*** sdake has joined #openstack-security | 00:09 | |
*** dave-mccowan has joined #openstack-security | 00:11 | |
*** sdake_ has quit IRC | 00:11 | |
openstackgerrit | OpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals https://review.openstack.org/340185 | 00:24 |
---|---|---|
*** sdake_ has joined #openstack-security | 00:26 | |
*** sdake has quit IRC | 00:29 | |
*** zul has quit IRC | 00:38 | |
*** dave-mccowan has quit IRC | 00:44 | |
*** dave-mccowan has joined #openstack-security | 00:44 | |
*** deblike has quit IRC | 01:42 | |
*** M00nr41n has joined #openstack-security | 01:47 | |
*** dave-mccowan has quit IRC | 01:48 | |
*** ozialien10 has quit IRC | 01:49 | |
*** ozialien10 has joined #openstack-security | 01:49 | |
openstackgerrit | Merged openstack/security-doc: Updated from openstack-manuals https://review.openstack.org/340185 | 01:58 |
*** dave-mccowan has joined #openstack-security | 02:07 | |
*** dave-mccowan has quit IRC | 02:26 | |
*** sdake_ is now known as sdake | 02:35 | |
*** dave-mccowan has joined #openstack-security | 02:44 | |
*** el has joined #openstack-security | 03:32 | |
el | hola | 03:33 |
el | como ansa | 03:33 |
el | andan | 03:33 |
*** el has quit IRC | 03:34 | |
openstackgerrit | Rahul U Nair proposed openstack/syntribos: Adding header checks and unit tests https://review.openstack.org/340211 | 03:50 |
openstackgerrit | Rahul U Nair proposed openstack/syntribos: Adding header checks and unit tests https://review.openstack.org/340211 | 03:57 |
*** M00nr41n has quit IRC | 03:59 | |
*** dave-mccowan has quit IRC | 04:01 | |
*** zul has joined #openstack-security | 04:15 | |
*** sdake has quit IRC | 04:43 | |
*** M00nr41n has joined #openstack-security | 04:51 | |
*** pcaruana has quit IRC | 05:17 | |
*** sdake has joined #openstack-security | 05:31 | |
*** sdake has quit IRC | 05:33 | |
*** jamielennox is now known as jamielennox|away | 05:34 | |
*** sam_yan has joined #openstack-security | 05:49 | |
*** jamielennox|away is now known as jamielennox | 05:50 | |
sam_yan | how to understand ima ? | 06:09 |
*** rcernin has joined #openstack-security | 06:22 | |
*** pcaruana has joined #openstack-security | 06:51 | |
*** unrahul has quit IRC | 07:02 | |
*** tesseract- has joined #openstack-security | 07:08 | |
*** sam_yan has quit IRC | 07:21 | |
*** liverpooler has joined #openstack-security | 07:25 | |
*** aurelien__ has joined #openstack-security | 09:53 | |
*** StudentTrstenice has joined #openstack-security | 10:44 | |
*** StudentTrstenice has quit IRC | 10:46 | |
openstackgerrit | Robert Clark proposed openstack/security-doc: Added Authors to Security Notes https://review.openstack.org/337627 | 10:51 |
*** sigmavirus_away is now known as sigmavirus | 11:14 | |
*** sdake has joined #openstack-security | 11:19 | |
*** dave-mccowan has joined #openstack-security | 11:46 | |
*** sdake has quit IRC | 11:48 | |
*** zul has quit IRC | 11:48 | |
*** zul has joined #openstack-security | 11:55 | |
*** deblike has joined #openstack-security | 12:00 | |
*** dc3_ has joined #openstack-security | 12:15 | |
*** dc3_ has left #openstack-security | 12:15 | |
*** zul has quit IRC | 12:19 | |
*** zul has joined #openstack-security | 12:24 | |
*** deblike has quit IRC | 12:38 | |
*** deblike has joined #openstack-security | 12:41 | |
*** _elmiko is now known as elmiko | 13:00 | |
*** markvoelker has joined #openstack-security | 13:08 | |
*** cleong has joined #openstack-security | 13:19 | |
*** M00nr41n has quit IRC | 13:23 | |
*** markvoelker has quit IRC | 13:27 | |
*** singlethink has joined #openstack-security | 13:38 | |
*** sdake has joined #openstack-security | 13:48 | |
*** sdake_ has joined #openstack-security | 13:49 | |
*** sdake has quit IRC | 13:49 | |
*** yeison has joined #openstack-security | 14:00 | |
*** yeison has left #openstack-security | 14:01 | |
*** markvoelker has joined #openstack-security | 14:02 | |
*** markvoelker has quit IRC | 14:07 | |
*** liverpooler has quit IRC | 14:08 | |
*** dave-mccowan has quit IRC | 14:10 | |
*** markvoelker has joined #openstack-security | 14:17 | |
*** markvoelker has quit IRC | 14:23 | |
*** dave-mccowan has joined #openstack-security | 14:30 | |
*** nkinder has joined #openstack-security | 14:37 | |
*** jmckind has joined #openstack-security | 14:42 | |
*** unrahul has joined #openstack-security | 14:47 | |
*** sdake_ has quit IRC | 14:47 | |
*** markvoelker has joined #openstack-security | 14:48 | |
*** nkinder has quit IRC | 14:53 | |
*** vinaypotluri has joined #openstack-security | 15:10 | |
*** pcaruana has quit IRC | 15:15 | |
*** yaya has joined #openstack-security | 15:15 | |
*** mvaldes has joined #openstack-security | 15:20 | |
*** diazjf has joined #openstack-security | 15:23 | |
*** aastha has joined #openstack-security | 15:29 | |
*** mdong has joined #openstack-security | 15:52 | |
*** browne has joined #openstack-security | 15:55 | |
*** thehornet has joined #openstack-security | 16:00 | |
*** thehornet has quit IRC | 16:01 | |
*** yaya has quit IRC | 16:07 | |
openstackgerrit | Rahul U Nair proposed openstack/syntribos: Adding missing checks https://review.openstack.org/340460 | 16:11 |
*** aurelien__ has quit IRC | 16:12 | |
*** M00nr41n has joined #openstack-security | 16:20 | |
*** ccneill has joined #openstack-security | 16:26 | |
*** jmckind_ has joined #openstack-security | 16:29 | |
*** jmckind_ has quit IRC | 16:32 | |
*** jmckind has quit IRC | 16:32 | |
*** jmckind has joined #openstack-security | 16:33 | |
*** woodburn has joined #openstack-security | 16:44 | |
*** tesseract- has quit IRC | 16:49 | |
*** rcernin has quit IRC | 16:51 | |
openstackgerrit | Rahul U Nair proposed openstack/syntribos: Adding missing checks https://review.openstack.org/340473 | 16:52 |
openstackgerrit | Charles Neill proposed openstack/syntribos: Converting to oslo.config for configuration https://review.openstack.org/337938 | 16:53 |
*** diazjf has quit IRC | 16:53 | |
elmiko | ccneill: nicely done on the config stuff! i just happened to see your commit, so i left a drive-by review ;) | 17:04 |
ccneill | elmiko: thank you, sir! | 17:04 |
ccneill | I pulled the thread a little bit, and CAFE exploded, so I kinda had to just do it all at once lol | 17:04 |
elmiko | ooph | 17:04 |
elmiko | make sense though, iirc you had the old config stuff woven in everywhere X_ | 17:05 |
elmiko | X) | 17:05 |
*** M00nr41n has quit IRC | 17:07 | |
openstackgerrit | Michael Dong proposed openstack/syntribos: Refactored Auth test https://review.openstack.org/340477 | 17:07 |
ccneill | yep yep | 17:09 |
ccneill | and environment variables | 17:09 |
ccneill | x_x | 17:09 |
*** yaya has joined #openstack-security | 17:10 | |
*** yaya_ has joined #openstack-security | 17:13 | |
unrahul | ccneill: mdong guys when is our debug log meeting, I some how dont have it on my calendar | 17:13 |
ccneill | 3:30-4:15 today | 17:13 |
*** M00nr41n has joined #openstack-security | 17:14 | |
*** yaya has quit IRC | 17:14 | |
*** yaya_ is now known as yaya | 17:14 | |
unrahul | thanks ccneill ! | 17:15 |
ccneill | np! | 17:15 |
*** M00nr41n has quit IRC | 17:17 | |
ccneill | vinaypotluri: oops! I just sent out an email saying "need more team outing ideas" before I saw yours haha | 17:19 |
ccneill | I like all of those ideas. haven't been rafting since I was a kid, that could be real fun | 17:20 |
vinaypotluri | awesome then... | 17:22 |
vinaypotluri | :) | 17:22 |
openstackgerrit | OpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals https://review.openstack.org/340483 | 17:23 |
*** mvaldes has quit IRC | 17:29 | |
*** pcaruana has joined #openstack-security | 17:39 | |
ccneill | unrahul: might have to hit the "rebase" button before rechecking your CR | 17:43 |
*** nkinder has joined #openstack-security | 17:52 | |
*** diazjf has joined #openstack-security | 18:07 | |
*** mvaldes has joined #openstack-security | 18:08 | |
*** yaya has quit IRC | 18:22 | |
*** ccneill has quit IRC | 18:23 | |
*** yaya has joined #openstack-security | 18:40 | |
*** yaya has quit IRC | 18:41 | |
*** elo has joined #openstack-security | 18:42 | |
unrahul | yup!... was trying to do a manual rebase.. and git started behaving like git :/ | 18:47 |
openstackgerrit | Rahul U Nair proposed openstack/syntribos: Adding oslo logging https://review.openstack.org/340182 | 18:47 |
*** ccneill has joined #openstack-security | 18:47 | |
openstackgerrit | Rahul U Nair proposed openstack/syntribos: Adding missing checks https://review.openstack.org/340473 | 18:48 |
openstackgerrit | Merged openstack/security-doc: Updated from openstack-manuals https://review.openstack.org/340483 | 18:49 |
*** mvaldes has quit IRC | 18:57 | |
*** B_Smith has quit IRC | 18:58 | |
*** mvaldes has joined #openstack-security | 19:00 | |
*** mvaldes1 has joined #openstack-security | 19:01 | |
*** yaya has joined #openstack-security | 19:04 | |
*** mvaldes has quit IRC | 19:04 | |
*** deblike has quit IRC | 19:23 | |
*** deblike has joined #openstack-security | 19:25 | |
*** sdake has joined #openstack-security | 19:26 | |
*** sdake has quit IRC | 19:26 | |
*** nkinder has quit IRC | 19:31 | |
*** rcernin has joined #openstack-security | 19:31 | |
*** mvaldes1 has quit IRC | 19:44 | |
*** mvaldes has joined #openstack-security | 19:47 | |
ccneill | hey folks, anyone got time for a +workflow on this CR? https://review.openstack.org/#/c/337938/ | 19:49 |
ccneill | I'd give you a rare Pokémon if I could O:-) | 19:52 |
*** B_Smith has joined #openstack-security | 19:55 | |
*** yaya has quit IRC | 19:58 | |
*** elo has quit IRC | 20:00 | |
*** B_Smith has quit IRC | 20:02 | |
*** davidjd-gh has joined #openstack-security | 20:02 | |
*** jmckind has quit IRC | 20:03 | |
*** B_Smith has joined #openstack-security | 20:04 | |
*** davidjd-gh has quit IRC | 20:06 | |
*** zul_ has joined #openstack-security | 20:10 | |
unrahul | workflowed :D, will cash on that, once i get into the game, i think I am the last one :D | 20:11 |
*** chair6 has quit IRC | 20:13 | |
ccneill | sigh | 20:14 |
ccneill | just read this | 20:14 |
Ryan_Lane | it would be awesome if the bandit docs were kept up to date | 20:14 |
ccneill | https://techcrunch.com/2016/07/11/pokemon-go-shouldnt-have-full-access-to-your-gmail-docs-and-google-account-but-it-does | 20:14 |
ccneill | >_< | 20:14 |
Ryan_Lane | and if backwards incompatible changes didn't keep cropping in | 20:14 |
Ryan_Lane | maybe I'm the only one maintaining a plugin that's not inside of the repo, but it's slowly driving me insane | 20:15 |
Ryan_Lane | the latest one seems to be requiring a gen_config function? | 20:15 |
Ryan_Lane | it looks like the docs on writing tests haven't been updated in a _really_ long time | 20:16 |
Ryan_Lane | it doesn't even mention that bandit requires test numbers | 20:16 |
*** chair6 has joined #openstack-security | 20:16 | |
*** pcaruana has quit IRC | 20:17 | |
Ryan_Lane | there's no docs on what gen_config is supposed to do :( | 20:18 |
Ryan_Lane | also looks like openstack-specific data is creeping into core, which is a bit sad | 20:19 |
unrahul | ccneill: oh f***k I have tried apps that require insane access, but none of them did use it, wonder why mails were accessed. | 20:19 |
unrahul | ccneill: thats really creepy | 20:19 |
unrahul | ccneill: now thinking if i should install it or not.. :/ | 20:19 |
ccneill | unrahul: <_> agreed. I just checked my account and it seems not to have gotten "uber access". you can sign up with a "trainer" account instead of using your Google account | 20:20 |
unrahul | Ryan_Lane: :/ as always docs is something, that we have to collectively do something, may be make the automatic doc updates more robust.. | 20:20 |
openstackgerrit | Merged openstack/syntribos: Converting to oslo.config for configuration https://review.openstack.org/337938 | 20:20 |
*** ian_ott has joined #openstack-security | 20:21 | |
unrahul | Ryan_Lane: we are always falling short of keeping docs up to date, partly because of the fact that there are so many updates and less number of experts to do the updates,, | 20:21 |
ccneill | Ryan_Lane: that sounds fun :( it would be cool if we had dedicated help from OpenStack docs group(s) to tackle stuff like that. I think all of us are pretty low on time for docs atm :/ | 20:21 |
Ryan_Lane | projects shouldn't accept gerrit changes that don't include docs | 20:21 |
unrahul | ccneill: yup.. need to do that.. yeah, its been a while since i updated uber.. !, after their all powerful access update notification.. | 20:22 |
Ryan_Lane | then you don't need to keep up with docs. | 20:22 |
unrahul | ccneill: sometimes, i wonder if they are trying to match drivers with users having common interest by datamining both inboxes.. | 20:22 |
Ryan_Lane | as a third party user, though, it makes things insanely difficult | 20:23 |
Ryan_Lane | pushing docs off onto the docs team isn't a good practice, though. it ensures docs will always be poor | 20:23 |
Ryan_Lane | especially developer docs | 20:23 |
unrahul | Ryan_Lane: mm.. that is an interesting idea.. but sometimes, the changes are far and wide, that by the time it is realized some doc has to be changed... its too late. | 20:24 |
Ryan_Lane | can anyone tell me the behavior expected for the gen_config function? | 20:24 |
Ryan_Lane | @unrahul a change that has that much in it should also likely be rejected | 20:24 |
Ryan_Lane | because if it's too difficult to document because there's too many changes, then it's also likely not going to be reviewed properly either | 20:25 |
ccneill | elmiko? hyakuhei? browne? sigmavirus? any thoughts for Ryan_Lane? | 20:25 |
unrahul | Ryan_Lane: mm.. ccneill is trying to summon the overlords to figure this out.. | 20:26 |
Ryan_Lane | thanks :) | 20:26 |
*** dave-mccowan has quit IRC | 20:26 | |
Ryan_Lane | don't mean to bitch too much. I'm still a huge fan of bandit | 20:27 |
Ryan_Lane | but support's been a pain :) | 20:27 |
* elmiko pokes head in | 20:27 | |
* elmiko reading back | 20:27 | |
*** diazjf has quit IRC | 20:28 | |
ccneill | Ryan_Lane: I agree with ya about keeping docs up to date via CRs, but we definitely haven't had a perfect track record of it in the project I'm working on (syntribos). usually ends up being one of the first sacrifices we make for speed of change (rightfully or not) | 20:28 |
unrahul | Ryan_Lane: yup, the tool is really cool.. let's try to resolve this.. | 20:28 |
*** diazjf has joined #openstack-security | 20:28 | |
unrahul | ccneill: +1 :D | 20:28 |
elmiko | i agree that the docs should be kept updated and perhaps we need more options for advising internal api changes. | 20:29 |
ccneill | wonder if there would be a reasonable way to introduce a "docs check" into tox? | 20:29 |
ccneill | i.e. "I see 400 lines of code changes and 0 lines of changes to .rst docs. wtf" | 20:29 |
sigmavirus | Ryan_Lane: which gen_config function? | 20:29 |
elmiko | my best advice, Ryan_Lane, would be to email the openstack-dev list with a subject containing "[bandit]", raise these issues again, and make sure to directly ping tkelsey (Tim Kelsey), browne (Eric Browne), and tmcpeak (Travis McPeak). those guys have been the most involved with bandit and its releases. | 20:30 |
elmiko | that's more about the doc changes and rigor in general though | 20:30 |
Ryan_Lane | @sigmavirus the ones in plugins | 20:31 |
elmiko | unfortunately, i don't have much involvement with the day-to-day for bandit | 20:31 |
Ryan_Lane | (I maintain a plugin) | 20:31 |
Ryan_Lane | https://github.com/lyft/bandit-high-entropy-string | 20:31 |
Ryan_Lane | the functions take config, but apparently now you need a gen_config function in the plugin for it to work | 20:31 |
*** mvaldes has quit IRC | 20:32 | |
Ryan_Lane | I ask because: https://github.com/lyft/bandit-high-entropy-string/issues/5 | 20:36 |
Ryan_Lane | it's weird, because it seems that bandit checks to see if the function exists.... | 20:37 |
Ryan_Lane | I'm guessing gen_config is the defaults? | 20:42 |
*** yaya has joined #openstack-security | 20:42 | |
*** mvaldes has joined #openstack-security | 20:43 | |
*** dave-mccowan has joined #openstack-security | 20:47 | |
*** mdong has quit IRC | 20:47 | |
Ryan_Lane | so if there's no config in the provided config, then it'll get it from gen_config? | 20:48 |
*** tmcpeak has joined #openstack-security | 20:49 | |
tmcpeak | o/ | 20:49 |
gmurphy | Ryan_Lane: tmcpeak should be able to help with your plugin issue | 20:50 |
tmcpeak | Ryan_Lane: wassup | 20:50 |
tmcpeak | Ryan_Lane: read backscroll | 20:52 |
tmcpeak | you were developing for pre 1.0 I assume? | 20:52 |
tmcpeak | Ryan_Lane: anyway, yeah our docs suck, agreed | 20:55 |
tmcpeak | I'll file a bug on Bandit so we can track updating them | 20:55 |
Ryan_Lane | tmcpeak: yeah, but not I support 1.0+ | 20:55 |
Ryan_Lane | *now | 20:55 |
tmcpeak | ok we've revamped the way we do config so that plugins define their own settings rather than having one awful config file that everybody had to ship around | 20:56 |
tmcpeak | plugins will use the default setting unless you specifically override that | 20:56 |
tmcpeak | anyway here's an example of how it should be done: https://github.com/openstack/bandit/blob/master/bandit/plugins/try_except_continue.py#L90 | 20:57 |
tmcpeak | sorry docs haven't caught up yet, I'll file a bug now | 20:57 |
openstackgerrit | Travis McPeak proposed openstack/bandit: Adding missing section to documentation about gen_config https://review.openstack.org/340574 | 21:14 |
tmcpeak | Ryan_Lane: ^ | 21:14 |
*** yaya has quit IRC | 21:20 | |
*** mvaldes has quit IRC | 21:21 | |
*** cleong has quit IRC | 21:22 | |
*** jmckind has joined #openstack-security | 21:23 | |
*** mvaldes has joined #openstack-security | 21:25 | |
*** mvaldes has quit IRC | 21:37 | |
*** ian_ott has quit IRC | 21:40 | |
*** anahy has joined #openstack-security | 21:40 | |
*** yaya has joined #openstack-security | 21:54 | |
Ryan_Lane | @tmcpeak did this change in a point release? | 22:19 |
*** diazjf has quit IRC | 22:19 | |
tmcpeak | Ryan_Lane: no, it changed in 1.0: https://github.com/openstack/bandit/releases/tag/1.0 | 22:21 |
Ryan_Lane | I guess mostly my issue is that I didn't add the function, and only tested with config set | 22:24 |
tmcpeak | we kept the old functionality in 1.0 so to try not to break anybody that still wants to use config | 22:25 |
tmcpeak | you should be able to just add gen_config and everything will be great | 22:25 |
tmcpeak | works on 0.17.x and 1.0.x | 22:25 |
tmcpeak | we waited until 1.0 to do this specifically because we knew it could be a breaking change for plugin devs | 22:26 |
*** yaya has quit IRC | 22:26 | |
*** anahy has quit IRC | 22:28 | |
Ryan_Lane | ok. cool :) | 22:30 |
openstackgerrit | Rahul U Nair proposed openstack/syntribos: Modifying checks to use test objects https://review.openstack.org/340602 | 22:33 |
*** singlethink has quit IRC | 22:35 | |
*** jmckind has quit IRC | 22:52 | |
unrahul | Hey ccneill , not sure from where I got the idea that the oslo logs are called from init | 23:04 |
unrahul | ccneill: somewhere I had seen it, but now its like as you pointed out none does so. | 23:05 |
unrahul | :/ | 23:05 |
ccneill | unrahul: no worries, I'm trying to find something more definitive about it.. | 23:05 |
ccneill | unrahul: it seems most people reference doing it in the app's main() | 23:05 |
ccneill | we don't have a main(), but the closest thing is run(), which is where we're currently doing config setup too | 23:05 |
ccneill | we definitely need to split run() into smaller methods that are easier to understand | 23:06 |
ccneill | sicne it's just sort of like "yeah, everything happens here. hope it makes sense" right now | 23:06 |
unrahul | yup I agree on splitting up run() , its getting too big, already is .. i guess,, | 23:07 |
unrahul | was checking bandit and it seems they are using oslo_logging.. | 23:07 |
ccneill | yeah, I think oslo.log may actually be the best approach for us, since it integrates with oslo.config's conf file/CLI option parsing | 23:07 |
unrahul | yup +1. | 23:08 |
ccneill | looking around for "logging best practices", I see people dealing with like logging.config.dictConfig | 23:08 |
ccneill | and it also uses a fairly sane formatter that we don't have to make ourselves | 23:09 |
ccneill | hmmm... digging through nose's code, I don't see anything that immediately stands out to me to explain the weird behavior I was seeing the other day | 23:11 |
ccneill | ¯\_(ツ)_/¯ | 23:11 |
ccneill | we should be fine all around if we do it in run() though | 23:11 |
*** aastha has quit IRC | 23:19 | |
*** zul_ has quit IRC | 23:21 | |
*** rcernin has quit IRC | 23:43 | |
*** markvoelker has quit IRC | 23:49 | |
unrahul | :/ .. yeah cool behavior though.. | 23:59 |
unrahul | yup , moving the run, would be the best.. | 23:59 |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!