| *** SheenaG has quit IRC | 00:10 | |
| *** jaosorior has quit IRC | 00:12 | |
| *** jamielennox|away is now known as jamielennox | 00:29 | |
| *** rellerreller has quit IRC | 00:30 | |
| openstackgerrit | Merged openstack/python-barbicanclient: Adding new tests to cover failure scenarios https://review.openstack.org/179155 | 01:20 |
|---|---|---|
| hockeynut | still looking for some reviewers for https://review.openstack.org/#/c/179609/ and https://review.openstack.org/#/c/179659/ Would love to get them off the books...thanks! | 01:23 |
| *** rm_work|away is now known as rm_work | 01:23 | |
| *** crc32 has quit IRC | 01:39 | |
| *** crc32 has joined #openstack-barbican | 01:40 | |
| *** tkelsey has joined #openstack-barbican | 01:40 | |
| *** tkelsey has quit IRC | 01:45 | |
| *** kebray has joined #openstack-barbican | 01:55 | |
| *** kebray has quit IRC | 01:55 | |
| *** SheenaG has joined #openstack-barbican | 01:57 | |
| *** david-lyle has joined #openstack-barbican | 02:10 | |
| *** kebray has joined #openstack-barbican | 02:20 | |
| *** SheenaG has quit IRC | 02:22 | |
| *** SheenaG has joined #openstack-barbican | 02:44 | |
| *** smallbig has joined #openstack-barbican | 02:59 | |
| *** xaeth_afk is now known as xaeth | 03:06 | |
| *** xaeth is now known as xaeth_afk | 03:25 | |
| *** kebray has quit IRC | 04:04 | |
| *** SheenaG has quit IRC | 04:08 | |
| openstackgerrit | Dave McCowan proposed openstack/barbican: Add Multi-user support for Functional Tests https://review.openstack.org/176615 | 04:09 |
| *** rm_work is now known as rm_work|away | 04:19 | |
| openstackgerrit | Dave McCowan proposed openstack/barbican: Add Multi-user support for Functional Tests https://review.openstack.org/176615 | 04:20 |
| openstackgerrit | Dave McCowan proposed openstack/barbican: Add Functional Tests for ACLs Using Multiple Users https://review.openstack.org/181291 | 04:26 |
| openstackgerrit | Dave McCowan proposed openstack/barbican: Add Functional Tests for ACLs Using Multiple Users https://review.openstack.org/181291 | 04:31 |
| *** rm_work|away is now known as rm_work | 04:44 | |
| *** dave-mccowan has quit IRC | 05:05 | |
| openstackgerrit | Merged openstack/barbican: Updated from global requirements https://review.openstack.org/181197 | 05:29 |
| *** tkelsey has joined #openstack-barbican | 05:41 | |
| *** tkelsey has quit IRC | 05:46 | |
| *** nickrmc83 has joined #openstack-barbican | 06:12 | |
| *** nickrmc83 has quit IRC | 06:41 | |
| *** nickrmc83 has joined #openstack-barbican | 06:42 | |
| *** tkelsey has joined #openstack-barbican | 06:50 | |
| *** nickrmc84 has joined #openstack-barbican | 07:03 | |
| *** nickrmc83 has quit IRC | 07:04 | |
| *** crc32 has quit IRC | 07:05 | |
| *** woodster_ has quit IRC | 07:10 | |
| *** tkelsey has quit IRC | 07:35 | |
| *** tkelsey has joined #openstack-barbican | 07:36 | |
| *** jamielennox is now known as jamielennox|away | 07:36 | |
| *** everjeje has joined #openstack-barbican | 07:38 | |
| *** jaosorior has joined #openstack-barbican | 08:19 | |
| *** nickrmc83 has joined #openstack-barbican | 08:19 | |
| *** chlong has quit IRC | 08:20 | |
| *** nickrmc84 has quit IRC | 08:20 | |
| *** nickrmc84 has joined #openstack-barbican | 08:36 | |
| *** nickrmc83 has quit IRC | 08:37 | |
| jaosorior | :t pl | 09:27 |
| jaosorior | wrong input | 09:27 |
| jaosorior | anyway, therve:are you around? | 09:28 |
| *** woodster_ has joined #openstack-barbican | 10:11 | |
| *** darrenmoffat has joined #openstack-barbican | 10:13 | |
| therve | jaosorior, Hi! | 10:25 |
| jaosorior | therve: hey man, I remember yesterday you had a question about the policy file | 10:29 |
| jaosorior | I went ahead and asked about it again, so I was wondering if you got an answer, if not, I can now answer it | 10:29 |
| therve | jaosorior, Saw redrobot's answer, but it didn't totally make sense to me | 10:30 |
| therve | "because roles are used per-project", right? | 10:31 |
| jaosorior | oh, alright | 10:31 |
| jaosorior | well, the thing is | 10:31 |
| jaosorior | lets have this scenario | 10:31 |
| jaosorior | there is projectA that contains user1 and user2 | 10:31 |
| jaosorior | user1 and user2 are members of the project, and thus they can create secrets without a problem | 10:32 |
| jaosorior | BUT, since the policy only covers projects (and not individual resources for the users) | 10:32 |
| jaosorior | both users can read each other's secrets (what the ACL stuff wants to address) | 10:32 |
| therve | RIght | 10:33 |
| jaosorior | now | 10:33 |
| therve | So currently you don't have a way to say "user1 can delete user1's secrets" | 10:33 |
| jaosorior | the ACL stuff is covering read, at the moment, and delete is not supported yet | 10:33 |
| jaosorior | so we don't want users to be able to delete other users projects | 10:33 |
| jaosorior | hopefully that policy will be fixed once the delete ACL is properly implemented | 10:33 |
| therve | Make sense | 10:34 |
| jaosorior | * so we don't want users to be able to delete secrets from other users from the same project | 10:34 |
| jaosorior | that was the correct phrase haha, I still need more coffee :P | 10:34 |
| jaosorior | but anyway, as far as I understand, that policy is the way it is until ACL support for delete's is there | 10:35 |
| therve | Working on https://blueprints.launchpad.net/heat/+spec/barbican-as-secret-backend FWIW | 10:36 |
| therve | So I need that piece of users being able to delete their own secret, but for now it can be documentation for tweaking the policy file accordingly | 10:37 |
| jaosorior | might be worth while to read this commit https://review.openstack.org/#/c/177454/ there it kind of explains the situation | 10:38 |
| jaosorior | therve: I see. hopefully we can support those operations soon. Don't know how far in the coding is arunkant at the moment | 10:38 |
| openstackgerrit | Merged openstack/python-barbicanclient: Drop use of 'oslo' namespace package https://review.openstack.org/180679 | 11:15 |
| *** nickrmc84 has quit IRC | 11:37 | |
| *** nickrmc83 has joined #openstack-barbican | 11:55 | |
| *** dave-mccowan has joined #openstack-barbican | 12:06 | |
| *** nickrmc83 has quit IRC | 12:34 | |
| *** nickrmc83 has joined #openstack-barbican | 12:37 | |
| *** nickrmc83 has quit IRC | 12:42 | |
| *** chlong has joined #openstack-barbican | 12:47 | |
| *** joesavak has joined #openstack-barbican | 12:49 | |
| *** nickrmc83 has joined #openstack-barbican | 12:54 | |
| openstackgerrit | Merged openstack/python-barbicanclient: Updated from global requirements https://review.openstack.org/181229 | 12:55 |
| woodster_ | therve: I need to read your spec, but was curious if the user that reads the secret is the same one that uploads it? Automation use cases we've seen those are two separate users that can have separate roles. | 12:56 |
| *** nickrmc83 has quit IRC | 13:00 | |
| *** jsavak has joined #openstack-barbican | 13:25 | |
| *** joesavak has quit IRC | 13:27 | |
| jaosorior | Any workflows for this? :D https://review.openstack.org/#/c/175338/ | 13:33 |
| openstackgerrit | Steve Heyman proposed openstack/python-barbicanclient: Create behaviors for secrets https://review.openstack.org/179609 | 13:44 |
| *** rellerreller has joined #openstack-barbican | 13:45 | |
| openstackgerrit | Steve Heyman proposed openstack/python-barbicanclient: Create behaviors for secrets https://review.openstack.org/179609 | 13:46 |
| *** jsavak has quit IRC | 13:48 | |
| *** openstackgerrit has quit IRC | 13:51 | |
| *** openstackgerrit has joined #openstack-barbican | 13:51 | |
| jaosorior | hockeynut: got some time to check this CR? https://review.openstack.org/#/c/175338/ | 13:57 |
| hockeynut | jaosorior sure. <click> | 13:57 |
| *** alee_dinner is now known as alee | 14:06 | |
| *** igueths has joined #openstack-barbican | 14:10 | |
| *** pglass has joined #openstack-barbican | 14:10 | |
| jaosorior | hockeynut: thanks mr. | 14:24 |
| *** shakamunyi has joined #openstack-barbican | 14:25 | |
| openstackgerrit | Merged openstack/barbican: Migrate to oslo_context https://review.openstack.org/175338 | 14:32 |
| hockeynut | dave-mccowan test_rbac.py makes me smile! | 14:44 |
| hockeynut | dave-mccowan the only thing I think we should change are the usernames. for folks who need to request users to be created a name like "admin1" isn't a good choice. I'd say we should prefix those userids with something like barbican_ or hockeynut_ :-) | 14:47 |
| *** xaeth_afk is now known as xaeth | 14:48 | |
| alee | woodster_, Sheena_ I'm working right now on the demos. Hope to wrap them up by this weekend. Do you want to meet Monday to go over slides? | 14:49 |
| alee | woodster_, Sheena_ my schedule is completely open (ie. no scheduled meetings yet) on Monday | 14:51 |
| alee | and I suspect we'll need at least a couple of meetings -- one to integrate/ edit slides - and one to do a run-through. | 14:52 |
| alee | so maybe Monday and Tuesday? | 14:52 |
| woodster_ | ...and to get timing | 14:52 |
| alee | yup | 14:52 |
| alee | I have a scheulded 4pm EST meeting on tuesday, but other than that am free. | 14:53 |
| *** kebray has joined #openstack-barbican | 14:54 | |
| dave-mccowan | hockeynut good idea on the rename. shall I change just the keystone user names, and leave the python and CONF variable names the same? | 14:55 |
| *** nelsnelson has joined #openstack-barbican | 14:58 | |
| alee | woodster_, hopefully Sheena_ will see these messages and be able to get back to us with a time that works for all of us. but Mon and Tues morning sometime sounds good. | 14:58 |
| *** igueths has quit IRC | 15:13 | |
| *** igueths has joined #openstack-barbican | 15:18 | |
| openstackgerrit | Dave McCowan proposed openstack/barbican: Add Multi-user support for Functional Tests https://review.openstack.org/176615 | 15:18 |
| *** SheenaG has joined #openstack-barbican | 15:23 | |
| *** shakamunyi has quit IRC | 15:25 | |
| *** rm_work is now known as rm_work|away | 15:32 | |
| therve | woodster_, It ought to be the same, yes | 15:37 |
| *** gyee has joined #openstack-barbican | 15:52 | |
| *** openstackstatus has quit IRC | 15:56 | |
| *** openstackstatus has joined #openstack-barbican | 15:56 | |
| *** ChanServ sets mode: +v openstackstatus | 15:56 | |
| *** gyee has quit IRC | 16:16 | |
| *** shakamunyi has joined #openstack-barbican | 16:16 | |
| *** gyee has joined #openstack-barbican | 16:22 | |
| hockeynut | dave-mccowan that's fine. its the keystone names that are important | 16:22 |
| dave-mccowan | hockeynut great! last patch set should be good to go now. | 16:23 |
| alee | redrobot, dave-mccowan ping | 16:27 |
| redrobot | alee pong | 16:27 |
| dave-mccowan | alee pong | 16:27 |
| alee | redrobot, dave-mccowan where are those docs for the cert api usage cases again? | 16:28 |
| redrobot | alee afaik we don't have much in the way of certificate api docs. | 16:29 |
| alee | redrobot, I recall there was something thwat you wrote on how to use the cert api to generate a cert request | 16:29 |
| alee | (including the instructions on how to generate a csr etc. | 16:29 |
| alee | redrobot, jaosorior dave-mccowan - also are there instrcutions on how to use the barbican client to generate a RSA key pair? | 16:30 |
| dave-mccowan | alee maybe in redrobot's gisthub https://gist.github.com/dmend | 16:30 |
| redrobot | alee dave-mccowan I don't think I ever got around to documenting Cert stuff. We do have this in the code though https://github.com/openstack/barbican/blob/master/barbican/tests/keys.py#L274 | 16:32 |
| redrobot | alee all client docs are here http://docs.openstack.org/developer/python-barbicanclient/ if it's not there, it may need to be added | 16:32 |
| openstackgerrit | Thomas Herve proposed openstack/barbican: Fix snakeoil_ca plugin https://review.openstack.org/179374 | 16:32 |
| alee | redrobot, ah good was about to look there | 16:32 |
| alee | redrobot, any docs on using barbican-client to gen a rsa key? | 16:33 |
| *** shakamunyi has quit IRC | 16:33 | |
| redrobot | alee basically like this http://docs.openstack.org/developer/python-barbicanclient/usage.html#orders but use this class instead http://docs.openstack.org/developer/python-barbicanclient/reference.html#barbicanclient.orders.AsymmetricOrder | 16:34 |
| openstackgerrit | Thomas Herve proposed openstack/barbican: Fix snakeoil_ca plugin https://review.openstack.org/179374 | 16:34 |
| hockeynut | dave-mccowan coolness - checking it out now | 16:35 |
| alee | redrobot, ok thanks will give it a shot | 16:36 |
| dave-mccowan | alee for python API examples, https://github.com/openstack/barbican/blob/master/functionaltests/api/v1/functional/test_rsa.py for curl examples, https://gist.github.com/dmend/13c892c6299a92dcbdf8 | 16:36 |
| alee | dave-mccowan, thanks | 16:36 |
| redrobot | dave-mccowan so the client used in barbican functional tests != python-barbicanclient | 16:37 |
| *** kfarr has joined #openstack-barbican | 16:38 | |
| therve | alee, FWIW with https://review.openstack.org/#/c/179397/ you can generate a cert with 2 barbican order create calls | 16:41 |
| alee | therve, oh nice! | 16:43 |
| alee | therve, I'm going to use that in my slides for the summit -- (and reference your pending CR) | 16:43 |
| therve | alee, Hopefully it'll be in by then :) | 16:44 |
| alee | therve, you need to be able to provide a ca_id and profile too, for automatic cert issuance. | 16:45 |
| alee | therve, I guess that can be a separate CR | 16:46 |
| therve | alee, I'd be happy to update that one with those extra args | 16:46 |
| therve | I only enabled the ones I was able to test, using snakeoil_ca | 16:46 |
| alee | therve, yeah - you need dogtag to really test the others. | 16:47 |
| *** shakamunyi has joined #openstack-barbican | 16:48 | |
| alee | therve, let me get back to you later today on what changes you'd need. but this would be nice to get in and reference in the summit talk | 16:48 |
| alee | therve, I think though that this may not be a simple addition | 16:49 |
| alee | therve, for instance, you're going to need to be able to query the server for the ca_id's availabel | 16:49 |
| therve | Oh ok | 16:49 |
| therve | alee, That part we can do later | 16:49 |
| alee | yup | 16:50 |
| therve | And assume you know the ones available | 16:50 |
| alee | true -- ok - let me look now and see what would need to be added .. | 16:50 |
| alee | therve, redrobot - is there some kind of verbose setting on the barbican-client that allows one to see the actual rest call being made? | 16:53 |
| *** darrenmoffat has left #openstack-barbican | 16:53 | |
| therve | alee, the --verbose flag ought to do that | 16:54 |
| alee | therve, cool -- so there should be two new parameters: "ca_id" and "profile" | 16:57 |
| alee | therve, having the profile parameter requires also having the ca_id parameter | 16:58 |
| alee | the input to both are strings and these would both be passed as order metadata | 16:59 |
| alee | therve, it is possible to provide ca_id without profile, but not visa versa | 17:00 |
| alee | therve, make sense? | 17:00 |
| therve | alee, It does. I didn't add much validation for now, though I can at least handle this case | 17:01 |
| alee | therve, cool - let me know when you get a patch up -- 'll test it and use it in my summit slides | 17:01 |
| alee | (and ack it assuming it works) | 17:02 |
| therve | Yeah that'd be nice, until I manage to make dogtag works | 17:02 |
| alee | cool | 17:02 |
| *** shakamunyi has quit IRC | 17:07 | |
| kfarr | redrobot elmiko, here are some initial thoughts for the fishbowl, let me know what you think :) https://etherpad.openstack.org/p/Castellan-fishbowl-L-summit | 17:11 |
| therve | alee, It seems the plugin uses 'profile' for simple_cmc and 'profile_id' for custom, is it expected? | 17:16 |
| *** crc32 has joined #openstack-barbican | 17:17 | |
| alee | therve, you're looking at the functional tests? | 17:17 |
| therve | alee, source code | 17:17 |
| openstackgerrit | Steve Heyman proposed openstack/python-barbicanclient: Create behaviors for secrets https://review.openstack.org/179609 | 17:17 |
| alee | therve, right - functional tests in the source code. | 17:17 |
| *** shakamunyi has joined #openstack-barbican | 17:18 | |
| therve | alee, No no the plugin source code directly :) | 17:18 |
| alee | therve, for dogtag> | 17:18 |
| alee | ? | 17:18 |
| therve | Yeah | 17:18 |
| alee | ok -- let me explain .. | 17:18 |
| alee | the simple-cmc barbican interface has a parameter "profile" -- this is the parameter you should be concerned about | 17:19 |
| alee | the dogtag ca understands the parameter profile_id -- so the dogtag plugin will convert profile -> profile_id | 17:20 |
| *** crc32 has quit IRC | 17:20 | |
| alee | the custom type of request basically says .. sorry just a sec .. | 17:20 |
| alee | (neeting) | 17:20 |
| *** crc32 has joined #openstack-barbican | 17:21 | |
| redrobot | kfarr looks good so far. I would like to see the getter methods in the ManagedObject hierarchy removed. They are not needed in Python. | 17:21 |
| *** shakamunyi has quit IRC | 17:23 | |
| openstackgerrit | Thomas Herve proposed openstack/python-barbicanclient: Add support for certificate order https://review.openstack.org/179397 | 17:23 |
| woodster_ | alee, the ca_id and profile are optional parameters on an order though correct? So if I only have a snake oil CA plugin deployed, those wouldn't be needed. It is only when you have more than one CA plugin that 'ca_id" is important...to select a specific plugin if you want, correct? | 17:25 |
| alee | therve, the custome type basically says -- "you know you have a ca of type X (in this case dogtag). Send exactly the parameters that are needed for dogtag -- which in this case would be profile_id" | 17:26 |
| woodster_ | alee: so the snake oil plugin can ignore profile, and only has to provide the description for the list of ca-id's call, correct? | 17:26 |
| alee | therve, those will be passed unchanged to the dogtag ca | 17:26 |
| alee | woodster_, ca_id and profile are optional | 17:26 |
| alee | woodster_, snakeoli can ignore them -- although if you do provide a ca_id and it does not match an existing ca , then the order will fail | 17:27 |
| therve | alee, OK... | 17:28 |
| therve | alee, Anyhow just committed the changes | 17:28 |
| alee | woodster_, which makes sense -- so you can choose not to provide them - but if you provide profile, you must provide ca_id, and if you provide ca_id, it must be right. | 17:28 |
| alee | therve, cool will look shortly .. | 17:29 |
| elmiko | kfarr: thanks! looking now | 17:29 |
| alee | grabbing quick lunch .. | 17:29 |
| SheenaG | alee, woodster_ sending invites now | 17:29 |
| SheenaG | Let me know if those times don't work | 17:29 |
| SheenaG | I'm pretty flexible | 17:29 |
| *** alee is now known as alee_nosh | 17:29 | |
| elmiko | kfarr: also, that is the best looking diagram i have ever seen in an etherpad ;) | 17:29 |
| hockeynut | dave-mccowan ping | 17:30 |
| dave-mccowan | hockeynut pong | 17:30 |
| hockeynut | it looks like the "1" users are for valid tests and "2" users should fail - right? | 17:30 |
| elmiko | kfarr, rellerreller, redrobot, i was curious about the process for proposing changes to castellan. i have an idea for improved configuration options but i'd like to formalize it somehow. i realize there might not be specs repo for this stuff, what do you guys advise? | 17:31 |
| dave-mccowan | hockeynut 1 users have a role in project 1, and 2 users have a role in project 2. | 17:31 |
| hockeynut | ok. wondering if there's a more self-documenting way to name them without making each name 180 chars long | 17:32 |
| rellerreller | elmiko I am not sure. etherpad? | 17:32 |
| hockeynut | I was hoping for something like _access and _noaccess suffixes if that's what the 1 and 2 means | 17:32 |
| hockeynut | c/means/meant | 17:32 |
| redrobot | elmiko good question... we could add a castellan-specs repo? or we could test out one of woodster_ 's suggestions and just make a documentation CR with the proposed change. | 17:33 |
| dave-mccowan | hockeynut i tried: "admin1" has the "admin" role in "project1" | 17:33 |
| hockeynut | gotcha | 17:33 |
| hockeynut | almost done reviewing. A few small items but otherwise its rockin' | 17:34 |
| elmiko | rellerreller, redrobot, i can certainly add it to the pad for us to talk about at summit. so far i've been thinking about making a fork on github and using that as my scratchpad. | 17:34 |
| *** shakamunyi has joined #openstack-barbican | 17:34 | |
| redrobot | dave-mccowan hockeynut how about p1_admin, p2_admin (for project 1 and project 2) ... that way you could have p1_admin1 and p1_admin2 to check that other admin's can't get to your private secret | 17:35 |
| hockeynut | proj1_admin, proj2_admin perhaps? | 17:35 |
| hockeynut | p1 has special meaning for us F1 fans, right reaperhulk ? | 17:35 |
| elmiko | redrobot: maybe we don't need a repo yet, not sure i understand the documentation CR idea. just mark up the docs or add a doc? | 17:35 |
| *** tkelsey has quit IRC | 17:39 | |
| redrobot | elmiko basically modify the user guide to give examples of how the new feature would work... but now that I think about it, it may not make sense for a client lib. | 17:39 |
| redrobot | elmiko but yeah, etherpad would work. | 17:40 |
| dave-mccowan | hockeynut, redrobot my last patch set changed from "project1" and "admin1" to "barbican_project1" and "barbican_admin1". so that would be: "barbican_proj1_admin" to put them together. | 17:40 |
| elmiko | redrobot: k, i'll add a paragraph to discuss it at summit | 17:40 |
| hockeynut | dave-mccowan I hear ya, but I think thats actually nicely readable | 17:41 |
| hockeynut | dave-mccowan done reviewing - a few things to make it more readable/etc (can you tell I'm a fan of readability?) | 17:42 |
| dave-mccowan | hockeynut: redrobot had a good suggestion that we might want to two admins or two creators in a project for more test variations. barbican_proj_a_admin and barbican_proj_b_admin? (i'll leave adding additional users for another day, but want to get the namespace right) | 17:49 |
| arunkant | any reviewer for ACL API changes mentioned in ACL docs review comment https://review.openstack.org/#/c/178479/5/doc/source/api/quickstart/acls.rst,cm . Looking for community opinion for these API changes. | 17:50 |
| hockeynut | dave-mccowan redrobot so the convention would be barbican_proj_<projname>_<role> ? then we could just append a sequence number for multiple users | 17:50 |
| dave-mccowan | hockeynut, redrobot. or: barbican_a_admin and barbican_b_admin or: barbican_pa_admin and barbican_ba_admin or: barbican_red_admin and barbican_blue_admin | 17:51 |
| hockeynut | dave-mccowan I like that better | 17:51 |
| redrobot | hockeynut dave-mccowan why the barbican_ prefix? | 17:51 |
| dave-mccowan | hockeynut, yea, and i think i'll change the CONF variable names too to match. | 17:52 |
| dave-mccowan | redrobot some nut made me do it. ;-) | 17:53 |
| hockeynut | <snicker> | 17:53 |
| hockeynut | redrobot thinking about a company who might want naming to be more project-specific than just "admin1" | 17:54 |
| *** xaeth is now known as xaeth_afk | 17:58 | |
| reaperhulk | p1 hockeynut | 18:01 |
| reaperhulk | way to steal nico's seat | 18:02 |
| redrobot | hockeynut dave-mccowan I think the "barbican_" prefix is not necessary. They'll probably be the only users in the dsvm at the gate. | 18:03 |
| *** alee_nosh is now known as alee | 18:03 | |
| alee | woodster_, Sheena_ times good for me | 18:04 |
| hockeynut | dave-mccowan yeah, I think we can drop the barbican_ If anyone need to change the names then they can do that locally | 18:05 |
| kfarr | elmiko, thanks! I agree, the config options should be modified and I was trying out the tox auto config generator. I think changing the config options might not need a full-blown spec anyway | 18:10 |
| dave-mccowan | redrobot did you want to review this CR again? if so, i'll wait for your comments before the next patch set. https://review.openstack.org/176615 anyone else? | 18:12 |
| dave-mccowan | hockeynut, redrobot. what do you think? http://www.fpaste.org/219994/31109180/ | 18:21 |
| hockeynut | dave-mccowan I like it except line 6 should be project_b=project_b so -50 points | 18:21 |
| elmiko | kfarr: ok, cool. i'm cross referencing with some of the oslo libs to hopefully provide a nice template that we could follow. | 18:22 |
| alee | therve, ping | 18:22 |
| *** xaeth_afk is now known as xaeth | 18:38 | |
| *** jaosorior has quit IRC | 18:42 | |
| *** silos has joined #openstack-barbican | 19:07 | |
| *** xaeth is now known as xaeth_afk | 19:13 | |
| *** crc32 has quit IRC | 19:21 | |
| elmiko | kfarr: i added a few thoughts to the etherpad | 19:28 |
| kfarr | Thanks elmiko! | 19:28 |
| elmiko | kfarr: so, as it turns out i'm supposed to be chairing a sahara session at the same time as the castellan session. i'm trying to work with our PTL to get my session switched for another, so hopefully this will work out. just a heads up =) | 19:30 |
| therve | alee, Hey, around for a bit | 19:31 |
| kfarr | elmiko, oh no! I hope everything will work out | 19:31 |
| therve | Just saw your comments | 19:31 |
| elmiko | kfarr: lol, me too! | 19:31 |
| alee | therve, ok - make sense? | 19:32 |
| therve | alee, Yep definitely | 19:32 |
| therve | alee, I'll indeed postpone the generation argument, if that's ok | 19:32 |
| alee | therve, sure makes sense to me | 19:32 |
| redrobot | elmiko we could move castellan to the next slot. | 19:36 |
| elmiko | redrobot: maybe wait till monday, i sent an email to our ptl but haven't heard back yet | 19:38 |
| elmiko | i didn't want to intrude too much on your scheduling, so i'm trying to work with our slots. but if that fails then i'll gladly take you up on the offer =) | 19:38 |
| openstackgerrit | Thomas Herve proposed openstack/python-barbicanclient: Add support for certificate order https://review.openstack.org/179397 | 19:42 |
| *** SheenaG has quit IRC | 19:53 | |
| *** atiwari1 has joined #openstack-barbican | 19:56 | |
| *** atiwari has quit IRC | 19:59 | |
| *** atiwari2 has joined #openstack-barbican | 20:06 | |
| *** atiwari1 has quit IRC | 20:10 | |
| elmiko | redrobot, kfarr, ok problem averted. we switched the sahara schedule around. | 20:13 |
| *** shakamunyi has quit IRC | 20:17 | |
| rellerreller | elmiko Awesome! | 20:23 |
| *** SheenaG has joined #openstack-barbican | 20:27 | |
| *** silos has left #openstack-barbican | 20:33 | |
| *** shakamunyi has joined #openstack-barbican | 20:48 | |
| alee | redrobot, ping | 20:58 |
| alee | woodster_, redrobot - I just updated my instacne to latest code and now for some reason, when I try to create an order, I get this : "Order creation attempt not allowed - please review your user/project privileges" | 20:59 |
| *** rm_work|away is now known as rm_work | 21:00 | |
| alee | I'm using unauthenticated mode -- and I used barbican.sh to install. my config files look pretty much the same as before (minus a few comments) | 21:00 |
| alee | so what am I missing? | 21:00 |
| *** shakamunyi has quit IRC | 21:03 | |
| openstackgerrit | Dave McCowan proposed openstack/barbican: Add Multi-user support for Functional Tests https://review.openstack.org/176615 | 21:07 |
| *** rellerreller has quit IRC | 21:07 | |
| *** xaeth_afk is now known as xaeth | 21:09 | |
| alee | dave-mccowan, redrobot any idea? | 21:16 |
| *** shakamunyi has joined #openstack-barbican | 21:22 | |
| dave-mccowan | alee, i haven't see that issue or seen any recent merged changes in that area. | 21:28 |
| alee | dave-mccowan, yeah - something in my environment perhaps -- looking --- it works when I go back to an earlier tree -- seeing what changd | 21:29 |
| *** xaeth is now known as xaeth_afk | 21:45 | |
| SheenaG | alee, alee_ what does Wednesday look like for you? | 21:51 |
| SheenaG | I forgot woodster_ has stuff on Tuesdays | 21:51 |
| alee | Sheena_, wednesday is fine - I'm pretty much free. | 21:52 |
| *** kebray_ has joined #openstack-barbican | 21:53 | |
| *** kebray has quit IRC | 21:55 | |
| SheenaG | alee I'll schedule round #2 for Wed then - thanks sir | 21:58 |
| alee | np thanks | 21:58 |
| *** nelsnelson has quit IRC | 21:59 | |
| *** pglass has quit IRC | 22:01 | |
| *** shakamunyi has quit IRC | 22:04 | |
| *** barra204 has joined #openstack-barbican | 22:05 | |
| *** SheenaG has quit IRC | 22:18 | |
| openstackgerrit | Dave McCowan proposed openstack/barbican: Add Functional Tests for ACLs Using Multiple Users https://review.openstack.org/181291 | 22:27 |
| *** igueths has quit IRC | 22:33 | |
| *** SheenaG has joined #openstack-barbican | 22:33 | |
| *** kebray_ has quit IRC | 22:36 | |
| *** kebray has joined #openstack-barbican | 22:48 | |
| *** kfarr has quit IRC | 23:02 | |
| *** atiwari1 has joined #openstack-barbican | 23:04 | |
| *** atiwari2 has quit IRC | 23:07 | |
| openstackgerrit | John Wood proposed openstack/barbican: Port the Architecture, Dataflow, and Project Strucure docs https://review.openstack.org/132304 | 23:08 |
| *** barra204 has quit IRC | 23:22 | |
| *** SheenaG has quit IRC | 23:23 | |
| *** SheenaG has joined #openstack-barbican | 23:53 | |
| *** SheenaG has quit IRC | 23:55 | |
| *** atiwari2 has joined #openstack-barbican | 23:55 | |
| *** atiwari1 has quit IRC | 23:58 | |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!