Error at listener's barbican container validation
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Validation of the barabican container associated with listener (tls and sni) at plugin layer is throwing error.
In validate_
def _validate_tls(self, listener, curr_listener=
def validate_
...
def validate_
for container_ref in to_validate:
...
if len(to_validate) > 0:
#to_validate is list of container_ids.
#at barbican_
def get_cert(cert_ref, service_
...
:param cert_ref: the UUID of the cert to retrieve
...
#above container_ref is a UUID whereas connection.
We should prepare ref_url from container UUID
following should fix the issue.
diff --git a/neutron_
index 1ad38ee..8d3c3c4 100644
--- a/neutron_
+++ b/neutron_
@@ -219,6 +222,9 @@ class CertManager(
"""
connection = BarbicanKeyston
+ if self.is_
+ cert_ref = self.get_
+
Error log:
-------
ERROR neutron_
cbf4652456a9bd5
2015-06-04 09:58:38.126 TRACE neutron_
2015-06-04 09:58:38.126 TRACE neutron_
/cert_manager/
2015-06-04 09:58:38.126 TRACE neutron_
2015-06-04 09:58:38.126 TRACE neutron_
nt/containers.py", line 528, in get
2015-06-04 09:58:38.126 TRACE neutron_
2015-06-04 09:58:38.126 TRACE neutron_
nt/base.py", line 35, in validate_ref
2015-06-04 09:58:38.126 TRACE neutron_
mat(entity))
2015-06-04 09:58:38.126 TRACE neutron_
2015-06-04 09:58:38.126 TRACE neutron_
2015-06-04 09:58:38.167 INFO neutron.
te failed (client error): TLS container 0b8d5af0-
-------
As per discussion on IRC -- this is working as intended, if it is rejecting containers when passed in simply as a UUID. The user must pass in a full container_ref. We might want to try to catch/validate even sooner in the API layer that the value for container_ref must be a full URI, not just a UUID. This feature does not seem to be well documented though, as I can't find anything describing its use, and the spec document for it is old and inaccurate (which appears to be what caused the confusion). We really need proper documentation, since at this moment it looks like the only "docs" are a few scattered wiki pages and blog posts with unclear examples.