Page MenuHomePhabricator

Add keystone auth for dynamicproxy api
Open, Needs TriagePublic

Description

Right now the project-proxy API is secured with firewall rules. It should check Keystone tokens like any other openstack service.

Event Timeline

Change 737856 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] aptrepo: add component for rackspace openstack debs

https://gerrit.wikimedia.org/r/737856

Change 739577 had a related patch set uploaded (by Majavah; author: Majavah):

[openstack/horizon/wmf-proxy-dashboard@master] views: use keystone for proxy requests

https://gerrit.wikimedia.org/r/739577

Change 737856 abandoned by Majavah:

[operations/puppet@production] aptrepo: add component for rackspace openstack debs

Reason:

https://gerrit.wikimedia.org/r/737856

Mentioned in SAL (#wikimedia-operations) [2021-11-18T11:07:09Z] <arturo> added python-flask-oslolog_0.1~git20201012.7803a46-1 to bullseye-wikimedia (T295234)

Mentioned in SAL (#wikimedia-operations) [2021-11-18T11:26:10Z] <arturo> aborrero@apt1001:~$ sudo -i reprepro processincoming default /srv/wikimedia/incoming/python-flask-keystone_0.2~git20201012.b5cd4da-1_amd64.changes (T295234)

Change 739902 had a related patch set uploaded (by Andrew Bogott; author: Andrew Bogott):

[operations/puppet@production] Keystone policy: add support for the keystonevalidate role

https://gerrit.wikimedia.org/r/739902

Change 739902 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] Keystone policy: add support for the keystonevalidate role

https://gerrit.wikimedia.org/r/739902

Change 739577 merged by Andrew Bogott:

[openstack/horizon/wmf-proxy-dashboard@master] views: use keystone for proxy requests

https://gerrit.wikimedia.org/r/739577

Change 740225 had a related patch set uploaded (by Andrew Bogott; author: Majavah):

[openstack/horizon/wmf-proxy-dashboard@main] views: use keystone for proxy requests

https://gerrit.wikimedia.org/r/740225

Change 740226 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] dynamicproxy: add keystone authentication

https://gerrit.wikimedia.org/r/740226

Change 740225 merged by Andrew Bogott:

[openstack/horizon/wmf-proxy-dashboard@main] views: use keystone for proxy requests

https://gerrit.wikimedia.org/r/740225

Change 740227 had a related patch set uploaded (by Andrew Bogott; author: Andrew Bogott):

[openstack/horizon/deploy@main] Update wmf-proxy-dashboard submodule: use Keystone auth for proxy editing

https://gerrit.wikimedia.org/r/740227

Change 740227 merged by Andrew Bogott:

[openstack/horizon/deploy@main] Update wmf-proxy-dashboard submodule: use Keystone auth for proxy editing

https://gerrit.wikimedia.org/r/740227

Change 740226 merged by Andrew Bogott:

[operations/puppet@production] dynamicproxy: add keystone token verification

https://gerrit.wikimedia.org/r/740226

Keystone tokens are now being verified. Next step is to add support for per-project RBAC policy.

Change 740306 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] opentack: add keystone auth to remaining proxy api users

https://gerrit.wikimedia.org/r/740306

Change 740306 merged by Andrew Bogott:

[operations/puppet@production] opentack: add keystone auth to remaining proxy api users

https://gerrit.wikimedia.org/r/740306