Cinder request to glance does not support mTLS

Bug #1917797 reported by hamza on 2021-03-04
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Cinder
Low
Unassigned
Sri Harsha mekala (harshayahoo) wrote :

Proposed change (until the launchpad/review.opendev.org integration is restored):https://review.opendev.org/c/openstack/cinder/+/778768

Changed in cinder:
status: New → In Progress
Eric Harney (eharney) on 2021-03-10
Changed in cinder:
status: In Progress → Incomplete
Changed in cinder:
status: Incomplete → Opinion
Brian Rosmaita (brian-rosmaita) wrote :

This requires some discussion. I think what you are talking about here is mTLS, not TLS in general. Please propose a spec for Xena outlining the gaps and how you propose to address them.

Here's info about putting together a proposal: https://docs.openstack.org/cinder/latest/contributor/contributing.html#new-feature-planning

Also, we have the Xena PTG coming up, you might want to discuss this topic there: https://etherpad.opendev.org/p/xena-ptg-cinder-planning

tags: added: mtls
Changed in cinder:
importance: Undecided → Low
milestone: none → 19.0.0
Adam Harwell (adam-harwell) wrote :

Yes, this was incorrectly labeled as a "TLS" issue, he meant "mTLS". I've fixed the wording. I think this is the only gap, and this single patch fixes it: https://review.opendev.org/c/openstack/cinder/+/778768

I don't know if this is worth an entire "feature", I look at this as a bug (not properly using keystone's sessions by omitting a standard var).

summary: - Cinder request to glance does not support TLS
+ Cinder request to glance does not support mTLS
description: updated
Adam Harwell (adam-harwell) wrote :

When I say "I think this is the only gap", I don't just mean in Cinder... I mean in the entirety of the core OpenStack ecosystem. With this patch and the patch from the client bug mentioned above, we have tested end-to-end mTLS across all services successfully. mTLS was done as part of the keystonesession work several cycles ago, so this isn't anything new we're implementing, just passing a few config vars through to enable it correctly. :)

Changed in cinder:
status: Opinion → Triaged
status: Triaged → In Progress
milestone: 19.0.0 → wallaby-rc1

This issue was fixed in the openstack/cinder 18.0.0.0rc1 release candidate.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers