castellan

the config type defined error in barbican_key_manager

Bug #1876102 reported by Jie Li
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
castellan
Fix Released
Undecided
Jie Li

Bug Description

We found that the config type defined error in barbican_key_manager, that is the "verify_ssl" config[1]. And we can see the defined in the source[2]. So we should set the type to "String".

[1]:https://github.com/openstack/castellan/blob/master/castellan/key_manager/barbican_key_manager.py#L64
[2]:https://github.com/openstack/keystoneauth/blob/master/keystoneauth1/session.py#L280

See original description
Jie Li (ramboman)
description: updated
Changed in castellan:
assignee: nobody → Jie Li (ramboman)
OpenStack Infra (hudson-openstack)
Changed in castellan:
status: New → In Progress
Revision history for this message
Stephen Finucane (stephenfinucane) wrote :

This bug isn't clear. What error are you seeing. Can you provide logs?

Revision history for this message
Jie Li (ramboman) wrote :

When we enable the SSL verify, we need to provide a path to a bundle or CA certs to check. We should give the path (which is string type) to the "verify_ssl" config. But now the type is Bool,so we can't verify the SSL at present.

Now the bug is when the OpenStack Barbican service enable SSL, we couldn't create the encrypted volume. The reason is that SSL verified failed. And the log is "SSL verifIed failed". To more clearly, we can see the keystoneauth about the Session class definition[1].

[1]:https://github.com/openstack/keystoneauth/blob/master/keystoneauth1/session.py#L280

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to castellan (master)

Reviewed: https://review.opendev.org/724653
Committed: https://git.openstack.org/cgit/openstack/castellan/commit/?id=89f311dfbd264a5d4309ea1ca4283f2746d6fa24
Submitter: Zuul
Branch: master

commit 89f311dfbd264a5d4309ea1ca4283f2746d6fa24
Author: ramboman <email address hidden>
Date: Thu Apr 30 21:30:47 2020 +0800

    add "verify_ssl_path" config for barbican key manager

    Now we cann't use the verify_ssl if we set True, so we
    add the "verify_ssl_path" config to solve it.

    Closes-Bug: #1876102
    Change-Id: I83bafe5b7e0c4cca67f773858007fb59d98a93a5

Changed in castellan:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to castellan (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.opendev.org/738391

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to castellan (stable/stein)

Fix proposed to branch: stable/stein
Review: https://review.opendev.org/738396

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to castellan (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/738398

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to castellan (stable/ussuri)

Fix proposed to branch: stable/ussuri
Review: https://review.opendev.org/738399

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to castellan (stable/ussuri)

Reviewed: https://review.opendev.org/738399
Committed: https://git.openstack.org/cgit/openstack/castellan/commit/?id=dcbf29d3ba0d36f59f7f5ad31708777372c756cb
Submitter: Zuul
Branch: stable/ussuri

commit dcbf29d3ba0d36f59f7f5ad31708777372c756cb
Author: ramboman <email address hidden>
Date: Thu Apr 30 21:30:47 2020 +0800

    add "verify_ssl_path" config for barbican key manager

    Now we cann't use the verify_ssl if we set True, so we
    add the "verify_ssl_path" config to solve it.

    Closes-Bug: #1876102
    (cherry picked from commit 89f311dfbd264a5d4309ea1ca4283f2746d6fa24)

    Change-Id: I83bafe5b7e0c4cca67f773858007fb59d98a93a5

tags: added: in-stable-ussuri
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to castellan (stable/train)

Reviewed: https://review.opendev.org/738398
Committed: https://git.openstack.org/cgit/openstack/castellan/commit/?id=884dee77b7f71ee46de8bc85b48482ffb30b1478
Submitter: Zuul
Branch: stable/train

commit 884dee77b7f71ee46de8bc85b48482ffb30b1478
Author: ramboman <email address hidden>
Date: Thu Apr 30 21:30:47 2020 +0800

    add "verify_ssl_path" config for barbican key manager

    Now we cann't use the verify_ssl if we set True, so we
    add the "verify_ssl_path" config to solve it.

    Closes-Bug: #1876102
    (cherry picked from commit 89f311dfbd264a5d4309ea1ca4283f2746d6fa24)

    Change-Id: I83bafe5b7e0c4cca67f773858007fb59d98a93a5

tags: added: in-stable-train
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on castellan (stable/rocky)

Change abandoned by Jie Li (<email address hidden>) on branch: stable/rocky
Review: https://review.opendev.org/738391

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to castellan (stable/stein)

Reviewed: https://review.opendev.org/738396
Committed: https://git.openstack.org/cgit/openstack/castellan/commit/?id=46575f02e8a9288bce1b646bcb777143451b1d4b
Submitter: Zuul
Branch: stable/stein

commit 46575f02e8a9288bce1b646bcb777143451b1d4b
Author: ramboman <email address hidden>
Date: Thu Apr 30 21:30:47 2020 +0800

    add "verify_ssl_path" config for barbican key manager

    Now we cann't use the verify_ssl if we set True, so we
    add the "verify_ssl_path" config to solve it.

    Closes-Bug: #1876102
    (cherry picked from commit 89f311dfbd264a5d4309ea1ca4283f2746d6fa24)

    Change-Id: I83bafe5b7e0c4cca67f773858007fb59d98a93a5

tags: added: in-stable-stein
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.