Monday, 2016-07-25

« Sunday, 2016-07-24 Index Tuesday, 2016-07-26 »
*** david-lyle_ has joined #openstack-barbican00:22
*** david-lyle_ has quit IRC00:27
*** chlong has quit IRC00:54
*** chlong has joined #openstack-barbican01:11
*** chlong is now known as chlong_POffice01:21
*** hdd has joined #openstack-barbican01:41
*** david-lyle_ has joined #openstack-barbican02:25
*** david-lyle_ has quit IRC02:29
*** nkinder has quit IRC03:15
*** nkinder has joined #openstack-barbican03:35
*** nkinder has quit IRC03:47
*** david-lyle_ has joined #openstack-barbican04:26
*** david-lyle_ has quit IRC04:32
*** notmyname has quit IRC04:36
*** notmyname has joined #openstack-barbican04:48
*** akshayb_07 has joined #openstack-barbican05:25
akshayb_07Hello, I was trying to setup OpenStack barbican. I am able to create orders and secrets using admin user. However it returns 4xx Forbidden when I try with some other user. I think this is because of default policy.json. How can I enable general users to access barbican API? I am not sure if this is a right channel to post the query. If not can anyone point me to the right channel?05:35
*** jsheeren has joined #openstack-barbican05:38
*** hdd has quit IRC06:22
*** david-lyle_ has joined #openstack-barbican06:29
*** andreas_s has joined #openstack-barbican06:32
*** david-lyle_ has quit IRC06:33
*** pcaruana has joined #openstack-barbican06:37
akshayb_07Hello, I was trying to setup OpenStack barbican. I am able to create orders and secrets using admin user. However it returns 4xx Forbidden when I try with some other user. I think this is because of default policy.json. How can I enable general users to access barbican API? I am not sure if this is a right channel to post the query. If not can anyone point me to the right channel?07:12
*** alee has joined #openstack-barbican07:57
*** yfujioka has joined #openstack-barbican08:07
*** yfujioka has quit IRC08:08
*** david-lyle_ has joined #openstack-barbican08:31
*** david-lyle_ has quit IRC08:36
*** david-lyle_ has joined #openstack-barbican09:32
*** david-lyle_ has quit IRC09:36
*** hwcomcn has joined #openstack-barbican09:50
*** hwcomcn has quit IRC09:51
*** hwcomcn has joined #openstack-barbican09:52
*** hwcomcn has quit IRC09:55
*** hwcomcn has joined #openstack-barbican09:58
*** hwcomcn has quit IRC10:03
*** hwcomcn has joined #openstack-barbican10:04
*** hwcomcn has quit IRC10:05
*** hwcomcn has joined #openstack-barbican10:06
openstackgerritMerged openstack/barbican: dogtag: Only call initialize() if crypto is not None  https://review.openstack.org/34427110:38
*** slunkad_ has quit IRC11:06
*** slunkad_ has joined #openstack-barbican11:08
*** david-lyle_ has joined #openstack-barbican11:34
*** david-lyle_ has quit IRC11:39
openstackgerritOpenStack Proposal Bot proposed openstack/barbican: Updated from global requirements  https://review.openstack.org/34543112:58
*** woodster_ has joined #openstack-barbican13:19
*** lixiaoy1 has quit IRC13:30
*** lixiaoy1 has joined #openstack-barbican13:34
*** david-lyle_ has joined #openstack-barbican13:36
*** david-lyle_ has quit IRC13:41
*** hwcomcn has quit IRC14:04
*** randallburt has joined #openstack-barbican14:11
*** randallburt1 has joined #openstack-barbican14:16
*** randallburt has quit IRC14:18
*** jsheeren has quit IRC14:19
*** alee has quit IRC14:23
*** alee has joined #openstack-barbican14:23
*** catintheroof has joined #openstack-barbican14:24
catintheroofhi guys, quick question, does anyone knows how to read the secret metadata (key/values) using the python-barbicanclient ?14:25
catintheroofi dont see metadata on a secret object14:25
*** spotz_zzz is now known as spotz14:27
*** spotz is now known as spotz_zzz14:29
*** michauds has joined #openstack-barbican14:30
*** spotz_zzz is now known as spotz14:32
*** jmckind has joined #openstack-barbican14:32
*** zz_dimtruck is now known as dimtruck14:35
*** jmckind_ has joined #openstack-barbican14:36
*** jmckind has quit IRC14:39
catintheroofsorry, user defined secret metadata14:55
*** jmckind_ has quit IRC14:55
*** jmckind has joined #openstack-barbican14:57
catintheroofi can see that there's a blueprint, is there something done regarding this ? https://blueprints.launchpad.net/python-barbicanclient/+spec/add-user-metadata15:03
woodster_catintheroof: my guess is that nothing has been done on this blueprint, but diazjf would know for sure15:23
* woodster_ generally I think we are always looking for barbican client help15:24
*** akshayb_07 has quit IRC15:24
woodster_alee: do you know if jaosorior has been working on barbican client things such as above ^^^^?15:25
*** pcaruana has quit IRC15:26
aleewoodster_, I don't think he has15:26
catintheroofwoodster_, alee oka, will wait for him, since i cant do nothing without this15:26
catintheroofi was thinking to do somethign like _fetch_payload on the client.py15:27
catintheroofbut that would be ....less than optimal15:27
aleecatintheroof, jaosorior is going to be out this week on PTO.15:27
aleecatintheroof, he's periodically in contact - but I  would not expect him to do much this week15:28
catintheroofalee, what a shame, this blueprint is out since 2015.1015:29
woodster_catintheroof: I think redrobot (PTL) is on vacation. Perhaps diazjf is out as well. I'm 90% sure nothing has been done on that blueprint but if you can wait that's probably prudent I suppose :)15:29
aleecatintheroof, if you wanted to put up a patch/design though - we could certainly take a look at it.15:29
catintheroofalee, i had problems understanding client.py big time, but i need this done, if not, i would have to drop barbican usage in my company just because programatically i cant read metadata15:31
catintheroofalee, do you know a way that is not metadata to say something like this secret is an OPENSTACK type, this one AWS type and this one AZURE type15:32
aleecatintheroof, I'm sure adding metadata retrieval to the client will be a relatively easy thing to do - and should not take too long15:32
aleecatintheroof, the use case you're descrbing is I think exactly what the metadata is for15:33
*** dave-mccowan has joined #openstack-barbican15:33
*** andreas_s has quit IRC15:33
catintheroofalee, yeahp, that's why i think i need to do it. but after doing the READING part ... i think i would need the WRITING one, so ...i can do the reading one (far from whats expected) in the client, and push to have the "right way" from you guys15:35
catintheroofalee, who would be wise to talk to to get this done?15:35
catintheroofalee,  diazjf ?15:36
aleewoodster_, anyone other than jaosorior been working on the client?15:36
aleecatintheroof, diazjf would have been my guess15:36
aleecatintheroof, if you put a patch up - it will get attention from the client guys15:36
aleecatintheroof, even if to tell you its all wrong .. do it this way instead15:37
*** david-lyle_ has joined #openstack-barbican15:37
catintheroofalee, will do, thanks15:38
woodster_alee: yeah, I'm not aware of folks working on the client actively other than jaosorior15:38
*** gyee has joined #openstack-barbican15:39
woodster_catintheroof: if you put up a CR for that probably low risk someone else is working on it, but might get some refactor feedback15:39
catintheroofwoodster_, will try to do my best15:40
catintheroofwoodster_, alee thank you all15:40
woodster_catintheroof: alee I also haven't been tracking the barbican client vs openstack client efforts (such as if the latter is replacing the former at some point)15:42
*** david-lyle_ has quit IRC15:43
catintheroofwoodster_, alee that is what supposed to happen, tha thing is that the python-barbicanclient doesnt support it (user metadata)15:44
woodster_catintheroof: probably ok to proceed on the barbican client path for now, with possible movement of code to the openstack client in the future15:45
catintheroofwoodster_, absolutely15:46
*** diazjf has joined #openstack-barbican15:47
*** kfarr has joined #openstack-barbican15:47
*** dave-mccowan has quit IRC16:14
catintheroofwoodster_, alee where can i put the draft of the "getter" for the user_metadata property of the barbican client ?16:19
catintheroofso you can take it a look ?16:19
woodster_catintheroof: alee if it's not a lot of code maybe just put up a CR referencing that blueprint?16:21
catintheroofwoodster_, sorry my ignorance, CR = ??? and nope, is not a lot of code, is very little16:21
woodster_catintheroof: CR = change request. Have you put up any gerrit reviews before?16:23
catintheroofwoodster_, yes, but since im modifying the ubuntu packages barbican client, im not modifying the cloned client, so, how can i submit just my change ? or maybe just the code to take it a look ?16:25
woodster_catintheroof: I'm not following you on that....packaging happens after a release is cut I figure. So the first step would be just to modify the source I'd think via a CR.16:28
woodster_alee: zigo ^^^^ do you have insight on the barbican python client packaging process?16:29
catintheroofwoodster_, i mean this ...16:30
aleewoodster_, catintheroof sorry - in meeting -- will respond later ..16:30
catintheroofwoodster_, i allways git cloned the code, modified it and then did a gerrit thing to generate a new gerrit topic, but since im not using barbican code from github, i need to put my code where to generate a CR in a easy way ?16:31
catintheroofwoodster_, sorry if im not making myself clear16:31
woodster_catintheroof: so you have already setup gerrit things via this then?: http://docs.openstack.org/infra/manual/developers.html16:34
catintheroofyeahp16:35
catintheroofwoodster_, ^^16:35
*** david-lyle_ has joined #openstack-barbican16:35
woodster_catintheroof: so did you clone from here originally?: https://github.com/openstack/python-barbicanclient16:35
catintheroofwoodster_, nope, modifying the code from the version that the ubuntu packages installed on a server from the mitaka repos16:36
woodster_catintheroof: ah got you. I'd say just clone https://github.com/openstack/python-barbicanclient and then git checkout -b bp/<name of blueprint>, then 'cherry pick' your Ubuntu changes onto that branch (probably a copy pasta thing across git repos anyway). As long as not may lines of code, shouldn't be too intense to copy those over16:38
catintheroofwoodster_, and after that ? what is the process (commands) to generate the CR ?16:40
woodster_catintheroof: that link above is the official docs on the workflow, but this older wiki might also help out: https://github.com/cloudkeep/barbican/wiki/Gerrit-Review-Process16:41
catintheroofwoodster_, thanks so much ! will try to do it16:41
catintheroofwoodster_, cause is working already, and works like a charm16:41
*** diazjf has quit IRC16:45
*** kfarr has quit IRC16:47
woodster_catintheroof: yeah it would be good to have that feature in the client. It would be good to eventually have unit tests for the feature, but putting the CR up is a good first step. Running tox tests beforehand is good to do as well, though gerrit will do that eventually too.16:48
*** haplo37__ has joined #openstack-barbican16:50
*** hdd has joined #openstack-barbican16:53
*** diazjf has joined #openstack-barbican16:59
*** david-lyle_ has quit IRC17:01
*** nkinder has joined #openstack-barbican17:01
*** david-lyle_ has joined #openstack-barbican17:07
*** hdd has quit IRC17:09
*** hdd has joined #openstack-barbican17:11
*** diazjf has quit IRC17:12
arunkantcan any cores review this..it has been pending for a while17:12
arunkanthttps://review.openstack.org/#/c/311830/17:12
*** pcaruana has joined #openstack-barbican17:23
*** david-lyle_ is now known as david-lyle17:57
*** alee is now known as alee_dinner18:16
*** alee_dinner has quit IRC18:19
*** michauds has quit IRC18:42
*** michauds has joined #openstack-barbican18:58
*** diazjf has joined #openstack-barbican19:00
zigocatintheroof: woodster_: Indeed, we do package using a git tag as reference. Without a tag, there wont be any update in the upstream code, unless we add a Debian specific patch. Though those are to fix issues/bugs, and we always prefer things to happen upstream first. Usually, we write these patches at the distro level and send them upstream via gerrit, hoping to remove them on the next new upstream release upload.19:10
zigocatintheroof: What are you willing to change exactly?19:11
zigoBTW, things happen in Debian first, before they move to Ubuntu.19:12
catintheroofzigo, woodster_ i've added this > http://paste.openstack.org/show/541642/ to secrets.py to get the user metadata to the python-barbicanclient19:22
catintheroofzigo, i need to find some time to generate a CR19:23
*** chlong_POffice has quit IRC19:30
*** chlong_POffice has joined #openstack-barbican19:31
woodster_zigo: thanks for the info. I'm thinking a code CR would be a good thing here for the next release for sure19:33
woodster_catintheroof: that looks good (though I think the last two lines need to be indented over). Generating the CR should be very easy once you have gerrit setup and the barbican client repo cloned19:33
catintheroofwoodster_, will do ;)19:36
*** kfarr has joined #openstack-barbican19:55
*** gyee has quit IRC20:01
openstackgerritSebastian Jeuk proposed openstack/barbican: Fixed title in ACLs section of API Guide  https://review.openstack.org/34700720:02
*** alee has joined #openstack-barbican20:05
openstackgerritSebastian Jeuk proposed openstack/barbican: Fixed typo in ACL section of API Guide  https://review.openstack.org/34700720:07
woodster_catintheroof: you can join openstack-meeting-alt now for the barbican weekly meeting20:10
catintheroofjoined XD20:11
aleewoodster_, what kind of permissions/ roles are needed to delete a secret?20:15
aleearunkant, ^^ ?20:16
woodster_alee: I think only an admin role can delete secrets. arunkant's CR allows owners to delete their own secrets20:17
aleewoodster_, oh, that CR has not yet landed?20:17
arunkantalee..yes20:17
aleewoodster_, I thought owners could delete their own secrets20:17
aleearunkant, which CR is that?20:18
arunkanthttps://review.openstack.org/#/c/311830/20:18
woodster_arunkant: ^^^^ I left some comments out there please20:19
arunkantwoodster_ ..looking into it..will address soon20:19
woodster_arunkant: fairly minor I think20:20
aleearunkant, I'll review too once you address woodster_ comments20:20
* woodster_ thought that was already in the code base for some reason20:20
arunkantwoodster_, alee: okay..its minor label change..will do now20:20
openstackgerritArun Kant proposed openstack/barbican: User with creator role can delete his/her own secret and container  https://review.openstack.org/31183020:25
arunkantalee, woodster_ .. please review new patch for above change.20:25
woodster_arunkant: can you update the doc too? That's a good feature to advertise in the docs I think20:26
arunkantwoodster_ , let me see if we have any restriction listed around this in docs..I will update that.20:28
woodster_arunkant: This was one place I saw something: https://github.com/openstack/barbican/blob/master/doc/source/admin-guide-cloud/access_control.rst#role-based-access-control-rbac20:29
woodster_arunkant: I thought we had an RBAC table at one time but didn't find it20:29
arunkantwoodster_: I did not find anything in API doc..http://docs-draft.openstack.org/30/311830/6/check/gate-barbican-docs/876ed6d//doc/build/html/api/reference/secrets.html#delete-v1-secrets-uuid20:30
woodster_arunkant: actually, look in the section below that one...Default Policy20:31
woodster_arunkant: https://github.com/openstack/barbican/blob/master/doc/source/admin-guide-cloud/access_control.rst#default-policy20:36
*** diazjf has quit IRC20:38
openstackgerritArun Kant proposed openstack/barbican: User with creator role can delete his/her own secret and container  https://review.openstack.org/31183020:38
woodster_arunkant: nice, thanks!20:40
openstackgerritArun Kant proposed openstack/barbican: User with creator role can delete his/her own secret and container  https://review.openstack.org/31183020:42
arunkantwoodster_ ..please review again..minor correction: https://review.openstack.org/#/c/311830/8..9/doc/source/admin-guide-cloud/access_control.rst20:42
woodster_arunkant: done thanks20:43
arunkantwoodster_, gr8..thanks20:43
woodster_alee: fyi ^^^^20:44
aleewoodster_, arunkant looking20:45
*** gyee has joined #openstack-barbican20:53
*** chlong_POffice has quit IRC20:56
*** gyee has quit IRC21:03
*** haplo37__ has quit IRC21:03
*** diazjf has joined #openstack-barbican21:08
*** chlong_POffice has joined #openstack-barbican21:10
aleearunkant, done21:21
arunkantalee, thanks21:22
*** dimtruck is now known as zz_dimtruck21:23
*** hdd has quit IRC21:26
*** diazjf has quit IRC21:35
*** diazjf has joined #openstack-barbican21:38
*** zz_dimtruck is now known as dimtruck21:43
*** spotz is now known as spotz_zzz22:24
*** hdd has joined #openstack-barbican22:24
*** diazjf has quit IRC22:39
*** michauds has quit IRC22:42
*** jmckind has quit IRC22:54
*** hdd has quit IRC22:57
*** chlong_POffice has quit IRC23:25
*** randallburt1 has quit IRC23:29
*** chlong_POffice has joined #openstack-barbican23:42
« Sunday, 2016-07-24 Index Tuesday, 2016-07-26 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!