Matthew Northcott
1fe3fe44c0
Implements the credential rotation feature introduced in Magnum. The naming scheme of application credentials created has been changed to include a nonce value to allow validation of the new credential before deletion of the old one. Existing app credentials are now identified by decoding their ID from the corresponding secret in the active cluster. Change-Id: Ibd01e145af498c4b2a8e38fb0faf48f36da0ab98 Signed-off-by: Matthew Northcott <matthewnorthcott@catalystcloud.nz>
13 lines
498 B
YAML
13 lines
498 B
YAML
---
|
|
features:
|
|
- |
|
|
Adds support for application credential rotation for workload clusters
|
|
via the credential API.
|
|
fixes:
|
|
- |
|
|
Fixes a bug where the application credential created for a cluster could
|
|
persist after cluster deletion if the performing user did not have the
|
|
correct privileges to delete it. This only applies to clusters using
|
|
Keystone Ussuri or later due to a bug in earlier releases. See `LP#1901207
|
|
<https://bugs.launchpad.net/keystone/+bug/1901207>`__
|