Monday, 2016-07-11

*** sdake has joined #openstack-security		00:09
*** dave-mccowan has joined #openstack-security		00:11
*** sdake_ has quit IRC		00:11
openstackgerrit	OpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals https://review.openstack.org/340185	00:24
*** sdake_ has joined #openstack-security		00:26
*** sdake has quit IRC		00:29
*** zul has quit IRC		00:38
*** dave-mccowan has quit IRC		00:44
*** dave-mccowan has joined #openstack-security		00:44
*** deblike has quit IRC		01:42
*** M00nr41n has joined #openstack-security		01:47
*** dave-mccowan has quit IRC		01:48
*** ozialien10 has quit IRC		01:49
*** ozialien10 has joined #openstack-security		01:49
openstackgerrit	Merged openstack/security-doc: Updated from openstack-manuals https://review.openstack.org/340185	01:58
*** dave-mccowan has joined #openstack-security		02:07
*** dave-mccowan has quit IRC		02:26
*** sdake_ is now known as sdake		02:35
*** dave-mccowan has joined #openstack-security		02:44
*** el has joined #openstack-security		03:32
el	hola	03:33
el	como ansa	03:33
el	andan	03:33
*** el has quit IRC		03:34
openstackgerrit	Rahul U Nair proposed openstack/syntribos: Adding header checks and unit tests https://review.openstack.org/340211	03:50
openstackgerrit	Rahul U Nair proposed openstack/syntribos: Adding header checks and unit tests https://review.openstack.org/340211	03:57
*** M00nr41n has quit IRC		03:59
*** dave-mccowan has quit IRC		04:01
*** zul has joined #openstack-security		04:15
*** sdake has quit IRC		04:43
*** M00nr41n has joined #openstack-security		04:51
*** pcaruana has quit IRC		05:17
*** sdake has joined #openstack-security		05:31
*** sdake has quit IRC		05:33
*** jamielennox is now known as jamielennox\|away		05:34
*** sam_yan has joined #openstack-security		05:49
*** jamielennox\|away is now known as jamielennox		05:50
sam_yan	how to understand ima ?	06:09
*** rcernin has joined #openstack-security		06:22
*** pcaruana has joined #openstack-security		06:51
*** unrahul has quit IRC		07:02
*** tesseract- has joined #openstack-security		07:08
*** sam_yan has quit IRC		07:21
*** liverpooler has joined #openstack-security		07:25
*** aurelien__ has joined #openstack-security		09:53
*** StudentTrstenice has joined #openstack-security		10:44
*** StudentTrstenice has quit IRC		10:46
openstackgerrit	Robert Clark proposed openstack/security-doc: Added Authors to Security Notes https://review.openstack.org/337627	10:51
*** sigmavirus_away is now known as sigmavirus		11:14
*** sdake has joined #openstack-security		11:19
*** dave-mccowan has joined #openstack-security		11:46
*** sdake has quit IRC		11:48
*** zul has quit IRC		11:48
*** zul has joined #openstack-security		11:55
*** deblike has joined #openstack-security		12:00
*** dc3_ has joined #openstack-security		12:15
*** dc3_ has left #openstack-security		12:15
*** zul has quit IRC		12:19
*** zul has joined #openstack-security		12:24
*** deblike has quit IRC		12:38
*** deblike has joined #openstack-security		12:41
*** _elmiko is now known as elmiko		13:00
*** markvoelker has joined #openstack-security		13:08
*** cleong has joined #openstack-security		13:19
*** M00nr41n has quit IRC		13:23
*** markvoelker has quit IRC		13:27
*** singlethink has joined #openstack-security		13:38
*** sdake has joined #openstack-security		13:48
*** sdake_ has joined #openstack-security		13:49
*** sdake has quit IRC		13:49
*** yeison has joined #openstack-security		14:00
*** yeison has left #openstack-security		14:01
*** markvoelker has joined #openstack-security		14:02
*** markvoelker has quit IRC		14:07
*** liverpooler has quit IRC		14:08
*** dave-mccowan has quit IRC		14:10
*** markvoelker has joined #openstack-security		14:17
*** markvoelker has quit IRC		14:23
*** dave-mccowan has joined #openstack-security		14:30
*** nkinder has joined #openstack-security		14:37
*** jmckind has joined #openstack-security		14:42
*** unrahul has joined #openstack-security		14:47
*** sdake_ has quit IRC		14:47
*** markvoelker has joined #openstack-security		14:48
*** nkinder has quit IRC		14:53
*** vinaypotluri has joined #openstack-security		15:10
*** pcaruana has quit IRC		15:15
*** yaya has joined #openstack-security		15:15
*** mvaldes has joined #openstack-security		15:20
*** diazjf has joined #openstack-security		15:23
*** aastha has joined #openstack-security		15:29
*** mdong has joined #openstack-security		15:52
*** browne has joined #openstack-security		15:55
*** thehornet has joined #openstack-security		16:00
*** thehornet has quit IRC		16:01
*** yaya has quit IRC		16:07
openstackgerrit	Rahul U Nair proposed openstack/syntribos: Adding missing checks https://review.openstack.org/340460	16:11
*** aurelien__ has quit IRC		16:12
*** M00nr41n has joined #openstack-security		16:20
*** ccneill has joined #openstack-security		16:26
*** jmckind_ has joined #openstack-security		16:29
*** jmckind_ has quit IRC		16:32
*** jmckind has quit IRC		16:32
*** jmckind has joined #openstack-security		16:33
*** woodburn has joined #openstack-security		16:44
*** tesseract- has quit IRC		16:49
*** rcernin has quit IRC		16:51
openstackgerrit	Rahul U Nair proposed openstack/syntribos: Adding missing checks https://review.openstack.org/340473	16:52
openstackgerrit	Charles Neill proposed openstack/syntribos: Converting to oslo.config for configuration https://review.openstack.org/337938	16:53
*** diazjf has quit IRC		16:53
elmiko	ccneill: nicely done on the config stuff! i just happened to see your commit, so i left a drive-by review ;)	17:04
ccneill	elmiko: thank you, sir!	17:04
ccneill	I pulled the thread a little bit, and CAFE exploded, so I kinda had to just do it all at once lol	17:04
elmiko	ooph	17:04
elmiko	make sense though, iirc you had the old config stuff woven in everywhere X_	17:05
elmiko	X)	17:05
*** M00nr41n has quit IRC		17:07
openstackgerrit	Michael Dong proposed openstack/syntribos: Refactored Auth test https://review.openstack.org/340477	17:07
ccneill	yep yep	17:09
ccneill	and environment variables	17:09
ccneill	x_x	17:09
*** yaya has joined #openstack-security		17:10
*** yaya_ has joined #openstack-security		17:13
unrahul	ccneill: mdong guys when is our debug log meeting, I some how dont have it on my calendar	17:13
ccneill	3:30-4:15 today	17:13
*** M00nr41n has joined #openstack-security		17:14
*** yaya has quit IRC		17:14
*** yaya_ is now known as yaya		17:14
unrahul	thanks ccneill !	17:15
ccneill	np!	17:15
*** M00nr41n has quit IRC		17:17
ccneill	vinaypotluri: oops! I just sent out an email saying "need more team outing ideas" before I saw yours haha	17:19
ccneill	I like all of those ideas. haven't been rafting since I was a kid, that could be real fun	17:20
vinaypotluri	awesome then...	17:22
vinaypotluri	:)	17:22
openstackgerrit	OpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals https://review.openstack.org/340483	17:23
*** mvaldes has quit IRC		17:29
*** pcaruana has joined #openstack-security		17:39
ccneill	unrahul: might have to hit the "rebase" button before rechecking your CR	17:43
*** nkinder has joined #openstack-security		17:52
*** diazjf has joined #openstack-security		18:07
*** mvaldes has joined #openstack-security		18:08
*** yaya has quit IRC		18:22
*** ccneill has quit IRC		18:23
*** yaya has joined #openstack-security		18:40
*** yaya has quit IRC		18:41
*** elo has joined #openstack-security		18:42
unrahul	yup!... was trying to do a manual rebase.. and git started behaving like git :/	18:47
openstackgerrit	Rahul U Nair proposed openstack/syntribos: Adding oslo logging https://review.openstack.org/340182	18:47
*** ccneill has joined #openstack-security		18:47
openstackgerrit	Rahul U Nair proposed openstack/syntribos: Adding missing checks https://review.openstack.org/340473	18:48
openstackgerrit	Merged openstack/security-doc: Updated from openstack-manuals https://review.openstack.org/340483	18:49
*** mvaldes has quit IRC		18:57
*** B_Smith has quit IRC		18:58
*** mvaldes has joined #openstack-security		19:00
*** mvaldes1 has joined #openstack-security		19:01
*** yaya has joined #openstack-security		19:04
*** mvaldes has quit IRC		19:04
*** deblike has quit IRC		19:23
*** deblike has joined #openstack-security		19:25
*** sdake has joined #openstack-security		19:26
*** sdake has quit IRC		19:26
*** nkinder has quit IRC		19:31
*** rcernin has joined #openstack-security		19:31
*** mvaldes1 has quit IRC		19:44
*** mvaldes has joined #openstack-security		19:47
ccneill	hey folks, anyone got time for a +workflow on this CR? https://review.openstack.org/#/c/337938/	19:49
ccneill	I'd give you a rare Pokémon if I could O:-)	19:52
*** B_Smith has joined #openstack-security		19:55
*** yaya has quit IRC		19:58
*** elo has quit IRC		20:00
*** B_Smith has quit IRC		20:02
*** davidjd-gh has joined #openstack-security		20:02
*** jmckind has quit IRC		20:03
*** B_Smith has joined #openstack-security		20:04
*** davidjd-gh has quit IRC		20:06
*** zul_ has joined #openstack-security		20:10
unrahul	workflowed :D, will cash on that, once i get into the game, i think I am the last one :D	20:11
*** chair6 has quit IRC		20:13
ccneill	sigh	20:14
ccneill	just read this	20:14
Ryan_Lane	it would be awesome if the bandit docs were kept up to date	20:14
ccneill	https://techcrunch.com/2016/07/11/pokemon-go-shouldnt-have-full-access-to-your-gmail-docs-and-google-account-but-it-does	20:14
ccneill	>_<	20:14
Ryan_Lane	and if backwards incompatible changes didn't keep cropping in	20:14
Ryan_Lane	maybe I'm the only one maintaining a plugin that's not inside of the repo, but it's slowly driving me insane	20:15
Ryan_Lane	the latest one seems to be requiring a gen_config function?	20:15
Ryan_Lane	it looks like the docs on writing tests haven't been updated in a _really_ long time	20:16
Ryan_Lane	it doesn't even mention that bandit requires test numbers	20:16
*** chair6 has joined #openstack-security		20:16
*** pcaruana has quit IRC		20:17
Ryan_Lane	there's no docs on what gen_config is supposed to do :(	20:18
Ryan_Lane	also looks like openstack-specific data is creeping into core, which is a bit sad	20:19
unrahul	ccneill: oh f***k I have tried apps that require insane access, but none of them did use it, wonder why mails were accessed.	20:19
unrahul	ccneill: thats really creepy	20:19
unrahul	ccneill: now thinking if i should install it or not.. :/	20:19
ccneill	unrahul: <_> agreed. I just checked my account and it seems not to have gotten "uber access". you can sign up with a "trainer" account instead of using your Google account	20:20
unrahul	Ryan_Lane: :/ as always docs is something, that we have to collectively do something, may be make the automatic doc updates more robust..	20:20
openstackgerrit	Merged openstack/syntribos: Converting to oslo.config for configuration https://review.openstack.org/337938	20:20
*** ian_ott has joined #openstack-security		20:21
unrahul	Ryan_Lane: we are always falling short of keeping docs up to date, partly because of the fact that there are so many updates and less number of experts to do the updates,,	20:21
ccneill	Ryan_Lane: that sounds fun :( it would be cool if we had dedicated help from OpenStack docs group(s) to tackle stuff like that. I think all of us are pretty low on time for docs atm :/	20:21
Ryan_Lane	projects shouldn't accept gerrit changes that don't include docs	20:21
unrahul	ccneill: yup.. need to do that.. yeah, its been a while since i updated uber.. !, after their all powerful access update notification..	20:22
Ryan_Lane	then you don't need to keep up with docs.	20:22
unrahul	ccneill: sometimes, i wonder if they are trying to match drivers with users having common interest by datamining both inboxes..	20:22
Ryan_Lane	as a third party user, though, it makes things insanely difficult	20:23
Ryan_Lane	pushing docs off onto the docs team isn't a good practice, though. it ensures docs will always be poor	20:23
Ryan_Lane	especially developer docs	20:23
unrahul	Ryan_Lane: mm.. that is an interesting idea.. but sometimes, the changes are far and wide, that by the time it is realized some doc has to be changed... its too late.	20:24
Ryan_Lane	can anyone tell me the behavior expected for the gen_config function?	20:24
Ryan_Lane	@unrahul a change that has that much in it should also likely be rejected	20:24
Ryan_Lane	because if it's too difficult to document because there's too many changes, then it's also likely not going to be reviewed properly either	20:25
ccneill	elmiko? hyakuhei? browne? sigmavirus? any thoughts for Ryan_Lane?	20:25
unrahul	Ryan_Lane: mm.. ccneill is trying to summon the overlords to figure this out..	20:26
Ryan_Lane	thanks :)	20:26
*** dave-mccowan has quit IRC		20:26
Ryan_Lane	don't mean to bitch too much. I'm still a huge fan of bandit	20:27
Ryan_Lane	but support's been a pain :)	20:27
* elmiko pokes head in		20:27
* elmiko reading back		20:27
*** diazjf has quit IRC		20:28
ccneill	Ryan_Lane: I agree with ya about keeping docs up to date via CRs, but we definitely haven't had a perfect track record of it in the project I'm working on (syntribos). usually ends up being one of the first sacrifices we make for speed of change (rightfully or not)	20:28
unrahul	Ryan_Lane: yup, the tool is really cool.. let's try to resolve this..	20:28
*** diazjf has joined #openstack-security		20:28
unrahul	ccneill: +1 :D	20:28
elmiko	i agree that the docs should be kept updated and perhaps we need more options for advising internal api changes.	20:29
ccneill	wonder if there would be a reasonable way to introduce a "docs check" into tox?	20:29
ccneill	i.e. "I see 400 lines of code changes and 0 lines of changes to .rst docs. wtf"	20:29
sigmavirus	Ryan_Lane: which gen_config function?	20:29
elmiko	my best advice, Ryan_Lane, would be to email the openstack-dev list with a subject containing "[bandit]", raise these issues again, and make sure to directly ping tkelsey (Tim Kelsey), browne (Eric Browne), and tmcpeak (Travis McPeak). those guys have been the most involved with bandit and its releases.	20:30
elmiko	that's more about the doc changes and rigor in general though	20:30
Ryan_Lane	@sigmavirus the ones in plugins	20:31
elmiko	unfortunately, i don't have much involvement with the day-to-day for bandit	20:31
Ryan_Lane	(I maintain a plugin)	20:31
Ryan_Lane	https://github.com/lyft/bandit-high-entropy-string	20:31
Ryan_Lane	the functions take config, but apparently now you need a gen_config function in the plugin for it to work	20:31
*** mvaldes has quit IRC		20:32
Ryan_Lane	I ask because: https://github.com/lyft/bandit-high-entropy-string/issues/5	20:36
Ryan_Lane	it's weird, because it seems that bandit checks to see if the function exists....	20:37
Ryan_Lane	I'm guessing gen_config is the defaults?	20:42
*** yaya has joined #openstack-security		20:42
*** mvaldes has joined #openstack-security		20:43
*** dave-mccowan has joined #openstack-security		20:47
*** mdong has quit IRC		20:47
Ryan_Lane	so if there's no config in the provided config, then it'll get it from gen_config?	20:48
*** tmcpeak has joined #openstack-security		20:49
tmcpeak	o/	20:49
gmurphy	Ryan_Lane: tmcpeak should be able to help with your plugin issue	20:50
tmcpeak	Ryan_Lane: wassup	20:50
tmcpeak	Ryan_Lane: read backscroll	20:52
tmcpeak	you were developing for pre 1.0 I assume?	20:52
tmcpeak	Ryan_Lane: anyway, yeah our docs suck, agreed	20:55
tmcpeak	I'll file a bug on Bandit so we can track updating them	20:55
Ryan_Lane	tmcpeak: yeah, but not I support 1.0+	20:55
Ryan_Lane	*now	20:55
tmcpeak	ok we've revamped the way we do config so that plugins define their own settings rather than having one awful config file that everybody had to ship around	20:56
tmcpeak	plugins will use the default setting unless you specifically override that	20:56
tmcpeak	anyway here's an example of how it should be done: https://github.com/openstack/bandit/blob/master/bandit/plugins/try_except_continue.py#L90	20:57
tmcpeak	sorry docs haven't caught up yet, I'll file a bug now	20:57
openstackgerrit	Travis McPeak proposed openstack/bandit: Adding missing section to documentation about gen_config https://review.openstack.org/340574	21:14
tmcpeak	Ryan_Lane: ^	21:14
*** yaya has quit IRC		21:20
*** mvaldes has quit IRC		21:21
*** cleong has quit IRC		21:22
*** jmckind has joined #openstack-security		21:23
*** mvaldes has joined #openstack-security		21:25
*** mvaldes has quit IRC		21:37
*** ian_ott has quit IRC		21:40
*** anahy has joined #openstack-security		21:40
*** yaya has joined #openstack-security		21:54
Ryan_Lane	@tmcpeak did this change in a point release?	22:19
*** diazjf has quit IRC		22:19
tmcpeak	Ryan_Lane: no, it changed in 1.0: https://github.com/openstack/bandit/releases/tag/1.0	22:21
Ryan_Lane	I guess mostly my issue is that I didn't add the function, and only tested with config set	22:24
tmcpeak	we kept the old functionality in 1.0 so to try not to break anybody that still wants to use config	22:25
tmcpeak	you should be able to just add gen_config and everything will be great	22:25
tmcpeak	works on 0.17.x and 1.0.x	22:25
tmcpeak	we waited until 1.0 to do this specifically because we knew it could be a breaking change for plugin devs	22:26
*** yaya has quit IRC		22:26
*** anahy has quit IRC		22:28
Ryan_Lane	ok. cool :)	22:30
openstackgerrit	Rahul U Nair proposed openstack/syntribos: Modifying checks to use test objects https://review.openstack.org/340602	22:33
*** singlethink has quit IRC		22:35
*** jmckind has quit IRC		22:52
unrahul	Hey ccneill , not sure from where I got the idea that the oslo logs are called from init	23:04
unrahul	ccneill: somewhere I had seen it, but now its like as you pointed out none does so.	23:05
unrahul	:/	23:05
ccneill	unrahul: no worries, I'm trying to find something more definitive about it..	23:05
ccneill	unrahul: it seems most people reference doing it in the app's main()	23:05
ccneill	we don't have a main(), but the closest thing is run(), which is where we're currently doing config setup too	23:05
ccneill	we definitely need to split run() into smaller methods that are easier to understand	23:06
ccneill	sicne it's just sort of like "yeah, everything happens here. hope it makes sense" right now	23:06
unrahul	yup I agree on splitting up run() , its getting too big, already is .. i guess,,	23:07
unrahul	was checking bandit and it seems they are using oslo_logging..	23:07
ccneill	yeah, I think oslo.log may actually be the best approach for us, since it integrates with oslo.config's conf file/CLI option parsing	23:07
unrahul	yup +1.	23:08
ccneill	looking around for "logging best practices", I see people dealing with like logging.config.dictConfig	23:08
ccneill	and it also uses a fairly sane formatter that we don't have to make ourselves	23:09
ccneill	hmmm... digging through nose's code, I don't see anything that immediately stands out to me to explain the weird behavior I was seeing the other day	23:11
ccneill	¯\_(ツ)_/¯	23:11
ccneill	we should be fine all around if we do it in run() though	23:11
*** aastha has quit IRC		23:19
*** zul_ has quit IRC		23:21
*** rcernin has quit IRC		23:43
*** markvoelker has quit IRC		23:49
unrahul	:/ .. yeah cool behavior though..	23:59
unrahul	yup , moving the run, would be the best..	23:59

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!