Tuesday, 2016-09-06

*** sc4nx has joined #openstack-security00:41
*** sc4nx has quit IRC00:43
*** austin987 has quit IRC00:45
*** knangia has joined #openstack-security00:47
*** markvoelker has joined #openstack-security00:53
*** austin987 has joined #openstack-security00:59
*** yuanying has joined #openstack-security01:24
*** yuanying has quit IRC01:24
*** agireud has quit IRC02:18
*** agireud has joined #openstack-security02:25
*** salv-orl_ has joined #openstack-security02:29
*** agireud has quit IRC02:30
*** salv-orlando has quit IRC02:32
*** agireud has joined #openstack-security02:40
*** yuanying has joined #openstack-security02:52
*** markvoelker has quit IRC02:53
*** yuanying has quit IRC02:55
*** yuanying has joined #openstack-security02:57
*** jass93 has joined #openstack-security03:00
*** yuanying has quit IRC03:00
*** yuanying has joined #openstack-security03:00
*** jass93 has quit IRC03:04
*** jass93 has joined #openstack-security03:05
*** yuanying has quit IRC03:18
*** yuanying has joined #openstack-security03:20
*** yuanying has quit IRC04:00
*** yuanying has joined #openstack-security04:02
*** sdake has joined #openstack-security04:05
*** B_Smith has quit IRC04:07
*** B_Smith has joined #openstack-security04:14
*** sdake has quit IRC04:25
*** sdake has joined #openstack-security04:50
*** B_Smith has quit IRC04:55
*** dikonoor has joined #openstack-security04:55
*** sdake has quit IRC05:01
*** dikonoor has quit IRC05:06
*** sdake has joined #openstack-security05:10
*** sdake has quit IRC05:17
*** liverpooler has quit IRC05:42
*** pcaruana has joined #openstack-security06:48
*** markvoelker has joined #openstack-security06:54
*** markvoelker has quit IRC06:59
*** tesseract- has joined #openstack-security07:00
*** liverpooler has joined #openstack-security07:10
*** B_Smith has joined #openstack-security07:31
*** austin987 has quit IRC07:33
*** B_Smith has quit IRC07:45
*** tsufiev_ is now known as tsufiev08:13
*** jass93 has quit IRC08:15
*** markvoelker has joined #openstack-security08:19
*** jass93 has joined #openstack-security08:20
*** markvoelker has quit IRC08:24
*** salv-orlando has joined #openstack-security08:29
*** salv-orl_ has quit IRC08:32
*** sdake has joined #openstack-security09:45
*** sdake has quit IRC10:33
*** jass93 has quit IRC11:38
*** jass93 has joined #openstack-security11:42
*** salv-orl_ has joined #openstack-security11:52
*** salv-orlando has quit IRC11:52
*** edmondsw has joined #openstack-security12:13
*** liverpooler has quit IRC12:21
*** zhihui has quit IRC12:23
*** woodster_ has joined #openstack-security12:26
*** pcaruana has quit IRC12:50
*** dave-mccowan has joined #openstack-security12:58
*** _elmiko is now known as elmiko13:04
*** jmckind has joined #openstack-security13:33
*** markvoelker has joined #openstack-security13:36
*** woodburn has joined #openstack-security13:37
*** cleong has joined #openstack-security13:45
*** browne has joined #openstack-security13:57
*** ametts has joined #openstack-security14:06
*** singlethink has joined #openstack-security14:21
*** ametts has quit IRC14:24
*** zigo has quit IRC14:25
*** ametts has joined #openstack-security14:29
*** salv-orlando has joined #openstack-security14:29
*** zigo has joined #openstack-security14:32
*** salv-orl_ has quit IRC14:32
*** zigo is now known as Guest3914714:33
*** Guest39147 has quit IRC14:39
*** vinaypotluri has joined #openstack-security14:42
*** zigo_ has joined #openstack-security14:42
*** sdake has joined #openstack-security14:44
*** zigo_ has quit IRC14:47
*** zigo_ has joined #openstack-security14:48
openstackgerritRahul U Nair proposed openstack/syntribos: Refactoring debug_logger  https://review.openstack.org/36536815:19
*** zigo_ is now known as zigo15:20
*** diazjf has joined #openstack-security15:34
*** pcaruana has joined #openstack-security15:42
*** sdake has quit IRC15:44
*** diazjf has quit IRC15:50
*** ccneill has joined #openstack-security15:51
openstackgerritMerged openstack/syntribos: Adding config fixture  https://review.openstack.org/36514415:59
openstackgerritRahul U Nair proposed openstack/syntribos: Unit tests for the identity client  https://review.openstack.org/36536516:06
*** diazjf has joined #openstack-security16:06
openstackgerritRahul U Nair proposed openstack/syntribos: Unit tests for the identity client  https://review.openstack.org/36536516:10
unrahulvinaypotluri: knangia  could you please take a look at this patch https://review.openstack.org/#/c/365368/16:11
ccneillunrahul, knangia, vinaypotluri: having technical issues this morning.. gonna restart my laptop and try to make it back in time for some of our standup >_<16:17
*** ccneill has quit IRC16:18
*** sicarie has joined #openstack-security16:21
browneAny anchor cores around?  If so, can they please review https://review.openstack.org/#/c/340095/16:22
browneI keep seeing duplicate reviews being put up (count is 3 so far)16:23
*** ninag has joined #openstack-security16:26
*** ccneill has joined #openstack-security16:27
unrahulHey ccneill u thr?16:30
unrahulThe stand up just got over,  saw ur msg now16:30
unrahulMichaelxin was thr16:30
ccneillI got on the OSIC-6 room a minute ago but didn't see anyone16:31
unrahulShould we start creating templates manually?,  or the proxy script?16:31
unrahulFor neutron that is16:31
*** sdake has joined #openstack-security16:57
unrahulhey ccneill vinaypotluri knangia , created a syntribos testing etherpad https://etherpad.openstack.org/p/syntribos-testing , kindly add further details if any.16:59
ccneillthanks unrahul17:04
ccneillcreated a Google Docs spreadsheet for us to track our template generation efforts17:04
ccneillwe don't have to put much detail into it, just figured it would help to split it up by section like that17:05
ccneilljust mainly so we don't miss anything17:05
ccneillwe're looking at nearly 200 templates o_o17:05
ccneilland that's without LBv1.017:06
unrahulthe headings tricked us.. I thought each sub heading had only one  template, turns out I was wrong :/17:12
*** sdake_ has joined #openstack-security17:12
*** Gatita2016 has joined #openstack-security17:13
*** Gatita2016 has quit IRC17:13
openstackgerritRahul U Nair proposed openstack/syntribos: Adding templates for neutron  https://review.openstack.org/36625717:14
*** sdake has quit IRC17:15
*** diazjf has quit IRC17:17
openstackgerritMerged openstack/anchor: Add Python 3.5 classifier and venv  https://review.openstack.org/34009517:19
ccneillunrahul: yeah.. it's a lot more than I expected :X17:19
ccneillI figured we should draw the line at LBaaS v1 since it's deprecated anywya..17:20
unrahuloh.. yeah..makes sense ccneill17:21
openstackgerritRahul U Nair proposed openstack/syntribos: Adding templates for neutron  https://review.openstack.org/36625717:27
*** sdake_ has quit IRC17:28
*** sdake has joined #openstack-security17:29
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/36627317:49
*** sdake has quit IRC17:49
*** tmcpeak has joined #openstack-security17:53
*** sdake has joined #openstack-security17:56
openstackgerritMerged openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/36627317:56
*** bknudson has joined #openstack-security18:00
*** ccneill_ has joined #openstack-security18:25
*** ccneill has quit IRC18:25
*** ccneill_ is now known as ccneill18:28
*** diazjf has joined #openstack-security18:29
openstackgerritRahul U Nair proposed openstack/syntribos: Adding templates for neutron  https://review.openstack.org/36625718:38
openstackgerritRahul U Nair proposed openstack/syntribos: Adding templates for neutron  https://review.openstack.org/36625718:59
*** pcaruana has quit IRC19:11
*** cleong has quit IRC19:15
*** tesseract- has quit IRC19:25
*** sicarie has quit IRC19:28
*** sicarie has joined #openstack-security19:38
*** rcernin has joined #openstack-security19:41
*** sdake has quit IRC19:46
*** rcernin has quit IRC19:48
ccneilllol nice.. neutron has "lb_algorithm" on POST and "lb_method" on PUT for pools19:50
ccneillsomehow I feel like their docs haven't been kept up to date very well..19:55
*** sdake has joined #openstack-security20:03
*** edmondsw has quit IRC20:13
*** diazjf has quit IRC20:15
*** tmcpeak has quit IRC20:16
*** jass93 has quit IRC20:28
*** diazjf has joined #openstack-security20:28
ccneilleh, we'll find out I suppose haha20:30
ccneillI thought one of their request examples was off, but it made more sense as I looked at it more20:30
*** salv-orl_ has joined #openstack-security20:30
ccneillit might be off on the lb_algorithm/lb_method thing though20:33
*** salv-orlando has quit IRC20:33
*** jass93 has joined #openstack-security20:39
*** ayoung has quit IRC20:41
*** agireud has quit IRC20:52
unrahuloh yeah.. I guess.. it is lb_method for all rather than lb_algorithm..20:52
unrahulwhat do u suppose it is?20:53
unrahulmay be we should try with both :D20:53
*** diazjf has quit IRC20:57
ccneill¯\_(ツ)_/¯ I'm gonna follow what the docs say lol20:58
*** agireud has joined #openstack-security20:59
*** sdake has quit IRC21:02
*** diazjf has joined #openstack-security21:08
openstackgerritRahul U Nair proposed openstack/syntribos: Adding templates for neutron  https://review.openstack.org/36625721:20
unrahul:D //21:21
*** diazjf has quit IRC21:26
openstackgerritRahul U Nair proposed openstack/syntribos: Fixing tiny nit in keystone templates  https://review.openstack.org/36635021:29
*** ametts has quit IRC21:30
*** diazjf has joined #openstack-security21:38
*** diazjf has quit IRC21:40
openstackgerritMerged openstack/syntribos: Fixing tiny nit in keystone templates  https://review.openstack.org/36635021:47
*** diazjf has joined #openstack-security21:48
openstackgerritCharles Neill proposed openstack/syntribos: Neutron LBaaS and FWaaS templates  https://review.openstack.org/36635721:54
*** diazjf has quit IRC21:55
ccneillunrahul: just realized, I chose v3 for tokens and you chose v2 lol >_<21:56
ccneillshould we go with v3 since v2 is technically deprecated?21:56
unrahulwe shall go for v3 then ccneill , that makes more sense :)22:00
ccneillI got my file names backwards >_<22:01
unrahulfile names matter :0 ??22:02
*** johnsom has joined #openstack-security22:06
johnsomHi folks.  Is this the best channel to ask bandit questions?22:07
unrahulhey johnsom  , yup22:07
johnsomWe recently merged our non-voting bandit gate into our pep8 gate (making it voting).  This has gone just fine.  However, we are seeing a side effect.22:08
unrahulany bandit cores around  ? ccneill ?22:10
johnsomWhen we run our pep8 test on local changes, that have not been committed yet, we get an error22:10
johnsomI'm wondering if we are running it wrong.22:10
ccneillelmiko: any ideas re: johnsom's question above?22:15
ccneillI'm not too familiar with bandit-baseline, but did find this: https://github.com/openstack/bandit/blob/master/bandit/cli/baseline.py#L199-L20322:17
ccneillso I think you want to set the baseline from a non-dirty repo, and then run "bandit" against the dirty repo to test the difference22:18
*** ninag has quit IRC22:18
ccneill(though I'm not a bandit expert and don't play one on the internet)22:18
*** jmckind has quit IRC22:21
johnsomHmm, I thought there was magic in the bandit code to handle that, but I am far from a bandit expert either.  Comparing the example here: https://wiki.openstack.org/wiki/Security/Projects/Bandit#Bandit_Baseline_Gate we are doing the right thing.22:28
johnsomWell, I will keep an eye on the channel in case an expert happens to wander by22:28
ccneillany of these folks ought to be able to help https://wiki.openstack.org/wiki/Security/Projects/Bandit#Team22:33
ccneillsigmavirus: you around by chance?22:33
ccneillbrowne ?22:33
brownetmcpeak is the baseline expert22:34
ccneillah, and I see he's gone for the day22:35
brownebut yes, bandit will fail if changes on a patch are not commited.  it can be annoying22:35
brownepatch set changes i should say22:36
johnsomYep, it is driving our devs a bit batty22:36
*** jass93 has quit IRC22:37
brownei don't like it much either, but have been working around it by commit the changes22:37
johnsomSo, maybe this is a bug?  I just thought we were running it wrong22:37
brownei think it would be good to take that feedback to tmcpeak and open a bug22:37
*** tmcpeak has joined #openstack-security22:38
sicariejohnsom ^22:38
johnsomHi tmcpeak, not sure if you have scroll back, but we are seeing this https://gist.github.com/johnsom/0c1553682f592aa23a248132d3328bc322:39
tmcpeakno scrollback, but looking at the issue now22:40
johnsomWe merged our bandit gate into the pep8 (infra request) to make it voting.22:40
tmcpeakare you running this locally?22:40
openstackgerritEric Brown proposed openstack/syntribos: Add man page for syntribos command  https://review.openstack.org/32730522:40
johnsomNow when devs run our tox pep8, and they have uncommitted changes, they get this error22:40
johnsomYeah, that was a local run22:41
tmcpeakjohnsom: the reason it's doing that is because we actually check out the previous branch22:41
tmcpeakso uncommited changes would be wiped away22:41
tmcpeakwe could stash them and unstash, but then it's really unclear which version you want to compare against22:41
tmcpeakso we just bail if there are uncommited changes22:42
johnsomYeah, I was just thinking about the stash/unstash22:42
tmcpeakso you have version A and B.  You want to compare results of those two.  Should we assume uncommited changes go with B?22:43
tmcpeakso run B + new changes and compare against A?22:43
johnsomThis is just making an unpleasant experience for the devs that want to cycle on the linters with new code.  I.e. dealing with spacing issues so running pep8 a bunch.22:43
tmcpeakjohnsom: totally, I've been there22:43
tmcpeakI'm happy to work with you on any fix22:43
*** singlethink has quit IRC22:44
tmcpeakeasiest would probably be, just stash/unstash prior to pep8 regardless of whether there are changes22:44
johnsomYeah, cool.  I was hoping there was magic that we just weren't using.... grin22:44
tmcpeakif this is a repeated pain point for people I'm happy to just build that into Bandit too22:44
tmcpeakjohnsom: fair enough :) if that doesn't work for some reason or it sucks let me know22:44
tmcpeakshould work fine though22:44
tmcpeakjohnsom: good work on putting Bandit voting too :)22:45
openstackgerritVinay Potluri proposed openstack/syntribos: Added neutron templates  https://review.openstack.org/36641022:46
johnsomIf I stash/unstash bandit just won't get run on those changes, right?  Or is there a sequence of bandit commands I should be running in tox?22:48
tmcpeakhmm, actually22:49
tmcpeakjohnsom: interesting question… if you stash does that show up like another commit?22:49
johnsomI am so rust on the bandit stuff at this point22:50
tmcpeakit's more of a git question22:50
tmcpeakjohnsom: let me do a quick experiment22:50
tmcpeakjohnsom: yeah, git stash is fine22:52
tmcpeakso you'll get a baseline of B (without stashed contents) compared to A22:53
tmcpeakwhich should be what you want22:53
tmcpeakalthough if you want bandit to run against the uncommited changes, it won't do that22:54
johnsomRight, I think running in pep8 task, but ignoring the uncommitted changes would give devs the wrong idea.22:55
johnsomOr at least be confusing22:55
tmcpeakcould put a message to make it clear22:55
tmcpeakI could see it the other way too though, automatically assuming that I want to run Bandit baseline with uncommited stuff vs. commit prior to last commit could also be confusing22:56
tmcpeakfor Bandit basleine they realistically want one of two things — to make some fixes to what they had last, in which case they probably want 'git commit —amend'22:57
tmcpeakor to run baseline while ignoring some changes I've started doing22:57
tmcpeakeither way, I think telling the developer what's going on, stashing, then running baseline is probably the right course22:57
johnsomI am starting to think I liked this outside of the linters...22:58
tmcpeakthe reason we included it with linters is to cut down job time, realistically pep8 and Bandit need the same env.  So spinning up two is un-needed time and resources in infra22:59
tmcpeakto be fair though, I advocated for keeping them separate too.  Then jobs promote Bandit to voting as a separate decision22:59
johnsomYeah, I know22:59
johnsomOk.   I am going to think about this for a bit and probably put a patch up and see what the other cores think.23:00
tmcpeakjohnsom: sounds reasonable, let me know how I can help23:00
johnsomtmcpeak Thanks for the help/time!23:00
tmcpeakif we have to I can add a flag in bandit-baseline that explicitly says use/don't use unstashed changes, but that feels overboard :D23:00
openstackgerritCharles Neill proposed openstack/syntribos: Neutron LBaaS and FWaaS templates  https://review.openstack.org/36635723:01
openstackgerritRahul U Nair proposed openstack/syntribos: Adding templates for neutron  https://review.openstack.org/36625723:01
tmcpeakjohnsom: sure, anytime23:02
*** ayoung has joined #openstack-security23:10
*** sdake has joined #openstack-security23:10
*** markvoelker has quit IRC23:19
*** jass93 has joined #openstack-security23:26
*** sicarie has quit IRC23:28
*** jass93 has quit IRC23:31
openstackgerritCharles Neill proposed openstack/syntribos: Neutron LBaaS and FWaaS templates  https://review.openstack.org/36635723:31
*** jass93 has joined #openstack-security23:31
openstackgerritRahul U Nair proposed openstack/syntribos: Refactoring debug_logger  https://review.openstack.org/36536823:42
openstackgerritRahul U Nair proposed openstack/syntribos: Refactoring debug_logger  https://review.openstack.org/36536823:43
johnsomtmcpeak FYI, this is getting a bit uglier.  git isn't configured inside the tox environment.  It's telling me I need to set my ident name even though it's set in my global and user env23:49
tmcpeakset your ident name?23:49
tmcpeakhow does bandit baseline even work without git…23:50
tmcpeakjohnsom: ^23:50
johnsomYeah, a bit puzzled by that as well23:50
openstackgerritMerged openstack/syntribos: Add man page for syntribos command  https://review.openstack.org/32730523:51
tmcpeakjohnsom: I'm looking at this: http://stackoverflow.com/questions/14662526/why-git-is-not-allowing-me-to-commit-even-after-configuration23:52
tmcpeakso in that case it was a typo, but you're validating the config is there with 'git config —global' and everything looks good?23:53
tmcpeakso 'git config —global -l' gives expected info?23:54
tmcpeakdo other git commands blow up on you?23:54
johnsomyeah, it's good.  (I use it all the time)23:54
johnsomif I remove the stash line and the pop line, bandit runs as long as I don't have uncommitted code.23:55
johnsomThe tox environment must override this stuff and maybe it is only required for creating the stash....23:56
elmikosaw a ping from earlier, i'm gonna guess you guys have it all sorted?23:56
tmcpeakelmiko: yeah, thanks23:56
elmikocool =)23:56
tmcpeakjohnsom: so git log and other commands work?23:56
tmcpeak(I'm about to try with octavia too)23:56
johnsomYes, git log runs23:57
*** markvoelker has joined #openstack-security23:57
tmcpeakok, I'm almost caught up to you23:58
johnsom           git stash23:59
johnsom           bandit-baseline -r octavia -ll -ii23:59
johnsom           git stash pop23:59
tmcpeakit worked when I did it manually23:59
tmcpeaktrying to add relevant lines in tox now23:59

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!