Issues with trust work in sahara

Bug #1521992 reported by Vitalii Gridnev
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Sahara
Fix Released
High
Vitalii Gridnev

Bug Description

Sahara creates trusts that can be used during provisioning to refresh auth_token. But in such case we need to setup correct auth_plugin in context.

Also we need to allow redelegation for cluster trusts, since heat also uses trusts during provisioning.

In case of failed provisioning we need to setup trust for cluster rollback.

Changed in sahara:
status: New → Triaged
assignee: nobody → Vitaly Gridnev (vgridnev)
importance: Undecided → High
milestone: none → mitaka-2
Changed in sahara:
status: Triaged → In Progress
Changed in sahara:
milestone: mitaka-2 → mitaka-3
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to sahara (master)

Reviewed: https://review.openstack.org/251813
Committed: https://git.openstack.org/cgit/openstack/sahara/commit/?id=47bd10fff83933ddb0a241a1fc73e09ff4cce6bb
Submitter: Jenkins
Branch: master

commit 47bd10fff83933ddb0a241a1fc73e09ff4cce6bb
Author: Vitaly Gridnev <email address hidden>
Date: Tue Dec 1 14:46:13 2015 +0300

    Trust usage improvements in sahara

    There are several improvements in usage trusts.
     * create trust always and without expiry to allow
       provisioning of large clusters
     * fix issues with auth_plugin setup during cluster
       provisioning, so that we can use trusts to
       refresh auth_token
     * enable redelegation for cluster trusts, because
       heat also will create trusts during heat stack
       creation
     * refreshing cluster before create/delete trusts
       to check to be sure that correct trust applied
       to cluster.
     * removing config option for expiry since it unused now.

    SecurityImpact

    Closes-bug: 1521992
    Related-bug: 1486653
    Change-Id: Ic5ab5a875754c09aae59d0313d5726f2bd4f7282

Changed in sahara:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.