Warning message is triggered only if some service makes a call to keystone, but in case of non-keystone service calls like nova calling cinder, the request is going through 'authtoken' middleware[0] in paste pipeline which initializes keystonemiddleware.auth_token.BaseAuthProtocol[1] by loading 'service_token_roles', 'service_token_roles_required'[2] from cinder.conf file .
Warning message is triggered only if some service makes a call to keystone, but in case of non-keystone service calls like nova calling cinder, the request is going through 'authtoken' middleware[0] in paste pipeline which initializes keystonemiddlew are.auth_ token.BaseAuthP rotocol[ 1] by loading 'service_ token_roles' , 'service_ token_roles_ required' [2] from cinder.conf file .
[0][filter: authtoken] filter_ factory = keystonemiddlew are.auth_ token:filter_ factory
paste.
[1] https:/ /github. com/openstack/ keystonemiddlew are/blob/ stable/ pike/keystonemi ddleware/ auth_token/ __init_ _.py#L565- L570
[2] authtoken] token_roles_ required = True
[keystone_
service_
service_token_roles = admin