Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1443133 - Security Compliance settings can't be enabled by default
Security Compliance settings can't be enabled by default
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tempest (Show other bugs)
11.0 (Ocata)
Unspecified Unspecified
urgent Severity unspecified
: rc
: 11.0 (Ocata)
Assigned To: Chandan Kumar
Martin Kopec
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-04-18 10:37 EDT by Rodrigo Duarte
Modified: 2017-05-17 16:22 EDT (History)
9 users (show)

See Also:
Fixed In Version: python-tempestconf-1.1.1-1.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-05-17 16:22:44 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Gerrithub.io 357488 None None None 2017-04-18 10:37 EDT
RDO 6307 None None None 2017-04-19 13:30 EDT
RDO 6308 None None None 2017-04-19 13:31 EDT
Red Hat Product Errata RHEA-2017:1245 normal SHIPPED_LIVE Red Hat OpenStack Platform 11.0 Bug Fix and Enhancement Advisory 2017-05-17 19:01:50 EDT

  None (edit)
Description Rodrigo Duarte 2017-04-18 10:37:46 EDT 
The patch [1] enabled two feature flags for keystone. Turns out the "security_compliance" feature flag needs extra settings to proper work, see [2] for more details.

To finally enable this setting, we need to create an additional job that will customize keystone.conf.

The attached change in Gerrithub.io removes the "security_compliance" setting, than, fixing this issue.

[1] https://github.com/redhat-openstack/python-tempestconf/commit/354bdb46facc2329fa57305c246de84be7a156b4
[2] https://review.openstack.org/#/c/377004/
Comment 1 Chandan Kumar 2017-04-19 13:45:33 EDT 
python-tempestconf-1.1.1 contains the fixes for this bug.
Comment 2 Attila Fazekas 2017-04-20 05:08:47 EDT 
This feature (password rules) is not expected to be default enabled by any of the puppet based installer (packstack, director), so python-tempestconf MUST not enable it by default.

It is default disabled in python-tempest,  python-tempestconf just started to override it without considering the consequences.
Comment 6 Martin Kopec 2017-04-27 09:31:34 EDT 
Verification: 
automated tests using new python-tempestconf-1.1.1-1.el7ost package passed, bug is fixed in this version of python-tempestconf
Comment 7 errata-xmlrpc 2017-05-17 16:22:44 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1245
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.