Set service_type in [keystone_authtoken] for access rule validation#925
Conversation
Without service_type configured, keystonemiddleware cannot validate application credentials with custom access rules, causing HTTP 401 for end users. Closes: OSPRH-22365 Signed-off-by: Veronika Fisarova <vfisarov@redhat.com>
|
We don't need similar for the service_credentials config sections? |
|
@vyzigold No, because this is only for incoming requests to the API, it doesn't affect outgoing requests to other services https://docs.openstack.org/keystone/latest/user/application_credentials.html#access-rules |
|
The change for Aodh probably isn't needed, since Keystone will never support App creds with trust. But this is fine as is and I'll figure out Aodh later. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Deydra71, vyzigold The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
0155f70
into
openstack-k8s-operators:main
|
/cherry-pick 18.0-fr6 |
|
@Deydra71: new pull request created: #930 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Without service_type configured, keystonemiddleware cannot validate application credentials with custom access rules, causing HTTP 401 for end users.
Closes: OSPRH-22365