Castellan doesn't support trust-scoped token for barbican
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
castellan |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
When I tried to run Heat tests with `reauthenticati
castellan.
bd20a4223d4e - default default] Error creating Barbican client: You are not authorized to perform the requested action: Using trust-scoped token to create another token. Create
a new trust-scoped token instead. (HTTP 403) (Request-ID: req-774770c4-
st-scoped token to create another token. Create a new trust-scoped token instead. (HTTP 403) (Request-ID: req-774770c4-
2019-04-15 10:05:22,438.438 6405 ERROR cursive.
ult default] Unable to retrieve certificate with ID b50bfd20-
scoped token to create another token. Create a new trust-scoped token instead. (HTTP 403) (Request-ID: req-774770c4-
ror: You are not authorized to perform the requested action: Using trust-scoped token to create another token. Create a new trust-scoped token instead. (HTTP 403) (Request-ID: req-774770c4-
As I can see castellan tried to create new token used trust-scope token for barbican client, but this is not allowed.
Reviewed: https:/ /review. opendev. org/662830 /git.openstack. org/cgit/ openstack/ castellan/ commit/ ?id=5d936763380 b9d97df409de2d3 3b3e9b98d61a94
Committed: https:/
Submitter: Zuul
Branch: master
commit 5d936763380b9d9 7df409de2d33b3e 9b98d61a94
Author: Vladislav Kuzmin <email address hidden>
Date: Tue Jun 4 17:09:58 2019 +0400
Reuse existing token from RequestContext
When castellan trying to recreate trust-scoped token
from RequestContext keystone throw exception
because it's not allowed.
Starting from this commit castellan trying to
reuse existing token constructed from RequestContext
if get_auth_plugin() is available.
Change-Id: I10a12b9a2a7f79 6eca37dd20a280d 3a4015a6903 /review. opendev. org/#/c/ 664558/
Closes-Bug: #1827047
Depends-On: https:/