| *** stanzi has joined #openstack-barbican | 00:18 | |
| *** stanzi has quit IRC | 00:25 | |
| *** stanzi has joined #openstack-barbican | 00:26 | |
| *** stanzi has quit IRC | 00:32 | |
| *** woodster_ has quit IRC | 01:00 | |
| *** zz_dimtruck is now known as dimtruck | 02:00 | |
| *** woodster_ has joined #openstack-barbican | 02:28 | |
| *** david-lyle has quit IRC | 02:55 | |
| *** jamielennox is now known as jamielennox|away | 02:58 | |
| *** jamielennox|away is now known as jamielennox | 03:03 | |
| *** dave-mccowan has quit IRC | 04:16 | |
| *** stanzi has joined #openstack-barbican | 04:38 | |
| *** dimtruck is now known as zz_dimtruck | 05:00 | |
| *** stanzi has quit IRC | 05:03 | |
| *** stanzi has joined #openstack-barbican | 05:04 | |
| *** stanzi has quit IRC | 05:09 | |
| *** woodster_ has quit IRC | 06:30 | |
| *** jamielennox is now known as jamielennox|away | 06:52 | |
| *** jaosorior has joined #openstack-barbican | 06:58 | |
| openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: ** DO NOT MERGE ** https://review.openstack.org/174880 | 07:03 |
|---|---|---|
| *** tkelsey has joined #openstack-barbican | 07:09 | |
| *** tkelsey has quit IRC | 07:23 | |
| *** tkelsey has joined #openstack-barbican | 07:27 | |
| *** chlong has quit IRC | 07:29 | |
| *** tkelsey has quit IRC | 07:39 | |
| *** tkelsey has joined #openstack-barbican | 08:00 | |
| *** tkelsey has quit IRC | 08:20 | |
| *** chlong has joined #openstack-barbican | 08:50 | |
| openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: ** DO NOT MERGE ** https://review.openstack.org/174880 | 08:53 |
| *** tkelsey has joined #openstack-barbican | 09:05 | |
| *** chlong has quit IRC | 09:20 | |
| openstackgerrit | Juan Antonio Osorio Robles proposed openstack/python-barbicanclient: Use keystoneclient to get endpoint if it's empty https://review.openstack.org/172958 | 09:32 |
| *** chlong has joined #openstack-barbican | 09:33 | |
| therve | jaosorior, It's unfortunate that it takes so much time to get a critical fix in... | 10:09 |
| jaosorior | therve: it only needs a workflow | 10:10 |
| jaosorior | I'll poke the other cores for it as soon as they log in | 10:10 |
| therve | FWIW that's one reason I think revert was the proper fix here. Revert quickly, and discuss how to actually fix it later on. | 10:11 |
| therve | Hopefully the new client functional tests will make it so we don't have to decide in the future :) | 10:12 |
| jaosorior | well, I was being optimistic. Thought it was an easy merge | 10:12 |
| openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Migrate to oslo_context https://review.openstack.org/175338 | 10:17 |
| openstackgerrit | Juan Antonio Osorio Robles proposed openstack/python-barbicanclient: Use keystoneclient to get endpoint if it's empty https://review.openstack.org/172958 | 10:22 |
| jaosorior | therve: where are you based on? By the way | 11:25 |
| *** woodster_ has joined #openstack-barbican | 11:46 | |
| therve | jaosorior, France | 11:50 |
| jaosorior | woodster_: ping | 11:52 |
| *** chlong has quit IRC | 11:58 | |
| *** dave-mccowan has joined #openstack-barbican | 12:14 | |
| *** jamielennox|away is now known as jamielennox | 12:31 | |
| *** jamielennox is now known as jamielennox|away | 12:32 | |
| woodster_ | jaosorior: hello | 12:42 |
| jaosorior | woodster_: Hey man,good... I guess it's morning there? :P | 12:43 |
| woodster_ | jaosorior: ha! yep, 7:44 am to be exact | 12:44 |
| woodster_ | jaosorior: is it lunch time over there? | 12:44 |
| *** zz_dimtruck is now known as dimtruck | 12:46 | |
| *** joesavak has joined #openstack-barbican | 12:47 | |
| *** everjeje has joined #openstack-barbican | 12:52 | |
| jaosorior | woodster_: Anyway, this CR https://review.openstack.org/#/c/172958/ fixes a pretty annoying regression. Do you think the -1 provided is a stopper for that CR? | 12:53 |
| jaosorior | woodster_: haha, nah, past lunch time, or at least people eat a bit earlier here (at about 11am) | 12:55 |
| *** dimtruck is now known as zz_dimtruck | 12:56 | |
| woodster_ | jaosorior: jamielennox|away works from Australia, so I'd be better to wait until he looks at it again in a few hours. Is this something to land for Kilo though? | 13:00 |
| jaosorior | woodster_: yeah, preferably. | 13:01 |
| woodster_ | jaosorior: I'm not sure when redrobot was wanting to cut Kilo. | 13:03 |
| jaosorior | woodster_: Well, if that CR is not merged, then the endpoint becomes a mandatory field for using the barbicanclient, since that bug means that we don't have capability to get the endpoint from keystone. And that will annoy some users | 13:03 |
| woodster_ | jaosorior: yeah for sure. Worst case Douglas leaves a comment to that effect on the CR and workflows it. | 13:05 |
| dave-mccowan | arunkant ping | 13:11 |
| *** zz_dimtruck is now known as dimtruck | 13:28 | |
| jaosorior | therve: by the way, I guess in the meantime you can work around the bug by always specifying the endpoint | 13:30 |
| *** rellerreller has joined #openstack-barbican | 13:56 | |
| dave-mccowan | does someone have a couple minutes to answer a question about ACLs and Orders? | 13:57 |
| *** paul_glass has joined #openstack-barbican | 14:15 | |
| *** rellerreller has quit IRC | 14:34 | |
| *** kebray has joined #openstack-barbican | 14:35 | |
| *** kebray has quit IRC | 14:37 | |
| woodster_ | dave-mccowan: no changes to order access policy, but the creator id of the order is stamped on generated containers/secrets | 14:40 |
| *** kebray has joined #openstack-barbican | 14:40 | |
| dave-mccowan | woodster_ I’m thinking about the used case “Order a Certificate based on a stored container”. If a container is restricted by an ACL, then that should be enforced if a user tries to order a certificate based on that container. (but it's not) | 14:41 |
| *** xaeth_afk is now known as xaeth | 14:41 | |
| woodster_ | dave-mccowan: good point, yeah should be rejected at post time, and then at worker time if the ACL changes after the order is initiated | 14:42 |
| dave-mccowan | A fix could go in validators. Should it be as easy as adding @controllers.enforce_rbac(‘container:get’) to OrdersController:on_put()? The actual container_rep.get() is done several call deep through that function. | 14:43 |
| woodster_ | dave-mccowan: worth putting a Launchpad bug in for | 14:43 |
| dave-mccowan | woodster_ i'll do that. i have a TODO(dave) in the code, but the fix is not obvious to me. if this is kilo worthy, i need some help, or need to hand it off. | 14:44 |
| woodster_ | dave-mccowan: I'd prefer not to change access modifiers on the controller method, keeping the policy engine in control of access decisions | 14:45 |
| woodster_ | dave-mccowan redrobot I'm thinking this is a Liberty bug | 14:46 |
| woodster_ | dave-mccowan: I think we'd need to get the stored key by the same project as order...if not found reject it. If found but has ACL assigned, reject it. A similar check on worker side would be needed too | 14:49 |
| dave-mccowan | woodster_ is anything similar done currently, or is this a brand new use case? | 14:51 |
| woodster_ | dave-mccowan: all of this ACL stuff is new, and the stored key stuff is not that much older | 14:52 |
| dave-mccowan | woodster_ ok, i'll open the bug. you can add your comments there, so they can be saved. | 14:54 |
| dave-mccowan | woodster_ thanks! https://bugs.launchpad.net/barbican/+bug/1446266 | 14:59 |
| openstack | Launchpad bug 1446266 in Barbican "RBAC needs to be checked for stored-key orders" [Undecided,New] | 14:59 |
| redrobot | o/ | 15:03 |
| dave-mccowan | good morning, redrobot. woodster_ and i were just discussing https://bugs.launchpad.net/barbican/+bug/1446266 and if it's needed for kilo, and if so how to address it. | 15:06 |
| openstack | Launchpad bug 1446266 in Barbican "RBAC needs to be checked for stored-key orders" [Undecided,New] | 15:06 |
| redrobot | dave-mccowan woodster_ if I'm understanding the bug correctly, no RBAC is done, so I could, for example, order a cert signed by any stored key in Barbican regardless of who owns it? | 15:08 |
| dave-mccowan | redrobot, woodster_, that's my guess, but i have not tested it. (are there any ACL functional tests in the repo or otherwise?) | 15:10 |
| woodster_ | redrobot that's correct, so we'd need to add that in release notes for kilo | 15:10 |
| redrobot | woodster_ sounds like a major security hole in Barbican. Why would we want to release Kilo with it? | 15:10 |
| *** igueths has joined #openstack-barbican | 15:11 | |
| redrobot | dave-mccowan woodster_ I'd be ok with maybe having the Order go into error state instead of getting a 401 right away if the policy stuff gets hairy. | 15:12 |
| woodster_ | redrobot: the entire ACL feature is new and I don't believe had much functional testing behind it. There might be other security issues as we think thru all the use cases. IMHO I would say it is experimental for kilo. | 15:13 |
| redrobot | woodster_ dave-mccowan ACL feature aside, can I order a cert and have Barbican sign it with someone else's key for which I have no access? | 15:14 |
| woodster_ | redrobot: if you think otherwise though then I'd say we are not ready for kilo release | 15:14 |
| woodster_ | redrobot: it seems for the stored key case that is correct | 15:15 |
| dave-mccowan | woodster_, redrobot. i think the signing key is owned by the CA. you could order a certificate to be made with someone else's key, but not have access to that user's key. so, the certificate should be worthless. | 15:15 |
| redrobot | dave-mccowan ack, yeah, that's not as bad as I originally thought. | 15:16 |
| woodster_ | redrobot: dave-mccowan so not a security issue then, just usability it seems? | 15:16 |
| dave-mccowan | woodster_, redrobot: i'm sure the most paranoid would disagree. | 15:17 |
| redrobot | woodster_ dave-mccowan it seems we need to cut RC1 now to unblock the release manager | 15:18 |
| woodster_ | redrobot: I am a concerned that this critical ACL feature is so new, I'd be more comfortable noting it as experimental in our docs | 15:18 |
| woodster_ | redrobot: oh wow, well what else needs to go in then? | 15:19 |
| *** darrenmoffat has quit IRC | 15:19 | |
| redrobot | woodster_ just waiting on dave-mccowan's CR to merge. I workflowed it a few minutes ago. | 15:19 |
| *** darrenmoffat has joined #openstack-barbican | 15:20 | |
| woodster_ | redrobot: cool, like delivering my first kid this was :) | 15:20 |
| openstackgerrit | Merged openstack/barbican: Refactor and Fix Translation Code for PER and DER Formats https://review.openstack.org/174724 | 15:30 |
| *** SheenaG has joined #openstack-barbican | 15:31 | |
| arunkant | woodster_, redrobot, there is no ACL enforcement logic on orders. Initial change was only for secrets and containers | 15:36 |
| redrobot | arunkant yes, that part is correct. The problem is with orders that use a container, e.g. when you Order a certificate to be signed with a key that was previously stored in barbican. | 15:37 |
| openstackgerrit | Merged openstack/python-kiteclient: Uncap library requirements for liberty https://review.openstack.org/174537 | 15:38 |
| arunkant | redrobot, yes..that was something discussed during code review as well..we will need to add support for that. may be get API (not only REST facing) calls to have rbac enforce kind of logic. | 15:40 |
| dave-mccowan | redrobot, arunkant, small clarification: the signing key belongs to the CA. Pedantically, the use case is "order a certificate containing a public key that was previously made part of a container stored in barbican" | 15:44 |
| redrobot | dave-mccowan I thought it would be the private key used to sign the CSR? | 15:44 |
| redrobot | dave-mccowan ie, I store my private key, and then tell Barbican to use it to sign a CSR to be used to generate a Cert? | 15:44 |
| *** gyee has joined #openstack-barbican | 15:45 | |
| dave-mccowan | redrobot, ok, the CSR is signed by the stored private key, but the Certificate is not. the generated certificate should not be useful to anyone without the original stored private key. | 15:47 |
| openstackgerrit | Merged openstack/barbican: Open Liberty development https://review.openstack.org/172106 | 15:49 |
| *** rm_work is now known as rm_work|away | 15:52 | |
| dave-mccowan | redrobt, arunkant has restated the problem nicely: we need an API to call to do the enforcement. the @enforce_rbac decorator only with at the REST level. there are probably some other use cases too, e.g. a user asking to create a container with secrets he doesn't own. | 15:53 |
| redrobot | dave-mccowan yep, I think that nails down the problem. | 16:03 |
| arunkant | jaosorior, can you please let me know your comments on https://review.openstack.org/#/c/172533/1/barbican/tests/api/test_resources_policy.py,cm . I will make that change accordingly. | 16:20 |
| jaosorior | arunkant: sure man, will check it out once I'm home | 16:23 |
| openstackgerrit | Dave McCowan proposed openstack/barbican: Refactor RSA Functional Smoke Tests https://review.openstack.org/174722 | 16:26 |
| openstackgerrit | Merged openstack/python-barbicanclient: Uncap library requirements for liberty https://review.openstack.org/174527 | 16:27 |
| *** rm_work|away is now known as rm_work | 16:31 | |
| *** arunkant has quit IRC | 16:34 | |
| *** nkinder has quit IRC | 16:38 | |
| *** ChanServ sets mode: +o redrobot | 16:46 | |
| *** redrobot changes topic to "OpenStack Barbican development" | 16:47 | |
| *** arunkant has joined #openstack-barbican | 16:48 | |
| jvrbanac | redrobot, do you know why I can't +2 https://review.openstack.org/#/c/175473/ ? | 17:04 |
| *** igueths has quit IRC | 17:05 | |
| kragniz | jvrbanac: because it's on the stable branch | 17:14 |
| kragniz | jvrbanac: it doesn't look like barbican-core have access to that for some reason | 17:16 |
| jvrbanac | kragniz, interesting... ok | 17:17 |
| kragniz | (acls for access: https://github.com/openstack-infra/project-config/blob/master/gerrit/acls/openstack/barbican.config) | 17:18 |
| jvrbanac | redrobot, ^^ | 17:19 |
| jvrbanac | kragniz, thanks! | 17:19 |
| kragniz | jvrbanac: least I could do! | 17:20 |
| *** alee has joined #openstack-barbican | 17:27 | |
| *** crc32 has joined #openstack-barbican | 17:54 | |
| jaosorior | arunkant, ping | 17:54 |
| arunkant | yes | 17:56 |
| jaosorior | arunkant: The thing is, in an unauthenticated context you would actually have a context | 17:56 |
| jaosorior | what you could check is if there is a policy enforcer in that context | 17:56 |
| jaosorior | so you could check if that's None | 17:56 |
| jaosorior | But I still don't see a case where first you would get a context, and suddenly it would be None | 17:57 |
| arunkant | that's because context check is done in eforce logic..but if the method in question is called from some other flow, it may not have barbican context set | 17:58 |
| arunkant | like earlier in barbican channel, there was discussion to invoke acl logic from orders logic.. | 17:59 |
| jaosorior | maybe my confusion is because I'm only considering the case where it will be called from a Controller | 17:59 |
| jaosorior | OK | 18:00 |
| arunkant | yes. If there is need to invoke acl logic from orders, that means..it may need to be invoked "outside of controller" flow | 18:00 |
| jaosorior | so, if that function can be called from outside the controller, meaning, outside the enforce logic | 18:01 |
| jaosorior | lets mark it as such | 18:01 |
| jaosorior | the req then should be set as optional | 18:01 |
| jaosorior | req=None | 18:01 |
| jaosorior | and it would be nice to have some relevant documentation | 18:01 |
| jaosorior | about that behaviour | 18:01 |
| jaosorior | so it doesn't cause other confusion | 18:01 |
| jaosorior | then, it's good to have some tests there | 18:01 |
| *** tkelsey has quit IRC | 18:01 | |
| jaosorior | arunkant: is that alright with you? | 18:02 |
| arunkant | I tried to add that in test around it..will try to make it clear as it does not to be the case | 18:02 |
| arunkant | jaosorior, do you want me to document that in controller code, or documenting it only in test works ? | 18:03 |
| *** rellerreller has joined #openstack-barbican | 18:03 | |
| jaosorior | I would think that adding documentation about the 'req' parameter here https://github.com/openstack/barbican/blob/master/barbican/api/controllers/__init__.py#L187 would be nice | 18:04 |
| arunkant | okay..will do that | 18:04 |
| jaosorior | then, if the function will be called outside of the enforcer logic. I guess that req will not have the barbican.context at some points, so something mentioning that | 18:05 |
| jaosorior | adding that, I would be happy | 18:05 |
| jaosorior | if you want to add stuff to the test, hey! the less confusion the better :D | 18:05 |
| jaosorior | sorry for the confusion man, I didn't know about the plans to call that code outside the enforcer logic | 18:05 |
| arunkant | okay. Let me make those changes. | 18:05 |
| jaosorior | that, the docstring change, and it's a +2 from my side | 18:06 |
| jaosorior | alee: | 18:06 |
| jaosorior | ping | 18:06 |
| *** everjeje has quit IRC | 18:06 | |
| alee | jaosorior, pong | 18:07 |
| jaosorior | alee: haven't had much time to look at the dogtag stuff, but, there seem to be two weird things going on | 18:07 |
| *** igueths has joined #openstack-barbican | 18:08 | |
| jaosorior | I added more verbosity to the pkispawn logs, and dirtily injected some printing there, and it seems that: 1. for some reason the deployment/pkihelper.py is getting JSON when it actually expects XML | 18:08 |
| jaosorior | and 2. it seems it tries to contact the CA and eventually gets this error | 18:09 |
| jaosorior | "ClassName":"com.netscape.certsrv.base.PKIException","Code":500,"Message":"Error in obtaining certificate chain from issuing CA: java.io.IOException: org.mozilla.jss.ssl.SSLSocketException: Unable to connect: (-5961) TCP connection reset by peer." | 18:09 |
| jaosorior | you can see the logs here: http://logs.openstack.org/80/174880/4/experimental/gate-barbican-dogtag-devstack-dsvm-f21/6ff6836/console.html | 18:09 |
| alee | jaosorior, thanks -- most likely we're seeing a bug from that version of dogtag then. I'll need to check and make sure the latest is there. | 18:11 |
| jaosorior | alee: the latest version seems to have the same code expecting XML | 18:11 |
| alee | jaosorior, unfortunately, I'm pretty swamped with dogtag code right now. we have some realeases due. | 18:12 |
| alee | jaosorior, amd I'm deep into java code right now. I'll have to get back to this later this week. | 18:12 |
| jaosorior | alee: fair enough | 18:12 |
| alee | jaosorior, thanks fo rlooking into it though | 18:13 |
| jaosorior | alee: no prob | 18:14 |
| redrobot | jvrbanac interesting... I wonder why the "refs/heads/*" section doesn't apply to kilo? | 18:14 |
| *** igueths has quit IRC | 18:15 | |
| *** redrobot sets mode: +v alee | 18:25 | |
| *** redrobot sets mode: +v rellerreller | 18:25 | |
| *** redrobot sets mode: +v jvrbanac | 18:25 | |
| *** redrobot sets mode: +v hockeynut | 18:25 | |
| *** redrobot sets mode: +v jaosorior | 18:26 | |
| *** redrobot sets mode: +v woodster_ | 18:26 | |
| *** redrobot sets mode: +v reaperhulk | 18:26 | |
| *** redrobot sets mode: +v codekobe | 18:27 | |
| *** SheenaG has left #openstack-barbican | 18:28 | |
| *** tkelsey has joined #openstack-barbican | 18:30 | |
| *** tkelsey has quit IRC | 18:34 | |
| *** everjeje has joined #openstack-barbican | 18:44 | |
| openstackgerrit | John Vrbanac proposed openstack/python-barbicanclient: Excluding tests from coverage report https://review.openstack.org/175535 | 18:59 |
| chellygel | hey guys ^ this fixes test coverage report -- its a 1 line change and a quick plus 2 | 19:00 |
| chellygel | if you dont mind :) | 19:00 |
| reaperhulk | psssh | 19:01 |
| *** igueths has joined #openstack-barbican | 19:01 | |
| reaperhulk | why am I voiced :o | 19:01 |
| chellygel | core reviewer | 19:01 |
| chellygel | was my guess | 19:01 |
| reaperhulk | openstack channels auto-voice core people now? | 19:02 |
| chellygel | nooo mr. redrobot was doing that | 19:02 |
| reaperhulk | ah | 19:02 |
| *** rellerreller has quit IRC | 19:03 | |
| *** rellerreller has joined #openstack-barbican | 19:06 | |
| *** kebray has quit IRC | 19:19 | |
| *** kebray has joined #openstack-barbican | 19:24 | |
| *** tkelsey has joined #openstack-barbican | 19:28 | |
| *** tkelsey has quit IRC | 19:32 | |
| *** rellerreller has quit IRC | 19:41 | |
| redrobot | weekly meeting is starting in #openstack-meeting-alt | 20:00 |
| *** tkelsey has joined #openstack-barbican | 20:04 | |
| chellygel | https://review.openstack.org/#/c/175535/ --- just needs a workflow -- quick review points | 20:05 |
| redrobot | chellygel I refuse to workflow until Jenkins votes :-P | 20:07 |
| chellygel | fair | 20:08 |
| openstackgerrit | Arun Kant proposed openstack/barbican: Improving the code coverage for ACL related changes https://review.openstack.org/172533 | 20:09 |
| *** joesavak has quit IRC | 20:13 | |
| *** tkelsey has quit IRC | 20:13 | |
| *** tkelsey has joined #openstack-barbican | 20:15 | |
| *** joesavak has joined #openstack-barbican | 20:18 | |
| *** kebray has quit IRC | 20:34 | |
| openstackgerrit | Amy Marrich proposed openstack/barbican: Adds improved error code handling for pkcs11 errors returned from HSM. https://review.openstack.org/175568 | 20:40 |
| openstackgerrit | Amy Marrich proposed openstack/barbican: Adds improved error code handling for pkcs11 errors returned from HSM. https://review.openstack.org/175568 | 20:52 |
| *** tkelsey has quit IRC | 21:04 | |
| openstackgerrit | Amy Marrich proposed openstack/barbican: Adds improved error code handling for pkcs11 errors returned from HSM. https://review.openstack.org/175568 | 21:45 |
| openstackgerrit | Merged openstack/python-barbicanclient: Excluding tests from coverage report https://review.openstack.org/175535 | 21:46 |
| *** joesavak has quit IRC | 22:07 | |
| *** ccneill has joined #openstack-barbican | 22:16 | |
| *** xaeth is now known as xaeth_afk | 22:16 | |
| ccneill | hey all, question for ya | 22:17 |
| ccneill | I'm trying to get the project ID in a functional test, and I was curious if there was a "blessed" way to do so | 22:17 |
| ccneill | right now I'm doing this: `self.project_id = self.client._auth.auth_client.project_id` | 22:17 |
| ccneill | but I get errors about auth_client being None on all but the final test case that I run | 22:17 |
| ccneill | this is in the setup() method for the test class | 22:18 |
| chellygel | ping redrobot | 22:19 |
| chellygel | redrobot, nvm | 22:20 |
| *** igueths has quit IRC | 22:28 | |
| *** kebray has joined #openstack-barbican | 22:35 | |
| openstackgerrit | John Vrbanac proposed openstack/python-barbicanclient: Cleaning up Keystone auth tests https://review.openstack.org/175597 | 22:37 |
| ccneill | zigo: just put up a bug for the signing_dir issue you brought up recently | 22:38 |
| ccneill | https://bugs.launchpad.net/barbican/+bug/1446406 | 22:38 |
| openstack | ccneill: Error: malone bug 1446406 not found | 22:38 |
| ccneill | hmm.. although it appears to be marked "private" | 22:38 |
| *** SheenaG has joined #openstack-barbican | 22:40 | |
| openstackgerrit | John Vrbanac proposed openstack/python-barbicanclient: Adding support for token based authentication https://review.openstack.org/175599 | 22:44 |
| *** kebray has quit IRC | 22:47 | |
| *** paul_glass has quit IRC | 22:52 | |
| *** chadlung has joined #openstack-barbican | 23:00 | |
| *** ccneill has quit IRC | 23:08 | |
| openstackgerrit | John Vrbanac proposed openstack/python-barbicanclient: Cleaning up validate_ref() https://review.openstack.org/175605 | 23:11 |
| *** dimtruck is now known as zz_dimtruck | 23:14 | |
| *** SheenaG has quit IRC | 23:28 | |
| *** rm_work is now known as rm_work|away | 23:31 | |
| *** chlong has joined #openstack-barbican | 23:34 | |
| *** chadlung has quit IRC | 23:41 | |
| *** jaosorior has quit IRC | 23:42 | |
| *** crc32 has quit IRC | 23:43 | |
| *** david-ly_ has joined #openstack-barbican | 23:44 | |
| *** jamielennox|away is now known as jamielennox | 23:45 | |
| *** david-ly_ is now known as david-lyle | 23:46 | |
| *** openstackgerrit has quit IRC | 23:58 | |
| *** openstackgerrit has joined #openstack-barbican | 23:58 | |
| jamielennox | woodster_: yea that's fine to merge (been done), my suggestion is probably the 'more correct' way but it's not going to be a compatibility problem to change it later so that's fine | 23:59 |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!