Glance scrubber doesn't work when registry operates in trusted-auth mode
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance |
Fix Released
|
High
|
Hemanth Makkapati |
Bug Description
When glance regisry is deployed in trusted-auth mode, it doesn't authenticate[0] but populates the context based on the identity headers sent[1]. When the context is populated it is elevated to admin context, required for scrubber[2], based on the roles sent in identity headers[3].
When Glance scrubber attempts to talk to registry, it needs to send the appropriate admin role to gain admin context especially when the registry is deployed in trusted-auth mode. Without this, scrubber will fail with 401 every time it runs.
[0]https:/
[1]https:/
[2]https:/
[3]https:/
Changed in glance: | |
assignee: | nobody → Hemanth Makkapati (hemanth-makkapati) |
Changed in glance: | |
importance: | Undecided → High |
tags: | added: kilo-rc-potential |
tags: | removed: kilo-rc-potential |
Changed in glance: | |
milestone: | none → liberty-rc1 |
status: | Fix Committed → Fix Released |
Changed in glance: | |
milestone: | liberty-rc1 → 11.0.0 |
Fix proposed to branch: master /review. openstack. org/170104
Review: https:/