Monday, 2016-02-29

« Sunday, 2016-02-28 Index Tuesday, 2016-03-01 »
openstackgerritFernando Diaz proposed openstack/barbican: User Metadata API and tests  https://review.openstack.org/27588500:18
*** reaperhulk has joined #openstack-barbican00:45
*** reaperhulk has quit IRC00:45
*** reaperhulk has joined #openstack-barbican00:46
*** mp1 has quit IRC00:52
*** cheneydc has joined #openstack-barbican01:03
*** insequent has quit IRC01:25
*** mp1 has joined #openstack-barbican01:39
*** insequent has joined #openstack-barbican01:52
*** damia_pi has joined #openstack-barbican02:01
*** Kevin_Zheng has joined #openstack-barbican02:04
*** insequent has quit IRC02:33
*** insequent has joined #openstack-barbican02:37
*** mp1 has quit IRC02:52
*** mp1 has joined #openstack-barbican02:57
*** nelsnels_ has joined #openstack-barbican03:09
*** nelsnelson has quit IRC03:12
*** damia_pi has quit IRC03:41
*** dave-mccowan has quit IRC03:42
*** Nirupama has joined #openstack-barbican03:43
*** tkelsey has joined #openstack-barbican03:44
*** tkelsey has quit IRC03:49
*** stevemar has joined #openstack-barbican03:53
*** damia_pi has joined #openstack-barbican03:58
*** dimtruck is now known as zz_dimtruck04:07
*** mp1 has quit IRC04:07
*** damia_pi has quit IRC04:08
*** david-lyle has joined #openstack-barbican04:13
*** damia_pi has joined #openstack-barbican04:28
*** david-lyle has quit IRC04:36
*** david-lyle has joined #openstack-barbican04:50
*** david-lyle has quit IRC04:56
*** panatl has quit IRC05:04
*** panatl has joined #openstack-barbican05:05
*** mp1 has joined #openstack-barbican05:12
*** yuanying has quit IRC05:24
*** yuanying_ has joined #openstack-barbican05:24
*** mp1 has quit IRC05:42
*** fawadkhaliq has joined #openstack-barbican05:54
*** sidx64 has joined #openstack-barbican06:15
*** damia_pi has quit IRC06:55
*** jaosorior has joined #openstack-barbican07:01
*** damia_pi has joined #openstack-barbican07:01
*** fnaval has joined #openstack-barbican07:12
*** fawadk has joined #openstack-barbican07:15
*** fawadkhaliq has quit IRC07:15
*** fawadkhaliq has joined #openstack-barbican07:15
*** fawadk has quit IRC07:20
*** scheuran has joined #openstack-barbican07:30
*** tkelsey has joined #openstack-barbican07:37
*** tkelsey has quit IRC07:41
*** pcaruana has joined #openstack-barbican07:43
*** fawadkhaliq has quit IRC07:43
*** fnaval has quit IRC07:50
*** fnaval has joined #openstack-barbican07:59
*** fnaval has quit IRC08:04
*** fnaval has joined #openstack-barbican08:07
*** fnaval has quit IRC08:11
*** fawadkhaliq has joined #openstack-barbican08:27
openstackgerritDmitry Ratushnyy proposed openstack/barbican: Fix typo in word "initialization"  https://review.openstack.org/28459508:29
*** fawadkhaliq has quit IRC08:38
*** tkelsey has joined #openstack-barbican09:13
openstackgerritMerged openstack/barbican: Updating the project name to barbican  https://review.openstack.org/27695109:44
*** cheneydc has quit IRC10:01
*** damia_pi has quit IRC10:10
*** xek has joined #openstack-barbican11:12
*** damia_pi has joined #openstack-barbican11:28
*** damia_pi has quit IRC11:38
*** dave-mccowan has joined #openstack-barbican11:55
*** spotz_zzz is now known as spotz12:03
-openstackstatus- NOTICE: Infra currently has a long backlog. Please be patient and where possible avoid rechecks while it catches up.12:05
*** cheneydc has joined #openstack-barbican12:28
*** jaosorior has quit IRC12:33
*** jaosorior has joined #openstack-barbican12:34
*** cheneydc has quit IRC12:39
*** pcaruana has quit IRC12:53
*** spotz is now known as spotz_zzz13:00
*** pcaruana has joined #openstack-barbican13:08
*** _jungh4ns has quit IRC13:16
*** _jungh4ns has joined #openstack-barbican13:23
*** fawadkhaliq has joined #openstack-barbican13:43
*** rellerreller has joined #openstack-barbican14:01
*** zz_dimtruck is now known as dimtruck14:12
*** Nirupama has quit IRC14:12
*** diazjf has joined #openstack-barbican14:17
*** fredyx10 has joined #openstack-barbican14:30
*** fredyx10 has quit IRC14:30
*** fredyx10 has joined #openstack-barbican14:30
*** fredyx10 has quit IRC14:30
*** fredyx10 has joined #openstack-barbican14:30
*** dimtruck is now known as zz_dimtruck14:37
openstackgerritMerged openstack/castellan: Updated from global requirements  https://review.openstack.org/28501314:37
*** pcaruana has quit IRC14:38
*** zz_dimtruck is now known as dimtruck14:39
*** sigmavirus24_awa is now known as sigmavirus2414:42
*** dimtruck is now known as zz_dimtruck14:47
*** jmckind has joined #openstack-barbican14:48
*** woodster_ has joined #openstack-barbican14:49
openstackgerritFernando Diaz proposed openstack/barbican: User Metadata Documentation  https://review.openstack.org/28334114:51
*** pcaruana has joined #openstack-barbican14:52
*** edtubill has joined #openstack-barbican14:53
openstackgerritFernando Diaz proposed openstack/barbican: Introduce User-Meta table, model, and repo  https://review.openstack.org/27096315:01
openstackgerritFernando Diaz proposed openstack/barbican: User Metadata API and tests  https://review.openstack.org/27588515:02
*** jhfeng has joined #openstack-barbican15:02
*** fnaval has joined #openstack-barbican15:18
*** kfarr has joined #openstack-barbican15:24
*** fredyx10 has quit IRC15:26
*** jorge_munoz has joined #openstack-barbican15:28
*** spotz_zzz is now known as spotz15:28
*** zz_dimtruck is now known as dimtruck15:30
*** mp1 has joined #openstack-barbican15:35
*** silos has joined #openstack-barbican15:36
*** jaosorior is now known as jaosorior_away15:37
openstackgerritMerged openstack/barbican: Update .gitignore for pyenv  https://review.openstack.org/27794415:41
openstackgerritMerged openstack/barbican: Simplify the development environment setup  https://review.openstack.org/28221215:44
*** randallburt has joined #openstack-barbican15:47
edtubillping woodster_15:50
*** fredyx10 has joined #openstack-barbican15:55
*** sidx64 has quit IRC16:11
*** fawadkhaliq has quit IRC16:17
*** pcaruana has quit IRC16:17
*** sigmavirus24 is now known as sigmavirus24_awa16:25
*** sigmavirus24_awa is now known as sigmavirus2416:25
*** gariveradlt has joined #openstack-barbican16:37
*** nkinder has joined #openstack-barbican16:38
*** silos has quit IRC16:41
*** silos has joined #openstack-barbican16:45
woodster_edtubill: hey Elvin16:51
*** scheuran has quit IRC16:51
edtubillwoodster_: hey, I was wondering if you could review https://review.openstack.org/#/c/269903/ and https://review.openstack.org/#/c/284821/16:51
edtubillwoodster_: especially the database calls for cleaning up. I tried supporting sqllite and mysql.16:52
woodster_edtubill:  I'll take a look16:52
edtubillwoodster_: thx!!16:53
*** jaosorior_away is now known as jaosorior17:08
*** jmckind has quit IRC17:14
*** rhagarty has joined #openstack-barbican17:14
*** openstackgerrit has quit IRC17:18
*** sidx64 has joined #openstack-barbican17:18
*** openstackgerrit has joined #openstack-barbican17:18
*** sidx64_Cern has joined #openstack-barbican17:19
*** sid_cerner has joined #openstack-barbican17:22
*** sidx64 has quit IRC17:23
*** sidx64_Cern has quit IRC17:23
*** sid_cerner has quit IRC17:26
*** sigmavirus24 is now known as sigmavirus24_awa17:26
*** david-lyle has joined #openstack-barbican17:30
*** fawadkhaliq has joined #openstack-barbican17:36
diazjfrellerreller, I updated https://review.openstack.org/#/c/275885/ fixed some tests and added validators. Let me know what you think17:42
*** david-lyle has quit IRC17:55
*** david-lyle_ has joined #openstack-barbican17:55
*** randallburt has quit IRC18:05
*** mp1 has quit IRC18:07
rellerrellerdiazjf I left comments there.18:18
rellerrellerdiazjf I'm cool with everything but policy.json. I'm not sure that everyone should be allowed to see the metadata for a secret.18:19
*** silos has quit IRC18:36
*** mp1 has joined #openstack-barbican18:53
*** sigmavirus24_awa is now known as sigmavirus2418:53
*** jaosorior has quit IRC18:54
diazjfrellerreller, thanks I'll take a look. We can discuss it during the meeting if anything18:54
*** jaosorior has joined #openstack-barbican18:58
*** fnaval_ has joined #openstack-barbican18:58
*** jmckind has joined #openstack-barbican18:59
*** fnaval has quit IRC19:01
*** fnaval_ has quit IRC19:03
*** fnaval has joined #openstack-barbican19:04
*** jaosorior has quit IRC19:07
openstackgerritFernando Diaz proposed openstack/barbican: User Metadata Documentation  https://review.openstack.org/28334119:11
openstackgerritFernando Diaz proposed openstack/barbican: User Metadata API and tests  https://review.openstack.org/27588519:11
*** fredyx10 has quit IRC19:29
*** silos has joined #openstack-barbican19:36
*** tkelsey has quit IRC19:41
*** gariveradlt has quit IRC19:42
*** jhfeng has quit IRC19:52
*** Guest71383 is now known as redrobot20:01
openstackgerritFernando Diaz proposed openstack/barbican: User Metadata API and tests  https://review.openstack.org/27588520:06
*** david-lyle_ is now known as david-lyle20:12
diazjfrellerreller, I updated the policy file to all_but_audit. Seems I will need to rewrite the tests for a different policy. See my note in https://review.openstack.org/#/c/275885/2420:13
*** hockeynut_afk is now known as hockeynut20:13
rellerrellerdiazjf I saw that. Thanks.20:14
diazjfrellerreller, no prob thanks for looking20:16
*** nkinder has quit IRC20:19
*** jhfeng has joined #openstack-barbican20:21
*** fawadkhaliq has quit IRC20:22
*** mixos has joined #openstack-barbican20:34
*** fnaval has quit IRC20:43
*** fnaval has joined #openstack-barbican20:44
*** fredyx10 has joined #openstack-barbican20:57
openstackgerritFernando Diaz proposed openstack/barbican: User Metadata Documentation  https://review.openstack.org/28334120:59
*** chlong_ has joined #openstack-barbican21:01
*** rellerreller has quit IRC21:03
*** fredyx10 has quit IRC21:03
*** fredyx10 has joined #openstack-barbican21:17
diazjfkfarr, ping21:23
kfarrdiazjf pong!21:23
diazjfkfarr, hey so I'm looking at implementing the tests for the Barbican Key Manager with the new auth21:23
kfarrdiazjf, nice!21:24
diazjfkfarr, Do you suggest that I make new classes to test all the functions with the new auth system?21:24
kfarrnew test classes, you mean?21:24
diazjflike there's BarbicanKeyManagerTestcase with the setup method21:25
diazjfI'll write new ones witha different setup21:25
diazjfthat uses different KS credentials21:25
kfarrOh yeah sure, I think that would be good21:26
diazjfOk perfect! I should have it ready for review sometime tomorrow :)21:26
kfarrdiazjf, awesome~21:26
*** kebray has joined #openstack-barbican21:44
*** fawadkhaliq has joined #openstack-barbican21:50
*** silos has quit IRC21:55
*** silos has joined #openstack-barbican21:57
*** fredyx10 has quit IRC22:07
openstackgerritFernando Diaz proposed openstack/castellan: Allow Barbican Key Manager to accept different auth credentials  https://review.openstack.org/27387222:09
openstackgerritFernando Diaz proposed openstack/castellan: Allow Barbican Key Manager to accept different auth credentials  https://review.openstack.org/27387222:09
*** phschwartz_ is now known as phschwartz22:14
*** jmckind has quit IRC22:22
*** fredyx10 has joined #openstack-barbican22:26
*** mixos has quit IRC22:31
openstackgerritFernando Diaz proposed openstack/castellan: Allow Barbican Key Manager to accept different auth credentials  https://review.openstack.org/27387222:34
*** edtubill has quit IRC22:51
*** fredyx10 has quit IRC22:52
*** diazjf has quit IRC22:52
*** kfarr has quit IRC22:53
*** silos has quit IRC22:54
openstackgerritMerged openstack/barbican: Fix typo in word "initialization"  https://review.openstack.org/28459523:08
*** dimtruck is now known as zz_dimtruck23:12
*** qwebirc62353 has joined #openstack-barbican23:19
*** spotz is now known as spotz_zzz23:24
qwebirc62353hello, I upgraded barbican from stable/liberty to  "c0c1833d3c18dcee1d44a2c88670b6668f7a68ab" Merge "Remove padding from legacy stored secrets" . I still cannnot decrypt secrets. Any ideas?23:25
qwebirc62353I meant old secrets23:25
qwebirc62353Any ideas?23:25
openstackgerritDouglas Mendizábal proposed openstack/barbican-specs: Add PUT support for Generic Containers  https://review.openstack.org/28631823:25
*** mp1 has quit IRC23:25
redrobotqwebirc62353 which SecretStore backend are you using?23:26
qwebirc62353pkcs/HSM23:27
openstackgerritMerged openstack/barbican: Make bandit voting as part of pep8  https://review.openstack.org/28548523:27
openstackgerritDouglas Mendizábal proposed openstack/barbican-specs: Add PUT support for Generic Containers  https://review.openstack.org/28631823:29
*** mp1 has joined #openstack-barbican23:30
jkfqwebirc62353: I presume you're seeing CKR_SIGNATURE_INVALID errors in your logs?23:32
qwebirc623532016-02-29 17:38:05.822 29533 ERROR barbican.api.controllers     code=ERROR_CODES.get(value, 'CKR_????'))) 2016-02-29 17:38:05.822 29533 ERROR barbican.api.controllers P11CryptoPluginException: HSM returned response code: 0xc0L CKR_SIGNATURE_INVALID23:41
qwebirc62353That is right.23:41
jkfCool, then the fix should be simple. A flaw was discovered in the project kek signatures that has been corrected for Mitaka, and your existing project keks needs to be migrated to the new signature scheme.23:43
jkfIn the barbican/cmd directory is a migration script that will do the work for you.23:43
jkfThis needs to be documented in the wiki, but basically shutdown your instances, back up your database and run that script. Then bring the instances back up and your secrets should be readable again.23:44
qwebirc62353You mean run:  pkcs11_migrate_kek_signatures.py23:45
jkfThat's the one.23:45
qwebirc62353After shutting down barbican.23:45
qwebirc62353Ok.23:45
qwebirc62353I will try that. Thanks you.23:45
* redrobot makes a note to add that to the Mitaka Release Notes23:45
qwebirc62353@qwebirc62353. That worked. Thank you, again.23:51
*** jmckind has joined #openstack-barbican23:52
*** fnaval has quit IRC23:52
*** jhfeng has quit IRC23:52
*** mp1 has quit IRC23:53
« Sunday, 2016-02-28 Index Tuesday, 2016-03-01 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!