Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

st2sensor default create a token with ttl = 1 day #3314

Closed
jiang-wei opened this issue Mar 28, 2017 · 4 comments
Closed

st2sensor default create a token with ttl = 1 day #3314

jiang-wei opened this issue Mar 28, 2017 · 4 comments
Assignees
@Kami
Labels
complexity:easy

Comments

@jiang-wei
Copy link

jiang-wei commented Mar 28, 2017
edited
Loading

when update the ttl of the token in st2.conf to 600 seconds, the sensor container complains failed to create token with expiry of 86400 for the sensor.

[2017-03-28 16:57:38,855 58587408 ERROR sensor_watcher [-] Handling failed. Message body: SensorTypeDB(artifact_uri="file:///opt/stackstorm/packs/chatops/sensors/HubotWatchdog2.py", description="watch the log of st2chatops. send the timestamp of the last log line", enabled=True, entry_point="sensors.HubotWatchdog2.HubotWatchdog", id=58d0dadc921627282206cf04, name="HubotWatchdog", pack="chatops", poll_interval=10, trigger_types=[u'chatops.last_hubot_log_timestamp_delta'], uid="sensor_type:chatops:HubotWatchdog"). Exception: TTL specified 86400 is greater than max allowed 600.
Traceback (most recent call last):
  File "/opt/stackstorm/st2/lib/python2.7/site-packages/st2common/services/sensor_watcher.py", line 82, in process_task
    handler(body)
  File "/opt/stackstorm/st2/lib/python2.7/site-packages/st2reactor/container/manager.py", line 141, in _handle_update_sensor
    self._sensor_container.add_sensor(sensor=sensor_obj)
  File "/opt/stackstorm/st2/lib/python2.7/site-packages/st2reactor/container/process_container.py", line 215, in add_sensor
    self._spawn_sensor_process(sensor=sensor)
  File "/opt/stackstorm/st2/lib/python2.7/site-packages/st2reactor/container/process_container.py", line 294, in _spawn_sensor_process
    temporary_token = create_token(username='sensors_container', ttl=ttl)
  File "/opt/stackstorm/st2/lib/python2.7/site-packages/st2common/services/access.py", line 58, in create_token
    raise TTLTooLargeException(msg)](url)

I check the code and found at /opt/stackstorm/st2/lib/python2.7/site-packages/st2reactor/container/process_container.py + 449

        # Include full api URL and API token specific to that sensor
        ttl = (24 * 60 * 60)
        temporary_token = create_token(username='sensors_container', ttl=ttl)

create_token is about to create a token with ttl=86400 but failed.
@Kami
Copy link
Member

Kami commented Mar 28, 2017

@jiang-wei Thanks for reporting this.

This is a good call, yes.

For end user stuff, we need some kind of protection and reasonable max TTL for tokens, but for system tokens (one used by the sensor container, actions, etc.) it sometimes makes sense to allow larger TTLs.

@Kami
Copy link
Member

Kami commented Mar 28, 2017
edited
Loading

In short - I would propose a code change.

Adding system argument to create_token method and when system=True we would skip TTL check all together. And we would of course update places where system tokens are generated to pass in system=True.

Edit system -> service. I think calling it service is better.

@Kami Kami self-assigned this Mar 28, 2017
@Kami Kami mentioned this issue Mar 28, 2017
Merged
@Kami
Copy link
Member

Kami commented Mar 28, 2017

Proposed change in #3315.

@Kami
Copy link
Member

Kami commented Mar 31, 2017

@jiang-wei Change in #3315 has been merged and will be included in v2.3.0 release.

Thanks again for reporting this.

@Kami Kami closed this as completed Mar 31, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Kami Kami

Labels
complexity:easy
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Kami @jiang-wei