*** SheenaG has joined #openstack-barbican | 00:00 | |
*** zz_dimtruck is now known as dimtruck | 00:03 | |
*** openstack has joined #openstack-barbican | 00:07 | |
*** stanzi has joined #openstack-barbican | 00:12 | |
*** kebray has quit IRC | 00:12 | |
*** stanzi has quit IRC | 00:13 | |
*** stanzi has joined #openstack-barbican | 00:14 | |
*** stanzi has quit IRC | 00:18 | |
*** rm_work is now known as rm_work|away | 00:20 | |
*** SheenaG has quit IRC | 00:26 | |
*** stanzi has joined #openstack-barbican | 00:32 | |
*** kebray has joined #openstack-barbican | 01:31 | |
*** stanzi has quit IRC | 01:51 | |
*** stanzi has joined #openstack-barbican | 01:52 | |
*** stanzi has quit IRC | 01:56 | |
*** stanzi has joined #openstack-barbican | 02:36 | |
*** SheenaG has joined #openstack-barbican | 02:36 | |
*** stanzi has quit IRC | 02:52 | |
*** stanzi has joined #openstack-barbican | 02:53 | |
*** stanzi has quit IRC | 02:57 | |
*** SheenaG has quit IRC | 03:04 | |
*** kebray has quit IRC | 03:11 | |
*** kebray has joined #openstack-barbican | 03:13 | |
*** stanzi has joined #openstack-barbican | 03:28 | |
*** dave-mccowan has quit IRC | 03:37 | |
*** dave-mccowan has joined #openstack-barbican | 03:47 | |
*** dimtruck is now known as zz_dimtruck | 03:52 | |
*** stanzi has quit IRC | 03:53 | |
*** stanzi has joined #openstack-barbican | 03:54 | |
*** stanzi has quit IRC | 03:58 | |
*** xaeth_afk is now known as xaeth | 04:05 | |
*** xaeth is now known as xaeth_afk | 04:06 | |
*** zz_dimtruck is now known as dimtruck | 04:13 | |
*** dave-mccowan has quit IRC | 04:20 | |
*** dimtruck is now known as zz_dimtruck | 04:23 | |
*** jaosorior has joined #openstack-barbican | 04:34 | |
jaosorior | hockeynut: still around? | 04:36 |
---|---|---|
jaosorior | redrobot: if you're still around, thanks for the Workflow :D | 04:43 |
*** stanzi has joined #openstack-barbican | 04:46 | |
openstackgerrit | Juan Antonio Osorio Robles proposed openstack/python-barbicanclient: Add Secret CLI smoke tests https://review.openstack.org/177906 | 05:13 |
*** stanzi has quit IRC | 05:23 | |
*** stanzi has joined #openstack-barbican | 05:23 | |
*** stanzi has quit IRC | 05:28 | |
*** rm_work|away is now known as rm_work | 05:32 | |
openstackgerrit | Juan Antonio Osorio Robles proposed openstack/python-barbicanclient: Add Secret CLI smoke tests https://review.openstack.org/177906 | 06:12 |
openstackgerrit | Merged openstack/barbican: Updated from global requirements https://review.openstack.org/177126 | 06:23 |
*** zz_dimtruck is now known as dimtruck | 06:59 | |
openstackgerrit | John Wood proposed openstack/barbican: Port the Architecture, Dataflow, and Project Strucure docs https://review.openstack.org/132304 | 07:02 |
*** dimtruck is now known as zz_dimtruck | 07:09 | |
*** zz_dimtruck is now known as dimtruck | 07:14 | |
*** dimtruck is now known as zz_dimtruck | 07:23 | |
*** kebray has quit IRC | 07:58 | |
*** openstackgerrit has quit IRC | 08:20 | |
*** openstackgerrit has joined #openstack-barbican | 08:21 | |
*** darrenmoffat has joined #openstack-barbican | 08:36 | |
openstackgerrit | Merged openstack/python-barbicanclient: Use keystoneclient to get endpoint if it's empty https://review.openstack.org/172958 | 09:21 |
therve | \o/ | 09:36 |
jaosorior | http://weknowmemes.com/wp-content/uploads/2012/11/mexcellent.jpg | 09:47 |
*** woodster_ has quit IRC | 09:50 | |
*** darrenmoffat has left #openstack-barbican | 10:00 | |
*** zigo has quit IRC | 10:29 | |
*** zigo_ has joined #openstack-barbican | 10:33 | |
*** jamielennox is now known as jamielennox|away | 10:57 | |
*** woodster_ has joined #openstack-barbican | 12:14 | |
*** mordred has quit IRC | 12:35 | |
*** mordred has joined #openstack-barbican | 12:35 | |
-openstackstatus- NOTICE: Gate is experiencing epic failures due to issues with mirrors, work is underway to mitigate and return to normal levels of sanity | 12:40 | |
*** ChanServ changes topic to "Gate is experiencing epic failures due to issues with mirrors, work is underway to mitigate and return to normal levels of sanity" | 12:40 | |
*** rellerreller has joined #openstack-barbican | 12:45 | |
*** dave-mccowan has joined #openstack-barbican | 12:45 | |
jaosorior | anybody with some minimal pecan knowledge around? | 12:46 |
jaosorior | nevermind, got it now | 12:48 |
*** zz_dimtruck is now known as dimtruck | 12:50 | |
dave-mccowan | hi jaosorior | 12:56 |
jaosorior | dave-mccowan: hey man | 12:57 |
dave-mccowan | jaosorior, i've been playing with the keystoneclient APIs, and have python code that can add and remove projects, roles, and users for functional test cases. i'm not sure which way i like better: (everyone using a script one time for always) or (tests monkey with keystone). | 12:58 |
jaosorior | I see | 12:59 |
dave-mccowan | jaosorior, one problem i found is when test cases fail, the output is now 100s of lines longer. another problem is when the test stops in the middle, i now have a lots of extra keystone entries that i have to manually remove. | 12:59 |
*** kfarr has joined #openstack-barbican | 12:59 | |
jaosorior | dave-mccowan: uhm, I can see that being an issue | 13:00 |
openstackgerrit | Nathan Reller proposed openstack/barbican: Fixed Bug for KMIP Secret Storage https://review.openstack.org/178179 | 13:00 |
jaosorior | dave-mccowan: If it's too much of a hassle then I guess the one-time script is alright | 13:00 |
jaosorior | somehow I thought the logs would have gone elsewere for the keystone stuff | 13:01 |
jaosorior | but yeah, I see your point were your environment can get easily polluted | 13:01 |
jaosorior | alright, so you think the one-time script is better then? | 13:01 |
dave-mccowan | jaosorior, i want minimal hassle for everyone using functional tests in their own environments. (i have the code working both ways) | 13:03 |
jaosorior | alright, lets go for your initial proposal then | 13:03 |
dave-mccowan | jaosorior, but yea, i think the script is easier, but i don't know if that will be a big impact on other's dev environments or not. | 13:04 |
jaosorior | dave-mccowan: It will be an inpact either way. Only thing is that your initial approach enforces people to start using a dedicated testing environment, which might as well be a good practice | 13:05 |
jaosorior | dave-mccowan: honestly I was just sharing the dev environments for convenience, but I thinking about it, it's not hard at all to set up a temporary one | 13:06 |
rellerreller | redrobot I finished the KMIP patch for the release https://review.openstack.org/178179 | 13:06 |
jaosorior | s/temporary/disposable | 13:06 |
dave-mccowan | jaosorior why is that? adding extra users and roles to any environment should easy enough. | 13:07 |
dave-mccowan | jaosorior, having them adding on the fly might be worse for custom environments. the functional test needs to know the admin endpoint and token in order to add the new projects/roles/users. | 13:08 |
hockeynut | jaosorior thanks for the fix on my CR! | 13:08 |
hockeynut | greatly appreciated! | 13:08 |
jaosorior | by disposable I mean the personal env, in devstack it should be quite predictable | 13:08 |
hockeynut | I'm out today, will be back tomorrow | 13:08 |
jaosorior | hockeynut: no prob | 13:09 |
dave-mccowan | jaosorior, hockeynut, when you get a chance please chime in on our discussion regarding two ways to add new users/roles/projects for functional tests. | 13:09 |
jaosorior | dave-mccowan: actually now that you mentioned the pollution that could happen if a test fails, I'm leaning more towards your inital approach | 13:10 |
*** nkinder has quit IRC | 13:11 | |
jaosorior | dave-mccowan: replied on your CR | 13:11 |
*** dimtruck is now known as zz_dimtruck | 13:16 | |
dave-mccowan | jaosorior, do you want to be the guinea pig? i'd like someone else to run these tests in their dev environment before this is merged. | 13:24 |
jaosorior | hahaha I could try that, but later, at the moment I'm working on two other patchsets :P | 13:24 |
*** alee_ has joined #openstack-barbican | 13:33 | |
jaosorior | woodster_: are you around? | 13:37 |
*** stanzi has joined #openstack-barbican | 13:54 | |
*** stanzi has quit IRC | 14:02 | |
*** stanzi has joined #openstack-barbican | 14:02 | |
*** kfarr has quit IRC | 14:04 | |
*** nkinder has joined #openstack-barbican | 14:05 | |
*** stanzi has quit IRC | 14:07 | |
*** rellerreller has quit IRC | 14:07 | |
*** rellerreller has joined #openstack-barbican | 14:07 | |
*** pglass has joined #openstack-barbican | 14:09 | |
woodster_ | jaosorior: morning | 14:23 |
jaosorior | 1hey man | 14:23 |
jaosorior | I'm implementing the versioning at the moment | 14:23 |
jaosorior | is it a hard requirement that the root resource can be accessed without auth? | 14:24 |
jaosorior | both paste and pecan are not cooperating O_O | 14:24 |
woodster_ | jaosorior: oslo versioning? Yeah root needs to be accessible...eventually it will kick back something like a site map for the API | 14:24 |
woodster_ | jaosorior: but the root path is separated from /v1/ path in that paste config | 14:25 |
jaosorior | woodster_: yeah, I noticed. I guess I could do it that way, but it just means people have to do double configuration... unless I figure something smarter | 14:25 |
woodster_ | jaosorior: other projects might have solve that one already, esp. if they are implementing json home | 14:26 |
*** joesavak has joined #openstack-barbican | 14:41 | |
therve | What's the status of certificate order? Is it functional in current master? | 14:43 |
therve | I'd be interested to add CLI support for it, if it's working | 14:44 |
*** rellerreller has quit IRC | 14:45 | |
woodster_ | therve: Ade (alee alee_) has implemented support for generating stored-key certs via Dogtag. There is also a snakeoil CA that I believe is ready to generate certs locally. So barbican client work for this would be good to have, if not already in place | 14:48 |
therve | woodster_, Is there a mini-doc on what the request would like for one of these methods? | 14:49 |
*** stanzi has joined #openstack-barbican | 14:50 | |
therve | I believe you can create a certificate container with the client, but not a certificate order | 14:51 |
alee_ | therve, https://review.openstack.org/#/c/135490/ is the spec that has been implemented in Kilo. | 14:52 |
alee_ | therve, its pretty much up to date with a few small changes that I need to put in. | 14:52 |
woodster_ | therve: alee_ Yeah I see that sphinx isn't showing that interface just yet: http://docs.openstack.org/developer/barbican/api/index.html | 14:53 |
alee_ | woodster_, yeah - we need to fix that .. | 14:53 |
woodster_ | therve: yes the certificate container is a specialized container of cert-related secrets/info. The cert order produces one of those when it completes. | 14:54 |
therve | alee, I think I saw that, but I'm a bit thin on RFC 5272 I have to say :) | 14:54 |
alee_ | therve, the other way to see how to interact with the cert functionality is to look at the functional tests | 14:55 |
alee_ | there are a bunch of cert functional tests that show exactly how a client might interact to get certs | 14:55 |
alee_ | therve, you dont need to know too much RFC 5272 that way :) | 14:56 |
alee_ | therve, woodster_ I'm not sure how much support the client has for certs right now -- jaosorior ? | 14:56 |
alee_ | but its something I hope to also focus on in the near future. | 14:57 |
jaosorior | alee_ not much | 14:57 |
alee_ | jaosorior, what are you waiting for ? :) therve is volunteering too :) | 14:58 |
jaosorior | alee_: Waiting for me to finish a bunch of code I am currently writing. After that then I can take those, no prob | 15:00 |
alee_ | fantastic :) | 15:00 |
alee_ | jaosorior, woodster_ redrobot - which reminds me though - we probably need some design sessions for the barbican client and discussions of how to integrate with the SDK. | 15:02 |
jaosorior | alee_ We do. Actually I am also working on some patch for openstackclient. I could try to get the client cli code there at some point. Now, regarding the SDK, do we have a spot with them? or should we just talk to them ad hoc? | 15:03 |
alee_ | redrobot, ^^ | 15:04 |
briancurtin | jaosorior: we already have a little bit of barbican stuff in SDK, let me know if you need help building it out | 15:04 |
jaosorior | briancurtin: cool! I'll dig into that... after the certificate stuff in the client :P | 15:04 |
briancurtin | jaosorior: i dont remember what's in there, but iirc someone just threw one or two small resources in there so we had broad coverage while getting started so we knew how a bunch of different services worked | 15:05 |
alee_ | jaosorior, redrobot , briancurtin - its probably worth a design session at the summit (non fishbowl) just to talk about SDK integration, and what we want to accomplish in L. | 15:08 |
briancurtin | i'd gladly come to a barbican session to chat with you all. i'm also trying to get SDK as a cross-project session. | 15:09 |
*** alee_ is now known as alee_brb | 15:09 | |
*** igueths has joined #openstack-barbican | 15:09 | |
*** alee_brb is now known as alee_ | 15:15 | |
*** joesavak has quit IRC | 15:16 | |
*** SheenaG has joined #openstack-barbican | 15:17 | |
alee_ | briancurtin, jaosorior, redrobot -- added to the running list on https://etherpad.openstack.org/p/barbican-L-design-sessions | 15:20 |
*** joesavak has joined #openstack-barbican | 15:21 | |
*** silos has joined #openstack-barbican | 15:22 | |
*** jsavak has joined #openstack-barbican | 15:31 | |
openstackgerrit | Doug Hellmann proposed openstack/barbican: Drop use of 'oslo' namespace package. https://review.openstack.org/178242 | 15:32 |
openstackgerrit | Doug Hellmann proposed openstack/castellan: Drop use of 'oslo' namespace package. https://review.openstack.org/178245 | 15:33 |
*** joesavak has quit IRC | 15:34 | |
-openstackstatus- NOTICE: gerrit has been restarted to clear an issue with its event stream. any change events between 14:43-15:30 utc should be rechecked or have their approval votes reapplied to trigger jobs | 15:36 | |
*** zz_dimtruck is now known as dimtruck | 15:36 | |
arunkant | alee, there? | 15:38 |
*** rellerreller has joined #openstack-barbican | 15:39 | |
arunkant | alee_, ping | 15:39 |
alee_ | arunkant, hi | 15:40 |
*** stanzi has quit IRC | 15:42 | |
arunkant | alee, in ACL impl, currently to update ACL, PATCH support is there. Is there need to add support for PUT? We talked about during code review, not sure if we need to support PUT as DELETE support was added | 15:42 |
silos | rellerreller: hey | 15:43 |
arunkant | alee_, ^^^ | 15:43 |
*** stanzi has joined #openstack-barbican | 15:43 | |
*** joesavak has joined #openstack-barbican | 15:43 | |
*** jsavak has quit IRC | 15:43 | |
rellerreller | silos I'm in a meeting now. I can chat later today. | 15:44 |
alee_ | arunkant, I'm ok with just having PATCH/DELETE .. woodster_ ^^ ? | 15:44 |
silos | rellerreller: ok. I'll be on. | 15:44 |
rellerreller | silos Checkout bug reports. I have one for KMIP related to your email. Also make sure your symmetric key is base64 encoded. | 15:45 |
silos | rellerreller: I'm looking into it right now. I pulled the code and tested it but still getting an error. | 15:46 |
silos | clear | 15:46 |
*** stanzi has quit IRC | 15:47 | |
*** ChanServ changes topic to "OpenStack Barbican development" | 15:52 | |
*** stanzi has joined #openstack-barbican | 15:54 | |
*** stanzi has quit IRC | 15:54 | |
*** stanzi has joined #openstack-barbican | 15:55 | |
*** stanzi has quit IRC | 15:59 | |
*** silos1 has joined #openstack-barbican | 16:00 | |
rellerreller | silos I can spend a few minutes here in the background on this. What's up? | 16:00 |
*** joesavak has quit IRC | 16:03 | |
*** silos has quit IRC | 16:03 | |
silos1 | rellerreller: i used the post request in the bug report but I'm still getting an error: NoneType' object has no attribute 'enum around line 343 | 16:04 |
openstackgerrit | Doug Hellmann proposed openstack/barbican: Drop use of 'oslo' namespace package. https://review.openstack.org/178242 | 16:06 |
rellerreller | silos Is the error on the request out or the response from KMIP server? | 16:07 |
*** kebray has joined #openstack-barbican | 16:07 | |
rellerreller | silos Did you make sure your key was base64 encoded? In your email the example you gave has either the wrong encoding (looks like hex) or the key length is incorrect. | 16:08 |
silos1 | rellerreller: I changed it to base64 encoding. | 16:09 |
silos1 | rellerreller: I am unsure how to check if the error is from the KMIP server or request. It is appearing in the barbican debug log. | 16:10 |
*** joesavak has joined #openstack-barbican | 16:11 | |
rellerreller | silos1 In the barbican logs it should say writing request and then reading response. | 16:11 |
silos1 | rellerreller: In the logs it says "error opening or wrting to client" | 16:12 |
*** silos1 has quit IRC | 16:15 | |
*** silos has joined #openstack-barbican | 16:16 | |
openstackgerrit | Doug Hellmann proposed openstack/barbican: Drop use of 'oslo' namespace package. https://review.openstack.org/178242 | 16:21 |
openstackgerrit | Doug Hellmann proposed openstack/castellan: Drop use of 'oslo' namespace package. https://review.openstack.org/178245 | 16:21 |
*** SheenaG has left #openstack-barbican | 16:25 | |
*** SheenaG has joined #openstack-barbican | 16:25 | |
therve | alee, When attempting to order certificate, it stays in PENDING | 16:36 |
therve | alee_, I'm probably missing something in my setup, wondering what | 16:37 |
alee_ | therve, sorry in a meeting | 16:37 |
therve | Ah nevermind | 16:37 |
alee_ | therve, that sounds about right unless you have a real ca back there - like dogtag | 16:39 |
alee_ | therve, or maybe the snakeoil ca | 16:39 |
therve | alee_, I guess I'm missing the way to enable of those things | 16:41 |
alee_ | therve, ok - I'll have to get back to you after my meetings | 16:41 |
therve | alee_, No worries, thanks | 16:42 |
*** rellerreller has quit IRC | 16:45 | |
*** gyee has joined #openstack-barbican | 16:51 | |
*** kfarr has joined #openstack-barbican | 17:00 | |
*** kebray has quit IRC | 17:03 | |
*** jkf has joined #openstack-barbican | 17:04 | |
*** joesavak has quit IRC | 17:05 | |
*** joesavak has joined #openstack-barbican | 17:05 | |
*** stanzi has joined #openstack-barbican | 17:05 | |
*** joesavak has quit IRC | 17:06 | |
*** stanzi has quit IRC | 17:10 | |
*** silos has left #openstack-barbican | 17:12 | |
*** dave-mccowan has quit IRC | 17:14 | |
*** dave-mccowan has joined #openstack-barbican | 17:45 | |
*** stanzi has joined #openstack-barbican | 17:47 | |
openstackgerrit | Kaitlin Farr proposed openstack/barbican: Fixed Bug for KMIP Secret Storage https://review.openstack.org/178179 | 17:47 |
*** jamielennox|away is now known as jamielennox | 18:04 | |
*** xaeth_afk is now known as xaeth | 18:07 | |
*** kebray has joined #openstack-barbican | 18:08 | |
*** rellerreller has joined #openstack-barbican | 18:08 | |
*** igueths has quit IRC | 18:11 | |
*** jkf has quit IRC | 18:12 | |
*** jkf has joined #openstack-barbican | 18:15 | |
*** kebray has quit IRC | 18:15 | |
*** silos has joined #openstack-barbican | 18:19 | |
woodster_ | arunkant: alee_ Catching up....the PATCH vs PUT is ok with me unless that isn't supported by default with some WSGI containers? | 18:21 |
openstackgerrit | Kaitlin Farr proposed openstack/barbican: Fixed Bug for KMIP Secret Storage https://review.openstack.org/178179 | 18:23 |
*** igueths has joined #openstack-barbican | 18:24 | |
*** stanzi has quit IRC | 18:27 | |
*** stanzi has joined #openstack-barbican | 18:27 | |
*** kebray has joined #openstack-barbican | 18:29 | |
openstackgerrit | Doug Hellmann proposed openstack/castellan: Drop use of 'oslo' namespace package https://review.openstack.org/178245 | 18:34 |
rellerreller | alee redrobot Are there any notes on how to create a gate check for Barbican? We are looking into having a KMIP gate check. I'm not sure where to start. | 18:36 |
redrobot | rellerreller I'm in meetings for a few more hours. We can schedule a hangout if you'd like, and I can give you an overview of how the infra gates work | 18:37 |
redrobot | rellerreller basically there is a place where the new job should be defined in YAML, then the newly created job is associated with barbican in a different file. | 18:38 |
rellerreller | redrobot Sounds good. This probably won't happen today, but tomorrow and Friday are mostly open for me. | 18:38 |
dave-mccowan | rellerreller i added the bandit gate to barbican. i followed the steps under the topic "gate testing with bandit" on this page: https://wiki.openstack.org/wiki/Security/Projects/Bandit. the first step is to get the tests to install and run with tox. the other changes go into openstack-infra/project-config. | 18:45 |
rellerreller | dave-mccowan Thanks! | 18:51 |
*** pglass has quit IRC | 18:59 | |
*** kebray has quit IRC | 19:01 | |
*** pglass has joined #openstack-barbican | 19:03 | |
*** igueths has quit IRC | 19:08 | |
*** rellerreller has quit IRC | 19:37 | |
*** kebray has joined #openstack-barbican | 19:40 | |
*** kebray has quit IRC | 19:41 | |
*** kfarr has quit IRC | 19:48 | |
*** openstackstatus has quit IRC | 19:52 | |
*** openstackstatus has joined #openstack-barbican | 19:53 | |
*** ChanServ sets mode: +v openstackstatus | 19:53 | |
*** gyee has quit IRC | 20:00 | |
*** silos has left #openstack-barbican | 20:03 | |
*** dimtruck is now known as zz_dimtruck | 20:03 | |
*** kebray has joined #openstack-barbican | 20:05 | |
*** zz_dimtruck is now known as dimtruck | 20:06 | |
*** stanzi has quit IRC | 20:08 | |
*** stanzi has joined #openstack-barbican | 20:09 | |
elmiko | redrobot: ping | 20:11 |
redrobot | elmiko pong | 20:12 |
elmiko | hey, i'm reworking a barbican integration spec for sahara. basically to move towards castellan and i'm curious about how we should approach the keymgr impl. | 20:12 |
elmiko | should we start with our own barbican impl, or will the official impl be coming soon? | 20:13 |
rm_work | I think the official impl was submitted as a CR | 20:13 |
rm_work | not sure if it is still WIP or pending review | 20:13 |
elmiko | oh, awesome! | 20:13 |
*** stanzi has quit IRC | 20:13 | |
redrobot | elmiko official impl is in review https://review.openstack.org/#/c/171918/ | 20:13 |
rm_work | https://review.openstack.org/#/c/171918/ | 20:14 |
rm_work | bah | 20:14 |
rm_work | beat me by 1s | 20:14 |
redrobot | rm_work 2 sec by my count. :-P | 20:14 |
rm_work | pffft | 20:14 |
elmiko | nice, thanks to both of you =) | 20:14 |
*** joesavak has joined #openstack-barbican | 20:16 | |
woodster_ | Is anyone working on docs for castellan? | 20:19 |
redrobot | woodster_ afaik, nobody is working on that | 20:24 |
elmiko | +1 for docs | 20:24 |
*** dimtruck is now known as zz_dimtruck | 20:25 | |
* rm_work waits for a bit of time to pass before he resubmits CertManager to castellan <_< | 20:25 | |
*** russell_h has left #openstack-barbican | 20:30 | |
elmiko | so here's a question, if we wanted to gate the usage of castellan within our code would it be better to create a small wrapper module that we can control with a configuration option _or_ to create a fake type plugin to castellan that would behave like we want when external key manager is disabled? | 20:30 |
woodster_ | rm_work, if you agree to document castellan, I'll push to get the cert stuff included in castelan :) | 20:33 |
rm_work | woodster_: hehe | 20:33 |
elmiko | lol! | 20:33 |
rm_work | elmiko: gate the usage of castellan? | 20:34 |
rm_work | I think the idea is that castellan IS the gate? | 20:34 |
rm_work | like for LBaaS we would wipe out all of our current interface code that was related to keys, and just import castellan | 20:34 |
rm_work | and the castellan config controls whether barbican or mock backend (or whatever backend you might make) is active | 20:35 |
woodster_ | elmiko: are you asking for a default/simple plugin option to use with castellan for dev work? | 20:35 |
elmiko | well, here's the situation | 20:35 |
rm_work | ^^ if your question is what woodster_ said, you just want the mock plugin | 20:35 |
elmiko | ok, maybe i need to read a little more code | 20:35 |
woodster_ | rm_work is there such a thing? You've mentioned it would be helpful to have | 20:35 |
rm_work | yes | 20:36 |
rm_work | that is the ONLY thing actually merged right now | 20:36 |
rm_work | err, the only impl | 20:36 |
woodster_ | rm_work: I was expecting it to be the default plugin then? Re: https://review.openstack.org/#/c/171918/7/castellan/key_manager/__init__.py,cm | 20:37 |
*** stanzi has joined #openstack-barbican | 20:37 | |
*** joesavak has quit IRC | 20:37 | |
elmiko | ok, looking at the code as it is now here's my situation: | 20:38 |
elmiko | we have passwords currently stored in our database | 20:38 |
elmiko | i want to create this spec that will allow users to enable or disable the external key store as they see fit | 20:38 |
rm_work | elmiko: really i think that means you need to make an impl for castellan that looks in your DB :P | 20:38 |
rm_work | elmiko: then config option to switch from "ourDBStoreImpl" to "BarbicanImpl" | 20:39 |
elmiko | rm_work: and then let the user choose SaharaKeyManager or BarbicanKeyManager as they like? | 20:39 |
rm_work | yes | 20:39 |
elmiko | ok, makes perfect sense | 20:39 |
rm_work | your impl doesn't need to be in-tree | 20:39 |
elmiko | yea, agreed | 20:39 |
elmiko | i just want a dummy impl that works with our current status | 20:40 |
rm_work | yep | 20:40 |
rm_work | shouldn't be too difficult, I hope | 20:40 |
elmiko | i don't think it will be, the castellan code is pretty clear =) | 20:41 |
elmiko | thanks rm_work, woodster_, it helps | 20:41 |
rm_work | np | 20:41 |
rm_work | good luck -- still really want to see good castellan adoption, even though it's only half the project it could be... | 20:41 |
rm_work | <_< | 20:41 |
rm_work | >_> | 20:41 |
elmiko | lol | 20:41 |
* rm_work fades into the shadows | 20:41 | |
*** stanzi has quit IRC | 20:46 | |
*** stanzi has joined #openstack-barbican | 20:47 | |
redrobot | elmiko I would recommend setting up a DevStack gate, that uses the barbican impl to talk to a real barbican. | 20:47 |
chellygel | hey everyone with the powers: could you please review steve's change? https://review.openstack.org/#/c/177906/ | 20:48 |
chellygel | this is to add smoke tests | 20:48 |
chellygel | its a small size (230 lines!) | 20:48 |
elmiko | redrobot: ack, that will come. i need to make sure we can turn this feature off if users don't want to use it | 20:49 |
elmiko | i meant gate more in the sense of being able to enable/disable the barbican usage | 20:49 |
*** zigo_ is now known as zigo | 20:50 | |
*** stanzi has quit IRC | 20:52 | |
*** SheenaG has left #openstack-barbican | 20:58 | |
*** jaosorior has quit IRC | 21:02 | |
*** gyee has joined #openstack-barbican | 21:02 | |
*** SheenaG has joined #openstack-barbican | 21:10 | |
*** gyee has quit IRC | 21:11 | |
*** SheenaG1 has joined #openstack-barbican | 21:13 | |
*** gyee has joined #openstack-barbican | 21:14 | |
*** SheenaG has quit IRC | 21:16 | |
*** silos has joined #openstack-barbican | 21:17 | |
*** silos has left #openstack-barbican | 21:17 | |
*** kebray has quit IRC | 21:17 | |
*** Asha has quit IRC | 21:27 | |
openstackgerrit | OpenStack Proposal Bot proposed openstack/barbican: Updated from global requirements https://review.openstack.org/178409 | 21:35 |
*** stanzi has joined #openstack-barbican | 21:39 | |
*** stanzi has quit IRC | 21:40 | |
*** stanzi has joined #openstack-barbican | 21:40 | |
*** stanzi has quit IRC | 21:45 | |
*** pglass has quit IRC | 21:58 | |
*** dave-mccowan has quit IRC | 22:02 | |
*** xaeth is now known as xaeth_afk | 22:02 | |
*** nelsnelson has joined #openstack-barbican | 22:12 | |
*** alee_ has quit IRC | 22:14 | |
openstackgerrit | Merged openstack/barbican: Fixed Bug for KMIP Secret Storage https://review.openstack.org/178179 | 22:15 |
*** stanzi has joined #openstack-barbican | 22:19 | |
*** stanzi has quit IRC | 22:20 | |
*** stanzi has joined #openstack-barbican | 22:21 | |
*** stanzi_ has joined #openstack-barbican | 22:22 | |
*** stanzi has quit IRC | 22:25 | |
*** nelsnelson has quit IRC | 22:28 | |
*** nkinder has quit IRC | 22:29 | |
*** stanzi_ has quit IRC | 22:32 | |
*** stanzi has joined #openstack-barbican | 22:32 | |
*** stanzi has quit IRC | 22:37 | |
*** jkf has quit IRC | 23:22 | |
*** stanzi has joined #openstack-barbican | 23:33 | |
*** alee_ has joined #openstack-barbican | 23:52 |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!