From b245bdbf0cfe5ade58c6ba1c3141b3106dbde1d7 Mon Sep 17 00:00:00 2001 From: Veronika Fisarova Date: Thu, 25 Jun 2026 09:45:59 +0200 Subject: [PATCH] Set service_type in [keystone_authtoken] for access rule validation Without service_type configured, keystonemiddleware cannot validate application credentials with custom access rules, causing HTTP 401 for end users. Closes: OSPRH-22365 Signed-off-by: Veronika Fisarova --- templates/cinder/config/00-global-defaults.conf | 1 + test/functional/cinder_controller_test.go | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/templates/cinder/config/00-global-defaults.conf b/templates/cinder/config/00-global-defaults.conf index 44bc525d..8f046acf 100644 --- a/templates/cinder/config/00-global-defaults.conf +++ b/templates/cinder/config/00-global-defaults.conf @@ -93,6 +93,7 @@ project_name = service {{ end -}} service_token_roles_required = true interface = internal +service_type = volumev3 {{ if (index . "Region") -}} region_name = {{ .Region }} {{ end -}} diff --git a/test/functional/cinder_controller_test.go b/test/functional/cinder_controller_test.go index 9322fb90..171d1bdb 100644 --- a/test/functional/cinder_controller_test.go +++ b/test/functional/cinder_controller_test.go @@ -335,10 +335,11 @@ var _ = Describe("Cinder controller", func() { cfg, err := ini.Load([]byte(configData)) Expect(err).ShouldNot(HaveOccurred(), "Should be able to parse config as INI") - // Verify region_name in [keystone_authtoken] + // Verify region_name and service_type in [keystone_authtoken] section := cfg.Section("keystone_authtoken") Expect(section).ShouldNot(BeNil(), "Should find [keystone_authtoken] section") Expect(section.Key("region_name").String()).Should(Equal(testRegion)) + Expect(section.Key("service_type").String()).Should(Equal("volumev3")) // Verify region_name in [nova] section = cfg.Section("nova")