Tuesday, 2015-03-24

*** markvoelker has joined #openstack-security		00:02
*** JAHoagie has quit IRC		00:11
*** tmcpeak has joined #openstack-security		00:24
*** bpokorny has joined #openstack-security		00:33
*** bpokorn__ has quit IRC		00:36
*** salv-orlando has quit IRC		01:04
*** bpokorny has quit IRC		01:11
*** browne1 has quit IRC		01:48
*** salv-orlando has joined #openstack-security		02:05
*** bpokorny has joined #openstack-security		02:08
*** browne has joined #openstack-security		02:21
*** tmcpeak has quit IRC		02:28
*** salv-orlando has quit IRC		02:38
*** salv-orlando has joined #openstack-security		02:39
*** bpokorny has quit IRC		02:54
*** salv-orlando has quit IRC		03:05
*** salv-orlando has joined #openstack-security		03:37
*** salv-orlando has quit IRC		04:09
*** dave-mccowan has quit IRC		04:22
*** JAHoagie has joined #openstack-security		04:58
*** salv-orlando has joined #openstack-security		05:08
*** salv-orlando has quit IRC		05:47
openstackgerrit	OpenStack Proposal Bot proposed openstack/security-doc: Imported Translations from Transifex https://review.openstack.org/166580	06:01
openstackgerrit	Rajesh Asanabada proposed openstack/security-doc: Reframed the sentence in Authentication methods https://review.openstack.org/165823	06:02
*** JAHoagie has quit IRC		06:03
*** pcaruana has quit IRC		06:41
*** browne has quit IRC		07:07
*** salv-orlando has joined #openstack-security		07:16
*** browne has joined #openstack-security		07:45
*** hyakuhei has joined #openstack-security		07:57
*** browne has quit IRC		08:01
*** salv-orlando has quit IRC		08:03
*** tkelsey has joined #openstack-security		08:08
*** hyakuhei has quit IRC		08:38
*** salv-orlando has joined #openstack-security		08:52
*** salv-orlando has quit IRC		09:35
*** hyakuhei has joined #openstack-security		09:39
*** markvoelker has quit IRC		10:26
*** salv-orlando has joined #openstack-security		10:31
*** tmcpeak has joined #openstack-security		10:34
*** hyakuhei has quit IRC		10:47
*** markvoelker has joined #openstack-security		11:26
*** markvoelker has quit IRC		11:31
*** jamielennox is now known as jamielennox\|away		11:45
*** salv-orlando has quit IRC		11:46
*** markvoelker has joined #openstack-security		11:58
*** salv-orlando has joined #openstack-security		12:24
*** dave-mccowan has joined #openstack-security		12:34
*** bknudson has quit IRC		12:51
*** salv-orlando has quit IRC		13:04
*** salv-orlando has joined #openstack-security		13:09
*** bknudson has joined #openstack-security		13:15
*** salv-orl_ has joined #openstack-security		13:24
*** singlethink has joined #openstack-security		13:26
*** salv-orlando has quit IRC		13:27
*** salv-orlando has joined #openstack-security		13:28
*** salv-orl_ has quit IRC		13:32
*** localloop127 has joined #openstack-security		14:20
*** browne has joined #openstack-security		14:30
*** voodookid has joined #openstack-security		14:43
*** dwyde has joined #openstack-security		14:44
*** browne has quit IRC		14:49
*** bpokorny has joined #openstack-security		14:55
*** bpokorny has quit IRC		14:59
*** bpokorny has joined #openstack-security		15:08
tmcpeak	bknudson: you around?	15:12
bknudson	tmcpeak: y	15:12
tmcpeak	bknudson: want to use the config file I made for keystone instead?	15:13
tmcpeak	I'll throw that up on pastebin	15:13
bknudson	tmcpeak: yes, I need to update the config file.	15:13
bknudson	it's actually reporting a lot of failures as is.	15:13
bknudson	just using the default config + changed to skip tests	15:14
tmcpeak	bknudson: http://pastebin.com/FrCXBrYW	15:14
tmcpeak	this defines keystone_conservative and keystone_verbose	15:14
tmcpeak	at least keystone_conservative has no results	15:14
bknudson	[tester] ERROR Bandit internal error running: execute_with_run_as_root_equals_true on file keystone/trust/routers.py at line 51: 'NoneType' object has no attribute '__getitem__'	15:16
bknudson	I get a lot of those.	15:16
tmcpeak	really..?	15:16
tmcpeak	bknudson: can you file a bug?	15:17
tmcpeak	are you using latest?	15:17
tmcpeak	that's bad…	15:17
tmcpeak	I'm wondering how we haven't seen that	15:17
bknudson	tmcpeak: using tox -e bandit with https://review.openstack.org/#/c/157930/ and the config in http://pastebin.com/FrCXBrYW	15:17
bknudson	I didn't see this with the default config ... maybe it's the execute_with_run_as_root_equals_true: were removed?	15:18
bknudson	I'll try it	15:18
tmcpeak	bknudson: oh… maybe that test was renamed	15:18
tmcpeak	bknudson: I'm not getting that error when running locally	15:21
*** browne has joined #openstack-security		15:21
bknudson	hmmm... maybe it's not running right in this tox env.	15:21
tmcpeak	bknudson: yeah, makes sense	15:22
bknudson	tmcpeak: reposted https://review.openstack.org/#/c/157930/ with the updated bandit.yaml	15:23
bknudson	https://review.openstack.org/#/c/157930/2..3/bandit.yaml	15:23
bknudson	are the changes from the default	15:23
bknudson	I still get a lot of hits, e.g., https://review.openstack.org/#/c/157930/2..3/bandit.yaml	15:24
bknudson	oops	15:24
bknudson	>> Use of random is not suitable for security/cryptographic purposes.	15:24
bknudson	>> oslo config option not marked secret=True identified, security issue.	15:24
bknudson	that's a new one since last time.	15:24
bknudson	I don't think I was using the right profile.	15:27
tmcpeak	bknudson bandit -c keystone.yaml -p keystone_conservative	15:30
tmcpeak	should do it	15:30
bknudson	I updated https://review.openstack.org/#/c/157930/ with -p	15:31
bknudson	it runs cleanly now.	15:31
tmcpeak	bknudson: awesome	15:31
*** browne has quit IRC		15:39
openstackgerrit	Nathaniel Dillon proposed openstack/security-doc: Adding new introudctions for chapters missing one https://review.openstack.org/164883	15:40
bknudson	was somebody working on the -infra change for an experimental job already?	15:43
tmcpeak	bknudson: not that I know of	15:43
bknudson	I'll take a stab at it...	15:44
tmcpeak	bknudson: awesome, thank you	15:44
openstackgerrit	Nathaniel Dillon proposed openstack/security-doc: Moving Data processing intro up to chapter file, and touching up intro section https://review.openstack.org/167282	15:54
*** singlethink has quit IRC		15:58
*** singlethink has joined #openstack-security		16:00
*** salv-orlando has quit IRC		16:00
bknudson	tmcpeak: https://review.openstack.org/#/c/157595/2/jenkins/jobs/projects.yaml -- we'll see what the pros say.	16:01
tmcpeak	bknudson: awesome, thanks for setting it up!	16:04
bknudson	I don't know what order things go in... whether it's the jenkins job or keystone change is first	16:05
bknudson	probably the jenkins job would be best then I could run it.	16:05
tmcpeak	bknudson: yeah, those openstack-infra folks are pretty good, they'll probably help push it along :)	16:06
*** salv-orlando has joined #openstack-security		16:07
*** browne has joined #openstack-security		16:26
browne	tmcpeak: by missing config file, you mean the bandit.yaml, right? If so, guess Bandit is still ok since most projects would include their own	16:29
tmcpeak	browne: yeah… missing bandit.yaml. Will be ok for projects, but people that just "pip install bandit" might get annoyed by it, so I'd like to have a version that includes that, although we can probably pin where it is	16:31
*** dwyde has quit IRC		16:45
openstackgerrit	Nathaniel Dillon proposed openstack/security-doc: Moving Data processing intro up to chapter file, and touching up section https://review.openstack.org/167282	16:51
*** hyakuhei has joined #openstack-security		16:52
tmcpeak	browne: you good with setuptools?	17:05
tmcpeak	bknudson: ^?	17:05
bknudson	tmcpeak: no, I've never had to look at it.	17:06
tmcpeak	bknudson: you're fortunate	17:06
browne	not sure i would say good, but i've used it	17:06
tmcpeak	browne: I'm trying to figure out how to make binary setup builds include bandit.yaml in the same directory as bandit.py	17:08
tmcpeak	tkelsey has also tried…	17:08
browne	hmm, not sure you can do that since bandit.py is in the source and bandit.yaml is a config like file. why not install bandit.yaml to /etc/bandit ?	17:09
tmcpeak	browne: that will break Windows	17:09
bknudson	he he	17:09
tmcpeak	lol	17:09
bknudson	is there any other kind?	17:09
browne	ha, well, pretty sure bandit doesn't claim support for windows	17:09
browne	Operating System :: POSIX :: Linux	17:10
browne	Operating System :: MacOS :: MacOS X	17:10
browne	according to your setup.cfg	17:10
tmcpeak	hmm, good point	17:10
tmcpeak	is it fair game for Python packages to install things into etc?	17:10
browne	definitely normal for openstack projects	17:11
tmcpeak	browne: good point… I think tkelsey did have installation into /etc working… although the way Bandit currently works it will still be broken	17:11
tmcpeak	currently config has to be in the same directory you're running in or specified with -c	17:12
browne	can't the code be changed to look to load bandit.yaml from current directory or /etc/bandit/ or etc	17:13
tkelsey	im fixing that, lets go with /etc, any comments?	17:13
browne	giving priority to current directory	17:13
tkelsey	yeah	17:14
tmcpeak	so order of ops 1) -c override, 2) cwd bandit.yaml, 3) /etc/bandit/bandit.yaml	17:15
tmcpeak	gmurphy suggested adding $HOME/.bandit.yaml	17:16
tmcpeak	so 1) -c override, 2) cwd bandit.yaml, 3) $HOME/.bandit.yaml, 4) /etc/bandit/bandit.yaml	17:17
openstackgerrit	Doug Chivers proposed stackforge/anchor: Added validation for CA configuration https://review.openstack.org/164689	17:17
browne	sounds good	17:17
tmcpeak	cool	17:19
*** salv-orlando has quit IRC		17:26
*** hyakuhei has quit IRC		17:27
*** salv-orlando has joined #openstack-security		17:28
*** dwyde has joined #openstack-security		17:30
openstackgerrit	Doug Chivers proposed stackforge/anchor: Added validation for CA configuration https://review.openstack.org/164689	17:40
*** bpokorny has quit IRC		18:01
*** localloop127 has quit IRC		18:03
*** bpokorny has joined #openstack-security		18:03
openstackgerrit	Doug Chivers proposed stackforge/anchor: Added validation for CA configuration https://review.openstack.org/164689	18:04
*** jamielennox\|away is now known as jamielennox		18:04
*** bpokorny_ has joined #openstack-security		18:16
openstackgerrit	Tim Kelsey proposed stackforge/bandit: fixing bandits config settings https://review.openstack.org/167349	18:18
*** bpokorny has quit IRC		18:19
*** localloop127 has joined #openstack-security		18:23
openstackgerrit	Tim Kelsey proposed stackforge/bandit: fixing bandits config settings https://review.openstack.org/167349	18:29
*** dwyde_ has joined #openstack-security		18:42
*** dwyde has quit IRC		18:45
*** dwyde_ is now known as dwyde		18:46
*** hyakuhei has joined #openstack-security		18:48
openstackgerrit	Shellee Arnold proposed openstack/security-doc: Fixes for formatting and grammatical errors https://review.openstack.org/163911	18:56
openstackgerrit	Tim Kelsey proposed stackforge/bandit: fixing bandits config settings https://review.openstack.org/167349	18:57
*** edmondsw has joined #openstack-security		19:10
*** Shail has joined #openstack-security		19:19
*** tkelsey has quit IRC		19:23
openstackgerrit	Merged openstack/security-doc: Reframed the sentence in Authentication methods https://review.openstack.org/165823	19:38
*** tkelsey has joined #openstack-security		19:50
*** dwyde has quit IRC		19:53
*** tkelsey has quit IRC		19:55
*** bpokorny has joined #openstack-security		20:00
*** bpokorny_ has quit IRC		20:03
*** dwyde has joined #openstack-security		20:35
*** localloo1 has joined #openstack-security		20:42
*** localloop127 has quit IRC		20:44
*** dwyde_ has joined #openstack-security		20:55
*** dwyde_ has quit IRC		20:55
*** dwyde_ has joined #openstack-security		20:56
*** dwyde has quit IRC		20:57
*** dwyde_ is now known as dwyde		20:57
*** openstackgerrit has quit IRC		21:07
*** openstackgerrit has joined #openstack-security		21:07
*** bpokorny_ has joined #openstack-security		21:27
openstackgerrit	Merged stackforge/bandit: fixing bandits config settings https://review.openstack.org/167349	21:27
*** bpokorny has quit IRC		21:30
*** edmondsw has quit IRC		21:39
*** dwyde has quit IRC		21:40
*** redrobot has quit IRC		21:42
*** redrobot has joined #openstack-security		21:47
*** redrobot is now known as Guest9385		21:47
*** tristanC has quit IRC		21:48
openstackgerrit	Shellee Arnold proposed openstack/security-doc: Identity in OpenStack Security Guide - Style nits https://review.openstack.org/167409	21:49
*** tristanC has joined #openstack-security		21:49
*** localloo1 has quit IRC		21:57
*** dwyde has joined #openstack-security		21:58
*** Guest9385 is now known as redrobot		22:00
*** bknudson has quit IRC		22:04
openstackgerrit	Shellee Arnold proposed openstack/security-doc: Sentence revision https://review.openstack.org/158354	22:04
*** dwyde has quit IRC		22:28
*** singlethink has quit IRC		22:40
*** salv-orl_ has joined #openstack-security		22:58
*** salv-orlando has quit IRC		23:02
*** voodookid has quit IRC		23:05
*** markvoelker has quit IRC		23:06
*** markvoelker has joined #openstack-security		23:47
*** tkelsey has joined #openstack-security		23:52
*** markvoelker has quit IRC		23:52
*** tkelsey has quit IRC		23:56
*** tmcpeak has quit IRC		23:58

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!