cron trigger uses trust-scoped token to create another token
Bug #1690787 reported by
Boris Bobrov
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mistral |
Fix Released
|
High
|
Andras Kovi |
Bug Description
Mistral from RDO repo centos-
I am trying to use a cron trigger. All actions are performed by user "admin" on project "admin". Workflow works fine when launched manually. The workflow is this: http://
Changed in mistral: | |
milestone: | none → pike-2 |
importance: | Undecided → High |
Changed in mistral: | |
milestone: | pike-2 → pike-3 |
Changed in mistral: | |
assignee: | nobody → Andras Kovi (akovi) |
status: | New → In Progress |
To post a comment you must log in.
This is also relevant if Heat calls Mistral [1], which produces the following same error when calling mistral. environments_ get:
You are not authorized to perform the requested action: Using trust-scoped token to create another token. Create a new trust-scoped token instead.
If Heat is configured to not use Trusts, then the problem does not occur. Perhaps it can be addressed in mistral/ mistralclient. I am using mistral custom action to get around the issue for now.
[1] version: ocata :Workflow environments_ get name='my_env' .result. variables %>
on_sucess: [task2] :ExternalResour ce
"""
heat_template_
resources:
workflow:
type: OS::Mistral:
properties:
type: direct
tasks:
- name: task1
action: mistral.
publish:
env: <% task(task1)
- name: task2
action: std.echo output=<% $.env %>
execution:
type: OS::Mistral:
properties:
actions:
CREATE:
workflow: {get_resource: workflow}
"""