Monday, 2016-02-08

« Sunday, 2016-02-07 Index Tuesday, 2016-02-09 »
*** amotoki has joined #openstack-sdks00:16
*** salv-orl_ has quit IRC00:19
*** gildub has joined #openstack-sdks00:19
*** chlong has joined #openstack-sdks00:25
*** gildub has quit IRC00:33
*** Qiming has joined #openstack-sdks00:42
*** gildub has joined #openstack-sdks00:50
*** gildub has quit IRC00:58
*** dims has quit IRC01:01
*** chlong has quit IRC01:03
*** gildub has joined #openstack-sdks01:15
*** salv-orlando has joined #openstack-sdks01:19
*** dims has joined #openstack-sdks01:24
*** gouthamr has joined #openstack-sdks01:27
*** gouthamr has quit IRC01:39
*** dims has quit IRC01:46
*** salv-orlando has quit IRC01:50
*** gouthamr has joined #openstack-sdks02:03
*** gouthamr has quit IRC02:05
*** chlong has joined #openstack-sdks02:06
openstackgerritOpenStack Proposal Bot proposed openstack/keystoneauth: Updated from global requirements  https://review.openstack.org/27723202:39
*** oomichi has quit IRC02:43
openstackgerritOpenStack Proposal Bot proposed openstack/python-openstackclient: Updated from global requirements  https://review.openstack.org/27725302:44
*** dims has joined #openstack-sdks03:13
*** gildub has quit IRC03:25
*** dims has quit IRC03:35
*** dims has joined #openstack-sdks03:42
*** gildub has joined #openstack-sdks03:58
*** dims has quit IRC04:08
*** amotoki has quit IRC04:13
*** amotoki has joined #openstack-sdks04:27
*** david-lyle has quit IRC04:30
*** dstanek has quit IRC04:31
*** dstanek has joined #openstack-sdks04:33
*** eliqiao_ has quit IRC04:38
*** amotoki has quit IRC04:39
*** eliqiao_ has joined #openstack-sdks04:40
*** amotoki has joined #openstack-sdks04:40
*** salv-orlando has joined #openstack-sdks04:44
*** david-lyle has joined #openstack-sdks04:45
*** amotoki has quit IRC04:56
*** salv-orlando has quit IRC04:56
stevemarjamielennox: no openstack-specs repo, we just use BPs05:04
stevemarjamielennox: we brought it up once when spec repos were first being created, and decided we weren't big time enough to have one05:05
stevemarjamielennox: maybe it's time to revisit that argument05:05
jamielennoxstevemar: i don't mind, i have something i was going to write up and am now so used to specs05:06
*** eliqiao_ has quit IRC05:06
stevemarjamielennox: toss up a bp for now i guess05:07
jamielennoxstevemar: ok, will email you and dtroyer with the details as it's newly formed and noone reads blueprints05:08
*** eliqiao_ has joined #openstack-sdks05:08
*** amotoki has joined #openstack-sdks05:11
*** dfflanders has quit IRC05:40
openstackgerritMerged openstack/python-openstackclient: Updated from global requirements  https://review.openstack.org/27725305:49
openstackgerritMerged openstack/keystoneauth: Updated from global requirements  https://review.openstack.org/27723205:51
*** lhcheng has quit IRC05:55
*** amotoki_ has joined #openstack-sdks06:08
*** amotoki has quit IRC06:11
*** petertr7_away has quit IRC06:25
*** petertr7_away has joined #openstack-sdks06:26
*** petertr7_away is now known as petertr706:26
*** salv-orlando has joined #openstack-sdks06:48
*** salv-orlando has quit IRC06:55
*** gildub has quit IRC06:56
*** lhcheng has joined #openstack-sdks07:01
*** chlong has quit IRC07:03
openstackgerritMerged openstack/python-openstackclient: Move security_groups mock definition to FakeComputev2Client  https://review.openstack.org/27608207:10
openstackgerritMerged openstack/python-openstackclient: Define security_group_rules mock in FakeComputev2Client  https://review.openstack.org/27608507:10
openstackgerritMerged openstack/python-openstackclient: Remove identity_client.projects definition in TestSecurityGroup  https://review.openstack.org/27608307:11
*** oomichi has joined #openstack-sdks07:12
*** salv-orlando has joined #openstack-sdks08:07
openstackgerritMerged openstack/python-openstackclient: Add unit tests for "hypervisor show" command  https://review.openstack.org/27711008:10
*** salv-orlando has quit IRC08:12
openstackgerritMerged openstack/python-openstackclient: Compute: Fix DisplayCommandBase comments for cliff Command subclass tests  https://review.openstack.org/27698308:25
openstackgerritMerged openstack/python-openstackclient: Compute: Fix DisplayCommandBase comments for cliff Lister subclass tests  https://review.openstack.org/27698408:25
*** chlong has joined #openstack-sdks08:48
*** amotoki_ has quit IRC08:55
*** openstackgerrit has quit IRC09:02
*** openstackgerrit has joined #openstack-sdks09:03
*** lucas-dinner is now known as lucasagomes09:09
*** amotoki has joined #openstack-sdks09:14
*** salv-orlando has joined #openstack-sdks09:31
*** amotoki has quit IRC09:32
openstackgerritTang Chen proposed openstack/python-openstackclient: Floating IP: Implementation "ip floating delete" command  https://review.openstack.org/25851910:17
*** gildub has joined #openstack-sdks10:28
*** salv-orl_ has joined #openstack-sdks10:40
*** cdent has joined #openstack-sdks10:42
*** salv-orlando has quit IRC10:43
*** e0ne has joined #openstack-sdks10:53
*** lhcheng has quit IRC10:59
*** thrash|g0ne is now known as thrash11:39
openstackgerritTang Chen proposed openstack/python-openstackclient: Floating IP: Implementation "ip floating delete" command  https://review.openstack.org/25851911:52
*** jaypipes has joined #openstack-sdks11:56
*** erlon has joined #openstack-sdks12:01
*** lucasagomes is now known as lucas-hungry12:07
*** dims has joined #openstack-sdks12:07
*** amotoki has joined #openstack-sdks12:13
*** salv-orl_ has quit IRC12:18
*** dims has quit IRC12:20
*** gildub has quit IRC12:21
*** dims has joined #openstack-sdks12:22
*** rtheis has joined #openstack-sdks12:30
*** amotoki has quit IRC12:35
*** krotscheck_dcm is now known as krotscheck12:39
*** salv-orlando has joined #openstack-sdks12:42
*** amotoki has joined #openstack-sdks12:58
*** krotscheck has quit IRC13:06
*** lucas-hungry is now known as lucasagomes13:12
*** amotoki has quit IRC13:15
*** krotscheck has joined #openstack-sdks13:18
*** annegentle has joined #openstack-sdks14:01
*** gouthamr has joined #openstack-sdks14:05
*** annegentle has quit IRC14:19
*** annegentle has joined #openstack-sdks14:20
*** salv-orlando has quit IRC14:41
*** jose4183 has joined #openstack-sdks14:51
*** jose4183 has quit IRC14:51
*** annegentle has quit IRC14:53
*** salv-orlando has joined #openstack-sdks14:55
*** sigmavirus24_awa is now known as sigmavirus2415:01
*** jaypipes has quit IRC15:09
*** jose4183 has joined #openstack-sdks15:10
*** jose4183 has quit IRC15:11
openstackgerritSergey Nikitin proposed openstack/api-wg: Added tags restrictions to the tagging guidelines  https://review.openstack.org/27670915:11
openstackgerritSergey Nikitin proposed openstack/api-wg: Added tags restrictions to the tagging guidelines  https://review.openstack.org/27670915:15
*** annegentle has joined #openstack-sdks15:15
sahilsinhaanyone home?15:17
*** jose4183 has joined #openstack-sdks15:19
*** jose4183 has quit IRC15:19
annegentlesahilsinha: what's up?15:19
*** amotoki has joined #openstack-sdks15:24
sahilsinhahey annegentle: nice to see you again15:25
sahilsinhatalked with someone in openstack-security and we thought i might have stumbled on a bug15:25
sahilsinhaobv not sure15:25
sahilsinhalet me pull up the desc15:26
annegentlesure15:26
sahilsinhaset up openstack with cryptographic separation and with the public endpoint on a public ip15:27
sahilsinhatoken issue works everywhere15:27
sahilsinhaother commands work on the internal/admin endpoints15:27
sahilsinhato get password set to work for a remote client on the public endpoint you have to specify os-interface public if you don't the public client leaks internal endpoint info15:28
sahilsinhaeg https://controller:3535715:28
sahilsinhathat info is revealed to  a client that only accessed port 5000 on a public ip15:29
sahilsinhai think that sums it up15:29
briancurtinsahilsinha: you’ll have to be more clear about whatever it is that you’re disclosing. where’s the bug? as in what project?15:29
sahilsinhai believe openstack client15:30
sahilsinhait is leaking information about internal/admin endpoints15:30
sahilsinhathis is just mine and one person in openstack-security's thinking obv not sure if its a real bug15:30
annegentlesahilsinha: have you logged it in launchpad? You can mark as security bug15:30
annegentlesahilsinha: and then dtroyer can triage15:30
sahilsinhaannegentle: i have not i wanted to understand better about the endpoint selection15:31
sahilsinhai blew up the environment today and will try to recreate15:31
annegentlesahilsinha: it's not super clear to anyone what internal or admin endpoints are supposed to be used for, so providers may use them differently15:31
annegentlesahilsinha: still, both endpoints are mostly meant for not-public-consumption15:31
sahilsinhaannegentle: right which is why leaking it to someone on the public is concerning, i think the question is how does the openstack client fallback to that15:33
sahilsinhai looked at service.py and catalog.py but not sure if i was in the right place15:33
annegentlesahilsinha: you'll have to ask dtroyer and he may not be up yet15:33
sahilsinhanp ill be working on it and trying to reproduce - thanks for assistance15:34
*** jaypipes has joined #openstack-sdks15:34
annegentlesahilsinha: sure thing, thanks for asking15:34
sahilsinhaannegentle: should i open a bug or wait to discuss with dtroyer?15:35
*** annegentle has quit IRC15:35
sahilsinha;p15:35
elmikoi'd say, talk with dtroyer, he knows the client15:36
sahilsinhahey elmiko15:36
elmikohey ;)15:36
*** annegentle has joined #openstack-sdks15:36
annegentlesahilsinha: I'd go ahead and log the bug, mark it security, to keep working asynch15:36
sahilsinhaok ill just confirm it on a fresh environment first and open it up15:36
annegentlesahilsinha: cool15:37
*** jose4183 has joined #openstack-sdks15:42
*** jose4183 has quit IRC15:42
*** amotoki has quit IRC15:46
openstackgerritEverett Toews proposed openstack/python-openstacksdk: Make metadata handling consistent in Object Store  https://review.openstack.org/27544115:47
dtroyersahilsinha: (catching up)  OSC has a last-resort default interface type of 'public', but that is only asserted when a service asks the SC for an endpoint and doesn't supply an interface type.  The Identity client in OSC does not call this method, it simply uses the value passed in from —os-interface directly.15:54
dtroyerThe next place to look is in keystoneauth to see how it defaults.  I suspect public, IIRC getting a token is (nearly) the only operation you could do on the public endpoint in Identity v2.  Identity v3 doesn't use port 5000.15:55
dtroyerThis is from memory, I haven't looked through ksa in detail in a couple of months15:56
openstackgerritTang Chen proposed openstack/python-openstackclient: Floating IP: Implementation "ip floating delete" command  https://review.openstack.org/25851916:04
sahilsinhadtroyer: thanks for catching up - if we're defaulting to public i don't understand how the info could leak unless -os-interface defaults to admin16:05
sahilsinhadtroyer: v3 doesn't use 5000? my understanding is currently for endpoints we have to specify v2.016:06
*** gouthamr has quit IRC16:11
openstackgerritSergey Nikitin proposed openstack/api-wg: Added tags restrictions to the tagging guidelines  https://review.openstack.org/27670916:12
*** gouthamr has joined #openstack-sdks16:20
openstackgerritMerged openstack/python-openstackclient: Compute: Fix DisplayCommandBase comments for cliff ShowOne subclass tests  https://review.openstack.org/27698516:21
*** Qiming has quit IRC16:28
*** gouthamr has quit IRC16:33
*** gouthamr has joined #openstack-sdks16:34
*** salv-orl_ has joined #openstack-sdks16:40
*** salv-orlando has quit IRC16:43
*** jgriffith_away is now known as jgriffith16:45
*** devth_ has joined #openstack-sdks16:54
*** devth has quit IRC16:58
*** annegentle has quit IRC16:59
*** annegentle has joined #openstack-sdks17:00
*** jgriffith is now known as jgriffith_away17:00
*** jgriffith_away is now known as jgriffith17:04
*** annegentle has quit IRC17:04
*** salv-orl_ has quit IRC17:05
*** salv-orlando has joined #openstack-sdks17:05
*** dims has quit IRC17:14
*** lhcheng has joined #openstack-sdks17:17
*** lhcheng_ has joined #openstack-sdks17:21
*** lhcheng has quit IRC17:23
openstackgerritRichard Theis proposed openstack/python-openstackclient: Add NetworkAndCompute Lister and ShowOne classes  https://review.openstack.org/27688817:24
*** dims has joined #openstack-sdks17:32
etoewsterrylhowe: you around? i'd like to ask you about this gem in the swift api https://bugs.launchpad.net/python-openstacksdk/+bug/1488269/17:33
openstackLaunchpad bug 1488269 in OpenStack SDK "Object get needs to be smarter about what headers it sends" [Undecided,New]17:33
*** boris-42 has quit IRC17:43
*** e0ne has quit IRC17:46
*** sigmavirus24 is now known as sigmavirus24_awa17:59
*** annegentle has joined #openstack-sdks18:00
*** petertr7 is now known as petertr7_away18:03
*** petertr7_away is now known as petertr718:08
*** petertr7 is now known as petertr7_away18:17
*** annegentle has quit IRC18:22
*** annegentle has joined #openstack-sdks18:26
*** lucasagomes is now known as lucas-dinner18:28
*** jose4183 has joined #openstack-sdks18:40
*** jose4183 has quit IRC18:40
*** jose4183 has joined #openstack-sdks18:41
*** jose4183 has quit IRC18:41
*** jose4183 has joined #openstack-sdks18:41
*** jose4183 has quit IRC18:42
*** jose4183 has joined #openstack-sdks18:44
*** e0ne has joined #openstack-sdks18:44
*** jose4183 has quit IRC18:44
*** salv-orl_ has joined #openstack-sdks18:58
*** salv-orlando has quit IRC19:01
*** sigmavirus24_awa is now known as sigmavirus2419:02
*** petertr7_away is now known as petertr719:08
*** jgriffith is now known as jgriffith_away19:16
*** jose4183 has joined #openstack-sdks19:27
*** jose4183 has quit IRC19:27
*** annegentle has quit IRC19:32
*** salv-orl_ has quit IRC19:53
*** woodster_ has joined #openstack-sdks20:02
*** annegentle has joined #openstack-sdks20:04
*** jgriffith_away is now known as jgriffith20:13
*** gildub has joined #openstack-sdks20:14
*** salv-orlando has joined #openstack-sdks20:27
*** annegentle has quit IRC20:31
*** annegentle has joined #openstack-sdks20:32
*** salv-orlando has quit IRC20:36
*** jose4183 has joined #openstack-sdks20:37
*** jose4183 has quit IRC20:38
*** jose4183 has joined #openstack-sdks20:38
*** jose4183 has quit IRC20:38
*** dims_ has joined #openstack-sdks20:51
*** dims has quit IRC20:52
*** annegentle has quit IRC20:58
*** annegentle has joined #openstack-sdks20:59
*** salv-orlando has joined #openstack-sdks21:01
*** annegentle has quit IRC21:04
openstackgerritguang-yee proposed openstack/python-openstackclient: Support unscoped token request  https://review.openstack.org/27756321:06
*** petertr7 is now known as petertr7_away21:08
*** petertr7_away is now known as petertr721:12
openstackgerritguang-yee proposed openstack/python-openstackclient: Support unscoped token request  https://review.openstack.org/27756321:15
*** dims has joined #openstack-sdks21:26
*** dims_ has quit IRC21:29
*** annegentle has joined #openstack-sdks21:37
*** boris-42 has joined #openstack-sdks21:58
*** e0ne has quit IRC22:03
*** petertr7 is now known as petertr7_away22:05
*** rtheis has quit IRC22:07
*** jgriffith is now known as jgriffith_away22:10
*** cdent has quit IRC22:11
openstackgerritDina Belova proposed openstack/python-openstackclient: Add shell --profile option to trigger osprofiler from CLI  https://review.openstack.org/25586122:14
*** jgriffith_away is now known as jgriffith22:17
*** annegentle has quit IRC22:29
*** dims has quit IRC22:31
*** lhcheng has joined #openstack-sdks22:32
*** lhcheng_ has quit IRC22:32
*** lhcheng has quit IRC22:37
*** lhcheng has joined #openstack-sdks22:38
sahilsinhadtroyer: i was able to recreate it am going to file a bug. any command used as a public client returns admin endpoint info22:45
*** annegentle has joined #openstack-sdks22:49
*** dims_ has joined #openstack-sdks22:51
*** annegentle has quit IRC22:53
*** annegentle has joined #openstack-sdks22:57
*** lhcheng has quit IRC23:03
*** lhcheng has joined #openstack-sdks23:03
*** sigmavirus24 is now known as sigmavirus24_awa23:04
*** annegentle has quit IRC23:10
*** annegentle has joined #openstack-sdks23:11
*** dims_ has quit IRC23:14
*** salv-orlando has quit IRC23:14
*** gouthamr has quit IRC23:15
*** gouthamr has joined #openstack-sdks23:15
*** salv-orlando has joined #openstack-sdks23:15
*** annegent_ has joined #openstack-sdks23:16
*** annegentle has quit IRC23:19
*** dims_ has joined #openstack-sdks23:19
*** annegent_ has quit IRC23:21
openstackgerritDean Troyer proposed openstack/python-openstackclient: Add shell --profile option to trigger osprofiler from CLI  https://review.openstack.org/25586123:31
« Sunday, 2016-02-07 Index Tuesday, 2016-02-09 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!