LBaaS user needs permissions to POST consumers

Fix proposed to branch: master
Review: https://review.openstack.org/251168

Hi all,

How's the progress for this bug?
It seems like the bug I reported https://bugs.launchpad.net/barbican/+bug/1592612 is somehow related to this bug.
Do any of you mind check out the bug I reported? Thanks a lot.

Sorry Folks, I am stuck into some other priorities right now.

I ran into the same bug as Jiahao, but on liberty stable devstack: https://bugs.launchpad.net/barbican/+bug/1592612
Is there any temporary workaround until this is fixed?

Hi All,

Anyone is working on this bug?

Reviewed: https://review.openstack.org/251168
Committed: https://git.openstack.org/cgit/openstack/barbican/commit/?id=38ecf5b51fef1293e9c1d95d8110c50ae5997f28
Submitter: Jenkins
Branch: master

commit 38ecf5b51fef1293e9c1d95d8110c50ae5997f28
Author: Pan <email address hidden>
Date: Thu Aug 25 12:56:07 2016 -0400

    Remove consumer check for project_id to match containers

    I believe this is the correct behavior, as it would match how
    containers handles these operations. This change facilitates
    the LBaaS Barbican TLS workflow (which should be the same as
    what other services will use in the future too).

    The RBAC settings for consumer POST should be set to
    use the same ACL rules as container GET (plus admin).

    The RBAC settings for consumer DELETE should be:
     * Any user with Delete permissions on the Container
     * Any user that both: has ACL Read access to the Container; is a member
       of the project that created the Consumer being deleted

    Change-Id: Ie84784573893934c2887814a200e7386314b4f18
    Closes-Bug: #1519170

You will also need this
https://bugs.launchpad.net/barbican/+bug/1624801

This issue was fixed in the openstack/barbican 3.0.0.0rc1 release candidate.

This issue was fixed in the openstack/barbican 3.0.0 release.

Abandoned after re-enabling the Octavia launchpad.