Front proxy and etcd certificates not removed after cluster deletion
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Magnum |
In Progress
|
Undecided
|
Unassigned | ||
Bug Description
It seems that since separate CA certs were added for etcd and front proxy in https:/
Steps to reproduce:
Create a Magnum cluster and then delete it. Inspect the Barbican database to see that two certificates, along with their private keys and passphrases are still left:
$ mysql barbican -t <<<"select name, status, created_at, deleted_at from secrets order by created_at desc limit 12;"
+------
| name | status | created_at | deleted_at |
+------
| Private Key Passphrase | ACTIVE | 2024-04-14 18:32:48 | 2024-04-14 19:06:39 |
| Certificate | ACTIVE | 2024-04-14 18:32:48 | 2024-04-14 19:06:39 |
| Private Key | ACTIVE | 2024-04-14 18:32:48 | 2024-04-14 19:06:39 |
| Private Key | ACTIVE | 2024-04-14 18:32:47 | NULL |
| Private Key Passphrase | ACTIVE | 2024-04-14 18:32:47 | NULL |
| Certificate | ACTIVE | 2024-04-14 18:32:47 | NULL |
| Private Key Passphrase | ACTIVE | 2024-04-14 18:32:46 | NULL |
| Private Key | ACTIVE | 2024-04-14 18:32:46 | NULL |
| Certificate | ACTIVE | 2024-04-14 18:32:45 | NULL |
| Private Key Passphrase | ACTIVE | 2024-04-14 18:32:44 | 2024-04-14 19:06:38 |
| Private Key | ACTIVE | 2024-04-14 18:32:44 | 2024-04-14 19:06:38 |
| Certificate | ACTIVE | 2024-04-14 18:32:43 | 2024-04-14 19:06:38 |
+------
Expected result:
All created certificates should be removed when the cluster is deleted.
| OpenStack Infra (hudson-openstack) wrote Fix proposed to magnum (master) | #1 |
| Changed in magnum: | |
| status: | New → In Progress |
| description: | updated |
Fix proposed to branch: master
Review: https:/