Bug 1325541 - [RFE][keystone] Fernet Token Support
Summary: [RFE][keystone] Fernet Token Support
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-keystone
Version: 9.0 (Mitaka)
Hardware: All
OS: All
high
high
Target Milestone: rc
: 10.0 (Newton)
Assignee: Adam Young
QA Contact: nlevinki
URL:
Whiteboard:
Depends On:
Blocks: 1336533 1382799 1382803
TreeView+ depends on / blocked
 
Reported: 2016-04-09 20:20 UTC by Adam Young
Modified: 2016-12-14 15:32 UTC (History)
7 users (show)

Fixed In Version: openstack-keystone-10.0.0-1.el7ost
Doc Type: Enhancement
Doc Text:
Clone Of:
: 1382799 1382803 (view as bug list)
Environment:
Last Closed: 2016-12-14 15:32:00 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2016:2948 normal SHIPPED_LIVE Red Hat OpenStack Platform 10 enhancement update 2016-12-14 19:55:27 UTC
OpenStack gerrit 258650 None None None 2016-04-09 20:20:55 UTC

Description Adam Young 2016-04-09 20:20:55 UTC
Description of problem:

Fernet tokens are not default in upstream Mitaka due to several unit tests failing.  Once these have been resolved, the changes required should be backported to ship with OSP 8.

Comment 2 Adam Young 2016-09-02 17:43:00 UTC
This needs a spec for Tripleo, as there is no support for deploying and syncing keys.

it might be possible to do in a manual process, but will not be default, or managed, by openstack overcloud deploy.

Comment 3 Mark McLoughlin 2016-09-05 12:29:00 UTC
Upstream discussion on key rotation: http://lists.openstack.org/pipermail/openstack-dev/2016-August/101262.html

Comment 4 Adam Young 2016-09-07 22:34:04 UTC
A series of reviews in Puppet, Heat, and Tripleo look likely to make this a reality, or at least much closer.

https://review.openstack.org/#/q/topic:keystone/credentials

Comment 5 Nathan Kinder 2016-09-22 19:39:39 UTC
(In reply to Adam Young from comment #4)
> A series of reviews in Puppet, Heat, and Tripleo look likely to make this a
> reality, or at least much closer.
> 
> https://review.openstack.org/#/q/topic:keystone/credentials

These did not actually implement Fernet support, so more work is needed here.

Comment 13 errata-xmlrpc 2016-12-14 15:32:00 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-2948.html


Note You need to log in before you can comment on or make changes to this bug.