trust invalid when user is disabled

Bug #1752433 reported by Ricardo Rocha
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Magnum
Status tracked in Rocky
Rocky
In Progress
High
Sayali Lunkad

Bug Description

Magnum clusters rely on trusts to authenticate with OpenStack services. This is created at cluster time, and belongs to the user that launched the cluster.

When that user is disabled or the account is deleted, the trust is no longer valid and the cluster becomes unhealthy as it cannot talk to OpenStack any longer. Magnum relies on it for different operations.

As project trusts (or app credentials) are not possible:
( see http://lists.openstack.org/pipermail/openstack-dev/2018-February/127785.html )

one option is to add a magnum command to renew the trust, setting it to the user issuing that command.

Revision history for this message
Spyros Trigazis (strigazi) wrote :

This change will also solve the heat trustor when this bug is fixed in heat.
https://bugs.launchpad.net/heat/+bug/1752347

Changed in magnum:
assignee: nobody → Sayali Lunkad (sayalilunkad)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to magnum (master)

Fix proposed to branch: master
Review: https://review.openstack.org/556847

Changed in magnum:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on magnum (master)

Change abandoned by Spyros Trigazis (<email address hidden>) on branch: master
Review: https://review.opendev.org/556847
Reason: The magnum team is cleaning up the backlog of changes older than 30 days. Feel to restore your patch.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Change abandoned by "Jake Yip <email address hidden>" on branch: master
Review: https://review.opendev.org/c/openstack/magnum/+/556847
Reason: This patch has been inactive for a while. To help managed Magnum Core Team's workload, old changes will be abandoned. Please feel free to restore and rebase against master if you are still interested in getting this merged. Thanks!

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.