| *** zz_dimtruck is now known as dimtruck | 00:17 | |
| *** gyee has quit IRC | 00:33 | |
| *** spotz_zzz has quit IRC | 00:47 | |
| *** hockeynut_afk has quit IRC | 00:48 | |
| *** lbragstad has quit IRC | 00:48 | |
| *** eglute_s has quit IRC | 00:48 | |
| *** dimtruck has quit IRC | 00:48 | |
| *** jamielennox has quit IRC | 00:49 | |
| *** jilly has quit IRC | 00:49 | |
| *** tdink has quit IRC | 00:49 | |
| *** rm_work has quit IRC | 00:50 | |
| *** jroll has quit IRC | 00:50 | |
| *** dimtruck has joined #openstack-barbican | 00:53 | |
| *** spotz_zzz has joined #openstack-barbican | 00:53 | |
| *** jroll has joined #openstack-barbican | 00:53 | |
| *** eglute has joined #openstack-barbican | 00:53 | |
| *** rm_work has joined #openstack-barbican | 00:53 | |
| *** rm_work has quit IRC | 00:53 | |
| *** rm_work has joined #openstack-barbican | 00:53 | |
| *** hockeynut has joined #openstack-barbican | 00:53 | |
| *** jamielennox has joined #openstack-barbican | 00:54 | |
| *** lbragstad has joined #openstack-barbican | 00:54 | |
| *** tdink has joined #openstack-barbican | 00:54 | |
| *** jillysciarilly has joined #openstack-barbican | 00:54 | |
| openstackgerrit | Dave McCowan proposed openstack/barbican: Add Project Quota Support for Sub CAs https://review.openstack.org/221557 | 00:59 |
|---|---|---|
| openstackgerrit | Dave McCowan proposed openstack/barbican: Add Project Quota Support for Sub CAs https://review.openstack.org/221557 | 01:01 |
| *** diazjf has quit IRC | 01:15 | |
| *** diazjf has joined #openstack-barbican | 01:16 | |
| openstackgerrit | Dave McCowan proposed openstack/barbican: Add Project Quota Support for Sub CAs https://review.openstack.org/221557 | 01:22 |
| *** dimtruck is now known as zz_dimtruck | 01:24 | |
| *** everjeje has quit IRC | 01:42 | |
| *** diazjf has left #openstack-barbican | 02:00 | |
| *** zz_dimtruck is now known as dimtruck | 02:05 | |
| *** woodster_ has quit IRC | 02:39 | |
| *** vivek-ebay has quit IRC | 02:42 | |
| *** Nirupama has joined #openstack-barbican | 02:44 | |
| *** dimtruck is now known as zz_dimtruck | 03:08 | |
| *** kebray has joined #openstack-barbican | 03:13 | |
| *** kebray has quit IRC | 03:15 | |
| openstackgerrit | Dave McCowan proposed openstack/barbican: Add Project Quota Support for Sub CAs https://review.openstack.org/221557 | 03:15 |
| *** zz_dimtruck has quit IRC | 03:29 | |
| *** nelsnels_ has joined #openstack-barbican | 03:37 | |
| *** zz_dimtruck has joined #openstack-barbican | 03:38 | |
| *** zz_dimtruck is now known as dimtruck | 03:38 | |
| *** nelsnelson has quit IRC | 03:40 | |
| *** nelsnels_ has quit IRC | 03:49 | |
| *** nelsnelson has joined #openstack-barbican | 03:49 | |
| *** nelsnelson has quit IRC | 03:50 | |
| *** dave-mccowan has quit IRC | 03:51 | |
| *** kebray has joined #openstack-barbican | 04:13 | |
| *** kebray has quit IRC | 04:14 | |
| *** kebray has joined #openstack-barbican | 04:14 | |
| *** vivek-ebay has joined #openstack-barbican | 04:36 | |
| *** Kevin_Zheng has quit IRC | 05:25 | |
| *** dimtruck is now known as zz_dimtruck | 05:26 | |
| *** rm_work has quit IRC | 05:59 | |
| *** rm_work has joined #openstack-barbican | 05:59 | |
| *** rm_work has quit IRC | 06:00 | |
| *** rm_work has joined #openstack-barbican | 06:00 | |
| *** rm_work has quit IRC | 06:02 | |
| *** rm_work has joined #openstack-barbican | 06:03 | |
| *** rm_work has quit IRC | 06:04 | |
| *** rm_work has joined #openstack-barbican | 06:04 | |
| *** rm_work has quit IRC | 06:06 | |
| *** rm_work has joined #openstack-barbican | 06:06 | |
| *** shohel has joined #openstack-barbican | 06:23 | |
| *** jaosorior has joined #openstack-barbican | 06:25 | |
| *** vivek-ebay has quit IRC | 06:32 | |
| *** vivek-ebay has joined #openstack-barbican | 06:32 | |
| *** vivek-ebay has quit IRC | 06:32 | |
| *** kebray has quit IRC | 06:33 | |
| openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Added functional tests for creating CAs https://review.openstack.org/220409 | 06:44 |
| openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Add subca functionality to snakeoil plugin https://review.openstack.org/220011 | 06:44 |
| openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Add Project Quota Support for Sub CAs https://review.openstack.org/221557 | 07:20 |
| *** everjeje has joined #openstack-barbican | 07:35 | |
| *** tkelsey has joined #openstack-barbican | 08:31 | |
| *** darrenmoffat has quit IRC | 09:11 | |
| *** darrenmoffat has joined #openstack-barbican | 09:12 | |
| openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Added functional tests for creating CAs https://review.openstack.org/220409 | 09:17 |
| openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Add subca functionality to snakeoil plugin https://review.openstack.org/220011 | 09:17 |
| *** jaosorior has quit IRC | 10:00 | |
| *** yuanying_ is now known as yuanying | 10:02 | |
| openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Add Project Quota Support for Sub CAs https://review.openstack.org/221557 | 10:12 |
| *** tkelsey has quit IRC | 10:53 | |
| *** jaosorior has joined #openstack-barbican | 11:14 | |
| *** peter-hamilton has joined #openstack-barbican | 11:24 | |
| jaosorior | anybody around yet> | 11:27 |
| jaosorior | ? | 11:27 |
| *** zz_dimtruck is now known as dimtruck | 11:28 | |
| *** tkelsey has joined #openstack-barbican | 11:31 | |
| openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Use barbican.conf instead of barbican-api.conf https://review.openstack.org/221505 | 11:34 |
| openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Added functional tests for creating CAs https://review.openstack.org/220409 | 11:34 |
| openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Add subca functionality to snakeoil plugin https://review.openstack.org/220011 | 11:34 |
| openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Add Project Quota Support for Sub CAs https://review.openstack.org/221557 | 11:34 |
| *** tkelsey has quit IRC | 11:35 | |
| *** peter-hamilton has quit IRC | 11:44 | |
| *** dave-mccowan has joined #openstack-barbican | 11:44 | |
| openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Use barbican.conf instead of barbican-api.conf https://review.openstack.org/221505 | 11:45 |
| openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Add subca functionality to snakeoil plugin https://review.openstack.org/220011 | 11:46 |
| openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Added functional tests for creating CAs https://review.openstack.org/220409 | 11:46 |
| openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Add Project Quota Support for Sub CAs https://review.openstack.org/221557 | 11:46 |
| dave-mccowan | jaosorior ping | 11:57 |
| jaosorior | dave-mccowan: pong | 11:57 |
| dave-mccowan | jaosorior quick question on transport keys and quotas. it turns out that Transport Keys are not project resources, they should not have quotas. i had already deleted most of the mentions of them from the quota code. they need to be all gone. it seems convenient to remove them while adding cas to the same file. i can update the commit message explaining. or do you think it really needs to be two CRs? | 12:00 |
| jaosorior | I do recommend another CR since it would make that change easier to track | 12:00 |
| *** Nirupama has quit IRC | 12:00 | |
| jaosorior | on the other hand, three are some instances of transport_key quotas missing (e.g. validation code), so it would be apprpriate to delete those too | 12:01 |
| jaosorior | so if we remove the transport keys from quotas, and at some point we decide that it actually made sense to have them there, we can just revert the commit and thus we would get them back. And if ther would be a problem with the removal of them, tracking which commit caused the issue would be easier if it would have it's own commit | 12:02 |
| *** woodster_ has joined #openstack-barbican | 12:06 | |
| dave-mccowan | jaosorior i already messed up the clean revert, since most of the transport quota key code was deleted before it merged. just some sloppy leftovers that i missed before commit. i do need to finish deleting the rest of it. | 12:07 |
| dave-mccowan | jaosorior ok.. i'll split it into two CRs. i guess if i'm careful, git will do most of the work. :-) | 12:10 |
| *** dimtruck is now known as zz_dimtruck | 12:12 | |
| dave-mccowan | jaosorior i was surprised how much of it i found in the code. i wonder if i had a commit that i forgot to push. | 12:12 |
| jaosorior | dave-mccowan: honestly I didn't even know it was no longer gonna be used | 12:12 |
| dave-mccowan | jaosorior i think we talked about it (and merged it) while you were on vacation. | 12:14 |
| jaosorior | dave-mccowan: Alright. I guess it makes sense | 12:14 |
| dave-mccowan | transport-keys are one-per-plugin. there is no may for a project admin to add or delete them, so quotas don't apply. | 12:14 |
| jaosorior | dave-mccowan: Now it definitely makes sense | 12:15 |
| dave-mccowan | jaosorior too bad i had it mostly coded before i figured that out. :-D | 12:16 |
| jaosorior | git rebase -i makes since easier | 12:16 |
| jaosorior | can't live without it | 12:16 |
| jaosorior | dave-mccowan: On the other hand, I did some rebases of your CR on top of mines, so I recommend taking that into account | 12:17 |
| *** peter-hamilton has joined #openstack-barbican | 12:18 | |
| dave-mccowan | jaosorior will do. i'll add a new CR and insert it into the "chain" before mine and after yours and ade's. | 12:19 |
| jaosorior | peter-hamilton: thanks for the quick responses to the CR | 12:20 |
| peter-hamilton | jaosorior: not a problem | 12:21 |
| peter-hamilton | jaosorior: it seemed manageable :P | 12:21 |
| jaosorior | peter-hamilton: If you have time to review the subsequent CRs it would be greatly appreciated | 12:22 |
| peter-hamilton | jaosorior: will do! | 12:22 |
| *** zz_dimtruck is now known as dimtruck | 12:23 | |
| *** dimtruck is now known as zz_dimtruck | 12:23 | |
| *** rellerreller has joined #openstack-barbican | 12:30 | |
| dave-mccowan | jaosorior do you have any ideas what's going on with the snakeoil plugin config? | 12:36 |
| jaosorior | dave-mccowan: Somewhat. What's up? | 12:37 |
| dave-mccowan | jaosorior snakeoil func tests do not run in the gate or on my dev environment | 12:37 |
| jaosorior | they don't run on the gate? | 12:38 |
| dave-mccowan | i checked the console logs; they show "skipped". | 12:38 |
| jaosorior | I see | 12:39 |
| jaosorior | let me take a look | 12:39 |
| jaosorior | dave-mccowan: Got a link to the logs? | 12:39 |
| jaosorior | dave-mccowan: Found them | 12:40 |
| jaosorior | it is skipping them | 12:40 |
| jaosorior | gotta fix that | 12:40 |
| dave-mccowan | it's weird that it's working your you and ade, but not me or the gate. | 12:40 |
| dave-mccowan | i didn't see any unskipIf(redhat) code. ;-) | 12:41 |
| *** Antonwoods has joined #openstack-barbican | 12:42 | |
| *** Antonwoods is now known as Anton | 12:42 | |
| *** Anton is now known as Guest99344 | 12:43 | |
| openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Add Project Quota Support for Sub CAs https://review.openstack.org/221557 | 12:44 |
| openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Added functional tests for creating CAs https://review.openstack.org/220409 | 12:44 |
| jaosorior | peter-hamilton: As a guideline, usually nits do not merit a -1 | 12:45 |
| peter-hamilton | jaosorior: yeah, that's true, it was more a judgment call | 12:47 |
| peter-hamilton | jaosorior: i'm happy to flip it | 12:47 |
| openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Add Project Quota Support for Sub CAs https://review.openstack.org/221557 | 12:48 |
| openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Added functional tests for creating CAs https://review.openstack.org/220409 | 12:48 |
| openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Add subca functionality to snakeoil plugin https://review.openstack.org/220011 | 12:48 |
| jaosorior | peter-hamilton: Addressed the comments anyway | 12:48 |
| peter-hamilton | jaosorior: cool, i'll take a look | 12:48 |
| peter-hamilton | jaosorior: thanks, it lgtm | 12:52 |
| *** nelsnelson has joined #openstack-barbican | 12:52 | |
| peter-hamilton | jaosorior: i'll try to get to the other two in a bit | 12:52 |
| *** SheenaG has joined #openstack-barbican | 12:53 | |
| *** SheenaG has left #openstack-barbican | 12:54 | |
| *** rellerreller has quit IRC | 13:00 | |
| *** everjeje has quit IRC | 13:02 | |
| openstackgerrit | Dave McCowan proposed openstack/barbican: Remove Vestigial Transport Key Quota Code https://review.openstack.org/221745 | 13:05 |
| *** jaosorior has quit IRC | 13:06 | |
| *** lisaclark1 has joined #openstack-barbican | 13:09 | |
| openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Remove Vestigial Transport Key Quota Code https://review.openstack.org/221745 | 13:10 |
| openstackgerrit | Dave McCowan proposed openstack/barbican: Remove Vestigial Transport Key Quota Code https://review.openstack.org/221745 | 13:11 |
| openstackgerrit | Dave McCowan proposed openstack/barbican: Remove Vestigial Transport Key Quota Code https://review.openstack.org/221745 | 13:12 |
| *** lisaclark1 has quit IRC | 13:15 | |
| *** jaosorior has joined #openstack-barbican | 13:18 | |
| *** zz_dimtruck is now known as dimtruck | 13:19 | |
| *** tkelsey has joined #openstack-barbican | 13:30 | |
| openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Added functional tests for creating CAs https://review.openstack.org/220409 | 13:36 |
| openstackgerrit | Dave McCowan proposed openstack/barbican: Add Project Quota Support for Sub CAs https://review.openstack.org/221557 | 13:36 |
| openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Remove Vestigial Transport Key Quota Code https://review.openstack.org/221745 | 13:37 |
| openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Add Project Quota Support for Sub CAs https://review.openstack.org/221557 | 13:37 |
| openstackgerrit | Dave McCowan proposed openstack/barbican: Add Project Quota Support for Sub CAs https://review.openstack.org/221557 | 13:48 |
| openstackgerrit | Dave McCowan proposed openstack/barbican: Add Project Quota Support for Sub CAs https://review.openstack.org/221557 | 13:56 |
| *** jhfeng has joined #openstack-barbican | 14:13 | |
| *** kebray has joined #openstack-barbican | 14:21 | |
| *** pglass has joined #openstack-barbican | 14:21 | |
| *** kebray has quit IRC | 14:22 | |
| *** kebray has joined #openstack-barbican | 14:23 | |
| *** kebray has quit IRC | 14:23 | |
| *** vivek-ebay has joined #openstack-barbican | 14:27 | |
| *** Guest99344 has quit IRC | 14:29 | |
| *** shohel has quit IRC | 14:33 | |
| *** vivek-ebay has quit IRC | 14:45 | |
| *** Antonwoods has joined #openstack-barbican | 14:46 | |
| *** Antonwoods is now known as Anton | 14:46 | |
| *** Anton is now known as Guest99081 | 14:46 | |
| *** Guest99081 has quit IRC | 14:47 | |
| jaosorior | dave-mccowan: So you were right that it wasn't loading the snakeoil CA. I my function had a bug and I was just taking into account that it was passing because of a misunderstanding on how oslo.config works | 14:48 |
| jaosorior | now I fixed that function and we figured out that there is an error in one of the subca test cases | 14:49 |
| *** edtubill has joined #openstack-barbican | 14:49 | |
| *** dave-mccowan has quit IRC | 15:02 | |
| openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Added functional tests for creating CAs https://review.openstack.org/220409 | 15:07 |
| openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Add subca functionality to snakeoil plugin https://review.openstack.org/220011 | 15:07 |
| *** dave-mccowan has joined #openstack-barbican | 15:16 | |
| dave-mccowan | jaosorior cool. | 15:17 |
| jaosorior | so now we're trying to figure out why is there an error when creating a subca from another subca | 15:18 |
| dave-mccowan | jaosorior hopefully the tests will run in my dev environment now too. checking... | 15:19 |
| openstackgerrit | Dave McCowan proposed openstack/barbican: Remove Vestigial Transport Key Quota Code https://review.openstack.org/221745 | 15:20 |
| openstackgerrit | Dave McCowan proposed openstack/barbican: Add Project Quota Support for Sub CAs https://review.openstack.org/221557 | 15:21 |
| *** ccneill has joined #openstack-barbican | 15:25 | |
| *** diazjf has joined #openstack-barbican | 15:30 | |
| *** gyee has joined #openstack-barbican | 15:49 | |
| openstackgerrit | Merged openstack/barbican: Use barbican.conf instead of barbican-api.conf https://review.openstack.org/221505 | 16:00 |
| *** vivek-ebay has joined #openstack-barbican | 16:00 | |
| jaosorior | dave-mccowan: It should be working now | 16:03 |
| jaosorior | peter-hamilton are you around? | 16:06 |
| peter-hamilton | jaosorior: chewing food and on a call, but yes :) | 16:06 |
| jaosorior | ouch haha well, can you re-visit this CR? https://review.openstack.org/#/c/220011/19 | 16:06 |
| peter-hamilton | jaosorior: yes! i'll try to get to it soon | 16:07 |
| jaosorior | I added some lines of code that are needed and tested in the next CR, which is this one https://review.openstack.org/#/c/220409/ | 16:07 |
| peter-hamilton | jaosorior: my day keeps getting consumed :/ | 16:07 |
| jaosorior | peter-hamilton: Good luck Mr. | 16:10 |
| alee | dave-mccowan, once the two subca patches merge , I'll also review your quota patches (just to make sure it all rebases correctly) | 16:14 |
| peter-hamilton | jaosorior: ok i'm back | 16:17 |
| jaosorior | anybody knows if kfarr or rellerreller are around? would sure need some reviewers | 16:25 |
| jaosorior | peter-hamilton: Hey dude. let me know if you have any questions about the CRs | 16:26 |
| peter-hamilton | jaosorior: will do, almost done the func tests one, nothing weird yet | 16:27 |
| jaosorior | dave-mccowan: If you have time, could you also take a look to the CRs? | 16:27 |
| *** kebray has joined #openstack-barbican | 16:27 | |
| *** kfarr has joined #openstack-barbican | 16:28 | |
| alee | kfarr, howdy! | 16:30 |
| kfarr | alee, hi :) more code reviews today? | 16:31 |
| alee | kfarr, yeah - we were just thinking of you :) | 16:32 |
| alee | kfarr, the remaining subca code reviews .. let me get links | 16:32 |
| jaosorior | not much left though :D | 16:33 |
| kfarr | Today's a great day to review subca code! | 16:33 |
| alee | kfarr, https://review.openstack.org/#/c/220011 | 16:33 |
| alee | https://review.openstack.org/#/c/220011 | 16:34 |
| alee | and of course daves subca quota code .. | 16:34 |
| *** kebray has quit IRC | 16:35 | |
| jaosorior | peter-hamilton: can you re-score this one? https://review.openstack.org/#/c/220011/19 | 16:42 |
| kfarr | jasosorior, alee, it looks like the coverage gate is failing? | 16:42 |
| jaosorior | kfarr: I'm writing a response in the CR | 16:42 |
| peter-hamilton | jaosorior: done! | 16:43 |
| peter-hamilton | jaosorior: i'll get to the final quota CR after my 1oclock | 16:43 |
| alee | kfarr, looking .. I know what this is but want to make sure | 16:45 |
| jaosorior | kfarr: answered | 16:46 |
| alee | kfarr, what he said .. | 16:48 |
| kfarr | jaosorior alee, saw it! | 16:48 |
| jaosorior | kfarr: Thanks for the review :D | 16:48 |
| *** vivek-ebay has quit IRC | 16:48 | |
| alee | awesome - workflowing .. | 16:49 |
| alee | kfarr, thanks -- keep going up the chain though :) | 16:49 |
| jaosorior | dave-mccowan: Did a couple of comments on your quota CR | 16:49 |
| alee | kfarr, https://review.openstack.org/#/c/220409 | 16:50 |
| *** peter-hamilton has quit IRC | 16:55 | |
| *** tkelsey has quit IRC | 16:59 | |
| *** kebray has joined #openstack-barbican | 17:00 | |
| alee | kfarr, responded | 17:16 |
| alee | kfarr, does that all make sense to you? | 17:16 |
| alee | kfarr, I think I just need to add a TODO | 17:16 |
| kfarr | alee, which is an example of a test that will fail if that first order is not sent in? | 17:18 |
| alee | kfarr, any test that requires a specific ca_id | 17:19 |
| alee | because the ca table may not be populated yet | 17:19 |
| alee | or any test that expects to see cas defined | 17:20 |
| alee | kfarr, all of the tests that are annotated as requiring snakeoil_ca for instance | 17:22 |
| alee | because these need to be sent to the snakeoil ca instead of the simple_ca | 17:23 |
| alee | and cannot be without a ca_id | 17:24 |
| alee | kfarr, makes sense? | 17:24 |
| alee | kfarr, in actual fact, almost all the tests really need to be run against a specific ca (simple, snakeoil, dogtag) and should be annotated accordingly | 17:25 |
| alee | kfarr, jaosorior has agreed to do this next week | 17:25 |
| kfarr | alee, kind of, it seems a little funky | 17:26 |
| alee | because we need to be able to run in an environment with multiple cas defined | 17:26 |
| alee | kfarr, it is -- I will be looking to change the requirement of having to send in an initial request | 17:26 |
| kfarr | alee, ok that makes me feel better! | 17:27 |
| jaosorior | Gotta go guys | 17:27 |
| dave-mccowan | alee i'm glad that's on the to-do list to fix. from a user point of view, i think it is bad to have to post a random certificate order to help Barbican initialize itself. | 17:27 |
| jaosorior | talk to you tomorrow | 17:27 |
| *** jaosorior has quit IRC | 17:27 | |
| alee | kfarr, dave-mccowan yeah I dont like it either | 17:28 |
| kfarr | alee, so then for the functional tests, how do you know which ca you are testing against? | 17:28 |
| alee | kfarr, dave-mccowan the trick is that the table needs to be refreshed by polling the plugins | 17:29 |
| alee | and the wuestion then is where to invoke that code | 17:29 |
| alee | but we can worrry about that next week. | 17:29 |
| alee | kfarr, so to your question | 17:29 |
| alee | 1. if a test designates a particular ca by finding the ca_id for it , then it will use that ca | 17:30 |
| alee | 2. if not, then it will use the first defined ca | 17:30 |
| alee | right now, the ca tests are written to pass with the simple ca | 17:30 |
| alee | some of these wont pass with the snakeoil because the behavoir is differnet | 17:31 |
| alee | simple never returns a cert (waiting state), snaeoil always reyturns a cert | 17:31 |
| alee | so to make allthis work -- the first defined is simple | 17:32 |
| alee | and so all existing tests pass | 17:32 |
| alee | and then the new tests that require snakeoil will look for the snakeoil ca_id explicitly | 17:32 |
| alee | on the dogtag gate right now, only the dogtag ca is defined | 17:33 |
| alee | all this is what will be cleaned up by jaosorior next week | 17:33 |
| alee | ie. we will specify for each test exactly which cas should be running them | 17:33 |
| alee | some can be run on all cas | 17:33 |
| alee | but those are mostly the ones that fail before they get to the ca plugin | 17:34 |
| alee | because of missing/bad arguments etc. | 17:34 |
| alee | make sense? | 17:34 |
| kfarr | Yeah, that makes sense, sorry stepped away for a minute | 17:37 |
| kfarr | alee, are there any tests that would get run against all CAs? | 17:37 |
| alee | well some tests could run againsta all cas -- ie ones that fail before they get there | 17:38 |
| *** ccneill has quit IRC | 17:38 | |
| alee | but the test cas are just so different, its hard to see other cases | 17:39 |
| kfarr | alee, ok that's fair | 17:39 |
| openstackgerrit | Dave McCowan proposed openstack/barbican: Add Project Quota Support for Sub CAs https://review.openstack.org/221557 | 17:40 |
| alee | kfarr, different in behavior - not in interface | 17:40 |
| alee | kfarr, you cant get more different than 1) simple - never give a cert 2) snakeoil - always give a cert | 17:41 |
| alee | kfarr, so just the todo right ? | 17:42 |
| kfarr | alee, yes, for me anyway! | 17:42 |
| alee | ok - todo on the way .. | 17:42 |
| openstackgerrit | Merged openstack/barbican: Add subca functionality to snakeoil plugin https://review.openstack.org/220011 | 17:43 |
| *** kebray has quit IRC | 17:45 | |
| openstackgerrit | Ade Lee proposed openstack/barbican: Added functional tests for creating CAs https://review.openstack.org/220409 | 17:49 |
| alee | kfarr, patch up ^^ :) | 17:49 |
| openstackgerrit | Dave McCowan proposed openstack/barbican: Remove Vestigial Transport Key Quota Code https://review.openstack.org/221745 | 17:51 |
| openstackgerrit | Dave McCowan proposed openstack/barbican: Add Project Quota Support for Sub CAs https://review.openstack.org/221557 | 17:51 |
| *** tkelsey has joined #openstack-barbican | 17:58 | |
| *** diazjf has quit IRC | 17:58 | |
| *** diazjf has joined #openstack-barbican | 18:01 | |
| *** lisaclark1 has joined #openstack-barbican | 18:03 | |
| *** kebray has joined #openstack-barbican | 18:03 | |
| *** vivek-ebay has joined #openstack-barbican | 18:05 | |
| *** diazjf has quit IRC | 18:25 | |
| *** diazjf has joined #openstack-barbican | 18:28 | |
| *** silos has joined #openstack-barbican | 18:31 | |
| *** mmdurrant has joined #openstack-barbican | 18:38 | |
| *** kebray has quit IRC | 18:44 | |
| *** ccneill has joined #openstack-barbican | 18:48 | |
| *** lisaclark1 has quit IRC | 18:55 | |
| *** diazjf has quit IRC | 19:00 | |
| *** silos has quit IRC | 19:00 | |
| *** ccneill has quit IRC | 19:00 | |
| *** silos has joined #openstack-barbican | 19:00 | |
| *** pglbutt has joined #openstack-barbican | 19:04 | |
| *** lisaclark1 has joined #openstack-barbican | 19:04 | |
| *** pglass has quit IRC | 19:07 | |
| *** diazjf has joined #openstack-barbican | 19:07 | |
| *** lisaclark2 has joined #openstack-barbican | 19:24 | |
| *** silos has quit IRC | 19:24 | |
| *** silos has joined #openstack-barbican | 19:24 | |
| *** lisaclark1 has quit IRC | 19:26 | |
| openstackgerrit | Merged openstack/barbican: Added functional tests for creating CAs https://review.openstack.org/220409 | 19:26 |
| *** silos has quit IRC | 19:30 | |
| *** silos has joined #openstack-barbican | 19:31 | |
| *** silos has left #openstack-barbican | 19:31 | |
| dave-mccowan | alee ping | 19:35 |
| *** silos has joined #openstack-barbican | 19:36 | |
| *** silos has left #openstack-barbican | 19:37 | |
| alee | dave-mccowan, pong | 19:44 |
| alee | dave-mccowan, just got done with meeting | 19:44 |
| dave-mccowan | alee what is the expected clean-up scenario when deleting sub cas, or restarting barbican? especially w.r.t. to /etc/barbican/snakeoil-cas/ | 19:45 |
| *** pglass has joined #openstack-barbican | 19:46 | |
| *** pglass has quit IRC | 19:46 | |
| alee | dave-mccowan, well - so first off -- when you restsrt barbican, the snakeoil ca reads all the files it sees for subcas and adds them | 19:47 |
| alee | dave-mccowan, I'm working on the code to delete subcas next | 19:48 |
| alee | but I was thinking of doing a soft delete kind of functionality | 19:48 |
| alee | on the barbican side | 19:49 |
| alee | (or maybe hard delete is ok) | 19:49 |
| alee | dave-mccowan, either way, there will be a call to the plugin to delete the ca | 19:49 |
| *** pglbutt has quit IRC | 19:49 | |
| alee | and it will be up to the plugin to handle this | 19:49 |
| alee | dogtag will likely do a soft delete sort of thing | 19:50 |
| alee | snakeoil I think can do a hard delete | 19:50 |
| alee | removing the relevant files in /etc/barbican/snakeoil-cas | 19:51 |
| dave-mccowan | alee cool. that explains most of what i'm seeing. if i delete the database, but leave the subcas files, i seem to end up broken. is that what you'd expect now? | 19:51 |
| alee | define broken | 19:51 |
| dave-mccowan | alee my quota enforcing functional test cases work in the gate, but break in my local environment unless i'm very careful about cleaning up before starting. looks like i just need to wait for a future commit. | 19:52 |
| alee | dave-mccowan, I need to review the quota test cases -- will do that shortly - but | 19:53 |
| alee | if I understand it correctly then - you add a whole bunch of cas | 19:54 |
| alee | until you reach your quota | 19:54 |
| alee | and then if you blow away your db and do the test again, you see that the cas are still there? | 19:55 |
| alee | (and hence break your quota test) | 19:55 |
| alee | and that would make sense because barbican will query the plugin to see what subcas are there .. | 19:56 |
| alee | and will re-add them to the db | 19:56 |
| dave-mccowan | if i blow away my db, but leave the snakeoil-cas/ files, then snakeoil seems to be broken altogether. i can double check that. | 19:57 |
| dave-mccowan | alee, i don't think that worries me. if delete subcas starts working, then i won't need to manually cleanup. | 19:59 |
| alee | ok | 19:59 |
| *** pglass has joined #openstack-barbican | 19:59 | |
| alee | I'll try to get that going today or tomorrow morning | 19:59 |
| alee | dave-mccowan, then we can rebase your patches on top of that | 20:00 |
| alee | dave-mccowan, or are the patches ready to be reviewed/merged now? | 20:00 |
| dave-mccowan | i'll add calls to delete to my patch, so the tests are ready and waiting for you. | 20:00 |
| alee | ok - I should have the delete patch by tomorrow in any case | 20:01 |
| dave-mccowan | they're in good shape for merging. whatever works for you for timing of the merge. | 20:01 |
| openstackgerrit | Dave McCowan proposed openstack/barbican: Add Project Quota Support for Sub CAs https://review.openstack.org/221557 | 20:02 |
| dave-mccowan | alee ^^ now test_cas.py and test_quotas_enforce.py will send a delete command to delete a CA. | 20:03 |
| dave-mccowan | it returns 406, but will start working when you've added the code to process it. | 20:04 |
| alee | ok -- I'm start my coding on top of your patch | 20:04 |
| *** tkelsey has quit IRC | 20:18 | |
| *** ccneill has joined #openstack-barbican | 20:22 | |
| openstackgerrit | Dave McCowan proposed openstack/barbican: Fix Tempest Installation https://review.openstack.org/221952 | 20:40 |
| openstackgerrit | Dave McCowan proposed openstack/barbican: Update Bandit Tox Environment https://review.openstack.org/221954 | 20:48 |
| edtubill | Hi, I was wondering if ACLs for barbican work across multiple projects -like can another user in a different project access the secret if they are on the ACL? | 20:48 |
| dave-mccowan | edtubill yes, that is the intended use case. | 20:49 |
| edtubill | oh cool thx | 20:49 |
| *** dave-mccowan has quit IRC | 20:51 | |
| *** kebray has joined #openstack-barbican | 21:04 | |
| *** kebray has quit IRC | 21:16 | |
| *** kebray has joined #openstack-barbican | 21:21 | |
| *** lisaclark2 has quit IRC | 21:29 | |
| *** lisaclark1 has joined #openstack-barbican | 21:29 | |
| *** dave-mccowan has joined #openstack-barbican | 21:32 | |
| *** dave-mccowan has quit IRC | 21:42 | |
| *** diazjf has left #openstack-barbican | 21:45 | |
| *** edtubill has quit IRC | 21:46 | |
| *** kfarr has quit IRC | 22:02 | |
| *** lisaclark1 has quit IRC | 22:18 | |
| *** kebray has quit IRC | 22:18 | |
| *** pglass has quit IRC | 22:19 | |
| *** lisaclark1 has joined #openstack-barbican | 22:31 | |
| *** lisaclark1 has quit IRC | 22:48 | |
| *** ccneill has quit IRC | 22:53 | |
| *** lisaclark1 has joined #openstack-barbican | 22:55 | |
| *** david-lyle has quit IRC | 23:11 | |
| *** david-lyle has joined #openstack-barbican | 23:12 | |
| *** david-lyle has quit IRC | 23:22 | |
| *** david-lyle has joined #openstack-barbican | 23:23 | |
| *** jhfeng has quit IRC | 23:35 | |
| *** lisaclark2 has joined #openstack-barbican | 23:44 | |
| *** dimtruck is now known as zz_dimtruck | 23:48 | |
| *** lisaclark1 has quit IRC | 23:48 | |
| *** lisaclark2 has quit IRC | 23:48 | |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!