[SRU] Backport Fix barbican client with application credentials/trusts to Ussuri/Victoria
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu Cloud Archive |
Fix Released
|
Undecided
|
Unassigned | ||
Antelope |
Fix Released
|
Undecided
|
Unassigned | ||
Bobcat |
Fix Released
|
Undecided
|
Unassigned | ||
Ussuri |
Fix Committed
|
Medium
|
Unassigned | ||
Victoria |
Fix Released
|
Medium
|
Unassigned | ||
Wallaby |
Fix Released
|
Medium
|
Unassigned | ||
Xena |
Fix Released
|
Undecided
|
Unassigned | ||
Yoga |
Fix Released
|
Undecided
|
Unassigned | ||
Zed |
Fix Released
|
Undecided
|
Unassigned | ||
octavia (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Medium
|
David Negreira | ||
Jammy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
* Users cannot add an HTTPS endpoint with octavia/barbican when using application credentials (it returns http error 500).
[Test Case]
* Full details of commands in comment #10, summary below.
* Add a user in a project
* Add the admin role to the user in the project
* Create application credentials
* Create a barbican certificate store
* Create octavia loadbalancer and listener with the application credentials
[Where problems could occur]
* Users might not be able to create load balancers or attach a listener to a load balancer that has TLS-terminated endpoints.
* This is due to the fact that we are patching the way we retrieve tokens from Barbican.
* Loadbalancers or termination without TLS should not be affected and might be used as a workaround.
[Other Info]
* Original story: https:/
* Upstream fix and backports: https:/
* Current upstream fix for octavia/Ussuri: https:/
* Current upstream fix for octavia/Victoria:https:/
no longer affects: | octavia |
no longer affects: | octavia (Ubuntu) |
description: | updated |
Changed in cloud-archive: | |
status: | New → Fix Released |
Changed in octavia (Ubuntu): | |
status: | New → Fix Released |
description: | updated |
description: | updated |
tags: | added: sts-sru-needed |
Changed in octavia (Ubuntu Focal): | |
status: | Incomplete → New |
this is just a placeholder atm until the upstream backports are merged