barbican deployment is missing creator role

Bug #1812209 reported by Juan Antonio Osorio Robles on 2019-01-17
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Low
Juan Antonio Osorio Robles

Bug Description

The barbican service is not usable out of the box without the creator role. TripleO should create it as part of the deployment in order to get folks a usable deployment without extra steps.

This would be more of a usability fix.

Changed in tripleo:
importance: Undecided → Low
status: New → Confirmed
milestone: none → stein-3
Changed in tripleo:
assignee: nobody → Juan Antonio Osorio Robles (juan-osorio-robles)
status: Confirmed → In Progress

Reviewed: https://review.openstack.org/631477
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=dfd408a73d14ca2e8b8785d685b7d88a0739c71d
Submitter: Zuul
Branch: master

commit dfd408a73d14ca2e8b8785d685b7d88a0739c71d
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Thu Jan 17 14:17:36 2019 +0200

    Create barbican's creator role by default

    Barbican has a very specific set of keystone roles that it uses in order
    to properly enforce RBAC. One of them (and the most important) is the
    creator role. Which you'll assign to your users in order to allow them
    to create and retrieve secrets (the other role that can do this is
    admin... but we don't want to rely on this).

    For usability, lets create this role automatically as part of the
    TripleO installation.

    Closes-Bug: #1812209
    Change-Id: I9d5f912684a0987a6bdf244321215bd5595a0fa0

Changed in tripleo:
status: In Progress → Fix Released

Reviewed: https://review.openstack.org/631851
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=e8adf4b397bfef30f59f0738f363c2f918aa9953
Submitter: Zuul
Branch: stable/rocky

commit e8adf4b397bfef30f59f0738f363c2f918aa9953
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Thu Jan 17 14:17:36 2019 +0200

    Create barbican's creator role by default

    Barbican has a very specific set of keystone roles that it uses in order
    to properly enforce RBAC. One of them (and the most important) is the
    creator role. Which you'll assign to your users in order to allow them
    to create and retrieve secrets (the other role that can do this is
    admin... but we don't want to rely on this).

    For usability, lets create this role automatically as part of the
    TripleO installation.

    Closes-Bug: #1812209
    Change-Id: I9d5f912684a0987a6bdf244321215bd5595a0fa0
    (cherry picked from commit dfd408a73d14ca2e8b8785d685b7d88a0739c71d)

tags: added: in-stable-rocky
tags: added: in-stable-queens

Reviewed: https://review.openstack.org/631852
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=8b0fadeadc42977ebf25b5060e01c509f73401f2
Submitter: Zuul
Branch: stable/queens

commit 8b0fadeadc42977ebf25b5060e01c509f73401f2
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Thu Jan 17 14:17:36 2019 +0200

    Create barbican's creator role by default

    Barbican has a very specific set of keystone roles that it uses in order
    to properly enforce RBAC. One of them (and the most important) is the
    creator role. Which you'll assign to your users in order to allow them
    to create and retrieve secrets (the other role that can do this is
    admin... but we don't want to rely on this).

    For usability, lets create this role automatically as part of the
    TripleO installation.

    Closes-Bug: #1812209
    Change-Id: I9d5f912684a0987a6bdf244321215bd5595a0fa0
    (cherry picked from commit dfd408a73d14ca2e8b8785d685b7d88a0739c71d)

This issue was fixed in the openstack/puppet-tripleo 8.4.0 release.

This issue was fixed in the openstack/puppet-tripleo 10.3.0 release.

This issue was fixed in the openstack/puppet-tripleo 9.4.0 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers