[Bug 2035180] Re: [SRU] Backport Fix barbican client with application credentials/trusts to Ussuri/Victoria

Corey Bryant 2035180 at bugs.launchpad.net
Tue Nov 21 20:05:31 UTC 2023 

David, thank you for your work on this. I've uploaded to wallaby and
victoria staging PPAs for the cloud archive and to the ubuntu focal
unapproved queue for SRU team review:
https://launchpad.net/ubuntu/focal/+queue?queue_state=1&queue_text=octavia

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/2035180

Title:
  [SRU] Backport Fix barbican client with application credentials/trusts
  to Ussuri/Victoria

Status in Ubuntu Cloud Archive:
  Fix Released
Status in Ubuntu Cloud Archive antelope series:
  Fix Released
Status in Ubuntu Cloud Archive bobcat series:
  Fix Released
Status in Ubuntu Cloud Archive ussuri series:
  Triaged
Status in Ubuntu Cloud Archive victoria series:
  Triaged
Status in Ubuntu Cloud Archive wallaby series:
  Triaged
Status in Ubuntu Cloud Archive xena series:
  Fix Released
Status in Ubuntu Cloud Archive yoga series:
  Fix Released
Status in Ubuntu Cloud Archive zed series:
  Fix Released
Status in octavia package in Ubuntu:
  Fix Released
Status in octavia source package in Focal:
  New
Status in octavia source package in Jammy:
  Fix Released

Bug description:
  [Impact]

  * Users cannot add an HTTPS endpoint with octavia/barbican when using
  application credentials (it returns http error 500).

  [Test Case]

  * Full details of commands in comment #10, summary below.
  * Add a user in a project
  * Add the admin role to the user in the project
  * Create application credentials
  * Create a barbican certificate store
  * Create octavia loadbalancer and listener with the application credentials

  [Where problems could occur]

  * Users might not be able to create load balancers or attach a listener to a load balancer that has TLS-terminated endpoints.
  *  This is due to the fact that we are patching the way we retrieve tokens from Barbican.
  * Loadbalancers or termination without TLS should not be affected and might be used as a workaround.

  [Other Info]

   * Original story: https://storyboard.openstack.org/#!/story/2007619
   * Upstream fix and backports: https://review.opendev.org/q/Id77ce36f59b71d309f153e5c1d44059f162ee440
   * Current upstream fix for octavia/Ussuri: https://review.opendev.org/c/openstack/octavia/+/894548
   * Current upstream fix for octavia/Victoria:https://review.opendev.org/c/openstack/octavia/+/894547

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2035180/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list