Set service_type in [keystone_authtoken] for access rule validation#664
Conversation
Without service_type configured, keystonemiddleware cannot validate application credentials with custom access rules, causing HTTP 401 for end users. Closes: OSPRH-22365 Signed-off-by: Veronika Fisarova <vfisarov@redhat.com>
| {{ end -}} | ||
| service_token_roles_required = true | ||
| interface = internal | ||
| service_type = volumev3 |
There was a problem hiding this comment.
same question I asked in manila/glance about propagating [1].
[1] https://github.com/openstack-k8s-operators/cinder-operator/blob/main/internal/cinder/const.go#L35
|
Build failed (check pipeline). Post ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 21m 55s |
fmount
left a comment
fmount
left a comment
There was a problem hiding this comment.
/lgtm as discussed let's hardcode based on https://opendev.org/openstack/service-types-authority/src/branch/master/service-types.yaml and to keep consistency across the board.
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Deydra71, fmount The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
recheck |
openshift-merge-bot
Bot
merged commit 397ce17
into
openstack-k8s-operators:main
|
/cherry-pick 18.0-fr6 |
|
@Deydra71: new pull request created: #668 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
3 participants
Without service_type configured, keystonemiddleware cannot validate application credentials with custom access rules, causing HTTP 401 for end users.
Closes: OSPRH-22365