[Bug 2035180] Re: [SRU] Backport Fix barbican client with application credentials/trusts to Ussuri/Victoria
David Negreira
2035180 at bugs.launchpad.net
Tue Oct 24 12:43:12 UTC 2023
** Description changed:
[Impact]
* Users cannot add an HTTPS endpoint with octavia/barbican when using
application credentials (it returns http error 500).
[Test Case]
* Full details of commands in comment #10, summary below.
* Add a user in a project
* Add the admin role to the user in the project
* Create application credentials
* Create a barbican certificate store
* Create octavia loadbalancer and listener with the application credentials
[Where problems could occur]
- * Users might not be able to create load balancers or attach a listener
- to a load balancer.
+ * Users might not be able to create load balancers or attach a listener to a load balancer that has TLS-terminated endpoints.
+ * This is due to the fact that we are patching the way we retrieve tokens from Barbican.
+ * Loadbalancers or termination without TLS should not be affected and might be used as a workaround
+
[Other Info]
* Original story: https://storyboard.openstack.org/#!/story/2007619
* Upstream fix and backports: https://review.opendev.org/q/Id77ce36f59b71d309f153e5c1d44059f162ee440
* Current upstream fix for octavia/Ussuri: https://review.opendev.org/c/openstack/octavia/+/894548
* Current upstream fix for octavia/Victoria:https://review.opendev.org/c/openstack/octavia/+/894547
** Description changed:
[Impact]
* Users cannot add an HTTPS endpoint with octavia/barbican when using
application credentials (it returns http error 500).
[Test Case]
* Full details of commands in comment #10, summary below.
* Add a user in a project
* Add the admin role to the user in the project
* Create application credentials
* Create a barbican certificate store
* Create octavia loadbalancer and listener with the application credentials
[Where problems could occur]
* Users might not be able to create load balancers or attach a listener to a load balancer that has TLS-terminated endpoints.
* This is due to the fact that we are patching the way we retrieve tokens from Barbican.
- * Loadbalancers or termination without TLS should not be affected and might be used as a workaround
-
+ * Loadbalancers or termination without TLS should not be affected and might be used as a workaround.
[Other Info]
* Original story: https://storyboard.openstack.org/#!/story/2007619
* Upstream fix and backports: https://review.opendev.org/q/Id77ce36f59b71d309f153e5c1d44059f162ee440
* Current upstream fix for octavia/Ussuri: https://review.opendev.org/c/openstack/octavia/+/894548
* Current upstream fix for octavia/Victoria:https://review.opendev.org/c/openstack/octavia/+/894547
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/2035180
Title:
[SRU] Backport Fix barbican client with application credentials/trusts
to Ussuri/Victoria
Status in Ubuntu Cloud Archive:
Fix Released
Status in Ubuntu Cloud Archive ussuri series:
Triaged
Status in Ubuntu Cloud Archive victoria series:
Triaged
Status in Ubuntu Cloud Archive wallaby series:
Triaged
Status in octavia package in Ubuntu:
Fix Released
Status in octavia source package in Focal:
Incomplete
Bug description:
[Impact]
* Users cannot add an HTTPS endpoint with octavia/barbican when using
application credentials (it returns http error 500).
[Test Case]
* Full details of commands in comment #10, summary below.
* Add a user in a project
* Add the admin role to the user in the project
* Create application credentials
* Create a barbican certificate store
* Create octavia loadbalancer and listener with the application credentials
[Where problems could occur]
* Users might not be able to create load balancers or attach a listener to a load balancer that has TLS-terminated endpoints.
* This is due to the fact that we are patching the way we retrieve tokens from Barbican.
* Loadbalancers or termination without TLS should not be affected and might be used as a workaround.
[Other Info]
* Original story: https://storyboard.openstack.org/#!/story/2007619
* Upstream fix and backports: https://review.opendev.org/q/Id77ce36f59b71d309f153e5c1d44059f162ee440
* Current upstream fix for octavia/Ussuri: https://review.opendev.org/c/openstack/octavia/+/894548
* Current upstream fix for octavia/Victoria:https://review.opendev.org/c/openstack/octavia/+/894547
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2035180/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list