Tuesday, 2016-09-13

« Monday, 2016-09-12 Index Wednesday, 2016-09-14 »
*** JAHoagie has quit IRC00:08
*** jass93 has joined #openstack-security00:40
*** vinaypotluri has quit IRC01:02
*** ccneill has quit IRC01:07
*** vinaypotluri has joined #openstack-security01:20
*** mdong has joined #openstack-security01:22
openstackgerritRahul U Nair proposed openstack/syntribos: An extenstion to retrieve network data from an openstack cloud  https://review.openstack.org/36904201:28
openstackgerritRahul U Nair proposed openstack/syntribos: An extenstion to retrieve network data from an openstack cloud  https://review.openstack.org/36904201:29
openstackgerritRahul U Nair proposed openstack/syntribos: An extenstion to retrieve network data from an openstack cloud  https://review.openstack.org/36904201:32
*** mdong has quit IRC01:44
*** austin987 has joined #openstack-security01:49
*** zhihui has joined #openstack-security01:54
*** yeison has joined #openstack-security02:04
*** yeison has quit IRC02:05
openstackgerritRahul U Nair proposed openstack/syntribos: An extenstion to retrieve network data from an openstack cloud  https://review.openstack.org/36904202:20
*** salv-orl_ has joined #openstack-security02:30
*** gfhellma has joined #openstack-security02:33
*** salv-orlando has quit IRC02:33
*** gfhellma has quit IRC03:04
*** markvoelker has quit IRC03:30
*** sdake has joined #openstack-security03:31
*** dikonoor has joined #openstack-security03:45
*** jamielennox is now known as jamielennox|away04:05
*** jamielennox|away is now known as jamielennox04:08
*** jamielennox is now known as jamielennox|away04:41
*** jamielennox|away is now known as jamielennox04:46
*** salv-orl_ has quit IRC04:52
*** salv-orlando has joined #openstack-security04:53
*** sdake_ has joined #openstack-security05:10
*** sdake has quit IRC05:12
*** amitkqed has quit IRC05:16
*** amitkqed has joined #openstack-security05:16
*** knangia has quit IRC05:21
*** zhihui has quit IRC05:29
*** markvoelker has joined #openstack-security05:30
*** markvoelker has quit IRC05:35
openstackgerritchen.xing proposed openstack/security-doc: Update endpoint create command  https://review.openstack.org/36831405:37
*** jamielennox is now known as jamielennox|away05:53
*** jamielennox|away is now known as jamielennox06:00
*** jamielennox is now known as jamielennox|away06:13
*** salv-orl_ has joined #openstack-security06:15
*** salv-orlando has quit IRC06:18
*** rcernin has joined #openstack-security06:19
*** JAHoagie has joined #openstack-security06:19
*** salv-orl_ has quit IRC06:19
*** jamielennox|away is now known as jamielennox06:30
*** liverpooler has joined #openstack-security06:32
*** shohel has joined #openstack-security06:50
*** woodster_ has quit IRC06:59
*** pcaruana has joined #openstack-security07:02
*** tesseract- has joined #openstack-security07:08
*** yarkot has quit IRC07:11
*** zhihui has joined #openstack-security07:17
*** sdake has joined #openstack-security07:19
*** sdake_ has quit IRC07:20
*** salv-orlando has joined #openstack-security07:23
*** markvoelker has joined #openstack-security07:31
*** markvoelker has quit IRC07:36
*** openstackgerrit has quit IRC07:48
*** openstackgerrit has joined #openstack-security07:49
*** JAHoagie has quit IRC07:54
*** zhihui has quit IRC08:04
*** sdake has quit IRC08:10
*** tkelsey has joined #openstack-security08:17
*** zhihui has joined #openstack-security08:17
*** lmiccini_ has joined #openstack-security08:19
*** cgross has quit IRC08:19
*** lmiccini has quit IRC08:20
*** cgross has joined #openstack-security08:21
*** vinaypotluri has quit IRC08:22
*** lmiccini_ is now known as lmiccini08:25
*** zigo_ is now known as zigo08:34
*** austin987 has quit IRC08:35
*** markvoelker has joined #openstack-security09:25
*** markvoelker has quit IRC09:29
*** shohel1 has joined #openstack-security10:04
*** shohel has quit IRC10:05
*** shohel has joined #openstack-security10:09
*** shohel1 has quit IRC10:11
*** shohel has quit IRC10:15
*** lmiccini has quit IRC10:25
*** cgross has quit IRC10:25
*** ayoung has quit IRC10:25
*** shohel has joined #openstack-security10:28
*** ayoung has joined #openstack-security10:37
*** dikonoor has quit IRC10:49
*** shohel1 has joined #openstack-security11:06
*** shohel has quit IRC11:07
*** shohel1 has quit IRC11:10
*** markvoelker has joined #openstack-security11:25
*** markvoelker has quit IRC11:30
*** salv-orlando has quit IRC11:38
*** zhihui has quit IRC12:09
*** markvoelker has joined #openstack-security12:11
*** edmondsw has joined #openstack-security12:24
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/36941612:26
openstackgerritMerged openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/36941612:34
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/36942512:40
*** zhihui has joined #openstack-security12:41
*** salv-orlando has joined #openstack-security12:44
*** dikonoor has joined #openstack-security12:45
*** salv-orlando has quit IRC12:50
*** sdake_ has joined #openstack-security13:04
*** sdake_ is now known as sdake13:10
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/36942513:11
*** cleong has joined #openstack-security13:11
*** woodster_ has joined #openstack-security13:18
*** salv-orlando has joined #openstack-security13:40
*** singlethink has joined #openstack-security13:56
*** sdake has quit IRC13:58
*** gfhellma has joined #openstack-security13:58
*** JAHoagie has joined #openstack-security14:00
*** zhihui has quit IRC14:06
*** sdake has joined #openstack-security14:12
*** gfhellma has quit IRC14:17
*** mvaldes has joined #openstack-security14:19
*** JAHoagie has quit IRC14:21
*** jmckind has joined #openstack-security14:25
openstackgerritMerged openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/36942514:25
openstackgerritLuke Hinds proposed openstack/security-doc: Adding OSSN-0066  https://review.openstack.org/36807714:39
*** dave-mccowan has joined #openstack-security14:41
*** knangia has joined #openstack-security14:58
*** austin987 has joined #openstack-security15:01
*** mvaldes1 has joined #openstack-security15:05
*** _elmiko is now known as elmiko15:07
*** mvaldes has quit IRC15:08
*** edtubill has joined #openstack-security15:08
*** sigmavirus|awa has quit IRC15:11
*** purp has quit IRC15:11
*** _sigmavirus24 has joined #openstack-security15:14
*** purp has joined #openstack-security15:15
openstackgerritAllen proposed openstack/security-doc: Use hyperlink markup for the link title  https://review.openstack.org/36952515:21
tmcpeakdstufft: waddup15:24
*** dave-mccowan has quit IRC15:32
*** dave-mccowan has joined #openstack-security15:37
*** diazjf has joined #openstack-security15:40
*** mdong has joined #openstack-security15:50
*** zul has joined #openstack-security15:52
openstackgerritRahul U Nair proposed openstack/syntribos: An extenstion to retrieve network data from an openstack cloud  https://review.openstack.org/36904215:59
*** jmckind_ has joined #openstack-security16:00
*** jmckind has quit IRC16:01
*** vinaypotluri has joined #openstack-security16:02
openstackgerritMerged openstack/security-doc: Use hyperlink markup for the link title  https://review.openstack.org/36952516:03
*** JAHoagie has joined #openstack-security16:07
*** mvaldes1 has quit IRC16:09
*** ccneill has joined #openstack-security16:11
ccneillsigh.. vidyo is being buggy, will be there soon (hopefully)..16:16
*** mvaldes has joined #openstack-security16:30
ccneillunrahul, vinaypotluri, knangia, mdong : let's track the template generation in that google doc we started for neutron templates16:34
ccneilleveryone have the link?16:34
mdongyep, though I think we should make a seperate sheet for Glance16:34
mdongjust so we don’t have to scroll down 200 lines to see the Glance templates16:35
vinaypotluriyup16:35
vinaypotlurihttps://docs.google.com/spreadsheets/d/1Utng17QJRW3aBIrDxu2B5oBq5jNVKewb8apj-Ztfe0s/edit16:35
ccneill25, not bad16:41
*** markvoelker has quit IRC16:44
*** tesseract- has quit IRC16:46
mdongso one thing I noticed in our neutron templates is that the template names are inconsistent16:48
mdongdunno if this is something yall already addressed16:48
ccneill>_<16:49
ccneillwe haven't addressed it yet16:50
ccneillbut I noticed that during testing16:50
mdongfor example, the lbaas templates have the HTTP verbs first while the others have them last16:50
*** liverpooler has quit IRC16:50
ccneillyep16:50
ccneillI don't think we've ever agreed on a naming convention16:50
ccneilland I figured we'd just try the different approaches and see what we like16:51
ccneillI don't think either is objectively "better"16:51
ccneilldepends on what you care about16:51
mdongyeah, fair enough16:51
mdongand it doesnt materially impact our testing either I suppose16:51
ccneill¯\_(ツ)_/¯16:51
ccneillusing the method as the prefix makes it a little easier (imo) to find the template you're looking for when you're looking at the template dir16:53
ccneillbut prefixing with the resource name makes it easier to group based on the resource type16:53
mdongand most of our other templates have the verb last16:53
ccneillyeah, the leading method stuff was my doing16:54
mdongbut then again, splitting them into folders kinda already gets us the grouping benefit16:54
mdong¯\_(ツ)_/¯16:54
ccneill¯\_(ツ)_/¯16:54
*** mvaldes has quit IRC16:55
ccneillmaybe we'll revisit later if we find reasons to be opinionated about it16:55
ccneillduring testing16:55
mdongalso, we have a folder called floatingips and a folder called metering_labels, one with an underscore and one without16:55
ccneillI also love that different services use "v2.0" vs. "v2"16:55
*** diazjf has quit IRC16:56
mdongis there ever a service with a “v2.1”? like why the sig fig?16:56
ccneillI think glance has a v1.116:56
ccneill¯\_(ツ)_/¯16:56
ccneilllots of shrugs today lol16:56
mdonglol16:56
vinaypotluriso we are testing against only V2 / V2.0 ?16:57
ccneillyep16:58
*** pcaruana has quit IRC16:59
*** gfhellma has joined #openstack-security16:59
ccneillhmm.. how should we handle this endpoint17:02
ccneillhttp://developer.openstack.org/api-ref/image/v2/index.html?expanded=show-images-detail#show-images17:02
ccneilllots of query strings, all conflicting to some extent17:03
*** rcernin has quit IRC17:03
ccneilllolwut.17:05
ccneillCCYY-MM-DDThh:mm:ss±hh:mm17:05
ccneillThe ±hh:mm value, if included, is the time zone as an offset from UTC.17:05
ccneillusing a unicode character like that for a query param? O_o17:05
mdonghah what17:07
mdongI think it’s saying that it could be a + or a -17:07
mdongnot a literal ±17:07
mdongand to handle conflicting query strings, we could be thorough and create seperate templates for mutually exclusive sets of query strings, but I dont think too many of those actually conflict?17:10
ccneill¯\_(ツ)_/¯17:10
ccneillmaybe I'll make one with "all"17:10
ccneilland a few others with more sane defaults17:11
ccneille.g. (size_min=0&size_max=100000)17:11
openstackgerritMichael Dong proposed openstack/syntribos: added glance templates  https://review.openstack.org/36959717:13
*** yarkot has joined #openstack-security17:14
*** yarkot has quit IRC17:14
ccneillso this looks fun: http://specs.openstack.org/openstack/glance-specs/specs/api/v2/http-patch-image-api-v2.html17:19
*** tkelsey has quit IRC17:22
*** browne has joined #openstack-security17:25
*** dikonoor has quit IRC17:29
openstackgerritRahul U Nair proposed openstack/syntribos: Extensions for glance resources  https://review.openstack.org/36960617:30
openstackgerritVinay Potluri proposed openstack/syntribos: Added glance templates  https://review.openstack.org/36960917:35
openstackgerritKhanak Nangia proposed openstack/syntribos: Adding glance templates  https://review.openstack.org/36961117:44
*** jass93 has quit IRC17:44
*** diazjf has joined #openstack-security17:47
ccneillhmmm.. looks like we might not be able to support this weird PATCH syntax with a list instead of a dict in its body...17:56
*** yarkot has joined #openstack-security17:56
ccneillargh17:58
ccneillthis might be a painful change..17:58
openstackgerritCharles Neill proposed openstack/syntribos: Glance Images Templates  https://review.openstack.org/36961618:04
*** rcernin has joined #openstack-security18:12
*** mvaldes has joined #openstack-security18:17
*** diazjf has quit IRC18:18
*** diazjf has joined #openstack-security18:22
*** jass93 has joined #openstack-security18:23
vinaypotluriccneill:  i was referring to the wrong link http://docs.openstack.org/developer/glance/glanceapi.html18:33
ccneillah, yeah I think the page I linked to is the up-to-date documentation for v218:34
mdongfor future reference, let’s not have multiple “added glance templates” CR’s ><18:34
mdongI’ll be more specific with my commit messages18:35
ccneillyeah.. shouldn't matter too much, but it'll be confusing if we ever need to go through the git history..18:36
*** pcaruana has joined #openstack-security18:36
ccneilllol and all the branches are called "glance_templates"18:37
ccneillat least we're consistent :P18:37
openstackgerritCharles Neill proposed openstack/syntribos: Glance Images Templates  https://review.openstack.org/36961618:38
openstackgerritMichael Dong proposed openstack/syntribos: Glance image tags and image schema templates  https://review.openstack.org/36959718:38
mdongwe’ve accidentally used topic branches exactly as intended lol18:39
openstackgerritMichael Dong proposed openstack/syntribos: Glance image tags and image schema templates  https://review.openstack.org/36959718:41
ccneilllol yeah18:41
vinaypotluriccneill:    for image data do we need to create a file and set the path here ? http://developer.openstack.org/api-ref/image/v2/index.html?expanded=upload-binary-image-data-detail#upload-binary-image-data18:43
openstackgerritKhanak Nangia proposed openstack/syntribos: Adding glance templates  https://review.openstack.org/36961118:43
ccneillhmmmm18:44
*** yarkot has quit IRC18:44
ccneillvinaypotluri: I don't think we want to include an entire image in our templates, so maybe just put some garbage in there lol18:45
ccneill¯\_(ツ)_/¯18:45
ccneillalso, be sure to set the content-type to application/octet-stream18:45
vinaypotluriok18:45
vinaypotlurifor curl i give -d "filename".  How would i do the same for template ?18:46
ccneillmeh, I don't think we want a separate file18:46
ccneillI would just have like variable1=test or something in the body18:46
vinaypotluriokay18:47
ccneillso that we send some kind of data and all the body fuzz strings18:47
ccneillI wonder if we could get a super tiny image somehow..18:47
vinaypotluriyea... that would be nice18:48
ccneilleven CoreOS is 256MB18:49
ccneill:\18:49
vinaypotlurihuge18:49
ccneilland I reeeally don't want to include that in the codebase lol18:49
ccneillhttp://tinycorelinux.net/downloads.html18:49
ccneill11MB..18:49
openstackgerritMerged openstack/syntribos: Glance image tags and image schema templates  https://review.openstack.org/36959718:49
openstackgerritMerged openstack/syntribos: Glance Images Templates  https://review.openstack.org/36961618:50
ccneillboom boom18:50
unrahulcirros is just 12 mb18:51
unrahulwe can use that.. or tinycore if they have a qcow2 format.. i guess18:52
*** gfhellma has quit IRC18:56
openstackgerritKhanak Nangia proposed openstack/syntribos: Adding glance templates  https://review.openstack.org/36961118:56
mdong11mb is still a lot to put in a template19:03
vinaypotluriwill it work if i we can compile an image with very less code?19:08
mdongwhatever image you have is going to have be on the order of megabytes, which is just a lot, considering our templates are a few hundred bytes each19:09
mdongI say just fill it with garbage binary data19:09
mdongbecause I don’t think it matters from our perspective if it’s a valid image19:09
openstackgerritMerged openstack/syntribos: Adding glance templates  https://review.openstack.org/36961119:13
*** zul has quit IRC19:13
*** prometheanfire has joined #openstack-security19:15
prometheanfirecan bug le who ask "Why do you use linux?" in an interview or elsewhere?19:15
prometheanfirebah19:15
prometheanfirecan bug 1593799 be unembargo'd now?19:16
*** JAHoagie has quit IRC19:16
*** dave-mccowan has quit IRC19:16
*** Daviey_ has quit IRC19:16
*** mihero has quit IRC19:16
*** nkinder has quit IRC19:16
*** terri has quit IRC19:16
*** johnsom has quit IRC19:16
*** yarkot1 has quit IRC19:16
*** amitkqed has quit IRC19:16
*** woodburn has quit IRC19:16
*** markd_ has quit IRC19:16
*** agireud has quit IRC19:16
*** prometheanfire has quit IRC19:16
*** Afterglow has quit IRC19:16
*** vinaypotluri has quit IRC19:17
*** ayoung has quit IRC19:17
*** ediardo has quit IRC19:17
*** michaelxin has quit IRC19:17
*** jamielennox has quit IRC19:17
*** mhayden has quit IRC19:17
*** Guest66666 has quit IRC19:17
*** woodrow has quit IRC19:17
*** edtubill has quit IRC19:17
*** knangia has quit IRC19:17
*** zigo has quit IRC19:17
*** yuanying has quit IRC19:17
*** serverascode has quit IRC19:17
*** murphy_zhao has quit IRC19:17
*** dstanek has quit IRC19:17
*** dougwig has quit IRC19:17
*** jass93 has quit IRC19:17
*** singlethink has quit IRC19:17
*** d0ugal has quit IRC19:17
*** lhinds has quit IRC19:17
*** webhat has quit IRC19:17
*** hyakuhei has quit IRC19:17
*** ChanServ has quit IRC19:17
*** mvaldes has quit IRC19:17
*** purp has quit IRC19:17
*** _sigmavirus24 has quit IRC19:17
*** salv-orlando has quit IRC19:17
*** tmcpeak has quit IRC19:17
*** dstufft has quit IRC19:17
*** jraim has quit IRC19:17
*** tsufiev has quit IRC19:17
*** nikhil has quit IRC19:17
*** abstractj has quit IRC19:17
*** bknudson has quit IRC19:17
*** Unterd0g has quit IRC19:17
*** crdotson has quit IRC19:17
*** v12aml has quit IRC19:17
*** rcernin has quit IRC19:17
*** woodster_ has quit IRC19:17
*** AlexeyAbashkin has quit IRC19:17
*** unrahul has quit IRC19:17
*** amit213 has quit IRC19:17
*** Ryan_Lane has quit IRC19:17
*** sweston has quit IRC19:17
*** kun_huang has quit IRC19:17
*** cleong has quit IRC19:17
*** browne has quit IRC19:18
*** mdong has quit IRC19:18
*** tristanC has quit IRC19:18
*** B_Smith has quit IRC19:18
*** jmckind_ has quit IRC19:18
*** gmurphy has quit IRC19:18
*** pcaruana has quit IRC19:18
*** diazjf has quit IRC19:18
*** ccneill has quit IRC19:18
*** austin987 has quit IRC19:18
*** edmondsw has quit IRC19:18
*** LongyanG has quit IRC19:18
*** DuncanT has quit IRC19:18
*** evand has quit IRC19:18
*** aimeeu has quit IRC19:18
*** kragniz has quit IRC19:18
*** fyxim has quit IRC19:18
*** openstackgerrit has quit IRC19:18
*** elmiko has quit IRC19:18
*** julian1 has quit IRC19:18
*** gopenshaw has quit IRC19:18
*** freerunner has quit IRC19:18
*** dasm has quit IRC19:18
*** woodburn has joined #openstack-security19:19
*** jmckind has joined #openstack-security19:23
*** yarkot1 has joined #openstack-security19:23
*** terri has joined #openstack-security19:23
*** nkinder has joined #openstack-security19:23
*** mihero has joined #openstack-security19:23
*** johnsom has joined #openstack-security19:23
*** Daviey_ has joined #openstack-security19:23
*** dave-mccowan has joined #openstack-security19:23
*** JAHoagie has joined #openstack-security19:23
*** browne has joined #openstack-security19:23
*** markd_ has joined #openstack-security19:23
*** pcaruana has joined #openstack-security19:23
*** abstractj has joined #openstack-security19:23
*** nikhil has joined #openstack-security19:23
*** tsufiev has joined #openstack-security19:23
*** dstufft has joined #openstack-security19:23
*** tmcpeak has joined #openstack-security19:23
*** salv-orlando has joined #openstack-security19:23
*** _sigmavirus24 has joined #openstack-security19:23
*** purp has joined #openstack-security19:23
*** mvaldes has joined #openstack-security19:23
*** yarkot has joined #openstack-security19:23
*** kragniz has joined #openstack-security19:23
*** kun_huang has joined #openstack-security19:23
*** sweston has joined #openstack-security19:23
*** Ryan_Lane has joined #openstack-security19:23
*** AlexeyAbashkin has joined #openstack-security19:23
*** rcernin has joined #openstack-security19:23
*** ccneill has joined #openstack-security19:23
*** ChanServ has joined #openstack-security19:23
*** edtubill has joined #openstack-security19:23
*** zigo has joined #openstack-security19:23
*** yuanying has joined #openstack-security19:23
*** murphy_zhao has joined #openstack-security19:23
*** dstanek has joined #openstack-security19:23
*** amitkqed has joined #openstack-security19:23
*** Afterglow has joined #openstack-security19:23
*** vinaypotluri has joined #openstack-security19:23
*** michaelxin has joined #openstack-security19:23
*** jamielennox has joined #openstack-security19:23
*** mhayden has joined #openstack-security19:23
*** Guest66666 has joined #openstack-security19:23
*** woodrow has joined #openstack-security19:23
*** hyakuhei has joined #openstack-security19:23
*** orwell.freenode.net sets mode: +o ChanServ19:23
*** openstackgerrit has joined #openstack-security19:23
*** elmiko has joined #openstack-security19:23
*** julian1 has joined #openstack-security19:23
*** dasm has joined #openstack-security19:23
*** gopenshaw has joined #openstack-security19:23
*** freerunner has joined #openstack-security19:23
*** gmurphy has joined #openstack-security19:23
*** cleong has joined #openstack-security19:23
*** austin987 has joined #openstack-security19:23
*** edmondsw has joined #openstack-security19:23
*** bknudson has joined #openstack-security19:23
*** Unterd0g has joined #openstack-security19:23
*** crdotson has joined #openstack-security19:23
*** v12aml has joined #openstack-security19:23
*** prometheanfire has joined #openstack-security19:23
*** tristanC has joined #openstack-security19:23
*** Long_yanG has joined #openstack-security19:23
*** jass93 has joined #openstack-security19:23
*** singlethink has joined #openstack-security19:23
*** d0ugal has joined #openstack-security19:23
*** lhinds has joined #openstack-security19:23
*** webhat has joined #openstack-security19:23
*** prometheanfire has quit IRC19:24
*** prometheanfire has joined #openstack-security19:24
*** sweston has quit IRC19:24
*** B_Smith has joined #openstack-security19:24
*** mdong has joined #openstack-security19:24
*** agireud has joined #openstack-security19:24
*** diazjf has joined #openstack-security19:24
*** ayoung has joined #openstack-security19:26
*** cleong has quit IRC19:26
*** cleong has joined #openstack-security19:26
*** aimeeu has joined #openstack-security19:28
*** fyxim has joined #openstack-security19:33
ccneillmdong: I think syntribos' parser will fail if we don't give it valid XML/JSON/form data19:36
ccneillwe could make the parser more flexible to allow that though19:36
mdongyeah, you’re right19:39
*** salv-orl_ has joined #openstack-security19:40
*** diazjf has quit IRC19:40
openstackgerritMerged openstack/syntribos: Added glance templates  https://review.openstack.org/36960919:41
*** salv-orlando has quit IRC19:43
*** woodster_ has joined #openstack-security19:48
ccneillI guess it's kind of a weakness, but at the same time we can't really do binary fuzzing at this point to any meaningful degree, and the time spent sending off even a 1MB binary file would slow down test runs a lot probably19:48
ccneillbarbican's another one with a few application/octet-stream endpoints, but I don't know of any others19:50
*** zul has joined #openstack-security19:52
mdongI don’t think Syntribos should attempt to do binary fuzzing, but it shouldn’t crash on non json or xml content-types19:53
*** serverascode has joined #openstack-security19:53
*** johnsom has quit IRC19:54
*** potluri has joined #openstack-security19:55
ccneillyeah that's fair19:55
ccneillwe can just replace the whole body with our fuzz string I guess19:55
mdongwhich still has value, right? like just incase they store the binary data in a SQL database?19:57
*** unrahul_ has joined #openstack-security19:58
*** knangia has joined #openstack-security19:58
*** evand has joined #openstack-security19:58
unrahul_hey ccneill19:58
unrahul_you here?19:58
ccneillmdong: yep, agreed19:59
ccneillunrahul_: yep, sup19:59
*** DuncanT has joined #openstack-security19:59
unrahul_my client is not working.. so logging from webchat.19:59
unrahul_could you review the extensions patch when u get time.?19:59
*** amit213 has joined #openstack-security19:59
ccneillyep, will take a look now19:59
unrahul_thanks ccneil19:59
*** unrahul has joined #openstack-security20:01
*** unrahul__ has joined #openstack-security20:01
*** jraim has joined #openstack-security20:02
*** dougwig has joined #openstack-security20:03
*** unrahul_ has quit IRC20:04
*** unrahul__ has quit IRC20:05
*** gfhellma has joined #openstack-security20:06
*** sweston has joined #openstack-security20:06
*** ediardo has joined #openstack-security20:07
*** pcaruana has quit IRC20:11
*** diazjf has joined #openstack-security20:12
*** johnsom has joined #openstack-security20:13
*** zul has quit IRC20:14
*** knangia_ has joined #openstack-security20:18
*** diazjf has quit IRC20:30
*** knangia has quit IRC20:31
*** knangia_ is now known as knangia20:33
*** singlethink has quit IRC20:36
ccneillunrahul: I'm getting 401s from Glance in the OSIC cluster with scoped tokens :\20:37
*** zul has joined #openstack-security20:37
ccneilltrying to test it out in a real template but it's failing20:37
*** diazjf has joined #openstack-security20:42
unrahullet me check that out ccneill20:43
ccneillunrahul: trying to get it working against my devstack instance now20:44
ccneillI put up a few comments on your CR20:44
unrahulccneill: okay.. i wonder why the cluster is acting strange :/20:45
ccneillunrahul: it may just be that I don't have my project/domain set properly20:47
ccneilllooks like it's working on my devstack instance though20:47
unrahulnice!..20:48
ccneilloh20:48
ccneillnvm20:48
ccneillI'm dumb lol >_< it looks like it is working aginst the cluster now20:49
unrahulso should we give the endpoint in the glance client.. cause I didnt specifiy the uri  to test against the devstack..?20:49
unrahul:D20:49
unrahulis it a wierd behavior from the cluster..20:49
unrahulor..?20:49
unrahulsome config thing.?20:49
ccneill¯\_(ツ)_/¯ I think it might be weird behavior from the cluster20:50
ccneillnv20:52
ccneillnvm20:52
ccneillI made the changes I mentioned in my comments and it works now20:52
ccneillI think getting the v2 client + specifying the endpoint explicitly makes it work (not sure why..)20:52
unrahulyup.. i guess.  the original was working because it was v1..20:53
unrahulI am making the changes.. ccneill20:53
unrahulalso there is that neutron extension.. which there for review.. not required today.. as we wont be using it today.. I guess20:53
ccneillyeah I was gonna try to test that out next20:56
ccneilllooks like the glance one is working with those changes, nice work!20:56
knangiacd ..20:57
openstackgerritRahul U Nair proposed openstack/syntribos: Extensions for glance resources  https://review.openstack.org/36960620:58
unrahulyup.. thanks ccneill .. not sure.. if our request chaining approach can be wrote around extensions, but this for works for now..20:58
ccneillunrahul: it would be nice to get to a place where we don't have to write any code to chain requests20:59
ccneillbut probably much more complicated..20:59
ccneillwe'll see how this goes20:59
*** singlethink has joined #openstack-security21:02
*** singlethink has quit IRC21:03
unrahulyeah.. that would be cool.. I liked the approach tristanC  used  in restfuzz.. it sort of makes it easier to see  the flow and use creation directly . May be we will do something similar to Syntirbos.. lets see.21:04
*** singlethink has joined #openstack-security21:04
*** JAHoagie has quit IRC21:08
*** cleong has quit IRC21:09
*** markd_ has quit IRC21:12
ccneillunrahul: looks pretty cool http://softwarefactory-project.io/r/gitweb?p=restfuzz.git;a=blob;f=api/dns.yaml;h=e41b1529d2197da95089d8a8d0589b8b900d1607;hb=HEAD21:20
*** singlethink has quit IRC21:21
*** jass93 has quit IRC21:22
*** jass93 has joined #openstack-security21:23
unrahulyeah.. its very visual.. ryt..what is exactly happening..21:23
ccneillnot sure how it chains them together, but the inputs/outputs thing is pretty straightforward21:23
ccneillto extract the values, etc.21:24
unrahulyeah..21:24
*** evand has quit IRC21:24
ccneillmaybe we should just support the full openAPI spec >_<21:24
*** evand has joined #openstack-security21:25
*** dave-mccowan has quit IRC21:26
unrahulyeah.... taht is something we can push asa road map item..21:26
unrahulthen.. if the openAPI specify everything we need..21:26
unrahulthen we wont have to create our own schema..21:26
ccneillright21:27
ccneillit'll take more work on our part though to also specify reasonable responses for every endpoint21:27
ccneillI think it's worth it, but we definitely didn't have time for it this cycle :(21:27
*** knangia has quit IRC21:27
*** ediardo has quit IRC21:27
*** amit213 has quit IRC21:27
*** tristanC has quit IRC21:27
*** tristanC has joined #openstack-security21:28
*** sdake_ has joined #openstack-security21:28
*** jass93 has quit IRC21:30
*** jass93 has joined #openstack-security21:30
*** sdake has quit IRC21:30
*** ediardo has joined #openstack-security21:32
*** mvaldes has quit IRC21:32
*** mvaldes has joined #openstack-security21:33
*** potluri has quit IRC21:33
*** mvaldes has quit IRC21:33
*** edtubill has quit IRC21:33
*** amit213 has joined #openstack-security21:34
ccneillI think we'd have to specify every kind of response where it could go wrong21:34
ccneillso invalid params, invalid token, etc.21:34
ccneillI'm sure the projects would appreciate it if we did it for them lol21:35
*** knangia has joined #openstack-security21:35
*** sdake_ is now known as sdake21:36
ccneillhmm.. I'm not sure whether we should put the extension calls in every template..21:39
ccneilllike if we put it in DELETE, it will have to create one first for every request..21:39
*** markd_ has joined #openstack-security21:43
ccneillargh21:49
ccneillkeystoneclient requests /v3, gets endpoint from there, and uses that21:49
ccneillwhnich screws up my testing against devstack :(21:49
ccneillboo21:50
ccneilllooks like that "..%c0%af" string works for all the openstack projects we've looked at..21:55
ccneillI guess we need some kind of cache invalidation mechanism for the extension so that when we delete a resource we can go get another valid one21:57
unrahulyeah giving in delete would be a bad idea..21:57
unrahul:D21:57
unrahulhehe21:57
unrahulthat is some kinda universal fail.21:58
unrahulcache invalidation..?21:58
mdonghmm…there’s no easy way to do that with the memoization as it is written21:58
unrahuloh.. yeah21:58
mdongbecause the cache only exists per function21:58
ccneillright21:58
ccneillv_v21:58
unrahul:?21:58
unrahul:/21:58
ccneillso.. I accidentally deleted the ubuntu image on our cluster... O:-)21:59
ccneillthe extension works though lol >_<21:59
mdongmaybe we shouldn’t be memoizing those extension calls at all, and only memoize the get_token calls21:59
ccneillergh21:59
mdongcause if our template says GET, then we should really actually go and get the resource22:00
ccneillagreed, but it's gonna add to our performance woes22:00
mdonginstead of getting the cache22:00
ccneilllet me see what it looks like22:00
unrahulyeah the performance would be affected22:01
mdongwell, how often does it come up that we get the same resource twice with the same requestlib arguments? should be never, right?22:01
mdongcause each of our requests should be a separate fuzz string?22:01
mdongand so they would at least have the same data, and so it shouldn’t be cached anyway?22:01
mdong*wouldn’t have the same data22:02
ccneilldammit, I need to stop testing this with DELETE requests v_v22:02
ccneillso it looks like it only makes the get_id templates once per template22:03
ccneillget_id requests*22:04
ccneillso if it's a DELETE template, it'll delete on the first request then fuzz the other params, but the ID will still be a 40422:04
ccneillshould work pretty well for the other templates though22:04
ccneillnot too slow22:04
unrahulyeah.. I have not taken into consideration the delete requests for extensions..22:04
ccneillunrahul: it would be pretty hard to do it.. you'd have to not only look at when you send a DELETE request, but whether you got a 204 back22:05
ccneilland THEN remove it from the cache22:05
ccneill:\22:05
ccneillnot impossible, but a lot of moving parts22:05
unrahulyeah.. do we need to do it.. or use fake ids for delete.. : (fake ids for delete  :D )22:06
ccneillyou'd have to have some way of creating a global object that holds the cache so that you could modify it on deletion22:06
ccneillright, I'm okay with fake IDs for delete..22:06
ccneillmost of what we're testing on a delete request is just "does it handle invalid input"22:06
ccneiller, rather22:07
ccneilldoes it handle an invalid identifier22:07
openstackgerritRahul U Nair proposed openstack/syntribos: Extensions for glance resources  https://review.openstack.org/36960622:07
ccneillchanging headers/etc probably isn't going to do much22:07
ccneillmain thing would be the auth test I guess22:07
mdonghave we looked into what all this caching does to the memory footprint?22:09
*** diazjf has quit IRC22:11
*** jmckind has quit IRC22:13
ccneillnah, but probably not much22:14
ccneillin total it's caching the args for like 5 function calls, and none of those args are giant objects or anything22:15
*** edmondsw has quit IRC22:15
*** dave-mccowan has joined #openstack-security22:15
*** dave-mccowan has quit IRC22:16
*** jass93 has quit IRC22:17
ccneillI'd say it's definitely worth it for the decreased request volume no matter the memory cost, at least for the token requests22:20
*** elmiko is now known as _elmiko22:21
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/36973422:28
openstackgerritCharles Neill proposed openstack/syntribos: Extensions for glance resources  https://review.openstack.org/36960622:46
openstackgerritCharles Neill proposed openstack/syntribos: Adding Glance extension support to templates  https://review.openstack.org/36974222:46
openstackgerritCharles Neill proposed openstack/syntribos: Adding Glance extension support to templates  https://review.openstack.org/36974222:49
ccneillsigh.. I accidentally re-added the @memoize calls to your patch unrahul22:49
ccneillby doing a dependency on an old patch v_v22:49
unrahul:o22:50
unrahulI shall upload another one then ccneill22:50
ccneillthanks unrahul22:52
openstackgerritRahul U Nair proposed openstack/syntribos: Extensions for glance resources  https://review.openstack.org/36960622:55
*** JAHoagie has joined #openstack-security22:55
openstackgerritCharles Neill proposed openstack/syntribos: Adding Glance extension support to templates  https://review.openstack.org/36974222:56
ccneillcool22:56
openstackgerritAllen proposed openstack/security-doc: Use hyperlink markup for the link reference title  https://review.openstack.org/36974622:56
ccneillunrahul: +1'd your CR22:57
ccneillmdong / vinaypotluri, can y'all take a look?22:57
*** sdake_ has joined #openstack-security22:57
unrahulHey ccneill  thanks for the review.. :)22:57
ccneillif we can get these merged, I think we're ready for some serious testing tomorrow22:57
mdongsure22:57
ccneill:D22:57
*** singlethink has joined #openstack-security22:58
*** singlethink has quit IRC22:58
*** singlethink has joined #openstack-security22:59
openstackgerritRahul U Nair proposed openstack/syntribos: An extenstion to retrieve network data from an openstack cloud  https://review.openstack.org/36904222:59
unrahulhey ccneill mdong. can we try to merge the neutron patch as well ... so that we can work on testing from tomorrow..?23:00
*** sdake has quit IRC23:00
ccneillyep lemme take a look23:00
unrahulthanks ccneill23:01
*** yeison has joined #openstack-security23:01
*** yeison has left #openstack-security23:01
*** yeison has joined #openstack-security23:01
ccneillso.. I know we're not totally set on using extensions for this functionality going forward23:01
*** yeison has left #openstack-security23:01
ccneillbut I'm wondering if we should make an "openstack utils" file to handle e.g. creating a connection23:02
ccneillsince it's basically the same between glance/neutron23:02
ccneillat least the identity stuff23:02
unrahuleh.. that might be a good idea.. considering we would use identity for similar extensions23:02
ccneillright23:04
ccneillwe'll have the same code across all the project extensions, at least while we're doing this testing23:04
mdongonly had one minor comment, then we’re good to go on that patch23:06
unrahulyeah.. I shall do a refactor.. also would like to write some unit tests for these (our unit test coverage has reduced :/)23:06
unrahulafter these are merged i guess.23:06
unrahulyup mdong .. thanks.. I shall upload a patch now.23:07
openstackgerritRahul U Nair proposed openstack/syntribos: Extensions for glance resources  https://review.openstack.org/36960623:12
unrahulhey ccneill .. the idea of the random ip and port and mac was a valid mac and port but that is not any resource specific.. so I guess its fine if we return the same.. as long as it is valid.. or should be really random..? what do u think?23:14
ccneillhmm23:15
ccneillwell, I don't know if it will impact this particular use case23:15
*** JAHoagie has quit IRC23:15
ccneillbut if we put it in random_data, I think we want to return a random one each time just in case it needs to be unique23:15
ccneillso we don't just succeed on the first one and get collisions on the rest23:16
ccneillif we really wanted to get fancy we could have a random_ip and random_ip_generator method..23:16
ccneillrandom_ip_generator just calls While True: return random_ip()23:16
openstackgerritRahul U Nair proposed openstack/syntribos: Extensions for glance resources  https://review.openstack.org/36960623:17
unrahulokay ccneill .23:18
unrahulstill should be keep everything associated with network in neutron.. as some might wont know there is a random ip generator in the random_data file.. ccneill , what do u say?23:20
*** ayoung has quit IRC23:20
ccneillwell, if we get to a place where you actually install extensions instead of them all shipping with master23:21
ccneillyou wouldn't want to have to install the neutron plugin to get a random IP23:21
ccneillif we're gonna do these project extensions, I think we want to restrict it to functionality that is specific to those projects23:21
ccneillso we don't end up repeating ourselves23:22
ccneillso e.g. the openstack identity stuff should probably go in a utilities file at some point too so that it's extensible to other projects23:22
ccneill(not necessarily worried about it right this moment though)23:22
*** rcernin has quit IRC23:23
unrahulhmm.. make sense ccneill .23:26
openstackgerritRahul U Nair proposed openstack/syntribos: An extenstion to retrieve network data from an openstack cloud  https://review.openstack.org/36904223:27
openstackgerritRahul U Nair proposed openstack/syntribos: An extenstion to retrieve network data from an openstack cloud  https://review.openstack.org/36904223:30
ccneill+1'd the network extension CR23:32
ccneillgreat work unrahul !23:32
unrahulton of patches.. for it.. phew.. finally we can merge it.. i guess.23:33
unrahul:) ccneill .23:33
ccneillthere'd be 2 fewer if I hadn't messed up earlier lol :P23:34
openstackgerritCharles Neill proposed openstack/syntribos: Adding Glance extension support to templates  https://review.openstack.org/36974223:34
ccneill^ that CR should be up-to-date and ready to go23:35
unrahul+2d it ccneill .23:37
unrahullooks good to me :)23:37
ccneillhere comes the merge train23:42
openstackgerritMerged openstack/syntribos: Extensions for glance resources  https://review.openstack.org/36960623:44
unrahul:D23:44
unrahulah good feeling.23:44
*** singlethink has quit IRC23:45
openstackgerritMerged openstack/syntribos: Adding Glance extension support to templates  https://review.openstack.org/36974223:46
ccneillboom23:46
*** jass93 has joined #openstack-security23:48
openstackgerritRahul U Nair proposed openstack/syntribos: An extenstion to retrieve network data from an openstack cloud  https://review.openstack.org/36904223:50
unrahulhey ccneill  there was a merge conflict.. fixed it and uploaded the patch.23:50
tmcpeakccneill: you around?23:51
ccneill+2'd23:51
ccneillsup tmcpeak23:51
tmcpeakhey man, you've done some Tempest stuff, yeah?23:51
openstackgerritRahul U Nair proposed openstack/syntribos: An extenstion to retrieve network data from an openstack cloud  https://review.openstack.org/36904223:52
ccneillnot much, but some yeah23:52
tmcpeakI'm trying to get my head around what level of security testing is present in Tempest.  Be that, security functional tests, abuse cases, etc23:52
tmcpeakdo you have any pointers or references to anything good to get me up to speed?23:52
unrahulhey ccneill  :/ I had to make a small nit.. change..  :o23:52
tmcpeakgiven the OSSP hasn't done much with Tempest I can't imagine there is a ton there, but just want to become aware of current status23:52
ccneillunrahul: just noticed23:52
*** mdong has quit IRC23:53
ccneilltmcpeak: so.. I spent some time trying to get a data generator/response validator thing into tempest_lib while it was still forked from tempest23:53
ccneillthey ultimately decided that wasn't a good idea23:53
unrahulccneill:  its of no consequence.. as both the domains will be same.. but.. in a unlikely case.. if the user want to do something else..23:53
tmcpeakhow come?23:53
ccneilltmcpeak: they thought it was outside tempest's scope23:54
ccneillsec23:54
unrahulthanks ccneill .23:54
ccneilltmcpeak: http://paste.openstack.org/show/x2MbCCPdk2ntZu7N4l1r/23:56
ccneillfrom the openstack-qa meeting I proposed it in (after various backflips to submit a blueprint, etc.)23:57
tmcpeakahh, interesting23:57
tmcpeakthanks ccneill23:57
ccneillso, tl;dr, we now have syntribos23:57
ccneillbut in its current form, it's definitely not a great replacement23:57
ccneillcompared to what I was proposing23:57
tmcpeakyeah :\23:58
ccneilltmcpeak: here are my 2 patches if you're interested in reviving it and making a separate standalone tool..23:59
ccneillhttps://review.openstack.org/#/c/216303/623:59
tmcpeaklol, noooo23:59
ccneillhttps://review.openstack.org/#/c/237263/23:59
tmcpeakjust want to understand to what extent security testing is done in Tempest, doesn't seem like it's a main focus23:59
tmcpeakI'm seeing a lot of happy path and functional tests, but not much in the way of checking abuse23:59
« Monday, 2016-09-12 Index Wednesday, 2016-09-14 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!