Thursday, 2016-08-18

« Wednesday, 2016-08-17 Index Friday, 2016-08-19 »
*** su_zhang has joined #openstack-barbican00:06
openstackgerritTuan proposed openstack/barbican: Fix order of arguments in assertEqual  https://review.openstack.org/35628300:40
*** dimtruck is now known as zz_dimtruck00:45
*** jamielennox is now known as jamielennox|away00:48
*** randallburt has quit IRC00:53
*** jamielennox|away is now known as jamielennox01:04
*** su_zhang has quit IRC01:21
*** su_zhang has joined #openstack-barbican01:22
*** dave-mccowan has quit IRC01:25
*** su_zhang has quit IRC01:26
*** zz_dimtruck is now known as dimtruck01:31
*** hockeynut has joined #openstack-barbican01:41
*** haplo37__ has joined #openstack-barbican01:50
*** haplo37__ has quit IRC02:20
*** arunkant__ has joined #openstack-barbican02:36
*** arunkant_ has quit IRC02:39
*** jamielennox is now known as jamielennox|away02:42
*** hockeynut has quit IRC03:06
*** jamielennox|away is now known as jamielennox03:07
*** diazjf has joined #openstack-barbican03:31
*** diazjf has quit IRC03:34
openstackgerritArun Kant proposed openstack/barbican-specs: Adding spec for supporting multiple secret store backends  https://review.openstack.org/26397204:26
*** su_zhang has joined #openstack-barbican04:42
openstackgerritArun Kant proposed openstack/barbican: Adding API docs for multiple backend support changes.  https://review.openstack.org/34180304:52
openstackgerritNguyen Hung Phuong proposed openstack/barbican: Clean imports in code  https://review.openstack.org/35686304:53
openstackgerritArun Kant proposed openstack/barbican: Adding multiple backend db model and repository support  https://review.openstack.org/34809204:53
openstackgerritArun Kant proposed openstack/barbican: Adding central logic to manage multiple backend feature.  https://review.openstack.org/35428504:53
openstackgerritArun Kant proposed openstack/barbican: Adding API docs for multiple backend support changes.  https://review.openstack.org/34180304:55
*** jaosorior has joined #openstack-barbican05:03
openstackgerritOpenStack Proposal Bot proposed openstack/barbican: Updated from global requirements  https://review.openstack.org/35231505:24
openstackgerritOpenStack Proposal Bot proposed openstack/barbican: Updated from global requirements  https://review.openstack.org/35231505:48
openstackgerritOpenStack Proposal Bot proposed openstack/castellan: Updated from global requirements  https://review.openstack.org/35231605:48
*** pcaruana has joined #openstack-barbican06:52
*** xek__ has quit IRC07:08
openstackgerritJiong Liu proposed openstack/python-barbicanclient: Use international logging message  https://review.openstack.org/35697907:19
openstackgerritJiong Liu proposed openstack/castellan: Use international logging message  https://review.openstack.org/35698307:31
*** f13o has joined #openstack-barbican07:34
*** su_zhang has quit IRC08:30
*** su_zhang has joined #openstack-barbican08:31
*** su_zhang has quit IRC08:35
*** jaosorior has quit IRC08:37
*** jsheeren has joined #openstack-barbican08:42
*** jsheeren has quit IRC09:34
*** lixiaoy1 has joined #openstack-barbican10:07
*** haplo37__ has joined #openstack-barbican11:42
*** su_zhang has joined #openstack-barbican11:43
*** su_zhang has quit IRC11:48
*** dave-mccowan has joined #openstack-barbican11:59
*** woodster_ has joined #openstack-barbican12:10
*** haplo37__ has quit IRC12:21
*** alee has quit IRC12:21
*** alee has joined #openstack-barbican13:20
*** f13o has quit IRC13:28
*** f13o has joined #openstack-barbican13:28
*** dimtruck is now known as zz_dimtruck13:41
*** zz_dimtruck is now known as dimtruck13:41
*** dimtruck is now known as zz_dimtruck13:51
*** edtubill has joined #openstack-barbican13:57
*** arunkant__ has quit IRC14:07
*** zz_dimtruck is now known as dimtruck14:10
*** edtubill has quit IRC14:10
openstackgerritAde Lee proposed openstack/barbican: Add install guide  https://review.openstack.org/35622114:16
*** edtubill has joined #openstack-barbican14:17
*** spotz_zzz is now known as spotz14:18
*** edtubill has quit IRC14:20
*** edtubill has joined #openstack-barbican14:24
*** edtubill has quit IRC14:27
*** haplo37__ has joined #openstack-barbican14:28
*** edtubill has joined #openstack-barbican14:34
*** su_zhang has joined #openstack-barbican14:39
*** edtubill has quit IRC14:41
*** edtubill has joined #openstack-barbican14:44
*** edtubill has quit IRC14:47
*** edtubill has joined #openstack-barbican14:47
*** randallburt has joined #openstack-barbican14:54
*** f13o has quit IRC14:54
*** randallburt1 has joined #openstack-barbican14:56
*** randallburt has quit IRC14:58
*** edtubill has quit IRC14:58
*** edtubill has joined #openstack-barbican14:59
*** michauds has joined #openstack-barbican15:00
*** hockeynut has joined #openstack-barbican15:04
*** diazjf has joined #openstack-barbican15:05
*** f13o has joined #openstack-barbican15:06
*** edtubill has quit IRC15:09
openstackgerritJiong Liu proposed openstack/barbican: Fix test suite cleanup  https://review.openstack.org/35727715:10
*** edtubill has joined #openstack-barbican15:15
*** michauds has quit IRC15:19
*** arunkant_ has joined #openstack-barbican15:21
*** dave-mccowan has quit IRC15:24
*** dave-mccowan has joined #openstack-barbican15:24
*** f13o has quit IRC15:25
*** f13o has joined #openstack-barbican15:25
*** su_zhang has quit IRC15:28
*** su_zhang has joined #openstack-barbican15:29
*** diazjf has quit IRC15:30
*** su_zhang has quit IRC15:33
arunkant_alee, redrobot: I have made changes to multiple backend spec and API docs to reflect configuration changes. Can you review them? I have also updated my implementation review as well.15:33
arunkant_Spec review: https://review.openstack.org/#/c/263972/ , API doc review: https://review.openstack.org/#/c/341803/15:34
aleearunkant, arunkant_ will do15:39
*** michauds has joined #openstack-barbican15:52
*** edtubill has quit IRC15:53
*** edtubill has joined #openstack-barbican15:55
*** edtubill has quit IRC16:01
*** diazjf has joined #openstack-barbican16:06
*** randallburt1 has quit IRC16:16
*** randallburt has joined #openstack-barbican16:18
*** diazjf has quit IRC16:24
*** michauds has quit IRC16:25
*** tkelsey has joined #openstack-barbican17:00
*** su_zhang has joined #openstack-barbican17:01
*** su_zhang has quit IRC17:06
*** su_zhang has joined #openstack-barbican17:07
*** diazjf has joined #openstack-barbican17:25
*** tkelsey has quit IRC17:39
*** hockeynut has quit IRC17:44
*** diazjf has quit IRC18:09
*** hockeynut has joined #openstack-barbican18:36
*** diazjf has joined #openstack-barbican18:36
*** michauds has joined #openstack-barbican18:38
*** randallburt has quit IRC18:38
redrobotwoodster_ we're about to start the threat modeling exercise for barbican18:41
woodster_can you all do hangouts18:42
* woodster_ I understand if no, but just curious18:42
redrobotwoodster_ https://hangouts.google.com/call/pxmriirbzfd77dj3j6uv7v66b4e18:43
woodster_nice, thanks! alee arunkant_ ^^^^18:44
*** su_zhang has quit IRC18:44
woodster_dave-mccowan: ^^^^18:46
*** randallburt has joined #openstack-barbican18:47
*** catintheroof has joined #openstack-barbican18:49
catintheroofguys, quick question as a cloud admin (eg. user cloudadmin, project cloudadmin) how can i do to ask for the secrets of another project ??18:50
catintheroofi have doubts on how secrets are stored, those are per user? per project?18:52
catintheroofdiazjf, alee, redrobot ^^^18:53
diazjfcatintheroof, Secrets are stored per Project, so as long a user has the correct permissions they can access payloads from others within the same project.19:01
diazjfYou must be part of and have a token scoped for the other project19:01
arunkant_catintheroof : in general, secrets access control is managed at per project roles level. You can use ACL if user from anoter project wants to access specific secret . That user needs to be added in secret's ACL list..http://developer.openstack.org/api-guide/key-manager/acls.html19:11
catintheroofdiazjf, terrific, thanks for the clarification19:11
diazjfcatintheroof your welcome :)19:16
*** su_zhang has joined #openstack-barbican19:32
*** dgonzalez has quit IRC19:34
*** su_zhang has quit IRC19:36
*** dgonzalez has joined #openstack-barbican19:45
aleewoodster_, ping19:50
*** diazjf has quit IRC19:53
*** su_zhang has joined #openstack-barbican20:01
*** su_zhang has quit IRC20:01
*** su_zhang has joined #openstack-barbican20:01
*** f13o has quit IRC20:02
*** diazjf has joined #openstack-barbican20:09
*** gyee has joined #openstack-barbican20:11
*** f13o has joined #openstack-barbican20:16
*** diazjf has quit IRC20:21
*** diazjf has joined #openstack-barbican20:31
*** f13o has quit IRC20:34
*** f13o has joined #openstack-barbican20:35
aleewoodster_, you there?20:37
woodster_alee: hey Ade, listening in on the barbican threat analysis20:37
aleewoodster_, ah, thats still going - figured they were done by now20:37
aleewoodster_, that many threats?20:38
woodster_alee: did my comments on CR make sense?20:38
aleewoodster_, did my counter-comments?20:38
woodster_alee: no new threats I don't think anyway20:38
woodster_alee: oh I'll check them out20:38
aleewoodster_, did you build the doc and see what it looked like?20:39
aleeI think its clearer if you look at it.20:39
woodster_alee: so the hierarchy of plugins is the secret store level ones: KMIP, Dogtag, and the crypto-adapter. That crypto-adapter implements the next level of plugins, the crypto plugins. The crypto plugins do the 'encrypted blobs within the database' stuff. In the doc now, this description is made at the secret store plug in level.20:42
woodster_alee: so maybe change 'Storage Plugins' section to 'Crypto Plugins' and good enough for now perhaps?20:45
aleewoodster_, well - I called them Storage Plugins because they store the data in the local barbican database20:46
aleewoodster_,  and also because the plugin is called store_crypto iirc20:46
woodster_alee: the only issue is that we call the top level plugins that as well. the ones that store blobs in the db are the crypto plugins20:47
* woodster_ referring to the code mostly, but also naming in the conf file20:47
woodster_alee: if we think this is hair splitting and we want to get this out, that's cool. Just trying to avoid having to explain that to folks in the future if possible.20:49
woodster_alee: the above distinction also tracks the architectural docs out there too20:50
aleewoodster_, understood -- if we make it clear, then we wont have to explain20:50
redrobotwoodster_ alee the terms that are already in use are "Secret Store Plugin", "Cryptographic Plugin Adapter" for store_crypto and "Cryptographic Plugin"20:50
* woodster_ http://docs.openstack.org/developer/barbican/plugin/#architecture20:51
redrobotwoodster_ alee http://docs.openstack.org/developer/barbican/plugin/index.html#architecture20:51
woodster_#jinx20:51
redrobotwoodster_ lol20:51
redrobotwoodster_ alee http://docs.openstack.org/developer/barbican/plugin/secret_store.html#the-cryptographic-plugin-adapter20:51
* woodster_ was hoping that would do something cool20:51
redrobotwoodster_ alee http://docs.openstack.org/developer/barbican/plugin/crypto.html#cryptographic-plugin-development20:51
aleewoodster_, so the suggestion is to rename "Storage Plugins" to "Crypto Plugins" ?20:52
aleewoodster_, that works for me - esp as we have Simple Crypto Plugin, and PKCS#11 Crypto Plugin20:53
woodster_alee: I think so, but you also need to add bits to Dogtag and KMIP configs...let me add to the CR....20:53
aleewoodster_, eh?20:54
aleewoodster_, did you build it?20:54
aleewoodster_, are you adding more comments -- or are we all good?21:00
aleewoodster_, gotta meet some folks for dinner and want to push out these edits before I go ..21:01
woodster_alee: nope, so does that put 'enabled_secret_store_plugins = dogtag_crypto' or 'enabled_secret_store_plugins = kmip_crypto' lines in there?21:01
woodster_alee: my local env is borked right now, but if those lines are showing up in the dogtag and kmip sections, that's cool21:02
aleeoh - good catch -- defineitly need those ..21:02
aleeadding ..21:02
woodster_nice!21:02
aleewoodster_, actually all that is going to change anyways ..21:03
aleebut thats anther discussion ...21:03
woodster_alee: yeah well a snapshot in time, like all docs21:03
*** beisner is now known as beisner-biab21:05
openstackgerritAde Lee proposed openstack/barbican: Add install guide  https://review.openstack.org/35622121:09
aleewoodster_, redrobot diazjf - thar she goes ^^21:10
* alee heading to dinner21:10
woodster_alee: looking...21:10
*** hockeynut has quit IRC21:12
*** catintheroof has quit IRC21:21
*** beisner-biab is now known as beisner21:28
*** dave-mccowan has quit IRC21:38
*** spotz is now known as spotz_zzz21:50
*** dave-mccowan has joined #openstack-barbican22:01
*** dave-mccowan has quit IRC22:18
*** su_zhang has quit IRC22:23
*** dave-mccowan has joined #openstack-barbican22:24
*** su_zhang has joined #openstack-barbican22:29
*** ntpttr has quit IRC22:31
*** su_zhang has quit IRC22:33
*** diazjf has quit IRC22:34
*** ntpttr has joined #openstack-barbican22:36
*** su_zhang has joined #openstack-barbican22:38
*** haplo37__ has quit IRC23:03
*** dimtruck is now known as zz_dimtruck23:06
*** michauds has quit IRC23:07
*** f13o has quit IRC23:12
*** chlong has quit IRC23:20
openstackgerritArun Kant proposed openstack/barbican: Adding multiple backend conf changes and friendly plugin names  https://review.openstack.org/35428523:50
*** randallburt has quit IRC23:50
openstackgerritArun Kant proposed openstack/barbican: Adding central logic to sync secret store data with conf data  https://review.openstack.org/35754423:50
« Wednesday, 2016-08-17 Index Friday, 2016-08-19 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!