pipeline definition is updated incorrectly

Bug #1946378 reported by Takashi Kajinami
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Takashi Kajinami

Bug Description

Currently barbican::api updates the barbican_api pipeline according to auth_strategy, but this usage if quite outdated since Barbican defaulted to keystone authentication[1].

[1] https://github.com/openstack/barbican/commit/497db2c776a569ea18b86b781103101d3a5723ad

There are some problems we should fix.

- The default barbican-api-keystone pipenile is always used. We should change the pipeline for v1 API when we don't use keystone

- The barbican_api pipeline should not be updated if auth_strategy = 'keystone'

- The pipeline definition doesn't include the http_proxy_to_wsgi middleware.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-barbican (master)
Changed in puppet-barbican:
status: New → In Progress
Changed in puppet-barbican:
importance: Undecided → High
assignee: nobody → Takashi Kajinami (kajinamit)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-barbican (master)

Reviewed: https://review.opendev.org/c/openstack/puppet-barbican/+/813041
Committed: https://opendev.org/openstack/puppet-barbican/commit/e9836301999d7baf134139b6e00021cceb3e969f
Submitter: "Zuul (22348)"
Branch: master

commit e9836301999d7baf134139b6e00021cceb3e969f
Author: Takashi Kajinami <email address hidden>
Date: Fri Oct 8 00:06:11 2021 +0900

    Do not update barbican_api pipeline when keystone auth is used

    The barbican_api pipeline is not longer used by default and the current
    default pipeline, barbican-api, includes the required middleware to
    use keystone auth.
    This change removes the logic to tweak the barbican_api pipeline when
    keystone auth is used.

    One remaining knwon issue is that current barbican_api_paste_ini
    doesn't support updating the root composite to replace the pipeline
    used by the one without keystoneauth.
    Currently usage of auth_strategy != 'keystone' just shows warning and
    users should manually edit the pipeline.

    Closes-Bug: #1946378
    Change-Id: I34fecc5265cbc9bc6d5b46b5a96f056b47b64c59

Changed in puppet-barbican:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/puppet-barbican 20.0.0

This issue was fixed in the openstack/puppet-barbican 20.0.0 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers