Skip to content

Set service_type in [keystone_authtoken] for access rule validation#925

Merged
openshift-merge-bot[bot] merged 1 commit into
openstack-k8s-operators:mainfrom
Deydra71:service-type-access-rules
Jun 26, 2026
Merged

Set service_type in [keystone_authtoken] for access rule validation#925
openshift-merge-bot[bot] merged 1 commit into
openstack-k8s-operators:mainfrom
Deydra71:service-type-access-rules

Conversation

@Deydra71

@Deydra71 Deydra71 commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

Without service_type configured, keystonemiddleware cannot validate application credentials with custom access rules, causing HTTP 401 for end users.

Closes: OSPRH-22365

Without service_type configured, keystonemiddleware cannot validate
application credentials with custom access rules, causing HTTP 401
for end users.

Closes: OSPRH-22365

Signed-off-by: Veronika Fisarova <vfisarov@redhat.com>
@openshift-ci openshift-ci Bot requested review from dprince and stuggi June 25, 2026 09:18
@Deydra71 Deydra71 requested a review from vyzigold June 25, 2026 09:39
@vyzigold

Copy link
Copy Markdown
Contributor

We don't need similar for the service_credentials config sections?

@Deydra71

Copy link
Copy Markdown
Contributor Author

@vyzigold No, because this is only for incoming requests to the API, it doesn't affect outgoing requests to other services

https://docs.openstack.org/keystone/latest/user/application_credentials.html#access-rules

@vyzigold

Copy link
Copy Markdown
Contributor

The change for Aodh probably isn't needed, since Keystone will never support App creds with trust. But this is fine as is and I'll figure out Aodh later.

@openshift-ci

openshift-ci Bot commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Deydra71, vyzigold

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-bot openshift-merge-bot Bot merged commit 0155f70 into openstack-k8s-operators:main Jun 26, 2026
6 checks passed
@Deydra71

Copy link
Copy Markdown
Contributor Author

/cherry-pick 18.0-fr6

@openshift-cherrypick-robot

Copy link
Copy Markdown

@Deydra71: new pull request created: #930

Details

In response to this:

/cherry-pick 18.0-fr6

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants