Python-keystoneclient roles_for_user, add_user_role & remove_user_role function

asked 2012-05-17 08:38:50 -0600

michael-lin gravatar image

Dear all,

I've trace python-keystoneclient

There have 3 functions that I have some question.

First of all, the "add_user_role" function comment said that

"If tenant is specified, the role is added just for that tenant, otherwise the role is added globally."

and the function is "def add_user_role(self, user, role, tenant=None):"

I saw that tenant args could be NONE, but when I wrote

from keystoneclient.v2_0 import client auth = client.Client(username="admin", password="password", tenant_name="TENANT", auth_url="http://localhost:5000/v2.0") auth.roles.add_user_role('user_id', 'role_id')

It gave me a error message:

HTTPNotImplemented: User roles not supported: tenant_id required (HTTP 501)


Thanks for anyone to help me solve this question :D

edit retag flag offensive close merge delete

2 answers

Sort by » oldest newest most voted

answered 2012-05-22 06:58:40 -0600

michael-lin gravatar image

Thanks Joseph Heck, that solved my question.

edit flag offensive delete link more

answered 2012-05-20 18:47:42 -0600

heckj gravatar image

We're actively removing the idea that a user can have a "role" outside of an association with a tenant. The user-role concept introduced a great deal of indeterminism in the API and how keystone should respond, as well as what the idea of what a "role" meant.

The intention going forward is that a role is a named relationship between a user and a tenant that is used in conduction with a service-defined policy (see nova/etc/policy.json in the nova project for an example) to define what actions can be taken by that user in the context of a group of ownership (i.e. related to a tenant)

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2012-05-17 08:38:50 -0600

Seen: 118 times

Last updated: May 22 '12