Monday, 2016-08-15

« Sunday, 2016-08-14 Index Tuesday, 2016-08-16 »
*** zhihui has joined #openstack-security01:34
openstackgerritzhangyanxian proposed openstack/syntribos: Fix some typos in the files  https://review.openstack.org/35527201:35
openstackgerritzhangyanxian proposed openstack/syntribos: Fix some typos in the files  https://review.openstack.org/35527201:53
openstackgerritzhangyanxian proposed openstack/syntribos: Fix some typos in the files  https://review.openstack.org/35527202:01
*** jamielennox is now known as jamielennox|away02:10
*** jamielennox|away is now known as jamielennox02:30
openstackgerritStanislaw Pitucha proposed openstack/bandit: Fix html escaping  https://review.openstack.org/35528303:09
openstackgerritMerged openstack/bandit: Fix html escaping  https://review.openstack.org/35528303:34
openstackgerritStanislaw Pitucha proposed openstack/bandit: Show help when arguments are missing  https://review.openstack.org/35528703:35
openstackgerritStanislaw Pitucha proposed openstack/bandit: Show help when arguments are missing  https://review.openstack.org/35528705:23
*** rcernin has joined #openstack-security05:25
openstackgerritStanislaw Pitucha proposed openstack/bandit: Detect binary output html file  https://review.openstack.org/35530505:49
*** liverpooler has joined #openstack-security05:59
*** agireud has quit IRC06:01
*** agireud has joined #openstack-security06:10
*** vinaypotluri has quit IRC06:31
*** pcaruana has joined #openstack-security06:36
openstackgerritStanislaw Pitucha proposed openstack/bandit: Skip key checks where size is not constant  https://review.openstack.org/35532806:43
openstackgerritzhangyanxian proposed openstack/syntribos: Some tiny errors need to be fixed  https://review.openstack.org/35532906:45
openstackgerritzhangyanxian proposed openstack/syntribos: Some tiny errors need to be fixed  https://review.openstack.org/35532906:46
*** v12aml has joined #openstack-security07:42
*** sdake has joined #openstack-security08:01
*** sdake has quit IRC08:15
*** sdake has joined #openstack-security08:35
*** markvoelker has joined #openstack-security08:41
*** sdake has quit IRC08:43
*** markvoelker has quit IRC08:45
*** tkelsey has joined #openstack-security09:00
*** xsdenied has joined #openstack-security09:06
*** xsdenied has left #openstack-security09:12
*** jass93 has quit IRC09:35
*** jass93 has joined #openstack-security09:36
*** jass93 has quit IRC09:41
*** sdake has joined #openstack-security09:46
*** jass93 has joined #openstack-security09:47
*** jass93 has quit IRC09:48
*** jass93 has joined #openstack-security09:50
*** jass93 has quit IRC09:55
*** jass93 has joined #openstack-security09:57
*** jass93 has quit IRC10:09
*** jass93 has joined #openstack-security10:16
*** jass93 has quit IRC10:20
*** jass93 has joined #openstack-security10:31
*** markvoelker has joined #openstack-security10:42
*** markvoelker has quit IRC10:47
*** jass93 has quit IRC10:56
*** jass93 has joined #openstack-security11:03
*** jass93 has quit IRC11:07
*** jass93 has joined #openstack-security11:08
*** jass93 has quit IRC11:14
*** jass93 has joined #openstack-security11:18
*** jass93 has quit IRC11:20
*** join1138 has joined #openstack-security11:28
*** join1138 has quit IRC11:30
*** join1138 has joined #openstack-security11:30
*** join1138 has quit IRC11:31
*** jass93 has joined #openstack-security11:38
*** jass93 has quit IRC11:42
*** jass93 has joined #openstack-security11:50
*** dave-mccowan has joined #openstack-security11:53
*** jass93 has quit IRC11:55
*** jass93 has joined #openstack-security11:57
*** sdake has quit IRC12:02
*** jass93 has quit IRC12:02
*** edmondsw has joined #openstack-security12:04
*** jass93 has joined #openstack-security12:06
*** sdake has joined #openstack-security12:06
*** sigmavirus|away is now known as sigmavirus12:10
*** jass93 has quit IRC12:23
*** jass93 has joined #openstack-security12:24
*** markvoelker has joined #openstack-security12:30
*** sdake has quit IRC12:38
*** zhihui has quit IRC12:41
*** jass93 has quit IRC12:45
*** jass93 has joined #openstack-security12:45
*** jass93 has quit IRC12:50
*** elmiko has joined #openstack-security13:04
*** woodburn has quit IRC13:29
*** sdake has joined #openstack-security14:10
*** yab1138 has joined #openstack-security14:13
*** yab1138 has quit IRC14:15
*** yab1138 has joined #openstack-security14:15
*** yab1138 has quit IRC14:16
*** knangia has joined #openstack-security14:16
*** yab1138 has joined #openstack-security14:16
*** yab1138 has quit IRC14:17
*** yab1138 has joined #openstack-security14:18
*** yab1138 has quit IRC14:19
*** ccneill has joined #openstack-security14:19
*** yab1138 has joined #openstack-security14:21
*** dave-mcc_ has joined #openstack-security14:21
*** yab1138 has quit IRC14:21
*** dave-mccowan has quit IRC14:22
*** dave-mccowan has joined #openstack-security14:23
*** ccneill has quit IRC14:24
*** dave-mcc_ has quit IRC14:25
*** yab1138 has joined #openstack-security14:26
*** yab1138 has quit IRC14:26
*** dave-mcc_ has joined #openstack-security14:26
*** ametts has joined #openstack-security14:26
*** yab1138 has joined #openstack-security14:28
*** yab1138 has quit IRC14:28
*** dave-mccowan has quit IRC14:29
*** dave-mccowan has joined #openstack-security14:29
*** pcaruana has quit IRC14:30
openstackgerritTim Kelsey proposed openstack/security-doc: Adding author field to securoty note template  https://review.openstack.org/35549614:30
*** dave-mcc_ has quit IRC14:32
openstackgerritTim Kelsey proposed openstack/security-doc: OSSN-0070: bandit version < 1.1.0 have possible XSS  https://review.openstack.org/35549314:34
openstackgerritTim Kelsey proposed openstack/security-doc: Adding author field to security note template  https://review.openstack.org/35549614:34
*** sdake has quit IRC14:48
tkelseylhinds: thanks for reviews :)14:48
lhindsno worries, super quick turn around ob getting it out tkelsey , props there!14:49
tkelsey:)14:49
tkelseywell the sec team should set a good example with its own projects :P14:50
lhindsvery true14:51
openstackgerritTim Kelsey proposed openstack/security-doc: Adding author field to securoty note template  https://review.openstack.org/35549614:51
openstackgerritTim Kelsey proposed openstack/security-doc: Adding author field to security note template  https://review.openstack.org/35549614:52
*** mvaldes has joined #openstack-security14:54
openstackgerritTim Kelsey proposed openstack/security-doc: OSSN-0070: bandit version < 1.1.0 have possible XSS  https://review.openstack.org/35549314:54
*** elo has quit IRC15:02
*** rcernin has quit IRC15:06
openstackgerritMerged openstack/bandit: Show help when arguments are missing  https://review.openstack.org/35528715:11
*** diazjf has joined #openstack-security15:27
openstackgerritMerged openstack/bandit: Skip key checks where size is not constant  https://review.openstack.org/35532815:33
*** edtubill has joined #openstack-security15:33
*** edtubill has quit IRC15:40
*** edtubill has joined #openstack-security15:40
*** elo has joined #openstack-security15:40
*** mdong has joined #openstack-security15:48
*** elo has quit IRC15:48
openstackgerritMerged openstack/syntribos: Some tiny errors need to be fixed  https://review.openstack.org/35532915:55
*** elo has joined #openstack-security16:01
*** vinaypotluri has joined #openstack-security16:01
*** elo has quit IRC16:05
openstackgerritRahul U Nair proposed openstack/syntribos: Adding sub commands to Syntribos  https://review.openstack.org/35032516:08
openstackgerritRahul U Nair proposed openstack/syntribos: Adding sub commands to Syntribos  https://review.openstack.org/35032516:12
openstackgerritRahul U Nair proposed openstack/syntribos: Adding sub commands to Syntribos  https://review.openstack.org/35032516:13
*** ccneill has joined #openstack-security16:16
*** mvaldes has quit IRC16:19
*** ametts_ has joined #openstack-security16:28
*** hockeynut has joined #openstack-security16:28
*** ametts has quit IRC16:30
*** Gr33nW0lf has joined #openstack-security16:58
*** sdake has joined #openstack-security17:00
*** Gr33nW0lf has quit IRC17:11
*** Gr33nW0lf has joined #openstack-security17:12
*** mvaldes has joined #openstack-security17:23
*** Gr33nW0lf has quit IRC17:27
*** Gr33nW0lf has joined #openstack-security17:30
*** singlethink has joined #openstack-security17:30
*** diazjf has quit IRC17:35
*** rcernin has joined #openstack-security17:37
*** edtubill has quit IRC17:40
*** Gr33nW0lf has quit IRC17:42
*** Gr33nW0lf has joined #openstack-security17:42
*** Gr33nW0lf has quit IRC17:42
*** Gr33nW0lf has joined #openstack-security17:43
*** Gr33nW0lf has quit IRC17:43
*** mvaldes has quit IRC17:44
unrahulccneill:  u here?17:44
unrahultempest has all the api tests https://github.com/openstack/tempest/tree/master/tempest/api , may be will use this to create the API from MITM.. ?17:45
*** mvaldes has joined #openstack-security17:59
*** mvaldes1 has joined #openstack-security18:03
*** mvaldes2 has joined #openstack-security18:05
*** mvaldes has quit IRC18:05
*** mvaldes1 has quit IRC18:08
*** elo has joined #openstack-security18:10
*** bknudson has joined #openstack-security18:21
*** ccneill has quit IRC18:25
*** ccneill has joined #openstack-security18:35
ccneillunrahul: good call! hadn't thought of that18:37
ccneillunrahul: sorry, been away from my desk18:37
ccneilllet's see.. I see compute (nova), identity (keystone), image (glance), network (neutron)..18:38
*** rcernin has quit IRC18:42
unrahulyeah!.. i just went for lunch.. let me see how to configure it... on our cloud .. , or may be a devstack18:44
ccneillyeah, I think that might be the best way for us to solve for all the OpenStack services that we need to18:45
ccneillif we get a good approach going for parsing the results of tempest test runs into templates, we should be able to apply it to anything that has a good set of functional tests18:46
lhindsccneill / unrahul : you're both syntribos devs?18:49
ccneilllhinds: indeed18:49
unrahullhinds: +118:50
lhindscool, I have just been having a play, but having some issues with an endpoint that has the format identity/v318:50
lhindsjust been trying to work back on the stack trace18:50
unrahuli can give u a config file , that should work with keystone v318:50
lhindsthat would be cool, I expected it might be my config18:51
ccneillone handy thing is to run through a proxy like Burp suite or ZAP18:51
ccneillso that you can see where it might be screwing up18:51
lhindsI am getting a KeyError as its being passed to authenticate_v2_config18:51
ccneillhmmm18:51
lhindsI think from parser.py18:51
*** hockeynut has quit IRC18:51
ccneillif you could post the stacktrace that would be handy.. there are definitely a few rough edges around handling Keystone at this point18:52
ccneill:X18:52
lhindssure, just a min18:52
ccneillnp, we're about to run to a meeting soon but we'll try to get it figured out for ya18:53
lhindshttp://paste.openstack.org/show/557613/18:54
unrahulhttps://gist.github.com/rahulunair/388fec8b7c064573435c363ba9fc0f25 is ur config similar to this..?18:54
lhindsthere are couple of debug prints, as I  was trying see what JSON was being set / parsed18:54
unrahulI think if u add domain_name and domain_id18:55
unrahulit should work.. if it doesnt let us know.. we shall fix it..18:55
lhindsunrahul: so this is where I am not up to speed on keystone18:55
unrahulas ccneill said.. there are some really rough edges.. we are trying to fix most of them..18:56
lhindsbut I have nothing running on the standard ports, everything is on endpoint=18:56
lhindsderp18:56
lhindsendpoint=http://192.168.124.2/identity/v318:56
lhindsI just spun up devstack to have a play18:56
lhindsnothing on :5000 or :35357/18:56
unrahulmmm..18:57
unrahulis keystone catalog returning the uri like that.. ?18:57
lhindssure18:57
lhindsIf I curl to /identity/v3 I see the auth json come back18:57
lhinds{"version": {"status": "stable", "updated": "2016-10-06T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.7", "links": [{"href": "http://192.168.124.2/identity/v3/", "rel": "self"}]}}18:58
unrahulyeah.. our auth appends v2 or v3 depends upon the config..18:58
ccneillhmm18:59
unrahulso u might have some issue there.. , can u tell me what the command `keystone catalog` return..18:59
ccneillso looking at the code, that error should only be raised when you're missing either the endpoint or the password18:59
ccneillhttps://github.com/openstack/syntribos/blob/master/syntribos/extensions/identity/client.py#L7318:59
*** tkelsey has quit IRC18:59
lhindsI have the endpoint, let me stick a debug to see what is stored in password19:00
ccneillhmmmm19:00
ccneillwondering if we need to change how params are sent to the get_token_v2 call from CALL_EXTENSION19:02
lhindsPassword is there19:02
lhindspassword = CONF.get(user_section).password or CONF.user.password19:02
lhinds    print('Password: {0}'.format(password))19:03
lhindsthat gets me at runtimr19:03
lhindss/runtimr/runtime19:03
lhindsPassword: secret19:03
mdonghmm, do you have an endpoint in both the [syntribos] and the [user] section of your config?19:04
lhindsand as said earlier, endpoint too19:04
lhindsmdong: yep19:04
lhindslet me pastebin, as I might have done something daft19:05
mdongsure19:05
lhindshttp://paste.openstack.org/show/557614/19:05
lhindsprevious to the above, I had endpoint=http://192.168.124.2/identity/v319:06
*** ccneill has quit IRC19:06
*** edtubill has joined #openstack-security19:08
mdongyeah, the endpint shold just be the url. Are you trying to authenticate against v3 or v2.0?19:09
lhindsv319:09
mdongadd the line endpoint=http://192.168.124.2 to the [user] section19:11
unrahulcan u try this config https://gist.github.com/rahulunair/388fec8b7c064573435c363ba9fc0f2519:11
mdongjust above the password19:11
unrahullhinds: ?19:12
lhindsunrahul: I have nothing listening on :500019:12
*** aastha has joined #openstack-security19:12
*** diazjf has joined #openstack-security19:12
*** ametts_ has quit IRC19:13
unrahullhinds: then avoid the port and try19:13
lhindsk, one sec19:13
unrahulas mdong said, can u try to make sure the endpoint is also in the user section.. so the config I have posted, without the port should work19:13
lhindsstill getting some json issues19:14
lhindslet me pastebin19:14
*** elo has quit IRC19:14
lhindshttp://paste.openstack.org/show/557615/19:15
lhindsthis is the line that is causing issue (I suspect)19:16
lhindsif not endpoint or not password:19:16
lhinds        msg = "Required config parameters not present: {0}".format(19:16
lhinds            [x for x in [endpoint, password] if not x])19:16
lhinds        raise KeyError(msg)19:16
lhindsas both endpoint and password have assignments that look correct19:16
mdongare you still getting the original error?19:16
mdongor are you just getting the json issue now?19:17
lhindslatest error is the above paste19:17
lhindsjust the json one now.19:17
lhindsIts not a burning need to fix this now, was curious and thought I would have a play and it might be useful feedback19:18
mdonghmm, well the original error seemed to be because of your config, but the latest one is interesting…are you sure you’re getting a valid response back?19:18
*** ametts_ has joined #openstack-security19:18
*** ametts_ has quit IRC19:18
lhindswhere do you recommend I capture the response?19:18
*** ametts has joined #openstack-security19:19
lhindsso this is what I see:19:19
lhindsendpoint = CONF.get(user_section).endpoint or CONF.user.endpoint19:19
lhinds    password = CONF.get(user_section).password or CONF.user.password19:19
lhinds    print ('EP:{0}'.format(endpoint))19:19
lhinds    print ('PW:{0}'.format(password))19:19
lhindsruntime:19:20
lhindsEP:http://192.168.124.219:20
lhindsPW:secret19:20
lhindssorry, long day, we moved on from that :)19:20
mdongthe response should be in our logs, the path of which should be printed at the bottom of the console otuput, though they take a bit of digging through.19:21
mdongyou can also just set HTTP_PROXY in your environment and pipe syntribos to your preferred proxy19:21
*** mvaldes2 has quit IRC19:21
lhindsok that helps!19:22
lhindsits trying to post to v2 still19:22
lhindshttp://paste.openstack.org/show/557616/19:22
mdongsome of the example templates we have will explicitly try to post to v219:23
*** ccneill has joined #openstack-security19:23
lhindsso there is no filter to stop v2 running on v3?19:23
mdongno, if the request template has the CALL_EXTERNAL directive to explicitly reference v2.0, then that’s what it’ll do19:24
mdongthe templates in examples/templates/keystone should all be v3.019:25
mdongI think it’s just the Swift request templates that try to post to v2.019:25
lhindshmm19:26
lhindsCALL_EXTERNAL|syntribos.extensions.identity.client:get_token_v2:["user"]|19:27
*** ccneill has quit IRC19:41
lhindsok, got it working19:50
*** sigmavirus is now known as sigmavirus|away20:03
*** ccneill has joined #openstack-security20:04
lhindsmdong: how about the following (and no more then a nit):20:05
lhindssyntribos/examples/templates/keystone/v2/20:05
lhindssyntribos/examples/templates/keystone/v3/20:06
*** liverpooler has quit IRC20:07
lhinds(and admin too ofc)20:07
*** ccneill has quit IRC20:09
*** lhinds is now known as lhinds|out20:09
*** sdake has quit IRC20:32
unrahulcc20:32
*** Gr33nW0lf has joined #openstack-security20:40
*** Gr33nW0lf has quit IRC20:40
*** Gr33nW0lf has joined #openstack-security20:40
*** Gr33nW0lf has quit IRC20:40
*** mvaldes has joined #openstack-security20:45
*** sdake has joined #openstack-security20:57
*** sdake has quit IRC21:08
*** sdake has joined #openstack-security21:17
*** diazjf has quit IRC21:20
*** elo has joined #openstack-security21:21
*** mvaldes has quit IRC21:24
*** ccneill has joined #openstack-security21:26
*** diazjf has joined #openstack-security21:27
*** edtubill has quit IRC21:28
*** diazjf has quit IRC21:28
*** ametts has quit IRC21:28
*** sdake has quit IRC21:39
*** edtubill has joined #openstack-security21:41
*** diazjf has joined #openstack-security21:41
unrahulhey ccneill21:43
unrahulu here?21:43
*** mvaldes has joined #openstack-security21:50
*** sdake has joined #openstack-security21:54
*** tkelsey has joined #openstack-security21:58
*** tkelsey has quit IRC22:03
*** diazjf has quit IRC22:10
*** edtubill has quit IRC22:10
*** ccneill has quit IRC22:17
*** sdake has quit IRC22:20
*** mvaldes has quit IRC22:21
*** mvaldes has joined #openstack-security22:23
*** Gr33nW0lf has joined #openstack-security22:27
*** Gr33nW0lf has joined #openstack-security22:27
*** hockeynut has joined #openstack-security22:29
*** mvaldes has quit IRC22:30
*** singlethink has quit IRC22:32
*** jass93 has joined #openstack-security22:34
*** sdake has joined #openstack-security22:35
*** edmondsw has quit IRC22:51
*** mdong has quit IRC22:51
*** sdake has quit IRC22:57
*** Gr33nW0lf has quit IRC23:04
*** markvoelker has quit IRC23:06
*** hockeynut has quit IRC23:43
« Sunday, 2016-08-14 Index Tuesday, 2016-08-16 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!