Wednesday, 2015-02-04

« Tuesday, 2015-02-03 Index Thursday, 2015-02-05 »
*** kgriffs|afk is now known as kgriffs00:01
*** atiwari has quit IRC00:03
*** zz_dimtruck is now known as dimtruck00:49
*** kebray has quit IRC00:50
*** david-lyle is now known as david-lyle_afk00:57
*** kebray has joined #openstack-barbican01:15
*** kebray has quit IRC01:15
*** kgriffs is now known as kgriffs|afk01:19
*** jamielennox is now known as jamielennox|away01:33
*** lisaclark2 has joined #openstack-barbican01:46
*** lisaclark1 has quit IRC01:47
*** lisaclark2 has quit IRC02:13
*** lisaclark1 has joined #openstack-barbican02:13
*** lisaclark1 has quit IRC02:17
*** lisaclark1 has joined #openstack-barbican02:18
*** lisaclark1 has quit IRC02:26
*** kgriffs|afk is now known as kgriffs02:29
*** kgriffs is now known as kgriffs|afk02:39
*** SheenaG1 has joined #openstack-barbican02:42
*** woodster_ has quit IRC02:56
*** xaeth_afk is now known as xaeth03:02
*** bdpayne has quit IRC03:25
*** ajc_ has joined #openstack-barbican03:25
*** kgriffs|afk is now known as kgriffs03:31
*** SheenaG1 has quit IRC03:55
*** xaeth is now known as xaeth_afk04:10
*** kebray has joined #openstack-barbican04:53
*** kebray has quit IRC04:57
*** kebray has joined #openstack-barbican05:03
*** kgriffs is now known as kgriffs|afk05:11
*** david-lyle_afk has quit IRC05:11
*** david-lyle_afk has joined #openstack-barbican05:11
*** woodster_ has joined #openstack-barbican05:27
*** kgriffs|afk is now known as kgriffs06:21
*** kgriffs is now known as kgriffs|afk06:30
*** kebray_ has joined #openstack-barbican06:45
*** kebray has quit IRC06:49
*** chlong has joined #openstack-barbican07:07
*** chlong has quit IRC07:28
*** woodster_ has quit IRC07:36
*** nkinder has joined #openstack-barbican08:08
*** jaosorior has joined #openstack-barbican08:29
*** kebray_ has quit IRC08:59
*** darrenmoffat has joined #openstack-barbican09:15
*** jaosorior has quit IRC10:46
*** tkelsey has joined #openstack-barbican11:04
*** david-lyle_afk is now known as david-lyle12:01
*** tkelsey_ has joined #openstack-barbican12:12
*** tkelsey has quit IRC12:20
*** woodster_ has joined #openstack-barbican12:33
*** david-lyle is now known as david-lyle_afk12:36
*** david-lyle_afk is now known as david-lyle12:36
*** david-lyle is now known as david-lyle_afk12:44
*** david-lyle_afk is now known as david-lyle12:45
*** jaosorior has joined #openstack-barbican12:45
*** SheenaG1 has joined #openstack-barbican13:02
*** nkinder has quit IRC13:10
*** ajc_ has quit IRC13:24
*** lisaclark1 has joined #openstack-barbican14:16
*** SheenaG1 has quit IRC14:26
jaosoriorhockeynut: I responded to your comments in my CRs14:27
*** SheenaG1 has joined #openstack-barbican14:30
*** nkinder has joined #openstack-barbican14:31
*** darrenmoffat has quit IRC14:48
*** darrenmoffat has joined #openstack-barbican14:55
*** dimtruck is now known as zz_dimtruck15:01
*** nkinder has quit IRC15:04
*** nkinder has joined #openstack-barbican15:06
*** paul_glass has joined #openstack-barbican15:08
*** rm_work|away is now known as rm_work15:14
*** lisaclark1 has quit IRC15:16
hockeynutjaosorior thanks - heading over now15:17
*** lisaclark1 has joined #openstack-barbican15:19
*** lisaclark1 has quit IRC15:25
*** lisaclark1 has joined #openstack-barbican15:32
*** zz_dimtruck is now known as dimtruck15:34
*** rellerreller has joined #openstack-barbican15:34
openstackgerritMerged openstack/barbican-specs: Change GET decrypted secrets to unique URI  https://review.openstack.org/12579815:47
rm_workYEEEHAW15:47
aleerm_work, woodster_ had a couple more questions on the per-secret spec15:51
aleewoodster_, several more code reviews out there too15:52
*** kgriffs|afk is now known as kgriffs15:54
openstackgerritThomas Dinkjian proposed openstack/python-barbicanclient: Adds base behaviors, secret behaviors and the secret smoke tests  https://review.openstack.org/15177715:59
*** lisaclark1 has quit IRC16:01
*** nkinder has quit IRC16:02
*** xaeth_afk is now known as xaeth16:02
*** lisaclark1 has joined #openstack-barbican16:05
*** kebray has joined #openstack-barbican16:06
*** nkinder has joined #openstack-barbican16:06
*** gyee has joined #openstack-barbican16:47
*** rellerreller has quit IRC16:48
*** nkinder has quit IRC16:57
*** nkinder has joined #openstack-barbican17:07
*** atiwari has joined #openstack-barbican17:07
*** gyee has quit IRC17:15
openstackgerritThomas Dinkjian proposed openstack/python-barbicanclient: All of the containers behaviors and container smoke tests  https://review.openstack.org/15178717:17
openstackgerritThomas Dinkjian proposed openstack/python-barbicanclient: Adds base behaviors, secret behaviors and the secret smoke tests  https://review.openstack.org/15177717:17
openstackgerritSteve Heyman proposed openstack/barbican: Run functional tests against any barbican server  https://review.openstack.org/15298617:17
openstackgerritSteve Heyman proposed openstack/barbican: Run functional tests against any barbican server  https://review.openstack.org/15298617:19
*** lisaclark2 has joined #openstack-barbican17:25
*** lisaclark1 has quit IRC17:25
*** gyee has joined #openstack-barbican17:30
*** nkinder has quit IRC17:30
*** kgriffs is now known as kgriffs|afk17:52
*** lisaclark2 has quit IRC17:53
*** kgriffs|afk is now known as kgriffs17:54
*** ametts has joined #openstack-barbican17:56
*** dkingshott has joined #openstack-barbican18:11
*** lisaclark1 has joined #openstack-barbican18:18
*** jaosorior has quit IRC18:26
*** lisaclark1 has quit IRC18:29
*** bdpayne has joined #openstack-barbican18:34
*** lisaclark1 has joined #openstack-barbican18:34
*** lisaclark1 has quit IRC18:35
aleeSheenaG1, ping19:03
*** lisaclark1 has joined #openstack-barbican19:03
SheenaG1Hi alee, what's up?19:04
aleeSheenaG1, just got the abstract -- who will be the speakers? (me and chelsea? woodster?)19:04
SheenaG1You, Chelsea, Wood19:04
SheenaG1Yep19:04
aleeSheenaG1, ok - did not see him copied on abstract - so just checking19:05
aleeI'll make comments and send back soon19:05
SheenaG1alee: good point, I forgot him on that one, feel free to add him to it19:05
aleeSheenaG1, my immediate comment is SSL Cert != asymmetric key19:06
tkelsey_hey Barbican folks, anyone fancy casting an eye over the MKEK spec? https://review.openstack.org/#/c/148948/ (shameless fishing for reviews :) )19:06
aleewoodster_, rm_work , arunkant -- ready to put  up a new version of the per-secret spec ,  but arunkant has raised a couple of good questions19:08
aleeneed answers to those first.19:08
SheenaG1alee: an SSL certificate is not an asymmetric public/private key pair?19:09
aleeSheenaG1, an ssl certrificate is a document containing identifying info and a public key, signed by a certificate authority19:09
rm_workerk k19:10
aleecertainly the prereq for a certificate is the generation of a public/private key pair.19:10
SheenaG1alee: the public key is represented by the certificate itself19:11
SheenaG1alee: only the information to derive the public key is passed in the CSR, IIRC19:11
*** kgriffs is now known as kgriffs|afk19:11
SheenaG1alee: but I'm pretty sure it's considered an asymmetric key pair - the public key (certificate) and private key19:11
SheenaG1alee: https://www.digicert.com/ssl-cryptography.htm19:11
rm_workSheenaG1: which abstract is that? did you end up putting me on one, or not?19:12
rm_workjust curious :P19:12
SheenaG1rm_work: it's for SSL, and yes there's still one for you - trying to get that one polished up too19:12
aleeSheenaG1, I'm just pointing out that its not correct to say a certificate IS a public/private key pair. The cert only contains the public key.  A pub/private key pair is required to get a cert.19:13
rm_workSheenaG1: yeah saying they're equal is a little bit weird19:14
SheenaG1alee: that seems like semantics, but feel free to amend it to your liking19:14
aleeSheenaG1, maybe the difference is semantic -- but its the first thing that struck me as I read it.19:14
SheenaG1alee: which is why I sent it to you.  Please revise it to your standards.19:14
aleeyup - will do.19:15
rm_workalee: only one comment, which is that I don't understand how/why groups and projects would work for ACL sharing anyway19:22
rm_workalee: honestly didn't need them or ask for them for the LBaaS use-case...19:22
rm_worknot sure where they snuck in from, or how to really DO them19:22
aleerm_work, I think they snuck in as -- well if you want to do users -- why not groups or projects ..  certainly if you want a bunch of folks to access you secret.19:24
aleethey are not needed for lbaas - so maybe the answer is just to defer on them till we need them.19:25
*** lisaclark1 has quit IRC19:27
openstackgerritThomas Dinkjian proposed openstack/python-barbicanclient: Adds base behaviors, secret behaviors and the secret smoke tests  https://review.openstack.org/15177719:29
*** lisaclark1 has joined #openstack-barbican19:30
*** lisaclark1 has quit IRC19:36
*** lisaclark1 has joined #openstack-barbican19:50
woodster_alee, rm_work user-only is certainly an option for Kilo. I'll take a look at CR *now* I promise :)19:50
*** lisaclark1 has quit IRC19:54
*** lisaclark1 has joined #openstack-barbican19:56
rm_workhmm, i appear to have dropped off the mailing list again somehow19:57
rm_worki know we switched which one, but... i thought i was getting emails from the new one, but I guess not T_T19:57
*** lisaclark1 has quit IRC19:58
*** dkingshott has quit IRC19:58
rm_workSheenaG1: how do I make sure I'm on the Keep list?20:00
*** lisaclark1 has joined #openstack-barbican20:01
*** tkelsey_ has quit IRC20:01
*** dkingshott has joined #openstack-barbican20:06
*** kgriffs|afk is now known as kgriffs20:11
*** jkf has joined #openstack-barbican20:15
*** kgriffs is now known as kgriffs|afk20:20
*** kgriffs|afk is now known as kgriffs20:23
*** lisaclark1 has quit IRC20:24
*** arunkant has quit IRC20:33
rm_workhey redrobot / woodster_: I ended up doing this ( https://review.openstack.org/#/c/146210/9/neutron_lbaas/common/cert_manager/barbican_cert_manager.py Line 100) and was wondering if you had run into similar issues, or if you are confident you know what will end up being raised in these cases20:38
redrobotrm_work can't say that I'm aware of all exceptions that could be thrown20:40
rm_workredrobot: yeah... what would you do in this situation? something similar to what I did?20:40
rm_worknormally catching "Exception" is really bad form, but... <_<20:40
redrobotrm_work yeah... I've heard it called a "Pokemon Exception"20:41
rm_workI can think of a few that could probably show up, and all of them essentially mean the same thing in this case... "it didn't work"20:41
rm_workheh20:42
rm_worknice20:42
*** kgriffs is now known as kgriffs|afk20:44
*** kgriffs|afk is now known as kgriffs20:50
*** lisaclark1 has joined #openstack-barbican20:50
*** SheenaG1 has left #openstack-barbican21:00
*** SheenaG1 has joined #openstack-barbican21:00
*** lisaclark1 has quit IRC21:04
*** lisaclark1 has joined #openstack-barbican21:06
*** kebray has quit IRC21:09
*** kebray has joined #openstack-barbican21:11
*** lisaclark1 has quit IRC21:26
*** kebray has quit IRC21:28
*** kebray has joined #openstack-barbican21:28
*** SheenaG1 has quit IRC21:35
*** SheenaG1 has joined #openstack-barbican21:39
*** lisaclark1 has joined #openstack-barbican21:44
*** arunkant has joined #openstack-barbican21:48
*** kebray has quit IRC21:56
aleehey all - just need a workflow on this one please .. https://review.openstack.org/#/c/150670/ :)22:34
openstackgerritThomas Dinkjian proposed openstack/python-barbicanclient: Adds base behaviors, secret behaviors and the secret smoke tests  https://review.openstack.org/15177722:37
*** lisaclark1 has quit IRC22:44
*** xaeth is now known as xaeth_afk23:04
openstackgerritThomas Dinkjian proposed openstack/python-barbicanclient: Adds base behaviors, secret behaviors and the secret smoke tests  https://review.openstack.org/15177723:06
woodster_alee, rm_work, arunkant I added comments/questions to the per-secret CR23:08
aleewoodster_, looking23:08
aleewoodster_, will add to order's too23:09
*** paul_glass has quit IRC23:09
openstackgerritSteve Heyman proposed openstack/barbican: Run functional tests against any barbican server  https://review.openstack.org/15298623:09
aleewoodster_, doesn't the current search only get secrets within that project?23:10
aleewoodster_, ie for list?23:10
aleewoodster_, if so, then I would think that would not change -- the only difference is that you would not see secrets which are private that you do not own.23:12
*** dimtruck is now known as zz_dimtruck23:14
rm_worksounds correct to me23:16
woodster_alee, I'm fine with that, but there is an inconsistency: we let private secret users do things with secrets without having to have barbican roles on them, whereas the current list call requires a barbican role.  For consistency, that private secret user with no barbican role should probably be able to see their private secrets, probably independent of23:16
woodster_project.23:16
rm_worki wish I could read/respond/comprehend but my brain is completely shot right now23:17
rm_workand my eyes...23:17
rm_workeverything in gerrit just kinda blurs together <_<23:17
woodster_T_T??23:17
woodster_gerrit the heck outta here then23:18
rm_work3rd day of hackathon23:18
aleewoodster_, well - I think its reasonale to assume some barbican role.23:18
aleewoodster_, so if we want to modify the policy for delets etc. accordingly , I'm ok with that.23:18
aleenot sure what that looks like23:19
aleeanyways I'll get a new version out that covers almost everything I think -- we are super close23:19
aleewhy the heck did I write this spec anyways ? ..23:19
rm_workalee: <323:20
woodster_you were the first one to open the door when someone left that flaming poop bag on the porch23:20
aleewoodster_, I need to remember not to open doors ..23:21
aleeor learn how to not step in poop.23:21
aleebeing attacked by munchkins .. going to dinner ..23:21
*** alee is now known as alee_dinner23:21
rm_worklol23:21
woodster_and we're trying to get rm_work to implement it...that's ok, it will be a purdy painted poop by the time that bp is polished :)23:22
* rm_work cracks his knuckles in anticipation of 50+ patchsets23:22
alee_dinnery'all texans have a way with words ..23:22
woodster_rm_work, seriously though, what is the bare mininum needed for the lbaas interaction? Not that private secret stuff, just the user whitelist, correct?23:22
rm_workI mean, I hope someone else is planning to implement the server side, because about all I have time for until Kilo3 is client changes <_<23:23
rm_workwoodster_: yeah, user whitelist for GET23:23
rm_workon Secrets and Containers23:23
rm_workthe owner_only thing is ... not important to us23:23
woodster_then I'm of a mind to postpone the private secret stuff until after the meetup anyway...then we can really whiteboard the heck out of that one.23:24
woodster_So then we could maybe land the simpler whitelist bp23:24
woodster_rm_work which client changes are you talking about?23:25
rm_workuhh, the ones that let you set ACLs :P23:25
rm_workand read them :)23:25
rm_worksince there's new data in the returned json, and a new endpoint23:25
woodster_it takes two hands to clap my friend...client + server = ACL goodness23:25
rm_workright :P23:26
rm_worksoooo I'll be one hand, and someone else can be the other :)23:26
woodster_ha! Take what we can get for sure23:26
rm_workmaybe if things calm down23:27
rm_workthough I am going to try to be at YOUR midcycle23:27
rm_workthat is next week, right?23:27
rm_workuhh, anyone have a hotel room that'll accept a rollaway or has a couch? :P23:29
woodster_week after next I believe23:29
woodster_the extended stay was $135/night23:30
woodster_.3 miles away it says23:30
rm_workyeah my budget is $0 :P23:30
rm_worki can prolly drive in23:30
rm_workI'm lucky if Jorge says I can actually go for more than like one day <_<23:31
woodster_oh that sucks...well if we get traction on an agenda, maybe we can your interest areas down to a day23:31
*** jkf has quit IRC23:55
*** kebray has joined #openstack-barbican23:55
*** rm_work is now known as rm_work|away23:56
« Tuesday, 2015-02-03 Index Thursday, 2015-02-05 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!