[Bug 2035180] Re: [SRU] Backport Fix barbican client with application credentials/trusts to Ussuri/Victoria

David Negreira 2035180 at bugs.launchpad.net
Tue Oct 24 14:24:30 UTC 2023 

** Also affects: cloud-archive/xena
   Importance: Undecided
       Status: New

** Also affects: cloud-archive/yoga
   Importance: Undecided
       Status: New

** Also affects: cloud-archive/zed
   Importance: Undecided
       Status: New

** Also affects: cloud-archive/bobcat
   Importance: Undecided
       Status: Fix Released

** Also affects: cloud-archive/antelope
   Importance: Undecided
       Status: New

** Changed in: cloud-archive/antelope
       Status: New => Fix Released

** Changed in: cloud-archive/xena
       Status: New => Fix Released

** Changed in: cloud-archive/yoga
       Status: New => Fix Released

** Changed in: cloud-archive/zed
       Status: New => Fix Released

** Also affects: octavia (Ubuntu Jammy)
   Importance: Undecided
       Status: New

** Changed in: octavia (Ubuntu Jammy)
       Status: New => Fix Released

** Patch added: "lp2035180-octavia-focal.debdiff"
   https://bugs.launchpad.net/ubuntu/jammy/+source/octavia/+bug/2035180/+attachment/5712901/+files/lp2035180-octavia-focal.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/2035180

Title:
  [SRU] Backport Fix barbican client with application credentials/trusts
  to Ussuri/Victoria

Status in Ubuntu Cloud Archive:
  Fix Released
Status in Ubuntu Cloud Archive antelope series:
  Fix Released
Status in Ubuntu Cloud Archive bobcat series:
  Fix Released
Status in Ubuntu Cloud Archive ussuri series:
  Triaged
Status in Ubuntu Cloud Archive victoria series:
  Triaged
Status in Ubuntu Cloud Archive wallaby series:
  Triaged
Status in Ubuntu Cloud Archive xena series:
  Fix Released
Status in Ubuntu Cloud Archive yoga series:
  Fix Released
Status in Ubuntu Cloud Archive zed series:
  Fix Released
Status in octavia package in Ubuntu:
  Fix Released
Status in octavia source package in Focal:
  Incomplete
Status in octavia source package in Jammy:
  Fix Released

Bug description:
  [Impact]

  * Users cannot add an HTTPS endpoint with octavia/barbican when using
  application credentials (it returns http error 500).

  [Test Case]

  * Full details of commands in comment #10, summary below.
  * Add a user in a project
  * Add the admin role to the user in the project
  * Create application credentials
  * Create a barbican certificate store
  * Create octavia loadbalancer and listener with the application credentials

  [Where problems could occur]

  * Users might not be able to create load balancers or attach a listener to a load balancer that has TLS-terminated endpoints.
  *  This is due to the fact that we are patching the way we retrieve tokens from Barbican.
  * Loadbalancers or termination without TLS should not be affected and might be used as a workaround.

  [Other Info]

   * Original story: https://storyboard.openstack.org/#!/story/2007619
   * Upstream fix and backports: https://review.opendev.org/q/Id77ce36f59b71d309f153e5c1d44059f162ee440
   * Current upstream fix for octavia/Ussuri: https://review.opendev.org/c/openstack/octavia/+/894548
   * Current upstream fix for octavia/Victoria:https://review.opendev.org/c/openstack/octavia/+/894547

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2035180/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list