Front proxy and etcd certificates not removed after cluster deletion
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Magnum |
In Progress
|
Undecided
|
Unassigned |
Bug Description
It seems that since separate CA certs were added for etcd and front proxy in https:/
Steps to reproduce:
Create a Magnum cluster and then delete it. Inspect the Barbican database to see that two certificates, along with their private keys and passphrases are still left:
$ mysql barbican -t <<<"select name, status, created_at, deleted_at from secrets order by created_at desc limit 12;"
+------
| name | status | created_at | deleted_at |
+------
| Private Key Passphrase | ACTIVE | 2024-04-14 18:32:48 | 2024-04-14 19:06:39 |
| Certificate | ACTIVE | 2024-04-14 18:32:48 | 2024-04-14 19:06:39 |
| Private Key | ACTIVE | 2024-04-14 18:32:48 | 2024-04-14 19:06:39 |
| Private Key | ACTIVE | 2024-04-14 18:32:47 | NULL |
| Private Key Passphrase | ACTIVE | 2024-04-14 18:32:47 | NULL |
| Certificate | ACTIVE | 2024-04-14 18:32:47 | NULL |
| Private Key Passphrase | ACTIVE | 2024-04-14 18:32:46 | NULL |
| Private Key | ACTIVE | 2024-04-14 18:32:46 | NULL |
| Certificate | ACTIVE | 2024-04-14 18:32:45 | NULL |
| Private Key Passphrase | ACTIVE | 2024-04-14 18:32:44 | 2024-04-14 19:06:38 |
| Private Key | ACTIVE | 2024-04-14 18:32:44 | 2024-04-14 19:06:38 |
| Certificate | ACTIVE | 2024-04-14 18:32:43 | 2024-04-14 19:06:38 |
+------
Expected result:
All created certificates should be removed when the cluster is deleted.
description: | updated |
Fix proposed to branch: master /review. opendev. org/c/openstack /magnum/ +/915775
Review: https:/