Issues with trust work in sahara
Bug #1521992 reported by
Vitalii Gridnev
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Sahara |
Fix Released
|
High
|
Vitalii Gridnev |
Bug Description
Sahara creates trusts that can be used during provisioning to refresh auth_token. But in such case we need to setup correct auth_plugin in context.
Also we need to allow redelegation for cluster trusts, since heat also uses trusts during provisioning.
In case of failed provisioning we need to setup trust for cluster rollback.
Changed in sahara: | |
status: | New → Triaged |
assignee: | nobody → Vitaly Gridnev (vgridnev) |
importance: | Undecided → High |
milestone: | none → mitaka-2 |
Changed in sahara: | |
status: | Triaged → In Progress |
Changed in sahara: | |
milestone: | mitaka-2 → mitaka-3 |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/251813 /git.openstack. org/cgit/ openstack/ sahara/ commit/ ?id=47bd10fff83 933ddb0a241a1fc 73e09ff4cce6bb
Committed: https:/
Submitter: Jenkins
Branch: master
commit 47bd10fff83933d db0a241a1fc73e0 9ff4cce6bb
Author: Vitaly Gridnev <email address hidden>
Date: Tue Dec 1 14:46:13 2015 +0300
Trust usage improvements in sahara
There are several improvements in usage trusts.
provisioning, so that we can use trusts to
* create trust always and without expiry to allow
provisioning of large clusters
* fix issues with auth_plugin setup during cluster
refresh auth_token
* enable redelegation for cluster trusts, because
heat also will create trusts during heat stack
creation
* refreshing cluster before create/delete trusts
to check to be sure that correct trust applied
to cluster.
* removing config option for expiry since it unused now.
SecurityImpact
Closes-bug: 1521992 9aae59d0313d572 6f2bd4f7282
Related-bug: 1486653
Change-Id: Ic5ab5a875754c0