*** madhuri has joined #openstack-barbican | 00:14 | |
*** nelsnelson has joined #openstack-barbican | 00:15 | |
yuanying | anyone arround? | 00:15 |
---|---|---|
madhuri | redrobot, ping? | 00:16 |
*** gyee has quit IRC | 00:36 | |
*** dimtruck is now known as zz_dimtruck | 00:42 | |
*** nelsnelson has quit IRC | 00:45 | |
*** nelsnelson has joined #openstack-barbican | 00:46 | |
*** nelsnelson has quit IRC | 00:59 | |
*** yuanying_ has joined #openstack-barbican | 01:02 | |
*** yuanying has quit IRC | 01:05 | |
*** yuanying_ has quit IRC | 01:07 | |
*** nelsnelson has joined #openstack-barbican | 01:17 | |
*** chlong has joined #openstack-barbican | 01:21 | |
*** nelsnelson has quit IRC | 01:23 | |
*** yuanying has joined #openstack-barbican | 01:24 | |
*** yuanying has quit IRC | 01:28 | |
*** yuanying has joined #openstack-barbican | 01:29 | |
*** yuanying has quit IRC | 01:30 | |
*** crc32 has quit IRC | 01:32 | |
*** yuanying has joined #openstack-barbican | 01:33 | |
*** kfarr has joined #openstack-barbican | 01:42 | |
*** kebray has quit IRC | 01:58 | |
*** zz_dimtruck is now known as dimtruck | 02:02 | |
*** arunkant__ has joined #openstack-barbican | 02:19 | |
*** arunkant_ has quit IRC | 02:22 | |
*** jhfeng has joined #openstack-barbican | 02:51 | |
*** arunkant has joined #openstack-barbican | 03:01 | |
*** tkelsey has joined #openstack-barbican | 03:04 | |
*** arunkant__ has quit IRC | 03:05 | |
*** tkelsey has quit IRC | 03:08 | |
*** dave-mcc_ has quit IRC | 03:32 | |
*** jhfeng has quit IRC | 03:35 | |
*** kebray has joined #openstack-barbican | 03:36 | |
*** crc32 has joined #openstack-barbican | 03:59 | |
*** xaeth_afk is now known as xaeth | 04:01 | |
*** arunkant_ has joined #openstack-barbican | 04:03 | |
*** arunkant has quit IRC | 04:06 | |
*** arunkant__ has joined #openstack-barbican | 04:08 | |
*** crc32 has quit IRC | 04:11 | |
*** arunkant_ has quit IRC | 04:11 | |
*** arunkant__ has quit IRC | 04:37 | |
*** kfarr has quit IRC | 04:50 | |
*** kebray_ has joined #openstack-barbican | 05:21 | |
*** kebray has quit IRC | 05:25 | |
*** david-ly_ has joined #openstack-barbican | 05:37 | |
*** david-lyle has quit IRC | 05:40 | |
*** dimtruck is now known as zz_dimtruck | 05:49 | |
*** ig0r__ has joined #openstack-barbican | 05:52 | |
*** ig0r_ has quit IRC | 05:55 | |
*** nickrmc83 has joined #openstack-barbican | 06:03 | |
*** kebray_ has quit IRC | 06:40 | |
*** shohel has joined #openstack-barbican | 07:08 | |
*** jamielennox is now known as jamielennox|away | 07:17 | |
*** shohel has quit IRC | 07:17 | |
*** xaeth is now known as xaeth_afk | 07:19 | |
*** eglute has quit IRC | 07:30 | |
*** dolphm has quit IRC | 07:30 | |
*** shohel has joined #openstack-barbican | 07:34 | |
*** shohel has quit IRC | 07:47 | |
*** nickrmc83 has quit IRC | 07:59 | |
*** chlong has quit IRC | 08:10 | |
*** yuanying has quit IRC | 08:10 | |
*** shohel has joined #openstack-barbican | 08:17 | |
*** shohel has quit IRC | 08:20 | |
*** nickrmc83 has joined #openstack-barbican | 08:39 | |
*** tkelsey has joined #openstack-barbican | 09:04 | |
*** shohel has joined #openstack-barbican | 09:46 | |
*** mmdurrant_ has quit IRC | 10:09 | |
*** arunkant__ has joined #openstack-barbican | 10:34 | |
*** arunkant__ has quit IRC | 10:41 | |
*** eglute has joined #openstack-barbican | 10:53 | |
*** dolphm has joined #openstack-barbican | 10:53 | |
*** jamielennox|away is now known as jamielennox | 10:54 | |
*** mmdurrant_ has joined #openstack-barbican | 11:59 | |
*** nickrmc83 has quit IRC | 12:07 | |
*** ig0r__ has quit IRC | 12:17 | |
*** darrenmoffat has quit IRC | 12:23 | |
*** darrenmoffat has joined #openstack-barbican | 12:23 | |
*** ig0r_ has joined #openstack-barbican | 12:23 | |
*** david-lyle has joined #openstack-barbican | 12:28 | |
*** chlong has joined #openstack-barbican | 12:28 | |
*** david-ly_ has quit IRC | 12:30 | |
*** hockeynut has quit IRC | 12:38 | |
*** hockeynut has joined #openstack-barbican | 12:42 | |
*** dave-mccowan has joined #openstack-barbican | 12:56 | |
*** nelsnelson has joined #openstack-barbican | 12:59 | |
*** nelsnelson has quit IRC | 13:00 | |
*** nelsnelson has joined #openstack-barbican | 13:01 | |
*** jamielennox is now known as jamielennox|away | 13:09 | |
*** arunkant has joined #openstack-barbican | 13:13 | |
*** everjeje has joined #openstack-barbican | 13:16 | |
*** shohel has quit IRC | 13:28 | |
*** woodster_ has joined #openstack-barbican | 13:36 | |
*** arunkant has quit IRC | 13:36 | |
*** arunkant has joined #openstack-barbican | 13:40 | |
*** SheenaG has joined #openstack-barbican | 13:46 | |
*** spotz_zzz is now known as spotz | 14:00 | |
*** pglass has joined #openstack-barbican | 14:04 | |
*** rellerreller has joined #openstack-barbican | 14:09 | |
rellerreller | dumb question but can someone give me the command to get a keystone token for a devstack instance? | 14:17 |
rellerreller | I'm trying to use the openstack CLI tool to do this, and then I want to use that token to test with barbican cli. | 14:17 |
elmiko | keystone token-get , irrc | 14:20 |
elmiko | iirc | 14:20 |
elmiko | or if you have the unified client `openstack token issue` | 14:20 |
*** mmdurrant has quit IRC | 14:21 | |
*** mmdurrant_ is now known as mmdurrant | 14:21 | |
*** kfarr has joined #openstack-barbican | 14:21 | |
*** zz_dimtruck is now known as dimtruck | 14:22 | |
alee | redrobot, have a question on how to use the python-barbicanclient | 14:22 |
alee | redrobot, lets say I create a certificate order -- the code will look something like this: | 14:23 |
alee | order = barbican.orders.create_certificate( | 14:24 |
alee | name=name, | 14:24 |
alee | request_type='simple-cmc', | 14:24 |
alee | ca_id=ca_id, | 14:24 |
alee | profile=profile, | 14:24 |
alee | request_data=request_data) | 14:24 |
alee | order_ref = order.submit() | 14:24 |
alee | if the order is created - great -- I have an order_ref | 14:24 |
alee | if not -- say 401 error or 500 or cannot connect, how do I figure out whats going on? | 14:24 |
kfarr | alee When I'm debugging creating secrets and it gives an error, at that point I'll usually check the logs or the Barbican screen session if I'm using devstack. Maybe that's helpful for certificate creation, too. I'd be interested to hear how other people debug | 14:37 |
alee | kfarr, thanks -- actually that wasn't quite my question -- I was looking more as to how to write the code to handle those cases | 14:38 |
alee | kfarr, but looking at the castellan code, I see exceptions are thrown | 14:39 |
kfarr | alee oh, sorry I misunderstood | 14:39 |
alee | kfarr, np - I prob wasn't clear | 14:39 |
kfarr | alee, yeah in Castellan, we were just going to throw exceptions if something invalid occurs, so that the calling code will catch it | 14:41 |
alee | kfarr, yup in the certmonger code, I need to handle the exceptions accordingly | 14:42 |
rellerreller | elmiko I have been trying openstack token issue with no luck :( | 14:46 |
*** dimtruck is now known as zz_dimtruck | 14:46 | |
rellerreller | elmiko I did learn something interesting. | 14:46 |
elmiko | rellerreller: weird, how is it blowing up? | 14:46 |
rellerreller | elmiko If I run `openstack --os-auth-url=http://localhost:5000/v3 --os-project-domain-id=default --os-project-name=demo --os-user-domain-id=default --os-username=admin --os-auth-type=password token issue` | 14:46 |
rellerreller | then token issue fails :( so sad | 14:47 |
elmiko | shouldn't those be --os-project-domain-name=default ? | 14:47 |
elmiko | and --os-user-domain-name=default | 14:47 |
rellerreller | elmiko I did a tcpdump on this and noticed that this is the json blob '{"auth": {"scope": {"project": {"domain": {"id": "default"}, "name": "demo"}}, "identity": {"password": {"user": {"domain": {"id": "default"}, "password": null, "name": "admin"}}, "methods": ["password"]}}}' | 14:48 |
rellerreller | elmiko notice that the password string is null even though it asks me for the password | 14:48 |
elmiko | weird.. | 14:48 |
rellerreller | elmiko then I ran the same command but specified the password on the command line string, not ideal but I wanted to see what would happen. | 14:48 |
rellerreller | elmiko low and behold it worked | 14:49 |
elmiko | nice =) | 14:49 |
elmiko | that's how i usually use it, well password in env variable | 14:49 |
rellerreller | elmiko `openstack --os-auth-url=http://localhost:5000/v3 --os-project-domain-id=default --os-project-name=demo --os-user-domain-id=default --os-username=admin --os-password="secretadmin" --os-auth-type=password token issue` | 14:49 |
*** SheenaG has quit IRC | 14:50 | |
elmiko | in devstack there is that rc file you can source to get most of those options in the env | 14:50 |
rellerreller | elmiko I guess that is what I will need to do. | 14:50 |
elmiko | rellerreller: look at the file openrc in the devstack folder | 14:50 |
rellerreller | I have been banging my head on this for about 2 hours now. I should have done the tcpdump earlier | 14:50 |
elmiko | oh man... =( | 14:50 |
rellerreller | elmiko thanks. I did not know about that openrc file. | 14:52 |
elmiko | rellerreller: also, if you are curious i have a small script i source to set things up for a remote keystone. its only setup for v2 currently, but v3 shouldn't be that difficult | 14:52 |
elmiko | https://github.com/elmiko/stack-stuff/blob/master/keystone_admin_remote | 14:53 |
*** chlong is now known as chlong-weekend | 14:54 | |
rellerreller | elmiko I like this. I was wondering about how to unset the env variables. | 14:55 |
elmiko | rellerreller: i stole some of that from the virtualenv scripts =) | 14:56 |
*** Kevin_Bishop has joined #openstack-barbican | 14:59 | |
*** rellerreller has quit IRC | 15:04 | |
*** SheenaG has joined #openstack-barbican | 15:08 | |
*** kebray has joined #openstack-barbican | 15:13 | |
*** zz_dimtruck is now known as dimtruck | 15:15 | |
*** ig0r__ has joined #openstack-barbican | 15:19 | |
*** ig0r_ has quit IRC | 15:22 | |
*** mikeymeitbual has joined #openstack-barbican | 15:24 | |
*** chlong-weekend has quit IRC | 15:26 | |
*** SheenaG has quit IRC | 15:31 | |
*** diazjf has joined #openstack-barbican | 15:40 | |
*** SheenaG has joined #openstack-barbican | 15:46 | |
*** SheenaG has quit IRC | 15:46 | |
*** SheenaG has joined #openstack-barbican | 15:47 | |
*** SheenaG has quit IRC | 15:52 | |
*** SheenaG has joined #openstack-barbican | 15:52 | |
*** SheenaG has left #openstack-barbican | 15:52 | |
*** shohel has joined #openstack-barbican | 16:05 | |
hockeynut | woodster_ ping | 16:08 |
woodster_ | hockeynut: morning | 16:12 |
*** xaeth_afk is now known as xaeth | 16:21 | |
*** everjeje has quit IRC | 16:28 | |
*** kebray has quit IRC | 16:32 | |
*** silos has joined #openstack-barbican | 16:41 | |
diazjf | hey everyone, I'm trying to run Barbican Client functest, but am getting 401 because of keystone. Any guide on setting up my env to run the functest? thx | 16:45 |
woodster_ | diazjf: well, there is info on setting up a keystone instance locally in our sphinx docs if that helps. This CR adds more config info to the Docker Keystone setup as well: https://review.openstack.org/#/c/169114/ | 16:49 |
diazjf | woodster_ thanks. I'll take a look | 16:53 |
*** gyee has joined #openstack-barbican | 16:57 | |
*** kebray has joined #openstack-barbican | 16:59 | |
*** bitblt has joined #openstack-barbican | 17:01 | |
*** dabukalam has quit IRC | 17:07 | |
*** dabukalam has joined #openstack-barbican | 17:08 | |
openstackgerrit | Charles Neill proposed openstack/barbican: Unauthed tests for Secret & Container ACLs https://review.openstack.org/200634 | 17:19 |
*** rellerreller has joined #openstack-barbican | 17:20 | |
*** ccneill has joined #openstack-barbican | 17:23 | |
*** silos has left #openstack-barbican | 17:23 | |
ccneill | hey guys, anyone got a minute to review a CR? I promise it's an easy one O:-) | 17:23 |
ccneill | https://review.openstack.org/#/c/200634/ | 17:23 |
arunkant | reaperhulk : there? Have a quick question on pkcs11 impl. Do you a minute to clarify it? | 17:28 |
*** arunkant has quit IRC | 17:29 | |
*** diazjf has quit IRC | 17:31 | |
*** arunkant has joined #openstack-barbican | 17:32 | |
*** shohel has quit IRC | 17:34 | |
*** rellerreller has quit IRC | 17:43 | |
*** shohel has joined #openstack-barbican | 17:48 | |
*** shohel has quit IRC | 17:52 | |
*** ccneill has quit IRC | 18:08 | |
*** ccneill has joined #openstack-barbican | 18:28 | |
*** ccneill has quit IRC | 18:29 | |
*** mdarby has joined #openstack-barbican | 18:33 | |
*** arunkant_ has joined #openstack-barbican | 18:36 | |
*** arunkant has quit IRC | 18:39 | |
*** ryanpetrello has quit IRC | 18:40 | |
*** mdarby has quit IRC | 18:45 | |
*** ryanpetrello has joined #openstack-barbican | 18:45 | |
*** ccneill has joined #openstack-barbican | 18:53 | |
*** SheenaG has joined #openstack-barbican | 18:54 | |
openstackgerrit | OpenStack Proposal Bot proposed openstack/barbican: Updated from global requirements https://review.openstack.org/200658 | 18:54 |
ccneill | hey dave-mccowan, thanks for taking a look at my CR. I agree about the duplicate helper functions - just wanted to keep my security tests separate as I've done for the other resources, but I think in this case you're right that they should just go together | 18:57 |
ccneill | I'll update it in a moment | 18:57 |
*** tkelsey has quit IRC | 19:00 | |
dave-mccowan | ccneill cool. moving the duplicate code into the global scope or share class would also work for me, to cut down on duplication. | 19:08 |
*** rm_work is now known as rm_work|away | 19:11 | |
reaperhulk | arunkant_: what's up | 19:16 |
*** ig0r__ has quit IRC | 19:19 | |
*** ig0r_ has joined #openstack-barbican | 19:20 | |
*** xaeth is now known as xaeth_afk | 19:33 | |
*** pglass has quit IRC | 19:33 | |
*** xaeth_afk is now known as xaeth | 19:34 | |
*** pglass has joined #openstack-barbican | 19:34 | |
*** kebray has quit IRC | 19:36 | |
ccneill | dave-mccowan: yeah, I don't see much reason for those methods to be within the testcase class other than some assertions, but for now I'd rather not make any big changes to anyone else's tests | 19:43 |
*** pglass has quit IRC | 19:43 | |
*** pglass has joined #openstack-barbican | 19:44 | |
openstackgerrit | Nathan Reller proposed openstack/barbican: Added opaque data support to KMIP secret store https://review.openstack.org/200692 | 19:45 |
openstackgerrit | Dave McCowan proposed openstack/barbican: Add RBAC Functional Test for ACL Opeations https://review.openstack.org/200696 | 19:59 |
dave-mccowan | ccneill ^^ fyi, we're writing code in the same neighborhood. i'll be happy to rebase mine after yours merges. | 19:59 |
ccneill | cool cool | 20:01 |
ccneill | just running tox -e functional, and I got some very interesting results... | 20:01 |
ccneill | just running the functional tests seems to have crashed the API o_O | 20:01 |
ccneill | the new standard way to run the api is bin/barbican-api right? | 20:02 |
*** kebray has joined #openstack-barbican | 20:05 | |
openstackgerrit | Charles Neill proposed openstack/barbican: Unauthed tests for Secret & Container ACLs https://review.openstack.org/200634 | 20:05 |
dave-mccowan | ccneill are you seeing stuff like: error in setup command: 'install_requires' must be a string or list of strings containing valid project/version requirement specifiers | 20:06 |
ccneill | I think I did see that this morning.. I believe it has to do with the version of pip | 20:07 |
ccneill | I upgraded pip and for my virtualenv and blew up the .tox directory and that seemed to fix that issue | 20:07 |
dave-mccowan | ccneill i thought that might be your weirdness. the quick fix to that error is to the 'install_requires' error is to upgrade pbr. | 20:09 |
ccneill | this was part of the stacktrace before the API stopped responding: https://gist.github.com/cneill/9f2a0da4b757866498ca | 20:11 |
ccneill | something about the database locking | 20:11 |
*** bitblt has quit IRC | 20:14 | |
openstackgerrit | OpenStack Proposal Bot proposed openstack/barbican: Updated from global requirements https://review.openstack.org/200658 | 20:14 |
*** crc32 has joined #openstack-barbican | 20:40 | |
*** crc32 has quit IRC | 20:49 | |
*** crc32 has joined #openstack-barbican | 20:50 | |
*** rm_work|away is now known as rm_work | 20:53 | |
*** kfarr has left #openstack-barbican | 20:57 | |
-openstackstatus- NOTICE: Gerrit will be unavailable from 22:00 to 22:30 UTC for project renames | 21:02 | |
*** ig0r_ has quit IRC | 21:10 | |
*** spotz is now known as spotz_zzz | 21:14 | |
*** SheenaG has quit IRC | 21:14 | |
*** Kevin_Bishop has quit IRC | 21:16 | |
*** SheenaG has joined #openstack-barbican | 21:23 | |
*** Kevin_Bishop has joined #openstack-barbican | 21:30 | |
openstackgerrit | Dave McCowan proposed openstack/barbican: Implement Configuration, Controllers, and Validators for Resource Quotas https://review.openstack.org/198764 | 21:34 |
*** xaeth is now known as xaeth_afk | 21:51 | |
*** rm_you| has joined #openstack-barbican | 21:55 | |
-openstackstatus- NOTICE: Gerrit is unavailable from approximately 22:00 to 22:30 UTC for project renames | 21:57 | |
*** ChanServ changes topic to "Gerrit is unavailable from approximately 22:00 to 22:30 UTC for project renames" | 21:57 | |
*** pglass has quit IRC | 21:57 | |
*** rm_you has quit IRC | 21:58 | |
*** dimtruck is now known as zz_dimtruck | 21:59 | |
*** kebray has quit IRC | 22:04 | |
elmiko | alee: if you're around we're talking about the copy spec in openstack-api | 22:06 |
elmiko | redrobot too ^^ | 22:06 |
*** ChanServ changes topic to "OpenStack Barbican development" | 22:30 | |
*** elmiko is now known as _elmiko | 22:50 | |
*** rm_you has joined #openstack-barbican | 23:00 | |
*** rm_you has joined #openstack-barbican | 23:00 | |
*** ccneill has quit IRC | 23:02 | |
*** rm_you| has quit IRC | 23:02 | |
jkf | I wanted to ask before I file a bug and submit a patch, in the policy.json file, is there a reason that certificate_authority:add_to_project,remove_from_project,set_preferred use role:admin instead of rule:admin like the surrounding entries? | 23:06 |
*** rm_work is now known as rm_work|away | 23:20 | |
*** gyee has quit IRC | 23:21 | |
*** SheenaG has quit IRC | 23:30 | |
*** openstackgerrit has quit IRC | 23:39 | |
*** openstackgerrit has joined #openstack-barbican | 23:39 | |
openstackgerrit | Jason Fritcher proposed openstack/barbican: Fix policy.json certificate_authority inconsistency https://review.openstack.org/200766 | 23:43 |
*** SheenaG has joined #openstack-barbican | 23:51 | |
*** Daviey has quit IRC | 23:52 | |
*** SheenaG has quit IRC | 23:54 | |
*** SheenaG has joined #openstack-barbican | 23:56 |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!