Wednesday, 2016-09-14

« Tuesday, 2016-09-13 Index Thursday, 2016-09-15 »
tmcpeakI mean, I'm not surprised.  Good sad path stuff usually takes somebody actively working on them, and I don't think that's what Tempest's focus is00:00
ccneillright00:00
tmcpeakalso some projects have way more coverage than others00:01
tmcpeakcompute has a bunch00:01
ccneillI think I did manage to get unauthed tests into designate and barbican00:02
tmcpeakwhere is good old Barbican?00:03
tmcpeakhttps://github.com/openstack/tempest/tree/master/tempest/api00:03
ccneillhttps://review.openstack.org/#/q/owner:self+status:merged+(project:openstack/barbican+OR+project:openstack/designate)00:04
ccneill¯\_(ツ)_/¯00:04
ccneillI'm not really that familiar with what tempest's goals are00:04
ccneillthey didn't align with mine :P00:04
tmcpeakcool, yeah, just thought I'd check since I remember hearing Tempest come out of your mouth at some point00:05
ccneillalthough, funnily enough, I'm using tempest at this moment to test out syntribos-collector00:05
tmcpeakI'll go pester others :)00:05
ccneillI'm trying to dig up a BP that mtreinish pointed me to at the time00:05
ccneillsomeone else made a similar proposal I think00:05
ccneilland he encouraged me to revive it, until he didn't :/00:06
tmcpeaklol00:06
tmcpeakthat's ok, I'll try to find mtreinish tomorrow00:06
tmcpeakthanks ccneill00:07
ccneillhttps://blueprints.launchpad.net/tempest/+spec/fuzzy-test00:07
tmcpeakcool, thanks man00:08
*** zul has quit IRC00:08
tmcpeakthis predates my OpenStack life00:08
ccneillhaha yeah mostly same for me00:09
*** sdake_ has quit IRC00:17
*** sdake has joined #openstack-security00:18
*** ccneill has quit IRC00:19
openstackgerritMerged openstack/syntribos: An extenstion to retrieve network data from an openstack cloud  https://review.openstack.org/36904200:31
openstackgerritDarren Chan proposed openstack/security-doc: Use hyperlink markup for the link reference title  https://review.openstack.org/36974600:33
*** browne has quit IRC00:43
*** dave-mccowan has joined #openstack-security00:43
*** gfhellma has quit IRC00:44
*** tmcpeak has quit IRC01:11
*** jamielennox is now known as jamielennox|away01:26
*** yeison has joined #openstack-security01:37
*** yeison has left #openstack-security01:38
*** B_Smith has quit IRC01:38
*** B_Smith has joined #openstack-security01:40
*** salv-orlando has joined #openstack-security01:41
*** salv-orl_ has quit IRC01:43
*** sdake_ has joined #openstack-security01:45
*** sdake_ has quit IRC01:45
*** sdake_ has joined #openstack-security01:45
*** sdake has quit IRC01:47
openstackgerritchen.xing proposed openstack/security-doc: Update endpoint create command  https://review.openstack.org/36831401:52
*** woodster_ has quit IRC02:19
*** ayoung has joined #openstack-security02:23
*** zul has joined #openstack-security02:27
*** zul has quit IRC02:28
*** zul has joined #openstack-security02:28
*** dave-mccowan has quit IRC02:38
*** yuanying has quit IRC02:49
*** zul has quit IRC03:05
*** yuanying has joined #openstack-security03:17
*** yuanying has quit IRC03:36
*** yuanying has joined #openstack-security03:37
*** yuanying has quit IRC03:39
*** yuanying has joined #openstack-security03:41
*** yuanying has quit IRC03:42
*** yuanying has joined #openstack-security03:52
openstackgerritKATO Tomoyuki proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/36973403:54
*** rcernin has joined #openstack-security05:33
*** jamielennox|away is now known as jamielennox05:40
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/36973406:03
*** JAHoagie has joined #openstack-security06:08
*** jass93 has quit IRC06:13
*** salv-orlando has quit IRC06:18
*** pcaruana has joined #openstack-security06:32
*** liverpooler has joined #openstack-security06:35
*** salv-orlando has joined #openstack-security06:50
*** tesseract- has joined #openstack-security06:57
*** jass93 has joined #openstack-security06:59
*** shohel has joined #openstack-security07:02
*** salv-orl_ has joined #openstack-security07:40
*** salv-orlando has quit IRC07:42
*** tkelsey has joined #openstack-security07:50
*** austin987 has quit IRC08:22
*** liverpoo1er has joined #openstack-security08:25
*** liverpooler has quit IRC08:26
*** vinaypotluri has quit IRC08:42
*** JAHoagie has quit IRC08:46
*** sdake_ has quit IRC09:28
openstackgerritAllen proposed openstack/security-doc: Use hyperlink markup for the link reference title  https://review.openstack.org/36974610:07
*** shohel1 has joined #openstack-security10:10
*** shohel has quit IRC10:11
*** liverpooler has joined #openstack-security10:17
*** liverpoo1er has quit IRC10:19
*** dstufft has quit IRC10:40
*** dstufft has joined #openstack-security10:50
*** dstufft has quit IRC10:50
*** dstufft has joined #openstack-security10:50
*** shohel1 has quit IRC11:12
*** shohel has joined #openstack-security11:25
*** dstufft has quit IRC11:34
*** dstufft has joined #openstack-security11:34
*** openstackgerrit has quit IRC11:34
*** dstufft has quit IRC11:34
*** dstufft has joined #openstack-security11:34
*** openstackgerrit has joined #openstack-security11:34
*** dstufft has quit IRC11:36
*** dstufft has joined #openstack-security11:36
*** dave-mccowan has joined #openstack-security11:47
*** woodster_ has joined #openstack-security11:49
*** edmondsw has joined #openstack-security11:55
*** _elmiko is now known as elmiko12:59
*** singlethink has joined #openstack-security13:33
*** salv-orlando has joined #openstack-security13:40
*** cleong has joined #openstack-security13:41
*** markvoelker has joined #openstack-security13:43
*** salv-orl_ has quit IRC13:43
*** JAHoagie has joined #openstack-security13:43
openstackgerritEmma Foley proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/36973413:45
*** tmcpeak has joined #openstack-security13:45
*** JAHoagie has quit IRC13:54
*** woodburn has quit IRC13:54
*** JAHoagie has joined #openstack-security13:57
*** sdake has joined #openstack-security13:58
*** shohel has quit IRC14:03
*** ayoung has quit IRC14:08
*** mvaldes has joined #openstack-security14:11
*** Daviey_ is now known as Daviey14:12
*** JAHoagie has quit IRC14:17
*** ko-ku has joined #openstack-security14:24
*** woodburn has joined #openstack-security14:36
*** diazjf has joined #openstack-security14:36
*** ko-ku has quit IRC14:39
*** mvaldes1 has joined #openstack-security14:41
*** mvaldes has quit IRC14:43
*** JAHoagie has joined #openstack-security14:51
openstackgerritLuke Hinds proposed openstack/security-doc: Adding OSSN-0066  https://review.openstack.org/36807714:51
openstackgerritLuke Hinds proposed openstack/security-doc: Adding OSSN-0066  https://review.openstack.org/36807714:52
*** prometheanfire has left #openstack-security14:57
*** JAHoagie has quit IRC14:57
*** diazjf has quit IRC15:01
*** vinaypotluri has joined #openstack-security15:13
*** diazjf has joined #openstack-security15:24
*** rcernin has quit IRC15:34
openstackgerritDoug Chivers proposed openstack/security-analysis: Initial draft of Barbican review  https://review.openstack.org/35797815:36
*** JAHoagie has joined #openstack-security15:37
*** pcaruana has quit IRC15:40
*** ayoung has joined #openstack-security15:57
*** diazjf has quit IRC15:59
*** zul has joined #openstack-security16:01
*** browne has joined #openstack-security16:03
openstackgerritMerged openstack/syntribos: Changing get_token to get_scoped_token for neutron templates  https://review.openstack.org/37024016:03
*** ayoung has quit IRC16:04
*** mdong has joined #openstack-security16:05
*** mvaldes1 has quit IRC16:12
*** jass93 has quit IRC16:14
*** ccneill has joined #openstack-security16:14
*** gfhellma has joined #openstack-security16:16
*** mvaldes has joined #openstack-security16:18
*** diazjf has joined #openstack-security16:23
*** austin987 has joined #openstack-security16:26
*** gfhellma1 has joined #openstack-security16:32
*** gfhellma has quit IRC16:33
*** rcernin has joined #openstack-security16:34
*** tesseract- has quit IRC16:35
*** sicarie has joined #openstack-security16:56
*** sicarie has quit IRC16:59
*** gfhellma1 has quit IRC16:59
*** mvaldes has quit IRC16:59
*** gfhellma has joined #openstack-security17:00
openstackgerritMerged openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/36973417:01
*** sicarie has joined #openstack-security17:14
*** jass93 has joined #openstack-security17:18
*** sicarie has quit IRC17:19
*** mdong_ has joined #openstack-security17:26
mdong_ccneill, unrahul: I’m also getting 401’s when the templates use get_scoped_token instead of get_token - what should the config look like?17:28
unrahulhey mdong_  so.. the config should have project_name and domain_name.. if it is there.. then we can get the scoped_token..17:29
*** mdong has quit IRC17:29
*** mdong_ is now known as mdong17:29
unrahul(theoretically)17:29
mdongso I have project_name=default and domain_name=default17:29
mdongboth in the [user] section17:29
unrahulif it is the cluster can u try with project_name=syntribos..?17:29
mdongawesome, that worked17:30
mdongthanks!17:30
*** diazjf has quit IRC17:30
unrahulnice!17:30
*** Alexey_Abashkin has joined #openstack-security17:38
*** AlexeyAbashkin has quit IRC17:41
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/37034017:48
*** ccneill-phone has joined #openstack-security17:50
openstackgerritMerged openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/37034017:57
*** mvaldes has joined #openstack-security17:57
vinaypotlurigetting a few 500 and 415 errors lately18:12
unrahulhey ccneill mdong .. can we setup multiple proxies in terminal.. the http_proxy.. ?18:17
unrahuli need it go through two proxy servers18:17
mdongas in, do you need them to be chained together?18:18
unrahulyup18:18
unrahulgo through zap proxy + intel proxy18:18
ccneillI think mitmproxy can be set up in a chain like that18:19
ccneillnot sure about zap/burp18:19
ccneillLOL18:19
ccneillRAX firewall blocks mitmproxy18:19
mdongI know you can configure Burp to go through a SOCKS proxy18:19
mdongactually in the options tab there’s an option fo Upstream Proxy Server18:20
mdongso maybe play around with either of those18:20
mdongidk about zap though18:20
ccneillyep, just noticed that in burp18:20
unrahuloh.. let me try that.. hopefully zap has something similar..18:22
unrahulso there is a support ticket open in zap to implement this.. meanwhile the workaround is to edit the startup script and  use java options for proxy.. :)18:27
unrahulgonna try that.18:27
vinaypotlurii tried setting intel proxy in upstream settings and it works18:28
vinaypotlurihttps://support.portswigger.net/customer/en/portal/articles/2363078-burp-suite-options-upstream-proxy-servers18:29
unrahulyeah burp has it.. implemented not zap.18:29
*** tkelsey has quit IRC18:39
*** gfhellma has quit IRC18:44
*** diazjf has joined #openstack-security18:47
openstackgerritAndreas Jaeger proposed openstack/security-doc: Add marker files  https://review.openstack.org/37037618:51
openstackgerritCharles Neill proposed openstack/syntribos: Fixing up SSL test  https://review.openstack.org/37037718:52
ccneillgot a patch up to optimize the SSL test a bit ^18:53
ccneillit's buggy right now because it doesn't prepare the request before sending it off18:53
ccneillso I got rid of the test request altogether18:53
*** zul_ has quit IRC18:55
*** liverpooler has quit IRC18:58
*** zul has quit IRC18:59
*** gfhellma has joined #openstack-security18:59
*** ayoung has joined #openstack-security19:01
*** zul_ has joined #openstack-security19:06
*** pcaruana has joined #openstack-security19:07
*** david-lyle has joined #openstack-security19:10
*** david-lyle has left #openstack-security19:11
ccneilloof. our install time is definitely going up as we add these clients..19:18
*** datadog327 has joined #openstack-security19:25
*** sdake_ has joined #openstack-security19:29
*** sdake has quit IRC19:33
*** salv-orl_ has joined #openstack-security19:40
*** gfhellma has quit IRC19:42
*** salv-orlando has quit IRC19:43
*** diazjf has quit IRC19:47
*** ccneill-phone has quit IRC19:55
*** can8dnSix has joined #openstack-security19:55
*** diazjf has joined #openstack-security19:55
*** pcaruana has quit IRC20:00
*** zul has joined #openstack-security20:02
*** tkelsey has joined #openstack-security20:04
*** tkelsey has quit IRC20:08
*** can8dnSix has quit IRC20:08
*** zul has quit IRC20:11
*** zul has joined #openstack-security20:12
*** can8dnSix has joined #openstack-security20:13
*** gfhellma has joined #openstack-security20:16
openstackgerritCharles Neill proposed openstack/syntribos: Simplify Glance and Neutron extension clients  https://review.openstack.org/37041120:20
ccneillmodified the glance/neutron clients to use our identity extension ^20:20
ccneillI was getting some funky stuff testing against devstack because it would try to use the catalogue sometimes20:20
ccneillwhich would give the 10.* address instead of the localhost address specified in the syntribos config20:20
ccneillalso means we only have to edit the identity client if keystone changes anything20:21
ccneilland in the future we could move to using the keystone client straight-up, instead of using our own custom client20:21
ccneill(in the identity extension)20:21
openstackgerritMerged openstack/syntribos: Fixing up SSL test  https://review.openstack.org/37037720:25
openstackgerritCharles Neill proposed openstack/syntribos: Simplify Glance and Neutron extension clients  https://review.openstack.org/37041120:34
*** rcernin has quit IRC20:36
*** rcernin has joined #openstack-security20:40
*** rcernin has quit IRC20:41
*** rcernin has joined #openstack-security20:41
*** rcernin has quit IRC20:42
*** rcernin has joined #openstack-security20:42
unrahulccneill:  should we remove the identity clients and use the keystone client..? as a refacor..?20:47
unrahulccneill: remove identity client from extensions.20:47
ccneillI don't think we need to do that right this minute, but yeah we can20:53
ccneillit would bump up our unittest coverage since I think a lot of the code that isn't tested is in the identity extension20:54
ccneill:)20:54
unrahul:D20:55
ccneillunrahul: as for the repeated calls to _get_client, it's so that we get a new token when the memoization cache is cleared20:55
ccneillI was thinking about refactoring it into a class that handles it more elegantly, but I figured this was good for now..20:55
unrahulwell.. not i wrote a unit test for identity.. its has pretty good coverage now.. I think .20:55
ccneilloh, it's been a while since I've looked at our coverage20:56
ccneilllet me take a look20:56
*** can8dnSix has quit IRC20:59
*** elmiko is now known as _elmiko20:59
ccneillyeah, looks like the client itself is at 72% now, but the models are lower21:00
ccneillthe glance/neutron clients also need some unittests..21:00
unrahuloh yeah.. i am in the process of writing one for the clients now..21:02
unrahulif we are eventually gonna remove the identity extension.. may be we can skip writing for the models for now.21:02
ccneillyep21:03
*** tkelsey has joined #openstack-security21:05
*** mvaldes has quit IRC21:07
*** tkelsey has quit IRC21:09
unrahulccneill: gave a +2 for the patch.. I had the same issue and sometime the client used to get stuck pinging internal ips.. the change fixes it.21:10
ccneillshweet21:10
unrahul:D21:10
ccneillI don't think I'll have any more surprise patches today haha21:11
ccneillrunning against devstack now, seems to be working well for the most part21:11
unrahulhehe..  I might have that unit test patch.. other than that none from me. too21:11
ccneillmight need to tweak some of the templates slightly. post_image is re-using the same UUID right now so it just 409s over and over21:11
unrahulohh..21:11
ccneill(that was my bad :X)21:11
unrahulor may be we should randomize the returning of ids.. ?21:12
unrahulat least that might help in some cases..21:12
unrahulnot all though..?21:12
unrahulrather than returning the last one in the list..21:12
ccneillso in this case it actually lets you specify what you want the image UUID to be, so I'd just change it to do a get_uuid21:13
*** diazjf has quit IRC21:15
unrahulohh.21:15
unrahulokay.. get it.21:15
ccneillweird.. syntribos seems to have frozen o_O21:18
ccneillor at least it did for a minute..21:18
*** datadog327 has quit IRC21:19
unrahuleh.. is it burp.?21:19
*** edmondsw has quit IRC21:21
ccneillmight've been21:22
ccneill¯\_(ツ)_/¯21:22
ccneillback to normal now21:22
ccneillno test failures..21:22
ccneillat least for the one it paused on21:22
*** diazjf has joined #openstack-security21:25
openstackgerritMerged openstack/syntribos: Simplify Glance and Neutron extension clients  https://review.openstack.org/37041121:25
unrahulhehe.21:25
unrahulhey ccneill  so I got a weird behavior21:25
ccneillsup?21:25
unrahulwell.. no I am wrong its as expected.. only thing is that.. the clent openstack image list will not all the images that is created.21:26
unrahullike I have 11 pages full of images created which can be seen from horizon.. but the client only shows the images listed in the first page.21:27
ccneillright21:28
ccneillso it paginates the request and requests the first 2021:28
ccneillit does a call for /v2/images?limit=2021:28
unrahulhmm.. yeah.. as expected.. then. :.21:29
unrahul:/21:29
ccneillhmm.. I am seeing some weird behavior though o_O21:32
ccneilldoing a GET on /v2.0/routers with an admin token gives me alternating 200s and 401s21:32
ccneillon the OSIC cluster21:32
ccneill(was looking to see if we had any extra routers we could delete)21:32
ccneillwondering if it's trying to use a round-robin or something...21:32
unrahuleh.. we only have one router. though.. and it should ideally give 200s for all.21:34
unrahul:o21:34
*** cleong has quit IRC21:34
ccneilltry it out with Burp/ZAP21:35
*** dave-mccowan has quit IRC21:48
*** diazjf has quit IRC22:01
*** browne has quit IRC22:13
*** singlethink has quit IRC22:35
*** sdake_ has quit IRC22:40
*** rcernin has quit IRC22:43
*** zul has quit IRC22:44
*** gfhellma1 has joined #openstack-security22:48
*** gfhellma has quit IRC22:50
*** gfhellma1 has quit IRC22:54
*** mdong has quit IRC23:01
*** jass93 has quit IRC23:12
*** browne has joined #openstack-security23:13
*** jamielennox is now known as jamielennox|away23:22
*** tim26 has joined #openstack-security23:26
*** singlethink has joined #openstack-security23:26
*** singlethink has quit IRC23:26
*** tim26 has left #openstack-security23:27
*** singlethink has joined #openstack-security23:27
*** browne has quit IRC23:45
*** singlethink has quit IRC23:59
« Tuesday, 2016-09-13 Index Thursday, 2016-09-15 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!