[21:12:12] <Ryan_Lane>	 !log
[21:12:21] <wm-bot>	 I am running http://meta.wikimedia.org/wiki/WM-Bot version wikimedia bot v. 2.8.0.0 [libirc v. 1.0.3] my source code is licensed under GPL and located at https://github.com/benapetr/wikimedia-bot I will be very happy if you fix my bugs or implement new features
[21:12:21] <Ryan_Lane>	 @help
[21:12:28] <wm-bot>	 http://bots.wmflabs.org/dump/%23confidant.htm
[21:12:28] <Ryan_Lane>	 @info
[21:13:19] <Ryan_Lane>	 @logs
[21:13:31] <DanyC>	 so where is this bot hosted, on your infra?
[21:13:39] <Ryan_Lane>	 in wikimedia-labs
[21:13:46] <Ryan_Lane>	 I used to work at wikimedia foundation
[21:13:55] <Ryan_Lane>	 it’s run by a volunteer
[21:14:00] <Ryan_Lane>	 well, the bot is.
[21:14:05] <Ryan_Lane>	 labs is run by WMF
[21:14:38] <DanyC>	 ah i see and is any way you can browse like the Salt one which is mentioned in the channel topic ?
[21:15:16] <wm-bot>	 Infobot was already enabled
[21:15:16] <Ryan_Lane>	 @infobot-on
[21:15:42] <Ryan_Lane>	 I think so. need to find the info
[21:16:04] <wm-bot>	 http://bots.wmflabs.org/dump/%23confidant.htm
[21:16:04] <Ryan_Lane>	 @info
[21:18:22] <Ryan_Lane>	 the interface isn’t quite a nice, but it works ;)
[21:19:04] <Ryan_Lane>	 the info page is somewhat interesting
[21:19:24] <Ryan_Lane>	 !docs is http://lyft.github.io/confidant/
[21:19:25] <wm-bot>	 Key was added
[21:19:37] <Ryan_Lane>	 @installation is http://lyft.github.io/confidant/basics/install/
[21:19:44] <Ryan_Lane>	 !installation is http://lyft.github.io/confidant/basics/install/
[21:19:44] <wm-bot>	 Key was added
[21:19:56] <Ryan_Lane>	 !configure is http://lyft.github.io/confidant/basics/configuration/
[21:19:56] <wm-bot>	 Key was added
[21:20:18] <DanyC>	 Ryan_Lane: https://bots.wmflabs.org/~wm-bot/logs/
[21:20:22] <Ryan_Lane>	 !security is http://lyft.github.io/confidant/communication/security_reporting/
[21:20:22] <wm-bot>	 Key was added
[21:20:47] <Ryan_Lane>	 DanyC: yeah, that’s basically just a directory listing
[21:20:56] <Ryan_Lane>	 the link gives you the ability to show logs between dates
[21:21:27] <Ryan_Lane>	 !list is https://groups.google.com/forum/#!topic/confidant-users
[21:21:27] <wm-bot>	 Key was added
[21:21:37] <Ryan_Lane>	 ok, enough spam for now :)
[21:23:48] <DanyC>	 Ryan_Lane: if you don't mind/ don't get offended but the http://irclog.perlgeek.de/salt/ is easier for the flow, just click on the date or Search/ Google Search. worth having this features imo (but maybe for different time)
[21:24:17] <Ryan_Lane>	 yeah, requires me to host a bot somewhere, though
[21:25:18] <Ryan_Lane>	 this bot is free
[21:25:32] <Ryan_Lane>	 in the future I can switch to a bot with a nicer web interface
[21:26:46] <DanyC>	 Ryan_Lane: i see, i thought - reading http://moritz.faui2k3.org/en/ilbot - that i could also ask the owner if i can join his BOT list rather than you guys hosting one
[21:26:50] <DanyC>	 maybe i got it wrong
[21:27:50] <Ryan_Lane>	 ah
[21:29:57] <Ryan_Lane>	 let me see if the author is online
[21:29:59] <Ryan_Lane>	 I can ask
[21:32:25] <Ryan_Lane>	 I’ll keep this logging on for now and if I can get that enabled, I’ll disable logging for wm-bot and change the link :)
[21:33:22] <DanyC>	 sure thing, make sense - thanks for openness
[21:34:26] <Ryan_Lane>	 yw
[21:36:28] <Ryan_Lane>	 https://github.com/saltstack/salt/issues/28793 <— requested support for minion external pillars for salt, to make confidant work more effectively if you’re using master/minion mode.
[21:41:10] <Ryan_Lane>	 @relay-on
[21:41:10] <wm-bot>	 Relay was enabled
[21:42:20] <wm-bot>	 Hooks from lyft/confidant will be now displayed in this channel
[21:42:20] <Ryan_Lane>	 @github+ lyft/confidant
[21:58:03] <wm-bot>	 GitHub [8lyft/confidant] ryan-lane pushed 2 commits into branch master: https://github.com/lyft/confidant/compare/5d7515d89ccd...0e5d9eab98da
[21:58:03] <wm-bot>	 GitHub [8lyft/confidant] commit by ryan-lane (Ryan Lane) https://github.com/lyft/confidant/commit/bfa3e55ed04bd19b2395cb340a5b4388edcb1310 Use logging directly and reorder imports for pep8
[21:58:03] <wm-bot>	 GitHub [8lyft/confidant] commit by ryan-lane (Ryan Lane) https://github.com/lyft/confidant/commit/0e5d9eab98daf4284f86879fb41468fb17f7214f Merge pull request #40 from lyft/logging-and-import-reordering  Use logging directly and reorder imports for pep8
[21:58:04] <wm-bot>	 GitHub [8lyft/confidant] ryan-lane pushed 0 commits into branch logging-and-import-reordering: https://github.com/lyft/confidant/compare/bfa3e55ed04b...000000000000
[21:58:26] <Ryan_Lane>	 ok. that’s a bit excessive
[21:59:36] <DanyC>	 wow, quite noisy :D
[21:59:58] <Ryan_Lane>	 yeah. pulling some events from the webhook :)
[23:48:47] <pnathan>	 Hi, I have a few questions about Confidant
[23:50:10] <Ryan_Lane>	 pnathan: hi there. what's up?
[23:51:04] <pnathan>	 So I've eyeballed through the docs and a couple questions are kind of outstanding
[23:51:33] <pnathan>	 (1) Right now it seems that the management system is via the web UI. Is there an API for that?
[23:52:06] <pnathan>	 E.g., if I have a fancy schmany API that already does things with services, can I aim requests out to confidant and pull the data back?
[23:52:35] <Ryan_Lane>	 well, there's an API, but it requires google auth
[23:52:44] <pnathan>	 (2) what level of serious scrutiny has the system had? I've knocked around a bit and I'm not familar with the crypto library you're using.
[23:53:06] <pnathan>	 that might be me just missing developments, might not be.
[23:53:20] <Ryan_Lane>	 the general idea is that humans add secrets through the web-ui, then your services pull their credentials through a single rest call
[23:53:22] <Ryan_Lane>	 to one endpoint
[23:53:45] <Ryan_Lane>	 we have a very basic example implementation of the client: https://github.com/lyft/confidant/blob/master/confidant_client.py
[23:54:16] <Ryan_Lane>	 so, yeah, if you have something fancy, you can just implement this directly, or pull this client in as a library
[23:54:29] <pnathan>	 Ah, so I definitely have to provide Google auth if I want to access it and gin up my own service ?
[23:54:38] <Ryan_Lane>	 well, it depends on what you're doing
[23:54:38] <pnathan>	 I saw that kicking around the code but didn't grasp the full import.
[23:55:32] <Ryan_Lane>	 so there's a couple concepts here
[23:55:57] <Ryan_Lane>	 the first is management of the secrets. such as adding them to the system, modifying them, mapping them to IAM roles (which are services in confidant)
[23:56:04] <pnathan>	 let's say I want to have a tool on my command-line "make-new-service" which emits xyz files here, abc application stubs there, and *critically here*, gins up the new secrets.
[23:56:18] <Ryan_Lane>	 ah. so you have something that generates secrets
[23:56:28] <Ryan_Lane>	 and want to programatically push them into confidant
[23:56:33] <pnathan>	 apg is a good secret-generating tool. ;)
[23:56:51] <Ryan_Lane>	 https://github.com/thialfihar/apg ?
[23:57:31] <pnathan>	 APG(1) - http://www.adel.nursat.kz/apg/ (which is returned in the wrong mime-type)
[23:57:43] <Ryan_Lane>	 heh
[23:58:06] <Ryan_Lane>	 right, so right now this part requires google auth
[23:58:22] <Ryan_Lane>	 because you'd need to create or update secrets
[23:58:33] <Ryan_Lane>	 and that api end-point requires google auth
[23:58:51] <Ryan_Lane>	 the auth code isn't terribly modular at this point
[23:59:16] <pnathan>	 (Example apg run, fyi:  # apg -n 1 -m 30 -a 1   gives out ...  |V),AjKB&p2vyx1\/\8tRYt@!l&gNn  )
[23:59:42] <pnathan>	 OK. So direct scriptability is kind of "ehhh"