Friday, 2015-10-02

« Thursday, 2015-10-01 Index Saturday, 2015-10-03 »
openstackgerritMerged openstack/barbican: Use environmental variables for NewRelic  https://review.openstack.org/22086500:06
*** su_zhang_ has quit IRC00:08
*** everjeje has joined #openstack-barbican00:11
*** chlong has joined #openstack-barbican00:22
*** vivek-ebay has quit IRC00:29
*** vivek-ebay has joined #openstack-barbican00:32
*** vivek-ebay has quit IRC00:32
*** zz_dimtruck is now known as dimtruck00:35
*** gyee has quit IRC00:59
*** dimtruck is now known as zz_dimtruck01:06
*** woodster_ has quit IRC01:19
*** vivek-ebay has joined #openstack-barbican01:25
*** su_zhang_ has joined #openstack-barbican01:26
*** su_zhang_ has quit IRC01:30
*** vivek-ebay has quit IRC01:31
*** zz_dimtruck is now known as dimtruck01:33
*** vivek-ebay has joined #openstack-barbican01:34
*** vivek-ebay has quit IRC01:39
*** dimtruck is now known as zz_dimtruck01:42
openstackgerritMerged openstack/python-barbicanclient: Fix incorrect error when performing Barbican Secret Update  https://review.openstack.org/22872001:49
*** nelsnelson has quit IRC01:51
*** nelsnelson has joined #openstack-barbican01:52
openstackgerritOpenStack Proposal Bot proposed openstack/python-barbicanclient: Updated from global requirements  https://review.openstack.org/22684601:58
*** nelsnelson has quit IRC02:05
*** nelsnelson has joined #openstack-barbican02:05
*** jhfeng has joined #openstack-barbican02:12
*** dave-mccowan has quit IRC02:14
*** chlong has quit IRC02:27
*** chlong has joined #openstack-barbican02:42
*** nelsnelson has quit IRC02:44
*** nelsnelson has joined #openstack-barbican02:46
*** stevemar has joined #openstack-barbican02:54
*** edtubill has joined #openstack-barbican02:58
*** stevemar has quit IRC02:59
*** nelsnelson has quit IRC03:02
*** silos has joined #openstack-barbican03:03
*** edtubill has quit IRC03:04
*** kebray has joined #openstack-barbican03:07
*** kebray has quit IRC03:09
*** kebray has joined #openstack-barbican03:10
*** silos has left #openstack-barbican03:18
*** stevemar_ has joined #openstack-barbican03:28
*** stevemar_ has quit IRC03:41
*** stevemar has joined #openstack-barbican03:42
*** nelsnelson has joined #openstack-barbican03:51
*** xaeth_afk is now known as xaeth04:02
*** stevemar_ has joined #openstack-barbican04:07
*** stevemar has quit IRC04:09
*** vivek-ebay has joined #openstack-barbican04:10
*** jaosorior has joined #openstack-barbican04:25
*** stevemar has joined #openstack-barbican04:34
*** stevemar_ has quit IRC04:34
*** stevemar has quit IRC04:39
*** jhfeng has quit IRC04:46
*** stevemar has joined #openstack-barbican04:50
*** nelsnelson has quit IRC04:55
*** stevemar has quit IRC05:05
*** stevemar has joined #openstack-barbican05:06
*** mragupat has joined #openstack-barbican05:06
*** stevemar has quit IRC05:10
*** xaeth is now known as xaeth_afk05:11
*** vivek-ebay has quit IRC05:22
openstackgerritChristopher Solis proposed openstack/barbican: Update Devstack documentation  https://review.openstack.org/23027605:37
*** su_zhang_ has joined #openstack-barbican05:43
*** stevemar has joined #openstack-barbican05:50
*** stevemar_ has joined #openstack-barbican05:51
*** nelsnelson has joined #openstack-barbican05:51
*** stevemar has quit IRC05:55
*** nelsnelson has quit IRC05:56
*** su_zhang_ has quit IRC06:07
*** jaosorior has quit IRC06:14
*** mragupat has quit IRC06:30
*** shohel has joined #openstack-barbican06:31
*** kebray has quit IRC06:45
*** jaosorior has joined #openstack-barbican06:48
*** nelsnelson has joined #openstack-barbican06:52
*** nelsnelson has quit IRC06:57
*** chlong has quit IRC07:31
*** openstackgerrit has quit IRC07:46
*** openstackgerrit has joined #openstack-barbican07:46
*** nelsnelson has joined #openstack-barbican07:53
*** nelsnelson has quit IRC07:58
*** stevemar_ has quit IRC08:01
*** stevemar has joined #openstack-barbican08:02
*** stevemar has quit IRC08:06
*** jaosorior has quit IRC08:58
*** darrenmoffat has quit IRC08:59
*** darrenmoffat has joined #openstack-barbican09:00
*** jaosorior has joined #openstack-barbican09:04
*** openstack has joined #openstack-barbican09:21
*** openstackstatus has joined #openstack-barbican09:22
*** ChanServ sets mode: +v openstackstatus09:22
*** nelsnelson has joined #openstack-barbican09:36
*** nelsnelson has quit IRC09:41
*** ig0r_ has joined #openstack-barbican10:55
*** ig0r_ has quit IRC10:56
*** nelsnelson has joined #openstack-barbican11:24
*** nelsnelson has quit IRC11:29
openstackgerritVictor Stinner proposed openstack/barbican: py3: Enable more tests to Python 3.4  https://review.openstack.org/23040612:39
*** peter-hamilton has joined #openstack-barbican12:51
*** rellerreller has joined #openstack-barbican12:53
*** zz_dimtruck is now known as dimtruck12:55
*** woodster_ has joined #openstack-barbican12:56
*** dave-mccowan has joined #openstack-barbican13:00
*** Praston has joined #openstack-barbican13:06
*** dimtruck is now known as zz_dimtruck13:17
*** peter-hamilton_ has joined #openstack-barbican13:31
*** peter-hamilton has quit IRC13:34
*** peter-hamilton_ is now known as peter-hamilton13:35
*** zz_dimtruck is now known as dimtruck13:35
*** nelsnelson has joined #openstack-barbican13:49
*** stevemar has joined #openstack-barbican13:50
*** stevemar has quit IRC13:50
*** peter-hamilton has quit IRC13:56
*** dimtruck is now known as zz_dimtruck13:59
*** zz_dimtruck is now known as dimtruck14:00
*** stevemar has joined #openstack-barbican14:02
*** stevemar_ has joined #openstack-barbican14:05
*** stevemar has quit IRC14:06
*** jhfeng has joined #openstack-barbican14:12
*** shohel has quit IRC14:16
*** su_zhang_ has joined #openstack-barbican14:24
openstackgerritOpenStack Proposal Bot proposed openstack/python-barbicanclient: Updated from global requirements  https://review.openstack.org/23046814:35
*** kfarr has joined #openstack-barbican14:37
*** jaosorior has quit IRC14:41
*** jaosorior has joined #openstack-barbican14:42
*** peter-hamilton has joined #openstack-barbican14:42
*** stevemar_ is now known as stevemar14:43
*** silos has joined #openstack-barbican14:44
*** jaosorior has quit IRC14:45
*** jaosorior has joined #openstack-barbican14:45
*** vivek-ebay has joined #openstack-barbican14:49
*** vivek-ebay has quit IRC14:53
redrobotmornin' alee and dave-mccowan14:56
* dave-mccowan waves. good morning!14:56
*** kebray has joined #openstack-barbican14:57
*** edtubill has joined #openstack-barbican14:59
redrobotalee I'm not sure we'll be able to backport the dogtag stuff... the release managers have to approve the backports. :-\15:01
aleeredrobot, why not?  can we make the case that its needed for magnum?15:02
redrobotalee maybe?  ...  I'll keep you posted.15:03
aleeredrobot, and that right now at least dogtag is essentially the only production backend for barbican ca plugins15:03
aleeredrobot, its not like dogtag is a red haired step child ..15:04
dave-mccowanalso, it's a plugin, with no change to base code.  so, very low risk change.  and also very important.  i consider it security-impact.  if snakeoil is the only supported plugin, then we have no secure option.15:04
aleeredrobot, dave-mccowan agreed  - its a plugin on par with the kmip or pkcs11 plugin on the secret side of things.  If there were a change that were needed in the pkcs11 plugin, there would be no issue - why would there be an issue now?15:08
redrobotalee dave-mccowan  just to be clear there is no issue now... just giving you a heads up that the rel mgr has to approve the patches15:09
*** chlong has joined #openstack-barbican15:10
aleeredrobot, ok - although I would think they would defer to the PTL's judgement15:10
dave-mccowanredrobot cool.  anything you need from us?15:11
*** xaeth_afk is now known as xaeth15:13
rellerrelleralee careful with the red haired comments :) I'm reading the logs now.15:22
aleerellerreller, I stand corrected -- red haired stepchildren are awesome :)15:23
rellerrelleralee :)15:24
*** ccneill has joined #openstack-barbican15:25
*** vivek-ebay has joined #openstack-barbican15:27
*** kfarr_ has joined #openstack-barbican15:31
*** jmckind has joined #openstack-barbican15:34
*** spotz_zzz is now known as spotz15:34
*** kfarr has quit IRC15:35
*** mixos has joined #openstack-barbican15:45
*** jmckind has quit IRC15:56
*** su_zhang_ has quit IRC15:58
*** jhfeng_ has joined #openstack-barbican16:00
*** silos1 has joined #openstack-barbican16:01
*** jhfeng has quit IRC16:02
*** silos has quit IRC16:04
*** jaosorior has quit IRC16:09
*** vivek-ebay has quit IRC16:16
dave-mccowanredrobot ping16:22
redrobotdave-mccowan pong16:22
dave-mccowanredrobot do you need a bug associated with the dogtag patch for it to backport?16:23
redrobotdave-mccowan yeah16:23
*** dimtruck is now known as zz_dimtruck16:23
*** jhfeng_ has quit IRC16:23
*** jhfeng has joined #openstack-barbican16:44
*** jhfeng has quit IRC16:45
*** jhfeng has joined #openstack-barbican16:49
*** diazjf has joined #openstack-barbican16:51
*** jhfeng has quit IRC17:03
openstackgerritFernando Diaz proposed openstack/castellan: Add name to Castellan Objects and Barbican Key Manager  https://review.openstack.org/22085017:04
*** vivek-ebay has joined #openstack-barbican17:05
*** jhfeng has joined #openstack-barbican17:07
openstackgerritOpenStack Proposal Bot proposed openstack/barbican: Updated from global requirements  https://review.openstack.org/23056017:15
*** su_zhang_ has joined #openstack-barbican17:17
*** vivek-ebay has quit IRC17:18
*** vivek-ebay has joined #openstack-barbican17:20
*** nelsnelson has quit IRC17:25
openstackgerritFernando Diaz proposed openstack/castellan: Add name to Castellan Objects and Barbican Key Manager  https://review.openstack.org/22085017:40
*** darrenmoffat has quit IRC17:45
rellerrellerkfarr_ ping17:47
*** kfarr_ has quit IRC17:49
*** gyee has joined #openstack-barbican17:50
*** kfarr has joined #openstack-barbican17:52
kfarrrellerreller, here!17:52
rellerrellerkfarr I had note in diazjf review of 22085017:54
rellerrellerkfarr should the equals method in subclasses use self._name or self.name?17:54
kfarrrellerreller, about the private variables?17:55
rellerrellerkfarr I feel like self.name because it is a property of parent class, but this is probably more style than substance.17:55
rellerrellerkfarr yes17:55
*** jhfeng has quit IRC17:56
rellerrellerI think this will be the last issue before diazjf can merge his feature.17:56
diazjfrellerreller, kfarr, thanks for all the help reviewing this17:56
kfarrrellerreller, I think it's fine using the private attributes!17:57
kfarrdiazjf thanks for all the the help contributing code!17:57
diazjfkfarr, my pleasure.17:58
diazjfrellerreller, so all thats left is modifiying test __eq__  for all objects?17:59
rellerrellerkfarr sounds good17:59
rellerrellerdiazjf that's it17:59
rellerrellerdiazjf fix that and then we can merge.17:59
diazjfrellerreller, awesome, I'll hgave something up after some coffeeeeee17:59
diazjfthanks17:59
*** nelsnelson has joined #openstack-barbican18:00
*** jhfeng has joined #openstack-barbican18:01
*** darrenmoffat has joined #openstack-barbican18:09
*** vivek-ebay has quit IRC18:27
*** diazjf has quit IRC18:35
*** su_zhang_ has quit IRC18:36
*** su_zhang_ has joined #openstack-barbican18:37
*** vivek-ebay has joined #openstack-barbican18:38
*** zz_dimtruck is now known as dimtruck18:39
*** kfarr has quit IRC18:39
*** peter-hamilton has quit IRC18:39
*** vivek-ebay has quit IRC18:43
*** su_zhang_ has quit IRC18:43
*** su_zhang_ has joined #openstack-barbican18:44
*** mixos has quit IRC18:45
*** everjeje has quit IRC18:50
silos1rellerreller: ping18:52
rellerrellersilos1 pong18:52
silos1rellerreller: Is there documentation on how to setup castellan using barbican?18:52
rm_workit should be as simple as setting the config values for castellan to use the barbican driver18:53
rm_workand having barbican running18:53
rellerrellersilos1 I am not sure. kfarr is the best person for that.18:53
silos1rellerreller, rm_work: Ah ok. Thanks.18:53
rellerrellerrm_work silos1 you will also need to configure the barbican plugin to wherever keystone and barbican are running.18:53
*** vivek-ebay has joined #openstack-barbican18:54
rm_workah yes18:54
rm_workI assume there should be sane defaults for that, at least for devstack18:54
rm_workthat can just be updated18:54
rellerrellerYes, I think there are some defaults or comments on what to put there.18:54
silos1rellerreller, rm_work: Ok thanks. I'll dig around for those then.18:55
*** diazjf has joined #openstack-barbican18:55
*** Praston has quit IRC19:00
*** everjeje has joined #openstack-barbican19:03
openstackgerritFernando Diaz proposed openstack/castellan: Add name to Castellan Objects and Barbican Key Manager  https://review.openstack.org/22085019:07
diazjfrellerreller, kfarr, should be all good to go.19:07
*** peter-hamilton has joined #openstack-barbican19:08
diazjfdave-mccowan, I'm gonna work on getting a non-draft version of https://review.openstack.org/#/c/229995/ up by Monday. Any suggestions?19:08
*** jmckind has joined #openstack-barbican19:12
*** su_zhang_ has quit IRC19:20
*** su_zhang_ has joined #openstack-barbican19:21
dave-mccowandiazjf  from a rules or policy perspective, we should definitely find a way to make it flexible and extensible.  your blueprint mentions geography based rules; mine mentions time and count based rules.   i don't have any specific ideas on how to do that though. :-19:23
rellerrellerdiazjf you are not going to like this but I found an issue with the testing code.19:23
rellerrellerdiazjf I left instructions on how to fix it. It's not your fault. We missed the issue before, and you built on top of it.19:23
rellerrellerdiazjf It should be a quick fix, but I was hoping to land your patch now.19:24
rellerrellerkfarr see the note on the review that I left. We need to patch the test__ne__ tests.19:25
diazjfrellerreller, yeah that makes perfect sense, it seemed a little weird to me.19:25
rellerrellerdiazjf the good news is that it will be a quick fix. I want this patch. I like the name attribute.19:26
diazjfdave-mccowan, the idea behind it would be for the user to define their own metadata that way it can be used for anything. Kinda like metadata in swift containers, etc.19:26
diazjfrellerreller, I'm glad!19:27
*** alee has quit IRC19:27
*** alee has joined #openstack-barbican19:27
dave-mccowandiazjf if that's the extent of it, then couldn't a user could put his own JSON in the existing description field?  did I read too much into your blueprint?  i thought you were proposing enforcing access based on the contents of meta data.19:30
*** stevemar has quit IRC19:35
*** david-lyle has quit IRC19:35
diazjfdave-mccowan, currently for a secret there is no description or anything a user can manipulate, other than name. Since user metadata is edittable the user can write services to allow/disallow certain secrets from being access based on metadata. I'll add a couple of use cases19:35
*** david-lyle has joined #openstack-barbican19:35
*** nelsnelson has quit IRC19:37
diazjfdave-mccowan, its very useful for access control since a user can pretty much create their own access control19:39
diazjfbased of anything19:40
diazjfany suggestions19:40
*** su_zhan__ has joined #openstack-barbican19:40
dave-mccowandiazjf   got it.  interesting approach (building services outside of barbican)... that does seem like a good way to create a policy engine that can be both flexible and extensible.   i had thought there was a description field for secrets, but there isn't.  i wonder what i was thinking about. :-)19:41
*** rellerreller has quit IRC19:41
*** su_zha___ has joined #openstack-barbican19:44
*** su_zha___ has quit IRC19:44
*** su_zhang_ has quit IRC19:44
diazjfdave-mccowan, thanks, I'm excited on adding this feature.19:44
*** su_zhan__ has quit IRC19:44
*** david-ly_ has joined #openstack-barbican19:45
*** david-lyle has quit IRC19:49
*** david-ly_ has quit IRC19:49
redrobotdave-mccowan did you open a bug for the dogtag plugin?19:51
*** peter-hamilton has quit IRC19:51
dave-mccowanno, i didn't.  alee?  i can if you want.19:52
dave-mccowanredrobot doing it now.19:53
aleedave-mccowan, thanks19:55
dave-mccowanhttps://bugs.launchpad.net/barbican/+bug/150232019:55
openstackLaunchpad bug 1502320 in Barbican "Need Secure Plugin for SubCA Feature" [Undecided,New]19:55
redrobotdave-mccowan thanks!19:56
*** su_zhang_ has joined #openstack-barbican19:57
*** mixos has joined #openstack-barbican19:59
*** silos1 has left #openstack-barbican20:00
*** jhfeng has quit IRC20:10
*** david-lyle has joined #openstack-barbican20:24
*** kebray has quit IRC20:26
openstackgerritMerged openstack/barbican: Updated from global requirements  https://review.openstack.org/23056020:26
openstackgerritFernando Diaz proposed openstack/castellan: Add name to Castellan Objects and Barbican Key Manager  https://review.openstack.org/22085020:30
*** vivek-ebay has quit IRC20:30
*** ccneill has quit IRC20:38
*** ccneill has joined #openstack-barbican20:44
openstackgerritMerged openstack/barbican: py3: Enable more tests to Python 3.4  https://review.openstack.org/23040620:50
openstackgerritMerged openstack/barbican: Fix db_manage to initialize mysql from base  https://review.openstack.org/22871820:50
*** dimtruck is now known as zz_dimtruck21:03
*** jhfeng has joined #openstack-barbican21:08
*** stevemar has joined #openstack-barbican21:12
*** jmckind_ has joined #openstack-barbican21:12
*** su_zhang_ has quit IRC21:14
*** jmckind has quit IRC21:15
*** nelsnelson has joined #openstack-barbican21:21
*** vivek-ebay has joined #openstack-barbican21:23
*** nelsnelson has quit IRC21:23
*** nelsnels_ has joined #openstack-barbican21:23
*** jmckind_ has quit IRC21:26
*** su_zhang_ has joined #openstack-barbican21:38
*** xaeth is now known as xaeth_afk21:41
*** edtubill has quit IRC21:47
*** diazjf has left #openstack-barbican21:50
*** su_zhang_ has quit IRC22:00
*** dave-mccowan has quit IRC22:08
*** stevemar has quit IRC22:14
*** stevemar has joined #openstack-barbican22:14
*** mixos has quit IRC22:14
*** stevemar has quit IRC22:18
*** su_zhang_ has joined #openstack-barbican22:26
*** vivek-ebay has quit IRC22:27
*** spotz is now known as spotz_zzz22:35
*** david-lyle has quit IRC22:45
*** david-lyle has joined #openstack-barbican22:47
*** ccneill has quit IRC23:03
*** gyee has quit IRC23:04
*** su_zhang_ has quit IRC23:05
*** vivek-ebay has joined #openstack-barbican23:08
*** jhfeng has quit IRC23:12
*** everjeje has quit IRC23:20
« Thursday, 2015-10-01 Index Saturday, 2015-10-03 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!