Friday, 2015-07-31

austin_laptopis it expected that bandit exits status 1 with no issues found?
sigmavirus24austin_laptop: does it report issues without -lll?00:37
sigmavirus24if so, it is probably not altering the exit code depending on what level you're picking00:37
austin_laptopsigmavirus24, yeah, there are a lot of low issues (mostly asserts), but no medium/high00:38
sigmavirus24So yeah, I would file a bug for that00:40
sigmavirus24I'm not *certain* that it's a bug, but it sounds like a bug to me00:40
austin_laptopsigmavirus24, kk, thanks00:40
openstackLaunchpad bug 1480014 in Bandit "bandit does not respect -level for exit code" [Undecided,New]00:43
*** jmckind has quit IRC00:45
sigmavirus24thanks austin_laptop00:49
*** elo has quit IRC00:53
openstackgerritDave Walker proposed openstack/bandit: Actually default to /etc/ rather than just claim
*** browne has quit IRC00:59
*** bpokorny has quit IRC01:07
sigmavirus24fwiw, I proposed since the gentoo maintainer just put together a package for Bandit01:18
sigmavirus24It appears our requirements don't follow g-r very well so there's ambiguity in some of the package versions (e.g., pbr)01:19
openstackgerritMerged openstack/anchor: Fix Keystone Auth and Tests
*** salv-orlando has joined #openstack-security02:08
*** sigmavirus24 is now known as sigmavirus24_awa02:12
*** salv-orlando has quit IRC02:15
*** markvoelker has joined #openstack-security02:19
*** markvoelker_ has joined #openstack-security02:21
*** markvoelker has quit IRC02:23
*** browne has joined #openstack-security02:26
*** openstackgerrit has quit IRC02:31
*** openstackgerrit has joined #openstack-security02:31
*** markvoelker_ has quit IRC03:23
*** markvoelker_ has joined #openstack-security03:26
*** h00327910__ has quit IRC03:28
*** sdake_ has joined #openstack-security03:42
*** sdake has quit IRC03:43
*** sdake_ has quit IRC03:45
*** sdake has joined #openstack-security03:45
*** sdake_ has joined #openstack-security03:51
*** sdake has quit IRC03:52
*** nkinder has quit IRC03:52
*** edmondsw has quit IRC03:56
*** salv-orlando has joined #openstack-security04:00
openstackgerritNathaniel Dillon proposed openstack/security-doc: Updating missing link in object storage section
*** salv-orlando has quit IRC04:07
openstackgerritNathaniel Dillon proposed openstack/security-doc: Adding file permissions section
*** sdake_ has quit IRC04:21
*** sdake has joined #openstack-security04:21
*** ela2 has joined #openstack-security04:24
*** sdake has quit IRC04:28
*** sdake_ has joined #openstack-security04:28
*** sdake has joined #openstack-security04:31
*** sdake_ has quit IRC04:31
*** ela2 has quit IRC04:32
*** sdake_ has joined #openstack-security04:36
*** sdake has quit IRC04:36
*** sdake_ has quit IRC04:41
*** sdake has joined #openstack-security04:42
*** sdake has quit IRC04:44
*** sdake has joined #openstack-security04:45
*** sdake has quit IRC04:47
*** sdake has joined #openstack-security04:47
*** tkelsey has joined #openstack-security05:07
*** tkelsey has quit IRC05:12
*** salv-orlando has joined #openstack-security05:13
openstackgerritNathaniel Dillon proposed openstack/security-doc: Trying to add numbers and orders to commands
*** salv-orlando has quit IRC05:20
*** salv-orlando has joined #openstack-security05:21
*** misc_ is now known as misc05:24
*** ig0r_ has joined #openstack-security05:24
*** salv-orlando has quit IRC05:27
*** sdake has quit IRC05:35
*** sdake has joined #openstack-security05:41
*** markvoelker_ has quit IRC05:48
*** shohel has joined #openstack-security05:51
*** ig0r__ has joined #openstack-security06:11
*** ig0r_ has quit IRC06:12
*** ig0r_ has joined #openstack-security06:24
*** ig0r_ has quit IRC06:24
*** salv-orlando has joined #openstack-security06:26
*** salv-orlando has quit IRC06:37
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Imported Translations from Transifex
*** salv-orlando has joined #openstack-security06:46
*** markvoelker has joined #openstack-security06:48
*** browne has quit IRC06:49
*** markvoelker has quit IRC06:53
*** maikol1 has joined #openstack-security07:01
maikol1hola como esran07:02
*** maikol1 has left #openstack-security07:06
openstackgerritStanislaw Pitucha proposed openstack/anchor: Move sample config for tests to one place
*** salv-orlando has quit IRC07:33
*** salv-orlando has joined #openstack-security07:49
*** tkelsey has joined #openstack-security08:12
*** salv-orlando has quit IRC08:27
*** alex_klimov has joined #openstack-security08:38
*** markvoelker has joined #openstack-security08:49
*** shohel has quit IRC08:52
*** markvoelker has quit IRC08:54
*** fubi has joined #openstack-security09:04
*** elo has joined #openstack-security09:22
*** shohel has joined #openstack-security09:25
*** salv-orlando has joined #openstack-security09:48
openstackgerritStanislaw Pitucha proposed openstack/anchor: Implement new API format
*** dg_ has joined #openstack-security10:05
dg_Daviey you around?10:06
dg_Daviey when you are around - have you tested your patch with an actual keystone service? Im bombing on line 46 here because the json Im getting back from the keystone server does not have any role information10:12
*** elo has quit IRC10:34
Davieydg_: hey10:38
Davieydg_: Yes, I tested it with a real keystone service :/10:39
dg_how had you configured the users on the keystone service?10:40
Davieydg_: but it shouldn't crap ut @ 4610:40
DavieyThat only craps out if Auth failed10:40
dg_or if there is no role information10:40
Davieyif req.status_code != 200:10:40
DavieyThe role is used later on10:40
dg_heh more fun than that10:40
Davieydg_: what error code did you get back then?10:41
Daviey'response code'10:41
dg_Im getting a 200 back10:41
dg_line 37 is doing just fine, passes that10:42
Davieyoh sorry, i count good.10:42
dg_gets the username successfully at line 4410:42
Davieydg_: So that is the same reason the old method failed..10:42
dg_because there is no role info?10:43
Davieythe old method would NEVER get a role back as that didn't support it10:43
Davieybut this one does.. i am guessing your token has no role10:43
dg_so my token looks like this:
dg_and yes, it has no role10:43
Davieydg_: So that is a correct failure?10:44
Davieyso life is good?10:44
DavieyThe minimum requirement is that you have /some/ role10:45
dg_kinda - I wanted to check that you had actualyl tested this against a live service, because my service doesnt seem to be giving role info10:45
dg_yeah thats the min requirement at this point10:45
dg_so the question is - why doesnt my keystone user have a role?10:45
Davieyyeah, i had it working.. giving me certs and everyfink10:45
Davieydg_: I used the out of the box demo and admin users that devstack creates10:46
Davieywhich have roles10:46
dg_hmm i havent tried it with demo, because i didnt know the password for that user, but i have exactly the same issue with the admin user10:46
Davieydg_: This is real json that i got back by doing a logging dump in anchor,
dg_ok I'll go ask a keystone guy why my roles arent working10:48
Davieydg_: Ah, if you do --> :~/devstack$ . openrc demo10:48
DavieyD$ env | grep ^OS10:48
Davieydg_: I think you need to create roles for new users first10:48
dg_so if I ask my user what its roles are, i get this:
dg_which leads me to believe that anchoruser has the role 'Member' in the 'admin' project10:49
Davieydg_: does it work if you use the demo or admin user?10:51
dg_not with admin10:52
dg_just trying to find demo password10:52
Davieyi wonder if it is to do with your token scoping ?10:52
Davieydg_: openrc means you don't need the password10:52
Davieyjust source it with $ . openrc demo10:52
dg_yeah ive done that10:52
Davieydg_: I'm going to try and reproduce10:53
dg_ok, do you have vagrant10:54
Davieyi do.. but i'll do it another way10:54
dg_ahh ok, because you can have an exact example of my keystone setup using this:
Davieyi find vagrant really nice... until it goes wrong10:55
dg_(yes I shamelessly stole your local.conf - I owe you a beer)10:55
Davieydg_: Your conf is missing enable anchor?10:56
dg_yeah this is just to get keystone up and running, I wanted to use my local copy of anchor10:57
Davieyoh ok10:57
dg_this way I can nuke either without affecting the other10:57
dg_(and run devstack on my workstation while keeping my anchor dev work on my air)10:57
*** ig0r__ has quit IRC11:15
Davieydg_: Are you wearing your plaid today?11:18
*** ig0r_ has joined #openstack-security11:18
*** ig0r__ has joined #openstack-security11:19
dg_i take it that just leaked?11:20
Davieydg_: yeah11:23
dg_awesome video11:25
dg_i tend not to read our internal social media, but im guessing the dress code upset everyone11:25
dg_what user is that for?11:36
dg_Daviey ^^11:38
openstackgerritDave Walker proposed openstack/anchor: [WIP] Initial commit of devstack plugin
Davieydg_: I tried as admin and demo11:40
dg_and you got roles back both times?11:40
dg_what devstack setup is that using?11:42
dg_the anchor integrated into devstack one?11:42
Davieydg_: $ . openrc demo11:46
Daviey$ export $(openstack token issue --format shell --prefix OS_ )11:47
Daviey$ curl -F user='JUNK'     -F secret=$(echo $OS_id | sed -e 's/^"//'  -e 's/"$//') -F encoding=pem     -F 'csr=<'11:47
Davieyyes, horrible use of sed i know11:47
Davieythat is using the devstack/anchor integrated one11:47
dg_ok so thats interesting, as far as I can tell, I dont have a OS_id set after running .openrc demo11:49
Davieyi added logger.debug(roles) and returned [u'Member', u'anotherrole']11:50
dg_and as far as I can tell, the only difference that should be between your and my keystone setups is your devstack also includes anchor, and mine doesnt11:50
Davieydg_: sorrt, os_id is set from my export11:50
Daviey11:47 < Daviey> $ export $(openstack token issue --format shell --prefix OS_ )11:50
dg_ahh yeh missed that my bad11:51
Davieythat grabs my token as $OS_id11:51
Davieydg_: You did patch your config.json?11:51
dg_no, do i need to?11:53
dg_wait, you mean in anchor?11:53
dg_irrelevant, atm Im just trying to get data back from keystone with roles in it11:53
dg_once keystone data has roles, anchor will work, but i cant figure out why it doesnt11:54
Davieydg_: oh wait11:55
Davieywhat verb are you using/11:55
dg_umm, whatever the default in the openstack curl examples is,11:57
Davieydg_: You are using the old broken method11:57
Davieycurl -H "X-Auth-Token: $TOKEN" -H "X-Subject-Token: $TOKEN" http://$keystone/v3/auth/tokens11:57
Davieydg_: == the way it ued to be done.. the one that was broken because it didn't return roles :)11:58
DavieyThat was POST, we now use GET12:00
dg_yeah thats it, thanks Dave12:00
dg_which is funny, because I copied and pasted that from the API docs, where it shows roles in the results
Davieypass!  I've got to go.. Speak later o/12:03
openstackgerritMerged openstack/security-doc: Imported Translations from Transifex
*** ig0r__ has quit IRC12:22
*** viraptor has quit IRC12:26
*** ig0r__ has joined #openstack-security12:27
*** edmondsw has joined #openstack-security12:36
*** browne has joined #openstack-security12:57
*** salv-orlando has quit IRC13:13
*** bknudson has quit IRC13:16
*** bknudson has joined #openstack-security13:23
*** markvoelker has joined #openstack-security13:26
*** browne has quit IRC13:26
*** jmckind has joined #openstack-security13:27
*** singlethink has joined #openstack-security13:30
*** markvoelker_ has joined #openstack-security13:30
*** markvoelker has quit IRC13:31
*** ig0r__ has quit IRC13:34
*** jmckind has quit IRC13:36
*** jmckind has joined #openstack-security13:37
*** singleth_ has joined #openstack-security13:59
*** singlet__ has joined #openstack-security14:01
*** singlethink has quit IRC14:02
*** sigmavirus24_awa is now known as sigmavirus2414:03
*** singleth_ has quit IRC14:04
*** dg_ has quit IRC14:07
*** singlethink has joined #openstack-security14:11
*** singlet__ has quit IRC14:14
*** fubi has quit IRC14:17
*** h00327910__ has joined #openstack-security14:24
*** markvoelker_ has quit IRC14:40
*** salv-orlando has joined #openstack-security14:53
*** voodookid has joined #openstack-security15:05
openstackgerritMerged openstack/security-doc: fix instance management case studies
*** singleth_ has joined #openstack-security15:12
*** bpokorny has joined #openstack-security15:15
*** singlethink has quit IRC15:16
*** JAHoagie has joined #openstack-security15:38
*** singleth_ has quit IRC15:43
*** elo has joined #openstack-security15:45
*** shohel has quit IRC15:52
*** markvoelker has joined #openstack-security15:59
*** markvoelker has quit IRC16:02
*** browne has joined #openstack-security16:04
*** JAHoagie has quit IRC16:07
*** JAHoagie has joined #openstack-security16:10
*** tkelsey has quit IRC16:13
*** ig0r__ has joined #openstack-security16:21
*** singlethink has joined #openstack-security16:23
*** JAHoagie has quit IRC16:26
*** sdake has quit IRC16:26
*** alex_klimov has quit IRC16:28
openstackgerritOpenStack Proposal Bot proposed openstack/anchor: Updated from global requirements
*** sdake has joined #openstack-security16:37
*** tkelsey has joined #openstack-security16:39
*** JAHoagie has joined #openstack-security16:42
*** tkelsey has quit IRC16:43
*** amit213 has quit IRC16:50
*** amit213 has joined #openstack-security16:50
*** browne has quit IRC16:53
*** markvoelker has joined #openstack-security17:03
*** tjt263 has joined #openstack-security17:10
*** ig0r__ has quit IRC17:24
*** salv-orlando has quit IRC17:25
*** markvoelker has quit IRC17:26
*** browne has joined #openstack-security17:36
*** sdake has quit IRC17:39
*** sdake has joined #openstack-security17:40
*** sdake has quit IRC17:44
*** sdake has joined #openstack-security17:45
*** singleth_ has joined #openstack-security18:00
*** singlethink has quit IRC18:02
*** bknudson has quit IRC18:15
*** bknudson has joined #openstack-security18:21
sicarieelmiko: ping18:25
*** salv-orlando has joined #openstack-security18:27
sigmavirus24oh btw18:27
sigmavirus24zuul is back to normal everyone18:27
sigmavirus24we can go back to approving things18:27
*** markvoelker has joined #openstack-security18:28
elmikosicarie: hey18:28
elmikosigmavirus24: i wanna chat when you have some time, i'm curious about your thoughts re: keystone v3 compliance18:29
*** bpokorny_ has joined #openstack-security18:29
sigmavirus24elmiko: today is not that day =P18:29
elmikosigmavirus24: ack, i'll mention it again next week18:30
sigmavirus24or shoot me an email18:30
elmikoohh, now there's a novel idea ;)18:30
sigmavirus24I can set a reminder for emails18:30
sigmavirus24So I wont' forget it ideally18:30
sicarieelmiko: will you be able to take the sec-guide meeting for the next 2 weeks?18:31
*** JAHoagie has quit IRC18:31
sicarieI'm going to be traveling without safe connection18:31
elmikosicarie: sure, i'll be available. do you want to discuss priorities?18:31
elmikoi'm guessing finishing the rst conversion is top18:31
*** bpokorny has quit IRC18:31
sicarieYeah, that's really it18:32
sicarieOnce the migration comes through we can start on changes again18:32
elmikook, sure18:32
sicarieThe mid-cycle isn't for another month18:32
elmikostill hoping i can make it18:32
sicarieso we'll have time to plan for that18:32
elmikoand i guess we'll just keep pushing on the fews bugs that remain18:33
elmikoand maybe Daviey's proposal about the side bar18:33
sicarieYep - I hope to be able to be on once or twice, but I'm going to BlackHat/DefCon, so it may not happen securely18:33
elmikoooo, luck-eeee18:34
* elmiko wants to go too18:34
sicarieyeah, it should b efun18:34
sicarieAt the same token, I'm not sure how much more I'm going to get to do on those issues I started yesterday18:34
*** JAHoagie has joined #openstack-security18:35
sicarieI'm going to try to push stuff over the weekend and get them passing tox18:35
elmikodid you ever get your tox working?18:35
sicarieHaven't had time to look at it :)18:35
sicarieWorking on internal stuff - trying to get that wrapped up before traveling18:35
elmikofor sure18:35
*** salv-orlando has quit IRC18:36
sicarieand then taking an old laptop i plan on reimaging to vegas, so don't really want to push keys and stuff on there...18:36
elmikoro / mount imo18:36
elmikoand yea, no worries about the doc meetings. we'll keep the ship upright =)18:36
sicarieI keep trying to get a bootable Tails image up, but again, no time to troubleshoot18:36
elmikohave fun at BH/DC18:37
sicariefor sure :)18:37
*** markvoelker has quit IRC18:37
elmikoi look forward to some good stories ;)18:37
sicarieyeah, i'm a boring old guy, I have a feeling there won't be many stories18:38
elmikoi know the feeling18:38
sicarieespecially because I don't find Vegas that fun18:38
sicarieit's interesting for about a day, and then it just gets old18:38
elmikoyea, kinda crazy in vegas18:38
elmikosigmavirus24: this is beautiful  /me tips fedora18:40
*** tkelsey has joined #openstack-security18:40
elmikoit's really been too long since i've seen some C code, and it's only been like 1.5 years lol18:40
sigmavirus24that's still more recent than when I wrote that code18:41
*** sdake has quit IRC18:42
*** tkelsey has quit IRC18:44
*** sdake has joined #openstack-security18:44
*** singlethink has joined #openstack-security18:47
sigmavirus24I used to recreationally write C18:50
sigmavirus24That should tell you a lot about my idea of fun18:50
*** singleth_ has quit IRC18:50
elmikonice, i approve =)18:50
elmikoalthough in fairness, i use to write assembly for fun (when i was in h.s./college)18:51
miscwell, unless you say "fortran for fun", that's not so unusual18:55
sicarieI wrote a fortran compiler in yacc and bison :(18:56
sicarieoh college, back when I didn't know any better....18:57
elmikomisc: "fortran for fun".... syntax error18:59
*** salv-orlando has joined #openstack-security19:01
*** elo has quit IRC19:06
*** ig0r__ has joined #openstack-security19:12
*** sicarie has quit IRC19:21
*** elo has joined #openstack-security19:25
*** ig0r_ has quit IRC19:26
*** singlethink has quit IRC19:31
Davieyelmiko: The sidebar release should be imminent.. it is merged, just waiting for a release to be cut19:32
*** singlethink has joined #openstack-security19:32
*** openstack has joined #openstack-security19:34
*** ig0r__ has quit IRC19:35
elmikoDaviey: awesome, we can discuss more on monday19:36
*** sdake has quit IRC19:38
*** sdake has joined #openstack-security19:39
*** ig0r_ has joined #openstack-security19:39
*** ig0r_ has quit IRC19:46
*** JAHoagie has quit IRC19:51
*** jmckind has quit IRC19:57
*** jmckind has joined #openstack-security19:58
*** jmckind has quit IRC19:58
*** singleth_ has joined #openstack-security19:58
*** jmckind has joined #openstack-security19:59
*** JAHoagie has joined #openstack-security19:59
*** sdake_ has joined #openstack-security20:01
*** singlethink has quit IRC20:02
*** sdake has quit IRC20:05
*** elo has quit IRC20:11
*** austin_laptop has quit IRC20:22
openstackgerritPriti Desai proposed openstack/security-doc: Updating Reference - Identity
openstackgerritPriti Desai proposed openstack/security-doc: Updating Reference - Identity
openstackgerritPriti Desai proposed openstack/security-doc: Updating Reference - Identity
*** tkelsey has joined #openstack-security20:40
*** bpokorny has joined #openstack-security20:41
*** bpokorny_ has quit IRC20:45
*** tkelsey has quit IRC20:45
*** sdake_ is now known as sdake20:46
*** elo has joined #openstack-security20:51
*** elo1 has joined #openstack-security21:00
*** JAHoagie has quit IRC21:03
*** elo has quit IRC21:04
*** JAHoagie has joined #openstack-security21:04
*** hiddentoken has joined #openstack-security21:38
*** hiddentoken has quit IRC21:39
*** hiddentoken has joined #openstack-security21:40
*** elo1 has quit IRC21:41
*** jmckind has quit IRC21:42
*** sdake has quit IRC21:54
*** sdake has joined #openstack-security21:54
*** sdake has quit IRC22:02
*** sdake has joined #openstack-security22:25
*** Surface has joined #openstack-security22:26
*** Surface has quit IRC22:27
openstackgerritJeffrey Olsen proposed openstack/security-doc: Update links that point to other documentation guides
openstackgerritMerged openstack/bandit: Add all available plugins to an example profile
*** singleth_ has quit IRC22:52
*** tkelsey has joined #openstack-security23:04
*** voodookid has quit IRC23:05
*** tkelsey has quit IRC23:11
*** sigmavirus24 is now known as sigmavirus24_awa23:26
*** elo has joined #openstack-security23:47
*** sdake has quit IRC23:57
*** elo has quit IRC23:57

Generated by 2.14.0 by Marius Gedminas - find it at!