-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Varun,
I believe the expected workflow for this use case is: 1. User uploads cert + key to Barbican 2. User grants lbass access to the barbican certificate container using the ACL API [1] 3. User requests tls container by providing Barbican container reference Since the user grants the lbass user access in step 2, the token generated using the conf file credentials will be accepted by Barbican and the certificate will be made available to lbass. - - Douglas Mendizábal [1] http://docs.openstack.org/developer/barbican/api/quickstart/acls.htm l On 9/19/15 12:13 AM, Varun Lodaya wrote: > Hi Guys, > > With lbaasv2, I noticed that when we try to associate tls > containers with lbaas listeners, lbaas tries to validate the > container and while doing so, tries to get keystone token based on > tenant/user credentials in neutron.conf file. However, the barbican > containers could belong to different users in different tenants, in > that case, container look up would always fail? Am I missing > something? > > Thanks, Varun > > > ______________________________________________________________________ ____ > > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: > [email protected]?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJV/PhsAAoJEB7Z2EQgmLX7yYQQAJLI+njJaIyDhG8uyJZiq9Rp KIHFppR0HT10muGxAcUGcDlAFpH6+Ww62fxs6WIbPnGXutK0iwmNOvef3S3+HKLj 0jE4RHcrDQK8dCZ+FRslC3RuF8oxppTOUVHq/IcD9g6JAsFPvmFaPNf5+XLE5z+P a7T+ycfrtoG8ZKDFIv8XJcb4knDKNUT3JLGtLZ8UuEBoQiSZcpm33UUQcUsZgdSE EZPi4GSC9pwfDe3ujxOlPoAgEjKUApMMA+WtdMINLleJrw7FH9YWFXzHGv93Uwrl BBNpZ5QDMCKXd/q2n1IMVj0ejC8EoOL9Wv5ZTvkRFZjDfA2x7P3U24gKGaERj+Lu t4Llsn4PHIaZ+DFchI4SjPblApYQ4CGDYDzh6xqvOFAv3Gfi8strNzSdu4aHOQZM TeaRd6A06nI/J/lA9YzEgZFaOhLlU8iWPfYEAqAHVZTZQrbaTTMwVxbttD++qK/q VJ4jcUfxPyoPuY78sNiJ7W8HuZgaPVxMi/s5rfjcR8NREjOrSkJSQ4eG5OMR3LmA Tem2/pF50a0Awb+RbSIDzDO2nBJzarKYONih+dCF/fgk66BKQC7D8vyujKYRhk5z dHDUhFNnuLg9pmS0rtS9Rthc4bpz2gTph35ZFsjMNm55DfsGcsUoHge1w9HQHjXL edqEMWH4eAZvO5cmioeH =O44k -----END PGP SIGNATURE----- __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
