[Bug 2035180] Re: [SRU] Backport Fix barbican client with application credentials/trusts to Ussuri/Victoria

Corey Bryant 2035180 at bugs.launchpad.net
Wed Nov 29 14:54:32 UTC 2023 

This bug was fixed in the package octavia - 7.1.2-0ubuntu1~cloud1
---------------

 octavia (7.1.2-0ubuntu1~cloud1) focal-victoria; urgency=medium
 .
   * d/p/fix-barbican-client-with-application-credentials-trust.patch:
     Fix barbican client when using application credentials. (LP: #2035180).


** Changed in: cloud-archive/victoria
       Status: Fix Committed => Fix Released

** Changed in: octavia (Ubuntu Focal)
       Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/2035180

Title:
  [SRU] Backport Fix barbican client with application credentials/trusts
  to Ussuri/Victoria

Status in Ubuntu Cloud Archive:
  Fix Released
Status in Ubuntu Cloud Archive antelope series:
  Fix Released
Status in Ubuntu Cloud Archive bobcat series:
  Fix Released
Status in Ubuntu Cloud Archive ussuri series:
  Triaged
Status in Ubuntu Cloud Archive victoria series:
  Fix Released
Status in Ubuntu Cloud Archive wallaby series:
  Fix Released
Status in Ubuntu Cloud Archive xena series:
  Fix Released
Status in Ubuntu Cloud Archive yoga series:
  Fix Released
Status in Ubuntu Cloud Archive zed series:
  Fix Released
Status in octavia package in Ubuntu:
  Fix Released
Status in octavia source package in Focal:
  Triaged
Status in octavia source package in Jammy:
  Fix Released

Bug description:
  [Impact]

  * Users cannot add an HTTPS endpoint with octavia/barbican when using
  application credentials (it returns http error 500).

  [Test Case]

  * Full details of commands in comment #10, summary below.
  * Add a user in a project
  * Add the admin role to the user in the project
  * Create application credentials
  * Create a barbican certificate store
  * Create octavia loadbalancer and listener with the application credentials

  [Where problems could occur]

  * Users might not be able to create load balancers or attach a listener to a load balancer that has TLS-terminated endpoints.
  *  This is due to the fact that we are patching the way we retrieve tokens from Barbican.
  * Loadbalancers or termination without TLS should not be affected and might be used as a workaround.

  [Other Info]

   * Original story: https://storyboard.openstack.org/#!/story/2007619
   * Upstream fix and backports: https://review.opendev.org/q/Id77ce36f59b71d309f153e5c1d44059f162ee440
   * Current upstream fix for octavia/Ussuri: https://review.opendev.org/c/openstack/octavia/+/894548
   * Current upstream fix for octavia/Victoria:https://review.opendev.org/c/openstack/octavia/+/894547

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2035180/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list