Cannot create cron-trigger using trust-scoped token
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mistral |
In Progress
|
High
|
Victor Coutellier |
Bug Description
Due to that it is impossible to do the following:
Create a workflow that creates a trigger.
Create a trigger which runs the workflow above.
So, in the workflow it will be used trust-scoped token for requesting to Mistral. During mistralclient call cron_triggers.
Server-side error: "Authorization failed: You are not authorized to perform the requested action. (HTTP 403) (Request-ID: req-ed3cd937-
Traceback (most recent call last):
File "/opt/mistral/
result = f(self, *args, **kwargs)
File "/opt/mistral/
workflow_
File "/opt/mistral/
security.
File "/opt/mistral/
trust = create_trust()
File "/opt/mistral/
client = keystone.client()
File "/opt/mistral/
auth_
File "/opt/mistral/
self.
File "/opt/mistral/
return wrapped(*args, **kwargs)
File "/opt/mistral/
resp = self.get_
File "/opt/mistral/
_('
Probably there is wrong client initialization in mistral/
Steps to reproduce:
1. Create a keystone trust
2. Create a token using this trust (Token used inside the workflow above can be just picked from the database, column context)
3. Try to request mistral
curl http://
{"debuginfo": null, "faultcode": "Server", "faultstring": "Authorization failed: You are not authorized to perform the requested action. (HTTP 403) (Request-ID: req-ed3cd937-
4. Try to use this token to request something else (to verify it is valid)
curl http://
{"projects": [ ... ]}
5. Eventually we get the project list.
Changed in mistral: | |
milestone: | queens-1 → queens-2 |
Changed in mistral: | |
milestone: | queens-2 → queens-3 |
Changed in mistral: | |
milestone: | queens-3 → rocky-1 |
Changed in mistral: | |
milestone: | rocky-1 → rocky-2 |
status: | Confirmed → Triaged |
Changed in mistral: | |
status: | Triaged → Confirmed |
milestone: | rocky-2 → rocky-3 |
Changed in mistral: | |
milestone: | rocky-3 → stein-1 |
Changed in mistral: | |
milestone: | stein-1 → none |
Changed in mistral: | |
assignee: | nobody → Victor Coutellier (alistarle) |
Hi Guys!
Is there any update?