | 21:00 |
rellerreller | Yes, they are the ones from translations. | 21:00 |
rellerreller | Was that a cut paste? | 21:00 |
alee | although they've had a couple of corrections in them | 21:00 |
alee | rellerreller, no - run the script | 21:01 |
alee | rellerreller, its not an exact cut/paste - there are some fixes in there .. | 21:01 |
alee | rellerreller, woodster_ what the script shows is -- | 21:01 |
*** pixer has joined #openstack-barbican | 21:02 | |
alee | 1. the keys etc. in utils.py need to have a "\n" at the end of each line, or they do not load | 21:02 |
alee | 2. if you encode/decode with b64enocde/decode, then the result has all the '\n' removed, and will not load | 21:04 |
woodster_ | jvrbanac, btw we do have a kilo blueprint for the version resource that wasn't implemented: https://blueprints.launchpad.net/barbican/+spec/fix-version-api | 21:04 |
woodster_ | jvrbanac, ...not sure if that is what you meant during the IRC meeting? | 21:04 |
alee | 3. if you encode/decode with encodestring/decodestrin, it preserves '\n' , and so it does load | 21:05 |
alee | 4. interestingly it preserves the '\n' , but not at the same place | 21:05 |
alee | 5. but the resulting loaded key is the same. | 21:05 |
woodster_ | redrobot, did you want to continue the content-types discussion here? | 21:05 |
rellerreller | alee So the issue is that the private, public, and certificates are not returned with the correct formatting for line splits? | 21:06 |
alee | rellerreller, woodster_ all this means that if we want to continue the manipulations we are currently doing , I think I have a fix that makes things work | 21:07 |
alee | rellerreller, yup | 21:07 |
redrobot | woodster_ o/ | 21:07 |
rellerreller | I wonder why the tests did not catch this. | 21:07 |
alee | (and the pem_ related funrtions did not handle line split correctly to begin with | 21:07 |
redrobot | rellerreller seems to only happen on older versions of OpenSSL | 21:08 |
rellerreller | alee We should have just made all of this binary :( | 21:08 |
alee | rellerreller, 1. the input data did not contain line splits | 21:08 |
alee | 2. you did not actually try and use it (ie. load_privatkey) | 21:08 |
rellerreller | Sorry to do this, but my daughter is up. | 21:08 |
alee | saved by the bell .. | 21:09 |
rellerreller | alee Good points. | 21:09 |
rellerreller | I will be online tomorrow. I am back from vacation. | 21:09 |
dave-mccowan | alee did you try to run the 2 functional tests i put in a CR with your fix? | 21:09 |
alee | rellerreller, ok by then I'll have a patch | 21:09 |
alee | dave-mccowan, not yet - but I will | 21:09 |
dave-mccowan | alee, i ran your script with OpenSSL 0.9.8za 5 Jun 2014. the last line of output said "woot". is there other output to check? | 21:10 |
kfarr | alee, there was a functional test that loaded the private and public key, but it used cryptography and not openssl directly :/ | 21:10 |
alee | kfarr, yes -- cryptography links to a later version of openssl | 21:11 |
alee | dave-mccowan, thats good to know | 21:11 |
alee | dave-mccowan, can you post your output? | 21:11 |
alee | kfarr, some of this didnot appear for me too with later openssl | 21:11 |
dave-mccowan | alee http://www.fpaste.org/207753/14283547/ | 21:12 |
kfarr | alee ah ok | 21:12 |
redrobot | so, i think that somewhat-related to alee's issues, some of the functional tests are incorrect. | 21:12 |
redrobot | https://github.com/openstack/barbican/blob/master/functionaltests/api/v1/functional/test_secrets.py#L904-L906 | 21:12 |
redrobot | ^^ for example, sends "base64" as the encoding with a DER that has not been base64 encoded | 21:12 |
alee | dave-mccowan, good your output matches mine | 21:13 |
alee | redrobot, well part of it is -- I understand your objection - and I think we need to have a discussion of how we want to handle this case. | 21:14 |
alee | redrobot, so the question is -- if I want to store pem data -- what should I send in? | 21:15 |
redrobot | alee that's what I'm trying to figure out... was able to get the boss to task me with sorting this stuff out | 21:16 |
dave-mccowan | redrobot here are two functional tests (they fail) that use generated keys that demonstrate the current problem. https://review.openstack.org/#/c/169974/ | 21:16 |
redrobot | alee send as DER, but don't set the content-encoding to base64 | 21:17 |
redrobot | I think that when payload_content_encoding is set to base64, barbican should always decode _the entire payload_ | 21:17 |
alee | redrobot, I think to get some clarity to this, we need some stuff written down. I suggest we | 21:18 |
alee | 1) set up a google hangout for tommorow | 21:18 |
alee | 2) have you write down how each type of input should be handled. we are interested in private keys for exmaple in pem/der format, with or without passphrases | 21:19 |
alee | what we want to know is what gets passed in, what gets sent to the plugins, what gets returned from the plugins | 21:20 |
alee | and what gets returned from barbican server | 21:20 |
redrobot | alee agreed.... but I'd rather push the hangout to Wednesday | 21:21 |
redrobot | alee I think it'll take the rest of today and most of tomorrow to compile all the info | 21:21 |
alee | also keep in mind the stored_key case, for which we must be able to load the key in pem format in order to handle the passphrase case | 21:21 |
*** rellerreller has quit IRC | 21:22 | |
alee | sure - in the meantime, I'll be creating a fix based on what we have | 21:22 |
alee | and so at least we'll have functional tests for all cert types | 21:22 |
alee | and then we can make sure they still work if we make changes | 21:22 |
*** paul_glass has quit IRC | 21:24 | |
alee | woodster_, redrobot hockeynut jvrbanac - by the way, acl changes are still out there waiting to be workflowed. lets get them in please. | 21:24 |
*** paul_glass has joined #openstack-barbican | 21:24 | |
*** kebray has quit IRC | 21:25 | |
*** paul_glass has quit IRC | 21:26 | |
*** kfarr has quit IRC | 21:27 | |
openstackgerrit | John Wood proposed openstack/barbican: Add order_retry_tasks migration per latest model https://review.openstack.org/169946 | 21:32 |
openstackgerrit | John Wood proposed openstack/barbican: Add retry server and functional tests to DevStack https://review.openstack.org/170896 | 21:40 |
openstackgerrit | Igor Gueths proposed openstack/barbican: Potential resource exhaustion when registering consumers to containers https://review.openstack.org/170693 | 21:41 |
*** pixer has quit IRC | 21:44 | |
openstackgerrit | Charles Neill proposed openstack/barbican: Security tests for Consumer resources https://review.openstack.org/167018 | 21:48 |
*** SheenaG has quit IRC | 21:49 | |
openstackgerrit | Charles Neill proposed openstack/barbican: Security tests for Consumer resources https://review.openstack.org/167018 | 21:53 |
*** xaeth is now known as xaeth_afk | 21:54 | |
openstackgerrit | John Wood proposed openstack/barbican: Add retry server and functional tests to DevStack https://review.openstack.org/170896 | 21:54 |
woodster_ | arunkant, you are oh so close to 100% coverage on your ACL CRs...would you be up for adding the missing unit tests, even as a separate CR? | 21:58 |
openstackgerrit | Igor Gueths proposed openstack/barbican: Potential resource exhaustion when registering consumers to containers https://review.openstack.org/170693 | 22:07 |
arunkant | woodster_ , I looked into coverage report, did not find the areas I am missing. I see 100% for acls controller and policy changes. http://logs.openstack.org/07/165207/10/check/barbican-coverage/f9dd194/cover/ | 22:17 |
arunkant | woodster_ , yes I can add more test in additional CR if I know what coverage is missing | 22:19 |
igueths | Btw in case anyone is wondering, Gertty is being screwy hence the broken patchsets. | 22:22 |
*** igueths has quit IRC | 22:26 | |
openstackgerrit | Merged openstack/barbican: Adding Container ACL controller layer changes (Part 4) https://review.openstack.org/165205 | 22:32 |
*** jkf has quit IRC | 22:48 | |
*** dimtruck is now known as zz_dimtruck | 22:49 | |
*** nkinder has quit IRC | 22:51 | |
*** SheenaG has joined #openstack-barbican | 22:55 | |
*** igueths has joined #openstack-barbican | 22:56 | |
elmiko | redrobot: ping | 22:56 |
woodster_ | arunkant, the 'barbican-coverage' gate is the on to look at...here are the latest logs: http://logs.openstack.org/07/165207/10/check/barbican-coverage/f9dd194/console.html | 22:56 |
arunkant | woodster_, does this coverage report only generate coverage report for the changes made, or does it include the uncovered lines which were present before the change ? | 22:59 |
woodster_ | arunkant, it only reports what lines were modified by the CR | 23:00 |
woodster_ | arunkant, it isn't perfect I've found though, but it is worth adding tests for code that you can cover with unit tests | 23:01 |
arunkant | woodster_, will look into report again..as I can see only one line which is not covered (mainly because that check condition would not happen so essentially can remove that line). | 23:03 |
*** kebray has joined #openstack-barbican | 23:03 | |
arunkant | woodster_, will add that as additional CR to improve the coverage. | 23:04 |
*** jamielennox|away is now known as jamielennox | 23:07 | |
woodster_ | arunkant, just to make sure, this is the report I'm referring to: | 23:07 |
woodster_ | https://www.irccloud.com/pastebin/uwGykEFr | 23:07 |
woodster_ | arunkant, you might find that unit tests are covering the lines, in which case just submit the CR and see what the gate reports. | 23:08 |
*** chlong has joined #openstack-barbican | 23:10 | |
arunkant | woodster_, For this part, It reported these 2 lines which are not changed anywhere in ACL..but still reported as missing. Not sure why? http://logs.openstack.org/07/165207/10/check/barbican-coverage/f9dd194/cover/barbican_api_controllers___init__.html#n161 | 23:13 |
woodster_ | arunkant, well that gate is designed to slowly improve coverage over time. So it could be that that function was added/used before the gate job was activated, so was never covered by unit tests before. But because you code (or code you touched) is calling that function, not it is pulled into the fold. So major refactoring can lead to a lot of unit tests :) | 23:19 |
arunkant | woodster_, Okay. makes sense to me. Thanks. Will add CR to see if I can improve the coverage on whatever is touched in ACL CR. | 23:22 |
openstackgerrit | Merged openstack/barbican: Adding policy layer changes for ACL support (Part 5) https://review.openstack.org/165207 | 23:22 |
redrobot | elmiko pong | 23:29 |
openstackgerrit | Igor Gueths proposed openstack/barbican: Potential resource exhaustion when registering consumers to containers https://review.openstack.org/170693 | 23:40 |
*** kebray has quit IRC | 23:42 | |
*** igueths has quit IRC | 23:50 | |
elmiko | redrobot: hey, tried running a migration | 23:51 |
elmiko | redrobot: didn't go so well, maybe you could double check my logic | 23:52 |
redrobot | elmiko uh oh | 23:52 |
elmiko | redrobot: https://gist.github.com/elmiko/34c2f064c104d08a3e1f | 23:52 |
elmiko | redrobot: does my process make sense for an upgrade? | 23:53 |
redrobot | elmiko yeah... that's pretty much what I would have done to test it. :-\ | 23:54 |
elmiko | =( | 23:54 |
redrobot | elmiko I'll try to get someone here to try that too.... if it fails for someone else then I think our migration might be broken | 23:55 |
elmiko | yea, i was worried when it looked like some nasty sql error | 23:55 |
elmiko | redrobot: k, hopefully it's just my setup ;) | 23:55 |
redrobot | elmiko I hope so too... thank you for taking the time to check! | 23:57 |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!