Register all auth options when deleting encryption key

keystoneauth loading register conf options only registers basic conf options for all auth plugins - auth_type and auth_section. In order for options to be registered for specific auth plugin (password in this case), it must be explicitly accessed / loaded first. Closes-Bug: #1946483 Change-Id: I26c8aedf346868a6f8870b7febabc252bce3ff8b
2021-10-08 11:30:45 +00:00 · 2021-10-08 11:30:45 +00:00 · 9feee2e87b
commit 9feee2e87b
parent 45fd889c78
2 changed files with 10 additions and 0 deletions
--- a/cinder/volume/volume_utils.py
+++ b/cinder/volume/volume_utils.py
@ -996,6 +996,7 @@ def delete_encryption_key(context: context.RequestContext,
                 "cinder's service context.", encryption_key_id)
        conf = CONF
        ks_loading.register_auth_conf_options(conf, 'keystone_authtoken')
+        ks_loading.load_auth_from_conf_options(conf, 'keystone_authtoken')
        service_context = keystone_password.KeystonePassword(
            password=conf.keystone_authtoken.password,
            auth_url=conf.keystone_authtoken.auth_url,
--- a/releasenotes/notes/bug-1946483-cryptic-error-in-backup-fe03939577867e0a.yaml
+++ b/releasenotes/notes/bug-1946483-cryptic-error-in-backup-fe03939577867e0a.yaml
@ -0,0 +1,9 @@
+---
+fixes:
+  - |
+    `Bug #1946483 <https://bugs.launchpad.net/cinder/+bug/1946483>`_: Fixed
+    an issue where admin user fails to delete backup of an encrypted
+    volume with an ``oslo_config.cfg.NoSuchOptError`` error in logs
+    of cinder-backup service.
+    With this fix cloud admin is able to delete backups of encrypted volumes
+    created by other users if Barbican API policies allow it.