[octavia] Help with fix barbican client in octavia when use trust-scoped token

Michael Johnson johnsomor at gmail.com
Sun Aug 21 20:17:11 UTC 2022


Hi,

Can you please attach your traceback to the story?

Michael

On Sat, Aug 20, 2022 at 12:24 PM Dmitriy Rabotyagov
<noonedeadpunk at gmail.com> wrote:
>
> Hey,
>
> It's not barbican client and issue, but how Octavia does create token out of application credentials.
>
> We've also catched that issue and tried to solve it from keystone side [1], but seems that code refactoring is required.
> While proposed workaround for keystone kind of works, I guess it might cause more serious security concerns, as basically creating token from application credentials token seems to be never supported by keystone.
>
> [1] https://bugs.launchpad.net/keystone/+bug/1959674
>
>
> сб, 20 авг. 2022 г., 20:29 Ришат Азизов <rishat.azizov at gmail.com>:
>>
>> Hello!
>>
>> I have error with terminated https loadbalancer, it described here: https://storyboard.openstack.org/#!/story/2007619
>>
>> Could you please help with fix for barbican client?
>> Thank you.



More information about the openstack-discuss mailing list