Set service_type in [keystone_authtoken] for access rule validation by Deydra71 · Pull Request #933 · openstack-k8s-operators/glance-operator

Deydra71 · 2026-06-25T08:51:50Z

Without service_type configured, keystonemiddleware cannot validate application credentials with custom access rules, causing HTTP 401 for end users.

Closes: OSPRH-22365

Without service_type configured, keystonemiddleware cannot validate application credentials with custom access rules, causing HTTP 401 for end users. Closes: OSPRH-22365 Signed-off-by: Veronika Fisarova <vfisarov@redhat.com>

fmount

/lgtm

openshift-ci · 2026-06-25T09:59:39Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Deydra71, fmount

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [fmount]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

fmount · 2026-06-25T10:04:39Z

 memcache_tls_cafile = {{ .MemcachedAuthCa }}
 memcache_tls_enabled = true
 {{end}}
+service_type = image


@Deydra71 before merging I was wondering if it makes sense to propagate [1] via templateParameters.
In addition looks like ServiceType is what we use in the first place to call the keystoneAPI and register a new Service [2].

[1] https://github.com/openstack-k8s-operators/glance-operator/blob/main/internal/glance/const.go#L36
[2] https://github.com/openstack-k8s-operators/glance-operator/blob/main/internal/controller/glance_controller.go#L476

@Deydra71 I won't paste the same comment everywhere but worth double checking this part for other operators as well.

Thanks @fmount ! I raised your question in nova --> openstack-k8s-operators/nova-operator#1136 (comment)

With that I think we should keep it hardcoded so it's unified across operators, wdyt?

ok, let's keep consistency and hardcode it everywhere. we'll folllow up if we really need to!

fmount · 2026-06-25T14:44:57Z

/lgtm

fmount · 2026-06-26T09:29:33Z

@Deydra71 at this point main is supposed to be 19: feel free to cherry-pick to FR6 to make sure we get this fix

Deydra71 · 2026-06-26T12:57:53Z

/cherry-pick 18.0-fr6

openshift-cherrypick-robot · 2026-06-26T12:58:33Z

@Deydra71: new pull request created: #937

Details

In response to this:

/cherry-pick 18.0-fr6

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

openshift-ci Bot requested review from dprince and stuggi June 25, 2026 08:51

Deydra71 requested a review from fmount June 25, 2026 09:38

fmount approved these changes Jun 25, 2026

View reviewed changes

openshift-ci Bot assigned fmount Jun 25, 2026

openshift-ci Bot added the lgtm label Jun 25, 2026

openshift-ci Bot added the approved label Jun 25, 2026

fmount removed the lgtm label Jun 25, 2026

fmount reviewed Jun 25, 2026

View reviewed changes

Deydra71 mentioned this pull request Jun 25, 2026

Set service_type in [keystone_authtoken] for access rule validation openstack-k8s-operators/nova-operator#1136

Merged

openshift-ci Bot added the lgtm label Jun 25, 2026

openshift-merge-bot Bot merged commit 45d91b1 into openstack-k8s-operators:main Jun 25, 2026
6 checks passed

openshift-cherrypick-robot mentioned this pull request Jun 26, 2026

[18.0-fr6] Set service_type in [keystone_authtoken] for access rule validation #937

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Set service_type in [keystone_authtoken] for access rule validation#933

Set service_type in [keystone_authtoken] for access rule validation#933
openshift-merge-bot[bot] merged 1 commit into
openstack-k8s-operators:mainfrom
Deydra71:service-type-access-rules

Deydra71 commented Jun 25, 2026 •

edited by openshift-ci Bot

Loading

Uh oh!

fmount left a comment

Uh oh!

openshift-ci Bot commented Jun 25, 2026

Uh oh!

fmount Jun 25, 2026 •

edited

Loading

Uh oh!

fmount Jun 25, 2026

Uh oh!

Deydra71 Jun 25, 2026

Uh oh!

fmount Jun 25, 2026 •

edited

Loading

Uh oh!

fmount commented Jun 25, 2026

Uh oh!

Uh oh!

fmount commented Jun 26, 2026

Uh oh!

Deydra71 commented Jun 26, 2026

Uh oh!

openshift-cherrypick-robot commented Jun 26, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Uh oh!

Conversation

Deydra71 commented Jun 25, 2026 • edited by openshift-ci Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

fmount left a comment

Choose a reason for hiding this comment

Uh oh!

openshift-ci Bot commented Jun 25, 2026

Uh oh!

fmount Jun 25, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

fmount Jun 25, 2026

Choose a reason for hiding this comment

Uh oh!

Deydra71 Jun 25, 2026

Choose a reason for hiding this comment

Uh oh!

fmount Jun 25, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

fmount commented Jun 25, 2026

Uh oh!

Uh oh!

fmount commented Jun 26, 2026

Uh oh!

Deydra71 commented Jun 26, 2026

Uh oh!

openshift-cherrypick-robot commented Jun 26, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Deydra71 commented Jun 25, 2026 •

edited by openshift-ci Bot

Loading

fmount Jun 25, 2026 •

edited

Loading

fmount Jun 25, 2026 •

edited

Loading