[openstack-dev] [neutron][lbaas] Barbican container lookup fron lbaas
Douglas Mendizábal
douglas.mendizabal at rackspace.com
Sat Sep 19 05:53:48 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi Varun,
I believe the expected workflow for this use case is:
1. User uploads cert + key to Barbican
2. User grants lbass access to the barbican certificate container
using the ACL API [1]
3. User requests tls container by providing Barbican container reference
Since the user grants the lbass user access in step 2, the token
generated using the conf file credentials will be accepted by Barbican
and the certificate will be made available to lbass.
- - Douglas Mendizábal
[1] http://docs.openstack.org/developer/barbican/api/quickstart/acls.htm
l
On 9/19/15 12:13 AM, Varun Lodaya wrote:
> Hi Guys,
>
> With lbaasv2, I noticed that when we try to associate tls
> containers with lbaas listeners, lbaas tries to validate the
> container and while doing so, tries to get keystone token based on
> tenant/user credentials in neutron.conf file. However, the barbican
> containers could belong to different users in different tenants, in
> that case, container look up would always fail? Am I missing
> something?
>
> Thanks, Varun
>
>
> ______________________________________________________________________
____
>
>
OpenStack Development Mailing List (not for usage questions)
> Unsubscribe:
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJV/PhsAAoJEB7Z2EQgmLX7yYQQAJLI+njJaIyDhG8uyJZiq9Rp
KIHFppR0HT10muGxAcUGcDlAFpH6+Ww62fxs6WIbPnGXutK0iwmNOvef3S3+HKLj
0jE4RHcrDQK8dCZ+FRslC3RuF8oxppTOUVHq/IcD9g6JAsFPvmFaPNf5+XLE5z+P
a7T+ycfrtoG8ZKDFIv8XJcb4knDKNUT3JLGtLZ8UuEBoQiSZcpm33UUQcUsZgdSE
EZPi4GSC9pwfDe3ujxOlPoAgEjKUApMMA+WtdMINLleJrw7FH9YWFXzHGv93Uwrl
BBNpZ5QDMCKXd/q2n1IMVj0ejC8EoOL9Wv5ZTvkRFZjDfA2x7P3U24gKGaERj+Lu
t4Llsn4PHIaZ+DFchI4SjPblApYQ4CGDYDzh6xqvOFAv3Gfi8strNzSdu4aHOQZM
TeaRd6A06nI/J/lA9YzEgZFaOhLlU8iWPfYEAqAHVZTZQrbaTTMwVxbttD++qK/q
VJ4jcUfxPyoPuY78sNiJ7W8HuZgaPVxMi/s5rfjcR8NREjOrSkJSQ4eG5OMR3LmA
Tem2/pF50a0Awb+RbSIDzDO2nBJzarKYONih+dCF/fgk66BKQC7D8vyujKYRhk5z
dHDUhFNnuLg9pmS0rtS9Rthc4bpz2gTph35ZFsjMNm55DfsGcsUoHge1w9HQHjXL
edqEMWH4eAZvO5cmioeH
=O44k
-----END PGP SIGNATURE-----
More information about the OpenStack-dev
mailing list