Barbican single host setting does not work with internal and public endpoints
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Barbican |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Currently barbican derives construction of its href in response using a single host config setting as mentioned in link below.
https:/
https:/
With this current setting, a single barbican deployment cannot support public as well as internal endpoints .
In a typical deployment, openstack services (IaaS layer) can invoke internal endpoints and some of services running in developer platform can invoke public endpoints for the services running within IaaS stack (or as platform). These 2 endpoints are different.
Concern is around only public and internal endpoint. Public and internal endpoint are used by client depending from which network they are accessing the service. In a deployment, these different URL provides capability of having different network capabilities e.g. one can have TLS for public endpoint communication and for internal communication TLS may not be mandatory.
Having these URLs hard-coded (defined) in barbican configuration limits the usefulness of keystone service catalog (and service's versioned endpoint(s)) as now we are maintaining endpoints at 2 places and need to be kept in sync.
Currently implemented version controller code does not suffer this issue. We do see this issue only where hrefs are returned in response.
Review: https:/ /review. openstack. org/#/c/ 282581/