Tuesday, 2015-09-08

*** kebray has joined #openstack-barbican		00:17
*** vivek-ebay has joined #openstack-barbican		01:17
*** vivek-ebay has quit IRC		01:22
*** yuanying has quit IRC		01:32
*** yuanying has joined #openstack-barbican		01:35
*** tkelsey has joined #openstack-barbican		01:46
*** tkelsey has quit IRC		01:51
*** david-ly_ has joined #openstack-barbican		01:51
*** yuanying has quit IRC		01:52
*** yuanying has joined #openstack-barbican		01:53
*** david-lyle has quit IRC		01:54
*** yuanying has quit IRC		02:01
*** yuanying has joined #openstack-barbican		02:01
*** yuanying has quit IRC		02:02
*** yuanying has joined #openstack-barbican		02:13
openstackgerrit	Pradeep Kumar Singh proposed openstack/barbican: Make tests in barbican.tests.plugin py3 compatible https://review.openstack.org/216093	02:15
*** yuanying has quit IRC		02:15
*** yuanying has joined #openstack-barbican		02:38
*** vivek-ebay has joined #openstack-barbican		02:49
*** yuanying has quit IRC		02:50
*** yuanying has joined #openstack-barbican		02:54
*** dave-mcc_ has quit IRC		02:58
openstackgerrit	Fernando Diaz proposed openstack/barbican: Use testr for running functional tests and documentation https://review.openstack.org/218117	03:25
*** yuanying_ has joined #openstack-barbican		03:42
*** yuanying has quit IRC		03:44
*** tkelsey has joined #openstack-barbican		03:48
*** tkelsey has quit IRC		03:52
*** jamielennox is now known as jamielennox\|away		03:56
*** vivek-eb_ has joined #openstack-barbican		04:10
*** vivek-ebay has quit IRC		04:13
*** vivek-eb_ is now known as vivek		04:14
*** vivek is now known as Guest79188		04:14
*** kebray has quit IRC		04:18
*** kebray has joined #openstack-barbican		04:18
*** Guest79188 has quit IRC		04:23
*** kebray_ has joined #openstack-barbican		04:41
*** kebray has quit IRC		04:43
*** vivek has joined #openstack-barbican		05:20
*** vivek is now known as Guest46095		05:20
*** Guest46095 has quit IRC		05:24
*** Nirupama has joined #openstack-barbican		05:38
*** vivek has joined #openstack-barbican		05:54
*** vivek is now known as Guest1071		05:54
*** pksingh has quit IRC		06:05
*** shohel has joined #openstack-barbican		06:16
*** Guest1071 has quit IRC		06:17
*** kebray_ has quit IRC		06:59
*** tkelsey has joined #openstack-barbican		07:24
*** chlong has quit IRC		07:56
*** everjeje has joined #openstack-barbican		08:29
*** shohel has quit IRC		08:29
*** shohel has joined #openstack-barbican		08:29
*** shohel has quit IRC		08:51
*** shohel has joined #openstack-barbican		08:52
*** darrenmoffat has quit IRC		09:09
*** darrenmoffat has joined #openstack-barbican		09:10
*** jaosorior has joined #openstack-barbican		10:23
*** jaosorior has quit IRC		10:24
*** jaosorior has joined #openstack-barbican		10:24
*** shohel1 has joined #openstack-barbican		10:30
*** shohel has quit IRC		10:33
openstackgerrit	Juan Antonio Osorio Robles proposed openstack/barbican: Added functional tests for creating CAs https://review.openstack.org/220409	10:41
*** jaosorior has quit IRC		10:54
*** peter-hamilton has joined #openstack-barbican		10:57
*** DTadrzak has joined #openstack-barbican		10:57
*** jaosorior has joined #openstack-barbican		10:59
openstackgerrit	Juan Antonio Osorio Robles proposed openstack/barbican: Added functional tests for creating CAs https://review.openstack.org/220409	11:03
*** shohel1 has quit IRC		11:05
*** shohel has joined #openstack-barbican		11:05
*** jaosorior has quit IRC		11:27
*** jaosorior has joined #openstack-barbican		11:27
openstackgerrit	Juan Antonio Osorio Robles proposed openstack/barbican: Added functional tests for creating CAs https://review.openstack.org/220409	12:02
*** shohel has quit IRC		12:02
*** shohel has joined #openstack-barbican		12:02
*** Nirupama has quit IRC		12:14
*** dave-mccowan has joined #openstack-barbican		12:18
*** chlong has joined #openstack-barbican		12:22
*** lisaclark1 has joined #openstack-barbican		12:25
*** alee has quit IRC		12:25
*** alee_ has quit IRC		12:25
*** SheenaG has joined #openstack-barbican		12:35
*** SheenaG has left #openstack-barbican		12:35
*** jhfeng has quit IRC		12:42
openstackgerrit	Juan Antonio Osorio Robles proposed openstack/barbican: Added functional tests for creating CAs https://review.openstack.org/220409	12:53
*** nelsnelson has joined #openstack-barbican		12:58
*** spotz_zzz is now known as spotz		12:59
*** lisaclark1 has quit IRC		13:06
*** woodster_ has joined #openstack-barbican		13:13
*** lisaclark1 has joined #openstack-barbican		13:15
*** kfarr has joined #openstack-barbican		13:17
jaosorior	kfarr: I think that CR is pretty much set.	13:22
kfarr	jaosorior, ok :)	13:22
jaosorior	kfarr: The one after that is pretty trivial too. If you have time to check it out :D	13:23
*** lisaclark1 has quit IRC		13:23
jaosorior	kfarr: https://review.openstack.org/#/c/220563/	13:26
*** lisaclark1 has joined #openstack-barbican		13:26
kfarr	jasorior, I'm looking at it! Today's a great day to review sub-CA code	13:26
jaosorior	haha yay :D	13:27
*** shohel has quit IRC		13:29
*** alee has joined #openstack-barbican		13:30
*** alee_ has joined #openstack-barbican		13:31
*** shohel has joined #openstack-barbican		13:34
*** lisaclark1 has quit IRC		13:35
alee	jaosorior, ping	13:38
alee	kfarr, thanks for reviews -- I'm going to address your comments on Oz last patch right now.	13:38
alee	dave-mccowan, it would be great if you could add quota support to subcas.	13:40
jaosorior	alee: pong	13:40
jaosorior	alee: Which patch?	13:40
alee	jaosorior, hey - validator patch	13:41
alee	wasn't sure if you were around :)	13:41
dave-mccowan	alee sound good. i'll do it.	13:41
alee	jaosorior, but if you are - please feel free to address	13:41
alee	dave-mccowan, thanks!	13:41
jaosorior	alee: I'll do it. I'm just waiting for this patch to finish execution in the gate: https://review.openstack.org/#/c/220409/8	13:42
alee	jaosorior, thats the funcitonal tests one, right?	13:43
jaosorior	alee: Yep. Should be passing now	13:44
alee	jaosorior, we need to disable a few of the tests for dogtag	13:44
alee	unless you did that ..	13:44
jaosorior	alee: I did	13:44
jaosorior	alee: three patches are disabled since the dogtag plugin still lacks that functionality	13:44
jaosorior	alee: * tests, not patches	13:45
alee	jaosorior, ok I see what you did - that works	13:46
jaosorior	AAaand it passes now	13:46
alee	jaosorior, I still see a coverage failure?	13:47
dave-mccowan	what's the trick to getting snake oil configure to run? i uncommented the 3 lines at the bottom of barbican.conf and i set enabled_certificate_plugins = snakeoil_ca. but GET /v1/cas still returns []	13:47
jaosorior	alee: So it seems. I'll check it out after addressing kfarr's comments	13:47
alee	dave-mccowan, you have to send in a cert request first	13:48
alee	dave-mccowan, the cas table gets populated by an initial cert request	13:48
alee	dave-mccowan, I'd like to change that perhaps - but thats the way it goes right now.	13:48
dave-mccowan	alee doesn't a user need to know the ca id to make a cert request?	13:49
alee	dave-mccowan, no	13:49
alee	dave-mccowan, it will go to the default or first ca	13:49
alee	and then all the ca plugins will be updated	13:49
jaosorior	alee: wouldn't doing a GET to /v1/cas/get-preferred also populate it?	13:49
alee	dave-mccowan, https://review.openstack.org/#/c/219412/7	13:50
alee	quickstart docs	13:50
alee	jaosorior, I wouldn't think so offhand	13:50
alee	there is a function refresh_cas() or somesuch that is called.	13:50
alee	refresh_ca_table()	13:52
alee	which is only called on issue_cert_request() right now	13:52
dave-mccowan	alee thanks. i'd like to see that changed too. and that doc change merged. a couple folks at my company ran into this, and the current docs don't highlight that behavior, like your patch set does.	13:54
alee	jaosorior, yeah - I tried to fix that coverage problem but my attempt doesn't seem to have worked	13:54
alee	dave-mccowan, agreed - please +1 the docs patch :)	13:54
alee	dave-mccowan, and yeah -once this set of patches gets merged, I'll look into changing that somehow.	13:55
jaosorior	alee: Where was it that the coverage failed again?	13:55
alee	jaosorior, barbican/plugin/snakeoil_ca.py (96.1%): Missing lines 228-230	13:55
alee	jaosorior, case where subca already exists and is read on startup	13:56
alee	jaosorior, I tried creating a cert/key file in the tmpdir , but that didn't work	13:57
jaosorior	alee: Aaah...that	13:57
alee	jaosorior, so yeah - if you have any thoughts on how to fix that - that would be super.	13:57
alee	more likely than not, that should be fixed on the previous patch though	13:57
alee	ie. the one that adds snakeoil plugin	13:57
jaosorior	yeah... I still don't figure out why it fails	13:58
*** lisaclark1 has joined #openstack-barbican		13:58
alee	jaosorior, initially, it did not fail on my system because I had stuff under /etc/barbican/snakeoil-cas	13:58
openstackgerrit	Merged openstack/barbican: Support for creation of subordinate CAs https://review.openstack.org/219411	13:59
alee	so I really don't know if its actually using the tmpdir	13:59
alee	woohoo! one down	13:59
alee	dave-mccowan, I see you took bug 1477240	14:01
openstack	bug 1477240 in Barbican "snakeoil plugin needs input CSR base64 decoded" [Undecided,Confirmed] https://launchpad.net/bugs/1477240 - Assigned to Dave McCowan (dave-mccowan)	14:01
dave-mccowan	alee yea. i can fix the unit tests on your patch, if you'd like.	14:01
alee	dave-mccowan, I fixed this in https://review.openstack.org/#/c/220409/	14:02
alee	dave-mccowan, needed to do this to run the functional tests correctly	14:02
jaosorior	alee: Ah! I'll mark it there then	14:03
openstackgerrit	Juan Antonio Osorio Robles proposed openstack/barbican: API documentation for CAs interface https://review.openstack.org/219412	14:04
openstackgerrit	Juan Antonio Osorio Robles proposed openstack/barbican: Add validators for new CA creations https://review.openstack.org/220563	14:04
openstackgerrit	Juan Antonio Osorio Robles proposed openstack/barbican: Added functional tests for creating CAs https://review.openstack.org/220409	14:04
openstackgerrit	Juan Antonio Osorio Robles proposed openstack/barbican: Add subca functionality to snakeoil plugin https://review.openstack.org/220011	14:04
dave-mccowan	alee does the one-line need to go to kilo too?	14:04
alee	dave-mccowan, well its one line + fixes to the unit tests	14:04
alee	dave-mccowan, but probably yes	14:05
jaosorior	alee: Can you +2 the following CR? https://review.openstack.org/#/c/205059/ that's needed to get the kilo gate working	14:05
*** lisaclark1 has quit IRC		14:05
alee	jaosorior, looking	14:05
jaosorior	kfarr: Addressed your comments in the validator CR	14:07
alee	jaosorior, hockeynut_afk , dave-mccowan whats the deal with the gate failures for the patch?	14:09
alee	https://review.openstack.org/#/c/205059	14:09
jaosorior	alee: You mean the dogtag gate failures? That patch is the requirements to get the dogtag gate fix patches we've been meaning to put into the stable/kilo branch for a while	14:10
jaosorior	* requirement	14:11
dave-mccowan	alee in "stable" kilo, infra changed under us. Mock changed to a new version and Tempest changed to a new version and something else changes with docs. this super-patch is mostly a mash of 3 other CRs that all needed to go together to fix the gates.	14:11
alee	jaosorior, ok - so I can ignore those then -- what about gate-barbican-devstack-dsvm-new ?	14:11
jaosorior	I don't know if the new changes for the gate are enabled in the stable/kilo gate	14:11
dave-mccowan	alee rm_work is working on -new gates. he has some more work to do, so the -new is liberty and newer only.	14:12
alee	ok	14:12
dave-mccowan	alee he wrote code to use the new devstack plugin feature to make barbican easier to use with devstack.	14:12
dave-mccowan	jaosorior they shouldn't be. i -1ed his patch to project-infra until he makes it not apply to stable/kilo.	14:14
alee	dave-mccowan, jaosorior looks like redrobot beat me to it	14:14
alee	kfarr, thanks for review of https://review.openstack.org/#/c/220563/	14:16
jaosorior	alee: what are you referring to?	14:17
alee	jaosorior, validators patch	14:17
alee	jaosorior, I'm going to wait for gate results and then will workflow it	14:17
jaosorior	alee: I meant when you said that redrobot beat you to it	14:17
alee	jaosorior, infra patch	14:17
jaosorior	I see	14:18
jaosorior	Thanks redrobot :D	14:18
*** shohel has quit IRC		14:18
redrobot	o/	14:18
alee	redrobot, you know, redrobot - as you're in a reviewing mood ..	14:19
alee	redrobot, https://review.openstack.org/#/c/219412 is a nice easy one to workflow	14:22
*** edtubill has joined #openstack-barbican		14:33
*** pglass has joined #openstack-barbican		14:35
jaosorior	kfarr: Are you around?	14:42
kfarr	jaosorior, yup!	14:42
jaosorior	kfarr: Got some workflows for this CR and the subsequent ones? https://review.openstack.org/#/c/205039/ they are part of a series to fix the dogtag gate in the stable/kilo branch	14:43
jaosorior	kfarr: They are backported from the master branch directly	14:43
kfarr	jaosorior, will take a look	14:43
*** jhfeng has joined #openstack-barbican		14:45
jaosorior	kfarr: Sure. Initially the first patch (The one I referred you to) had fixed that gate; But some changes to dogtag required the subsequent patches	14:45
*** david-ly_ is now known as david-lyle		14:53
jaosorior	kfarr: Anyway, the last patch should be the fix: https://review.openstack.org/#/c/205042/ and as you can see it actually makes the dogtag gate pass. But the patches before it are needed	14:54
*** lisaclark1 has joined #openstack-barbican		14:58
*** everjeje has quit IRC		15:02
*** kfarr has quit IRC		15:07
*** kfarr has joined #openstack-barbican		15:10
*** lisaclark1 has quit IRC		15:22
*** lisaclark1 has joined #openstack-barbican		15:33
dave-mccowan	redrobot is the container put blueprint a priority for liberty, or are we going to push it? https://review.openstack.org/#/c/207249/	15:37
*** edtubill has left #openstack-barbican		15:45
*** edtubill has joined #openstack-barbican		15:45
jaosorior	Any workflows for this? https://review.openstack.org/#/c/219412/	15:51
jaosorior	kfarr: Thanks for the comments on the dogtag related fixes. I added the "cherry-picked from" flag	15:52
*** lisaclark1 has quit IRC		15:53
*** lisaclark1 has joined #openstack-barbican		15:56
*** diazjf has joined #openstack-barbican		16:00
*** lisaclark1 has quit IRC		16:02
*** gyee has joined #openstack-barbican		16:03
openstackgerrit	Merged openstack/barbican: Add validators for new CA creations https://review.openstack.org/220563	16:05
*** ccneill has joined #openstack-barbican		16:05
*** vivek has joined #openstack-barbican		16:06
*** vivek is now known as Guest3460		16:06
jaosorior	Hey people. I decided to nominate dave-mccowan for Barbican core: http://lists.openstack.org/pipermail/openstack-dev/2015-September/073866.html Bring those +1's	16:11
jaosorior	alee, redrobot, woodster_, kfarr ^^	16:11
alee	jaosorior, dave-mccowan done	16:14
*** rm_mobile has joined #openstack-barbican		16:19
*** rm_mobile has quit IRC		16:19
*** rm_mobile has joined #openstack-barbican		16:19
*** jaosorior has quit IRC		16:21
*** diazjf has quit IRC		16:25
*** Guest3460 has quit IRC		16:26
*** silos has joined #openstack-barbican		16:28
*** diazjf has joined #openstack-barbican		16:30
*** kebray has joined #openstack-barbican		16:31
*** kebray has quit IRC		16:34
*** lisaclark1 has joined #openstack-barbican		16:39
*** kebray has joined #openstack-barbican		16:42
*** lisaclark1 has quit IRC		16:44
*** lisaclark1 has joined #openstack-barbican		16:51
*** diazjf has quit IRC		16:57
*** everjeje has joined #openstack-barbican		17:00
*** lisaclark1 has quit IRC		17:01
*** lisaclark1 has joined #openstack-barbican		17:03
*** kfarr has quit IRC		17:04
*** kebray has quit IRC		17:04
*** diazjf has joined #openstack-barbican		17:05
*** lisaclark2 has joined #openstack-barbican		17:07
*** lisaclark2 has quit IRC		17:07
*** lisaclark1 has quit IRC		17:09
*** vivek has joined #openstack-barbican		17:12
*** vivek has quit IRC		17:12
*** rm_mobile has quit IRC		17:18
*** peter-hamilton has quit IRC		17:19
*** nelsnelson has quit IRC		17:34
*** nelsnelson has joined #openstack-barbican		17:39
*** ccneill has quit IRC		17:45
*** pglass has quit IRC		17:49
*** pglass has joined #openstack-barbican		17:49
*** ccneill has joined #openstack-barbican		17:57
*** nelsnelson has quit IRC		17:59
*** SheenaG has joined #openstack-barbican		18:00
*** SheenaG has left #openstack-barbican		18:00
diazjf	elmiko, can you share the patch for sahara that you are working on? kfarr, added this https://review.openstack.org/#/c/220850/ to enable rekey is future swift keymaster code.\	18:02
*** nelsnelson has joined #openstack-barbican		18:03
elmiko	diazjf: yea, 1sec, sorry i missed you last week. you logged off just before i uploaded my patch	18:04
elmiko	diazjf: https://review.openstack.org/#/c/220680/	18:04
diazjf	elmiko, no worries, thanks alot!!	18:07
elmiko	diazjf: no problem, ping me if you have any questions or comments	18:10
diazjf	elmiko, thanks, I will look over the code in a few. BTW does your implementation use Barbican as a key manager?	18:11
elmiko	diazjf: our impl allows for either barbican or our sahara key manager. by default we are using our own key manager.	18:12
elmiko	this is based on our needs for backward compatibility, and not placing the barbican requirement on our end-users	18:12
elmiko	the main reason we chose to use castellan is that it provides a nice abstraction for whichever key manager backend we need	18:13
diazjf	elmiko, how are you able to choose?	18:16
elmiko	diazjf: you can change the key manager by adjusting the "api_class" configuration value.	18:18
elmiko	look at the castellan docs, https://github.com/openstack/castellan/blob/master/doc/source/usage.rst	18:18
elmiko	see "Example. Changing the key manager provider while using the global configuration."	18:19
diazjf	elmiko, will do thanks!	18:22
*** openstackgerrit has quit IRC		18:31
*** openstackgerrit has joined #openstack-barbican		18:31
rm_work	woo Castellan doing what it is supposed to do :P	18:38
*** jhfeng has quit IRC		18:41
*** jhfeng has joined #openstack-barbican		18:44
elmiko	rm_work: yea =)	18:47
rm_work	so if you guys needed certificates, you'd still be a great use-case for castellan-certs	18:47
rm_work	but i guess you do not?	18:47
rm_work	since you do/did have a way for users to input certs directly to you, so it does make some sense for flipping from your DB to barbican	18:48
elmiko	currently, we are just trying to offload password type secrets. we might have use for the certificate stuff in the future though/	18:55
*** ccneill_ has joined #openstack-barbican		19:05
*** ccneill has quit IRC		19:05
*** pglass has quit IRC		19:06
*** ccneill_ is now known as ccneill		19:06
*** ccneill_ has joined #openstack-barbican		19:07
*** ccneill has quit IRC		19:11
*** kebray has joined #openstack-barbican		19:20
*** kebray has quit IRC		19:20
*** silos has left #openstack-barbican		19:21
*** kebray has joined #openstack-barbican		19:21
*** kfarr has joined #openstack-barbican		19:26
*** kebray has quit IRC		19:36
alee	kfarr, ping	19:52
kfarr	alee, pong!	19:52
alee	kfarr, hey - can you look at https://review.openstack.org/#/c/220011/ ?	19:52
alee	kfarr, and then https://review.openstack.org/#/c/220409/ ?	19:53
kfarr	alee, ok, I will take a look!	19:53
alee	kfarr, thanks!	19:53
openstackgerrit	Merged openstack/barbican: API documentation for CAs interface https://review.openstack.org/219412	20:05
*** tkelsey has quit IRC		20:07
*** silos has joined #openstack-barbican		20:10
*** silos has left #openstack-barbican		20:10
*** pglass has joined #openstack-barbican		20:20
*** Guest99551 has joined #openstack-barbican		20:23
Guest99551	hi	20:23
redrobot	hi Guest99551	20:23
*** ccneill has joined #openstack-barbican		20:24
dave-mccowan	alee you need to add project_id to cert_resources.create_subordinate_ca() in 220011	20:24
dave-mccowan	alee (or i need to) :-) quota support on the way.	20:24
alee	dave-mccowan, looking ..	20:24
dave-mccowan	alee nevermind. it's there as project.	20:25
alee	dave-mccowan, ok good :)	20:25
*** ccneill_ has quit IRC		20:27
*** Guest99551 has quit IRC		20:28
*** Anton12345 has joined #openstack-barbican		20:45
*** Anton12345 has quit IRC		20:46
dave-mccowan	alee are the snakeoil functional tests working now?	20:47
dave-mccowan	alee (for subcas)	20:47
alee	dave-mccowan, theyshould be yes	20:47
alee	dave-mccowan, they should be yes	20:47
*** Antonwoods has joined #openstack-barbican		20:47
alee	dave-mccowan, https://review.openstack.org/#/c/220409/	20:48
dave-mccowan	alee do i need to change a config setting to unskip them?	20:48
alee	dave-mccowan, so they are not yet merged -- see above patch (and one before that)	20:49
alee	dave-mccowan, but with those patches merged, they would be running	20:49
dave-mccowan	alee i did a git review -d 220409 to start. i'm basing my quota contribution on top of them.	20:50
alee	dave-mccowan, ok good	20:50
alee	dave-mccowan, so they should just run -- against the snakeoil ca	20:50
*** Antonwoods has quit IRC		20:51
*** jaosorior has joined #openstack-barbican		20:52
dave-mccowan	for me, the skipIf check passes (not snakeoil) and they are skipped.	20:52
dave-mccowan	alee and if i comment out that, only simple_certificate is showing up in my cas list.	20:53
zigo	Hi !	20:53
*** Antonwoods has joined #openstack-barbican		20:53
zigo	Is there anyone working on Castellan here?	20:53
zigo	I got packaging issues that must be solved upstream ASAP.	20:53
jaosorior	dave-mccowan: What's up?	20:53
dave-mccowan	jaosorior when i try to run the functional tests you added (and the new ones i added) all the snakeoil ones are skipped.	20:54
dave-mccowan	jaosorior when i force them to run (by commenting out skipIfs), snakeoil is not in my cas list.	20:55
jaosorior	Ooook	20:55
jaosorior	that's weird	20:55
zigo	To make things short: could someone urgently release a new version of castellan ?	20:56
dave-mccowan	do functional tests read barbican.conf?	20:56
*** reaperhulk has quit IRC		20:56
*** reaperhulk has joined #openstack-barbican		20:56
jaosorior	They should with the change I added	20:56
zigo	Otherwise, it's going to be difficult for me to build Glance which depends on it.	20:56
dave-mccowan	zigo you need to ask kfarr	20:56
jaosorior	redrobot, kfarr: ^^	20:57
zigo	dave-mccowan: Thanks !	20:57
zigo	I just spoke to redrobot in the #openstack-glance channel, as I bumped into castellan doing the Liberty b3 package of Glance for Debian.	20:57
kfarr	Hey zigo, I will take a look, what is the issue?	20:57
dave-mccowan	jaosorior which one does it read? /etc/barbican or from the tree?	20:58
zigo	kfarr: The requirements.txt of Castellan are basically those of Kilo ...	20:58
zigo	kfarr: Things like pbr<1.0	20:58
jaosorior	dave-mccowan: It should be reading /etc/barbican	20:58
rm_work	jaosorior: i thought they normally read from barbican-functional.conf, is that merging?	20:58
zigo	kfarr: I can't use that if I don't heavily patch it.	20:58
zigo	kfarr: So basically, just please release what's in master.	20:58
jaosorior	I mean /etc/barbican/barbican.conf	20:58
zigo	kfarr: Requirements.txt in master is in line with the rest of OpenStack as much as I can see.	20:59
alee	yeah - should be reading from barbican-functional.conf	20:59
jaosorior	rm_work: It read the one you mention. But if you import barbican.common.config you can actually read what's given to the serer	20:59
alee	jaosorior, you mean /etc/barbican/barbican-functional.conf , right?	20:59
jaosorior	no	20:59
zigo	(I didn't look deep, just from top of my head after doing approx 50 package upload for Liberty B3 so far...)	20:59
kfarr	zigo, I will work on a release, one second	21:00
zigo	kfarr: Thanks so much.	21:00
zigo	I'll put Glance and Castellan packaging on hold until then.	21:00
jaosorior	The way I implemented the skipping of tests for in this CR https://review.openstack.org/#/c/220409/11/functionaltests/api/v1/functional/test_cas.py was by reading what plugin does the server have. And that configuration is not in the barbican-functional.conf	21:00
zigo	And I'll work on something else.	21:00
zigo	(probably horizon and its xstatic dependencies)	21:00
jaosorior	so I needed to read what's it /etc/barbican/barbican.conf which is the server configuration	21:00
alee	jaosorior, you are running the functional tests using tox -e functional , right?	21:02
dave-mccowan	jaosorior alee i see, so now it reads from both. it works in the gate, but not in my setup. so i need to figure out what i'm doing differently.	21:02
jaosorior	alee: I'm talking about the gate	21:02
dave-mccowan	jaosorior mainly i was asking to make sure it's supposed to be working, before i debug my local setup.	21:03
alee	jaosorior, so that I understand then, if I am running the functional tests locally then -- using tox -e functional , what config file do I need to have set up?	21:04
dave-mccowan	before adding subcas, how many CAs should be in my list? 2 (simple_certificate and snakeoil)	21:04
alee	yes	21:05
jaosorior	Actually	21:05
jaosorior	I think there's a bug	21:06
jaosorior	it might be getting it from somewhere else	21:06
jaosorior	due to this https://github.com/openstack/barbican/blob/master/barbican/common/config.py#L134	21:06
jaosorior	I mean, this: https://github.com/openstack/barbican/blob/master/barbican/common/config.py#L136	21:06
jaosorior	it's still looking for barbican-api.conf	21:06
alee	sorry - guys I need to head offline right now .. back in a few hours	21:07
jaosorior	alee: Have a good one	21:07
alee	jaosorior, please send me an email with what you find.	21:07
alee	jaosorior, I suspect that this might impact the strange coverage thing perhaps.	21:07
jaosorior	alee: I will submit a patch and lets see how it works	21:08
alee	jaosorior, but I'd like to know -- what should it be reading to have the config read on the gate and also set up locally	21:08
alee	because the patchset originally changed barbican-functional.conf	21:09
alee	so it could run locally	21:09
kfarr	zigo, I pushed the tagged release to gerrit, but in the past it hasn't been releasing automatically to pypi. I'll have to ask redrobot for a manual release	21:09
alee	so maybe it needs both ??	21:09
kfarr	redrobot, ping	21:09
redrobot	kfarr pong	21:10
kfarr	redrobot, can you please do a manual release for castellan through launchpad, I don't think it's automatically going to pypi for whatever reason	21:10
openstackgerrit	Juan Antonio Osorio Robles proposed openstack/barbican: Added functional tests for creating CAs https://review.openstack.org/220409	21:11
openstackgerrit	Juan Antonio Osorio Robles proposed openstack/barbican: Add subca functionality to snakeoil plugin https://review.openstack.org/220011	21:11
openstackgerrit	Juan Antonio Osorio Robles proposed openstack/barbican: Use barbican.conf instead of barbican-api.conf https://review.openstack.org/221505	21:11
kfarr	redrobot, I tagged the release through gerrit already	21:11
redrobot	kfarr sure thing... we should get that autorelease job fixed up though.	21:11
kfarr	thanks redrobot! zigo, castellan 0.2.1 is out, do we need that in global requirements, too?	21:12
redrobot	kfarr zigo https://pypi.python.org/pypi/castellan/0.2.1	21:13
zigo	kfarr: redrobot: Thanks so much !!!	21:15
jaosorior	dave-mccowan: But yeah. Normally we add and read configurations for the functional tests from barbican-functional.conf	21:16
jaosorior	dave-mccowan: Thing is, I needed to know which exact backend is configured on the server side, so I did it by importing barbican.plugin.interface.certificate_manager in line 24 of this file https://review.openstack.org/#/c/220409/12/functionaltests/api/v1/functional/test_cas.py	21:17
*** alee_ has quit IRC		21:17
*** alee has quit IRC		21:18
jaosorior	there is where the certificate configuration is defined on the server side, which will also extend the global configuration file for the server (that's done in barbiacan.common.config)... which actually reads the file	21:18
jaosorior	and it should be taking by default /etc/barbican/barbican.conf	21:18
jaosorior	although if that is not present, it also accepts ~/barbican.conf if I recall correctly	21:19
jaosorior	dave-mccowan: Does that make sense?	21:19
dave-mccowan	jaosorior yep. i'll hook up the debugger to check what file my setup is reading.	21:21
jaosorior	dave-mccowan: Alright.	21:23
jaosorior	Well, I gotta go now	21:27
*** jaosorior has quit IRC		21:27
*** silos1 has joined #openstack-barbican		21:38
*** silos1 has left #openstack-barbican		21:38
*** diazjf has left #openstack-barbican		21:50
*** jamielennox\|away is now known as jamielennox		21:51
*** Antonwoods has quit IRC		21:56
*** woodster_ has quit IRC		21:59
*** Antonwoods has joined #openstack-barbican		21:59
*** Antonwoods is now known as Anton		21:59
*** Anton is now known as Guest27402		21:59
zigo	kfarr: redrobot: Castellan uploaded to Debian Experimental (it will go through the FTP master NEW queue before being accepted).	22:09
zigo	Thanks again.	22:09
* zigo returns to building glance		22:09
*** Guest27402 has quit IRC		22:11
*** edtubill has quit IRC		22:14
*** spotz is now known as spotz_zzz		22:16
*** diazjf has joined #openstack-barbican		22:23
*** jhfeng has quit IRC		22:34
*** kfarr has quit IRC		22:41
*** pglass has quit IRC		22:44
*** Antonwoods has joined #openstack-barbican		22:59
*** Antonwoods is now known as Anton		22:59
*** Anton is now known as Guest34070		22:59
*** Guest34070 has quit IRC		23:01
*** Antonwoods has joined #openstack-barbican		23:01
*** dimtruck is now known as zz_dimtruck		23:18
*** alee has joined #openstack-barbican		23:21
*** alee_ has joined #openstack-barbican		23:22
*** chlong has quit IRC		23:27
*** chlong has joined #openstack-barbican		23:28
*** Antonwoods has quit IRC		23:29
*** vivek-ebay has joined #openstack-barbican		23:36
*** Antonwoods has joined #openstack-barbican		23:53
*** Antonwoods is now known as Anton		23:53
*** Anton is now known as Guest76787		23:53
*** woodster_ has joined #openstack-barbican		23:57
*** Guest76787 has quit IRC		23:58
*** ccneill has quit IRC		23:58

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!