Perl 6 - the future is here, just unevenly distributed

IRC log for #confidant, 2016-02-29

| Channels | #confidant index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
02:09 angusfretwell I'm consistently getting "TableDoesNotExist: Table does not exist: `Requested resource not found: Table: confidant not found`". I've double-checked that the DynamoDB instance was created correctly, IAM role is set-up properly, and that my env config is correct, but obviously I've done something wrong. Any ideas?
02:48 ilbot3 joined #confidant
02:48 Topic for #confidant is now Secret management for AWS. https://lyft.github.io/confidant Channel logs at http://irclog.perlgeek.de/confidant/
02:56 angusfretwell left #confidant
02:57 angusfretwell joined #confidant
03:31 Ryan_Lane angusfretwell: howdy
03:31 angusfretwell hey Ryan_Lane
03:31 Ryan_Lane table name in AWS is confidant?
03:31 angusfretwell that's right
03:32 Ryan_Lane DYNAMODB_TABLE is set to 'confidant'?
03:32 Ryan_Lane heh. I guess it must be
03:32 Ryan_Lane do you have AWS_DEFAULT_REGION set?
03:32 angusfretwell Yeah!
03:32 Ryan_Lane it needs to match your region. it's possible it's defaulting to us-east-1
03:33 angusfretwell Set to us-west-2, where the DynamoDB lives
03:33 Ryan_Lane hm
03:33 Ryan_Lane is this a stack trace?
03:33 angusfretwell yeah, switched debug on and have been watching the logs
03:33 angusfretwell one moment, i'll show you the full thing
03:34 Ryan_Lane DYNAMODB_URL isn't set, right?
03:34 angusfretwell no, it's not
03:34 Ryan_Lane ok
03:35 angusfretwell https://gist.github.com/angusfretwell/c63cc6deab889a913a2f'
03:37 angusfretwell here's what my env looks like https://gist.github.com/angusfretwell/b1b970ef8a8ba86026ef
03:37 Ryan_Lane you'll want to rotate your salt and session secret :)
03:37 angusfretwell yeah, they're just the ones from the docs!
03:37 Ryan_Lane ah
03:37 Ryan_Lane heh
03:37 Ryan_Lane gotcha
03:38 angusfretwell have auth and ssl off for the time being; i was also having an issue with auth, but one issue at a time i guess :-)
03:38 * Ryan_Lane nods
03:38 Ryan_Lane ok. let me give you a gist really quick
03:39 Ryan_Lane https://gist.github.com/ryan-lane/ed4e8c8d1fe1b6cc2860
03:39 Ryan_Lane you'll want to run that with the environment exposed, in whichever venv you're using
03:40 Ryan_Lane no need to paste the results
03:40 Ryan_Lane just want to make sure it returns successfully
03:40 angusfretwell cool. i'm using docker, which i don
03:40 angusfretwell 't have a heap of experience with
03:40 Ryan_Lane ah. gotcha.
03:41 Ryan_Lane I'm usually not using docker too :)
03:41 Ryan_Lane I think you should be able to run a command in the container
03:41 Ryan_Lane docker exec -i container_id python
03:41 Ryan_Lane where container_id is the container id via docker ps
03:42 Ryan_Lane that should give you a python shell using the correct context
03:43 Ryan_Lane it's possible you may need -it rather than just -i
03:43 angusfretwell yep, i did
03:43 angusfretwell ok, so that shows me my table with all of the indexes and that
03:45 Ryan_Lane interesting.
03:50 Ryan_Lane angusfretwell: which version of botocore is being used?
03:50 Ryan_Lane i'm looking through the pynamo code
03:51 Ryan_Lane hm. I wonder if pynamo uses a different AWS region option
03:53 angusfretwell how do i find the version? sorry, i dont know python too well!
03:54 Ryan_Lane uuuuggghh
03:54 Ryan_Lane this is an issue with pynamodb
03:54 angusfretwell oh?
03:54 Ryan_Lane it seems you need to specify the region in the meta definition for the table
03:54 Ryan_Lane and it defaults to us-east-1
03:55 Ryan_Lane so... I need to put something into the code
03:55 angusfretwell ahuh... i considered redoing everything in that region! hahaha
03:56 Ryan_Lane heh
03:56 Ryan_Lane give me a sec and I'll make a PR
03:56 angusfretwell thanks!
03:56 Ryan_Lane I may not be able to push a new version to docker till tomorrow though
03:56 angusfretwell no worries
03:58 angusfretwell while i've got you, i'm getting this error after logging in via google https://gist.github.com/angusfretwell/e9bd102eb29868190152
04:00 Ryan_Lane one sec
04:02 Ryan_Lane https://github.com/lyft/confidant/pull/47
04:02 Ryan_Lane ah. that looks like a bug for sure :)
04:03 Ryan_Lane I can give you a quick workaround for that
04:05 Ryan_Lane it's actually a bit odd that's None
04:05 Ryan_Lane it _should_ be ''
04:06 Ryan_Lane oh
04:06 Ryan_Lane user.email is None
04:06 Ryan_Lane that's a bit odd
04:06 Ryan_Lane angusfretwell: does your google auth not allow the user's email address to be given back?
04:08 Ryan_Lane I thought confidant actually requested that level of permission for auth
04:08 Ryan_Lane ok. I have to run to dinner. I'll be back around tomorrow
04:10 angusfretwell sorry, got sidetracked. thanks for your help!
04:13 Ryan_Lane You're welcome
04:39 angusfretwell Ryan_Lane: I enabled the Google+ APIs in my app, now login works!
15:47 abrody How secret does the SESSION_SECRET need to be?
15:48 abrody I'm trying to figure out how to distribute that secret to the confidant instances
15:48 abrody If only I had a secret management service to do it...
17:28 Ryan_Lane abrody: heh
17:29 Ryan_Lane I'm going to be fixing that in an upcoming sprint
17:29 Ryan_Lane Which means it'll be in the next release
17:29 Ryan_Lane Its used for session security I believe, so you want to keep it secret
17:31 Ryan_Lane I'll be making it possible for confidant to have its own secrets encrypted using the at-rest key
17:32 abrody OK is there a timeline for that / any thoughts on how to approach storage of the session secret in the meantime?
17:33 Ryan_Lane For now it's mostly a matter of keeping it out of code. Putting it in the cloud init or in an s3 bucket with good iam policy is likely the best option
17:33 Ryan_Lane We're shaking out any bugs in the new release internally first
17:34 Ryan_Lane There's still a few changes to go in so I'd say probably another month or so.
17:34 Ryan_Lane Release after that will have a more transparent process
20:05 Ryan_Lane angusfretwell: glad to hear you got the auth working
22:59 angusfretwell Ryan_Lane: Thanks. I've been thinking I should make a PR for the docs, explaining a few things in greater detail (especially DynamoDB setup), or is someone already working on that?
23:00 Ryan_Lane angusfretwell: if you could that would be really awesome!
23:00 Ryan_Lane I'm pretty heads-down on changes to confidant that'll be in next release
23:01 Ryan_Lane (doc changes don't require you to sign a CLA, btw)
23:13 angusfretwell Ryan_Lane: Cool, hopefully I can find a few hours over the next week to work on it :-)
23:25 Ryan_Lane great. thanks so much!
23:42 angusfretwell left #confidant
23:42 angusfretwell joined #confidant
23:56 angusfretwell joined #confidant
23:58 lyftbot joined #confidant

| Channels | #confidant index | Today | | Search | Google Search | Plain-Text | summary