Friday, 2015-07-31

« Thursday, 2015-07-30 Index Saturday, 2015-08-01 »
austin_laptopis it expected that bandit exits status 1 with no issues found? http://pastebin.ca/308244500:29
sigmavirus24austin_laptop: does it report issues without -lll?00:37
sigmavirus24if so, it is probably not altering the exit code depending on what level you're picking00:37
austin_laptopsigmavirus24, yeah, there are a lot of low issues (mostly asserts), but no medium/high00:38
sigmavirus24So yeah, I would file a bug for that00:40
sigmavirus24I'm not *certain* that it's a bug, but it sounds like a bug to me00:40
austin_laptopsigmavirus24, kk, thanks00:40
austin_laptophttps://bugs.launchpad.net/bandit/+bug/148001400:43
austin_laptopbbl00:43
openstackLaunchpad bug 1480014 in Bandit "bandit does not respect -level for exit code" [Undecided,New]00:43
*** jmckind has quit IRC00:45
sigmavirus24thanks austin_laptop00:49
*** elo has quit IRC00:53
openstackgerritDave Walker proposed openstack/bandit: Actually default to /etc/ rather than just claim  https://review.openstack.org/20345100:53
*** browne has quit IRC00:59
*** bpokorny has quit IRC01:07
sigmavirus24fwiw, I proposed https://review.openstack.org/#/c/207678/ since the gentoo maintainer just put together a package for Bandit01:18
sigmavirus24It appears our requirements don't follow g-r very well so there's ambiguity in some of the package versions (e.g., pbr)01:19
openstackgerritMerged openstack/anchor: Fix Keystone Auth and Tests  https://review.openstack.org/20614101:30
*** salv-orlando has joined #openstack-security02:08
*** sigmavirus24 is now known as sigmavirus24_awa02:12
*** salv-orlando has quit IRC02:15
*** markvoelker has joined #openstack-security02:19
*** markvoelker_ has joined #openstack-security02:21
*** markvoelker has quit IRC02:23
*** browne has joined #openstack-security02:26
*** openstackgerrit has quit IRC02:31
*** openstackgerrit has joined #openstack-security02:31
*** markvoelker_ has quit IRC03:23
*** markvoelker_ has joined #openstack-security03:26
*** h00327910__ has quit IRC03:28
*** sdake_ has joined #openstack-security03:42
*** sdake has quit IRC03:43
*** sdake_ has quit IRC03:45
*** sdake has joined #openstack-security03:45
*** sdake_ has joined #openstack-security03:51
*** sdake has quit IRC03:52
*** nkinder has quit IRC03:52
*** edmondsw has quit IRC03:56
*** salv-orlando has joined #openstack-security04:00
openstackgerritNathaniel Dillon proposed openstack/security-doc: Updating missing link in object storage section  https://review.openstack.org/20770604:01
*** salv-orlando has quit IRC04:07
openstackgerritNathaniel Dillon proposed openstack/security-doc: Adding file permissions section  https://review.openstack.org/20770704:13
*** sdake_ has quit IRC04:21
*** sdake has joined #openstack-security04:21
*** ela2 has joined #openstack-security04:24
*** sdake has quit IRC04:28
*** sdake_ has joined #openstack-security04:28
*** sdake has joined #openstack-security04:31
*** sdake_ has quit IRC04:31
*** ela2 has quit IRC04:32
*** sdake_ has joined #openstack-security04:36
*** sdake has quit IRC04:36
*** sdake_ has quit IRC04:41
*** sdake has joined #openstack-security04:42
*** sdake has quit IRC04:44
*** sdake has joined #openstack-security04:45
*** sdake has quit IRC04:47
*** sdake has joined #openstack-security04:47
*** tkelsey has joined #openstack-security05:07
*** tkelsey has quit IRC05:12
*** salv-orlando has joined #openstack-security05:13
openstackgerritNathaniel Dillon proposed openstack/security-doc: Trying to add numbers and orders to commands  https://review.openstack.org/20772105:13
*** salv-orlando has quit IRC05:20
*** salv-orlando has joined #openstack-security05:21
*** misc_ is now known as misc05:24
*** ig0r_ has joined #openstack-security05:24
*** salv-orlando has quit IRC05:27
*** sdake has quit IRC05:35
*** sdake has joined #openstack-security05:41
*** markvoelker_ has quit IRC05:48
*** shohel has joined #openstack-security05:51
*** ig0r__ has joined #openstack-security06:11
*** ig0r_ has quit IRC06:12
*** ig0r_ has joined #openstack-security06:24
*** ig0r_ has quit IRC06:24
*** salv-orlando has joined #openstack-security06:26
*** salv-orlando has quit IRC06:37
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Imported Translations from Transifex  https://review.openstack.org/20774006:41
*** salv-orlando has joined #openstack-security06:46
*** markvoelker has joined #openstack-security06:48
*** browne has quit IRC06:49
*** markvoelker has quit IRC06:53
*** maikol1 has joined #openstack-security07:01
maikol1hola como esran07:02
maikol1estan07:02
*** maikol1 has left #openstack-security07:06
openstackgerritStanislaw Pitucha proposed openstack/anchor: Move sample config for tests to one place  https://review.openstack.org/20775207:06
*** salv-orlando has quit IRC07:33
*** salv-orlando has joined #openstack-security07:49
*** tkelsey has joined #openstack-security08:12
*** salv-orlando has quit IRC08:27
*** alex_klimov has joined #openstack-security08:38
*** markvoelker has joined #openstack-security08:49
*** shohel has quit IRC08:52
*** markvoelker has quit IRC08:54
*** fubi has joined #openstack-security09:04
*** elo has joined #openstack-security09:22
*** shohel has joined #openstack-security09:25
*** salv-orlando has joined #openstack-security09:48
openstackgerritStanislaw Pitucha proposed openstack/anchor: Implement new API format  https://review.openstack.org/19047309:49
*** dg_ has joined #openstack-security10:05
dg_Daviey you around?10:06
dg_Daviey when you are around - have you tested your patch with an actual keystone service? Im bombing on line 46 here https://review.openstack.org/#/c/206141/1/anchor/auth/keystone.py because the json Im getting back from the keystone server does not have any role information10:12
*** elo has quit IRC10:34
Davieydg_: hey10:38
Davieydg_: Yes, I tested it with a real keystone service :/10:39
dg_hmm10:40
dg_how had you configured the users on the keystone service?10:40
Davieydg_: but it shouldn't crap ut @ 4610:40
DavieyThat only craps out if Auth failed10:40
dg_or if there is no role information10:40
Davieyif req.status_code != 200:10:40
DavieyThe role is used later on10:40
dg_heh more fun than that10:40
Davieydg_: what error code did you get back then?10:41
Daviey'response code'10:41
dg_Im getting a 200 back10:41
dg_line 37 is doing just fine, passes that10:42
Davieyoh sorry, i count good.10:42
dg_gets the username successfully at line 4410:42
Davieydg_: So that is the same reason the old method failed..10:42
dg_because there is no role info?10:43
Davieythe old method would NEVER get a role back as that didn't support it10:43
dg_heh10:43
Davieybut this one does.. i am guessing your token has no role10:43
dg_so my token looks like this: https://gist.github.com/deenine/7df9f849a5e4fd249b7910:43
dg_and yes, it has no role10:43
Davieydg_: So that is a correct failure?10:44
dg_yes10:44
Davieyso life is good?10:44
DavieyThe minimum requirement is that you have /some/ role10:45
dg_kinda - I wanted to check that you had actualyl tested this against a live service, because my service doesnt seem to be giving role info10:45
dg_yeah thats the min requirement at this point10:45
dg_so the question is - why doesnt my keystone user have a role?10:45
Davieyyeah, i had it working.. giving me certs and everyfink10:45
Davieydg_: I used the out of the box demo and admin users that devstack creates10:46
Davieywhich have roles10:46
dg_hmm i havent tried it with demo, because i didnt know the password for that user, but i have exactly the same issue with the admin user10:46
Davieydg_: This is real json that i got back by doing a logging dump in anchor, https://github.com/openstack/anchor/blob/5c702be8fdf7a8804c4faba1f28bb8c4a5c7a303/tests/auth/test_keystone.py#L3310:47
dg_ok I'll go ask a keystone guy why my roles arent working10:48
Davieydg_: Ah, if you do --> :~/devstack$ . openrc demo10:48
DavieyD$ env | grep ^OS10:48
Davieydg_: I think you need to create roles for new users first10:48
Davieydg_: http://docs.openstack.org/user-guide-admin/manage_projects_users_and_roles.html10:49
dg_so if I ask my user what its roles are, i get this: https://gist.github.com/deenine/43d78d55bcf5571270d110:49
dg_which leads me to believe that anchoruser has the role 'Member' in the 'admin' project10:49
Davieyyeah10:50
Davieydg_: does it work if you use the demo or admin user?10:51
dg_not with admin10:52
Davieyhmm10:52
dg_just trying to find demo password10:52
Davieyi wonder if it is to do with your token scoping ?10:52
Davieydg_: openrc means you don't need the password10:52
Davieyjust source it with $ . openrc demo10:52
dg_yeah ive done that10:52
Davieydg_: I'm going to try and reproduce10:53
dg_ok, do you have vagrant10:54
Davieyi do.. but i'll do it another way10:54
dg_ahh ok, because you can have an exact example of my keystone setup using this: https://github.com/deenine/lw-devstack-vagrant10:55
Davieyi find vagrant really nice... until it goes wrong10:55
dg_(yes I shamelessly stole your local.conf - I owe you a beer)10:55
Davieydg_: Your conf is missing enable anchor?10:56
dg_yeah this is just to get keystone up and running, I wanted to use my local copy of anchor10:57
Davieyoh ok10:57
dg_this way I can nuke either without affecting the other10:57
dg_(and run devstack on my workstation while keeping my anchor dev work on my air)10:57
Davieynice10:58
*** ig0r__ has quit IRC11:15
Davieydg_: Are you wearing your plaid today?11:18
*** ig0r_ has joined #openstack-security11:18
*** ig0r__ has joined #openstack-security11:19
dg_always11:20
dg_i take it that just leaked?11:20
Davieydg_: yeah11:23
dg_awesome video11:25
dg_i tend not to read our internal social media, but im guessing the dress code upset everyone11:25
Davieydg_: https://gist.github.com/Daviey/defdf7989ceea688f49811:34
dg_what user is that for?11:36
dg_Daviey ^^11:38
openstackgerritDave Walker proposed openstack/anchor: [WIP] Initial commit of devstack plugin  https://review.openstack.org/20626411:40
Davieydg_: I tried as admin and demo11:40
dg_and you got roles back both times?11:40
dg_what devstack setup is that using?11:42
dg_the anchor integrated into devstack one?11:42
Davieydg_: $ . openrc demo11:46
Daviey$ export $(openstack token issue --format shell --prefix OS_ )11:47
Daviey$ curl http://0.0.0.0:5001/sign -F user='JUNK'     -F secret=$(echo $OS_id | sed -e 's/^"//'  -e 's/"$//') -F encoding=pem     -F 'csr=<anchor-test.example.com.csr'11:47
Davieyyes, horrible use of sed i know11:47
Davieythat is using the devstack/anchor integrated one11:47
dg_ok so thats interesting, as far as I can tell, I dont have a OS_id set after running .openrc demo11:49
Davieyi added logger.debug(roles) and returned [u'Member', u'anotherrole']11:50
dg_and as far as I can tell, the only difference that should be between your and my keystone setups is your devstack also includes anchor, and mine doesnt11:50
Davieydg_: sorrt, os_id is set from my export11:50
Daviey11:47 < Daviey> $ export $(openstack token issue --format shell --prefix OS_ )11:50
dg_ahh yeh missed that my bad11:51
Davieythat grabs my token as $OS_id11:51
Davieydg_: You did patch your config.json?11:51
dg_no, do i need to?11:53
dg_wait, you mean in anchor?11:53
Davieyyes11:53
dg_irrelevant, atm Im just trying to get data back from keystone with roles in it11:53
dg_once keystone data has roles, anchor will work, but i cant figure out why it doesnt11:54
Davieydg_: oh wait11:55
Davieywhat verb are you using/11:55
Daviey?11:55
dg_umm, whatever the default in the openstack curl examples is,11:57
Davieydg_: You are using the old broken method11:57
Davieycurl -H "X-Auth-Token: $TOKEN" -H "X-Subject-Token: $TOKEN" http://$keystone/v3/auth/tokens11:57
Davieydg_: https://gist.github.com/deenine/7df9f849a5e4fd249b79 == the way it ued to be done.. the one that was broken because it didn't return roles :)11:58
DavieyThat was POST, we now use GET12:00
dg_yeah thats it, thanks Dave12:00
Davieynp12:01
dg_which is funny, because I copied and pasted that from the API docs, where it shows roles in the results http://docs.openstack.org/developer/keystone/api_curl_examples.html12:01
Davieypass!  I've got to go.. Speak later o/12:03
dg_cheers!12:03
openstackgerritMerged openstack/security-doc: Imported Translations from Transifex  https://review.openstack.org/20774012:06
*** ig0r__ has quit IRC12:22
*** viraptor has quit IRC12:26
*** ig0r__ has joined #openstack-security12:27
*** edmondsw has joined #openstack-security12:36
*** browne has joined #openstack-security12:57
*** salv-orlando has quit IRC13:13
*** bknudson has quit IRC13:16
*** bknudson has joined #openstack-security13:23
*** markvoelker has joined #openstack-security13:26
*** browne has quit IRC13:26
*** jmckind has joined #openstack-security13:27
*** singlethink has joined #openstack-security13:30
*** markvoelker_ has joined #openstack-security13:30
*** markvoelker has quit IRC13:31
*** ig0r__ has quit IRC13:34
*** jmckind has quit IRC13:36
*** jmckind has joined #openstack-security13:37
*** singleth_ has joined #openstack-security13:59
*** singlet__ has joined #openstack-security14:01
*** singlethink has quit IRC14:02
*** sigmavirus24_awa is now known as sigmavirus2414:03
*** singleth_ has quit IRC14:04
*** dg_ has quit IRC14:07
*** singlethink has joined #openstack-security14:11
*** singlet__ has quit IRC14:14
*** fubi has quit IRC14:17
*** h00327910__ has joined #openstack-security14:24
*** markvoelker_ has quit IRC14:40
*** salv-orlando has joined #openstack-security14:53
*** voodookid has joined #openstack-security15:05
openstackgerritMerged openstack/security-doc: fix instance management case studies  https://review.openstack.org/20761715:08
*** singleth_ has joined #openstack-security15:12
*** bpokorny has joined #openstack-security15:15
*** singlethink has quit IRC15:16
*** JAHoagie has joined #openstack-security15:38
*** singleth_ has quit IRC15:43
*** elo has joined #openstack-security15:45
*** shohel has quit IRC15:52
*** markvoelker has joined #openstack-security15:59
*** markvoelker has quit IRC16:02
*** browne has joined #openstack-security16:04
*** JAHoagie has quit IRC16:07
*** JAHoagie has joined #openstack-security16:10
*** tkelsey has quit IRC16:13
*** ig0r__ has joined #openstack-security16:21
*** singlethink has joined #openstack-security16:23
*** JAHoagie has quit IRC16:26
*** sdake has quit IRC16:26
*** alex_klimov has quit IRC16:28
openstackgerritOpenStack Proposal Bot proposed openstack/anchor: Updated from global requirements  https://review.openstack.org/20504416:35
*** sdake has joined #openstack-security16:37
*** tkelsey has joined #openstack-security16:39
*** JAHoagie has joined #openstack-security16:42
*** tkelsey has quit IRC16:43
*** amit213 has quit IRC16:50
*** amit213 has joined #openstack-security16:50
*** browne has quit IRC16:53
*** markvoelker has joined #openstack-security17:03
*** tjt263 has joined #openstack-security17:10
*** ig0r__ has quit IRC17:24
*** salv-orlando has quit IRC17:25
*** markvoelker has quit IRC17:26
*** browne has joined #openstack-security17:36
*** sdake has quit IRC17:39
*** sdake has joined #openstack-security17:40
*** sdake has quit IRC17:44
*** sdake has joined #openstack-security17:45
*** singleth_ has joined #openstack-security18:00
*** singlethink has quit IRC18:02
*** bknudson has quit IRC18:15
*** bknudson has joined #openstack-security18:21
sicarieelmiko: ping18:25
*** salv-orlando has joined #openstack-security18:27
sigmavirus24oh btw18:27
sigmavirus24zuul is back to normal everyone18:27
sigmavirus24we can go back to approving things18:27
*** markvoelker has joined #openstack-security18:28
elmikosicarie: hey18:28
elmikosigmavirus24: i wanna chat when you have some time, i'm curious about your thoughts re: keystone v3 compliance18:29
*** bpokorny_ has joined #openstack-security18:29
sigmavirus24elmiko: today is not that day =P18:29
elmikosigmavirus24: ack, i'll mention it again next week18:30
sigmavirus24or shoot me an email18:30
elmikoohh, now there's a novel idea ;)18:30
sigmavirus24I can set a reminder for emails18:30
sigmavirus24So I wont' forget it ideally18:30
sicarieelmiko: will you be able to take the sec-guide meeting for the next 2 weeks?18:31
*** JAHoagie has quit IRC18:31
sicarieI'm going to be traveling without safe connection18:31
elmikosicarie: sure, i'll be available. do you want to discuss priorities?18:31
elmikoi'm guessing finishing the rst conversion is top18:31
*** bpokorny has quit IRC18:31
sicarieYeah, that's really it18:32
sicarieOnce the migration comes through we can start on changes again18:32
elmikook, sure18:32
elmikoyea18:32
sicarieThe mid-cycle isn't for another month18:32
elmikostill hoping i can make it18:32
sicarieso we'll have time to plan for that18:32
sicarieawesome!18:32
elmikoand i guess we'll just keep pushing on the fews bugs that remain18:33
elmikoand maybe Daviey's proposal about the side bar18:33
sicarieYep - I hope to be able to be on once or twice, but I'm going to BlackHat/DefCon, so it may not happen securely18:33
elmikoooo, luck-eeee18:34
* elmiko wants to go too18:34
sicarieyeah, it should b efun18:34
sicarieAt the same token, I'm not sure how much more I'm going to get to do on those issues I started yesterday18:34
*** JAHoagie has joined #openstack-security18:35
sicarieI'm going to try to push stuff over the weekend and get them passing tox18:35
elmikodid you ever get your tox working?18:35
sicarieHaven't had time to look at it :)18:35
elmikoooph18:35
sicarieWorking on internal stuff - trying to get that wrapped up before traveling18:35
elmikofor sure18:35
*** salv-orlando has quit IRC18:36
sicarieand then taking an old laptop i plan on reimaging to vegas, so don't really want to push keys and stuff on there...18:36
elmikoexactly18:36
elmikoro / mount imo18:36
sicarie+118:36
elmiko;)18:36
elmikoand yea, no worries about the doc meetings. we'll keep the ship upright =)18:36
sicarieI keep trying to get a bootable Tails image up, but again, no time to troubleshoot18:36
sicarieawesome18:36
elmikohave fun at BH/DC18:37
sicariefor sure :)18:37
sicarietahnks!18:37
*** markvoelker has quit IRC18:37
elmikoi look forward to some good stories ;)18:37
sicarieyeah, i'm a boring old guy, I have a feeling there won't be many stories18:38
elmikohaha18:38
elmikoi know the feeling18:38
sicarieespecially because I don't find Vegas that fun18:38
sicarieit's interesting for about a day, and then it just gets old18:38
elmikoyea, kinda crazy in vegas18:38
elmikosigmavirus24: this is beautiful http://www.coglib.com/~icordasc/index.html#contact  /me tips fedora18:40
*** tkelsey has joined #openstack-security18:40
sigmavirus24lmao18:40
elmikoit's really been too long since i've seen some C code, and it's only been like 1.5 years lol18:40
sigmavirus24lol18:41
sigmavirus24that's still more recent than when I wrote that code18:41
*** sdake has quit IRC18:42
elmikohaha18:42
*** tkelsey has quit IRC18:44
*** sdake has joined #openstack-security18:44
*** singlethink has joined #openstack-security18:47
sigmavirus24I used to recreationally write C18:50
sigmavirus24That should tell you a lot about my idea of fun18:50
*** singleth_ has quit IRC18:50
elmikonice, i approve =)18:50
elmikoalthough in fairness, i use to write assembly for fun (when i was in h.s./college)18:51
miscwell, unless you say "fortran for fun", that's not so unusual18:55
sicarieI wrote a fortran compiler in yacc and bison :(18:56
sicarieoh college, back when I didn't know any better....18:57
elmikohaha18:59
elmikomisc: "fortran for fun".... syntax error18:59
*** salv-orlando has joined #openstack-security19:01
*** elo has quit IRC19:06
*** ig0r__ has joined #openstack-security19:12
*** sicarie has quit IRC19:21
*** elo has joined #openstack-security19:25
*** ig0r_ has quit IRC19:26
*** singlethink has quit IRC19:31
Davieyelmiko: The sidebar release should be imminent.. it is merged, just waiting for a release to be cut19:32
*** singlethink has joined #openstack-security19:32
*** openstack has joined #openstack-security19:34
*** ig0r__ has quit IRC19:35
elmikoDaviey: awesome, we can discuss more on monday19:36
*** sdake has quit IRC19:38
*** sdake has joined #openstack-security19:39
*** ig0r_ has joined #openstack-security19:39
*** ig0r_ has quit IRC19:46
*** JAHoagie has quit IRC19:51
*** jmckind has quit IRC19:57
*** jmckind has joined #openstack-security19:58
*** jmckind has quit IRC19:58
*** singleth_ has joined #openstack-security19:58
*** jmckind has joined #openstack-security19:59
*** JAHoagie has joined #openstack-security19:59
*** sdake_ has joined #openstack-security20:01
*** singlethink has quit IRC20:02
*** sdake has quit IRC20:05
*** elo has quit IRC20:11
*** austin_laptop has quit IRC20:22
openstackgerritPriti Desai proposed openstack/security-doc: Updating Reference - Identity  https://review.openstack.org/20805120:23
openstackgerritPriti Desai proposed openstack/security-doc: Updating Reference - Identity  https://review.openstack.org/20805120:24
openstackgerritPriti Desai proposed openstack/security-doc: Updating Reference - Identity  https://review.openstack.org/20805120:29
*** tkelsey has joined #openstack-security20:40
*** bpokorny has joined #openstack-security20:41
*** bpokorny_ has quit IRC20:45
*** tkelsey has quit IRC20:45
*** sdake_ is now known as sdake20:46
*** elo has joined #openstack-security20:51
*** elo1 has joined #openstack-security21:00
*** JAHoagie has quit IRC21:03
*** elo has quit IRC21:04
*** JAHoagie has joined #openstack-security21:04
*** hiddentoken has joined #openstack-security21:38
*** hiddentoken has quit IRC21:39
*** hiddentoken has joined #openstack-security21:40
*** elo1 has quit IRC21:41
*** jmckind has quit IRC21:42
*** sdake has quit IRC21:54
*** sdake has joined #openstack-security21:54
*** sdake has quit IRC22:02
*** sdake has joined #openstack-security22:25
*** Surface has joined #openstack-security22:26
*** Surface has quit IRC22:27
openstackgerritJeffrey Olsen proposed openstack/security-doc: Update links that point to other documentation guides  https://review.openstack.org/20807622:42
openstackgerritMerged openstack/bandit: Add all available plugins to an example profile  https://review.openstack.org/20686822:51
*** singleth_ has quit IRC22:52
*** tkelsey has joined #openstack-security23:04
*** voodookid has quit IRC23:05
*** tkelsey has quit IRC23:11
*** sigmavirus24 is now known as sigmavirus24_awa23:26
*** elo has joined #openstack-security23:47
*** sdake has quit IRC23:57
*** elo has quit IRC23:57
« Thursday, 2015-07-30 Index Saturday, 2015-08-01 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!