On git push, the trigger workflow gets called. The worker creates a new image and calls the deployer for deploying the heat stack. Assembly is getting stuck in Building state since the deployer is not able to update the heat stack.
This error is seen after the trusts code got merged.
Following is the error trace in deployer:
{"explanation": "The server could not comply with the request since it is either malformed or otherwise incorrect.", "code": 400, "error": {"message": "Property error : compute: image Authorization failed: You are not authorized to perform the requested action. (HTTP 403)", "traceback": "Traceback (most recent call last):\n\n File \"/opt/stack/heat/heat/engine/service.py\", line 62, in wrapped\n return func(self, ctx, *args, **kwargs)\n\n File \"/opt/stack/heat/heat/engine/service.py\", line 598, in update_stack\n updated_stack.validate()\n\n File \"/opt/stack/heat/heat/engine/parser.py\", line 356, in validate\n raise ex\n\nStackValidationFailed: Property error : compute: image Authorization failed: You are not authorized to perform the requested action. (HTTP 403)\n", "type": "StackValidationFailed"}, "title": "Bad Request"}
log_http_response /opt/stack/python-heatclient/heatclient/common/http.py:122
2014-05-07 22:23:12.537 5823 ERROR oslo.messaging.rpc.dispatcher [-] Exception during message handling: ERROR: Property error : compute: image Authorization failed: You are not authorized to perform the requested action. (HTTP 403)
2014-05-07 22:23:12.537 5823 TRACE oslo.messaging.rpc.dispatcher Traceback (most recent call last):
2014-05-07 22:23:12.537 5823 TRACE oslo.messaging.rpc.dispatcher File "/usr/local/lib/python2.7/dist-packages/oslo/messaging/rpc/dispatcher.py", line 133, in _dispatch_and_reply
2014-05-07 22:23:12.537 5823 TRACE oslo.messaging.rpc.dispatcher incoming.message))
2014-05-07 22:23:12.537 5823 TRACE oslo.messaging.rpc.dispatcher File "/usr/local/lib/python2.7/dist-packages/oslo/messaging/rpc/dispatcher.py", line 176, in _dispatch
2014-05-07 22:23:12.537 5823 TRACE oslo.messaging.rpc.dispatcher return self._do_dispatch(endpoint, method, ctxt, args)
2014-05-07 22:23:12.537 5823 TRACE oslo.messaging.rpc.dispatcher File "/usr/local/lib/python2.7/dist-packages/oslo/messaging/rpc/dispatcher.py", line 122, in _do_dispatch
2014-05-07 22:23:12.537 5823 TRACE oslo.messaging.rpc.dispatcher result = getattr(endpoint, method)(ctxt, **new_args)
2014-05-07 22:23:12.537 5823 TRACE oslo.messaging.rpc.dispatcher File "/opt/stack/solum/solum/deployer/handlers/heat.py", line 112, in deploy
2014-05-07 22:23:12.537 5823 TRACE oslo.messaging.rpc.dispatcher parameters=parameters)
2014-05-07 22:23:12.537 5823 TRACE oslo.messaging.rpc.dispatcher File "/opt/stack/python-heatclient/heatclient/v1/stacks.py", line 126, in update
2014-05-07 22:23:12.537 5823 TRACE oslo.messaging.rpc.dispatcher data=kwargs, headers=headers)
2014-05-07 22:23:12.537 5823 TRACE oslo.messaging.rpc.dispatcher File "/opt/stack/python-heatclient/heatclient/common/http.py", line 235, in json_request
2014-05-07 22:23:12.537 5823 TRACE oslo.messaging.rpc.dispatcher resp = self._http_request(url, method, **kwargs)
2014-05-07 22:23:12.537 5823 TRACE oslo.messaging.rpc.dispatcher File "/opt/stack/python-heatclient/heatclient/common/http.py", line 203, in _http_request
2014-05-07 22:23:12.537 5823 TRACE oslo.messaging.rpc.dispatcher resp = self._http_request(path, method, **kwargs)
2014-05-07 22:23:12.537 5823 TRACE oslo.messaging.rpc.dispatcher File "/opt/stack/python-heatclient/heatclient/common/http.py", line 196, in _http_request
2014-05-07 22:23:12.537 5823 TRACE oslo.messaging.rpc.dispatcher raise exc.from_response(resp)
2014-05-07 22:23:12.537 5823 TRACE oslo.messaging.rpc.dispatcher HTTPBadRequest: ERROR: Property error : compute: image Authorization failed: You are not authorized to perform the requested action. (HTTP 403)
@aratim: how long after the trigger is defined are we accessing it? Are we storing trust tokens and reusing them, or generating a new one each time a trigger is accessed? The reason I ask this is to potentially rule out the possibility of an expired token.