yahoo-eng-team team mailing list archive

Thread
Date

[Bug 2006631] Re: service token does not work if user auth is token based

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Brian Rosmaita <2006631@xxxxxxxxxxxxxxxxxx>
Date: Fri, 10 Feb 2023 02:06:36 -0000
Reply-to: Bug 2006631 <2006631@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

This looks like a keystone middleware issue to me ... you should check
with the Keystone team about how this feature is supposed to work and
whether it's a bug or a configuration problem.

** Also affects: keystone
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/2006631

Title:
  service token does not work if user auth is token based

Status in Cinder:
  New
Status in OpenStack Identity (keystone):
  New

Bug description:
  To deal with long running operation service token is used alongwith user token. In this case user token is generated from password auth type and then service token wrapped alongwith user token is used for authentication, which allows to run operation upto 48 hours fine.
  However if user token is used as token auth type and then service token wrapped alongwith user token, operation fails immediately when user token is expired. That service token is of no use in this case, this is bug and needs to fixed.

  steps to reproduce - 
  https://paste.opendev.org/show/bAoAjwVMVCBxsNt6Z9kB/

  Failure logs - 
  https://paste.opendev.org/show/bhAZ33JYpkhrbBLZzCdK/

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/2006631/+subscriptions