Wednesday, 2016-01-20

« Tuesday, 2016-01-19 Index Thursday, 2016-01-21 »
openstackgerritMerged openstack/bandit: Misspelling in error message in file screen.py  https://review.openstack.org/26986600:13
*** markvoelker has quit IRC00:14
*** markvoelker has joined #openstack-security00:17
*** diazjf has joined #openstack-security00:20
*** diazjf has quit IRC00:20
*** austin987 has quit IRC00:21
*** ccneill has quit IRC00:26
*** austin987 has joined #openstack-security00:32
openstackgerritPatrick Amor proposed openstack/security-doc: Add section on passwords and password managers for Sec Guide Dashboard chapter  https://review.openstack.org/26825600:37
openstackgerritStanislaw Pitucha proposed openstack/anchor: New asn1 modules for CMC support  https://review.openstack.org/26796500:47
*** bpokorny has joined #openstack-security00:55
openstackgerritEric Brown proposed openstack/bandit: Support hacking H104  https://review.openstack.org/26994001:03
openstackgerritEric Brown proposed openstack/bandit: Support hacking H104  https://review.openstack.org/26994001:05
*** salv-orlando has quit IRC01:12
*** jhfeng has joined #openstack-security01:30
*** browne has joined #openstack-security01:36
*** jhfeng has quit IRC01:50
*** jhfeng has joined #openstack-security01:55
*** jhfeng has quit IRC01:56
*** bpokorny_ has joined #openstack-security01:56
*** jhfeng has joined #openstack-security01:58
*** jhfeng has quit IRC01:59
*** jhfeng has joined #openstack-security01:59
*** bpokorny has quit IRC02:00
*** bpokorny_ has quit IRC02:01
*** tmcpeak1 has joined #openstack-security02:01
*** tmcpeak has quit IRC02:01
*** dave-mccowan has joined #openstack-security02:23
*** browne has quit IRC02:30
*** jhfeng has quit IRC02:31
*** edmondsw has quit IRC02:37
*** markvoelker has quit IRC02:42
*** tmcpeak1 has quit IRC02:49
*** browne has joined #openstack-security03:06
*** avarner_ has quit IRC03:12
*** yuanying_ has joined #openstack-security03:18
*** yuanying has quit IRC03:19
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/26998503:23
openstackgerritMerged openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/26998503:58
*** yuanying_ has quit IRC04:05
*** yuanying_ has joined #openstack-security04:07
*** dave-mccowan has quit IRC04:12
*** markvoelker has joined #openstack-security04:14
openstackgerritMerged openstack/bandit: Support hacking H104  https://review.openstack.org/26994004:19
*** yuanying has joined #openstack-security04:20
*** yuanying_ has quit IRC04:22
*** bpokorny has joined #openstack-security04:31
*** yuanying has quit IRC04:37
*** yuanying has joined #openstack-security04:39
*** yuanying has quit IRC04:40
*** bpokorny has quit IRC04:40
*** bpokorny has joined #openstack-security04:42
*** yuanying has joined #openstack-security04:44
*** bpokorny has quit IRC04:44
*** yuanying_ has joined #openstack-security04:49
*** yuanying has quit IRC04:50
*** bpokorny has joined #openstack-security04:57
*** jhfeng has joined #openstack-security05:33
*** jhfeng has quit IRC05:37
*** bpokorny has quit IRC05:43
*** salv-orlando has joined #openstack-security05:49
*** _et_ has quit IRC06:02
*** jamielennox is now known as jamielennox|away06:40
*** liverpooler has quit IRC06:45
*** rcernin has joined #openstack-security07:02
*** browne has quit IRC07:02
*** tjt263 has joined #openstack-security07:02
*** _et_ has joined #openstack-security07:08
*** markvoelker has quit IRC07:11
*** markvoelker has joined #openstack-security07:12
*** markvoelker_ has joined #openstack-security07:18
*** markvoelker has quit IRC07:20
*** markvoel_ has joined #openstack-security07:42
*** markvoelker_ has quit IRC07:43
*** salv-orlando has quit IRC07:49
*** liverpooler has joined #openstack-security08:30
*** liverpooler has quit IRC08:34
*** liverpooler has joined #openstack-security08:35
*** tjt263 has left #openstack-security10:05
*** hyakuhei has joined #openstack-security10:15
*** hyakuhei has quit IRC10:16
openstackgerritMerged openstack/anchor: Add more auth details to the audit message  https://review.openstack.org/25328810:27
openstackgerritMerged openstack/anchor: Add documentation for audit  https://review.openstack.org/25454410:29
*** markd_ has joined #openstack-security10:57
*** _et_ has quit IRC11:03
*** rcernin has quit IRC11:05
*** rcernin has joined #openstack-security11:07
*** rcernin is now known as rcernin|lunch11:13
*** hyakuhei has joined #openstack-security11:21
*** hyakuhei has quit IRC11:42
*** openstackgerrit has quit IRC11:43
*** openstackgerrit has joined #openstack-security11:44
*** harry51s has joined #openstack-security11:49
*** _et_ has joined #openstack-security12:43
*** rcernin|lunch is now known as rcernin13:07
*** dslev has joined #openstack-security13:34
*** dslev has quit IRC13:43
*** chair6_ has joined #openstack-security13:48
*** liverpoo1er has joined #openstack-security13:51
*** raginbaj- has joined #openstack-security13:55
*** electrichead has joined #openstack-security13:55
*** bknudson_ has joined #openstack-security13:55
*** gmurphy_ has joined #openstack-security13:55
*** electrichead is now known as Guest1016413:55
*** gocrazy has quit IRC13:56
*** bknudson has quit IRC13:56
*** d0ugal has quit IRC13:56
*** raginbajin has quit IRC13:56
*** redrobot has quit IRC13:56
*** gmurphy has quit IRC13:56
*** liverpooler has quit IRC13:56
*** chair6 has quit IRC13:56
*** raginbaj- is now known as raginbajin13:56
*** dave-mccowan has joined #openstack-security14:00
*** ninag has joined #openstack-security14:01
*** gocrazy has joined #openstack-security14:02
*** d0ugal has joined #openstack-security14:03
*** timkennedy1 has joined #openstack-security14:22
*** timkennedy1 has left #openstack-security14:25
*** timkennedy has quit IRC14:25
*** jmckind has joined #openstack-security14:27
*** harry51s has quit IRC14:27
*** edmondsw has joined #openstack-security14:33
*** liverpoo1er has quit IRC14:36
*** harry51s has joined #openstack-security14:38
*** jmckind has quit IRC14:40
*** jmckind has joined #openstack-security14:47
*** chair6_ is now known as chair614:51
*** avarner_ has joined #openstack-security15:02
*** sigmavirus24_awa is now known as sigmavirus2415:13
*** tmcpeak has joined #openstack-security15:14
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/27024615:20
*** markvoel_ has quit IRC15:25
*** _et_ has quit IRC15:33
*** jmckind_ has joined #openstack-security15:35
*** jmckind has quit IRC15:38
*** ninag has quit IRC15:43
*** cjschaef has joined #openstack-security15:45
*** markvoelker_ has joined #openstack-security15:46
*** avarner_ has quit IRC15:48
*** Guest10164 is now known as redrobot15:49
*** ninag has joined #openstack-security15:51
*** hyakuhei has joined #openstack-security15:59
*** timkennedy has joined #openstack-security16:01
*** austin987 has quit IRC16:17
*** edtubill has joined #openstack-security16:18
*** diazjf has joined #openstack-security16:22
*** rcernin has quit IRC16:25
*** salv-orlando has joined #openstack-security16:30
*** austin987 has joined #openstack-security16:32
*** bpokorny has joined #openstack-security16:37
*** austin987 has quit IRC16:37
*** elly has joined #openstack-security16:43
ellyWhat's up16:44
elmikonot much16:44
ellyWhy Elmiko16:46
elmikowhy not?16:47
ellyOkay :-)16:47
ellyDo you use OpenStack?16:48
*** elly has quit IRC16:51
openstackgerritMerged openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/27024616:53
*** bpokorny_ has joined #openstack-security16:59
tmcpeak:# ^16:59
*** browne has joined #openstack-security17:01
*** bpokorny has quit IRC17:02
*** avarner_ has joined #openstack-security17:05
*** austin987 has joined #openstack-security17:05
*** jhfeng has joined #openstack-security17:08
*** jhfeng has quit IRC17:20
*** edtubill has quit IRC17:27
*** jhfeng has joined #openstack-security17:35
*** bpokorny_ has quit IRC17:37
*** bpokorny has joined #openstack-security17:38
*** _et_ has joined #openstack-security17:41
*** austin987 has quit IRC17:41
*** austin987 has joined #openstack-security17:43
*** avarner_ has quit IRC17:55
*** browne has quit IRC18:05
*** markd_ has quit IRC18:12
*** avarner_ has joined #openstack-security18:13
*** harry51s has quit IRC18:13
*** diazjf has quit IRC18:14
*** kragniz_ has joined #openstack-security18:17
elmikotmcpeak: i was bummed, that conversation was just starting18:21
*** diazjf has joined #openstack-security18:21
tmcpeakelmiko yeah, I bet18:21
*** kragniz has quit IRC18:22
*** hyakuhei has quit IRC18:23
openstackgerritPatrick Amor proposed openstack/security-doc: Discuss passwords and password managers for Dashboard chapter  https://review.openstack.org/26825618:45
*** browne has joined #openstack-security18:53
*** edmondsw has quit IRC18:57
*** edmondsw has joined #openstack-security18:57
*** cjschaef has quit IRC18:57
*** cjschaef has joined #openstack-security18:57
*** ninag has quit IRC18:57
*** ninag has joined #openstack-security18:57
*** avarner_ has quit IRC18:58
*** avarner_ has joined #openstack-security18:58
*** timkennedy has left #openstack-security19:00
*** ninag has quit IRC19:00
*** bpokorny_ has joined #openstack-security19:01
*** browne has quit IRC19:01
*** bpokorny_ has quit IRC19:01
*** ninag has joined #openstack-security19:02
*** bpokorny_ has joined #openstack-security19:02
*** browne has joined #openstack-security19:02
*** ninag_ has joined #openstack-security19:03
*** cjschaef_ has joined #openstack-security19:04
*** bpokorny has quit IRC19:05
*** liverpooler has joined #openstack-security19:05
*** ninag has quit IRC19:07
*** cjschaef has quit IRC19:07
*** ninag_ has quit IRC19:08
*** ninag has joined #openstack-security19:08
openstackgerritMerged openstack/security-doc: Discuss passwords and password managers for Dashboard chapter  https://review.openstack.org/26825619:12
*** jhfeng has quit IRC19:18
*** bpokorny_ has quit IRC19:34
*** bpokorny has joined #openstack-security19:35
*** diazjf has quit IRC19:35
*** jhfeng has joined #openstack-security19:44
*** diazjf has joined #openstack-security19:47
*** jmckind has joined #openstack-security19:51
*** jmckind_ has quit IRC19:52
*** ccneill has joined #openstack-security19:52
*** jmckind_ has joined #openstack-security19:53
*** jmckind has quit IRC19:57
*** ccneill has quit IRC20:06
*** ninag has joined #openstack-security20:07
*** ccneill has joined #openstack-security20:07
*** salv-orlando has quit IRC20:18
*** bpokorny has quit IRC20:33
*** diazjf1 has joined #openstack-security20:35
*** harry51s has joined #openstack-security20:36
*** diazjf has quit IRC20:37
*** bpokorny has joined #openstack-security20:43
*** ccneill_ has joined #openstack-security20:44
*** ccneill has quit IRC20:45
*** bknudson_ has quit IRC20:46
*** bknudson has joined #openstack-security20:47
openstackgerritHenry Yamauchi proposed openstack/bandit: Broken link to plugin list in file config.rst  https://review.openstack.org/27047520:49
*** ninag has quit IRC21:06
*** bpokorny has quit IRC21:09
*** bpokorny has joined #openstack-security21:09
openstackgerritMerged openstack/bandit: Broken link to plugin list in file config.rst  https://review.openstack.org/27047521:11
openstackgerritChristopher J Schaefer proposed openstack/bandit: Only decode output of subprocess  https://review.openstack.org/27048421:14
*** salv-orlando has joined #openstack-security21:18
*** salv-orlando has quit IRC21:19
*** salv-orlando has joined #openstack-security21:19
*** diazjf1 has quit IRC21:19
*** diazjf has joined #openstack-security21:22
*** ninag has joined #openstack-security21:25
*** ccneill_ has quit IRC21:25
openstackgerritChristopher J Schaefer proposed openstack/bandit: Only decode output of subprocess  https://review.openstack.org/27048421:28
openstackgerritChristopher J Schaefer proposed openstack/bandit: Only decode output of subprocess  https://review.openstack.org/27048421:31
*** timkennedy1 has joined #openstack-security21:34
*** harry51s has left #openstack-security21:41
*** timkennedy1 has quit IRC22:01
*** kragniz_ is now known as kragniz22:12
openstackgerritMerged openstack/bandit: Only decode output of subprocess  https://review.openstack.org/27048422:14
*** edmondsw has quit IRC22:21
Ryan_Lane"Path to a baseline report, in JSON format. Note: baseline reports must be output in one of the following formats: ['screen', 'html', 'txt']"22:26
*** ccneill_ has joined #openstack-security22:26
Ryan_Lane^^ re bandit22:26
Ryan_Lanein json format. must be in screen, html or txt format?22:26
Ryan_Laneso... what does this actually mean?22:26
tmcpeakRyan_Lane: yeah, sorry, that's a little confusing22:27
tmcpeakbaseline outputs one of those three formats, but the input to the baseline process itself is the JSON output from a previous run22:27
tmcpeakso you run against whatever version of your project and output the bandit results in JSON.  Then you run Bandit in baseline mode (-b), provide the previous run result's JSON as input, and then it outputs screen, html, or txt22:28
tmcpeakyou might find the bandit-baseline tool easier to use22:28
Ryan_Lanewhere's the tool?22:30
tmcpeakwhat version are you on?  you might need to update22:31
tmcpeakit should have been in there as of 17 something22:31
Ryan_LaneI can run against master. I don't have a hard requirement22:31
tmcpeakRyan_Lane: https://github.com/openstack/bandit/releases/tag/0.17.022:31
tmcpeakok cool22:32
Ryan_Lanehm. it can't re-output as json? :(22:32
tmcpeakthat should work too then22:32
tmcpeakRyan_Lane: not currently, here's why22:32
tmcpeakwith Bandit Baseline there are some cases where we've found a new issue but we can't tell specifically where in the file it is.  So we present candidate issues22:32
tmcpeakwe haven't written a JSON output for that yet, but it shouldn't be much work to do so22:33
Ryan_Laneok22:33
Ryan_LaneI really need to be able to parse the results, so I guess I can't use the baseline22:33
tmcpeakRyan_Lane: is that something you'd like?  I can add it to our launchpad blueprints22:33
*** ccneill_ has quit IRC22:33
tmcpeakRyan_Lee: hmm, ok, we should be able to get that implemented pretty easily22:34
Ryan_Lanehm. I'm not totally sure how thus bandit-baseline tool works22:34
Ryan_Lanewhere's the baseline come from?22:34
tmcpeakso the idea is that you are running on a project that had pre-existing issues, but you still want to run a Bandit gate22:34
Ryan_Laneright. does it look for the baseline in a specific location?22:34
tmcpeakthe baseline basically says: "only show me new Bandit issues that were introduced between the last commit and the current commit"22:34
Ryan_Laneah. it runs it twice, against two commits?22:35
tmcpeakRyan_Lane: the bandit baseline tool actually automates checking out the parent commit, running Bandit, generating the JSON, checkout out the current commit, re-running and generating the diff results22:35
tmcpeakRyan_Lane: yep22:35
Ryan_Laneah. cool22:35
Ryan_Lanenow the tricky question ;)22:35
Ryan_Lanewhat if you're using github? :)22:35
tmcpeaknormal git commands work on github stuff right?22:35
Ryan_Laneyeah, but pull-requests are a set of commits22:36
tmcpeakahhh22:36
Ryan_Lanein a branch22:36
Ryan_Lanewe rebase down into a single commit before merge, but the PR itself doesn't know about this22:36
tmcpeakok, yeah the baseline tool doesn't automate that.  So basically you'd execute the command to run Bandit against the current branch, output JSON, do the fetch of the pull request, run again22:36
tmcpeakRyan_Lane: is there a way to clone the pull request merged to the original project?22:37
Ryan_Lanewhen you clone you get the PR/branch info22:37
tmcpeakthere must be as people would normally want to test before approving the pull, right?22:37
Ryan_Laneassuming it's jenkins22:37
Ryan_Laneso ideally it would just baseline against master22:38
tmcpeakthe baseline tool won't do it, but I think you could write a pretty simple shell script that would do what you're talking about22:38
Ryan_Laneis this the baseline tool? https://github.com/openstack/bandit/blob/master/bandit/cli/baseline.py22:39
tmcpeakthe baseline tool itself started off as shell mumbo jumbo before we ported it to python and pygit and all that good stuff22:39
tmcpeakyep22:39
tmcpeakhang on, let me drag up equivalent shell so you can get an idea22:40
Ryan_Laneseems like I should be able to add a --branch flag so that this would let me specify the commit: https://github.com/openstack/bandit/blob/master/bandit/cli/baseline.py#L6622:40
Ryan_Laneso parent would be the commit of the branch22:41
tmcpeakRyan_Lee: http://paste.openstack.org/show/484465/22:43
tmcpeakshell this was based on22:43
* Ryan_Lane nods22:44
tmcpeakRyan_Lee: yeah, that would be a cool enhancement22:44
Ryan_LaneI'd really like to avoid branch switching and such via the cli22:44
Ryan_Lanesince I don't want to possible mess with other tests that may run22:44
Ryan_Lanepossibly*22:45
Ryan_Lanecan't type today22:45
Ryan_LaneI guess gitpython is doing this anyway, since it's just shelling out22:45
tmcpeakyou should be able to get the same thing by tweaking the shell a little bit and just cloning the "parent" and current into two different locations22:45
tmcpeakyeah gitpython is all shelling on the backend22:45
Ryan_Lanegitpython makes me sad ;)22:46
tmcpeakRyan_Lee: added: https://blueprints.launchpad.net/bandit/+spec/json-output-for-baseline-tool22:46
tmcpeakthe nasty shell mumbo-jumbo I had in there before made browne even sadder I think22:46
Ryan_Lanetmcpeak: awesome. thanks :)22:46
Ryan_Lanetmcpeak: hahaha22:46
Ryan_Lanehttp://www.pygit2.org/ <322:46
*** jamielennox|away is now known as jamielennox22:47
tmcpeakRyan_Lee: cool, yeah JSON baseline output should be easy to add22:47
tmcpeakooh22:47
Ryan_Lanedulwich is also nice, but its docs are just the worst22:47
tmcpeakthis looks nicer22:47
Ryan_Laneyeah. pygit2 is really nice22:47
brownehaha yes command output parsing usually leads to bugs22:48
Ryan_LaneI also need to open a bug for being able to disable individual tests22:48
Ryan_Lanelike # nosec-b10822:48
*** cjschaef_ has quit IRC22:49
Ryan_Lanealso, is there any guidance on test numbering for plugins?22:49
tmcpeakRyan_Lee: that's coming very soon, we're actively working on better include and exclude now22:49
Ryan_Laneright now all the plugins are included in the main repo, but very soon that won't be true22:49
Ryan_Lane(really, really soon ;) )22:49
tmcpeakRyan_Lane: awesome, got something up your sleeve?22:49
*** avarner_ has quit IRC22:49
Ryan_LaneI hope to release something in the next week or so22:50
tmcpeakawesome22:50
Ryan_Lanea plugin that looks for hardcoded secrets, but considers the values of the strings as well22:50
tmcpeakinteresting, how do you mean?22:50
Ryan_Laneso looks into tuples, dicts, lists, assignments, comparisons, function calls function definitions22:51
tmcpeakhardcoded secrets is something we've had trouble with.  The plugin we have is very noisy so I only enable it for pentesting22:51
Ryan_Laneso far mine is noisy for confidence levels below high22:51
Ryan_Lanebut pretty good on high22:51
tmcpeakoh cool22:51
tmcpeakcan't wait to check it out22:51
Ryan_LaneI have ways of bumping confidence one way or the other22:51
Ryan_Laneincluding entropy of strings22:51
tmcpeaklegit22:52
tmcpeakif it's better than the one we've got I'd encourage you to contribute it to main Bandit22:52
Ryan_Lanehm. maybe I can do that.22:52
Ryan_Lanethe only external requirement is zxcvbn22:53
Ryan_Lanewe may keep it separately so that we can iterate on it outside of bandit releases22:53
tmcpeakahh ok, yeah it's not in g-r so we should bundle it separately22:53
tmcpeakcool, fair enough22:53
Ryan_Laneg-r?22:53
tmcpeakopenstack global requirements22:54
Ryan_Laneah22:54
Ryan_Laneyeah, we're not really using openstack :)22:54
tmcpeaksince we're an openstack project we can't include requirements that aren't in the global requirements list22:54
tmcpeakahh ok cool22:54
Ryan_Lanesome of the openstack-security things are useful so far, though22:54
tmcpeakthis seems like a perfect use for our (somewhat) newly implemented modular plugin loading22:54
Ryan_LaneI'm now also looking at anchor :)22:54
tmcpeakawesome!22:54
tmcpeakwhere do you work?22:54
*** sigmavirus24 is now known as sigmavirus24_awa22:54
Ryan_LaneLyft22:55
tmcpeakahh cool22:55
Ryan_LaneI used to be at Wikimedia foundation. I did use openstack there22:55
tmcpeakyeah our hope is that a lot of the tools we write can help with security overall, not just OpenStack22:55
Ryan_Laneyeah22:56
Ryan_LaneI'll probably add an auth module to anchor if I use it22:56
tmcpeakawesome22:56
Ryan_Lanewe have a weird AWS based auth (http://lyft.github.io/confidant/advanced/service_to_service_auth/)22:56
tmcpeakhyakuhei, tkelsey, and dg are in England and hopefully sleeping, but those guys are pretty involved with Anchor if you want to discuss your uses with them22:57
* Ryan_Lane nods22:57
*** jmckind_ has quit IRC22:57
Ryan_LaneI talked with them a bit about a backend I want22:57
tmcpeakhmm, yeah this looks like it might be a good extension to Anchor22:58
Ryan_LaneI want ephemeral overlapping CAs, not just ephemeral certs22:58
tmcpeakephemeral CA's?22:58
Ryan_Lanewe're very non-trusting. so the idea is to replace the entire chain frequently22:58
tmcpeakheh, interesting22:58
Ryan_Lanealways have two valid, with overlapping time-frames22:58
tmcpeakseems like a lot of effort to rotate the trust on the client22:59
Ryan_Lanemaybe :)22:59
tmcpeakI'd be curious to see what you guys come up with23:00
Ryan_Laneyeah. haven't really decided to go down this path yet, but we'll see :)23:00
Ryan_Lanedoes keystone support roles and policy (like AWS's IAM roles and policy) yet?23:00
tmcpeakI'm not sure, bknudson is probably the one to answer that23:01
*** ninag has quit IRC23:02
bknudsonRyan_Lane: what are you trying to do?23:02
Ryan_Lanebknudson: wondering because I leverage that and AWS's KMS system pretty heavily based on IAM roles and their policy for things like auth and assymetric encryption23:03
bknudsonkeystone has roles, and openstack services support a policy file... I don't know if this is like AWS's roles and policies.23:03
Ryan_Lanebasically "let x role encrypt using the key, if the AAD has {'from': 'x'}"23:03
*** B_Smith has quit IRC23:04
Ryan_Laneand "let role y decrypt using the key, if AAD has {'to': 'y'}"23:04
Ryan_Laneassymetic encryption, using symmetric encryption, basically.23:04
bknudsonencrypt and decrypt are REST services?23:05
Ryan_Laneyes23:05
*** B_Smith has joined #openstack-security23:05
Ryan_Laneand that service enforces actions based on policy (and AES-GSM's AAD)23:05
bknudsonI don't know if OpenStack provides an encryption and decryption service?23:05
Ryan_Lanebarbican23:05
Ryan_Lanebut I guess that just stores secrets23:05
bknudsonif there was an encryption and decryption service, then it would be up to that service to implement RBAC.23:08
bknudsonmost openstack services implement rbac.23:09
Ryan_Laneyep. in AWS's IAM you define the allowed things a role (or user) is allowed to do, based on the RBAC policies of the services23:09
Ryan_LaneI know keystone was looking at that at some point23:09
bknudsonkeystone provides a token that has the roles. the services can use the roles to allow/disallow operations.23:10
* Ryan_Lane nods23:10
*** jhfeng has quit IRC23:16
*** diazjf has quit IRC23:22
*** dave-mccowan has quit IRC23:33
*** winterIsLeaving has quit IRC23:38
*** winterIsLeaving has joined #openstack-security23:38
*** sigmavirus24_awa is now known as sigmavirus2423:46
Ryan_Lanedidn't write a blog post about this yet, but I just made this repo public: https://github.com/lyft/bandit-high-entropy-string23:55
tmcpeakRyan_Lane: ahh cool23:57
*** sigmavirus24 is now known as sigmavirus24_awa23:59
tmcpeakthis looks awesome23:59
« Tuesday, 2016-01-19 Index Thursday, 2016-01-21 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!