© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Andras,
Regarding your comments on 2) and 3), You may be right but I'm not sure on 100%. Renewal is assumed anyway, that's why trust is needed. And it seems to me that if we were able to make a call to OpenStack with some token then we're good, regardless token expiration time, no? Otherwise, for example, if token expiration period is 3 days and I start creating a heat stack which takes 4 days, it will still fail. If so, I can always come up with a big enough stack that will fail to create regardless of my token expiration period. What am I missing?
Btw, I thought that access impersonation (in our case using trust) does not require admin permissions. Based on a user token, Heat just creates another trust which in turn is used to get other tokens inside Heat with the same permissions as the original token. Why would we need admin access here? For what?
Renat