Thursday, 2016-02-18

« Wednesday, 2016-02-17 Index Friday, 2016-02-19 »
*** rhagarty has joined #openstack-barbican00:03
*** rhagarty_ has joined #openstack-barbican00:06
*** rhagarty has quit IRC00:08
*** zz_dimtruck is now known as dimtruck00:31
*** ccneill has quit IRC00:36
*** dimtruck is now known as zz_dimtruck00:46
*** zz_dimtruck is now known as dimtruck00:55
*** rellerreller has joined #openstack-barbican01:02
*** tkelsey has joined #openstack-barbican01:08
*** tkelsey has quit IRC01:12
*** chenli has joined #openstack-barbican01:15
*** rhagarty_ has quit IRC01:20
*** rhagarty has joined #openstack-barbican01:20
*** diazjf has joined #openstack-barbican01:24
*** diazjf has quit IRC01:32
*** rellerreller has quit IRC01:49
*** rhagarty has quit IRC01:58
*** su_zhang has quit IRC02:04
openstackgerritDouglas Mendizábal proposed openstack/barbican: Update and reorganize the doc landing page.  https://review.openstack.org/28160702:05
*** yuanying_ has quit IRC03:21
*** woodster_ has quit IRC03:36
*** yuanying has joined #openstack-barbican03:39
*** yuanying has quit IRC03:55
*** chenli has quit IRC04:02
*** yuanying has joined #openstack-barbican04:05
*** yuanying_ has joined #openstack-barbican04:07
*** yuanying has quit IRC04:09
*** dimtruck is now known as zz_dimtruck04:14
*** chenli has joined #openstack-barbican04:44
*** diazjf has joined #openstack-barbican05:00
*** diazjf has quit IRC05:01
*** tkelsey has joined #openstack-barbican05:09
*** tkelsey has quit IRC05:13
*** diazjf has joined #openstack-barbican05:19
*** gyee has quit IRC05:35
*** dave-mccowan has quit IRC05:38
*** Nirupama has joined #openstack-barbican05:42
openstackgerritFernando Diaz proposed openstack/barbican: WIP: User Metadata API and tests  https://review.openstack.org/27588505:59
*** fnaval has quit IRC06:10
*** jaosorior has quit IRC06:23
*** jaosorior has joined #openstack-barbican06:24
*** sidx64 has joined #openstack-barbican06:29
*** diazjf has quit IRC06:55
*** fnaval has joined #openstack-barbican07:00
*** su_zhang has joined #openstack-barbican07:02
*** scheuran has joined #openstack-barbican07:17
*** pcaruana has joined #openstack-barbican08:05
*** su_zhang has quit IRC08:08
*** tkelsey has joined #openstack-barbican08:20
*** sidx64 has quit IRC08:29
*** RuiChen has joined #openstack-barbican09:18
*** RuiChen has left #openstack-barbican09:22
*** chenli has quit IRC09:37
*** openstackgerrit has quit IRC10:02
*** openstackgerrit has joined #openstack-barbican10:03
*** Nirupama has quit IRC10:37
*** Nirupama has joined #openstack-barbican10:40
*** kebray has quit IRC11:18
*** kebray has joined #openstack-barbican11:24
openstackgerritAdam Harwell proposed openstack/barbican: Remove consumer check for project_id to match containers  https://review.openstack.org/25116811:29
*** dave-mccowan has joined #openstack-barbican12:26
*** alee_dinner has quit IRC13:23
*** jhfeng has joined #openstack-barbican13:51
*** Nirupama has quit IRC13:55
*** jhfeng has quit IRC13:55
*** dave-mccowan has quit IRC14:09
*** dave-mccowan has joined #openstack-barbican14:10
*** rellerreller has joined #openstack-barbican14:20
*** su_zhang has joined #openstack-barbican14:21
*** jaosorior has quit IRC14:24
*** jaosorior has joined #openstack-barbican14:25
*** alee_dinner has joined #openstack-barbican14:36
*** dave-mccowan has quit IRC14:48
*** jhfeng has joined #openstack-barbican14:57
*** jaosorior has quit IRC14:58
*** jaosorior has joined #openstack-barbican14:59
*** dave-mccowan has joined #openstack-barbican15:02
*** rhagarty has joined #openstack-barbican15:03
*** spotz_zzz is now known as spotz15:23
*** mp1 has joined #openstack-barbican15:24
*** zz_dimtruck is now known as dimtruck15:28
*** silos has joined #openstack-barbican15:39
*** woodster_ has joined #openstack-barbican15:39
*** spotz is now known as spotz_zzz15:46
*** spotz_zzz is now known as spotz15:49
*** kebray has quit IRC15:51
*** kebray has joined #openstack-barbican15:53
*** mp1 has quit IRC15:56
*** mp1 has joined #openstack-barbican15:59
*** krotscheck_dcm is now known as krotscheck16:00
*** alee_dinner is now known as alee16:01
aleeredrobot, jaosorior - any idea what is going on here? http://paste.openstack.org/show/487424/16:01
*** mp1 has quit IRC16:01
jaosorioralee: not too familiar with gunicorn, sorry :/16:02
aleejaosorior, just trying to figure out why the server is not starting -- must be something new that has been added16:03
aleeredrobot, familiar?16:03
*** zigo has quit IRC16:03
*** jaosorior has left #openstack-barbican16:03
*** jaosorior has joined #openstack-barbican16:04
*** zigo has joined #openstack-barbican16:05
aleejaosorior, I think its a config error - not a gunicorn error ..16:06
jaosorioralee: H ow does your paste.ini look like?16:09
jaosoriorSeems that the problem might be there16:09
aleejaosorior, looking -- pasting ..16:12
*** mp1 has joined #openstack-barbican16:14
aleejaosorior, the paste.ini looks exactly the same as the regular paste.ini except for this addtional bits ..16:14
alee[server:main]16:14
alee> use = egg:gunicorn#main16:14
alee> [server:main]16:15
alee> use = egg:gunicorn#main16:15
*** pcaruana has quit IRC16:15
*** fnaval has quit IRC16:18
jaosorioralee: I'll be back in a couple of hours16:18
aleejaosorior, ok --- looks like an oslo problem -- maybe different oslo version ..16:19
aleeoslo-middleware16:20
*** ccneill has joined #openstack-barbican16:22
aleejaosorior, yup - that was it ..16:27
openstackgerritDouglas Mendizábal proposed openstack/barbican: Update and reorganize the doc landing page.  https://review.openstack.org/28160716:27
*** insequent has quit IRC16:30
*** fnaval has joined #openstack-barbican16:34
*** fredyx10 has joined #openstack-barbican16:49
*** scheuran has quit IRC16:53
*** mp1 has quit IRC16:56
*** diazjf has joined #openstack-barbican16:57
*** jhfeng has quit IRC16:58
aleeredrobot, ya'll changed the barbican client ..16:58
redrobotalee eh?16:58
aleethere is no longer an order create ..16:59
aleenow is secret order create ?16:59
redrobotalee are you using barbican or openstack cli?16:59
aleebarbican17:00
redrobotalee weird ... I don't recall it being changed.17:00
*** jhfeng has joined #openstack-barbican17:00
redrobotalee I think it should be "barbican order create" as well17:01
*** gyee has joined #openstack-barbican17:01
aleeredrobot, let me pull up source ..  but this used to work for me ..17:02
*** su_zhang has quit IRC17:02
aleebarbican --os-username barbican --os-password a_big_secret --os-tenant-name services --os-auth-url http://127.0.0.1:5000/v2.0 --endpoint http://localhost:9311 order create --name foo --type key --os-identity-api-version 217:02
aleeand it does not now ..17:02
*** mp1 has joined #openstack-barbican17:06
aleeredrobot, what is working for you?17:06
*** rhagarty_ has joined #openstack-barbican17:08
diazjfalee, redrobot, I believe it was changed to 'barbican secret order create' checkout setup.cfg here https://github.com/openstack/python-barbicanclient/commit/85f5ec262c1b996a8a096719f432f9cedcf560ba17:09
*** jhfeng has quit IRC17:10
*** rhagarty has quit IRC17:10
*** insequent has joined #openstack-barbican17:11
aleediazjf, well thats interesting .. good thing we're not worried about backward compatibility17:12
aleediazjf, you also made a change for the type of the order17:13
aleediazjf, changed it to a positional parameter?17:13
diazjfalee, I'd ask jaosorior ^17:14
aleediazjf, well that particular change was your commit :)17:14
aleethis now works ..17:15
diazjfohh lol alee, yeah I remember now17:15
aleebarbican --os-username barbican --os-password a_big_secret --os-tenant-name services --os-auth-url http://127.0.0.1:5000/v2.0 --endpoint http://localhost:9311 secret order create key --name foo  --os-identity-api-version 217:15
redrobotalee sorry, i'm mid-meeting right now... will take a look in the afternoon.17:15
aleeredrobot, no worries17:15
aleediazjf, redrobot  - I'm just not sure the cli is very intuitive  now -- barbican secret order create key ....17:16
aleebarbican secret order create certificate ..17:17
aleeugh17:17
silosalee: redrobot and I were going to create an etherpad to discuss changes to the client to make it more user-friendly.17:17
silosalee: I can probably have it up in a bit and post the link17:18
aleesilos, that would be a good idea.  although all these changes make me want to use the openstack client17:18
redrobotalee agreed... one thing I was talking to silos about is that I think our approach to the CLI is not the correct one.  It seems we are trying to map 1:1 the REST concepts and make them available in the CLI17:18
redrobotalee but I think a better approach would be to think of use cases that a user of barbican would want to do with the CLI and only expose that17:19
redrobotalee a good example is 2-step secrets17:19
aleeredrobot, whats the long term strategy on the cli ?  are we moving to the openstack clientZ?17:20
redrobotalee 2-step workflow was put in place because of JSON limitations when working with the HTTP API directly.  but it doesn't make sense to issue 2 cli commands to achieve a secret store, because we can address that limitation in code and never have to expose it to the user.17:20
aleebecause if we are -- then I'm not sure how much effort we should put into prettyfying the cli.17:20
redrobotalee We have an initial plugin for the unified CLI that jaosorior worked on17:20
redrobotalee but it mostly looks like the current cli17:21
redrobotalee with warts and all17:21
redrobotalee I would like to completely revamp it with silos17:21
aleeredrobot, right - but maybe we should fix it there17:21
aleeat this point, I'm not sure who is using the cli -- certainly I'17:21
redrobotalee yeah, that would work for me17:21
aleeI'm the first one to notice that key gen cli has changed17:22
aleeand thats because I use it in my puppet-openstack ci test17:22
aleeand they're all broken now17:22
aleeredrobot, we need to put a stick in the sand and start thinking about api compatibility17:23
silosI think this also raises the necessity for better testing. I feel like backwards compatibility should be a common use case when testing changes to the client.17:25
aleesilos, yes17:25
*** krotscheck is now known as krotscheck_dr17:27
openstackgerritMerged openstack/barbican: Typo change Barbican to barbican Closes-Bug: 1542508  https://review.openstack.org/27693917:43
openstackbug 1542508 in Barbican "Welcome page typo" [Undecided,In progress] https://launchpad.net/bugs/1542508 - Assigned to Luz Cazares (luz-cazares)17:43
*** insequent has quit IRC17:51
*** su_zhang has joined #openstack-barbican17:53
*** jhfeng has joined #openstack-barbican17:55
*** fredyx101 has joined #openstack-barbican17:56
*** fredyx101 has quit IRC17:56
*** fredyx101 has joined #openstack-barbican17:57
*** alee is now known as alee_lunch17:58
*** fredyx10 has quit IRC17:59
*** mp1 has quit IRC18:01
*** jhfeng has quit IRC18:01
*** fredyx101 has quit IRC18:02
*** fredyx10 has joined #openstack-barbican18:10
*** mp1 has joined #openstack-barbican18:15
*** jhfeng has joined #openstack-barbican18:19
*** fredyx10 has quit IRC18:21
*** fredyx10 has joined #openstack-barbican18:22
*** ccneill has quit IRC18:25
*** insequent has joined #openstack-barbican18:34
*** silos is now known as silos_away18:41
*** gyee has quit IRC18:44
*** ccneill has joined #openstack-barbican18:49
*** silos_away has quit IRC18:55
*** ccneill has quit IRC18:55
openstackgerritDouglas Mendizábal proposed openstack/barbican: Update and reorganize the doc landing page.  https://review.openstack.org/28160718:57
*** mp1 has quit IRC18:59
*** jaosorior has quit IRC19:04
hockeynutgreetings barbicaneers - not sure why I feel like being a masochist but I am digging into content types today and I want to pose a question for y'all.19:06
hockeynutspecifically talking about GET secret with /payload19:06
hockeynutand Accept header19:06
hockeynutold (and likely incorrect) behavior - when you create a secret as binary, then GET /payload with accept:text/plain it will convert for you19:07
hockeynutwe have tests (RSA in particular) that validate that behavior19:07
hockeynutI am working on a CR to fix a few http 500 errors in get secret payload with Accept header and one side effect is that we will no longer do that automagic conversion19:08
woodster_hockeynut:  I thought we had decided not to do conversions a long time ago... :\19:09
hockeynutbefore I put the CR up and then run like holy hell I want to run it past y'all.  In particular I'd like to hear from Ozz (who isn't on at the moment) dave-mccowan rellerreller and some of the other oldtimers who have felt the content type pain before :-)19:10
hockeynutwoodster_ thats what I thought, but the RSA tests seem to say otherwise.  Unless they were written to the behavior which now appears to be incorrect.19:10
hockeynutI will gladly dig thru those tests and update and we could discuss on gerrit, but this is a heads up to be sure that no one is depending on that behavior in the real world19:11
rellerrellerhockeynut what are you seeing?19:12
rellerrellerCan you provide more details? I'm imagining that you are inputting a secret as base64(pem(pkcs#8)).19:14
rellerrellerhockeynut what is the return you are seeing?19:14
hockeynutan example: RSATestCase.test_rsa_store_and_get_container_with_passphrase now fails with a 406 because the content type passed in doesn't match the content type used when the secret was created19:15
hockeynut(that content type match enforcement is new with my fix)19:17
*** mp1 has joined #openstack-barbican19:17
rellerrellerhockeynut I did not think that there was any conversion on the return. I thought everything was expected in base64 format and returned in that format.19:18
rellerrellerhockeynut It's been so long, and I've tried to erase this from memory. I can't remember anymore.19:18
hockeynutrellerreller if you create a secret with base64 then retrieve with text you can see what I mean.  I took the text string"mypayload"...base64'd it...and used that to create a binary secret.  Then I did a GET /payload with Accept:text/plain and I got back "mypayload"19:19
hockeynutand you, sir, are very smart to forgot anything remotely related to content type19:19
hockeynutand we shall see how client tests handle it19:20
* hockeynut is regretting going into programming, especially when crime pays so much better19:20
*** alee_lunch is now known as alee19:28
*** mp1 has quit IRC19:29
*** su_zhang has quit IRC19:31
*** mp1 has joined #openstack-barbican19:32
diazjfredrobot ping19:48
*** silos has joined #openstack-barbican19:52
*** ccneill has joined #openstack-barbican19:53
*** ccneill has left #openstack-barbican19:56
*** gyee has joined #openstack-barbican19:58
*** mp1 has quit IRC20:01
*** mp1 has joined #openstack-barbican20:02
*** insequent has quit IRC20:03
*** fnaval_ has joined #openstack-barbican20:07
*** silos has quit IRC20:11
*** fnaval has quit IRC20:12
*** stevemar has quit IRC20:12
*** stevemar has joined #openstack-barbican20:13
*** jhfeng has quit IRC20:23
*** mp1 has quit IRC20:29
*** jhfeng has joined #openstack-barbican20:29
*** silos has joined #openstack-barbican20:29
*** mp1 has joined #openstack-barbican20:29
silosredrobot, alee: I made an etherpad with my initial thoughts for revamping the client: https://etherpad.openstack.org/p/barbican-client-v220:32
silosI will mention it again in Monday's meeting.20:32
silosFor everyone.20:32
*** insequent has joined #openstack-barbican20:33
*** rellerreller has quit IRC21:00
redrobotdiazjf pong21:00
*** silos has left #openstack-barbican21:00
*** silos has joined #openstack-barbican21:00
diazjfredrobot, just wanted to see if you have a scheduled time for the guild meetup next week, and I just checked http://lists.openstack.org/pipermail/openstack-dev/2016-February/086581.html got all 5 votes :)!!!!!!21:02
redrobotdiazjf I don't have a  time yet.. still working with my boss to get something scheduled.21:03
redrobotdiazjf do you have a preference for Austin vs SA, or all-day/afternoon+evening/evening only?21:03
diazjfredrobot, no preference, whatever works for you.21:04
*** tkelsey has quit IRC21:06
openstackgerritFernando Diaz proposed openstack/barbican: WIP: User Metadata API and tests  https://review.openstack.org/27588521:07
openstackgerritJeff Feng proposed openstack/barbican: Introducing barbican-manage utility command  https://review.openstack.org/28205921:10
aleesilos, thanks - will take a look shortly21:19
*** silos has quit IRC21:19
mp1silos great suggestions for client changes; I made some comments on the etherpad21:19
*** silos has joined #openstack-barbican21:21
*** su_zhang has joined #openstack-barbican21:57
*** chlong has quit IRC21:57
*** chlong_ has joined #openstack-barbican21:58
*** dave-mccowan has quit IRC22:26
*** diazjf has quit IRC22:31
*** silos has left #openstack-barbican22:38
*** mp1 has quit IRC22:47
*** mp1 has joined #openstack-barbican22:48
*** mp1 has quit IRC23:02
*** alee has quit IRC23:03
*** tkelsey has joined #openstack-barbican23:04
*** tkelsey has quit IRC23:08
*** jamielennox is now known as jamielennox|away23:20
*** fredyx10 has quit IRC23:27
*** nkinder has quit IRC23:28
*** cheneydc has joined #openstack-barbican23:33
*** dimtruck is now known as zz_dimtruck23:37
*** cheneydc has quit IRC23:38
*** dave-mccowan has joined #openstack-barbican23:41
*** openstackgerrit has quit IRC23:47
*** openstackgerrit_ is now known as openstackgerrit23:47
*** openstackgerrit_ has joined #openstack-barbican23:47
*** openstackgerrit_ is now known as openstackgerrit23:48
*** openstackgerrit_ has joined #openstack-barbican23:49
*** chlong_ has quit IRC23:52
*** openstackgerrit_ has quit IRC23:55
*** openstackgerrit_ has joined #openstack-barbican23:56
« Wednesday, 2016-02-17 Index Friday, 2016-02-19 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!