charm-interface-keystone

Octavia default policy requires tenants to hold roles for access to the API

Bug #1813602 reported by Frode Nordahl on 2019-01-28

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
OpenStack Charms Deployment Guide	Fix Released	Low	Frode Nordahl
OpenStack Octavia Charm	Fix Released	Low	Frode Nordahl	OpenStack Octavia Charm 19.04
charm-interface-keystone	Fix Released	Low	Frode Nordahl

Bug Description

As laid out in the upstream documentation [0] non-admin access to the load-balancer API requires role membership.

These roles should be created at charm deployment time.

0: https://docs.openstack.org/octavia/latest/configuration/policy.html

Frode Nordahl (fnordahl) on 2019-01-28

Changed in charm-interface-keystone:
status:	New → Triaged
importance:	Undecided → Low
Changed in charm-octavia:
status:	New → Triaged
importance:	Undecided → Low
Changed in charm-deployment-guide:
status:	New → Triaged
importance:	Undecided → Low

Revision history for this message

Frode Nordahl (fnordahl) wrote on 2019-01-28:

https://review.openstack.org/#/c/633532/

Revision history for this message

Frode Nordahl (fnordahl) wrote on 2019-01-28:

https://review.openstack.org/#/c/633540/

Revision history for this message

Frode Nordahl (fnordahl) wrote on 2019-01-28:

https://review.openstack.org/#/c/633541/

Changed in charm-deployment-guide:
assignee:	nobody → Frode Nordahl (fnordahl)
Changed in charm-octavia:
assignee:	nobody → Frode Nordahl (fnordahl)
Changed in charm-interface-keystone:
assignee:	nobody → Frode Nordahl (fnordahl)

Frode Nordahl (fnordahl) on 2019-01-28

Changed in charm-deployment-guide:
status:	Triaged → In Progress
Changed in charm-octavia:
status:	Triaged → In Progress
Changed in charm-interface-keystone:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-01-29: Fix merged to charm-interface-keystone (master)

Reviewed: https://review.openstack.org/633532
Committed: https://git.openstack.org/cgit/openstack/charm-interface-keystone/commit/?id=0ec113afb7a553e6065b60ea8e9d6ac3ea4b2241
Submitter: Zuul
Branch: master

commit 0ec113afb7a553e6065b60ea8e9d6ac3ea4b2241
Author: Frode Nordahl <email address hidden>
Date: Mon Jan 28 16:39:57 2019 +0100

Add support for passing optional ``requested_roles`` attribute

When passing ``requested_roles`` down the ``identity-service``
relation the Keystone charm will create the listed roles for you.

Useful for charm authors implementing charms with specific role
requirements.

Change-Id: I7c1eedb1e78ffc53ac3e0df81f6b52358dd8dfa5
Closes-Bug: #1813602

Changed in charm-interface-keystone:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-01-30: Fix merged to charm-octavia (master)

Reviewed: https://review.openstack.org/633540
Committed: https://git.openstack.org/cgit/openstack/charm-octavia/commit/?id=f06a3fc78feb8f354f0a6f0b86e0d12f580b0e16
Submitter: Zuul
Branch: master

commit f06a3fc78feb8f354f0a6f0b86e0d12f580b0e16
Author: Frode Nordahl <email address hidden>
Date: Mon Jan 28 16:54:43 2019 +0100

Request roles from Keystone on endpoint registration

    Change-Id: Ic876a09b046a49b7dedc5e41f831eabd73bb0cde
    Closes-Bug: #1813602
    Depends-On: https://review.openstack.org/#/c/633532/

Changed in charm-octavia:
status:	In Progress → Fix Committed
Changed in charm-deployment-guide:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-01-30: Fix merged to charm-deployment-guide (master)

Reviewed: https://review.openstack.org/633541
Committed: https://git.openstack.org/cgit/openstack/charm-deployment-guide/commit/?id=30a683f20a9881f8f4a43c19681b6c6d399e3e08
Submitter: Zuul
Branch: master

commit 30a683f20a9881f8f4a43c19681b6c6d399e3e08
Author: Frode Nordahl <email address hidden>
Date: Mon Jan 28 17:02:19 2019 +0100

Add paragraph about Octavia Policies and end user API access

Change-Id: I214c22ceda5fdc16ac8e8d1bb71c4709faff41f0
Closes-Bug: #1813602

James Page (james-page) on 2019-04-17

Changed in charm-octavia:
milestone:	none → 19.04

David Ames (thedac) on 2019-04-17

Changed in charm-octavia:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.